Immutable Infrastructure

Infrastructure Resources for Huawei DCS

TOC

OverviewCloud CredentialsUsing the Web UIPrerequisitesCreating a Cloud CredentialManaging Cloud CredentialsUsing YAMLIP PoolsUsing the Web UIPrerequisitesCreating an IP PoolManaging IP PoolsUsing YAMLPersistent Disks in the IP PoolMachine TemplatesUsing the Web UIPrerequisitesCreating a Machine TemplateManaging Machine TemplatesUsing YAMLResource RelationshipsNext Steps

Overview

Before creating clusters on Huawei DCS, you need to configure infrastructure resources including cloud credentials, IP pools, and machine templates.

You can manage infrastructure resources using either the web UI or YAML manifests. The web UI provides a guided interface with validation, while YAML offers automation capabilities.

On Huawei DCS, the IP pool also carries any disks that must survive VM replacement. This includes the platform-required /var/cpaas disk.

INFO

Namespace Requirement All infrastructure resources must be deployed in the cpaas-system namespace to ensure proper integration with the platform as business clusters.

Cloud Credentials

Cloud credentials store the DCS platform access information required for cluster operations.

Using the Web UI

Prerequisites

Before creating a cloud credential, verify the following DCS platform requirements:

User Configuration:

  • User Type: Must be Interface interconnection user
  • Role: Must be administrator

Password Policy: Navigate to System ManagementRights ManagementRights Management Policy and verify:

  • Policy: Whether to modify the password of an interface interconnection user upon password resetting and first login
  • Value: Must be set to No

If set to Yes, the user's password will be forced to change upon first login, breaking authentication and causing cluster creation failures.

Creating a Cloud Credential

Navigation: Clusters → Cloud Credentials → Create Cloud Credential → Select Huawei DCS

Form Fields:

FieldTypeRequiredDescription
NametextYesUnique identifier for the credential (1-63 characters, lowercase letters, numbers, and hyphens only)
Display NametextNoCustom description for easy identification
DCS EndpointURLYesDCS platform API address (must start with http:// or https://)
UsernametextYesDCS platform API user login name
PasswordpasswordYesDCS platform API user login password
SitetextYesSite where the VM templates are located (all resources must be in the same site)

Validation Rules:

  • Name must be 1-63 characters, containing only lowercase letters, numbers, and hyphens, and must start and end with a letter or number
  • DCS Endpoint must be a valid URL format starting with http:// or https://

Managing Cloud Credentials

Viewing Credentials: Navigate to Clusters → Cloud Credentials to view all configured credentials with their type, creation time, and creator.

Updating Credentials: Click Update on a credential to modify the Display Name. Password updates are not supported in the current version (planned for a future release).

Deleting Credentials: Click Delete to remove a credential. Confirm the deletion in the dialog.

Using YAML

Create a Secret resource to store DCS authentication information:

dcs-secret.yaml
apiVersion: v1
data:
  authUser: <base64-encoded-auth-user>
  authKey: <base64-encoded-auth-key>
  endpoint: <base64-encoded-endpoint>
kind: Secret
metadata:
  name: <auth-secret-name>
  namespace: cpaas-system
type: Opaque

Parameter Descriptions:

ParameterDescription
.data.authUserDCS platform API user login name (base64-encoded)
.data.authKeyDCS platform API user login password (base64-encoded)
.data.endpointDCS platform API address with http or https protocol (base64-encoded). Note: The default API port for DCS platform is 7443 (not the common 8443). If your environment uses a custom port, confirm with your administrator.

Example:

# Encode credentials
echo -n "admin" | base64
echo -n "your-password" | base64
echo -n "https://dcs.example.com:7443" | base64

# Apply the Secret
kubectl apply -f dcs-secret.yaml -n cpaas-system

IP Pools

IP pools define the network configuration (IP addresses, subnet masks, gateways, DNS) for cluster nodes. Each pool can contain multiple node entries, and each node can have multiple network interface configurations.

