mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-05 12:46:18 +01:00
4556 lines
166 KiB
Plaintext
4556 lines
166 KiB
Plaintext
// Module included in the following assemblies:
|
|
//
|
|
// * installing/installing_vsphere/installation-config-parameters-vsphere.adoc
|
|
// * installing/installing_gcp/installation-config-parameters-gcp.adoc
|
|
// * installing/installing_ibm_z/installation-config-parameters-ibm-z.adoc
|
|
// * installing/installing_ibm_power/installation-config-parameters-ibm-power.adoc
|
|
// * installing/installing_azure_stack_hub/installation-config-parameters-ash.adoc
|
|
// * installing/installing_bare_metal/installation-config-parameters-bare-metal.adoc
|
|
// * installing/installing_ibm_cloud/installation-config-parameters-ibm-cloud-vps.adoc
|
|
// * installing/installing_ibm_powervs/installation-config-parameters-ibm-power-vs.adoc
|
|
// * installing/installing_nutanix/installation-config-parameters-nutanix.adoc
|
|
// * installing/installing_openstack/installation-config-parameters-openstack.adoc
|
|
// * installing/installing_azure/installation-config-parameters-azure.adoc
|
|
// * installing/installing_aws/installation-config-parameters-aws.adoc
|
|
// * installing/installing_with_agent_based_installer/installation-config-parameters-agent.adoc
|
|
|
|
ifeval::["{context}" == "installation-config-parameters-vsphere"]
|
|
:vsphere:
|
|
endif::[]
|
|
ifeval::["{context}" == "installation-config-parameters-gcp"]
|
|
:gcp:
|
|
endif::[]
|
|
ifeval::["{context}" == "installation-config-parameters-ibm-z"]
|
|
:ibm-z:
|
|
endif::[]
|
|
ifeval::["{context}" == "installation-config-parameters-ibm-power"]
|
|
:ibm-power:
|
|
endif::[]
|
|
ifeval::["{context}" == "installation-config-parameters-ash"]
|
|
:ash:
|
|
endif::[]
|
|
ifeval::["{context}" == "installation-config-parameters-bare-metal"]
|
|
:bare:
|
|
endif::[]
|
|
ifeval::["{context}" == "installation-config-parameters-ibm-cloud-vpc"]
|
|
:ibm-cloud:
|
|
endif::[]
|
|
ifeval::["{context}" == "installation-config-parameters-ibm-power-vs"]
|
|
:ibm-power-vs:
|
|
endif::[]
|
|
ifeval::["{context}" == "installation-config-parameters-nutanix"]
|
|
:nutanix:
|
|
endif::[]
|
|
ifeval::["{context}" == "installation-config-parameters-openstack"]
|
|
:osp:
|
|
endif::[]
|
|
ifeval::["{context}" == "installation-config-parameters-azure"]
|
|
:azure:
|
|
endif::[]
|
|
ifeval::["{context}" == "installation-config-parameters-aws"]
|
|
:aws:
|
|
endif::[]
|
|
ifeval::["{context}" == "installation-config-parameters-agent"]
|
|
:agent:
|
|
endif::[]
|
|
|
|
// You can issue a command such as `openshift-install explain installconfig.platform.vsphere.failureDomains` to see information about a parameter. You must store the `openshift-install` binary in your bin directory. Also, consider viewing the installer/pkg/types/vsphere/platform.go for information about supported parameters.
|
|
|
|
:_mod-docs-content-type: REFERENCE
|
|
[id="installation-configuration-parameters_{context}"]
|
|
ifndef::agent[]
|
|
= Available installation configuration parameters for {platform}
|
|
|
|
[role="_abstract"]
|
|
The following tables specify the required, optional, and {platform}-specific installation configuration parameters that you can set as part of the installation process.
|
|
|
|
[IMPORTANT]
|
|
====
|
|
After installation, you cannot change these parameters in the `install-config.yaml` file.
|
|
====
|
|
endif::agent[]
|
|
|
|
ifdef::agent[]
|
|
= Available installation configuration parameters
|
|
|
|
The following tables specify the required and optional installation configuration parameters that you can set as part of the Agent-based installation process.
|
|
|
|
These values are specified in the `install-config.yaml` file.
|
|
|
|
[IMPORTANT]
|
|
====
|
|
These settings are used for installation only, and cannot be changed after installation.
|
|
====
|
|
|
|
endif::agent[]
|
|
|
|
[id="installation-configuration-parameters-required_{context}"]
|
|
== Required configuration parameters
|
|
|
|
Required installation configuration parameters are described in the following table:
|
|
|
|
.Required parameters
|
|
[cols=".^l,.^a",options="header"]
|
|
|====
|
|
|Parameter|Description
|
|
|
|
|apiVersion:
|
|
|The API version for the `install-config.yaml` content. The current version is `v1`. The installation program might also support older API versions.
|
|
|
|
*Value:* String
|
|
|
|
|baseDomain:
|
|
|The base domain of your cloud provider. The base domain is used to create routes to your {product-title} cluster components. The full DNS name for your cluster is a combination of the `baseDomain` and `metadata.name` parameter values that uses the `<metadata.name>.<baseDomain>` format.
|
|
|
|
*Value:* A fully-qualified domain or subdomain name, such as `example.com`.
|
|
|
|
|metadata:
|
|
|Kubernetes resource `ObjectMeta`, from which only the `name` parameter is consumed.
|
|
|
|
*Value:* Object
|
|
|
|
|metadata:
|
|
name:
|
|
|The name of the cluster. DNS records for the cluster are all subdomains of `{{.metadata.name}}.{{.baseDomain}}`.
|
|
ifdef::agent[]
|
|
The cluster name is set to `agent-cluster` when you do not provide the `metadata.name` parameter through either the `install-config.yaml` or `agent-config.yaml` files. For example, installations that only use ZTP manifests do not provide the `metadata.name` parameter.
|
|
endif::agent[]
|
|
|
|
ifndef::bare,nutanix,vsphere[]
|
|
*Value:* String of lowercase letters, hyphens (`-`), and periods (`.`), such as `dev`.
|
|
endif::bare,nutanix,vsphere[]
|
|
ifdef::bare,nutanix,vsphere[]
|
|
*Value:* String of lowercase letters and hyphens (`-`), such as `dev`.
|
|
endif::bare,nutanix,vsphere[]
|
|
ifdef::osp[]
|
|
The string must be 14 characters or fewer long.
|
|
endif::osp[]
|
|
|
|
|platform:
|
|
ifndef::agent[]
|
|
|The configuration for the specific platform upon which to perform the installation: `aws`, `baremetal`, `azure`, `gcp`, `ibmcloud`, `nutanix`, `openstack`, `powervs`, `vsphere`, or `{}`. For additional information about `platform.<platform>` parameters, consult the table for your specific platform that follows.
|
|
endif::agent[]
|
|
ifdef::agent[]
|
|
|The configuration for the specific platform upon which to perform the installation: `baremetal`, `external`, `none`, `vsphere`, or `nutanix`.
|
|
endif::agent[]
|
|
|
|
*Value:* Object
|
|
|
|
ifndef::openshift-origin[]
|
|
|pullSecret:
|
|
|Get a {cluster-manager-url-pull} to authenticate downloading container images for {product-title} components from services such as Quay.io.
|
|
|
|
*Value:*
|
|
[source,json]
|
|
----
|
|
{
|
|
"auths":{
|
|
"cloud.openshift.com":{
|
|
"auth":"b3Blb=",
|
|
"email":"you@example.com"
|
|
},
|
|
"quay.io":{
|
|
"auth":"b3Blb=",
|
|
"email":"you@example.com"
|
|
}
|
|
}
|
|
}
|
|
----
|
|
endif::[]
|
|
|
|
ifdef::ibm-power-vs[]
|
|
|platform:
|
|
powervs:
|
|
userID:
|
|
|The UserID is the login for the user's {ibm-cloud-name} account.
|
|
|
|
*Value:* String. For example, `existing_user_id`.
|
|
|
|
|platform:
|
|
powervs:
|
|
powervsResourceGroup:
|
|
|The PowerVSResourceGroup is the resource group in which {ibm-power-server-name} resources are created. If using an existing VPC, the existing VPC and subnets should be in this resource group.
|
|
|
|
*Value:* String. For example, `existing_resource_group`.
|
|
|
|
|platform:
|
|
powervs:
|
|
region:
|
|
|Specifies the {ibm-cloud-name} region where the cluster is created.
|
|
|
|
*Value:* String. For example, `existing_region`.
|
|
|
|
|platform:
|
|
powervs:
|
|
zone:
|
|
|Specifies the {ibm-cloud-name} colo region where the cluster is created.
|
|
|
|
*Value:* String. For example, `existing_zone`.
