You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: modules/installation-vsphere-installer-infra-requirements.adoc
+44-42Lines changed: 44 additions & 42 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -16,7 +16,7 @@ endif::[]
16
16
= vCenter requirements
17
17
18
18
ifndef::upi[]
19
-
Before you install an {product-title} cluster on your vCenter that uses infrastructure that the installer provisions, you must prepare your environment.
19
+
Before you install an {product-title} cluster on your vCenter that uses infrastructure that the installation program provisions, you must prepare your environment.
20
20
endif::upi[]
21
21
22
22
ifdef::upi[]
@@ -30,9 +30,9 @@ endif::upi[]
30
30
ifndef::upi[]
31
31
To install an {product-title} cluster in a vCenter, the installation program requires access to an account with privileges to read and create the required resources. Using an account that has global administrative privileges is the simplest way to access all of the necessary permissions.
32
32
33
-
If you cannot use an account with global administrative privileges, you must create roles to grant the privileges necessary for {product-title} cluster installation. While most of the privileges are always required, some are required only if you plan for the installation program to provision a folder to contain the {product-title} cluster on your vCenter instance, which is the default behavior. You must create or amend vSphere roles for the specified objects to grant the required privileges.
33
+
If you cannot use an account with global administrative privileges, you must create roles to grant the privileges necessary for {product-title} cluster installation. Most of the privileges are always required. Some privileges are required only if you plan for the installation program to provision a folder to contain the {product-title} cluster on your vCenter instance, which is the default behavior. You must create or change vSphere roles for the specified objects to grant the required privileges.
34
34
35
-
An additional role is required if the installation program is to create a vSphere virtual machine folder.
35
+
The installation program requires an additional role to create a vSphere virtual machine folder.
After you create a custom role and assign privileges to it, you can create permissions by selecting specific vSphere objects and then assigning the custom role to a user or group for each object.
391
+
After you create a custom role and assign privileges to the role, you can create permissions by selecting specific vSphere objects. You can then assign the custom role to a user or group for each object.
392
392
393
-
Before you create permissions or request for the creation of permissions for a vSphere object, determine what minimum permissions apply to the vSphere object. By doing this task, you can ensure a basic interaction exists between a vSphere object and {product-title} architecture.
393
+
Before you create permissions or request for the creation of permissions for a vSphere object, decide what minimum permissions apply to the vSphere object. By doing this task, you can ensure a basic interaction exists between a vSphere object and {product-title} architecture.
394
394
395
395
[IMPORTANT]
396
396
====
@@ -401,7 +401,7 @@ Consider creating a custom role when an account with global administrative privi
401
401
402
402
[IMPORTANT]
403
403
====
404
-
Accounts that are not configured with the required privileges are unsupported. Installing an {product-title} cluster in a vCenter is tested against a full list of privileges as described in the "Required vCenter account privileges" section. By adhering to the full list of privileges, you can reduce the possibility of unexpected behaviors that might occur when creating a custom role with a restricted set of privileges.
404
+
Red{nbsp}Hat does not support configuring an account without including the required privileges. Installing an {product-title} cluster in a vCenter is tested against a full list of privileges as described in the "Required vCenter account privileges" section. By adhering to the full list of privileges, you can reduce the possibility of unexpected behaviors that might occur when creating a custom role with a restricted set of privileges.
405
405
====
406
406
407
407
The following tables specify how the required vCenter account privileges provided earlier in this document are relevant to different aspects of {product-title} architecture.
