Skip to content

Under Cluster Setup

This guide covers preparation of the under cluster — the Kubernetes cluster that hosts the kMetal platform components and runs every tenant cluster's hosted control plane.

System Requirements

Hardware

Minimum (lab / evaluation):

  • 3 control-plane nodes
  • 8 CPU cores per node
  • 16 GB RAM per node
  • 100 GB SSD per node
  • 1 Gbps network

Recommended (production):

  • 3 control-plane + 3+ worker nodes
  • 16 CPU cores per node
  • 64 GB RAM per node
  • 500 GB NVMe per node
  • 10 Gbps network with redundancy

Network

  • Internet egress for image pulls
  • A reserved IP range on the under cluster's external VLAN for MetalLB to advertise (tenant control-plane VIPs come from this range)
  • DNS resolution for the under cluster's API endpoint and any tenant FQDNs you plan to expose
  • Firewall: 6443 (Kubernetes API), 443 (HTTPS), 2379-2380 (etcd, internal), 10250 (kubelet), 8132 (Konnectivity from workers)

Storage

  • A default StorageClass capable of dynamic provisioning. The kMetal umbrella chart includes local-path-provisioner for lab use; production deployments typically replace it with a vendor CSI driver.

See Storage Configuration for details.

Commercial Access

Commercial Platform Access Required

kMetal is a commercial product. You need a registry username and token from Clastix to pull the chart and its container images.

  1. Request access: Contact Clastix.
  2. Receive a registry username and time-limited token (ghcr.io/clastix/oci).
  3. Verify access before installation:

    helm registry login ghcr.io -u <username> -p <token>
    helm show chart oci://ghcr.io/clastix/oci/kmetal
    

Kubernetes Cluster Setup

Option 1: Existing Kubernetes Cluster

If you already have a Kubernetes cluster that meets the requirements above, verify it:

kubectl version
kubectl get nodes
kubectl get storageclass

Option 2: Create a new cluster

Use any standard Kubernetes installer (kubeadm, RKE2, Kairos, etc.) to bring up a 3-node HA control plane plus the worker nodes you need.

# Example: bootstrap a kubeadm-based cluster on the first CP node
sudo kubeadm init --pod-network-cidr=10.93.0.0/16 --service-cidr=10.96.0.0/16
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

# Join additional CP and worker nodes per kubeadm output

Primary CNI

The under cluster's primary CNI is Flannel (deployed as part of the kMetal umbrella chart). Do not install a different primary CNI separately — the chart will deploy Flannel and Kube-OVN (as a secondary CNI via Multus) on top.

Next Steps

When the under cluster is up and you have registry credentials, continue to kMetal Installation.