Skip to content

Latest commit

 

History

History
200 lines (148 loc) · 6.05 KB

installation-requirements-user-infra.adoc

File metadata and controls

200 lines (148 loc) · 6.05 KB

Machine requirements for a cluster with user-provisioned infrastructure

For a cluster that contains user-provisioned infrastructure, you must deploy all of the required machines.

Required machines

The smallest {product-title} clusters require the following hosts:

  • One temporary bootstrap machine

  • Three control plane, or master, machines

  • At least two compute, or worker, machines

Note

The cluster requires the bootstrap machine to deploy the {product-title} cluster on the three control plane machines. You can remove the bootstrap machine after you install the cluster.
Important

To maintain high availability of your cluster, use separate physical hosts for these cluster machines.

The bootstrap, control plane, and compute machines must use the {op-system-first} as the operating system.

Note that {op-system} is based on Red Hat Enterprise Linux 8 and inherits all of its hardware certifications and requirements. See Red Hat Enterprise Linux technology capabilities and limits.

Network connectivity requirements

All the {op-system-first} machines require network in initramfs during boot to fetch Ignition config files from the Machine Config Server. During the initial boot, the machines require either a DHCP server or that static IP addresses be set in order to establish a network connection to download their Ignition config files.

Minimum resource requirements

Each cluster machine must meet the following minimum requirements:

Machine Operating System vCPU RAM Storage

Bootstrap

{op-system}

4

16 GB

120 GB

Control plane

{op-system}

4

16 GB

120 GB

Compute

{op-system} or RHEL 7.6

2

8 GB

120 GB

Certificate signing requests management

Because your cluster has limited access to automatic machine management when you use infrastructure that you provision, you must provide a mechanism for approving cluster certificate signing requests (CSRs) after installation. The kube-controller-manager only approves the kubelet client CSRs. The machine-approver cannot guarantee the validity of a serving certificate that is requested by using kubelet credentials because it cannot confirm that the correct machine issued the request. You must determine and implement a method of verifying the validity of the kubelet serving certificate requests and approving them.