@@ -444,17 +444,23 @@ ifndef::upi[]
444
444
`VirtualMachine.Config.AddNewDisk`
445
445
446
446
|vSphere vCenter Resource Pool
447
-
|If you provide an existing resource pool in the `install-config.yaml` file
447
+
|If you included an existing resource pool in the `install-config.yaml` file
448
448
|
449
449
[%hardbreaks]
450
-
`Datastore.Browse`
451
-
`Datastore.FileManagement`
450
+
452
451
`Host.Config.Storage`
453
-
`InventoryService.Tagging.ObjectAttachable`
454
452
`Resource.AssignVMToPool`
455
453
`VApp.AssignResourcePool`
456
454
`VApp.Import`minimum`
457
455
456
+
|vSphere Datastore
457
+
|If you referenced a datastore in the `install-config.yaml` file
.Minimum permissions for post-installation management of components
545
+
.Minimum permissions for postinstallation management of components
540
546
[%collapsible]
541
547
====
542
548
[cols="4a,4a,3a",options="header"]
@@ -569,12 +575,12 @@ endif::upi[]
569
575
`Resource.AssignVMToPool`
570
576
571
577
|vSphere vCenter Resource Pool
572
-
|If you provide an existing resource pool in the `install-config.yaml` file
578
+
|If you included an existing resource pool in the `install-config.yaml` file
573
579
|
574
580
[%hardbreaks]
575
581
`Host.Config.Storage`
576
582
577
-
|vSphere datastore
583
+
|vSphere Datastore
578
584
|Always
579
585
|
580
586
[%hardbreaks]
@@ -655,12 +661,12 @@ endif::upi[]
655
661
`Host.Config.Storage`
656
662
657
663
|vSphere vCenter Resource Pool
658
-
|If you provide an existing resource pool in the `install-config.yaml` file
664
+
|If you included an existing resource pool in the `install-config.yaml` file
659
665
|
660
666
[%hardbreaks]
661
667
`Host.Config.Storage`
662
668
663
-
|vSphere datastore
669
+
|vSphere Datastore
664
670
|Always
665
671
|
666
672
[%hardbreaks]
@@ -727,12 +733,12 @@ endif::upi[]
727
733
`Resource.AssignVMToPool`
728
734
729
735
|vSphere vCenter Resource Pool
730
-
|If you provide an existing resource pool in the `install-config.yaml` file
736
+
|If you included an existing resource pool in the `install-config.yaml` file
731
737
|
732
738
[%hardbreaks]
733
739
`Read Only`
734
740
735
-
|vSphere datastore
741
+
|vSphere Datastore
736
742
|Always
737
743
|
738
744
[%hardbreaks]
@@ -785,21 +791,22 @@ endif::upi[]
785
791
786
792
If you intend on using vMotion in your vSphere environment, consider the following before installing an {product-title} cluster.
787
793
788
-
* {product-title} generally supports compute-only vMotion, where _generally_ implies that you meet all VMware best practices for vMotion.
794
+
* Using Storage vMotion can cause issues and is not supported.
795
+
* Using VMware compute vMotion to migrate the workloads for both {product-title} compute machines and control plane machines is generally supported, where _generally_ implies that you meet all VMware best practices for vMotion.
789
796
+
790
797
--
791
798
To help ensure the uptime of your compute and control plane nodes, ensure that you follow the VMware best practices for vMotion, and use VMware anti-affinity rules to improve the availability of {product-title} during maintenance or hardware issues.
792
799
793
800
For more information about vMotion and anti-affinity rules, see the VMware vSphere documentation for link:https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.vcenterhost.doc/GUID-3B41119A-1276-404B-8BFB-A32409052449.html[vMotion networking requirements] and link:https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.resmgmt.doc/GUID-FBE46165-065C-48C2-B775-7ADA87FF9A20.html[VM anti-affinity rules].
794
801
--
795
-
* Using Storage vMotion can cause issues and is not supported. If you are using vSphere volumes in your pods, migrating a VM across datastores, either manually or through Storage vMotion, causes invalid references within {product-title} persistent volume (PV) objects that can result in data loss.
796
-
* {product-title} does not support selective migration of VMDKs across datastores, using datastore clusters for VM provisioning or for dynamic or static provisioning of PVs, or using a datastore that is part of a datastore cluster for dynamic or static provisioning of PVs.
802
+
* If you are using {vmw-full} volumes in your pods, migrating a VM across datastores, either manually or through Storage vMotion, causes invalid references within {product-title} persistent volume (PV) objects that can result in data loss.
803
+
* {product-title} does not support selective migration of virtual machine disks (VMDKs) across datastores, using datastore clusters for VM provisioning or for dynamic or static provisioning of PVs, or using a datastore that is part of a datastore cluster for dynamic or static provisioning of PVs.