|
|
|
|
endif::ibm-power-vs[]
|
|
|====
|
|
|
|
[id="installation-configuration-parameters-network_{context}"]
|
|
== Network configuration parameters
|
|
|
|
You can customize your installation configuration based on the requirements of your existing network infrastructure. For example, you can expand the IP address block for the cluster network or configure different IP address blocks than the defaults.
|
|
|
|
ifndef::agent,bare,ibm-power,ibm-z,vsphere,osp[]
|
|
Only IPv4 addresses are supported.
|
|
endif::agent,bare,ibm-power,ibm-z,vsphere,osp[]
|
|
|
|
ifdef::agent,bare,ibm-power,ibm-z,vsphere,osp[]
|
|
Consider the following information before you configure network parameters for your cluster:
|
|
|
|
* If you use the {openshift-networking} OVN-Kubernetes network plugin, both IPv4 and IPv6 address families are supported.
|
|
* If you deployed nodes in an {product-title} cluster with a network that supports both IPv4 and non-link-local IPv6 addresses, configure your cluster to use a dual-stack network.
|
|
** For clusters configured for dual-stack networking, both IPv4 and IPv6 traffic must use the same network interface as the default gateway. This ensures that in a multiple network interface controller (NIC) environment, a cluster can detect what NIC to use based on the available network interface. For more information, see "OVN-Kubernetes IPv6 and dual-stack limitations" in _About the OVN-Kubernetes network plugin_.
|
|
** To prevent network connectivity issues, do not install a single-stack IPv4 cluster on a host that supports dual-stack networking.
|
|
|
|
ifdef::ibm-cloud[]
|
|
[NOTE]
|
|
====
|
|
{ibm-cloud-name} does not support IPv6 address families.
|
|
====
|
|
endif::ibm-cloud[]
|
|
|
|
ifdef::vsphere[]
|
|
[NOTE]
|
|
====
|
|
On {vmw-first}, dual-stack networking can specify either IPv4 or IPv6 as the primary address family.
|
|
====
|
|
endif::vsphere[]
|
|
|
|
If you configure your cluster to use both IP address families, review the following requirements:
|
|
|
|
* Both IP families must use the same network interface for the default gateway.
|
|
|
|
* Both IP families must have the default gateway.
|
|
|
|
* You must specify IPv4 and IPv6 addresses in the same order for all network configuration parameters. For example, in the following configuration, IPv4 addresses are listed before IPv6 addresses:
|
|
+
|
|
[source,yaml]
|
|
----
|
|
networking:
|
|
clusterNetwork:
|
|
- cidr: 10.128.0.0/14
|
|
hostPrefix: 23
|
|
- cidr: fd00:10:128::/56
|
|
hostPrefix: 64
|
|
serviceNetwork:
|
|
- 172.30.0.0/16
|
|
- fd00:172:16::/112
|
|
----
|
|
endif::agent,bare,ibm-power,ibm-z,vsphere,osp[]
|
|
|
|
ifdef::osp[]
|
|
[NOTE]
|
|
====
|
|
Globalnet is not supported with {rh-storage-first} disaster recovery solutions. For regional disaster recovery scenarios, ensure that you use a non-overlapping range of private IP addresses for the cluster and service networks in each cluster.
|
|
====
|
|
endif::osp[]
|
|
|
|
.Network parameters
|
|
[cols=".^l,.^a",options="header"]
|
|
|====
|
|
|Parameter|Description
|
|
|
|
|networking:
|
|
|The configuration for the cluster network.
|
|
|
|
*Value:* Object
|
|
|
|
[NOTE]
|
|
====
|
|
You cannot change parameters specified by the `networking` object after installation.
|
|
====
|
|
|
|
|networking:
|
|
networkType:
|
|
|The {openshift-networking} network plugin to install.
|
|
|
|
*Value:*
|
|
ifdef::openshift-origin[]
|
|
`OVNKubernetes`.
|
|
endif::openshift-origin[]
|
|
ifndef::openshift-origin[]
|
|
ifndef::ibm-power-vs[]
|
|
`OVNKubernetes`. `OVNKubernetes` is a Container Network Interface (CNI) plugin for Linux networks and hybrid networks that contain both Linux and Windows servers. The default value is `OVNKubernetes`.
|
|
endif::ibm-power-vs[]
|
|
ifdef::ibm-power-vs[]
|
|
The default value is `OVNKubernetes`.
|
|
endif::ibm-power-vs[]
|
|
endif::openshift-origin[]
|
|
|
|
|networking:
|
|
clusterNetwork:
|
|
|The IP address blocks for pods.
|
|
|
|
The default value is `10.128.0.0/14` with a host prefix of `/23`.
|
|
|
|
If you specify multiple IP address blocks, the blocks must not overlap.
|
|
|
|
*Value:* An array of objects. For example:
|
|
|
|
[source,yaml]
|
|
----
|
|
ifndef::agent,bare[]
|
|
networking:
|
|
clusterNetwork:
|
|
- cidr: 10.128.0.0/14
|
|
hostPrefix: 23
|
|
endif::agent,bare[]
|
|
ifdef::agent,bare[]
|
|
networking:
|
|
clusterNetwork:
|
|
- cidr: 10.128.0.0/14
|
|
hostPrefix: 23
|
|
- cidr: fd01::/48
|
|
hostPrefix: 64
|
|
endif::agent,bare[]
|
|
----
|
|
|
|
|networking:
|
|
clusterNetwork:
|
|
cidr:
|
|
|Required if you use `networking.clusterNetwork`. An IP address block.
|
|
|
|
ifndef::agent,bare[]
|
|
An IPv4 network.
|
|
endif::agent,bare[]
|
|
|
|
ifdef::agent,bare[]
|
|
If you use the OVN-Kubernetes network plugin, you can specify IPv4 and IPv6 networks.
|
|
endif::agent,bare[]
|
|
|
|
*Value:* An IP address block in Classless Inter-Domain Routing (CIDR) notation. The prefix length for an IPv4 block is between `0` and `32`.
|
|
ifdef::agent,bare[]
|
|
The prefix length for an IPv6 block is between `0` and `128`. For example, `10.128.0.0/14` or `fd01::/48`.
|
|
endif::agent,bare[]
|
|
|
|
|networking:
|
|
clusterNetwork:
|
|
hostPrefix:
|
|
|The subnet prefix length to assign to each individual node. For example, if `hostPrefix` is set to `23` then each node is assigned a `/23` subnet out of the given `cidr`. A `hostPrefix` value of `23` provides 510 (2^(32 - 23) - 2) pod IP addresses.
|
|
|
|
*Value:* A subnet prefix.
|
|
|
|
ifndef::agent,bare[]
|
|
The default value is `23`.
|
|
endif::agent,bare[]
|
|
|
|
ifdef::agent,bare[]
|
|
For an IPv4 network the default value is `23`. For an IPv6 network the default value is `64`. The default value is also the minimum value for IPv6.
|
|
endif::agent,bare[]
|
|
|
|
|networking:
|
|
serviceNetwork:
|
|
|The IP address block for services. The default value is `172.30.0.0/16`.
|
|
|
|
The OVN-Kubernetes network plugins supports only a single IP address block for the service network.
|
|
|
|
ifdef::agent,bare[]
|
|
If you use the OVN-Kubernetes network plugin, you can specify an IP address block for both of the IPv4 and IPv6 address families.
|
|
endif::agent,bare[]
|
|
|
|
*Value:* An array with an IP address block in CIDR format. For example:
|
|
|
|
[source,yaml]
|
|
----
|
|
ifndef::agent,bare[]
|
|
networking:
|
|
serviceNetwork:
|
|
- 172.30.0.0/16
|
|
endif::agent,bare[]
|
|
ifdef::agent,bare[]
|
|
networking:
|
|
serviceNetwork:
|
|
- 172.30.0.0/16
|
|
- fd02::/112
|
|
endif::agent,bare[]
|
|
----
|
|
|
|
|networking:
|
|
machineNetwork:
|
|
|The IP address blocks for machines.
|
|
|
|
ifndef::ibm-power-vs[]
|
|
If you specify multiple IP address blocks, the blocks must not overlap.
|
|
endif::ibm-power-vs[]
|
|
|
|
ifdef::ibm-z,ibm-power[]
|
|
If you specify multiple IP kernel arguments, the `machineNetwork.cidr` value must be the CIDR of the primary network.
|
|
endif::ibm-z,ibm-power[]
|
|
|
|
*Value:* An array of objects. For example:
|
|
|
|
[source,yaml]
|
|
----
|
|
networking:
|
|
machineNetwork:
|
|
- cidr: 10.0.0.0/16
|
|
----
|
|
|
|
|networking:
|
|
machineNetwork:
|
|
cidr:
|
|
|Required if you use `networking.machineNetwork`. An IP address block. The default value is `10.0.0.0/16` for all platforms other than libvirt and {ibm-power-server-name}. For libvirt, the default value is `192.168.126.0/24`. For {ibm-power-server-name}, the default value is `192.168.0.0/24`.