For DCS persistent disks, each IP entry can also declare persistentDisk items. These disks are bound to the IP slot instead of the VM lifecycle, so they can be detached from an old VM and reattached to a replacement VM during rolling upgrades. Use this mechanism for the platform-required /var/cpaas disk and for any other node-local data that must survive delete-recreate operations. Since DCS provider v1.0.16, this persistentDisk declaration is supported through YAML only.

Using the Web UI

Prerequisites

  • Cloud Credential has been created
INFO

Since DCS provider v1.0.16, the IP Pool web UI covers IP, hostname, and NIC settings only. It does not expose DCSIpHostnamePool.spec.pool[].persistentDisk. Configure persistent disks through YAML manifests.

Creating an IP Pool

Navigation: Clusters → Virtual Machine → IP Pools → Create IP Pool → Select Credential

Form Structure:

The IP Pool form consists of a list of Pools. Each Pool represents one node and contains:

  1. Node IP (required, exactly one per Pool)
  2. Additional NIC IPs (optional, multiple per Pool)

Node IP Fields:

FieldTypeRequiredDescription
IPIP addressYesIP address for the Kubernetes Node
Subnet MaskCIDRYesSubnet mask for the network
GatewayIP addressYesGateway IP address
DNSIP addressNoDNS server addresses (comma-separated for multiple)
HostnametextNoHostname for the virtual machine
Machine NametextNoVirtual machine name in the DCS platform
dvSwitch NamedropdownNoVirtual switch name (from DCS platform)
Port Group NamedropdownNoPort group name (from DCS platform)

Additional NIC IPs Fields:

FieldTypeRequiredDescription
IPIP addressYesNon-Node IP address (e.g., storage network)
Subnet MaskCIDRYesSubnet mask for the network
GatewayIP addressYesGateway IP address
DNSIP addressNoDNS server addresses
dvSwitch NamedropdownYesVirtual switch name (from DCS platform)
Port Group NamedropdownYesPort group name (from DCS platform)

Validation Rules:

  • IP addresses must be unique within the same IP Pool
  • IP addresses must be valid IPv4 format
  • Subnet mask must be valid format
  • IP address must be within the configured subnet range
  • Gateway must be a valid IPv4 address within the subnet range

Tips:

  • At least one node entry is required
  • Exactly one Node IP configuration is required per node
  • Additional NIC IPs are optional for multi-NIC scenarios (e.g., storage network separation)

Managing IP Pools

Viewing Pools: Navigate to Clusters → Virtual Machine → IP Pools to view all configured pools with their node IPs and creation time.

Updating Pools: Click Update to add or remove node entries and modify network configurations.

Deleting Pools: Click Delete to remove a pool. Confirm the deletion in the dialog.

Using YAML

Create a DCSIpHostnamePool resource:

dcs-ippool.yaml
apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
kind: DCSIpHostnamePool
metadata:
  name: <iphostname-pool-name>
  namespace: cpaas-system
spec:
  pool:
  - ip: "<ip-1>"
    mask: "<mask>"
    gateway: "<gateway>"
    dns: "<dns>"
    hostname: "<hostname-1>"
    machineName: "<machine-name-1>"
  - ip: "<ip-2>"
    mask: "<mask>"
    gateway: "<gateway>"
    dns: "<dns>"
    hostname: "<hostname-2>"
    machineName: "<machine-name-2>"
  - ip: "<ip-3>"
    mask: "<mask>"
    gateway: "<gateway>"
    dns: "<dns>"
    hostname: "<hostname-3>"
    machineName: "<machine-name-3>"

Parameter Descriptions:

ParameterTypeDescriptionRequired
.spec.pool[].ipstringIP address for the virtual machine to be createdYes
.spec.pool[].maskstringSubnet maskYes
.spec.pool[].gatewaystringGateway IP addressYes
.spec.pool[].dnsstringDNS server IP (use ',' to separate multiple servers)No
.spec.pool[].machineNamestringName of the virtual machine in the DCS platformNo
.spec.pool[].hostnamestringHostname of the virtual machineNo
WARNING

You must configure machine information for a number of machines greater than or equal to the number of nodes you plan to deploy. Insufficient entries will prevent node deployment.

