Provisioning is the process of preparing cluster infrastructure that meets the requirements to be used for bootc-mke3 installation.
bootc-mke3 represents a release via OCI image. The registry is used to store and distribute such OCI images.
For a use cases where cluster machines has access to the internet, official Mirantis bootc-mke3 OCI images are stored in public accessible MSR registry (registry.mirantis.com) and can be used by anyone.
For production-grade air-gapped clusters, users should have their own registry that can be accessed by the cluster machines. This registry should contain bootc-mke3 OCI images with desired version of products. The way of obtaining the image can vary, but the most common way is to set up a mirroring from official Mirantis registry (registry.mirantis.com).
Cluster should consists of one or more compute machine nodes. In order to use bootc-mke3, machines should meet following requirements:
- All machines must use the
bootc-mke3source base (image). For available images see Assets section
Note
Simple ISO edition is used mostly for demo/test purposes. For production-grade clusters consider susing Generic ISO. QCOW2 is considered production-grade by default, although it is user's responsiblity to customise it in a proper and secure way.
- All machines meet MKE hardware requirements. For the list of requirements, please see Mirantis Kubernetes Engine official documentation pages, hardware requirements section
In order for the installer to interact with the cluster, the ansible tooling must be able to connect to the machines. As ansible has a flexible system for connecting to machines, a wide variety of options are available.
Preferred way of machine connection is SSH with paswordless user that has sudo access.
The cluster machines must all be in a valid network. Please see Mirantis Kubernetes Engine official documentation pages, networking section, on how to properly configure networking.
When provisioning is complete, and the machine cluster is ready, provisioning needs to produce an ansible inventory which defines how ansible can connect to all of the machine nodes of the cluster. Description of Ansible tooling input parameters can be found in Ansible inventory input document.
This bootc-mke3 tooling includes a number of terraform modules that can provision a cluster.
- vSphere. Full guide on how to provision
bootc-mke3cluster on vSphere can be found in this document
There is no requirement to use any of the Mirantis tooling for provisioning. If a cluster has custom needs that are not addressed with the Mirantis provisioning, then the cluster can be created with any approach, as long as the resulting clustess provides the needed machine and cluster components, and an ansible inventory can be created.
Further details can be found in the runbook for manually provisioning a cluster
If you're planning to use private OCI registry to store bootc-mke3 artifacts (OCI images) and use them for your cluster, you will need to provide registry credentials in order to authenticate. To do so, you will need to add credentials file into the each machine, because for most of the operations (like upgrade) there will be a need to pull OCI image from the registry.
The way of injecting credentials into the machine can vary from case to case. Some common ways to do so is to use cloud-init or ansible. The user should select the way that is more suitable for the use case.
Requirements for the registry credentials:
- Credentials should be stored in the file and following containers registry authentication file syntax
- File should be stored as
/etc/ostree/auth.json