Chapter 10. Provisioning Virtual Machines with Container-native Virtualization

Container-native Virtualization addresses the needs of development teams that have adopted or want to adopt Kubernetes but possess existing virtual machine (VM)-based workloads that cannot be easily containerized. This technology provides a unified development platform where developers can build, modify, and deploy applications residing in application containers and VMs in a shared environment. These capabilities support rapid application modernization across the open hybrid cloud.

With Red Hat Satellite 6, you can create a compute resource for Container-native Virtualization so that you can provision and manage Kubernetes virtual machines using Satellite.

Note that template provisioning is not supported for this release.


The Container-native Virtualization compute resource is a Technology Preview feature only. Technology Preview features are not supported with Red Hat production service level agreements (SLAs) and might not be functionally complete. Red Hat does not recommend using them in production. These features provide early access to upcoming product features, enabling customers to test functionality and provide feedback during the development process. For more information about the support scope of Red Hat Technology Preview features, see

10.1. Prerequisites for Container-native Virtualization Provisioning

  • A Container-native Virtualization user that has the cluster-admin permissions for the Openshift Container Platform virtual cluster. For more information, see Using RBAC to Define and Apply Permissions in the Authentication guide of the Openshift Container Platform documentation.
  • A Capsule Server managing a network on the Container-native Virtualization server. Ensure that no other DHCP services run on this network to avoid conflicts with Capsule Server. For more information about network service configuration for Capsule Servers, see Chapter 4, Configuring Networking.
  • Synchronized content repositories for the version of Red Hat Enterprise Linux that you want to provision. For more information, see Synchronizing Red Hat Repositories in the Content Management Guide.
  • An activation key for host registration. For more information, see Creating An Activation Key in the Content Management guide.

Enabling the Container-native Virtualization plugin for Satellite

To enable the Container-native Virtualization plugin for Satellite, you must run the satellite-installer command with the following option:

# satellite-installer --enable-foreman-plugin-kubevirt

User Roles and Permissions to Provision using Container-native Virtualization

To provision a Container-native Virtualization virtual machine in Satellite, you must have a user account with the following roles:

  • Edit hosts
  • View hosts

For more information, see Assigning Roles to a User in the Administering Red Hat Satellite guide.

You must also create a custom role with the following permissions:

  • view_compute_resources
  • destroy_compute_resources_vms
  • power_compute_resources_vms
  • create_compute_resources_vms
  • view_compute_resources_vms
  • view_locations
  • view_subnets

Bearer token authentication

Before you can create a Container-native Virtualization compute resource, you must generate a bearer token to use for HTTP and HTTPs authentication.

  1. On your Container-native Virtualization server, to list the secrets that contain tokens, enter the following command:

    # kubectl get secrets
  2. To list the token for your secret, enter the following command:

    # kubectl get secrets YOUR_SECRET -o jsonpath='{.data.token}' | base64 -d | xargs

10.2. Adding a Container-native Virtualization Connection to Satellite Server

Use this procedure to add a Container-native Virtualization connection to Satellite Server’s compute resources.


To add a Container-native Virtualization connection to Satellite, complete the following steps:

  1. In the Satellite web UI, navigate to Infrastructure > Compute Resources, and click Create Compute Resource.
  2. In the Name field, enter a name for the new compute resource.
  3. From the Provider list, select Container-native Virtualization.
  4. In the Description field, enter a description for the compute resource.
  5. In the Hostname field, enter the address of the Container-native Virtualization server that you want to use.
  6. In the API Port field, enter the port number that you want to use for provisioning requests from Satellite to Container-native Virtualization.
  7. In the Namespace field, enter the user name of the Container-native Virtualization virtual cluster that you want to use.
  8. In the Token field, enter a bearer token for HTTP and HTTPs authentication.
  9. Optional: In the X509 Certification Authorities field, enter a certifcate to enable client certificate authentication for API server calls.