Creating an OpenShift Virtualization Service cluster

Virtual Private Cloud 4.21 and later Bare metal worker nodes only RHCOS only

Create an OpenShift Virtualization Service cluster with pre-configured components for running virtual machines on Red Hat OpenShift on IBM Cloud.

This service is currently available as a beta release. Access is controlled by an allowlist. During the beta period, only console-based cluster creation is supported.

Objectives

In this tutorial, you will:

  • Prepare your VPC infrastructure for a Virtualization Service cluster
  • Create a Virtualization Service cluster using the console
  • Verify that pre-configured components are properly installed
  • Access the OpenShift Virtualization interface

Before you begin

Required permissions

All users need the following permissions regardless of the interface used:

  • Operator role for IBM Cloud Kubernetes Service
  • Editor or Administrator role for VPC Infrastructure Services

Required tools for console users

Required tools for CLI users

Create or verify your VPC setup

Before creating a Virtualization Service cluster, verify that your VPC infrastructure meets the following requirements. If you don't have the required resources, create them.

VPC infrastructure requirements

Your VPC setup must include:

VPC
A VPC in the region where you want to create the cluster.
Subnets
At least one subnet in each zone where you want to deploy worker nodes.
  • For high availability, create subnets in at least 3 zones for a multizone cluster
  • Each subnet must have enough IP addresses (256 recommended)
  • Do not use the following reserved ranges: 172.16.0.0/16, 172.18.0.0/16, 172.19.0.0/16, and 172.20.0.0/16
Bare metal capacity
Bare metal worker node flavors must be available in your selected zones.
  • Look for flavors ending in d, which indicates local NVME storage required for OpenShift Data Foundation
  • Verify that flavors support Virtualization Service by checking for the openshift-vs tag

Do not delete the subnets that you attach to your cluster during cluster creation or when you add worker nodes in a zone. If you delete a VPC subnet that your cluster used, any load balancers that use IP addresses from the subnet might experience issues, and you might be unable to create new load balancers.

If you don't have the required VPC infrastructure, complete the following steps to create it.

Creating VPC resources from the console

If you don't have the required VPC infrastructure, create it from the console.

  1. Create a VPC in the region where you want to create the cluster.

  2. Create subnets in each zone where you want to deploy worker nodes.

  3. Verify bare metal capacity in your selected zones by checking the available flavors when you create your cluster in the next step.

Creating VPC resources from the CLI

If you don't have the required VPC infrastructure, create it from the CLI.

  1. Create a VPC in the region where you want to create the cluster.

  2. Create subnets in each zone where you want to deploy worker nodes.

  3. Verify that bare metal capacity is available in your selected zones.

    ibmcloud ks flavors --zone <zone> --provider vpc-gen2 | grep metal

    Look for bare metal flavors ending in d, which indicates local NVME storage required for OpenShift Data Foundation. To verify that a specific flavor supports Virtualization Service, run ibmcloud ks flavor get --flavor <flavor> --zone <zone> --provider vpc-gen2 and check for the openshift-vs tag in the output. For a complete list of supported flavors, see Worker node flavors.

Create a Virtualization Service cluster

You can create a Virtualization Service cluster by using the console.

Creating a cluster from the console

  1. In the IBM Cloud console, navigate to Infrastructure > OpenShift virtualization.

  2. Click Create cluster.

  3. Review the pre-configured cluster settings:

    The following settings are automatically configured for OpenShift Virtualization Service clusters and cannot be changed:

    • Orchestrator: Red Hat OpenShift on IBM Cloud
    • Infrastructure: VPC
    • Machine type: Bare metal
    • Operating system: Red Hat CoreOS (RHCOS)
    • Networking plugin: Open Virtual Network (OVN-Kubernetes)

  4. Select the OpenShift version:

    OpenShift Virtualization requires version 4.21 or later. The latest supported version is automatically selected.

  5. Configure Virtualization integrations:

    Extend your cluster with key virtualization components. These integrations are connected once the cluster provisioning is complete.

