mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-05 12:46:18 +01:00
229 lines
10 KiB
Plaintext
229 lines
10 KiB
Plaintext
// Module included in the following assemblies:
|
|
//
|
|
// * installing/installing_vsphere/installing-restricted-networks-vsphere.adoc
|
|
// * installing/installing_vsphere/installing-vsphere-network-customizations.adoc
|
|
// * installing/installing_vsphere/installing-vsphere.adoc
|
|
|
|
ifeval::["{context}" == "installing-restricted-networks-vsphere"]
|
|
:restricted:
|
|
endif::[]
|
|
// Verify the validity of the following ifdef statement in a later Jira
|
|
ifdef::openshift-origin[]
|
|
:restricted:
|
|
endif::[]
|
|
|
|
:_mod-docs-content-type: CONCEPT
|
|
[id="installation-vsphere-config-yaml_{context}"]
|
|
= Sample `install-config.yaml` file for VMware vSphere
|
|
|
|
You can customize the `install-config.yaml` file to specify more details about
|
|
your {product-title} cluster's platform or modify the values of the required
|
|
parameters.
|
|
|
|
[source,yaml]
|
|
----
|
|
additionalTrustBundlePolicy: Proxyonly
|
|
apiVersion: v1
|
|
baseDomain: example.com <1>
|
|
compute: <2>
|
|
- architecture: amd64
|
|
name: <worker_node>
|
|
platform: {}
|
|
replicas: 0 <3>
|
|
controlPlane: <2>
|
|
architecture: amd64
|
|
name: <parent_node>
|
|
platform: {}
|
|
replicas: 3 <4>
|
|
metadata:
|
|
creationTimestamp: null
|
|
name: test <5>
|
|
networking:
|
|
---
|
|
platform:
|
|
vsphere:
|
|
failureDomains: <6>
|
|
- name: <failure_domain_name>
|
|
region: <default_region_name>
|
|
server: <fully_qualified_domain_name>
|
|
topology:
|
|
computeCluster: "/<data_center>/host/<cluster>"
|
|
datacenter: <data_center> <7>
|
|
datastore: "/<data_center>/datastore/<datastore>" <8>
|
|
networks:
|
|
- <VM_Network_name>
|
|
resourcePool: "/<data_center>/host/<cluster>/Resources/<resourcePool>" <9>
|
|
folder: "/<data_center_name>/vm/<folder_name>/<subfolder_name>" <10>
|
|
zone: <default_zone_name>
|
|
vcenters:
|
|
- datacenters:
|
|
- <data_center>
|
|
password: <password> <11>
|
|
port: 443
|
|
server: <fully_qualified_domain_name> <12>
|
|
user: administrator@vsphere.local
|
|
diskType: thin <13>
|
|
ifndef::restricted[]
|
|
ifndef::openshift-origin[]
|
|
fips: false <14>
|
|
endif::openshift-origin[]
|
|
ifndef::openshift-origin[]
|
|
pullSecret: '{"auths": ...}' <15>
|
|
endif::openshift-origin[]
|
|
ifdef::openshift-origin[]
|
|
pullSecret: '{"auths": ...}' <14>
|
|
endif::openshift-origin[]
|
|
endif::restricted[]
|
|
ifdef::restricted[]
|
|
ifndef::openshift-origin[]
|
|
fips: false <14>
|
|
pullSecret: '{"auths":{"<local_registry>": {"auth": "<credentials>","email": "you@example.com"}}}' <15>
|
|
endif::openshift-origin[]
|
|
ifdef::openshift-origin[]
|
|
pullSecret: '{"auths":{"<local_registry>": {"auth": "<credentials>","email": "you@example.com"}}}' <14>
|
|
endif::openshift-origin[]
|
|
endif::restricted[]
|
|
ifndef::openshift-origin[]
|
|
sshKey: 'ssh-ed25519 AAAA...' <16>
|
|
endif::openshift-origin[]
|
|
ifdef::openshift-origin[]
|
|
sshKey: 'ssh-ed25519 AAAA...' <15>
|
|
endif::openshift-origin[]
|
|
ifdef::restricted[]
|
|
ifndef::openshift-origin[]
|
|
additionalTrustBundle: | <17>
|
|
-----BEGIN CERTIFICATE-----
|
|
ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ
|
|
-----END CERTIFICATE-----
|
|
imageContentSources: <18>
|
|
- mirrors:
|
|
- <mirror_host_name>:<mirror_port>/<repo_name>/release
|
|
source: <source_image_1>
|
|
- mirrors:
|
|
- <mirror_host_name>:<mirror_port>/<repo_name>/release-images
|
|
source: <source_image_2>
|
|
endif::openshift-origin[]
|
|
ifdef::openshift-origin[]
|
|
additionalTrustBundle: | <16>
|
|
-----BEGIN CERTIFICATE-----
|
|
ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ
|
|
-----END CERTIFICATE-----
|
|
imageContentSources: <17>
|
|
- mirrors:
|
|
- <mirror_host_name>:<mirror_port>/<repo_name>/release
|
|
source: <source_image_1>
|
|
- mirrors:
|
|
- <mirror_host_name>:<mirror_port>/<repo_name>/release-images
|
|
source: <source_image_2>
|
|
endif::openshift-origin[]
|
|
endif::restricted[]
|
|
----
|
|
<1> The base domain of the cluster. All DNS records must be sub-domains of this
|
|
base and include the cluster name.
|
|
<2> The `controlPlane` section is a single mapping, but the compute section is a
|
|
sequence of mappings. To meet the requirements of the different data structures,
|
|
the first line of the `compute` section must begin with a hyphen, `-`, and the
|
|
first line of the `controlPlane` section must not. Both sections define a single machine pool, so only one control plane is used. {product-title} does not support defining multiple compute pools.
|
|
<3> You must set the value of the `replicas` parameter to `0`. This parameter
|
|
controls the number of workers that the cluster creates and manages for you,
|
|
which are functions that the cluster does not perform when you
|
|
use user-provisioned infrastructure. You must manually deploy worker
|
|
machines for the cluster to use before you finish installing {product-title}.
|
|
<4> The number of control plane machines that you add to the cluster. Because
|
|
the cluster uses this values as the number of etcd endpoints in the cluster, the
|
|
value must match the number of control plane machines that you deploy.
|
|
<5> The cluster name that you specified in your DNS records.
|
|
<6> Establishes the relationships between a region and zone. You define a failure domain by using vCenter objects, such as a `datastore` object. A failure domain defines the vCenter location for {product-title} cluster nodes.
|
|
<7> The vSphere data center.
|
|
<8> The path to the vSphere datastore that holds virtual machine files, templates, and ISO images.
|
|
+
|
|
[IMPORTANT]
|
|
====
|
|
You can specify the path of any datastore that exists in a datastore cluster. By default, Storage vMotion is automatically enabled for a datastore cluster. Red Hat does not support Storage vMotion, so you must disable Storage vMotion to avoid data loss issues for your {product-title} cluster.
|
|
|
|
If you must specify VMs across multiple datastores, use a `datastore` object to specify a failure domain in your cluster's `install-config.yaml` configuration file. For more information, see "VMware vSphere region and zone enablement".
|
|
====
|
|
<9> Optional: For installer-provisioned infrastructure, the absolute path of an existing resource pool where the installation program creates the virtual machines, for example, `/<data_center_name>/host/<cluster_name>/Resources/<resource_pool_name>/<optional_nested_resource_pool_name>`. If you do not specify a value, resources are installed in the root of the cluster `/example_data_center/host/example_cluster/Resources`.
|
|
<10> Optional: For installer-provisioned infrastructure, the absolute path of an existing folder where the installation program creates the virtual machines, for example, `/<data_center_name>/vm/<folder_name>/<subfolder_name>`. If you do not provide this value, the installation program creates a top-level folder in the data center virtual machine folder that is named with the infrastructure ID. If you are providing the infrastructure for the cluster and you do not want to use the default `StorageClass` object, named `thin`, you can omit the `folder` parameter from the `install-config.yaml` file.
|
|
<11> The password associated with the vSphere user.
|
|
<12> The fully-qualified hostname or IP address of the vCenter server.