|
|
|
|
ifdef::ibm-cloud[]
|
|
If you are deploying the cluster to an existing Virtual Private Cloud (VPC), the CIDR must contain the subnets defined in `platform.ibmcloud.controlPlaneSubnets` and `platform.ibmcloud.computeSubnets`.
|
|
endif::ibm-cloud[]
|
|
|
|
*Value:* An IP network block in CIDR notation.
|
|
|
|
ifndef::agent,bare,ibm-power-vs[]
|
|
For example, `10.0.0.0/16`.
|
|
endif::agent,bare,ibm-power-vs[]
|
|
ifdef::agent,bare[]
|
|
For example, `10.0.0.0/16` or `fd00::/48`.
|
|
endif::agent,bare[]
|
|
ifdef::ibm-power-vs[]
|
|
For example, `192.168.0.0/24`.
|
|
endif::ibm-power-vs[]
|
|
|
|
[NOTE]
|
|
====
|
|
Set the `networking.machineNetwork` to match the CIDR that the preferred NIC resides in.
|
|
====
|
|
|
|
|networking:
|
|
ovnKubernetesConfig:
|
|
ipv4:
|
|
internalJoinSubnet:
|
|
|Configures the IPv4 join subnet that is used internally by `ovn-kubernetes`. This subnet must not overlap with any other subnet that {product-title} is using, including the node network. The size of the subnet must be larger than the number of nodes. You cannot change the value after installation.
|
|
|
|
*Value:* An IP network block in CIDR notation. The default value is `100.64.0.0/16`.
|
|
|
|
|====
|
|
|
|
[id="installation-configuration-parameters-optional_{context}"]
|
|
== Optional configuration parameters
|
|
|
|
Optional installation configuration parameters are described in the following table:
|
|
|
|
.Optional parameters
|
|
[cols=".^l,.^a",options="header"]
|
|
|====
|
|
|Parameter|Description
|
|
|
|
|additionalTrustBundle:
|
|
|A PEM-encoded X.509 certificate bundle that is added to the nodes' trusted certificate store. This trust bundle might also be used when a proxy has been configured.
|
|
|
|
*Value:* String
|
|
|
|
|capabilities:
|
|
|Controls the installation of optional core cluster components. You can reduce the footprint of your {product-title} cluster by disabling optional components. For more information, see the "Cluster capabilities" page in _Installing_.
|
|
|
|
*Value:* String array
|
|
|
|
|capabilities:
|
|
baselineCapabilitySet:
|
|
|Selects an initial set of optional capabilities to enable. Valid values are `None`, `v4.11`, `v4.12` and `vCurrent`. The default value is `vCurrent`.
|
|
|
|
*Value:* String
|
|
|
|
|capabilities:
|
|
additionalEnabledCapabilities:
|
|
|Extends the set of optional capabilities beyond what you specify in `baselineCapabilitySet`. You can specify multiple capabilities in this parameter.
|
|
|
|
*Value:* String array
|
|
|
|
|cpuPartitioningMode:
|
|
|Enables workload partitioning, which isolates {product-title} services, cluster management workloads, and infrastructure pods to run on a reserved set of CPUs. You can only enable workload partitioning during installation. You cannot disable it after installation. While this field enables workload partitioning, it does not configure workloads to use specific CPUs. For more information, see the _Workload partitioning_ page in the _Scalability and Performance_ section.
|
|
|
|
*Value:* `None` or `AllNodes`. `None` is the default value.
|
|
|
|
|compute:
|
|
|The configuration for the machines that comprise the compute nodes.
|
|
|
|
*Value:* Array of `MachinePool` objects.
|
|
|
|
ifndef::openshift-origin[]
|
|
|
|
ifndef::agent,aws,bare,gcp,ibm-power,ibm-z,azure,ibm-power-vs[]
|
|
|compute:
|
|
architecture:
|
|
|Determines the instruction set architecture of the machines in the pool. Currently, clusters with varied architectures are not supported. All pools must specify the same architecture. Valid values are `amd64` (the default).
|
|
|
|
*Value:* String
|
|
endif::agent,aws,bare,gcp,ibm-power,ibm-z,azure,ibm-power-vs[]
|
|
|
|
ifdef::aws,azure,gcp,bare[]
|
|
|compute:
|
|
architecture:
|
|
|Determines the instruction set architecture of the machines in the pool. Currently, clusters with varied architectures are not supported. All pools must specify the same architecture. Valid values are `amd64` and `arm64`.
|
|
|
|
ifdef::aws,azure[]
|
|
Not all installation options support the 64-bit ARM architecture. To verify if your installation option is supported on your platform, see _Supported installation methods for different platforms_ in _Selecting a cluster installation method and preparing it for users_.
|
|
endif::aws,azure[]
|
|
|
|
*Value:* String
|
|
endif::aws,azure,gcp,bare[]
|
|
|
|
ifdef::ibm-z[]
|
|
|compute:
|
|
architecture:
|
|
|Determines the instruction set architecture of the machines in the pool. Currently, heterogeneous clusters are not supported, so all pools must specify the same architecture. The valid value is the default: `s390x`.
|
|
|
|
*Value:* String
|
|
endif::ibm-z[]
|
|
|
|
ifdef::ibm-power,ibm-power-vs[]
|
|
|compute:
|
|
architecture:
|
|
|Determines the instruction set architecture of the machines in the pool. Currently, heterogeneous clusters are not supported, so all pools must specify the same architecture. The valid value is the default: `ppc64le`.
|
|
|
|
*Value:* String
|
|
endif::ibm-power,ibm-power-vs[]
|
|
|
|
ifdef::agent[]
|
|
|compute:
|
|
architecture:
|
|
|Determines the instruction set architecture of the machines in the pool. Currently, clusters with varied architectures are not supported. All pools must specify the same architecture. Valid values are `amd64`, `arm64`, `ppc64le`, and `s390x`.
|
|
|
|
*Value:* String
|
|
endif::agent[]
|
|
|
|
endif::openshift-origin[]
|
|
|
|
ifdef::openshift-origin[]
|
|
|compute:
|
|
architecture:
|
|
|Determines the instruction set architecture of the machines in the pool. Currently, clusters with varied architectures are not supported. All pools must specify the same architecture. The valid value is the default: `amd64`.
|
|
|
|
ifdef::aws[]
|
|
See _Supported installation methods for different platforms_ in _Installing_ documentation for information about instance availability.
|
|
endif::aws[]
|
|
|
|
*Value:* String
|
|
endif::openshift-origin[]
|
|
ifndef::vsphere[]
|
|
|compute:
|
|
hyperthreading:
|
|
|Whether to enable or disable simultaneous multithreading, or `hyperthreading`, on compute machines. By default, simultaneous multithreading is enabled to increase the performance of your machines' cores.
|
|
|
|
[IMPORTANT]
|
|
====
|
|
If you disable simultaneous multithreading, ensure that your capacity planning accounts for the dramatically decreased machine performance.
|
|
====
|
|
|
|
*Value:* `Enabled` or `Disabled`
|
|
endif::vsphere[]
|
|
ifdef::ibm-power-vs[]
|
|
|compute:
|
|
smtLevel:
|
|
|The SMTLevel specifies the level of SMT to set to the control plane and compute machines. Valid values are `1`, `2`, `3`, `4`, `5`, `6`, `7`, `8`, `off`, and `on`.
|
|
|
|
*Value:* String
|
|
endif::ibm-power-vs[]
|
|
|
|
|compute:
|
|
name:
|
|
|Required if you use `compute`. The name of the machine pool.
|
|
|
|
*Value:* `worker`
|
|
|
|
|compute:
|
|
platform:
|
|
|Required if you use `compute`. Use this parameter to specify the cloud provider to host the worker machines. This parameter value must match the `controlPlane.platform` parameter value.
|
|
|
|
ifdef::ibm-power-vs[]
|
|
Example usage, `compute.platform.powervs.sysType`.
|
|
|
|
|compute:
|
|
platform:
|
|
powervs:
|
|
sysType:
|
|
|Defines the system type for the instance.
|
|
|
|
*Value:* The available system types depend on the zone you want to target. Supported values are `e980`, `s922`, `e1080`, or `s1022`.
|
|
|
|
endif::ibm-power-vs[]
|
|
*Value:*
|
|
ifndef::agent[]
|
|
`aws`, `azure`, `gcp`, `ibmcloud`, `nutanix`, `openstack`, `powervs`, `vsphere`, or `{}`
|
|
endif::agent[]
|
|
ifdef::agent[]
|
|
`baremetal`, `vsphere`, or `{}`
|
|
endif::agent[]
|
|
|
|
|compute:
|
|
replicas:
|
|
|The number of compute machines, which are also known as worker machines, to provision.
