openshift-docs/modules/installation-infrastructure-user-infra.adoc

// Module included in the following assemblies:
//
// * installing/installing_bare_metal/upi/installing-bare-metal.adoc
// * installing/installing_bare_metal/upi/installing-restricted-networks-bare-metal.adoc
// * installing/installing_platform_agnostic/installing-platform-agnostic.adoc
// * installing/installing_ibm_z/installing-ibm-z.adoc
// * installing/installing_ibm_z/installing-restricted-networks-ibm-z.adoc
// * installing/installing_ibm_z/installing-ibm-z-kvm.adoc
// * installing/installing_ibm_z/installing-restricted-networks-ibm-z-kvm.adoc
// * installing/installing_ibm_z/installing-ibm-z-lpar.adoc
// * installing/installing_ibm_z/installing-restricted-networks-ibm-z-lpar.adoc
// * installing/installing_ibm_z/installing-ibm-power.adoc
// * installing/installing_ibm_z/installing-restricted-networks-ibm-power.adoc
// * installing/installing_vsphere/upi/upi-vsphere-preparing-to-install.adoc

ifeval::["{context}" == "installing-ibm-z"]
:ibm-z:
endif::[]
ifeval::["{context}" == "installing-restricted-networks-ibm-z"]
:ibm-z:
endif::[]
ifeval::["{context}" == "installing-ibm-z-kvm"]
:ibm-z-kvm:
endif::[]
ifeval::["{context}" == "installing-restricted-networks-ibm-z-kvm"]
:ibm-z-kvm:
endif::[]
ifeval::["{context}" == "installing-ibm-z-lpar"]
:ibm-z:
endif::[]
ifeval::["{context}" == "installing-restricted-networks-ibm-z-lpar"]
:ibm-z:
endif::[]

:_mod-docs-content-type: PROCEDURE
[id="installation-infrastructure-user-infra_{context}"]
= Preparing the user-provisioned infrastructure

[role="_abstract"]
To ensure a successful deployment and meet cluster requirements in {product-title}, prepare your user-provisioned infrastructure before starting the installation. Configuring your compute, network, and storage components in advance provides the stable foundation necessary for the installation program to function correctly.

This section provides details about the high-level steps required to set up your cluster infrastructure in preparation for an {product-title} installation. This includes configuring IP networking and network connectivity for your cluster nodes,
ifdef::ibm-z[]
preparing a web server for the Ignition files,
endif::ibm-z[]
enabling the required ports through your firewall, and setting up the required DNS and load balancing infrastructure.

After preparation, your cluster infrastructure must meet the requirements outlined in the _Requirements for a cluster with user-provisioned infrastructure_ section.

.Prerequisites

* You have reviewed the link:https://access.redhat.com/articles/4128421[{product-title} 4.x Tested Integrations] page.
* You have reviewed the infrastructure requirements detailed in the _Requirements for a cluster with user-provisioned infrastructure_ section.

.Procedure

ifdef::ibm-z[]
. Set up static IP addresses.

. Set up an HTTP or HTTPS server to provide Ignition files to the cluster nodes.

endif::ibm-z[]
ifndef::ibm-z[]

. If you are using DHCP to provide the IP networking configuration to your cluster nodes, configure your DHCP service.
+
.. Add persistent IP addresses for the nodes to your DHCP server configuration. In your configuration, match the MAC address of the relevant network interface to the intended IP address for each node.
+
.. When you use DHCP to configure IP addressing for the cluster machines, the machines also obtain the DNS server information through DHCP. Define the persistent DNS server address that is used by the cluster nodes through your DHCP server configuration.
+
[NOTE]
====
If you are not using a DHCP service, you must provide the IP networking configuration and the address of the DNS server to the nodes at {op-system} install time. These can be passed as boot arguments if you are installing from an ISO image. See the _Installing {op-system} and starting the {product-title} bootstrap process_ section for more information about static IP provisioning and advanced networking options.
====
+
.. Define the hostnames of your cluster nodes in your DHCP server configuration. See the _Setting the cluster node hostnames through DHCP_ section for details about hostname considerations.
+
[NOTE]
====
If you are not using a DHCP service, the cluster nodes obtain their hostname through a reverse DNS lookup.
====
endif::ibm-z[]
ifdef::ibm-z-kvm[]
. Choose to perform either a fast track installation of {op-system-first} or a full installation of {op-system-first}. For the full installation, you must set up an HTTP or HTTPS server to provide Ignition files and install images to the cluster nodes. For the fast track installation an HTTP or HTTPS server is not required, however, a DHCP server is required. See sections “Fast-track installation: Creating {op-system-first} machines" and “Full installation: Creating {op-system-first} machines".
endif::ibm-z-kvm[]

. Ensure that your network infrastructure provides the required network connectivity between the cluster components. See the _Networking requirements for user-provisioned infrastructure_ section for details about the requirements.

. Configure your firewall to enable the ports required for the {product-title} cluster components to communicate. See _Networking requirements for user-provisioned infrastructure_ section for details about the ports that are required.
+
[IMPORTANT]
====
By default, port `1936` is accessible for an {product-title} cluster, because each control plane node needs access to this port.

Avoid using the Ingress load balancer to expose this port, because doing so might result in the exposure of sensitive information, such as statistics and metrics, related to Ingress Controllers.
====

. Setup the required DNS infrastructure for your cluster.
+
.. Configure DNS name resolution for the Kubernetes API, the application wildcard, the bootstrap machine, the control plane machines, and the compute machines.
+
.. Configure reverse DNS resolution for the Kubernetes API, the bootstrap machine, the control plane machines, and the compute machines.
+
See the _User-provisioned DNS requirements_ section for more information about the {product-title} DNS requirements.

. Validate your DNS configuration.
+
.. From your installation node, run DNS lookups against the record names of the Kubernetes API, the wildcard routes, and the cluster nodes. Validate that the IP addresses in the responses correspond to the correct components.
+
.. From your installation node, run reverse DNS lookups against the IP addresses of the load balancer and the cluster nodes. Validate that the record names in the responses correspond to the correct components.
+
See the _Validating DNS resolution for user-provisioned infrastructure_ section for detailed DNS validation steps.

. Provision the required API and application ingress load balancing infrastructure. See the _Load balancing requirements for user-provisioned infrastructure_ section for more information about the requirements.
+
[NOTE]
====
Some load balancing solutions require the DNS name resolution for the cluster nodes to be in place before the load balancing is initialized.
====

ifeval::["{context}" == "installing-ibm-z"]
:!ibm-z:
endif::[]
ifeval::["{context}" == "installing-restricted-networks-ibm-z"]
:!ibm-z:
endif::[]
ifeval::["{context}" == "installing-ibm-z-kvm"]
:!ibm-z-kvm:
endif::[]
ifeval::["{context}" == "installing-restricted-networks-ibm-z-kvm"]
:!ibm-z-kvm:
endif::[]
ifeval::["{context}" == "installing-ibm-z-lpar"]
:!ibm-z:
endif::[]
ifeval::["{context}" == "installing-restricted-networks-ibm-z-lpar"]
:!ibm-z:
endif::[]