diff --git a/modules/installation-azure-config-yaml.adoc b/modules/installation-azure-config-yaml.adoc index 205a7a4b80..1bcc40748d 100644 --- a/modules/installation-azure-config-yaml.adoc +++ b/modules/installation-azure-config-yaml.adoc @@ -54,6 +54,11 @@ controlPlane: <2> resourceGroup: disk_encryption_set_resource_group name: disk_encryption_set_name subscriptionId: secondary_subscription_id + osImage: + publisher: example_publisher_name + offer: example_image_offer + sku: example_offer_sku + version: example_image_version type: Standard_D8s_v3 replicas: 3 compute: <2> @@ -71,6 +76,11 @@ compute: <2> resourceGroup: disk_encryption_set_resource_group name: disk_encryption_set_name subscriptionId: secondary_subscription_id + osImage: + publisher: example_publisher_name + offer: example_image_offer + sku: example_offer_sku + version: example_image_version zones: <6> - "1" - "2" @@ -95,108 +105,113 @@ endif::[] platform: azure: defaultMachinePlatform: + osImage: <8> + publisher: example_publisher_name + offer: example_image_offer + sku: example_offer_sku + version: example_image_version ultraSSDCapability: Enabled - baseDomainResourceGroupName: resource_group <8> + baseDomainResourceGroupName: resource_group <9> ifndef::gov[] region: centralus <1> endif::gov[] ifdef::gov[] region: usgovvirginia endif::gov[] - resourceGroupName: existing_resource_group <9> + resourceGroupName: existing_resource_group <10> ifdef::vnet,private,gov,restricted[] - networkResourceGroupName: vnet_resource_group <10> - virtualNetwork: vnet <11> - controlPlaneSubnet: control_plane_subnet <12> - computeSubnet: compute_subnet <13> + networkResourceGroupName: vnet_resource_group <11> + virtualNetwork: vnet <12> + controlPlaneSubnet: control_plane_subnet <13> + computeSubnet: compute_subnet <14> endif::vnet,private,gov,restricted[] ifndef::private,gov,restricted[] outboundType: Loadbalancer endif::private,gov,restricted[] ifdef::private,gov[] - outboundType: UserDefinedRouting <14> + outboundType: UserDefinedRouting <15> endif::private,gov[] ifdef::restricted[] - outboundType: UserDefinedRouting <14> + outboundType: UserDefinedRouting <15> endif::restricted[] ifndef::gov[] cloudName: AzurePublicCloud endif::gov[] ifdef::gov[] - cloudName: AzureUSGovernmentCloud <15> + cloudName: AzureUSGovernmentCloud <16> endif::gov[] pullSecret: '{"auths": ...}' <1> ifdef::vnet[] ifndef::openshift-origin[] -fips: false <14> -sshKey: ssh-ed25519 AAAA... <15> -endif::openshift-origin[] -ifdef::openshift-origin[] -sshKey: ssh-ed25519 AAAA... <14> -endif::openshift-origin[] -endif::vnet[] -ifdef::private[] -ifndef::openshift-origin[] fips: false <15> sshKey: ssh-ed25519 AAAA... <16> endif::openshift-origin[] ifdef::openshift-origin[] sshKey: ssh-ed25519 AAAA... <15> endif::openshift-origin[] -endif::private[] -ifdef::gov[] +endif::vnet[] +ifdef::private[] ifndef::openshift-origin[] fips: false <16> -endif::openshift-origin[] -ifndef::openshift-origin[] sshKey: ssh-ed25519 AAAA... <17> endif::openshift-origin[] ifdef::openshift-origin[] sshKey: ssh-ed25519 AAAA... <16> endif::openshift-origin[] +endif::private[] +ifdef::gov[] +ifndef::openshift-origin[] +fips: false <17> +endif::openshift-origin[] +ifndef::openshift-origin[] +sshKey: ssh-ed25519 AAAA... <18> +endif::openshift-origin[] +ifdef::openshift-origin[] +sshKey: ssh-ed25519 AAAA... <17> +endif::openshift-origin[] endif::gov[] ifdef::restricted[] -fips: false <15> -sshKey: ssh-ed25519 AAAA... <16> -additionalTrustBundle: | <17> +fips: false <16> +sshKey: ssh-ed25519 AAAA... <17> +additionalTrustBundle: | <18> -----BEGIN CERTIFICATE----- -----END CERTIFICATE----- -imageContentSources: <18> +imageContentSources: <19> - mirrors: - //release source: quay.io/openshift-release-dev/ocp-release - mirrors: - //release source: quay.io/openshift-release-dev/ocp-v4.0-art-dev -publish: Internal <19> +publish: Internal <20> endif::restricted[] ifndef::vnet,private,gov[] ifndef::openshift-origin[] ifndef::restricted[] -fips: false <10> -sshKey: ssh-ed25519 AAAA... <11> +fips: false <11> +sshKey: ssh-ed25519 AAAA... <12> endif::restricted[] endif::openshift-origin[] ifdef::openshift-origin[] -sshKey: ssh-ed25519 AAAA... <10> +sshKey: ssh-ed25519 AAAA... <11> endif::openshift-origin[] endif::vnet,private,gov[] ifdef::private[] ifndef::openshift-origin[] -publish: Internal <17> -endif::openshift-origin[] -ifdef::openshift-origin[] -publish: Internal <16> -endif::openshift-origin[] -endif::private[] -ifdef::gov[] -ifndef::openshift-origin[] publish: Internal <18> endif::openshift-origin[] ifdef::openshift-origin[] publish: Internal <17> endif::openshift-origin[] +endif::private[] +ifdef::gov[] +ifndef::openshift-origin[] +publish: Internal <19> +endif::openshift-origin[] +ifdef::openshift-origin[] +publish: Internal <18> +endif::openshift-origin[] endif::gov[] ---- ifndef::gov[] @@ -218,46 +233,33 @@ If you disable simultaneous multithreading, ensure that your capacity planning a //storage type as `io1` and set `iops` to `2000`. <6> Specify a list of zones to deploy your machines to. For high availability, specify at least two zones. <7> The cluster network plugin to install. The supported values are `OVNKubernetes` and `OpenShiftSDN`. The default value is `OVNKubernetes`. -<8> Specify the name of the resource group that contains the DNS zone for your base domain. -<9> Specify the name of an already existing resource group to install your cluster to. If undefined, a new resource group is created for the cluster. +<8> Optional: A custom {op-system-first} image that should be used to boot control plane and compute machines. The `publisher`, `offer`, `sku`, and `version` parameters under `platform.azure.defaultMachinePlatform.osImage` apply to both control plane and compute machines. If the parameters under `controlPlane.platform.azure.osImage` or `compute.platform.azure.osImage` are set, they override the `platform.azure.defaultMachinePlatform.osImage` parameters. +<9> Specify the name of the resource group that contains the DNS zone for your base domain. +<10> Specify the name of an already existing resource group to install your cluster to. If undefined, a new resource group is created for the cluster. ifdef::vnet,private,gov,restricted[] -<10> If you use an existing VNet, specify the name of the resource group that contains it. -<11> If you use an existing VNet, specify its name. -<12> If you use an existing VNet, specify the name of the subnet to host the control plane machines. -<13> If you use an existing VNet, specify the name of the subnet to host the compute machines. +<11> If you use an existing VNet, specify the name of the resource group that contains it. +<12> If you use an existing VNet, specify its name. +<13> If you use an existing VNet, specify the name of the subnet to host the control plane machines. +<14> If you use an existing VNet, specify the name of the subnet to host the compute machines. endif::vnet,private,gov,restricted[] ifdef::private,gov[] -<14> You can customize your own outbound routing. Configuring user-defined routing prevents exposing external endpoints in your cluster. User-defined routing for egress requires deploying your cluster to an existing VNet. +<15> You can customize your own outbound routing. Configuring user-defined routing prevents exposing external endpoints in your cluster. User-defined routing for egress requires deploying your cluster to an existing VNet. endif::private,gov[] ifdef::gov[] -<15> Specify the name of the Azure cloud environment to deploy your cluster to. Set `AzureUSGovernmentCloud` to deploy to a Microsoft Azure Government (MAG) region. The default value is `AzurePublicCloud`. +<16> Specify the name of the Azure cloud environment to deploy your cluster to. Set `AzureUSGovernmentCloud` to deploy to a Microsoft Azure Government (MAG) region. The default value is `AzurePublicCloud`. endif::gov[] ifdef::restricted[] -<14> When using Azure Firewall to restrict