$ oc patch multiclusterengines.multicluster.openshift.io multiclusterengine --type json \
--patch '[{"op": "add", "path":"/spec/overrides/components/-", "value": {"name":"image-based-install-operator","enabled": true}}]'
When a host preinstalled with single-node OpenShift using an image-based installation arrives at a remote site, a technician can easily reconfigure and deploy the host in a matter of minutes.
For clusters with a hub-and-spoke architecture, to complete the deployment of a preinstalled host, you must first define site-specific configuration resources on the hub cluster for each host. These resources contain configuration information such as the properties of the bare-metal host, authentication details, and other deployment and networking information.
The Image Based Install (IBI) Operator creates a configuration ISO from these resources, and then boots the host with the configuration ISO attached. The host mounts the configuration ISO and runs the reconfiguration process. When the reconfiguration completes, the single-node OpenShift cluster is ready.
You must create distinct configuration resources for each bare-metal host. |
See the following high-level steps to deploy a preinstalled host in a cluster with a hub-and-spoke architecture:
Install the IBI Operator on the hub cluster.
Create site-specific configuration resources in the hub cluster for each host.
The IBI Operator creates a configuration ISO from these resources and boots the target host with the configuration ISO attached.
The host mounts the configuration ISO and runs the reconfiguration process. When the reconfiguration completes, the single-node OpenShift cluster is ready.
Alternatively, you can manually deploy a preinstalled host for a cluster without using a hub cluster. You must define an |
The Image Based Install (IBI) Operator is part of the image-based deployment workflow for preinstalled single-node OpenShift on bare-metal hosts.
The IBI Operator is part of the multicluster engine for Kubernetes Operator from MCE version 2.7. |
You logged in as a user with cluster-admin
privileges.
You deployed a Red Hat Advanced Cluster Management (RHACM) hub cluster or you deployed the multicluster engine for Kubernetes Operator.
You reviewed the required versions of software components in the section "Software prerequisites for an image-based installation".
Set the enabled
specification to true
for the image-based-install-operator
component in the MultiClusterEngine
resource by running the following command:
$ oc patch multiclusterengines.multicluster.openshift.io multiclusterengine --type json \
--patch '[{"op": "add", "path":"/spec/overrides/components/-", "value": {"name":"image-based-install-operator","enabled": true}}]'
Check that the Image Based Install Operator pod is running by running the following command:
$ oc get pods -A | grep image-based
multicluster-engine image-based-install-operator-57fb8sc423-bxdj8 2/2 Running 0 5m
Create the site-specific configuration resources in the hub cluster to initiate the image-based deployment of a preinstalled host.
When you create these configuration resources in the hub cluster, the Image Based Install (IBI) Operator generates a configuration ISO and attaches it to the target host to begin the site-specific configuration process. When the configuration process completes, the single-node OpenShift cluster is ready.
For more information about the configuration resources that you must configure in the hub cluster, see "Cluster configuration resources for deploying a preinstalled host". |
You preinstalled a host with single-node OpenShift using an image-based installation.
You logged in as a user with cluster-admin
privileges.
You deployed a Red Hat Advanced Cluster Management (RHACM) hub cluster or you deployed the multicluster engine for Kubernetes operator (MCE).
You installed the IBI Operator on the hub cluster.
You created a pull secret to authenticate pull requests. For more information, see "Using image pull secrets".