Persistent Disks in the IP Pool

Declare upgrade-preserved disks in DCSIpHostnamePool.spec.pool[].persistentDisk, not in DCSMachineTemplate.

Since DCS provider v1.0.16, YAML is the only supported way to declare these persistent disks.

  • Use the IP entry to bind each persistent disk to a fixed (ip, slot) identity.
  • Use this model for the platform-required /var/cpaas disk.
  • Keep DCSMachineTemplate focused on the system disk and any template-local disks that may be recreated with the VM.
  • When a replacement VM boots, the guest disk setup script checks for an existing filesystem. If one already exists, it skips formatting and mounts the disk directly.
  • Pool-managed persistent disks require one-by-one replacement. Keep KubeadmControlPlane.spec.rolloutStrategy.rollingUpdate.maxSurge = 0 and MachineDeployment.spec.strategy.rollingUpdate.maxSurge = 0 when you rely on this feature.

If you plan to use persistent disks, ensure the DCS VM template is 4.2.1 or later because safe shutdown and disk detach depend on guest tools inside the guest OS.

Example:

dcs-ippool-with-persistent-disk.yaml
apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
kind: DCSIpHostnamePool
metadata:
  name: <iphostname-pool-name>
  namespace: cpaas-system
spec:
  pool:
  - ip: "<ip-1>"
    mask: "<mask>"
    gateway: "<gateway>"
    dns: "<dns>"
    hostname: "<hostname-1>"
    machineName: "<machine-name-1>"
    persistentDisk:
    - slot: 0
      quantityGB: 40
      datastoreClusterName: <datastore-cluster-name>
      path: /var/cpaas
      format: xfs
      mountOptions:
      - defaults

Persistent disk field descriptions:

FieldDescription
slotDisk position within the IP slot. It determines attach order, guest device naming, and the sequence number used during volume claim and reattach.
quantityGBDisk size in GB.
datastoreName / datastoreClusterNameSpecify exactly one storage target for the persistent disk.
pathMount path inside the guest OS. /var/cpaas is the platform-required path.
formatFilesystem used when the disk is first initialized. If the replacement VM sees an existing filesystem, formatting is skipped.
optionsmkfs options applied only when the disk is first formatted.
mountOptionsMount options applied when the disk is mounted.
pciTypeOptional PCI disk type. If omitted, the controller uses the default value from the implementation.

Update rules:

  • You can append new persistentDisk entries to an existing IP slot. The controller attaches the newly added disk to the running VM on the DCS side, but it does not format or mount the disk inside the guest OS. Guest formatting and mounting take effect only after the VM is replaced and the replacement VM runs the generated disk setup during bootstrap.
  • Do not delete existing persistentDisk entries from the spec. The webhook rejects removal.
  • Treat format, options, and pciType as immutable after creation.
  • Treat quantityGB and datastore changes as rollout-sensitive changes. The webhook performs best-effort platform validation when the pool carries a cluster label.
  • Treat path and mountOptions changes as guest-side changes that take effect on replacement machines during rolling updates.