Internet access, you must configure outbound routing to send traffic through the Firewall. Configuring user-defined routing prevents exposing external endpoints in your cluster. -<15> Whether to enable or disable FIPS mode. By default, FIPS mode is not enabled. If FIPS mode is enabled, the {op-system-first} machines that {product-title} runs on bypass the default Kubernetes cryptography suite and use the cryptography modules that are provided with {op-system} instead. +<15> When using Azure Firewall to restrict Internet access, you must configure outbound routing to send traffic through the Azure Firewall. Configuring user-defined routing prevents exposing external endpoints in your cluster. +<16> Whether to enable or disable FIPS mode. By default, FIPS mode is not enabled. If FIPS mode is enabled, the {op-system-first} machines that {product-title} runs on bypass the default Kubernetes cryptography suite and use the cryptography modules that are provided with {op-system} instead. + [IMPORTANT] ==== To enable FIPS mode for your cluster, you must run the installation program from a {op-system-base-full} computer configured to operate in FIPS mode. For more information about configuring FIPS mode on RHEL, see link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/assembly_installing-the-system-in-fips-mode_security-hardening[Installing the system in FIPS mode]. The use of FIPS validated or Modules In Process cryptographic libraries is only supported on {product-title} deployments on the `x86_64`, `ppc64le`, and `s390x` architectures. ==== -<16> You can optionally provide the `sshKey` value that you use to access the machines in your cluster. +<17> You can optionally provide the `sshKey` value that you use to access the machines in your cluster. endif::restricted[] ifdef::vnet[] ifndef::openshift-origin[] -<14> Whether to enable or disable FIPS mode. By default, FIPS mode is not enabled. If FIPS mode is enabled, the {op-system-first} machines that {product-title} runs on bypass the default Kubernetes cryptography suite and use the cryptography modules that are provided with {op-system} instead. -+ -[IMPORTANT] -==== -To enable FIPS mode for your cluster, you must run the installation program from a {op-system-base-full} computer configured to operate in FIPS mode. For more information about configuring FIPS mode on RHEL, see link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/assembly_installing-the-system-in-fips-mode_security-hardening[Installing the system in FIPS mode]. When running {op-system-base-full} or {op-system-first} booted in FIPS mode, {product-title} core components use the {op-system-base} cryptographic libraries that have been submitted to NIST for FIPS 140-2/140-3 Validation on only the x86_64, ppc64le, and s390x architectures. -==== -<15> You can optionally provide the `sshKey` value that you use to access the machines in your cluster. -endif::openshift-origin[] -ifdef::openshift-origin[] -<14> You can optionally provide the `sshKey` value that you use to access the machines in your cluster. -endif::openshift-origin[] -endif::vnet[] -ifdef::private[] -ifndef::openshift-origin[] <15> Whether to enable or disable FIPS mode. By default, FIPS mode is not enabled. If FIPS mode is enabled, the {op-system-first} machines that {product-title} runs on bypass the default Kubernetes cryptography suite and use the cryptography modules that are provided with {op-system} instead. + [IMPORTANT] @@ -269,8 +271,8 @@ endif::openshift-origin[] ifdef::openshift-origin[] <15> You can optionally provide the `sshKey` value that you use to access the machines in your cluster. endif::openshift-origin[] -endif::private[] -ifdef::gov[] +endif::vnet[] +ifdef::private[] ifndef::openshift-origin[] <16> Whether to enable or disable FIPS mode. By default, FIPS mode is not enabled. If FIPS mode is enabled, the {op-system-first} machines that {product-title} runs on bypass the default Kubernetes cryptography suite and