Create the ibi-ns
namespace by running the following command:
$ oc create namespace ibi-ns
Create the Secret
resource for your image registry:
Create a YAML file that defines the Secret
resource for your image registry:
secret-image-registry.yaml
fileapiVersion: v1
kind: Secret
metadata:
name: ibi-image-pull-secret
namespace: ibi-ns
stringData:
.dockerconfigjson: <base64-docker-auth-code> (1)
type: kubernetes.io/dockerconfigjson
1 | You must provide base64-encoded credential details. See the "Additional resources" section for more information about using image pull secrets. |
Create the Secret
resource for your image registry by running the following command:
$ oc create -f secret-image-registry.yaml
Optional: Configure static networking for the host:
Create a Secret
resource containing the static network configuration in nmstate
format:
host-network-config-secret.yaml
fileapiVersion: v1
kind: Secret
metadata:
name: host-network-config-secret (1)
namespace: ibi-ns
type: Opaque
stringData:
nmstate: | (2)
interfaces:
- name: ens1f0 (3)
type: ethernet
state: up
ipv4:
enabled: true
address:
- ip: 192.168.200.25
prefix-length: 24
dhcp: false (4)
ipv6:
enabled: false
dns-resolver:
config:
server:
- 192.168.15.47 (5)
- 192.168.15.48
routes:
config: (6)
- destination: 0.0.0.0/0
metric: 150
next-hop-address: 192.168.200.254
next-hop-interface: ens1f0
table-id: 254
1 | Specify the name for the Secret resource. |
2 | Define the static network configuration in nmstate format. |
3 | Specify the name of the interface on the host. The name of the interface must match the actual NIC name as shown in the operating system. To use your MAC address for NIC matching, set the identifier field to mac-address . |
4 | You must specify dhcp: false to ensure nmstate assigns the static IP address to the interface. |
5 | Specify one or more DNS servers that the system will use to resolve domain names. |
6 | In this example, the default route is configured through the ens1f0 interface to the next hop IP address 192.168.200.254 . |
Create the BareMetalHost
and Secret
resources:
Create a YAML file that defines the BareMetalHost
and Secret
resources:
ibi-bmh.yaml
fileapiVersion: metal3.io/v1alpha1
kind: BareMetalHost
metadata:
name: ibi-bmh (1)
namespace: ibi-ns
spec:
online: false (2)
bootMACAddress: 00:a5:12:55:62:64 (3)
bmc:
address: redfish-virtualmedia+http://192.168.111.1:8000/redfish/v1/Systems/8a5babac-94d0-4c20-b282-50dc3a0a32b5 (4)
credentialsName: ibi-bmh-bmc-secret (5)
preprovisioningNetworkDataName: host-network-config-secret (6)
automatedCleaningMode: disabled (7)
externallyProvisioned: true (8)
---
apiVersion: v1
kind: Secret
metadata:
name: ibi-bmh-secret (9)
namespace: ibi-ns
type: Opaque
data:
username: <user_name> (10)
password: <password> (11)
1 | Specify the name for the BareMetalHost resource. |
2 | Specify if the host should be online. |
3 | Specify the host boot MAC address. |
4 | Specify the BMC address. You can only use bare-metal host drivers that support virtual media networking booting, for example redfish-virtualmedia and idrac-virtualmedia. |
5 | Specify the name of the bare-metal host Secret resource. |
6 | Optional: If you require static network configuration for the host, specify the name of the Secret resource containing the configuration. |
7 | You must specify automatedCleaningMode:disabled to prevent the provisioning service from deleting all preinstallation artifacts, such as the seed image, during disk inspection. |
8 | You must specify externallyProvisioned: true to enable the host to boot from the preinstalled disk, instead of the configuration ISO. |
9 | Specify the name for the Secret resource. |
10 | Specify the username. |
11 | Specify the password. |
Create the BareMetalHost
and Secret
resources by running the following command:
$ oc create -f ibi-bmh.yaml
Create the ClusterImageSet
resource:
Create a YAML file that defines the ClusterImageSet
resource:
ibi-cluster-image-set.yaml
fileapiVersion: hive.openshift.io/v1
kind: ClusterImageSet
metadata:
name: ibi-img-version-arch (1)
spec:
releaseImage: ibi.example.com:path/to/release/images:version-arch (2)
1 | Specify the name for the ClusterImageSet resource. |
2 | Specify the address for the release image to use for the deployment. If you use a different image registry compared to the image registry used during seed image generation, ensure that the OpenShift Container Platform version for the release image remains the same. |
Create the ClusterImageSet
resource by running the following command:
$ oc apply -f ibi-cluster-image-set.yaml
Create the ImageClusterInstall
resource:
Create a YAML file that defines the ImageClusterInstall
resource:
ibi-image-cluster-install.yaml
fileapiVersion: extensions.hive.openshift.io/v1alpha1