    OpenShift Virtualization operator
    Automatically enabled with default settings. Creates and maintains the OpenShift Virtualization deployment. This integration is required and cannot be disabled.
    Advanced Cluster Management (ACM)
    Optional. Configure this cluster as the ACM hub cluster to control and monitor other Kubernetes clusters.
    • Plan: ACM for Virtualization
    • Managed clusters: Import later (default) or import existing clusters during setup
    • Disaster recovery: For disaster recovery, install ODF on a separate managed cluster
    OpenShift Data Foundation (ODF)
    Recommended. Provides portable and scalable software-defined file, block, and object persistent storage for your container workloads.
    • Version: Automatically selected based on OpenShift version
    • Plan: Advanced
    • Storage type: Local Storage (uses NVME storage from bare metal worker nodes)

    A storage add-on (ODF or File Storage for VPC) is required to provision a Virtualization Service cluster.

    File Storage for VPC
    Alternative to ODF. Provides file storage backed by VPC infrastructure. Only one storage option (ODF or File Storage for VPC) can be enabled.

  6. Select your Virtual private cloud:

    Choose an existing VPC or create a new one. If no VPCs are available, you'll need to create one before proceeding.

  7. Configure the Location:

    Worker zones
    Select the zones where you want to deploy worker nodes. Choose at least 3 zones for high availability.
    Subnets
    For each selected zone, choose the corresponding subnet from your VPC.

  8. Configure the Worker pool:

    Flavor
    Select a supported bare metal flavor with local NVME storage (e.g., bx2d.metal.96x384).

    Only bare metal flavors with the openshift-vs tag are available. These flavors include local NVME storage required for OpenShift Data Foundation.

    Worker nodes per zone
    Specify the number of worker nodes per zone (minimum 3 recommended for high availability).
    Worker pool encryption
    Optional. Enable a key management service (KMS) provider to encrypt worker node disks.
    • Select a KMS instance (e.g., Key Protect or Hyper Protect Crypto Services)
    • Choose a root key CRN for encryption

  9. Configure Networking:

    Network plugin
    Open Virtual Network (OVN-Kubernetes) is automatically configured and cannot be changed.

    OVN-Kubernetes provides advanced, distributed virtual networking with native support for logical switches, routers, and security policies.

    Network settings
    Choose how to communicate with the cluster master:
    • Both private & public endpoints: Communication is accessible from the internet and your private network (default)
    • Private endpoint only: Communication is established securely to authorized users in your private network, IBM Cloud services, or through a VPC VPN connection
    Internal registry
    Store images in the cluster internal registry with IBM Cloud Object Storage.
    • Select an existing Cloud Object Storage instance or create a new one
    • A COS bucket will be automatically created for your cluster's internal registry

  10. Configure Security settings:

    Outbound traffic protection
    Optional. Protect network traffic by enabling only the connectivity necessary for the cluster to operate and preventing access to the public Internet.

    This setting is disabled by default for Virtualization Service clusters.

    Cluster encryption
    Optional. Enable a key management service (KMS) provider to encrypt secrets in your cluster.
    • Select a KMS instance (e.g., Key Protect or Hyper Protect Crypto Services)
    • Choose a root key CRN for encryption
    Ingress secrets management
    Optional. Register an IBM Cloud Secrets Manager instance to manage ingress subdomain certificates and secrets.

    Service authorization is required to allow OpenShift to communicate with Secrets Manager. Click Authorize now to create a policy, or go to IAM to create a custom policy.

    VPC security groups
    Optional. Provide up to four custom security groups to apply to all worker nodes instead of the default VPC security group.

  11. Configure Cluster details:

    Cluster name
    Enter a unique name for your cluster (e.g., my-vs-cluster).
    Resource group
    Select the resource group where you want to create the cluster.
    Tags
    Optional. Add tags to organize and manage your cluster resources.