use the cryptography modules that are provided with {op-system} instead. + @@ -283,19 +285,33 @@ endif::openshift-origin[] ifdef::openshift-origin[] <16> You can optionally provide the `sshKey` value that you use to access the machines in your cluster. endif::openshift-origin[] -endif::gov[] -ifndef::vnet,private,gov,restricted[] +endif::private[] +ifdef::gov[] ifndef::openshift-origin[] -<10> Whether to enable or disable FIPS mode. By default, FIPS mode is not enabled. If FIPS mode is enabled, the {op-system-first} machines that {product-title} runs on bypass the default Kubernetes cryptography suite and use the cryptography modules that are provided with {op-system} instead. +<17> Whether to enable or disable FIPS mode. By default, FIPS mode is not enabled. If FIPS mode is enabled, the {op-system-first} machines that {product-title} runs on bypass the default Kubernetes cryptography suite and use the cryptography modules that are provided with {op-system} instead. + [IMPORTANT] ==== To enable FIPS mode for your cluster, you must run the installation program from a {op-system-base-full} computer configured to operate in FIPS mode. For more information about configuring FIPS mode on RHEL, see link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/assembly_installing-the-system-in-fips-mode_security-hardening[Installing the system in FIPS mode]. When running {op-system-base-full} or {op-system-first} booted in FIPS mode, {product-title} core components use the {op-system-base} cryptographic libraries that have been submitted to NIST for FIPS 140-2/140-3 Validation on only the x86_64, ppc64le, and s390x architectures. ==== -<11> You can optionally provide the `sshKey` value that you use to access the machines in your cluster. +<18> You can optionally provide the `sshKey` value that you use to access the machines in your cluster. endif::openshift-origin[] ifdef::openshift-origin[] -<10> You can optionally provide the `sshKey` value that you use to access the machines in your cluster. +<17> You can optionally provide the `sshKey` value that you use to access the machines in your cluster. +endif::openshift-origin[] +endif::gov[] +ifndef::vnet,private,gov,restricted[] +ifndef::openshift-origin[] +<11> Whether to enable or disable FIPS mode. By default, FIPS mode is not enabled. If FIPS mode is enabled, the {op-system-first} machines that {product-title} runs on bypass the default Kubernetes cryptography suite and use the cryptography modules that are provided with {op-system} instead. ++ +[IMPORTANT] +==== +To enable FIPS mode for your cluster, you must run the installation program from a {op-system-base-full} computer configured to operate in FIPS mode. For more information about configuring FIPS mode on RHEL, see link:https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/assembly_installing-the-system-in-fips-mode_security-hardening[Installing the system in FIPS mode]. When running {op-system-base-full} or {op-system-first} booted in FIPS mode, {product-title} core components use the {op-system-base} cryptographic libraries that have been submitted to NIST for FIPS 140-2/140-3 Validation on only the x86_64, ppc64le, and s390x architectures. +==== +<12> You can optionally provide the `sshKey` value that you use to access the machines in your cluster. +endif::openshift-origin[] +ifdef::openshift-origin[] +<11> You can optionally provide the `sshKey` value that you use to access the machines in your cluster. endif::openshift-origin[] endif::vnet,private,gov,restricted[] + @@ -304,25 +320,25 @@ endif::vnet,private,gov,restricted[] For production {product-title} clusters on which you want to perform installation debugging or disaster recovery, specify an SSH key that your `ssh-agent` process uses. ==== ifdef::restricted[] -<17> Provide the contents of the certificate file that you used for your mirror registry. -<18> Provide the `imageContentSources` section from the output of the command to mirror the