Preparing to install on Nutanix

Preparing to install on Nutanix

Before you install an OKD cluster, be sure that your Nutanix environment meets the following requirements.

Nutanix version requirements

You must install the OKD cluster to a Nutanix environment that meets the following requirements.

Table 1. Version requirements for Nutanix virtual environments
Component	Required version
Nutanix AOS	5.20.4 or 6.1.1
Prism Central	2022.4

Environment requirements

Before you install an OKD cluster, review the following Nutanix AOS environment requirements.

Required account privileges

Installing a cluster to Nutanix requires an account with administrative privileges to read and create the required resources.

Cluster limits

Available resources vary between clusters. The number of possible clusters within a Nutanix environment is limited primarily by available storage space and any limitations associated with the resources that the cluster creates, and resources that you require to deploy the cluster, such a IP addresses and networks.

Cluster resources

A minimum of 800 GB of storage is required to use a standard cluster.

When you deploy a OKD cluster that uses installer-provisioned infrastruture, the installation program must be able to create several resources in your Nutanix instance. Although these resources use 856 GB of storage, the bootstrap node is destroyed as part of the installation process.

A standard OKD installation creates the following resources:

1 label
Virtual machines:
- 1 disk image
- 1 temporary bootstrap node
- 3 control plane nodes
- 3 compute machines

Networking requirements

You must use AHV IP Address Management (IPAM) for the network and ensure that it is configured to provide persistent IP addresses to the cluster machines. Additionally, create the following networking resources before you install the OKD cluster:

IP addresses
DNS records

It is recommended that each OKD node in the cluster have access to a Network Time Protocol (NTP) server that is discoverable via DHCP. Installation is possible without an NTP server. However, an NTP server prevents errors typically associated with asynchronous server clocks.

Required IP Addresses

An installer-provisioned installation requires two static virtual IP (VIP) addresses:

A VIP address for the API is required. This address is used to access the cluster API.
A VIP address for ingress is required. This address is used for cluster ingress traffic.

You specify these IP addresses when you install the OKD cluster.

DNS records

You must create DNS records for two static IP addresses in the appropriate DNS server for the Nutanix instance that hosts your OKD cluster. In each record, <cluster_name> is the cluster name and <base_domain> is the cluster base domain that you specify when you install the cluster.

A complete DNS record takes the form: <component>.<cluster_name>.<base_domain>..

Table 2. Required DNS records
Component	Record	Description
API VIP	`api.<cluster_name>.<base_domain>.`	This DNS A/AAAA or CNAME record must point to the load balancer for the control plane machines. This record must be resolvable by both clients external to the cluster and from all the nodes within the cluster.
Ingress VIP	`*.apps.<cluster_name>.<base_domain>.`	A wildcard DNS A/AAAA or CNAME record that points to the load balancer that targets the machines that run the Ingress router pods, which are the worker nodes by default. This record must be resolvable by both clients external to the cluster and from all the nodes within the cluster.

Configuring the Cloud Credential Operator utility

The Cloud Credential Operator (CCO) manages cloud provider credentials as Kubernetes custom resource definitions (CRDs). To install a cluster on Nutanix, you must set the CCO to manual mode as part of the installation process.

To create and manage cloud credentials from outside of the cluster when the Cloud Credential Operator (CCO) is operating in manual mode, extract and prepare the CCO utility (ccoctl) binary.

The ccoctl is a Linux binary that must run in a Linux environment.

Procedure

Obtain the OKD release image by running the following command:

$ RELEASE_IMAGE=$(./openshift-install version | awk '/release image/ {print $3}')

Get the CCO container image from the OKD release image by running the following command:
```
$ CCO_IMAGE=$(oc adm release info --image-for='cloud-credential-operator' $RELEASE_IMAGE)
```
Ensure that the architecture of the $RELEASE_IMAGE matches the architecture of the environment in which you will use the ccoctl tool.
Extract the ccoctl binary from the CCO container image within the OKD release image by running the following command:
```
$ oc image extract $CCO_IMAGE --file="/usr/bin/ccoctl" -a ~/.pull-secret
```
Change the permissions to make ccoctl executable by running the following command:
```
$ chmod 775 ccoctl
```

Verification

To verify that ccoctl is ready to use, display the help file by running the following command:

$ ccoctl --help

Output of ccoctl --help:

OpenShift credentials provisioning tool
Usage:
  ccoctl [command]
Available Commands:
  alibabacloud Manage credentials objects for alibaba cloud
  aws          Manage credentials objects for AWS cloud
  gcp          Manage credentials objects for Google cloud
  help         Help about any command
  ibmcloud     Manage credentials objects for IBM Cloud
  nutanix      Manage credentials objects for Nutanix
Flags:
  -h, --help   help for ccoctl
Use "ccoctl [command] --help" for more information about a command.