IBM Cloud networking and infrastructure
Physical structure
The physical infrastructure required to deploy a Red Hat® OpenShift® production instance onto a VMware Cloud Foundation for Classic - Automated cluster requires the following minimum specification.
| Item | NFS deployment | vSAN deployment |
|---|---|---|
| Number of servers | 3 | 4 |
| CPU | 28 Cores 2.2 GHz | 28 Cores 2.2 GHz |
| Memory (GB) | 384 | 384 |
| Storage | 2,000 GB 2 IOPS/GB Management 2,000 GB 4 IOPS/GB Workload 4,000 GB 4 IOPS/GB |
Min 960-GB SSD x2 |
In addition to the Red Hat OpenShift hardware requirements, you must create persistent volumes in the Red Hat OpenShift environment to store images from the container register or customer workloads.
Virtual structure
Within the VCF for Classic - Automated instance, the Red Hat OpenShift instance is deployed with a dedicated NSX® Edge Services Gateway (ESG) and Distributed Logical Router (DLR). The Red Hat OpenShift installation is loaded into the VXLAN subnet that is defined in the previous components.
The ESG is configured with a source NAT rule (SNAT) to allow outbound traffic, which enables internet connectivity to download the Red Hat OpenShift prerequisites and to connect to GitHub and Red Hat®. Alternatively, you can use a web-proxy for internet connectivity. The ESG is also configured to provide access to DNS and NTP services within the IBM Cloud® environment.
The ESG is also configured to use the load balancer capability, thus reducing the need for HAProxy nodes. The load balancers are configured for the apps wildcard DNS URL and the API / API-INT DNS Records. The apps DNS record load balancers to the worker nodes provisioned, while the api and api-int DNS records are load balanced against the control-plane nodes.
Red Hat OpenShift 4.1 installation on the VMware platform requires a capability to download their ignition files to install and configure the RHCOS bootstrap / control-plane and worker nodes. The ESG is configured to provide DHCP and DHCP relay services for the Red Hat OpenShift logical switch / VXLAN defined.
NSX Edge specifications
The first component that is configured within the VCF for Classic - Automated with Red Hat OpenShift is a pair of NSX Edge virtual machines. The NSX Edge virtual machines are configured as an active-passive pair of X-Large NSX Edge devices.
The Quad-Large NSX Edge was chosen and as part of the configuration process, the NSX Edge is connected to the IBM Cloud public and private VLAN.
| Component | Configuration |
|---|---|
| CPU | 6 vCPU |
| RAM | 8 GB |
| Disk | 4.5 GB VMDK resident on shared storage with 4 GB swap |
Because the NSX Edges are configured as active/passive in either the internal or dedicated deployment, vSphere® Distributed Resource Scheduler (DRS) anti-affinity rules must be created by the user to ensure that NSX Edges do not run on the same host as their respective peer appliance.
| Field | Value |
|---|---|
| Name | NSX Edge Red Hat OpenShift |
| Type | Separate VMs |
| Members | openshift-edge-0 openshift-edge-1 |
NSX Load Balancer specifications
Within the Red Hat OpenShift environment, two load balancers for accessing the control plane nodes and the worker nodes are required. The NSX Edge is enabled to use load balancing and is configured with application profiles that use a certificate for inbound connection from the source. The NSX Edge is also configured with load-balancing pools to point to the Red Hat OpenShift Primaries and Red Hat OpenShift Workers. Additionally, a virtual server is created with a virtual IP address (vIP) on the private interface with rules that connect the pools with vIP.
| Description | Port number | Algorithm | Monitor | Members | Protocol | IP subnet |
|---|---|---|---|---|---|---|
| Application load balancer | 80 | ROUND-ROBIN | default_tcp_monitor | Worker nodes | TCP | IBM Cloud 10.x |
| Application load balancer | 443 | ROUND-ROBIN | default_tcp_monitor | Worker nodes | TCP | IBM Cloud 10.x |
| API and API-INT load balancer | 6443 | ROUND-ROBIN | default_tcp_monitor | Bootstrap and primary nodes | TCP | IBM Cloud 10.x |
| API and API-INT load balancer | 22623 | ROUND-ROBIN | default_tcp_monitor | Bootstrap and primary nodes | TCP | IBM Cloud 10.x |
Red Hat OpenShift specifications
The following tables show the specifications of the management node, control plane node, and worker node.
| Host description | vCPU | Memory (GB) | Disk (GB) | OS |
|---|---|---|---|---|
Management0 |
2 | 8 | 50 | Red Hat Enterprise Linux® 8.0 |
| Host description | vCPU | Memory (GB) | Disk (GB) | OS | Hostname |
|---|---|---|---|---|---|
| Control-plane0 | 4 | 8 | 60 | Red Hat Enterprise Linux CoreOS | |
| Control-plane1 | 4 | 8 | 60 | Red Hat Enterprise Linux CoreOS | |
| Control-plane2 | 4 | 8 | 60 | Red Hat Enterprise Linux CoreOS |
| Host description | vCPU | Memory (GB) | Disk (GB) | OS | Hostname |
|---|---|---|---|---|---|
| Worker0 | 16 | 32 | 200 | Red Hat Enterprise Linux CoreOS | |
| Worker1 | 16 | 32 | 200 | Red Hat Enterprise Linux CoreOS | |
| Worker2 | 16 | 32 | 200 | Red Hat Enterprise Linux CoreOS |