Chapter 3. Cluster capabilities
Cluster administrators can use cluster capabilities to enable or disable optional components prior to installation. Cluster administrators can enable cluster capabilities at anytime after installation.
Cluster administrators cannot disable a cluster capability after it is enabled.
3.1. Selecting cluster capabilities
You can select cluster capabilities by following one of the installation methods that include customizing your cluster, such as "Installing a cluster on AWS with customizations" or "Installing a cluster on GCP with customizations".
During a customized installation, you create an install-config.yaml
file that contains the configuration parameters for your cluster.
If you customize your cluster by enabling or disabling specific cluster capabilities, you are responsible for manually maintaining your install-config.yaml
file. New OpenShift Container Platform updates might declare new capability handles for existing components, or introduce new components altogether. Users who customize their install-config.yaml
file should consider periodically updating their install-config.yaml
file as OpenShift Container Platform is updated.
You can use the following configuration parameters to select cluster capabilities:
capabilities: baselineCapabilitySet: v4.11 1 additionalEnabledCapabilities: 2 - CSISnapshot - Console - Storage
- 1
- Defines a baseline set of capabilities to install. Valid values are
None
,vCurrent
andv4.x
. If you selectNone
, all optional capabilities will be disabled. The default value isvCurrent
, which enables all optional capabilities.Notev4.x
refers to any value up to and including the current cluster version. For example, valid values for a OpenShift Container Platform 4.12 cluster arev4.11
andv4.12
. - 2
- Defines a list of capabilities to explicitly enable. These will be enabled in addition to the capabilities specified in
baselineCapabilitySet
.NoteIn this example, the default capability is set to
v4.11
. TheadditionalEnabledCapabilities
field enables additional capabilities over the defaultv4.11
capability set.
The following table describes the baselineCapabilitySet
values.
Value | Description |
---|---|
| Specify this option when you want to automatically add new, default capabilities that are introduced in new releases. |
|
Specify this option when you want to enable the default capabilities for OpenShift Container Platform 4.11. By specifying |
|
Specify this option when you want to enable the default capabilities for OpenShift Container Platform 4.12. By specifying |
|
Specify this option when you want to enable the default capabilities for OpenShift Container Platform 4.13. By specifying |
|
Specify this option when you want to enable the default capabilities for OpenShift Container Platform 4.14. By specifying |
|
Specify when the other sets are too large, and you do not need any capabilities or want to fine-tune via |
3.2. Optional cluster capabilities in OpenShift Container Platform 4.14
Currently, cluster Operators provide the features for these optional capabilities. The following summarizes the features provided by each capability and what functionality you lose if it is disabled.
Additional resources
3.2.1. Bare-metal capability
Purpose
The Cluster Baremetal Operator provides the features for the baremetal
capability.
The Cluster Baremetal Operator (CBO) deploys all the components necessary to take a bare-metal server to a fully functioning worker node ready to run OpenShift Container Platform compute nodes. The CBO ensures that the metal3 deployment, which consists of the Bare Metal Operator (BMO) and Ironic containers, runs on one of the control plane nodes within the OpenShift Container Platform cluster. The CBO also listens for OpenShift Container Platform updates to resources that it watches and takes appropriate action.
The bare-metal capability is required for deployments using installer-provisioned infrastructure. Disabling the bare-metal capability can result in unexpected problems with these deployments.
It is recommended that cluster administrators only disable the bare-metal capability during installations with user-provisioned infrastructure that do not have any BareMetalHost
resources in the cluster.
If the bare-metal capability is disabled, the cluster cannot provision or manage bare-metal nodes. Only disable the capability if there are no BareMetalHost
resources in your deployment. The baremetal
capability depends on the MachineAPI
capability. If you enable the baremetal
capability, you must also enable MachineAPI
.
3.2.2. Build capability
Purpose
The Build
capability enables the Build
API. The Build
API manages the lifecycle of Build
and BuildConfig
objects.
If the Build
capability is disabled, the cluster cannot use Build
or BuildConfig
resources. Disable the capability only if Build
and BuildConfig
resources are not required in the cluster.
3.2.3. Cluster Image Registry capability
Purpose
The Cluster Image Registry Operator provides features for the ImageRegistry
capability.
The Cluster Image Registry Operator manages a singleton instance of the OpenShift image registry. It manages all configuration of the registry, including creating storage.
On initial start up, the Operator creates a default image-registry
resource instance based on the configuration detected in the cluster. This indicates what cloud storage type to use based on the cloud provider.
If insufficient information is available to define a complete image-registry
resource, then an incomplete resource is defined and the Operator updates the resource status with information about what is missing.
The Cluster Image Registry Operator runs in the openshift-image-registry
namespace and it also manages the registry instance in that location. All configuration and workload resources for the registry reside in that namespace.
In order to integrate the image registry into the cluster’s user authentication and authorization system, a service account token secret and an image pull secret are generated for each service account in the cluster.
If you disable the ImageRegistry
capability or if you disable the integrated OpenShift image registry in the Cluster Image Registry Operator’s configuration, the service account token secret and image pull secret are not generated for each service account.
