Validating Configuration
Purpose: For platform engineers and operators, shows how to validate cluster configuration before deployment to catch errors early.
Run Validation
opencenter cluster validate my-cluster
This runs three layers of checks:
- Schema validation — YAML structure matches the configuration schema
- Business rule validation — Cross-field constraints (e.g., HA requires 3+ control plane nodes)
- Provider-specific validation — Infrastructure prerequisites (API connectivity, resource availability)
Validation Layers
Schema Validation
Checks that all required fields are present and values match expected types:
✓ cluster_name is a valid DNS label
✓ kubernetes.version matches supported versions
✓ infrastructure.provider is one of: openstack, vmware, baremetal, kind
✓ services configuration matches service schema
Business Rules
Cross-field constraints that enforce production readiness:
✓ control_plane_count >= 3 for production clusters
✓ worker_count >= 1
✓ SOPS Age key is configured when secrets are present
✓ Required services are enabled for the provider type
✓ Network CIDRs do not overlap
Provider-Specific Checks
For OpenStack:
- API endpoint reachable with provided credentials
- Specified image, flavor, network, and subnet exist
- Floating IP pool has available IPs
For VMware:
- vCenter API reachable
- Datacenter, cluster, datastore, and network exist
- Configured VM inventory is consistent
For Baremetal:
- Bastion host is reachable
- Static node definitions are present and valid
- Control-plane and worker counts match the declared host inventory
For Kind:
- Local runtime prerequisites are present
- The selected container engine is available
Validate Manifests
After generating the GitOps repository, validate the rendered manifests:
opencenter cluster validate-manifests my-cluster
This runs kustomize build on all overlay directories and checks for:
- Valid YAML syntax
- Kubernetes resource schema compliance
- No duplicate resource names
- SOPS-encrypted secrets have valid encryption metadata
Fix Common Validation Errors
| Error | Fix |
|---|---|
missing required field: kubernetes.version | Add version: "1.33.5" to kubernetes section |
control_plane_count must be >= 3 for production | Set control_plane_count: 3 or use --profile dev |
SOPS age key not found | Run opencenter cluster keys generate my-cluster |
provider API unreachable | Check credentials and network connectivity |
Preflight Checks
For a more comprehensive pre-deployment check:
opencenter cluster preflight my-cluster
Preflight adds runtime checks: SSH connectivity to bastion, DNS resolution, NTP synchronization, and disk space on target nodes.