:_mod-docs-content-type: ASSEMBLY
include::_attributes/common-attributes.adoc[]
[id="installing-gcp-customizations"]
= Installing a cluster on {gcp-short} with customizations
:context: installing-gcp-customizations
:platform: {gcp-short}

toc::[]

In {product-title} version {product-version}, you can install a cluster on {gcp-first} by using installer-provisioned infrastructure with customizations, including network configuration options. In each, you modify parameters in the `install-config.yaml` file before you install the cluster.

By customizing your network configuration, your cluster can coexist with existing IP address allocations in your environment and integrate with existing MTU and VXLAN configurations.

You must set most of the network configuration parameters during installation, and you can modify only `kubeProxy` configuration parameters in a running cluster.

== Prerequisites

* You reviewed details about the xref:../../architecture/architecture-installation.adoc#architecture-installation[{product-title} installation and update] processes.
* You read the documentation on xref:../../installing/overview/installing-preparing.adoc#installing-preparing[selecting a cluster installation method and preparing it for users].
* You xref:../../installing/installing_gcp/installing-gcp-account.adoc#installing-gcp-account[configured a {gcp-short} project] to host the cluster.
* If you use a firewall, you xref:../../installing/install_config/configuring-firewall.adoc#configuring-firewall[configured it to allow the sites] that your cluster requires access to.

include::modules/cluster-entitlements.adoc[leveloffset=+1]

include::modules/ssh-agent-using.adoc[leveloffset=+1]

include::modules/installation-obtaining-installer.adoc[leveloffset=+1]

include::modules/installation-initializing.adoc[leveloffset=+1]

[role="_additional-resources"]
.Additional resources
* xref:../../installing/installing_gcp/installation-config-parameters-gcp.adoc#installation-config-parameters-gcp[Installation configuration parameters for {gcp-first}]

include::modules/installation-minimum-resource-requirements.adoc[leveloffset=+2]

[role="_additional-resources"]
.Additional resources

* xref:../../scalability_and_performance/optimization/optimizing-storage.adoc#optimizing-storage[Optimizing storage]

include::modules/installation-gcp-tested-machine-types.adoc[leveloffset=+2]

include::modules/installation-gcp-tested-machine-types-arm.adoc[leveloffset=+2]

include::modules/installation-using-gcp-custom-machine-types.adoc[leveloffset=+2]

include::modules/installation-gcp-enabling-shielded-vms.adoc[leveloffset=+2]

include::modules/installation-gcp-enabling-confidential-vms.adoc[leveloffset=+2]

[role="_additional-resources"]
.Additional resources
* xref:../../installing/installing_gcp/installation-config-parameters-gcp.adoc#installation-configuration-parameters-additional-gcp_installation-config-parameters-gcp[Additional {gcp-first} configuration parameters]

include::modules/installation-gcp-managing-dns-solution.adoc[leveloffset=+2]

[role="_additional-resources"]
.Additional resources
* xref:../../installing/installing_gcp/installation-config-parameters-gcp.adoc#installation-configuration-parameters-additional-gcp_installation-config-parameters-gcp[Additional {gcp-first} configuration parameters]

include::modules/installation-gcp-config-yaml.adoc[leveloffset=+2]

[role="_additional-resources"]
.Additional resources

* xref:../../machine_management/creating_machinesets/creating-machineset-gcp.adoc#machineset-enabling-customer-managed-encryption_creating-machineset-gcp[Enabling customer-managed encryption keys for a compute machine set]

include::modules/installation-configure-proxy.adoc[leveloffset=+2]

include::modules/installing-gcp-user-defined-labels-and-tags.adoc[leveloffset=+1]

// Criteria for user-defined labels and tags
include::modules/installing-gcp-cluster-label-tag-reference.adoc[leveloffset=+2]

//Configuring user-defined labels and tags for GCP
include::modules/installing-gcp-cluster-creation.adoc[leveloffset=+2]

