Reference Architecture: Physical Compute
Purpose: For platform engineers, provides server hardware specifications, CPU/memory configurations, BIOS/UEFI settings, and bare-metal provisioning requirements.
Overview
openCenter deploys on x86_64 server hardware running VMware vSphere or OpenStack (KVM). This document covers physical server specifications for control plane nodes, worker nodes, and infrastructure hosts (vCenter, bastion, storage controllers). All sizing aligns with the values in Capacity & Sizing.
Server Role Definitions
| Role | Count | Description |
|---|---|---|
| Hypervisor Host | 3–6 | Runs ESXi or KVM; hosts all Kubernetes VMs |
| Management Host | 1–2 | Runs vCenter Server, bastion, jump hosts |
| Storage Controller | 0–2 | Dedicated storage nodes (if using external SAN/NAS) |
Minimum Hardware Specifications
Hypervisor Hosts
Each hypervisor host must support the aggregate VM workload for the Kubernetes nodes it hosts. Size for a 1.3× overcommit ratio on CPU and 1.0× (no overcommit) on memory.
| Component | Minimum | Recommended | Notes |
|---|---|---|---|
| CPU | 2× Intel Xeon Silver 4314 (16C/32T) | 2× Intel Xeon Gold 6338 (32C/64T) | AMD EPYC 7003 series also supported |
| Memory | 256 GB DDR4 ECC 3200 MHz | 512 GB DDR4 ECC 3200 MHz | Populate all memory channels evenly |
| Boot Disk | 2× 480 GB SATA SSD (RAID 1) | 2× 960 GB NVMe M.2 (RAID 1) | For ESXi/KVM host OS only |
| Local Datastore | 2× 1.92 TB NVMe SSD | 4× 3.84 TB NVMe SSD | VM disks, etcd, container images |
| NIC | 2× 25 GbE SFP28 | 4× 25 GbE SFP28 | Minimum two for redundancy |
| BMC/IPMI | iLO 5 / iDRAC 9 / IPMI 2.0 | iLO 6 / iDRAC 9 Enterprise | Out-of-band management required |
| PSU | 2× 800W 80+ Platinum | 2× 1200W 80+ Titanium | Redundant, hot-swappable |
Management Hosts
| Component | Minimum | Recommended |
|---|---|---|
| CPU | 1× Intel Xeon Silver 4310 (12C/24T) | 1× Intel Xeon Gold 5318Y (24C/48T) |
| Memory | 128 GB DDR4 ECC | 256 GB DDR4 ECC |
| Boot Disk | 2× 480 GB SATA SSD (RAID 1) | 2× 960 GB NVMe (RAID 1) |
| NIC | 2× 10 GbE | 2× 25 GbE |
BIOS/UEFI Settings
Configure these settings before installing the hypervisor OS. Incorrect BIOS settings cause measurable performance degradation for Kubernetes workloads, particularly etcd latency.
| Setting | Value | Reason |
|---|---|---|
| Boot Mode | UEFI | Required for Secure Boot and modern OS support |
| Secure Boot | Enabled | ESXi 7.0+ and most Linux distros support it |
| Virtualization (VT-x / AMD-V) | Enabled | Required for hypervisor operation |
| VT-d / AMD-Vi (IOMMU) | Enabled | Required for PCI passthrough and SR-IOV |
| Hyper-Threading / SMT | Enabled | Increases vCPU capacity; disable only if security policy requires it |
| Power Profile | Maximum Performance | Prevents C-state latency spikes affecting etcd |
| C-States | Disabled (or C1 only) | Deep C-states add microsecond-level wake latency |
| P-States / SpeedStep | Disabled | Lock CPU frequency for consistent performance |
| Turbo Boost | Enabled | Allows burst capacity for short workloads |
| NUMA | Enabled | Required for NUMA-aware VM placement |
| Memory Interleaving | Disabled (use NUMA) | Channel interleaving defeats NUMA locality |
| SR-IOV | Enabled | Required if using SR-IOV virtual functions for network |
| TPM 2.0 | Enabled | Required for vTPM, Secure Boot attestation |
| Serial Console Redirection | Enabled (COM1, 115200) | Enables remote BIOS access via BMC |
Firmware and Driver Requirements
Keep firmware current. Mismatched firmware versions across hosts cause intermittent failures that are difficult to diagnose.
- Update to the latest vendor-certified firmware bundle before deployment (e.g., HPE SPP, Dell DSU, Lenovo UpdateXpress).
- Use the VMware HCL or Linux kernel compatibility list to verify NIC and storage controller driver versions.
- Document firmware versions per host in the asset inventory. Track these in a CMDB or spreadsheet at minimum.
CPU and Memory Sizing Rationale
For a medium cluster (50–200 workers), a three-host hypervisor cluster needs to run:
| VM Role | Count | vCPU | Memory | Total vCPU | Total Memory |
|---|---|---|---|---|---|
| Control Plane | 3 | 8 | 16 GB | 24 | 48 GB |
| Worker (General) | 6 | 4 | 16 GB | 24 | 96 GB |
| Worker (Compute) | 3 | 8 | 16 GB | 24 | 48 GB |
| Bastion | 1 | 2 | 4 GB | 2 | 4 GB |
| Total | 13 | 74 | 196 GB |
With a 1.3× CPU overcommit and 1.0× memory, three hypervisor hosts each need at least 26 physical cores and 66 GB RAM — well within the minimum spec above.
Bare-Metal Provisioning
openCenter does not manage bare-metal provisioning directly. Provision hosts using one of:
- PXE/iPXE boot with a DHCP/TFTP server serving ESXi or Ubuntu installer images.
- Vendor tools such as HPE OneView, Dell OpenManage, or Lenovo XClarity for image-based deployment.
- Foreman/MAAS for automated bare-metal lifecycle in OpenStack environments.
After OS installation, configure networking and storage as described in the Physical Network and Physical Storage documents.
Considerations
- Homogeneous hardware across hypervisor hosts simplifies vMotion/live migration and avoids EVC mode constraints in vSphere.
- NUMA alignment matters for etcd and latency-sensitive workloads. Pin control plane VMs to a single NUMA node when possible.
- Memory ECC is non-negotiable for production. Non-ECC memory causes silent data corruption.
- GPU passthrough for ML/AI workloads requires IOMMU enabled and vendor-specific vGPU drivers (NVIDIA vGPU, AMD MxGPU). This is outside the standard reference architecture.
- Warranty and support contracts should cover next-business-day or 4-hour parts replacement depending on SLA requirements.