openshift/openshift-docs
1
0
Fork 0
mirror of https://github.com/openshift/openshift-docs.git synced 2026-02-05 12:46:18 +01:00
Code Issues Releases Activity
Files
enterprise-4.21
openshift-docs/modules/installation-bare-metal-config-yaml.adoc
dfitzmau fe6af57511 OSDOCS-17013-bm-upi-5: CQAs bare metal UPI doc
2026-01-15 16:38:46 +00:00

347 lines
15 KiB
Plaintext
Raw Permalink Blame History

// Module included in the following assemblies:
//
// * installing/installing_bare_metal/upi/installing-bare-metal-network-customizations.adoc
// * installing/installing_bare_metal/upi/installing-bare-metal.adoc
// * installing/installing_bare_metal/upi/installing-restricted-networks-bare-metal.adoc
// * installing/installing_ibm_z/installing-ibm-z.adoc
// * installing/installing_ibm_z/installing-ibm-z-kvm.adoc
// * installing/installing_ibm_z/installing-ibm-z-lpar.adoc
// * installing/installing_ibm_power/installing-ibm-power.adoc
// * installing/installing_ibm_power/installing-restricted-networks-ibm-power.adoc
// * installing/installing_ibm_z/installing-restricted-networks-ibm-z.adoc
// * installing/installing_ibm_z/installing-restricted-networks-ibm-z-kvm.adoc
// * installing/installing_ibm_z/installing-restricted-networks-ibm-z-lpar.adoc
// * installing/installing_platform_agnostic/installing-platform-agnostic.adoc
ifeval::["{context}" == "installing-restricted-networks-bare-metal"]
:restricted:
endif::[]
ifeval::["{context}" == "installing-ibm-z"]
:ibm-z:
endif::[]
ifeval::["{context}" == "installing-ibm-z-kvm"]
:ibm-z-kvm:
endif::[]
ifeval::["{context}" == "installing-ibm-z-lpar"]
:ibm-z:
endif::[]
ifeval::["{context}" == "installing-restricted-networks-ibm-z"]
:ibm-z:
:restricted:
endif::[]
ifeval::["{context}" == "installing-restricted-networks-ibm-z-kvm"]
:ibm-z-kvm:
:restricted:
endif::[]
ifeval::["{context}" == "installing-restricted-networks-ibm-z-lpar"]
:ibm-z:
:restricted:
endif::[]
ifeval::["{context}" == "installing-ibm-power"]
:ibm-power:
endif::[]
ifeval::["{context}" == "installing-restricted-networks-ibm-power"]
:ibm-power:
:restricted:
endif::[]
ifeval::["{context}" == "installing-platform-agnostic"]
:agnostic:
endif::[]
:_mod-docs-content-type: CONCEPT
[id="installation-bare-metal-config-yaml_{context}"]
ifndef::ibm-z,ibm-z-kvm,ibm-power,agnostic[]
= Sample install-config.yaml file for bare metal
endif::ibm-z,ibm-z-kvm,ibm-power,agnostic[]
ifdef::ibm-z,ibm-z-kvm[]
= Sample install-config.yaml file for {ibm-z-title}
endif::ibm-z,ibm-z-kvm[]
ifdef::ibm-power[]
= Sample install-config.yaml file for {ibm-power-title}
endif::ibm-power[]
ifdef::agnostic[]
= Sample install-config.yaml file for other platforms
endif::agnostic[]
[role="_abstract"]
You can customize the `install-config.yaml` file to specify more details about your {product-title} cluster platform or modify the values of the required parameters.
[source,yaml,subs="attributes+"]
----
apiVersion: v1
baseDomain: example.com
compute:
- hyperthreading: Enabled
name: worker
replicas: 0
ifdef::ibm-z,ibm-z-kvm[]
architecture: s390x
endif::ibm-z,ibm-z-kvm[]
ifdef::ibm-power[]
architecture: ppc64le
endif::ibm-power[]
controlPlane:
hyperthreading: Enabled
name: master
replicas: 3
ifdef::ibm-z,ibm-z-kvm[]
architecture: s390x
endif::ibm-z,ibm-z-kvm[]
ifdef::ibm-power[]
architecture: ppc64le
endif::ibm-power[]
metadata:
name: test
networking:
clusterNetwork:
- cidr: 10.128.0.0/14
hostPrefix: 23
networkType: OVNKubernetes
serviceNetwork:
- 172.30.0.0/16
platform:
none: {}
ifndef::openshift-origin[]
fips: false
endif::openshift-origin[]
ifndef::restricted[]
ifndef::openshift-origin[]
pullSecret: '{"auths": ...}'
endif::openshift-origin[]
ifdef::openshift-origin[]
pullSecret: '{"auths": ...}'
endif::openshift-origin[]
ifndef::openshift-origin[]
sshKey: 'ssh-ed25519 AAAA...'