repository. -<19> How to publish the user-facing endpoints of your cluster. When using Azure Firewall to restrict Internet access, set `publish` to `Internal` to deploy a private cluster. The user-facing endpoints then cannot be accessed from the internet. The default value is `External`. +<18> Provide the contents of the certificate file that you used for your mirror registry. +<19> Provide the `imageContentSources` section from the output of the command to mirror the repository. +<20> How to publish the user-facing endpoints of your cluster. When using Azure Firewall to restrict Internet access, set `publish` to `Internal` to deploy a private cluster. The user-facing endpoints then cannot be accessed from the internet. The default value is `External`. endif::restricted[] ifdef::private[] ifndef::openshift-origin[] -<17> How to publish the user-facing endpoints of your cluster. Set `publish` to `Internal` to deploy a private cluster, which cannot be accessed from the internet. The default value is `External`. -endif::openshift-origin[] -ifdef::openshift-origin[] -<16> How to publish the user-facing endpoints of your cluster. Set `publish` to `Internal` to deploy a private cluster, which cannot be accessed from the internet. The default value is `External`. -endif::openshift-origin[] -endif::private[] -ifdef::gov[] -ifndef::openshift-origin[] <18> How to publish the user-facing endpoints of your cluster. Set `publish` to `Internal` to deploy a private cluster, which cannot be accessed from the internet. The default value is `External`. endif::openshift-origin[] ifdef::openshift-origin[] <17> How to publish the user-facing endpoints of your cluster. Set `publish` to `Internal` to deploy a private cluster, which cannot be accessed from the internet. The default value is `External`. endif::openshift-origin[] +endif::private[] +ifdef::gov[] +ifndef::openshift-origin[] +<19> How to publish the user-facing endpoints of your cluster. Set `publish` to `Internal` to deploy a private cluster, which cannot be accessed from the internet. The default value is `External`. +endif::openshift-origin[] +ifdef::openshift-origin[] +<18> How to publish the user-facing endpoints of your cluster. Set `publish` to `Internal` to deploy a private cluster, which cannot be accessed from the internet. The default value is `External`. +endif::openshift-origin[] endif::gov[] diff --git a/modules/installation-azure-marketplace-subscribe.adoc b/modules/installation-azure-marketplace-subscribe.adoc index d4663a30fc..0d38dddcad 100644 --- a/modules/installation-azure-marketplace-subscribe.adoc +++ b/modules/installation-azure-marketplace-subscribe.adoc @@ -27,9 +27,11 @@ endif::[] :_content-type: PROCEDURE [id="installation-azure-marketplace-subscribe_{context}"] -= Selecting an Azure Marketplace image += Using the Azure Marketplace offering ifndef::mapi[] -If you are deploying an {product-title} cluster using the Azure Marketplace offering, you must first obtain the Azure Marketplace image. The installation program uses this image to deploy worker nodes. When obtaining your image, consider the following: +Using the Azure Marketplace offering lets you deploy an {product-title} cluster, which is billed on pay-per-use basis (hourly, per core) through Azure, while still being supported directly by Red{nbsp}Hat. + +To deploy an {product-title} cluster using the Azure Marketplace offering, you must first obtain the Azure Marketplace image. The installation program uses this image to deploy worker nodes. When obtaining your image, consider the following: endif::mapi[] ifdef::mapi[] You can create a machine set running on Azure that deploys machines that use the Azure Marketplace offering. To use this offering, you must first obtain the Azure Marketplace image. When obtaining your image, consider the following: @@ -65,9 +67,9 @@ $ az vm image list --all --offer rh-ocp-worker --publisher redhat -o table [source,terminal] ---- Offer Publisher Sku Urn Version -------------- -------------- ------------------ -------------------------------------------------------------- -------------- -rh-ocp-worker RedHat rh-ocp-worker RedHat:rh-ocp-worker:rh-ocpworker:4.8.2021122100 4.8.2021122100 -rh-ocp-worker RedHat rh-ocp-worker-gen1 RedHat:rh-ocp-worker:rh-ocp-worker-gen1:4.8.2021122100 4.8.2021122100 +------------- -------------- ------------------ -------------------------------------------------------------- ----------------- +rh-ocp-worker RedHat rh-ocp-worker RedHat:rh-ocp-worker:rh-ocp-worker:413.92.2023101700 413.92.2023101700 +rh-ocp-worker RedHat rh-ocp-worker-gen1 RedHat:rh-ocp-worker:rh-ocp-worker-gen1:413.92.2023101700 413.92.2023101700 ---- ** EMEA: + @@ -79,16 +81,16 @@ $ az vm image list --all --offer rh-ocp-worker --publisher redhat-limited -o ta .Example output [source,terminal] ---- -Offer Publisher Sku Urn Version -------------- -------------- ------------------ -------------------------------------------------------------- -------------- -rh-ocp-worker redhat-limited rh-ocp-worker redhat-limited:rh-ocp-worker:rh-ocp-worker:4.8.2021122100 4.8.2021122100 -rh-ocp-worker redhat-limited rh-ocp-worker-gen1 redhat-limited:rh-ocp-worker:rh-ocp-worker-gen1:4.8.2021122100 4.8.2021122100 +Offer Publisher Sku Urn Version +------------- -------------- ------------------ -------------------------------------------------------------- ----------------- +rh-ocp-worker redhat-limited rh-ocp-worker redhat-limited:rh-ocp-worker:rh-ocp-worker:413.92.2023101700 413.92.2023101700 +rh-ocp-worker redhat-limited rh-ocp-worker-gen1 redhat-limited:rh-ocp-worker:rh-ocp-worker-gen1:413.92.2023101700 413.92.2023101700 ---- -- + [NOTE] ==== -Regardless of the version of {product-title} that you install, the correct version of the Azure Marketplace image to use is 4.8. If required, your VMs are automatically upgraded as part of the installation process. +Regardless of the version of {product-title} that you install, the correct version of the Azure Marketplace image to use is 4.13. If required, your VMs are automatically upgraded as part of the installation process. ==== . Inspect the image for your offer by running one of the following commands: ** North America: @@ -158,7 +160,7 @@ ifdef::upi[] "offer": "rh-ocp-worker", "publisher": "redhat", "sku": "rh-ocp-worker", - "version": "4.8.2021122100" + "version": "413.92.2023101700" } ... } @@ -188,7 +190,7 @@ compute: publisher: redhat offer: rh-ocp-worker sku: rh-ocp-worker - version: 4.8.2021122100 + version: 413.92.2023101700 replicas: 3 ---- endif::ipi[] @@ -206,7 +208,7 @@ providerSpec: resourceID: "" sku: rh-ocp-worker type: MarketplaceWithPlan - version: 4.8.2021122100 + version: 413.92.2023101700 ---- //offer also has "worker" endif::mapi[] diff --git a/modules/installation-configuration-parameters.adoc b/modules/installation-configuration-parameters.adoc index 14841dcffb..6824942523 100644 --- a/modules/installation-configuration-parameters.adoc +++ b/modules/installation-configuration-parameters.adoc @@ -1036,6 +1036,22 @@ within link:https://azure.microsoft.com/en-us/global-infrastructure/regions[a re |Defines the Azure subscription of the disk encryption set where the disk encryption set resides. This secondary disk encryption set is used to encrypt compute machines. |String, in the format `00000000-0000-0000-0000-000000000000`. +|`compute.platorm.azure.osImage.publisher` +|Optional. By default, the installation program downloads and installs the {op-system-first} image that is used to boot compute machines. You can override the default behavior by using a custom {op-system} image that is available from the Azure Marketplace. The installation program uses this image for compute machines only. +|String. The name of the image publisher. + +|`compute.platorm.azure.osImage.offer` +|The name of Azure Marketplace offer that is associated with the custom {op-system} image. If you use `compute.platorm.azure.osImage.publisher`, this field