If you disable the ImageRegistry
capability, you can reduce the overall resource footprint of OpenShift Container Platform in resource-constrained environments. Depending on your deployment, you can disable this component if you do not need it.
Project
cluster-image-registry-operator
Additional resources
3.2.4. Cluster storage capability
Purpose
The Cluster Storage Operator provides the features for the Storage
capability.
The Cluster Storage Operator sets OpenShift Container Platform cluster-wide storage defaults. It ensures a default storageclass
exists for OpenShift Container Platform clusters. It also installs Container Storage Interface (CSI) drivers which enable your cluster to use various storage backends.
If the cluster storage capability is disabled, the cluster will not have a default storageclass
or any CSI drivers. Users with administrator privileges can create a default storageclass
and manually install CSI drivers if the cluster storage capability is disabled.
Notes
- The storage class that the Operator creates can be made non-default by editing its annotation, but this storage class cannot be deleted as long as the Operator runs.
3.2.5. Console capability
Purpose
The Console Operator provides the features for the Console
capability.
The Console Operator installs and maintains the OpenShift Container Platform web console on a cluster. The Console Operator is installed by default and automatically maintains a console.
Additional resources
3.2.6. CSI snapshot controller capability
Purpose
The Cluster CSI Snapshot Controller Operator provides the features for the CSISnapshot
capability.
The Cluster CSI Snapshot Controller Operator installs and maintains the CSI Snapshot Controller. The CSI Snapshot Controller is responsible for watching the VolumeSnapshot
CRD objects and manages the creation and deletion lifecycle of volume snapshots.
Additional resources
3.2.7. DeploymentConfig capability
Purpose
The DeploymentConfig
capability enables and manages the DeploymentConfig
API.
If the DeploymentConfig
capability is disabled, the cluster cannot use DeploymentConfig
resources. Disable the capability only if DeploymentConfig
resources are not required in the cluster.
3.2.8. Insights capability
Purpose
The Insights Operator provides the features for the Insights
capability.
The Insights Operator gathers OpenShift Container Platform configuration data and sends it to Red Hat. The data is used to produce proactive insights recommendations about potential issues that a cluster might be exposed to. These insights are communicated to cluster administrators through Insights Advisor on console.redhat.com.
Notes
Insights Operator complements OpenShift Container Platform Telemetry.
Additional resources
3.2.9. Machine API capability
Purpose
The machine-api-operator
, cluster-autoscaler-operator
, and cluster-control-plane-machine-set-operator
Operators provide the features for the MachineAPI
capability. You can disable this capability only if you install a cluster with user-provisioned infrastructure.
The Machine API capability is responsible for all machine configuration and management in the cluster. If you disable the Machine API capability during installation, you need to manage all machine-related tasks manually.
3.2.10. Marketplace capability
Purpose
The Marketplace Operator provides the features for the marketplace
capability.
The Marketplace Operator simplifies the process for bringing off-cluster Operators to your cluster by using a set of default Operator Lifecycle Manager (OLM) catalogs on the cluster. When the Marketplace Operator is installed, it creates the openshift-marketplace
namespace. OLM ensures catalog sources installed in the openshift-marketplace
namespace are available for all namespaces on the cluster.
If you disable the marketplace
capability, the Marketplace Operator does not create the openshift-marketplace
namespace. Catalog sources can still be configured and managed on the cluster manually, but OLM depends on the openshift-marketplace
namespace in order to make catalogs available to all namespaces on the cluster. Users with elevated permissions to create namespaces prefixed with openshift-
, such as system or cluster administrators, can manually create the openshift-marketplace
namespace.
If you enable the marketplace
capability, you can enable and disable individual catalogs by configuring the Marketplace Operator.
Additional resources
3.2.11. Node Tuning capability
Purpose
The Node Tuning Operator provides features for the NodeTuning
capability.
The Node Tuning Operator helps you manage node-level tuning by orchestrating the TuneD daemon and achieves low latency performance by using the Performance Profile controller. The majority of high-performance applications require some level of kernel tuning. The Node Tuning Operator provides a unified management interface to users of node-level sysctls and more flexibility to add custom tuning specified by user needs.
If you disable the NodeTuning capability, some default tuning settings will not be applied to the control-plane nodes. This might limit the scalability and performance of large clusters with over 900 nodes or 900 routes.
Additional resources
3.2.12. OpenShift samples capability
Purpose
The Cluster Samples Operator provides the features for the openshift-samples
capability.
The Cluster Samples Operator manages the sample image streams and templates stored in the openshift
namespace.
On initial start up, the Operator creates the default samples configuration resource to initiate the creation of the image streams and templates. The configuration object is a cluster scoped object with the key cluster
and type configs.samples
.
The image streams are the Red Hat Enterprise Linux CoreOS (RHCOS)-based OpenShift Container Platform image streams pointing to images on registry.redhat.io
. Similarly, the templates are those categorized as OpenShift Container Platform templates.
If you disable the samples capability, users cannot access the image streams, samples, and templates it provides. Depending on your deployment, you might want to disable this component if you do not need it.
Additional resources