endif::openshift-origin[]
ifdef::openshift-origin[]
sshKey: 'ssh-ed25519 AAAA...'
endif::openshift-origin[]
endif::restricted[]
ifdef::restricted[]
ifndef::openshift-origin[]
pullSecret: '{"auths":{"<local_registry>": {"auth": "<credentials>","email": "you@example.com"}}}'
endif::openshift-origin[]
ifdef::openshift-origin[]
pullSecret: '{"auths":{"<local_registry>": {"auth": "<credentials>","email": "you@example.com"}}}'
endif::openshift-origin[]
ifndef::openshift-origin[]
sshKey: 'ssh-ed25519 AAAA...'
endif::openshift-origin[]
ifdef::openshift-origin[]
sshKey: 'ssh-ed25519 AAAA...'
endif::openshift-origin[]
endif::restricted[]
ifdef::restricted[]
ifndef::openshift-origin[]
additionalTrustBundle: |
-----BEGIN CERTIFICATE-----
ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ
-----END CERTIFICATE-----
imageContentSources:
- mirrors:
ifdef::ibm-z,ibm-z-kvm[]
- <local_repository>/ocp4/openshift4
source: quay.io/openshift-release-dev/ocp-release
- mirrors:
- <local_repository>/ocp4/openshift4
source: quay.io/openshift-release-dev/ocp-v4.0-art-dev
endif::ibm-z,ibm-z-kvm[]
ifndef::ibm-z,ibm-z-kvm[]
- <local_registry>/<local_repository_name>/release
source: quay.io/openshift-release-dev/ocp-release
- mirrors:
- <local_registry>/<local_repository_name>/release
source: quay.io/openshift-release-dev/ocp-v4.0-art-dev
endif::ibm-z,ibm-z-kvm[]
endif::openshift-origin[]
ifdef::openshift-origin[]
additionalTrustBundle: |
-----BEGIN CERTIFICATE-----
ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ
-----END CERTIFICATE-----
imageContentSources:
- mirrors:
ifdef::ibm-z,ibm-z-kvm[]
- <local_repository>/ocp4/openshift4
source: quay.io/openshift-release-dev/ocp-release
- mirrors:
- <local_repository>/ocp4/openshift4
source: quay.io/openshift-release-dev/ocp-v4.0-art-dev
endif::ibm-z,ibm-z-kvm[]
ifndef::ibm-z,ibm-z-kvm[]
- <local_registry>/<local_repository_name>/release
source: quay.io/openshift-release-dev/ocp-release
- mirrors:
- <local_registry>/<local_repository_name>/release
source: quay.io/openshift-release-dev/ocp-v4.0-art-dev
endif::ibm-z,ibm-z-kvm[]
endif::openshift-origin[]
endif::restricted[]
----
where:
`baseDomain`:: Specifies the base domain of the cluster. All DNS records must be sub-domains of this base and include the cluster name.
`compute`:: Specifies the `compute` node configurations, which is a sequence of mappings. To meet the requirements of the different data structures, the first line of the `compute` section must begin with a hyphen, `-`.
`controlPlane`:: Specifies the `controlPlane` node configurations, which is a single mapping. To meet the requirements of the different data structures, the first line of the `controlPlane` section must not. Only one control plane pool is used.
ifndef::ibm-power[]
`hyperthreading`:: Specifies whether to enable or disable simultaneous multithreading (SMT), or hyperthreading. By default, SMT is enabled to increase the performance of the cores in your machines. You can disable it by setting the parameter value to `Disabled`. If you disable SMT, you must disable it in all cluster machines; this includes both control plane and compute machines.
endif::ibm-power[]
ifdef::ibm-power[]
`hyperthreading`:: Specifies simultaneous multithreading (SMT), which you configure as a post-installation task.
endif::ibm-power[]
ifndef::ibm-z,ibm-z-kvm,ibm-power[]
[NOTE]
====
Simultaneous multithreading (SMT) is enabled by default. If SMT is not enabled in your BIOS settings, the `hyperthreading` parameter has no effect.