kind: ImageClusterInstall
metadata:
name: ibi-image-install (1)
namespace: ibi-ns
spec:
bareMetalHostRef:
name: ibi-bmh (2)
namespace: ibi-ns
clusterDeploymentRef:
name: ibi-cluster-deployment (3)
hostname: ibi-host (4)
imageSetRef:
name: ibi-img-version-arch (5)
machineNetwork: 10.0.0.0/24 (6)
proxy: (7)
httpProxy: "http://proxy.example.com:8080"
#httpsProxy: "http://proxy.example.com:8080"
#noProxy: "no_proxy.example.com"
1 | Specify the name for the ImageClusterInstall resource. |
2 | Specify the BareMetalHost resource that you want to target for the image-based installation. |
3 | Specify the name of the ClusterDeployment resource that you want to use for the image-based installation of the target host. |
4 | Specify the hostname for the cluster. |
5 | Specify the name of the ClusterImageSet resource you used to define the container release images to use for deployment. |
6 | Specify the public CIDR (Classless Inter-Domain Routing) of the external network. |
7 | Optional: Specify a proxy to use for the cluster deployment. |
If your cluster deployment requires a proxy configuration, you must do the following:
|
Create the ImageClusterInstall
resource by running the following command:
$ oc create -f ibi-image-cluster-install.yaml
Create the ClusterDeployment
resource:
Create a YAML file that defines the ClusterDeployment
resource:
ibi-cluster-deployment.yaml
fileapiVersion: hive.openshift.io/v1
kind: ClusterDeployment
metadata:
name: ibi-cluster-deployment (1)
namespace: ibi-ns (2)
spec:
baseDomain: example.com (3)
clusterInstallRef:
group: extensions.hive.openshift.io
kind: ImageClusterInstall
name: ibi-image-install (4)
version: v1alpha1
clusterName: ibi-cluster (5)
platform:
none: {}
pullSecretRef:
name: ibi-image-pull-secret (6)
1 | Specify the name for the ClusterDeployment resource. |
2 | Specify the namespace for the ClusterDeployment resource. |
3 | Specify the base domain that the cluster should belong to. |
4 | Specify the name of the ImageClusterInstall in which you defined the container images to use for the image-based installation of the target host. |
5 | Specify a name for the cluster. |
6 | Specify the secret to use for pulling images from your image registry. |
Create the ClusterDeployment
resource by running the following command:
$ oc apply -f ibi-cluster-deployment.yaml
Create the ManagedCluster
resource:
Create a YAML file that defines the ManagedCluster
resource:
ibi-managed.yaml
fileapiVersion: cluster.open-cluster-management.io/v1
kind: ManagedCluster
metadata:
name: sno-ibi (1)
spec:
hubAcceptsClient: true (2)
1 | Specify the name for the ManagedCluster resource. |
2 | Specify true to enable RHACM to mange the cluster. |
Create the ManagedCluster
resource by running the following command:
$ oc apply -f ibi-managed.yaml
Check the status of the ImageClusterInstall
in the hub cluster to monitor the progress of the target host installation by running the following command:
$ oc get imageclusterinstall
NAME REQUIREMENTSMET COMPLETED BAREMETALHOSTREF
target-0 HostValidationSucceeded ClusterInstallationSucceeded ibi-bmh
If the |
When the installation completes, you can retrieve the kubeconfig
secret to log in to the managed cluster by running the following command:
$ oc extract secret/<cluster_name>-admin-kubeconfig -n <cluster_namespace> --to - > <directory>/<cluster_name>-kubeconfig
<cluster_name>
is the name of the cluster.
<cluster_namespace>
is the namespace of the cluster.
<directory>
is the directory in which to create the file.
To complete a deployment for a preinstalled host at a remote site, you must configure the following site-specifc cluster configuration resources in the hub cluster for each bare-metal host.
Resource | Description |
---|---|
|
Namespace for the managed single-node OpenShift cluster. |
|
Describes the physical host and its properties, such as the provisioning and hardware configuration. |
|
Credentials for the host BMC. |
|
Optional: Describes static network configuration for the target host. |
|
Credentials for the image registry. The secret for the image registry must be of type |
|
References the bare-metal host, deployment, and image set resources. |
|
Describes the release images to use for the cluster. |
|
Describes networking, authentication, and platform-specific settings. |
|
Describes cluster details to enable Red Hat Advanced Cluster Management (RHACM) to register and manage. |
|
Optional: Describes additional configurations for the cluster deployment, such as adding a bundle of trusted certificates for the host to ensure trusted communications for cluster services. |
The following content describes the API specifications for the ImageClusterInstall
resource. This resource is the endpoint for the Image Based Install Operator.