Machine Templates

Machine templates define the virtual machine specifications (VM template, CPU, memory, disk, network) for cluster nodes. Each machine template has a Type that determines its usage:

  • Control Plane: For control plane nodes
  • Worker Node: For worker nodes

Using the Web UI

Prerequisites

  • IP Pool has been created
  • VM Template has been created in the DCS platform using MicroOS image
  • ConfigMap YAML has been applied to the global cluster

VM Template and ConfigMap:

Each MicroOS release includes a ConfigMap YAML that maps VM templates to Kubernetes versions. Apply this YAML before creating machine templates:

apiVersion: v1
data:
  corednsTag: 1.12.4-v4.2.3
  etcdTag: v3.5.21-251117
  kubernetesVersion: v1.33.6
  vmImageVersion: MicroOS-5.5-v4.2.0
kind: ConfigMap
metadata:
  labels:
    cpaas.io/dcs-vm-template: microos5.5-4.2.0
    cpaas.io/distribution-version: v4.2.0
    cpaas.io/kubernetes-version: v1.33
  name: 420-dcs-vm-template
  namespace: cpaas-system

Important: The cpaas.io/dcs-vm-template label value must match the VM template name in the DCS platform.

Creating a Machine Template

Navigation: Clusters → Virtual Machine → Machine Templates → Create Machine Template → Select Credential

Form Fields:

FieldTypeRequiredDescription
NametextYesUnique identifier for the template (1-63 characters, lowercase letters, numbers, and hyphens only)
TypedropdownYesControl Plane or Worker Node
VM Template NamedropdownYesFrom ConfigMap, shows OS Version and Kubernetes Version
LocationdropdownNoDCS platform location (datacenter, rack, etc.)
ResourcedropdownNoDCS platform resource pool or cluster
Specs-YesCPU and memory specifications
Specs.CPUnumberYesCPU cores (integer)
Specs.MemnumberYesMemory size in MB (displayed as GB in list view)
Disk-YesDisk configuration (see below)
IP PooldropdownYesReference to an existing IP Pool

Disk Configuration:

The disk configuration varies by template type.

Control Plane Required Disks:

Mount PathDefault Size (GB)Can Delete
System Volume(template default)No
/var/lib/kubelet100No
/var/lib/containerd100No
/var/lib/etcd10No

Worker Node Required Disks:

Mount PathDefault Size (GB)Can Delete
System Volume(template default)No
/var/lib/kubelet100No
/var/lib/containerd100No

You may add additional disks, but must retain all mandatory disks listed above.

INFO

Platform-required persistent disk

/var/cpaas is still required by the platform, but it is no longer documented as a DCSMachineTemplate disk. Configure it in the matching DCSIpHostnamePool.spec.pool[].persistentDisk entry instead so it can survive VM replacement.

Disk Field Descriptions:

FieldTypeDescription
Mount PathtextDirectory path for disk mounting
Disk Sizenumber (GB)Size of the disk
DatastoredropdownType: ClusterName or Name, then select from DCS platform

VM Template Selection Tip:

TIP

If multiple VM templates have the same Kubernetes version, select the template with the most recent OS version to benefit from the latest security updates and system improvements.

Managing Machine Templates

Viewing Templates: Navigate to Clusters → Virtual Machine → Machine Templates to view all templates with their VM Template Name, Resource, Location, Specs, and IP Pool.

Updating Templates: Click Update to modify specifications. Note that the Name field cannot be changed after creation.

Deleting Templates: Click Delete to remove a template. Confirm the deletion in the dialog.

Using YAML

Create a DCSMachineTemplate resource:

dcs-machinetemplate.yaml
apiVersion: infrastructure.cluster.x-k8s.io/v1beta1
kind: DCSMachineTemplate
metadata:
  name: <machine-template-name>
  namespace: cpaas-system
spec:
  template:
    spec:
      vmTemplateName: <vm-template-name>
      location:
        type: folder
        name: <folder-name>
      resource: # Optional, if not specified, uses template defaults
        type: cluster # cluster | host
        name: <cluster-name>
      vmConfig:
        dvSwitchName: <dv-switch-name> # Optional
        portGroupName: <port-group-name> # Optional
        dcsMachineCpuSpec:
          quantity: <cpu-cores>
        dcsMachineMemorySpec: # MB
          quantity: <memory-mb>
        dcsMachineDiskSpec: # GB
        - quantity: 0
          datastoreClusterName: <datastore-cluster-name>
          systemVolume: true
        - quantity: 100
          datastoreClusterName: <datastore-cluster-name>
          path: /var/lib/kubelet
          format: xfs
        - quantity: 100
          datastoreClusterName: <datastore-cluster-name>
          path: /var/lib/containerd
          format: xfs
        - quantity: 10
          datastoreClusterName: <datastore-cluster-name>
          path: /var/lib/etcd
          format: xfs
      ipHostPoolRef:
        name: <iphostname-pool-name>