====
[IMPORTANT]
====
If you disable `hyperthreading`, whether in the BIOS or in the `install-config.yaml` file, ensure that your capacity planning accounts for the dramatically decreased machine performance.
====
endif::ibm-z,ibm-z-kvm,ibm-power[]
ifdef::ibm-z,ibm-z-kvm[]
[NOTE]
====
Simultaneous multithreading (SMT) is enabled by default. If SMT is not available on your {product-title} nodes, the `hyperthreading` parameter has no effect.
====
[IMPORTANT]
====
If you disable `hyperthreading`, whether on your {product-title} nodes or in the `install-config.yaml` file, ensure that your capacity planning accounts for the dramatically decreased machine performance.
====
endif::ibm-z,ibm-z-kvm[]
`compute.replicas`:: Specifies the number of compute machines that the cluster creates and manages for you on installer-provisioned installations. You must set this value to `0` when you install {product-title} on user-provisioned infrastructure. Additionally for user-provisioned installations, you must manually deploy the compute machines before you finish installing the cluster.
[NOTE]
====
If you are installing a three-node cluster, do not deploy any compute machines when you install the {op-system-first} machines.
====
`controlPlane.replicas`:: Specifies the number of control plane machines that you add to the cluster. Because the cluster uses these values as the number of etcd endpoints in the cluster, the value must match the number of control plane machines that you deploy.
`metadata.name`:: Specifies the cluster name that you specified in your DNS records.
`clusterNetwork.cidr`:: Specifies a block of IP addresses from which pod IP addresses are allocated. This block must not overlap with existing physical networks. These IP addresses are used for the pod network. If you need to access the pods from an external network, you must configure load balancers and routers to manage the traffic.
[NOTE]
====
Class E CIDR range is reserved for a future use. To use the Class E CIDR range, you must ensure your networking environment accepts the IP addresses within the Class E CIDR range.
====
`cidr.hostPrefix`:: Specifies the subnet prefix length to assign to each individual node. For example, if `hostPrefix` is set to `23`, then each node is assigned a `/23` subnet out of the given `cidr`, which allows for 510 (2^(32 - 23) - 2) pod IP addresses. If you are required to provide access to nodes from an external network, configure load balancers and routers to manage the traffic.
`networkType`:: Specifies the cluster network plugin to install. The default value `OVNKubernetes` is the only supported value.
`serviceNetwork`:: Specifies the IP address pool to use for service IP addresses. You can enter only one IP address pool. This block must not overlap with existing physical networks. If you need to access the services from an external network, configure load balancers and routers to manage the traffic.
`platform`:: Specifies the platform. You must set the platform to `none`. You cannot provide additional platform configuration variables for
ifndef::ibm-z,ibm-z-kvm,ibm-power[your platform.]
ifdef::ibm-z,ibm-z-kvm[{ibm-z-name} infrastructure.]
ifdef::ibm-power[{ibm-power-name} infrastructure.]
[IMPORTANT]
====
Clusters that are installed with the platform type `none` are unable to use some features, such as managing compute machines with the Machine API. This limitation applies even if the compute machines that are attached to the cluster are installed on a platform that would normally support the feature. This parameter cannot be changed after installation.
====
ifndef::openshift-origin[]
`fips`:: Specifies either enabling or disabling FIPS mode. By default, FIPS mode is not enabled. If FIPS mode is enabled, the {op-system-first} machines that {product-title} runs on bypass the default Kubernetes cryptography suite and use the cryptography modules that are provided with {op-system} instead.