|
|
|
|
*Value:* A positive integer greater than or equal to `2`. The default value is `3`.
|
|
|
|
|featureSet:
|
|
|Enables the cluster for a feature set. A feature set is a collection of {product-title} features that are not enabled by default. For more information about enabling a feature set during installation, see "Enabling features using feature gates".
|
|
|
|
*Value:* String. The name of the feature set to enable, such as `TechPreviewNoUpgrade`.
|
|
|
|
|controlPlane:
|
|
|The configuration for the machines that form the control plane.
|
|
|
|
*Value:* Array of `MachinePool` objects.
|
|
|
|
ifndef::openshift-origin[]
|
|
ifndef::agent,aws,bare,gcp,ibm-z,ibm-power,azure,ibm-power-vs[]
|
|
|controlPlane:
|
|
architecture:
|
|
|Determines the instruction set architecture of the machines in the pool. Currently, clusters with varied architectures are not supported. All pools must specify the same architecture. Valid values are `amd64` (the default).
|
|
|
|
*Value:* String
|
|
endif::agent,aws,bare,gcp,ibm-z,ibm-power,azure,ibm-power-vs[]
|
|
|
|
ifdef::aws,azure,gcp,bare[]
|
|
|controlPlane:
|
|
architecture:
|
|
|Determines the instruction set architecture of the machines in the pool. Currently, clusters with varied architectures are not supported. All pools must specify the same architecture. Valid values are `amd64` and `arm64`.
|
|
|
|
ifdef::aws,azure[]
|
|
Not all installation options support the 64-bit ARM architecture. To verify if your installation option is supported on your platform, see _Supported installation methods for different platforms_ in _Selecting a cluster installation method and preparing it for users_.
|
|
endif::aws,azure[]
|
|
|
|
*Value:* String
|
|
endif::aws,azure,gcp,bare[]
|
|
|
|
ifdef::ibm-z[]
|
|
|controlPlane:
|
|
architecture:
|
|
|Determines the instruction set architecture of the machines in the pool. Currently, heterogeneous clusters are not supported, so all pools must specify the same architecture. The valid value is the default: `s390x`.
|
|
|
|
*Value:* String
|
|
endif::ibm-z[]
|
|
|
|
ifdef::ibm-power,ibm-power-vs[]
|
|
|controlPlane:
|
|
architecture:
|
|
|Determines the instruction set architecture of the machines in the pool. Currently, heterogeneous clusters are not supported, so all pools must specify the same architecture. The valid value is the default: `ppc64le`.
|
|
|
|
*Value:* String
|
|
endif::ibm-power,ibm-power-vs[]
|
|
|
|
ifdef::agent[]
|
|
|controlPlane:
|
|
architecture:
|
|
|Determines the instruction set architecture of the machines in the pool. Currently, clusters with varied architectures are not supported. All pools must specify the same architecture. Valid values are `amd64`, `arm64`, `ppc64le`, and `s390x`.
|
|
|
|
*Value:* String
|
|
endif::agent[]
|
|
|
|
endif::openshift-origin[]
|
|
|
|
ifdef::openshift-origin[]
|
|
|controlPlane:
|
|
architecture:
|
|
|Determines the instruction set architecture of the machines in the pool. Currently, clusters with varied architectures are not supported. All pools must specify the same architecture. The valid value is `amd64`.
|
|
|
|
ifdef::aws[]
|
|
See _Supported installation methods for different platforms_ in _Installing_ documentation for information about instance availability.
|
|
endif::aws[]
|
|
|
|
*Value:* String
|
|
endif::openshift-origin[]
|
|
|
|
ifndef::vsphere[]
|
|
|controlPlane:
|
|
hyperthreading:
|
|
|Whether to enable or disable simultaneous multithreading, or `hyperthreading`, on control plane machines. By default, simultaneous multithreading is enabled to increase the performance of your machines' cores.
|
|
|
|
[IMPORTANT]
|
|
====
|
|
If you disable simultaneous multithreading, ensure that your capacity planning accounts for the dramatically decreased machine performance.
|
|
====
|
|
|
|
*Value:* `Enabled` or `Disabled`
|
|
endif::vsphere[]
|
|
|
|
|controlPlane:
|
|
name:
|
|
|Required if you use `controlPlane`. The name of the machine pool.
|
|
|
|
*Value:* `master`
|
|
|
|
|controlPlane:
|
|
platform:
|
|
|Required if you use `controlPlane`. Use this parameter to specify the cloud provider that hosts the control plane machines. This parameter value must match the `compute.platform` parameter value.
|
|
|
|
ifdef::ibm-power-vs[]
|
|
Example usage, `controlPlane.platform.powervs.processors`.
|
|
|
|
|controlPlane:
|
|
platform:
|
|
powervs:
|
|
sysType:
|
|
|Defines the system type for the instance.
|
|
|
|
*Value:* The available system types depend on the zone you want to target. Supported values are `e980`, `s922`, `e1080`, or `s1022`.
|
|
endif::ibm-power-vs[]
|
|
|
|
*Value:*
|
|
ifndef::agent[]
|
|
`aws`, `azure`, `gcp`, `ibmcloud`, `nutanix`, `openstack`, `powervs`, `vsphere`, or `{}`
|
|
endif::agent[]
|
|
ifdef::agent[]
|
|
`baremetal`, `vsphere`, or `{}`
|
|
endif::agent[]
|
|
|
|
|controlPlane:
|
|
replicas:
|
|
|The number of control plane machines to provision.
|
|
|
|
*Value:*
|
|
ifndef::agent[]
|
|
Supported values are `3`, or `1` when deploying {sno}.
|
|
endif::agent[]
|
|
ifdef::agent[]
|
|
Supported values are `3`, `4`, `5`, or `1` when deploying {sno}.
|
|
endif::agent[]
|
|
|
|
|arbiter:
|
|
name: arbiter
|
|
|The {product-title} cluster requires a name for arbiter nodes. For example, `arbiter`.
|
|
|
|
|arbiter:
|
|
replicas: 1
|
|
|The `replicas` parameter sets the number of arbiter nodes for the {product-title} cluster. You cannot set this field to a value that is greater than 1.
|
|
|
|
|credentialsMode:
|
|
|The Cloud Credential Operator (CCO) mode. If no mode is specified, the CCO dynamically tries to determine the capabilities of the provided credentials, with a preference for mint mode on the platforms where multiple modes are supported.
|
|
|
|
[NOTE]
|
|
====
|
|
Not all CCO modes are supported for all cloud providers. For more information about CCO modes, see the "Managing cloud provider credentials" entry in the _Authentication and authorization_ content.
|
|
====
|
|
|
|
*Value:* `Mint`, `Passthrough`, `Manual` or an empty string (`""`).
|
|
|
|
ifndef::openshift-origin,ibm-power-vs[]
|
|
|fips:
|
|
|Enable or disable FIPS mode. The default is `false` (disabled). If you enable FIPS mode, the {op-system-first} machines that {product-title} runs on bypass the default Kubernetes cryptography suite and use the cryptography modules that {op-system} provides instead.
|
|
|
|
include::snippets/fips-snippet.adoc[]
|
|
|
|
[IMPORTANT]
|
|
====
|
|
If you are using Azure File storage, you cannot enable FIPS mode.
|
|
====
|
|
|
|
*Value:* `false` or `true`
|
|
|
|
|endpoint:
|
|
name: <endpoint_name>
|
|
clusterUseOnly: `true` or `false`
|
|
|The `name` parameter contains the name of the Private Service Connect (PSC) endpoints.
|
|
|
|
[IMPORTANT]
|
|
====
|
|
When `clusterUseOnly` is `false`, its default setting, you must run the installation program from a bastion host that is within the same VPC where you want to deploy the cluster.
|
|
====
|
|
|
|
When you want the installation program to use the public API endpoints and cluster operators to use the API endpoint overrides, set `clusterUseOnly` to `true`. When you want both the installation program and the cluster operators to use the API endpoint overrides, for example if you are running the installation program from a bastion host that is within the same VPC where you want to deploy the cluster, set `clusterUseOnly` to `false` . The parameter is optional and defaults to `false`.
|
|
|
|
*Value:* String or boolean
|
|
|
|
endif::openshift-origin,ibm-power-vs[]
|
|
|imageContentSources:
|
|
|Sources and repositories for the release-image content.
|
|
|
|
*Value:* Array of objects. Includes a `source` and, optionally, `mirrors`, as described in the following rows of this table.
|
|
|
|
|imageContentSources:
|
|
source:
|
|
|Required if you use `imageContentSources`. Specify the repository that users refer to, for example, in image pull specifications.
|
|
|
|
*Value:* String
|
|
|
|
|imageContentSources:
|
|
mirrors:
|
|
|Specify one or more repositories that might also contain the same images.