Parameter Descriptions:

ParameterTypeDescriptionRequired
.spec.template.spec.vmTemplateNamestringDCS virtual machine template nameYes
.spec.template.spec.locationobjectLocation where the VM will be created (auto-selected if not specified)No
.spec.template.spec.location.typestringVM creation location type (currently only supports "folder")Yes*
.spec.template.spec.location.namestringVM creation folder nameYes*
.spec.template.spec.resourceobjectCompute resource selection for VM creation (auto-selected if not specified)No
.spec.template.spec.resource.typestringCompute resource type: cluster or hostYes*
.spec.template.spec.resource.namestringCompute resource nameYes*
.spec.template.spec.vmConfigobjectVirtual machine configurationYes
.spec.template.spec.vmConfig.dvSwitchNamestringVirtual machine switch name (uses template default if not specified)No
.spec.template.spec.vmConfig.portGroupNamestringPort group name (must belong to the specified switch, uses template default if not specified)No
.spec.template.spec.vmConfig.dcsMachineCpuSpec.quantityintVM CPU specification (cores)Yes
.spec.template.spec.vmConfig.dcsMachineMemorySpec.quantityintVM memory size in MBYes
.spec.template.spec.vmConfig.dcsMachineDiskSpec[]objectVM disk configurationYes
.spec.template.spec.vmConfig.dcsMachineDiskSpec[].quantityintDisk size in GB (0 for system disk uses template size)Yes
.spec.template.spec.vmConfig.dcsMachineDiskSpec[].datastoreClusterNamestringDatastore cluster name for the diskYes
.spec.template.spec.vmConfig.dcsMachineDiskSpec[].systemVolumeboolWhether this is the system disk (only one disk can be true)No
.spec.template.spec.vmConfig.dcsMachineDiskSpec[].pathstringDisk mount directory (disk won't be mounted if not specified)No
.spec.template.spec.vmConfig.dcsMachineDiskSpec[].formatstringFile system formatNo
.spec.template.spec.ipHostPoolRef.namestringReferenced DCSIpHostnamePool nameYes

*Required when parent object is specified

WARNING

Storage Requirements

Datastore Cross-Host Access The datastore clusters (datastoreClusterName) must support cross-host access across all physical machines in the DCS platform. If a datastore is only available on specific hosts, VM creation will fail when the DCS platform attempts to schedule the VM on a different host.

Shared Storage for Ignition If your datastore does not support direct file uploads (required for Ignition configs), you must provide a shared storage solution (e.g., NFS) that supports multi-host mounting.

Disk Configuration Rules You may add custom template disks, but must retain mandatory disks by node role:

  • Control plane: systemVolume, /var/lib/kubelet, /var/lib/containerd, /var/lib/etcd
  • Worker: systemVolume, /var/lib/kubelet, /var/lib/containerd Configure /var/cpaas in the IP pool as a persistent disk.

Resource Relationships

Infrastructure resources have the following dependency relationships:

Cloud Credential

IP Pool
    (network settings + persistent disk declarations)

Machine Template → references IP Pool

Cluster Creation

Resource Reusability:

  • One Cloud Credential can be used for multiple clusters
  • Multiple IP Pools can be created for different network segments
  • Multiple Machine Templates can be created for different node types and specifications

Next Steps

After configuring infrastructure resources: