Deploying virtualized Hosted Control Plane cluster in disconnected environment

A disconnected environment deployment operates without internet access. You can deploy Hosted Control Plane (HCP) in a disconnected environment on the virtualized infrastructure.

For the procedure to deploy virtualized Hosted Control Plane cluster in disconnected network, see Red Hat documentation.

Important: While you follow the Red Hat documentation, take note of the following two steps that must be done differently:
  1. The pull secret for the Hosted Control Plane in its namespace must only reference the host. Do not include the repository path.
  2. When you create the virtualized Hosted Control Plane cluster CR, remove OIDC service.
    - service: OIDC
  servicePublishingStrategy:
    type: Route

Examples of CRs and CMs created while deploying virtualized Hosted Control Plane:

  1. Create two namespaces: clusters and clusters-hosted-cluster-name.
    For example, clusters-disconnected1example
    apiVersion: v1
kind: Namespace
metadata:
  creationTimestamp: null
  name: clusters-disconnected1
spec: {}
status: {}
    
apiVersion: v1
kind: Namespace
metadata:
  creationTimestamp: null
  name: clusters
spec: {}
status: {}
  2. Copy the registry CA cert and create a configmap in the clusters namespace.
    kind: ConfigMap
apiVersion: v1
metadata:
  name: user-ca-bundle
  namespace: clusters
data:
  ca-bundle.crt: |
    // Registry1 CA
    -----BEGIN CERTIFICATE-----
    -----END CERTIFICATE-----

    // Registry2 CA
    -----BEGIN CERTIFICATE-----
    -----END CERTIFICATE-----

    // Registry3 CA
    -----BEGIN CERTIFICATE-----
    -----END CERTIFICATE-----
  3. Create a pull secret in the clusters namespace.
    kind: Secret
apiVersion: v1
metadata:
  name: disconnected-secret
  namespace: clusters
data:
  .dockerconfigjson: xxxxxxxx
type: kubernetes.io/dockerconfigjson
  4. Create a hostedcluster CR in the clusters namespace.
    apiVersion: hypershift.openshift.io/v1beta1
kind: HostedCluster
metadata:
  name: disconnected1
  namespace: clusters
spec:
  fips: false
  release:
    image: $TARGET_PATH/openshift/release-images:4.18.20-x86_64
  dns:
    baseDomain: xyz.com
  controllerAvailabilityPolicy: HighlyAvailable
  etcd:
    managed:
      storage:
        persistentVolume:
          size: 8Gi
          storageClassName: ocs-storagecluster-ceph-rbd
        type: PersistentVolume
    managementType: Managed
  infrastructureAvailabilityPolicy: SingleReplica
  platform:
    kubevirt:
      baseDomainPassthrough: true
    type: KubeVirt
  additionalTrustBundle:
    name: user-ca-bundle
  networking:
    clusterNetwork:
      - cidr: 10.132.0.0/14
    networkType: OVNKubernetes
    serviceNetwork:
      - cidr: 172.31.0.0/16
  pullSecret:
    name: disconnected-secret
  configuration:
    operatorhub:
      disableAllDefaultSources: true
  capabilities: {}
  sshKey:
    name: ''
  autoscaling: {}
  imageContentSources:
    - mirrors:
        - $TARGET_PATH/openshift/release
      source: quay.io/openshift-release-dev/ocp-v4.0-art-dev
    - mirrors:
        - $TARGET_PATH/redhat
      source: registry.redhat.io/redhat
    - mirrors:
        - $TARGET_PATH/rhel9
      source: registry.redhat.io/rhel9
    - mirrors:
        - $TARGET_PATH/rhel8
      source: registry.redhat.io/rhel8
    - mirrors:
        - $TARGET_PATH/openshift/release-images
      source: quay.io/openshift-release-dev/ocp-release
    - mirrors:
        - $TARGET_PATH/openshift4
      source: registry.redhat.io/openshift4
    - mirrors:
        - $TARGET_PATH/multicluster-engine
      source: registry.redhat.io/multicluster-engine
  olmCatalogPlacement: management
  services:
    - service: APIServer
      servicePublishingStrategy:
        type: LoadBalancer
    - service: Ignition
      servicePublishingStrategy:
        type: Route
    - service: Konnectivity
      servicePublishingStrategy:
        type: Route
    - service: OAuthServer
      servicePublishingStrategy:
        type: Route
    Note: While you follow the Red Hat documentation, take note of the following two steps that must be done differently:
    1. The pull secret for the Hosted Control Plane in its namespace must only reference the host. Do not include the repository path.
    2. When you create the virtualized Hosted Control Plane cluster CR, remove OIDC service.
      - service: OIDC
  servicePublishingStrategy:
    type: Route
  5. Create a NodePool CR in the clusters namespace.
    apiVersion: hypershift.openshift.io/v1beta1
kind: NodePool
metadata:
  name: disconnected1
  namespace: clusters
spec:
  arch: amd64
  clusterName: disconnected1
  management:
    autoRepair: false
    upgradeType: Replace
  nodeDrainTimeout: 0s
  nodeVolumeDetachTimeout: 0s
  platform:
    kubevirt:
      attachDefaultNetwork: true
      compute:
        cores: 2
        memory: 6Gi
      networkInterfaceMultiqueue: Enable
      rootVolume:
        persistent:
          size: 32Gi
        type: Persistent
    type: KubeVirt
  release:
    image: $TARGET_PATH/openshift/release-images:4.18.20-x86_64
  replicas: 2
    Note:
    • Specify the cluster name and release image.
    • Specify the number of replicas along with configuration such as cores, memory and so on.