|
|
|
|
*Value:* Array of strings
|
|
|
|
ifndef::openshift-origin[]
|
|
ifdef::aws[]
|
|
|platform:
|
|
aws:
|
|
lbType:
|
|
|Required to set the NLB load balancer type in AWS. Valid values are `Classic` or `NLB`. If no value is specified, the installation program defaults to `Classic`. The installation program sets the value provided here in the ingress cluster configuration object. If you do not specify a load balancer type for other Ingress Controllers, they use the type set in this parameter.
|
|
|
|
*Value:* `Classic` or `NLB`. The default value is `Classic`.
|
|
endif::aws[]
|
|
endif::openshift-origin[]
|
|
|
|
|publish:
|
|
|How to publish or expose the user-facing endpoints of your cluster, such as the Kubernetes API, OpenShift routes.
|
|
|
|
*Value:*
|
|
ifdef::aws,gcp,ibm-cloud[]
|
|
`Internal` or `External`. To deploy a private cluster that cannot be accessed from the internet, set the `publish` parameter to `Internal`. The default value is `External`.
|
|
endif::[]
|
|
ifdef::azure[]
|
|
`Internal`, `External`, or `Mixed`. To deploy a private cluster that cannot be accessed from the internet, set the `publish` parameter to `Internal`. The default value is `External`. To deploy a cluster where the API and the ingress server have different publishing strategies, set `publish` to `Mixed` and use the `operatorPublishingStrategy` parameter.
|
|
endif::[]
|
|
ifndef::aws,azure,gcp,ibm-cloud[]
|
|
`Internal` or `External`. The default value is `External`.
|
|
|
|
Setting this field to `Internal` is not supported on non-cloud platforms.
|
|
ifndef::ibm-power-vs[]
|
|
ifeval::[{product-version} <= 4.7]
|
|
[IMPORTANT]
|
|
====
|
|
If the value of the field is set to `Internal`, the cluster becomes non-functional. For more information, refer to link:https://bugzilla.redhat.com/show_bug.cgi?id=1953035[BZ#1953035].
|
|
====
|
|
|
|
endif::[]
|
|
endif::ibm-power-vs[]
|
|
endif::[]
|
|
|
|
|sshKey:
|
|
|The SSH key to authenticate access to your cluster machines.
|
|
|
|
[NOTE]
|
|
====
|
|
For production {product-title} clusters on which you want to perform installation debugging or disaster recovery, specify an SSH key that your `ssh-agent` process uses.
|
|
====
|
|
|
|
*Value:* For example, `sshKey: ssh-ed25519 AAAA..`.
|
|
|
|
ifdef::ibm-power-vs[]
|
|
|platform:
|
|
powervs:
|
|
vpcRegion:
|
|
|Specifies the {ibm-cloud-name} region in which to create VPC resources.
|
|
|
|
*Value:* String. For example, `existing_vpc_region`.
|
|
|
|
|platform:
|
|
powervs:
|
|
vpcSubnets:
|
|
|Specifies existing subnets by name where cluster resources are created.
|
|
|
|
*Value:* String. For example, `powervs_region_example_subnet`.
|
|
|
|
|platform:
|
|
powervs:
|
|
vpcName:
|
|
|Specifies the {ibm-cloud-name} name.
|
|
|
|
*Value:* String. For example, `existing_vpcName`.
|
|
|
|
|platform:
|
|
powervs:
|
|
serviceInstanceGUID:
|
|
|Specifies the ID of the Power IAAS instance created from the {ibm-cloud-name} Catalog.
|
|
|
|
*Value:* String. For example, `existing_service_instance_GUID`.
|
|
|
|
|platform:
|
|
powervs:
|
|
clusterOSImage:
|
|
|Specifies a pre-created {ibm-power-server-name} boot image that overrides the default image for cluster nodes.
|
|
|
|
*Value:* String. For example, `existing_cluster_os_image`.
|
|
|
|
|platform:
|
|
powervs:
|
|
defaultMachinePlatform:
|
|
|Specifies the default configuration used when installing on {ibm-power-server-name} for machine pools that do not define their own platform configuration.
|
|
|
|
*Value:* String. For example, `existing_machine_platform`.
|
|
|
|
|platform:
|
|
powervs:
|
|
memoryGiB:
|
|
|Specifies the size of a virtual machine's memory, in GB.
|
|
|
|
*Value:* The valid integer must be an integer number of GB that is at least `2` and no more than `64`, depending on the machine type.
|
|
|
|
|platform:
|
|
powervs:
|
|
procType:
|
|
|Defines the processor sharing model for the instance.
|
|
|
|
*Value:* The valid values are `Capped`, `Dedicated`, and `Shared`.
|
|
|
|
|platform:
|
|
powervs:
|
|
processors:
|
|
|Defines the processing units for the instance.
|
|
|
|
*Value:* The number of processors must be from `.5` to `32` cores. The processors must be in increments of `.25`.
|
|
|
|
|platform:
|
|
powervs:
|
|
tgName:
|
|
|Defines the name of an existing Transit Gateway.
|
|
|
|
*Value:* String. For example, `existing_tgName`.
|
|
endif::ibm-power-vs[]
|
|
|====
|
|
|
|
ifdef::aws,gcp[]
|
|
|
|
[NOTE]
|
|
====
|
|
ifdef::aws[If your AWS account has service control policies (SCP) enabled, you must configure the `credentialsMode` parameter to `Mint`, `Passthrough`, or `Manual`.]
|
|
ifdef::gcp[If you are installing on {gcp-short} into a shared virtual private cloud (VPC), `credentialsMode` must be set to `Passthrough` or `Manual`.]
|
|
====
|
|
endif::aws,gcp[]
|
|
ifdef::aws,gcp,azure[]
|
|
|
|
[IMPORTANT]
|
|
====
|
|
Setting this parameter to `Manual` enables alternatives to storing administrator-level secrets in the `kube-system` project, which require additional configuration steps. For more information, see "Alternatives to storing administrator-level secrets in the kube-system project".
|
|
====
|
|
endif::aws,gcp,azure[]
|
|
|
|
ifdef::aws[]
|
|
[id="installation-configuration-parameters-optional-aws_{context}"]
|
|
== Optional AWS configuration parameters
|
|
|
|
Optional AWS configuration parameters are described in the following table:
|
|
|
|
.Optional AWS parameters
|
|
[cols=".^l,.^a",options="header"]
|
|
|====
|
|
|Parameter|Description
|
|
|
|
|compute:
|
|
platform:
|
|
aws:
|
|
amiID:
|
|
|The AWS AMI used to boot compute machines for the cluster. This is required for regions that require a custom {op-system} AMI.
|
|
|
|
*Value:* Any published or custom {op-system} AMI that belongs to the set AWS region. See _{op-system} AMIs for AWS infrastructure_ for available AMI IDs.
|
|
|
|
|compute:
|
|
platform:
|
|
aws:
|
|
iamProfile:
|
|
|The name of the IAM instance profile that you use for the machine. If you want the installation program to create the IAM instance profile for you, do not use the `iamProfile` parameter. You can specify either the `iamProfile` or `iamRole` parameter, but you cannot specify both.
|
|
|
|
*Value:* String
|
|
|
|
|compute:
|
|
platform:
|
|
aws:
|
|
iamRole:
|
|
|The name of the IAM instance role that you use for the machine. When you specify an IAM role, the installation program creates an instance profile. If you want the installation program to create the IAM instance role for you, do not select the `iamRole` parameter. You can specify either the `iamRole` or `iamProfile` parameter, but you cannot specify both.
|
|
|
|
*Value:* String
|
|
|
|
|compute:
|
|
platform:
|
|
aws:
|
|
rootVolume:
|
|
iops:
|
|
|The Input/Output Operations Per Second (IOPS) that is reserved for the root volume.
|
|
|
|
*Value:* Integer, for example `4000`.
|
|
|
|
|compute:
|
|
platform:
|
|
aws:
|
|
rootVolume:
|
|
size:
|
|
|The size in GiB of the root volume.
|
|
|
|
*Value:* Integer, for example `500`.
|
|
|
|
|compute:
|
|
platform:
|
|
aws:
|
|
rootVolume:
|
|
type:
|
|
|The type of the root volume.
|
|
|
|
*Value:* Valid link:https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html[AWS EBS volume type], such as `io1`.
|
|
|
|
|compute:
|
|
platform:
|
|
aws:
|
|
rootVolume:
|
|
throughput:
|
|
|The maximum throughput of the root volume. This throughput can be customized only for the gp3 volume type. The minimum value is 125 MiB/s and the maximum value is 2000 MiB/s.
|
|
|
|
*Value:* Integer, for example `1000`.