//Querying user-defined labels and tags for GCP
include::modules/installing-gcp-querying-labels-tags-gcp.adoc[leveloffset=+2]

// Installing the OpenShift CLI on Linux
include::modules/cli-installing-cli-linux.adoc[leveloffset=+1]

// Installing the OpenShift CLI on Windows
include::modules/cli-installing-cli-windows.adoc[leveloffset=+1]

// Installing the OpenShift CLI on macOS
include::modules/cli-installing-cli-macos.adoc[leveloffset=+1]

[id="installing-gcp-manual-modes_{context}"]
== Alternatives to storing administrator-level secrets in the kube-system project

By default, administrator secrets are stored in the `kube-system` project. If you configured the `credentialsMode` parameter in the `install-config.yaml` file to `Manual`, you must use one of the following alternatives:

* To manage long-term cloud credentials manually, follow the procedure in xref:../../installing/installing_gcp/installing-gcp-customizations.adoc#manually-create-iam_installing-gcp-customizations[Manually creating long-term credentials].

* To implement short-term credentials that are managed outside the cluster for individual components, follow the procedures in xref:../../installing/installing_gcp/installing-gcp-customizations.adoc#installing-gcp-with-short-term-creds_installing-gcp-customizations[Configuring a {gcp-short} cluster to use short-term credentials].

//Manually creating long-term credentials
include::modules/manually-create-identity-access-management.adoc[leveloffset=+2]

//Supertask: Configuring a GCP cluster to use short-term credentials
[id="installing-gcp-with-short-term-creds_{context}"]
=== Configuring a {gcp-short} cluster to use short-term credentials

To install a cluster that is configured to use {gcp-short} Workload Identity, you must configure the Cloud Credential Operator (CCO) utility and create the required {gcp-short} resources for your cluster. Cluster Operators use the credentials created by the CCO. The installation program does not use these credentials.

//Task part 1: Configuring the Cloud Credential Operator utility
include::modules/cco-ccoctl-configuring.adoc[leveloffset=+3]

//Task part 2: Creating the required GCP resources
include::modules/cco-ccoctl-creating-at-once.adoc[leveloffset=+3]

//Task part 3: Incorporating the Cloud Credential Operator utility manifests
include::modules/cco-ccoctl-install-creating-manifests.adoc[leveloffset=+3]

include::modules/installation-gcp-marketplace.adoc[leveloffset=+1]

// Network Operator specific configuration
include::modules/nw-network-config.adoc[leveloffset=+1]

include::modules/nw-modifying-operator-install-config.adoc[leveloffset=+1]

include::modules/nw-operator-cr.adoc[leveloffset=+1]

include::modules/installation-launching-installer.adoc[leveloffset=+1]

include::modules/installation-gcp-provisioning-dns-records.adoc[leveloffset=+1]

[role="_additional-resources"]
.Additional resources
* xref:../../installing/installing_gcp/installation-config-parameters-gcp.adoc#installation-configuration-parameters-additional-gcp_installation-config-parameters-gcp[Additional {gcp-first} configuration parameters]

include::modules/cli-logging-in-kubeadmin.adoc[leveloffset=+1]

[role="_additional-resources"]
.Additional resources

* See xref:../../web_console/web-console.adoc#web-console[Accessing the web console] for more details about accessing and understanding the {product-title} web console.

include::modules/cluster-telemetry.adoc[leveloffset=+1]

[role="_additional-resources"]
.Additional resources

* See xref:../../support/remote_health_monitoring/about-remote-health-monitoring.adoc#about-remote-health-monitoring[About remote health monitoring] for more information about the Telemetry service

== Next steps

* xref:../../post_installation_configuration/cluster-tasks.adoc#available_cluster_customizations[Customize your cluster].
* If necessary, you can
xref:../../support/remote_health_monitoring/remote-health-reporting.adoc#remote-health-reporting[Remote health reporting].