Specification | Type | Description |
---|---|---|
|
|
Specify the name of the |
|
|
Specify the hostname for the cluster. |
|
|
Specify your SSH key to provide SSH access to the target host. |
Specification | Type | Description |
---|---|---|
|
|
Specify the name of the |
|
|
After the deployment completes, this specification is automatically populated with metadata information about the cluster, including the |
|
|
Specifies the sources or repositories for the release-image content, for example:
|
|
|
Specify a |
|
|
Specify the |
|
|
Specify the public CIDR (Classless Inter-Domain Routing) of the external network. |
|
|
Specifies proxy settings for the cluster, for example:
|
|
|
Specify a |
You can optionally create a ConfigMap
resource to define additional manifests in an image-based deployment for managed single-node OpenShift clusters.
After you create the ConfigMap
resource, reference it in the ImageClusterInstall
resource. During deployment, the IBI Operator includes the extra manifests in the deployment.
You can use a ConfigMap
resource to add extra manifests to the image-based deployment for single-node OpenShift clusters.
The following example adds an single-root I/O virtualization (SR-IOV) network to the deployment.
You preinstalled a host with single-node OpenShift using an image-based installation.
You logged in as a user with cluster-admin
privileges.
Create the SriovNetworkNodePolicy
and SriovNetwork
resources:
Create a YAML file that defines the resources:
sriov-extra-manifest.yaml
fileapiVersion: sriovnetwork.openshift.io/v1
kind: SriovNetworkNodePolicy
metadata:
name: "example-sriov-node-policy"
namespace: openshift-sriov-network-operator
spec:
deviceType: vfio-pci
isRdma: false
nicSelector:
pfNames: [ens1f0]
nodeSelector:
node-role.kubernetes.io/master: ""
mtu: 1500
numVfs: 8
priority: 99
resourceName: example-sriov-node-policy
---
apiVersion: sriovnetwork.openshift.io/v1
kind: SriovNetwork
metadata:
name: "example-sriov-network"
namespace: openshift-sriov-network-operator
spec:
ipam: |-
{
}
linkState: auto
networkNamespace: sriov-namespace
resourceName: example-sriov-node-policy
spoofChk: "on"
trust: "off"
Create the ConfigMap
resource by running the following command:
$ oc create configmap sr-iov-extra-manifest --from-file=sriov-extra-manifest.yaml -n ibi-ns (1)
1 | Specify the namespace that has the ImageClusterInstall resource. |
configmap/sr-iov-extra-manifest created
Reference the ConfigMap
resource in the spec.extraManifestsRefs
field of the ImageClusterInstall
resource:
#...
spec:
extraManifestsRefs:
- name: sr-iov-extra-manifest
#...
You can use a ConfigMap
resource to add a certificate authority (CA) bundle to the host to ensure trusted communications for cluster services.
After you create the ConfigMap
resource, reference it in the spec.caBundleRef
field of the ImageClusterInstall
resource.
You preinstalled a host with single-node OpenShift using an image-based installation.
You logged in as a user with cluster-admin
privileges.
Create a CA bundle file called tls-ca-bundle.pem
:
tls-ca-bundle.pem
file-----BEGIN CERTIFICATE-----
MIIDXTCCAkWgAwIBAgIJAKmjYKJbIyz3MA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV
...Custom CA certificate bundle...
4WPl0Qb27Sb1xZyAsy1ww6MYb98EovazUSfjYr2EVF6ThcAPu4/sMxUV7He2J6Jd
cA8SMRwpUbz3LXY=
-----END CERTIFICATE-----
Create the ConfigMap
object by running the following command:
$ oc create configmap custom-ca --from-file=tls-ca-bundle.pem -n ibi-ns
custom-ca
specifies the name for the ConfigMap
resource.
tls-ca-bundle.pem
defines the key for the data
entry in the ConfigMap
resource. You must include a data
entry with the tls-ca-bundle.pem
key.
ibi-ns
specifies the namespace that has the ImageClusterInstall
resource.
configmap/custom-ca created
Reference the ConfigMap
resource in the spec.caBundleRef
field of the ImageClusterInstall
resource:
#...
spec:
caBundleRef:
name: custom-ca
#...