|
|
+
|
|
[IMPORTANT]
|
|
====
|
|
The Cloud Controller Manager Operator performs a connectivity check on a provided hostname or IP address. Ensure that you specify a hostname or an IP address to a reachable vCenter server. If you provide metadata to a non-existent vCenter server, installation of the cluster fails at the bootstrap stage.
|
|
====
|
|
<13> The vSphere disk provisioning method.
|
|
ifndef::openshift-origin[]
|
|
<14> Whether to enable or disable FIPS mode. By default, FIPS mode is not enabled. If FIPS mode is enabled, the {op-system-first} machines that {product-title} runs on bypass the default Kubernetes cryptography suite and use the cryptography modules that are provided with {op-system} instead.
|
|
+
|
|
--
|
|
include::snippets/fips-snippet.adoc[]
|
|
--
|
|
endif::openshift-origin[]
|
|
ifndef::restricted[]
|
|
ifndef::openshift-origin[]
|
|
<15> The pull secret that you obtained from {cluster-manager-url}. This pull secret allows you to authenticate with the services that are provided by the included authorities, including Quay.io, which serves the container images for {product-title} components.
|
|
<16> The public portion of the default SSH key for the `core` user in
|
|
{op-system-first}.
|
|
endif::openshift-origin[]
|
|
ifdef::openshift-origin[]
|
|
<15> You obtained the {cluster-manager-url-pull}. This pull secret allows you to authenticate with the services that are provided by the included authorities, including Quay.io, which serves the container images for {product-title} components.
|
|
<16> The public portion of the default SSH key for the `core` user in
|
|
{op-system-first}.
|
|
+
|
|
[NOTE]
|
|
====
|
|
For production {product-title} clusters on which you want to perform installation debugging or disaster recovery, specify an SSH key that your `ssh-agent` process uses.
|
|
====
|
|
endif::openshift-origin[]
|
|
endif::restricted[]
|
|
ifdef::restricted[]
|
|
ifndef::openshift-origin[]
|
|
<15> For `<local_registry>`, specify the registry domain name, and optionally the
|
|
port, that your mirror registry uses to serve content. For example
|
|
`registry.example.com` or `registry.example.com:5000`. For `<credentials>`,
|
|
specify the base64-encoded user name and password for your mirror registry.
|
|
<16> The public portion of the default SSH key for the `core` user in
|
|
{op-system-first}.
|
|
+
|
|
[NOTE]
|
|
====
|
|
For production {product-title} clusters on which you want to perform installation debugging or disaster recovery, specify an SSH key that your `ssh-agent` process uses.
|
|
====
|
|
endif::openshift-origin[]
|
|
ifdef::openshift-origin[]
|
|
<14> For `<local_registry>`, specify the registry domain name, and optionally the
|
|
port, that your mirror registry uses to serve content. For example
|
|
`registry.example.com` or `registry.example.com:5000`. For `<credentials>`,
|
|
specify the base64-encoded user name and password for your mirror registry.
|
|
<15> The public portion of the default SSH key for the `core` user in
|
|
{op-system-first}.
|
|
+
|
|
[NOTE]
|
|
====
|
|
For production {product-title} clusters on which you want to perform installation debugging or disaster recovery, specify an SSH key that your `ssh-agent` process uses.
|
|
====
|
|
endif::openshift-origin[]
|
|
endif::restricted[]
|
|
ifdef::restricted[]
|
|
ifndef::openshift-origin[]
|
|
<17> Provide the contents of the certificate file that you used for your mirror
|
|
registry.
|
|
<18> Provide the `imageContentSources` section from the output of the command to
|
|
mirror the repository.
|
|
endif::openshift-origin[]
|
|
ifdef::openshift-origin[]
|
|
<16> Provide the contents of the certificate file that you used for your mirror
|
|
registry.
|
|
<17> Provide the `imageContentSources` section from the output of the command to
|
|
mirror the repository.
|
|
endif::openshift-origin[]
|
|
endif::restricted[]
|
|
|
|
ifeval::["{context}" == "installing-restricted-networks-vsphere"]
|
|
:!restricted:
|
|
endif::[]
|
|
ifdef::openshift-origin[]
|
|
:!restricted:
|
|
endif::[]
|