1. Installation Diagram

Below is the diagram I use to install Openshift 4.5 on vSphere.

2. Prerequisite

Please refer to the Openshift Documentation for more information regarding supported config

DNS Record Requirement

Create following DNS entries using following format. In my example, my cluster name is ocp01 and my base domain is corp.local

DHCP Server

This is a fully automated installation of Openshift cluster. It is known as Installer-Provisioned Infrastructure (IPI). DHCP is required to provide IP address to the provisioned nodes.

In this lab, I will not customize the OpenshiftSDN networking parameters. I will use the default value.

Linux Host

You need a host to perform the installation. It can be Mac OS or Linux. This host should have connectivity to vCenter Server. In my example, I use Ubuntu 18.04 server which also running in the lab environment.

Resource Requirement

I installed the cluster on my lab setup which has limited resources. I summarize the resources that I have used in my lab environment.

I provisioned standard Openshift 4.5 cluster with 3x Master nodes and 3x Worker nodes plus additional 1x bootstrap node. The bootstrap node is a node to prepare the master node. After the cluster initialized, the bootstrap node will be terminated. This configuration is default and can be adjusted in the install-config.yaml

vCPU can be shared amongst the node. The memory assigned to the VM is 16GB for master and 8GB for worker. The actual memory usage is listed in the table below. The disk is configured as thick provisioning, so make sure you have enough disk space. This information is preety much minimal. If you have resources lower than this, you might want to consider to lower the number of nodes.

3. Install Openshift

Step 1: Download Installer file, pull secret, and CLI file from the Infrastructure Provider page on the Red Hat OpenShift Cluster Manager site. You will need to login using RedHat account.

Untar the Openshift installer and client file

tar xvf openshift-install-linux.tar.gz
tar xvf openshift-client-linux.tar.gz
mv oc kubectl openshift-install /usr/local/bin/

Step 2: Generating SSH Private Key and Add it to SSH Agent

Generate SSH Key for passwordless login

ssh-keygen -t rsa -b 2048 -N '' -f ~/.ssh/id_rsa
eval "$(ssh-agent -s)"
ssh-add ~/.ssh/id_rsa

Step 3: Adding vCenter root CA certificates to system trust Because the installation program requires access to your vCenter’s API, you must add your vCenter’s trusted root CA certificates to your system trust before you install an OpenShift Container Platform cluster.

The guide to retrieve vCenter root CA can be found here:


Download the root CA

wget https://vcsa-01a.corp.local/certs/download.zip

Unzip the downloaded file

unzip download.zip

Change .0 file extension in certs/lin directory into .crt

ls -al certs/lin
total 24
drwxrwxr-x 2 holuser holuser 4096 Aug 14 07:20 .
drwxrwxr-x 5 holuser holuser 4096 Aug 14 07:20 ..
-rw-r--r-- 1 holuser holuser 1489 Apr 24  2018 09d9eae8.0
-rw-r--r-- 1 holuser holuser  775 Aug 14  2020 09d9eae8.r0
-rw-r--r-- 1 holuser holuser 1489 Apr 30  2018 660b6051.0
-rw-r--r-- 1 holuser holuser  775 Aug 14  2020 660b6051.r0
mv 09d9eae8.0 09d9eae8.crt
mv 660b6051.0 660b6051.crt

Copy the cert into the system. I’m using Ubuntu to execute the installation program, so the directory is for Ubuntu.

sudo mkdir /usr/share/ca-certificates/extra
sudo cp certs/lin/*.crt /usr/share/ca-certificates/extra
sudo dpkg-reconfigure ca-certificates

Step 4: Run the Openshift installer with following command to start the wizard

openshift-install create cluster

After installing the cluster, the login credential is mentioned.

4. Login to the cluster

$ export KUBECONFIG=auth/kubeconfig

$ oc login
Authentication required for https://api.ocp01.corp.local:6443 (openshift)
Username: kubeadmin
Login successful.

You have access to 57 projects, the list has been suppressed. You can list all projects with 'oc projects'

Using project "default".

$ oc whoami

$ oc get nodes
NAME                       STATUS     ROLES    AGE    VERSION
ocp01-5n9hb-master-0       Ready      master   69m    v1.18.3+002a51f
ocp01-5n9hb-master-1       Ready      master   69m    v1.18.3+002a51f
ocp01-5n9hb-master-2       Ready      master   69m    v1.18.3+002a51f
ocp01-5n9hb-worker-2btk5   Ready      worker   55m    v1.18.3+002a51f
ocp01-5n9hb-worker-6plhb   Ready      worker   55m    v1.18.3+002a51f
ocp01-5n9hb-worker-qknqq   Ready      worker   55m    v1.18.3+002a51f
ocp01-5n9hb-worker-xgp7g   Ready      worker   7m9s   v1.18.3+002a51f