--
include::snippets/fips-snippet.adoc[]
--
endif::openshift-origin[]
ifndef::restricted[]
ifndef::openshift-origin[]
`pullSecret`:: Specifies the {cluster-manager-url-pull}. This pull secret allows you to authenticate with the services that are provided by the included authorities, including Quay.io, which serves the container images for {product-title} components.
endif::openshift-origin[]
ifdef::openshift-origin[]
`pullSecret`:: Specifies the {cluster-manager-url-pull}. This pull secret allows you to authenticate with the services that are provided by the included authorities, including Quay.io, which serves the container images for {product-title} components.
endif::openshift-origin[]
endif::restricted[]
ifdef::restricted[]
ifndef::openshift-origin[]
`pullSecret`:: Specifies the registry domain name for `<local_registry>`, and optionally the port, that your mirror registry uses to serve content. For example, `registry.example.com` or `registry.example.com:5000`. For `<credentials>`, specify the base64-encoded user name and password for your mirror registry.
endif::openshift-origin[]
ifdef::openshift-origin[]
`pullSecret`:: Specifies the registry domain name for `<local_registry>`, and optionally the port, that your mirror registry uses to serve content. For example, `registry.example.com` or `registry.example.com:5000`. For `<credentials>`, specify the base64-encoded user name and password for your mirror registry.
endif::openshift-origin[]
endif::restricted[]
ifndef::openshift-origin[]
`sshKey`:: Specifies the SSH public key for the `core` user in {op-system-first}.
endif::openshift-origin[]
ifdef::openshift-origin[]
`sshKey`:: Specifies the SSH public key for the `core` user in {op-system-first}.
endif::openshift-origin[]
[NOTE]
====
For production {product-title} clusters on which you want to perform installation debugging or disaster recovery, specify an SSH key that your `ssh-agent` process uses.
====
ifdef::restricted[]
ifndef::ibm-z,ibm-z-kvm[]
ifndef::openshift-origin[]
`additionalTrustBundle`:: Specifies the contents of the certificate file that you used for your mirror registry.
endif::openshift-origin[]
ifdef::openshift-origin[]
`additionalTrustBundle`:: Specifies the contents of the certificate file that you used for your mirror registry.
endif::openshift-origin[]
endif::ibm-z,ibm-z-kvm[]
ifdef::ibm-z,ibm-z-kvm[]
`additionalTrustBundle`:: Specifies the `additionalTrustBundle` parameter and value. The value must be the contents of the certificate file that you used for your mirror registry. The certificate file can be an existing, trusted certificate authority or the self-signed certificate that you generated for the mirror registry.
endif::ibm-z,ibm-z-kvm[]
ifndef::openshift-origin[]
`imageContentSources`:: Specifies the `imageContentSources` section according to the output of the command that you used to mirror the repository.
[IMPORTANT]
====
* When using the `oc adm release mirror` command, use the output from the `imageContentSources` section.
* When using `oc mirror` command, use the `repositoryDigestMirrors` section of the `ImageContentSourcePolicy` file that results from running the command.
* `ImageContentSourcePolicy` is deprecated. For more information see _Configuring image registry repository mirroring_.
====
endif::openshift-origin[]
ifdef::openshift-origin[]
`imageContentSources`:: Specifies the `imageContentSources` section from the output of the command to mirror the repository.
endif::openshift-origin[]
endif::restricted[]
ifeval::["{context}" == "installing-restricted-networks-bare-metal"]
:!restricted:
endif::[]
ifdef::openshift-origin[]
:!restricted:
endif::[]
ifeval::["{context}" == "installing-ibm-z"]
:!ibm-z:
endif::[]
ifeval::["{context}" == "installing-ibm-z-kvm"]
:!ibm-z-kvm:
endif::[]
ifeval::["{context}" == "installing-ibm-z-lpar"]
:!ibm-z:
endif::[]
ifeval::["{context}" == "installing-restricted-networks-ibm-z"]
:!ibm-z:
:!restricted:
endif::[]
ifeval::["{context}" == "installing-restricted-networks-ibm-z-kvm"]
:!ibm-z-kvm:
:!restricted:
endif::[]
ifeval::["{context}" == "installing-restricted-networks-ibm-z-lpar"]
:!ibm-z:
:!restricted:
endif::[]
ifeval::["{context}" == "installing-ibm-power"]
:!ibm-power:
endif::[]
ifeval::["{context}" == "installing-restricted-networks-ibm-power"]
:!ibm-power:
endif::[]
ifeval::["{context}" == "installing-platform-agnostic"]
:!agnostic:
endif::[]
View Git Blame Copy Permalink