Overview
| Enterprise | ||||
|---|---|---|---|---|
| Available in these plans | Free | Dev | Prod | Scale |
| Metal3 Integration | ||||
vCluster Platform integrates Metal3 and Ironic for bare metal server lifecycle management. Physical servers are represented as BareMetalHost resources on a host cluster. The platform manages their detection, provisioning, configuration, and decommissioning for reuse.
When to use bare metal
Bare metal servers are a good fit when workloads need direct hardware access or predictable performance that virtualization cannot provide. Common use cases include:
- GPU and accelerator workloads: Machine learning training, inference, or video processing that requires direct GPU passthrough without a hypervisor layer.
- Performance-sensitive applications: Latency-critical databases, real-time analytics, or high-frequency trading systems that benefit from eliminating virtualization overhead.
- Hardware passthrough: Workloads that need access to specific hardware such as FPGAs, NICs with SR-IOV, or storage controllers.
- Compliance requirements: Environments where dedicated physical isolation is mandated by regulatory or security policies.
Prerequisites
Before managing bare metal servers, you need a Metal3 node provider configured on a host cluster. The node provider can deploy Metal3, Ironic, and a DHCP server automatically, or you can install them yourself.
Add servers
Bare metal servers are added by creating BareMetalHost resources on the host cluster, either through the platform UI or by applying them directly with kubectl. Each BareMetalHost represents a physical server and requires BMC (Baseboard Management Controller) configuration for out-of-band management.
BMC configuration
Each BareMetalHost needs a BMC address and credentials. The address scheme determines which driver Metal3 uses to communicate with the server's BMC.
Common address formats:
- Redfish:
redfish://192.168.1.100 - IPMI:
ipmi://192.168.1.100:623
For the full list of supported BMC drivers and address formats, see the Metal3 Bare Metal Operator documentation.
BMC credentials are stored in a Kubernetes Secret:
apiVersion: v1
kind: Secret
metadata:
name: server-01-bmc
namespace: metal3-system
type: Opaque
stringData:
username: admin
password: <BMC-PASSWORD>
Add a single server
You can add servers through the platform UI under Bare Metal Servers, or by creating the resources directly:
apiVersion: metal3.io/v1alpha1
kind: BareMetalHost
metadata:
name: server-01
namespace: metal3-system
labels:
role: compute
spec:
bmc:
address: redfish://192.168.1.100
credentialsName: server-01-bmc
disableCertificateVerification: true
bootMACAddress: "aa:bb:cc:dd:ee:01"
Key fields:
| Field | Description |
|---|---|
spec.bmc.address | BMC endpoint URL. The scheme (redfish://, ipmi://, etc.) selects the driver. |
spec.bmc.credentialsName | Name of the Secret containing username and password keys. Must be in the same namespace. |
spec.bmc.disableCertificateVerification | Set to true for BMCs with self-signed certificates. |
spec.bootMACAddress | MAC address of the NIC used for PXE boot. |
metadata.labels | Used by node type selectors to match servers to node types. |
Bulk registration
Add multiple servers at once by applying BareMetalHost and Secret resources together:
---
apiVersion: v1
kind: Secret
metadata:
name: server-01-bmc
namespace: metal3-system
type: Opaque
stringData:
username: admin
password: <BMC-PASSWORD>
---
apiVersion: metal3.io/v1alpha1
kind: BareMetalHost
metadata:
name: server-01
namespace: metal3-system
labels:
role: compute
rack: rack-a
spec:
bmc:
address: redfish://192.168.1.100
credentialsName: server-01-bmc
bootMACAddress: "aa:bb:cc:dd:ee:01"
---
apiVersion: v1
kind: Secret
metadata:
name: server-02-bmc
namespace: metal3-system
type: Opaque
stringData:
username: admin
password: <BMC-PASSWORD>
---
apiVersion: metal3.io/v1alpha1
kind: BareMetalHost
metadata:
name: server-02
namespace: metal3-system
labels:
role: compute
rack: rack-b
spec:
bmc:
address: ipmi://192.168.1.101:623
credentialsName: server-02-bmc
bootMACAddress: "aa:bb:cc:dd:ee:02"
kubectl apply -f servers.yaml
Server lifecycle
BareMetalHost resources go through the following states:
| State | Description |
|---|---|
registering | The server is being registered in the Ironic database and BMC credentials are verified. |
inspecting | Hardware inventory is actively being collected — CPU, RAM, NICs, disks, firmware, and PCIe devices (such as GPUs). |
available | Server is ready to be provisioned. |
provisioning | OS image is being written and cloud-init is being configured. |
provisioned | Server is running with the configured OS. |
deprovisioning | Server is being cleaned and returned to available state. |
error | An error occurred. Check the BareMetalHost status for details. |
When a Machine claims a server, it moves from available through provisioning to provisioned. When the claim is removed, the server is deprovisioned and returned to available.
DHCP and PXE boot
When the Metal3 node provider deploys a DHCP server, it automatically handles the PXE boot flow. The DHCP server acts as a proxy between the bare metal servers and Ironic, which may reside in a different network. It forwards the API communication needed for PXE boot and OS installation.
No manual DHCP or PXE configuration is required when using the provider-managed DHCP server.