Feature Overview

This feature enables the Agent-based Installer (ABI) to support OpenShift Container Platform (OCP) clusters where nodes reside across multiple network segments. Currently, the ABI enforces a validation rule that restricts the install-config.yaml to a single MachineNetwork. This enhancement will align the installer's capabilities with OpenShift’s core networking stack, which already supports multi-network configurations, thereby allowing enterprise customers with complex topologies to utilize ABI without manual intervention or switching to alternative installation methods.

Goals

• Enable Multi-Network Support: Allow the definition of multiple CIDR ranges within the machineNetwork parameter of install-config.yaml.
• Improve Installer Consistency: Ensure ABI validation logic matches the broader OpenShift installation standards (IPI/UPI) which already support multiple machine networks.
• Reduce Deployment Friction: Eliminate the need for manual workarounds or "post-install" network adjustments for clusters spanning different subnets.
• Primary Persona: Cluster Administrators and Infrastructure Architects operating in partitioned or complex enterprise data center environments.

Requirements

Functional

• The installer must accept a list of CIDR blocks under the networking.machineNetwork field in install-config.yaml.
• The validation logic in the openshift-installer (CORS component) must be updated to permit multiple entries instead of throwing a validation error.
• The Agent-based ISO generation must correctly interpret and propagate these multiple network definitions to the nodes during the bootstrap phase.

Non-Functional

• Reliability: The installer must ensure that nodes in different subnets can still reach the API and Ingress VIPs as defined in the configuration.
• Backward Compatibility: Existing install-config.yaml files with a single machineNetwork must continue to function without modification.
• Maintainability: The fix should be implemented within the shared installer validation logic to prevent drift between different installation providers.

Use Case: Multi-Segment Enterprise Deployment

Problem Description:

An enterprise customer, such as a financial institution, maintains a strict network policy where Control Plane nodes are located in a "Management" subnet, while Worker nodes are distributed across several "Application" subnets for security or physical location reasons.

When the administrator attempts to use the Agent-based Installer to deploy this cluster, they provide an install-config.yaml containing the CIDR ranges for all involved subnets. Currently, the ABI validation fails immediately, stating that only one MachineNetwork is allowed. This forces the administrator to either use a single large flat network (violating security policy) or abandon ABI in favor of a more complex installation path, despite ABI being the preferred method for their disconnected or bare-metal environment.

User Story

"As a Cluster Administrator deploying OpenShift across multiple network segments, I want to specify multiple MachineNetworks in install-config.yaml so that I can deploy clusters that conform to my organization's network architecture using the Agent-based Installer."

Questions to Answer

Out of Scope

• Automated routing configuration between the subnets (this remains the responsibility of the customer's physical/virtual infrastructure).
• Support for multiple clusterNetwork or serviceNetwork entries (this RFE is strictly limited to machineNetwork).

Links

• Workaround:[ OCPBUGS-29975 Comment|https://issues.redhat.com/browse/OCPBUGS-29975?focusedId=27256274&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-27256274]