|
|
|
|
|compute:
|
|
platform:
|
|
aws:
|
|
rootVolume:
|
|
kmsKeyARN:
|
|
|The Amazon Resource Name (key ARN) of a KMS key. This is required to encrypt operating system volumes of worker nodes with a specific KMS key.
|
|
|
|
*Value:* Valid link:https://docs.aws.amazon.com/kms/latest/developerguide/find-cmk-id-arn.html[key ID or the key ARN].
|
|
|
|
|compute:
|
|
platform:
|
|
aws:
|
|
type:
|
|
|The EC2 instance type for the compute machines.
|
|
|
|
*Value:* Valid {aws-short} instance type, such as `m4.2xlarge`. See the "Tested instance types for AWS" table on the "Installing a cluster on AWS with customizations" page.
|
|
|
|
|compute:
|
|
platform:
|
|
aws:
|
|
zones:
|
|
|The availability zones where the installation program creates machines for the compute machine pool. If you provide your own VPC, you must provide a subnet in that availability zone.
|
|
|
|
*Value:* A list of valid AWS availability zones, such as `us-east-1c`, in a link:https://yaml.org/spec/1.2/spec.html#sequence//[YAML sequence].
|
|
|
|
|controlPlane:
|
|
platform:
|
|
aws:
|
|
amiID:
|
|
|The AWS AMI used to boot control plane machines for the cluster. This is required for regions that require a custom {op-system} AMI.
|
|
|
|
*Value:* Any published or custom {op-system} AMI that belongs to the set AWS region. See _{op-system} AMIs for AWS infrastructure_ for available AMI IDs.
|
|
|
|
|controlPlane:
|
|
platform:
|
|
aws:
|
|
iamProfile:
|
|
|The name of the IAM instance profile that you use for the machine. If you want the installation program to create the IAM instance profile for you, do not use the `iamProfile` parameter. You can specify either the `iamProfile` or `iamRole` parameter, but you cannot specify both.
|
|
|
|
*Value:* String
|
|
|
|
|controlPlane:
|
|
platform:
|
|
aws:
|
|
iamRole:
|
|
|The name of the IAM instance role that you use for the machine. When you specify an IAM role, the installation program creates an instance profile. If you want the installation program to create the IAM instance role for you, do not use the `iamRole` parameter. You can specify either the `iamRole` or `iamProfile` parameter, but you cannot specify both.
|
|
|
|
*Value:* String
|
|
|
|
|controlPlane:
|
|
platform:
|
|
aws:
|
|
rootVolume:
|
|
iops:
|
|
|The Input/Output Operations Per Second (IOPS) that is reserved for the root volume on control plane machines.
|
|
|
|
*Value:* Integer, for example `4000`.
|
|
|
|
|controlPlane:
|
|
platform:
|
|
aws:
|
|
rootVolume:
|
|
size:
|
|
|The size in GiB of the root volume for control plane machines.
|
|
|
|
*Value:* Integer, for example `500`.
|
|
|
|
|controlPlane:
|
|
platform:
|
|
aws:
|
|
rootVolume:
|
|
type:
|
|
|The type of the root volume for control plane machines.
|
|
|
|
*Value:* Valid link:https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html[AWS EBS volume type], such as `io1`.
|
|
|
|
|controlPlane:
|
|
platform:
|
|
aws:
|
|
rootVolume:
|
|
throughput:
|
|
|The maximum throughput of the root volume. This throughput can be customized only for the gp3 volume type. The minimum value is 125 MiB/s and the maximum value is 2000 MiB/s.
|
|
|
|
*Value:* Integer, for example `1000`.
|
|
|
|
|controlPlane:
|
|
platform:
|
|
aws:
|
|
rootVolume:
|
|
kmsKeyARN:
|
|
|The Amazon Resource Name (key ARN) of a KMS key. This is required to encrypt operating system volumes of control plane nodes with a specific KMS key.
|
|
|
|
*Value:* Valid link:https://docs.aws.amazon.com/kms/latest/developerguide/find-cmk-id-arn.html[key ID and the key ARN].
|
|
|
|
|controlPlane:
|
|
platform:
|
|
aws:
|
|
type:
|
|
|The EC2 instance type for the control plane machines.
|
|
|
|
*Value:* Valid {aws-short} instance type, such as `m6i.xlarge`. See the "Tested instance types for AWS" table on the "Installing a cluster on AWS with customizations" page.
|
|
|
|
|controlPlane:
|
|
platform:
|
|
aws:
|
|
zones:
|
|
|The availability zones where the installation program creates machines for the control plane machine pool.
|
|
|
|
*Value:* A list of valid AWS availability zones, such as `us-east-1c`, in a link:https://yaml.org/spec/1.2/spec.html#sequence//[YAML sequence].
|
|
|
|
|platform:
|
|
aws:
|
|
amiID:
|
|
|The AWS AMI used to boot all machines for the cluster. If set, the AMI must belong to the same region as the cluster. This is required for regions that require a custom {op-system} AMI.
|
|
|
|
*Value:* Any published or custom {op-system} AMI that belongs to the set AWS region. See _{op-system} AMIs for AWS infrastructure_ for available AMI IDs.
|
|
|
|
|platform:
|
|
aws:
|
|
hostedZone:
|
|
|An existing Route 53 private hosted zone for the cluster. You can only use a pre-existing hosted zone when also supplying your own VPC. The hosted zone must already be associated with the user-provided VPC before installation. Also, the domain of the hosted zone must be the cluster domain or a parent of the cluster domain. If undefined, the installation program creates a new hosted zone.
|
|
|
|
*Value:* String, for example `Z3URY6TWQ91KVV`.
|
|
|
|
|platform:
|
|
aws:
|
|
hostedZoneRole:
|
|
|An Amazon Resource Name (ARN) for an existing IAM role in the account containing the specified hosted zone. The installation program and cluster operators assume this role when performing operations on the hosted zone. Use this parameter only when you are installing a cluster into a shared VPC.
|
|
|
|
*Value:* String, for example `arn:aws:iam::1234567890:role/shared-vpc-role`.
|
|
|
|
|platform:
|
|
aws:
|
|
userProvisionedDNS:
|
|
|Enables user-provisioned DNS instead of the default cluster-provisioned DNS solution. If you use this feature, you must provide your own DNS solution that includes records for `api.<cluster_name>.<base_domain>.` and `*.apps.<cluster_name>.<base_domain>.`. `userProvisionedDNS` is a Technology Preview feature.
|
|
|
|
*Value:* `Enabled` or `Disabled`. The default value is `Disabled`.
|
|
|
|
|platform:
|
|
aws:
|
|
region:
|
|
|The AWS region that the installation program creates all cluster resources in.
|
|
|
|
*Value:* Any valid link:https://docs.aws.amazon.com/general/latest/gr/rande.html[AWS region], such as `us-east-1`. You can use the AWS CLI to access the regions available based on your selected instance type by running the following command:
|
|
|
|
[source,terminal]
|
|
----
|
|
$ aws ec2 describe-instance-type-offerings --filters Name=instance-type,Values=c7g.xlarge
|
|
----
|
|
|
|
ifndef::openshift-origin[]
|
|
[IMPORTANT]
|
|
====
|
|
When running on ARM based AWS instances, ensure that you enter a region where AWS Graviton processors are available. See link:https://aws.amazon.com/ec2/graviton/#Global_availability[Global availability] map in the AWS documentation. Currently, AWS Graviton3 processors are only available in some regions.
|
|
====
|
|
endif::openshift-origin[]
|
|
|
|
|platform:
|
|
aws:
|
|
serviceEndpoints:
|
|
- name:
|
|
url:
|
|
|The AWS service endpoint name and URL. Custom endpoints are only required for cases where alternative AWS endpoints, such as FIPS, must be used. Custom API endpoints can be specified for EC2, S3, IAM, Elastic Load Balancing, Tagging, Route 53, and STS AWS services.
|
|
|
|
*Value:* Valid link:https://docs.aws.amazon.com/general/latest/gr/rande.html[AWS service endpoint] name and valid link:https://docs.aws.amazon.com/general/latest/gr/rande.html[AWS service endpoint] URL.
|
|
|
|
|platform:
|
|
aws:
|
|
userTags:
|
|
|A map of keys and values that the installation program adds as tags to all resources that it creates.
|
|
|
|
*Value:* Any valid YAML map, such as key value pairs in the `<key>: <value>` format. For more information about AWS tags, see link:https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html[Tagging Your Amazon EC2 Resources] in the AWS documentation.
|
|
|
|
[NOTE]
|
|
====
|
|
You can add up to 25 user-defined tags during installation. The remaining 25 tags are reserved for {product-title}.
|
|
====
|
|
|
|
|platform:
|
|
aws:
|
|
propagateUserTags:
|
|
|A flag that directs in-cluster Operators to include the specified user tags in the tags of the AWS resources that the Operators create.