797
804
+
798
805
[IMPORTANT]
799
806
====
800
-
You can specify the path of any datastore that exists in a datastore cluster. By default, Storage Distributed Resource Scheduler (SDRS), which uses Storage vMotion, is automatically enabled for a datastore cluster. Red Hat does not support Storage vMotion, so you must disable Storage DRS to avoid data loss issues for your {product-title} cluster.
807
+
You can specify the path of any datastore that exists in a datastore cluster. By default, Storage Distributed Resource Scheduler (SDRS), which uses Storage vMotion, is automatically enabled for a datastore cluster. Red Hat does not support Storage vMotion, so you must disable SDRS to avoid data loss issues for your {product-title} cluster.
801
808
802
-
If you must specify VMs across multiple datastores, use a `datastore` object to specify a failure domain in your cluster's `install-config.yaml` configuration file. For more information, see "VMware vSphere region and zone enablement".
809
+
If you must specify VMs across many datastores, use a `datastore` object to specify a failure domain in your cluster's `install-config.yaml` configuration file. For more information, see "VMware vSphere region and zone enablement".
803
810
====
804
811
805
812
[discrete]
@@ -825,15 +832,15 @@ endif::upi[]
825
832
** 3 control plane nodes
826
833
** 3 compute machines
827
834
828
-
Although these resources use 856 GB of storage, the bootstrap node is destroyed during the cluster installation process. A minimum of 800 GB of storage is required to use a standard cluster.
835
+
Although these resources use 856 GB of storage, the bootstrap node gets deleted during the cluster installation process. At a minimum , a standard cluster requires 800 GB of storage.
829
836
830
837
If you deploy more compute machines, the {product-title} cluster will use more storage.
Available resources vary between clusters. The number of possible clusters within a vCenter is limited primarily by available storage space and any limitations on the number of required resources. Be sure to consider both limitations to the vCenter resources that the cluster creates and the resources that you require to deploy a cluster, such as IP addresses and networks.
843
+
Available resources vary between clusters. A limit exists for the number of possible clusters within vCenter, primarily by available storage space and any limitations on the number of required resources. Be sure to consider both limitations to the vCenter resources that the cluster creates and the resources that you require to deploy a cluster, such as IP addresses and networks.
For a network that uses DHCP, an installer-provisioned vSphere installation requires two static IP addresses:
867
874
868
-
* The **API** address is used to access the cluster API.
869
-
* The **Ingress** address is used for cluster ingress traffic.
875
+
* The **API** address for accessing the cluster API.
876
+
* The **Ingress** address for cluster ingress traffic.
870
877
871
-
You must provide these IP addresses to the installation program when you install the {product-title} cluster.
878
+
You must give these IP addresses to the installation program when you install the {product-title} cluster.
872
879
endif::upi[]
873
880
874
881
[discrete]
@@ -886,16 +893,11 @@ You must create DNS records for two static IP addresses in the appropriate DNS s
886
893
887
894
|API VIP
888
895
|`api.<cluster_name>.<base_domain>.`
889
-
|This DNS A/AAAA or CNAME (Canonical Name) record must point to the load balancer
890
-
for the control plane machines. This record must be resolvable by both clients
891
-
external to the cluster and from all the nodes within the cluster.
896
+
|This DNS A/AAAA or CNAME (Canonical Name) record must point to the load balancer for the control plane machines. This record must be resolvable by both clients external to the cluster and from all the nodes within the cluster.
892
897
893
898
|Ingress VIP
894
899
|`*.apps.<cluster_name>.<base_domain>.`
895
-
|A wildcard DNS A/AAAA or CNAME record that points to the load balancer that targets the
896
-
machines that run the Ingress router pods, which are the worker nodes by
897
-
default. This record must be resolvable by both clients external to the cluster
898
-
and from all the nodes within the cluster.
900
+
|A wildcard DNS A/AAAA or CNAME record that points to the load balancer that targets the machines that run the Ingress router pods, which are the worker nodes by default. This record must be resolvable by both clients external to the cluster and from all the nodes within the cluster.
0 commit comments