-
Feature
-
Resolution: Unresolved
-
Minor
-
None
-
None
-
Product / Portfolio Work
-
None
-
False
-
-
False
-
None
-
None
-
None
-
-
-
-
None
-
None
-
None
-
None
Feature Overview
This feature enables the Agent-based Installer (ABI) to support OpenShift Container Platform (OCP) clusters where nodes reside across multiple network segments. Currently, the ABI enforces a validation rule that restricts the install-config.yaml to a single MachineNetwork. This enhancement will align the installer's capabilities with OpenShift’s core networking stack, which already supports multi-network configurations, thereby allowing enterprise customers with complex topologies to utilize ABI without manual intervention or switching to alternative installation methods.
Goals
- Enable Multi-Network Support: Allow the definition of multiple CIDR ranges within the machineNetwork parameter of install-config.yaml.
- Improve Installer Consistency: Ensure ABI validation logic matches the broader OpenShift installation standards (IPI/UPI) which already support multiple machine networks.
- Reduce Deployment Friction: Eliminate the need for manual workarounds or "post-install" network adjustments for clusters spanning different subnets.
- Primary Persona: Cluster Administrators and Infrastructure Architects operating in partitioned or complex enterprise data center environments.
Requirements
Functional
- The installer must accept a list of CIDR blocks under the networking.machineNetwork field in install-config.yaml.
- The validation logic in the openshift-installer (CORS component) must be updated to permit multiple entries instead of throwing a validation error.
- The Agent-based ISO generation must correctly interpret and propagate these multiple network definitions to the nodes during the bootstrap phase.
Non-Functional
- Reliability: The installer must ensure that nodes in different subnets can still reach the API and Ingress VIPs as defined in the configuration.
- Backward Compatibility: Existing install-config.yaml files with a single machineNetwork must continue to function without modification.
- Maintainability: The fix should be implemented within the shared installer validation logic to prevent drift between different installation providers.
Use Case: Multi-Segment Enterprise Deployment
Problem Description:
An enterprise customer, such as a financial institution, maintains a strict network policy where Control Plane nodes are located in a "Management" subnet, while Worker nodes are distributed across several "Application" subnets for security or physical location reasons.
When the administrator attempts to use the Agent-based Installer to deploy this cluster, they provide an install-config.yaml containing the CIDR ranges for all involved subnets. Currently, the ABI validation fails immediately, stating that only one MachineNetwork is allowed. This forces the administrator to either use a single large flat network (violating security policy) or abandon ABI in favor of a more complex installation path, despite ABI being the preferred method for their disconnected or bare-metal environment.
User Story
"As a Cluster Administrator deploying OpenShift across multiple network segments, I want to specify multiple MachineNetworks in install-config.yaml so that I can deploy clusters that conform to my organization's network architecture using the Agent-based Installer."
Questions to Answer
Out of Scope
- Automated routing configuration between the subnets (this remains the responsibility of the customer's physical/virtual infrastructure).
- Support for multiple clusterNetwork or serviceNetwork entries (this RFE is strictly limited to machineNetwork).
Links
- Workaround:[ OCPBUGS-29975 Comment|https://issues.redhat.com/browse/OCPBUGS-29975?focusedId=27256274&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-27256274]
- clones
-
OCPSTRAT-2939 Automate and simplify Day-2 control plane node replacement operation
-
- New
-
- is related to
-
RFE-5378 Allow specifying multiple MachineNetworks in "install-config.yaml" instead of "agent-config.yaml"
-
- Approved
-