|
|
|
|
*Value:* Boolean values, for example `true` or `false`.
|
|
|
|
|platform:
|
|
aws:
|
|
publicIpv4Pool:
|
|
|The public IPv4 pool ID that is used to allocate Elastic IPs (EIPs) when `publish` is set to `External`. You must provision and advertise the pool in the same {aws-short} account and region of the cluster. You must ensure that you have 2n + 1 IPv4 addresses available in the pool where _n_ is the total number of {aws-short} zones used to deploy the Network Load Balancer (NLB) for API, NAT gateways, and bootstrap node. For more information about bring your own IP addresses (BYOIP) in {aws-short}, see link:https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-byoip.html#byoip-onboard[Onboard your BYOIP].
|
|
|
|
*Value:* A valid link:https://docs.aws.amazon.com/cli/latest/reference/ec2/describe-public-ipv4-pools.html[public IPv4 pool id]
|
|
|
|
[NOTE]
|
|
====
|
|
You can enable BYOIP only for customized installations that do not have any network restrictions.
|
|
====
|
|
|
|
|platform:
|
|
aws:
|
|
preserveBootstrapIgnition:
|
|
|Prevents the S3 bucket from being deleted after completion of bootstrapping.
|
|
|
|
*Value:* `true` or `false`. The default value is `false`, which results in the S3 bucket being deleted.
|
|
|
|
|platform:
|
|
aws:
|
|
vpc:
|
|
subnets:
|
|
|A list of subnets in an existing VPC to be used in place of automatically created subnets. You specify a subnet by providing the subnet ID and an optional list of roles that apply to that subnet. If you specify subnet IDs but do not specify roles for any subnet, the subnets' roles are decided automatically. If you do not specify any roles, you must ensure that any other subnets in your VPC have the `kubernetes.io/cluster/.*: .*` or `kubernetes.io/cluster/unmanaged: true` tags.
|
|
|
|
The subnets must be part of the same `machineNetwork[].cidr` ranges that you specify.
|
|
|
|
For a public cluster, specify a public and a private subnet for each availability zone.
|
|
|
|
For a private cluster, specify a private subnet for each availability zone.
|
|
|
|
For clusters that use AWS Local Zones, you must add AWS Local Zone subnets to this list to ensure edge machine pool creation.
|
|
|
|
*Value:* List of pairs of `id` and `roles` parameters.
|
|
|
|
|platform:
|
|
aws:
|
|
vpc:
|
|
subnets:
|
|
- id:
|
|
|The ID of an existing subnet to be used in place of a subnet created by the installation program.
|
|
|
|
*Value:* String. The subnet ID must be a unique ID containing only alphanumeric characters, beginning with "subnet-". The ID must be exactly 24 characters long.
|
|
|
|
|platform:
|
|
aws:
|
|
vpc:
|
|
subnets:
|
|
- id:
|
|
roles:
|
|
- type:
|
|
|One or more roles that apply to the subnet specified by `platform.aws.vpc.subnets.id`. If you specify a role for any subnet, each subnet must have at least one assigned role, and the `ClusterNode`, `IngressControllerLB`, `ControlPlaneExternalLB`, `BootstrapNode`, and `ControlPlaneInternalLB` roles must be assigned to at least one subnet. However, if the cluster scope is internal, then the `ControlPlaneExternalLB` role is not required.
|
|
|
|
You can only assign the `EdgeNode` role to subnets in {aws-short} Local Zones.
|
|
|
|
*Value:* List of one or more role types. Valid values include `ClusterNode`, `EdgeNode`, `BootstrapNode`, `IngressControllerLB`, `ControlPlaneExternalLB`, and `ControlPlaneInternalLB`.
|
|
|
|
|====
|
|
endif::aws[]
|
|
|
|
ifdef::osp[]
|
|
[id="installation-configuration-parameters-additional-osp_{context}"]
|
|
== Additional {rh-openstack-first} configuration parameters
|
|
|
|
Additional {rh-openstack} configuration parameters are described in the following table:
|
|
|
|
.Additional {rh-openstack} parameters
|
|
[cols=".^l,.^a",options="header"]
|
|
|====
|
|
|Parameter|Description
|
|
|
|
|compute:
|
|
platform:
|
|
openstack:
|
|
rootVolume:
|
|
size:
|
|
|For compute machines, the size in gigabytes of the root volume. If you do not set this value, machines use ephemeral storage.
|
|
|
|
*Value:* Integer, for example `30`.
|
|
|
|
|compute:
|
|
platform:
|
|
openstack:
|
|
rootVolume:
|
|
types:
|
|
|For compute machines, the root volume types.
|
|
|
|
*Value:* A list of strings, for example, {`performance-host1`, `performance-host2`, `performance-host3`}. ^[1]^
|
|
|
|
|compute:
|
|
platform:
|
|
openstack:
|
|
rootVolume:
|
|
type:
|
|
|For compute machines, the root volume's type. This property is deprecated and is replaced by `compute.platform.openstack.rootVolume.types`.
|
|
|
|
*Value:* String, for example, `performance`. ^[2]^
|
|
|
|
|compute:
|
|
platform:
|
|
openstack:
|
|
rootVolume:
|
|
zones:
|
|
|For compute machines, the Cinder availability zone to install root volumes on. If you do not set a value for this parameter, the installation program selects the default availability zone. This parameter is mandatory when `compute.platform.openstack.zones` is defined.
|
|
|
|
*Value:* A list of strings, for example `["zone-1", "zone-2"]`.
|
|
|
|
|controlPlane:
|
|
platform:
|
|
openstack:
|
|
rootVolume:
|
|
size:
|
|
|For control plane machines, the size in gigabytes of the root volume. If you do not set this value, machines use ephemeral storage.
|
|
|
|
*Value:* Integer, for example `30`.
|
|
|
|
|controlPlane:
|
|
platform:
|
|
openstack:
|
|
rootVolume:
|
|
types:
|
|
|For control plane machines, the root volume types.
|
|
|
|
*Value:* A list of strings, for example, {`performance-host1`, `performance-host2`, `performance-host3`}. ^[1]^
|
|
|
|
|controlPlane:
|
|
platform:
|
|
openstack:
|
|
rootVolume:
|
|
type:
|
|
|For control plane machines, the root volume's type. This property is deprecated and is replaced by `compute.platform.openstack.rootVolume.types`.
|
|
|
|
*Value:* String, for example, `performance`. ^[2]^
|
|
|
|
|controlPlane:
|
|
platform:
|
|
openstack:
|
|
rootVolume:
|
|
zones:
|
|
|For control plane machines, the Cinder availability zone to install root volumes on. If you do not set this value, the installation program selects the default availability zone. This parameter is mandatory when `controlPlane.platform.openstack.zones` is defined.
|
|
|
|
*Value:* A list of strings, for example `["zone-1", "zone-2"]`.
|
|
|
|
|platform:
|
|
openstack:
|
|
cloud:
|
|
|The name of the {rh-openstack} cloud to use from the list of clouds in the `clouds.yaml` file.
|
|
|
|
In the cloud configuration in the `clouds.yaml` file, if possible, use application credentials rather than a user name and password combination. Using application credentials avoids disruptions from secret propogation that follow user name and password rotation.
|
|
|
|
*Value:* String, for example `MyCloud`.
|
|
|
|
|platform:
|
|
openstack:
|
|
externalNetwork:
|
|
|The {rh-openstack} external network name to be used for installation.
|
|
|
|
*Value:* String, for example `external`.
|
|
|
|
|platform:
|
|
openstack:
|
|
computeFlavor:
|
|
|The {rh-openstack} flavor to use for control plane and compute machines.
|
|
|
|
This property is deprecated. To use a flavor as the default for all machine pools, add it as the value of the `type` key in the `platform.openstack.defaultMachinePlatform` property. You can also set a flavor value for each machine pool individually.
|
|
|
|
*Value:* String, for example `m1.xlarge`.
|
|
|====
|
|
|
|
. If the machine pool defines `zones`, the count of types can either be a single item or match the number of items in `zones`. For example, the count of types cannot be 2 if there are 3 items in `zones`.
|
|
|
|
. If you have any existing reference to this property, the installation program populates the corresponding value in the `controlPlane.platform.openstack.rootVolume.types` field.
|
|
|
|
|
|
[id="installation-configuration-parameters-optional-osp_{context}"]
|
|
== Optional {rh-openstack} configuration parameters
|
|
|
|
Optional {rh-openstack} configuration parameters are described in the following table:
|
|
|
|
.Optional {rh-openstack} parameters
|
|
[%header, cols=".^l,.^a"]
|
|
|====
|
|
|Parameter|Description
|
|
|
|
|compute:
|
|
platform:
|
|
openstack:
|
|
additionalNetworkIDs:
|
|
|Additional networks that are associated with compute machines. Allowed address pairs are not created for additional networks.
