Ask an OpenShift Admin Office Hour - The OpenShift Assisted Installer

There are several different methods to deploy OpenShift to your hyperscaler, hypervisor, or hardware platform of choice. One of the easiest is with the Assisted Installer, which provides an interactive experience where you are able to see, modify, and configure the cluster options then boot the nodes to an ISO and let the install run. No generating ignition configs. No attaching or hosting them. Just boot an ISO and you’re ready to go!

This stream we’re joined by Moran Goldboim, product manager for Red Hat OpenShift, to explore the OpenShift Assisted Installer, including various options and capabilities, how it takes some extra steps to test and validate the target machines, and learn more about what the future holds.

As always, please see the list below for additional links to specific topics, questions, and supporting materials for the episode!

If you’re interested in more streaming content, please subscribe to the Red Hat livestreaming calendar to see the upcoming episode topics and to receive any schedule changes. If you have questions or topic suggestions for the Ask an OpenShift Admin Office Hour, please contact us via Discord, Twitter, or come join us live, Wednesdays at 11am EDT / 1500 UTC, on YouTube and Twitch.

Episode 35 recorded stream:

Use this link to jump directly to where we start talking about today’s topic. 

This week’s top of mind topics:

• Please be aware of the recently announced CVE-2021-33909 and CVE-2021-33910, both of which are documented in RHSB-2021-006. We talked about the security bulletin during the stream a bit and noted that, while OpenShift and CoreOS aren’t specifically mentioned in the RHSB, CoreOS is built from RHEL and uses the software (systemd) mentioned in the RHSB. At a minimum, it would be a good idea to keep an eye on the page to see if there are any updates for OpenShift and, of course, keep your clusters up-to-date.
• Continuing on the security alert topic, a recent article on The New Stack highlighted a Helm vulnerability that discloses credentials. This was also addressed in CVE-2021-32690, which is being updated as more information becomes available about what is affected in the Red Hat portfolio. If you’re using Helm with OpenShift, please update your client regularly!
• Unfortunately, there is no way for OpenShift to control virtual machine (anti)affinity for nodes provisioned by the Machine API Operator, for example with vSphere UPI or IPI. If you’re wanting to use, for example, anti-affinity for the control plane virtual machines, that needs to be configured as a day 2 action by the vSphere administrator.
• If you’re deploying OpenShift clusters that are a mix of virtual and physical nodes, for example the control plane is VMs and the worker nodes are physical servers, then you can use socket-based entitlements for the physical nodes. You are not required to use core-based entitlements, and you can mix the two types in the same pool.

Questions answered during the stream:

• What is the Assisted Installer and what are its goals? The Assisted Installer provides a more friendly user and end-to-end deployment experience, including offering features to be deployed and validation to be done during the install process.
• We walk through the process of deploying a single-node OpenShift deployment using the Assisted Installer starting here. If you haven’t seen the interface or tried using it before, this is where you want to go to see it in action.
• Does the Assisted Installer support IPv6? Not yet for the hosted service (on cloud.redhat.com), but for disconnected it’s on the roadmap.
• Is DNS required for the Assisted Installer? If there’s no available services at a remote site, can we deploy using Assisted Installer? The cluster’s internal DNS will work fine, but you’ll still need external DNS for other clients to reach the hosted applications.
• How does the Assisted Installer work in a disconnected environment?
• Does the Assisted Installer work with 3-node compact clusters? Yes, it works with single node, three node (compact), and regular cluster deployments.
• Can a cluster deployed by the Assisted Installer be disconnected and re-connected without issues? Yes, you can change the deployed cluster to be disconnected / connected as much as needed and it will work just fine.
• Are there any differences between a cluster deployed with the Assisted Installer vs other install methods? The resulting cluster is similar to bare metal IPI, using the integrated load balancer, but with no cloud provider integration, i.e. platform = none.
• Is DHCP required or can static IPs be used? Static IP assignment is available using the API, but not via the interface today. This is on the roadmap.
• Are the disks required to be empty / blank or will the installer wipe the disks? It will wipe the disks if they are not empty, and if you’re using OpenShift Virtualization or OpenShift Container Storage - both of which can be deployed from the Assisted Installer interface - it will offer the ability to configure and customize the disk layout and usage for the Local Storage Operator.
• Is there planned support for OKD with the Assisted Installer? Not at this time.

You can add nodes to the cluster post-deployment using the OpenShift Cluster Manager on cloud.redhat.com. It is aware that the cluster was deployed using the Assisted Installer and will offer you the ability to download an ISO to boot and join new nodes.