is required. +|String. The name of the image offer. + +|`compute.platorm.azure.osImage.sku` +|An instance of the Azure Marketplace offer. If you use `compute.platorm.azure.osImage.publisher`, this field is required. +|String. The SKU of the image offer. + +|`compute.platorm.azure.osImage.version` +|The version number of the image SKU. If you use `compute.platorm.azure.osImage.publisher`, this field is required. +|String. The version of the image to use. + |`compute.platform.azure.vmNetworkingType` |Enables accelerated networking. Accelerated networking enables single root I/O virtualization (SR-IOV) to a VM, improving its networking performance. If instance type of compute machines support `Accelerated` networking, by default, the installer enables `Accelerated` networking, otherwise the default networking type is `Basic`. |`Accelerated` or `Basic`. @@ -1152,6 +1168,22 @@ within link:https://azure.microsoft.com/en-us/global-infrastructure/regions[a re |Defines the type of disk. |`premium_LRS` or `standardSSD_LRS`. The default is `premium_LRS`. +|`platform.azure.defaultMachinePlatform.osImage.publisher` +|Optional. By default, the installation program downloads and installs the {op-system-first} image that is used to boot control plane and compute machines. You can override the default behavior by using a custom {op-system} image that is available from the Azure Marketplace. The installation program uses this image for both types of machines. +|String. The name of the image publisher. + +|`platform.azure.defaultMachinePlatform.osImage.offer` +|The name of Azure Marketplace offer that is associated with the custom {op-system} image. If you use `platform.azure.defaultMachinePlatform.osImage.publisher`, this field is required. +|String. The name of the image offer. + +|`platform.azure.defaultMachinePlatform.osImage.sku` +|An instance of the Azure Marketplace offer. If you use `platform.azure.defaultMachinePlatform.osImage.publisher`, this field is required. +|String. The SKU of the image offer. + +|`platform.azure.defaultMachinePlatform.osImage.version` +|The version number of the image SKU. If you use `platform.azure.defaultMachinePlatform.osImage.publisher`, this field is required. +|String. The version of the image to use. + |`platform.azure.defaultMachinePlatform.type` |The Azure instance type for control plane and compute machines. |The Azure instance type. @@ -1184,6 +1216,22 @@ within link:https://azure.microsoft.com/en-us/global-infrastructure/regions[a re |Defines the type of disk. |`premium_LRS` or `standardSSD_LRS`. The default is `premium_LRS`. +|`controlPlane.platorm.azure.osImage.publisher` +|Optional. By default, the installation program downloads and installs the {op-system-first} image that is used to boot control plane machines. You can override the default behavior by using a custom {op-system} image that is available from the Azure Marketplace. The installation program uses this image for control plane machines only. +|String. The name of the image publisher. + +|`controlPlane.platorm.azure.osImage.offer` +|The name of Azure Marketplace offer that is associated with the custom {op-system} image. If you use `controlPlane.platorm.azure.osImage.publisher`, this field is required. +|String. The name of the image offer. + +|`controlPlane.platorm.azure.osImage.sku` +|An instance of the Azure Marketplace offer. If you use `controlPlane.platorm.azure.osImage.publisher`, this field is required. +|String. The SKU of the image offer. + +|`controlPlane.platorm.azure.osImage.version` +|The version number of the image SKU. If you use `controlPlane.platorm.azure.osImage.publisher`, this field is required. +|String. The version of the image to use. + |`controlPlane.platform.azure.ultraSSDCapability` |Enables the use of Azure ultra disks for persistent storage on control plane machines. This requires that your Azure region and zone have ultra disks available. |`Enabled`, `Disabled`. The default is `Disabled`.