  12. Review the Summary and estimated cost:

    The summary shows:

    • Number of worker nodes and their configuration
    • Operating system (RHCOS)
    • ROVE license fee
    • Total estimated monthly cost

    Additional charges for networking and bandwidth might apply. The estimate does not include usage-based charges.

  13. Click Create to provision your cluster.

  14. Monitor the cluster creation progress in the IBM Cloud console. The cluster typically takes 30-45 minutes to provision.

Verify the cluster and pre-configured components

After your cluster is created, verify that it's working correctly and that pre-configured components are installed. Use the console-based checks to confirm the cluster and operators are available in the UI.

Access the cluster from the console

  1. In the IBM Cloud console, navigate to OpenShift > Clusters.

  2. Click your cluster name to view details.

  3. Verify that the cluster State shows Normal and the master status shows Ready.

  4. Click OpenShift web console to access the cluster interface.

  5. Optional: To use the CLI, click Actions > Connect via CLI for instructions.

Access the cluster from the CLI

  1. Configure your CLI to use the cluster:

    ibmcloud ks cluster config --cluster <cluster-name> --admin

  2. Verify cluster access:

    oc get nodes

Verify OpenShift Virtualization from the console

  1. In the OpenShift web console, navigate to Operators > Installed Operators.

  2. Select the openshift-cnv project from the dropdown.

  3. Verify that the OpenShift Virtualization operator shows a status of Succeeded.

  4. In the left navigation of the OpenShift web console, click Virtualization.

  5. Verify that the Virtualization pages load without prompts to install additional operators.

  6. Click the operator name and navigate to the HyperConverged tab.

  7. Verify that the HyperConverged resource shows a Phase of Deployed.

Verify OpenShift Virtualization from the CLI

  1. Check the OpenShift Virtualization Operator:

    oc get csv -n openshift-cnv

    Look for kubevirt-hyperconverged-operator with PHASE: Succeeded.

  2. Verify the HyperConverged resource:

    oc get hyperconverged -n openshift-cnv

    The PHASE should show Deployed.

  3. Check virtualization pods:

    oc get pods -n openshift-cnv

    All pods should be in Running or Completed state.

Access the OpenShift Virtualization interface

Access from the console

  1. In the IBM Cloud console, navigate to OpenShift > Clusters.

  2. Click your cluster name.

  3. Click OpenShift web console to open the cluster interface.

  4. In the left navigation, click Virtualization to access the virtual machine management interface.

  5. Explore the available options:

    • Overview: Dashboard showing VM statistics
    • VirtualMachines: List and manage VMs
    • Templates: Pre-configured VM templates
    • InstanceTypes: VM sizing configurations
    • Preferences: VM preference settings

Access from the CLI

  1. Get the OpenShift console URL:

    ibmcloud ks cluster get --cluster $CLUSTER_NAME | grep "Public Service Endpoint URL"

  2. Log in to the OpenShift web console using your IBM Cloud credentials.

  3. In the left navigation, click Virtualization to access the virtual machine management interface.

  4. Explore the available options:

    • Overview: Dashboard showing VM statistics
    • VirtualMachines: List and manage VMs
    • Templates: Pre-configured VM templates
    • InstanceTypes: VM sizing configurations
    • Preferences: VM preference settings

Next steps

Now that your Virtualization Service cluster is ready:

Troubleshooting

If you encounter issues during cluster creation:

Cluster creation fails with capacity error
Bare metal capacity may not be available in your selected zone. Try a different zone or contact IBM Cloud support.
Worker nodes fail to provision
  • Verify that your VPC and subnets are properly configured
  • Check that you have sufficient IP addresses in your subnets
  • Ensure your IAM permissions are correct
Pre-configured components not installing
  • Check cluster logs: ibmcloud ks cluster get --cluster <cluster-name> --show-resources
  • Verify add-on status: ibmcloud ks cluster addon ls --cluster <cluster-name>
  • Review operator logs in the OpenShift console

For more troubleshooting guidance, see Troubleshooting OpenShift Virtualization.