|
|
|
|
*Value:* A list of one or more UUIDs as strings. For example, `fa806b2f-ac49-4bce-b9db-124bc64209bf`.
|
|
|
|
|compute:
|
|
platform:
|
|
openstack:
|
|
additionalSecurityGroupIDs:
|
|
|Additional security groups that are associated with compute machines.
|
|
|
|
*Value:* A list of one or more UUIDs as strings. For example, `7ee219f3-d2e9-48a1-96c2-e7429f1b0da7`.
|
|
|
|
|compute:
|
|
platform:
|
|
openstack:
|
|
zones:
|
|
|{rh-openstack} Compute (Nova) availability zones (AZs) to install machines on. If this parameter is not set, the installation program relies on the default settings for Nova that the {rh-openstack} administrator configured.
|
|
|
|
*Value:* A list of strings. For example, `["zone-1", "zone-2"]`.
|
|
|
|
|compute:
|
|
platform:
|
|
openstack:
|
|
serverGroupPolicy:
|
|
|The server group policy to apply to the group that contains the compute machines in the pool. You cannot change server group policies or affiliations after creation. Supported options include `anti-affinity`, `soft-affinity`, and `soft-anti-affinity`. The default value is `soft-anti-affinity`.
|
|
|
|
An `affinity` policy prevents migrations and therefore affects {rh-openstack} upgrades. The `affinity` policy is not supported.
|
|
|
|
If you use a strict `anti-affinity` policy, an additional {rh-openstack} host is required during instance migration.
|
|
|
|
*Value:* A server group policy to apply to the machine pool. For example, `soft-affinity`.
|
|
|
|
|controlPlane:
|
|
platform:
|
|
openstack:
|
|
additionalNetworkIDs:
|
|
|Additional networks that are associated with control plane machines. Allowed address pairs are not created for additional networks.
|
|
|
|
Additional networks that are attached to a control plane machine are also attached to the bootstrap node.
|
|
|
|
*Value:* A list of one or more UUIDs as strings. For example, `fa806b2f-ac49-4bce-b9db-124bc64209bf`.
|
|
|
|
|controlPlane:
|
|
platform:
|
|
openstack:
|
|
additionalSecurityGroupIDs:
|
|
|Additional security groups that are associated with control plane machines.
|
|
|
|
*Value:* A list of one or more UUIDs as strings. For example, `7ee219f3-d2e9-48a1-96c2-e7429f1b0da7`.
|
|
|
|
|controlPlane:
|
|
platform:
|
|
openstack:
|
|
zones:
|
|
|{rh-openstack} Compute (Nova) availability zones (AZs) to install machines on. If this parameter is not set, the installation program relies on the default settings for Nova that the {rh-openstack} administrator configured.
|
|
|
|
*Value:* A list of strings. For example, `["zone-1", "zone-2"]`.
|
|
|
|
|controlPlane:
|
|
platform:
|
|
openstack:
|
|
serverGroupPolicy:
|
|
|Server group policy to apply to the group that contains the control plane machines in the pool. You cannot change server group policies or affiliations after creation. Supported options include `anti-affinity`, `soft-affinity`, and `soft-anti-affinity`. The default value is `soft-anti-affinity`.
|
|
|
|
An `affinity` policy prevents migrations, and therefore affects {rh-openstack} upgrades. The `affinity` policy is not supported.
|
|
|
|
If you use a strict `anti-affinity` policy, an additional {rh-openstack} host is required during instance migration.
|
|
|
|
*Value:* A server group policy to apply to the machine pool. For example, `soft-affinity`.
|
|
|
|
|platform:
|
|
openstack:
|
|
clusterOSImage:
|
|
|The location from which the installation program downloads the {op-system} image.
|
|
|
|
You must set this parameter to perform an installation in a restricted network.
|
|
|
|
*Value:* An HTTP or HTTPS URL, optionally with an SHA-256 checksum.
|
|
|
|
For example, `\http://mirror.example.com/images/rhcos-43.81.201912131630.0-openstack.x86_64.qcow2.gz?sha256=ffebbd68e8a1f2a245ca19522c16c86f67f9ac8e4e0c1f0a812b068b16f7265d`.
|
|
The value can also be the name of an existing Glance image, for example `my-rhcos`.
|
|
|
|
|platform:
|
|
openstack:
|
|
clusterOSImageProperties:
|
|
|Properties to add to the installation program-uploaded ClusterOSImage in Glance. This property is ignored if `platform.openstack.clusterOSImage` is set to an existing Glance image.
|
|
|
|
You can use this property to exceed the default persistent volume (PV) limit for {rh-openstack} of 26 PVs per node. To exceed the limit, set the `hw_scsi_model` property value to `virtio-scsi` and the `hw_disk_bus` value to `scsi`.
|
|
|
|
You can also use this property to enable the QEMU guest agent by including the `hw_qemu_guest_agent` property with a value of `yes`.
|
|
|
|
*Value:* A set of string properties. For example:
|
|
|
|
[source,yaml]
|
|
----
|
|
clusterOSImageProperties:
|
|
hw_scsi_model: "virtio-scsi"
|
|
hw_disk_bus: "scsi"
|
|
hw_qemu_guest_agent: "yes"
|
|
----
|
|
|
|
|platform:
|
|
openstack:
|
|
controlPlanePort:
|
|
fixedIPs:
|
|
|
|
|Subnets for the machines to use.
|
|
|
|
*Value:* A list of subnet names or UUIDs to use in cluster installation.
|
|
|
|
|
|
|platform:
|
|
openstack:
|
|
controlPlanePort:
|
|
network:
|
|
|A network for the machines to use.
|
|
|
|
*Value:* The UUID or name of an {rh-openstack} network to use in cluster installation.
|
|
|
|
|platform:
|
|
openstack:
|
|
defaultMachinePlatform:
|
|
|The default machine pool platform configuration.
|
|
|
|
*Value:*
|
|
[source,json]
|
|
----
|
|
{
|
|
"type": "ml.large",
|
|
"rootVolume": {
|
|
"size": 30,
|
|
"type": "performance"
|
|
}
|
|
}
|
|
----
|
|
|
|
|platform:
|
|
openstack:
|
|
ingressFloatingIP:
|
|
|An existing floating IP address to associate with the Ingress port. To use this property, you must also define the `platform.openstack.externalNetwork` property.
|
|
|
|
*Value:* An IP address, for example `128.0.0.1`.
|
|
|
|
|platform:
|
|
openstack:
|
|
apiFloatingIP:
|
|
|An existing floating IP address to associate with the API load balancer. To use this property, you must also define the `platform.openstack.externalNetwork` property.
|
|
|
|
*Value:* An IP address, for example `128.0.0.1`.
|
|
|
|
|platform:
|
|
openstack:
|
|
externalDNS:
|
|
|IP addresses for external DNS servers that cluster instances use for DNS resolution.
|
|
|
|
*Value:* A list of IP addresses as strings. For example, `["8.8.8.8", "192.168.1.12"]`.
|
|
|
|
|platform:
|
|
openstack:
|
|
loadbalancer:
|
|
|Whether or not to use the default, internal load balancer. If the value is set to `UserManaged`, this default load balancer is disabled so that you can deploy a cluster that uses an external, user-managed load balancer. If the parameter is not set, or if the value is `OpenShiftManagedDefault`, the cluster uses the default load balancer.
|
|
|
|
*Value:* `UserManaged` or `OpenShiftManagedDefault`.
|
|
|
|
|platform:
|
|
openstack:
|
|
machinesSubnet:
|
|
|The UUID of a {rh-openstack} subnet that the cluster's nodes use. Nodes and virtual IP (VIP) ports are created on this subnet.
|
|
|
|
The first item in `networking.machineNetwork` must match the value of `machinesSubnet`.
|
|
|
|
If you deploy to a custom subnet, you cannot specify an external DNS server to the {product-title} installer. Instead, link:https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/16.0/html/command_line_interface_reference/subnet[add DNS to the subnet in {rh-openstack}].
|
|
|
|
*Value:* A UUID as a string. For example, `fa806b2f-ac49-4bce-b9db-124bc64209bf`.
|
|
|====
|
|
endif::osp[]
|
|
|
|
ifdef::azure[]
|
|
[id="installation-configuration-parameters-additional-azure_{context}"]
|
|
== Additional Azure configuration parameters
|
|
|
|
Additional Azure configuration parameters are described in the following table.
|
|
|
|
[NOTE]
|
|
====
|
|
By default, if you specify availability zones in the `install-config.yaml` file, the installation program distributes the control plane machines and the compute machines across link:https://azure.microsoft.com/en-us/global-infrastructure/availability-zones/[these availability zones]
|
|
within link:https://azure.microsoft.com/en-us/global-infrastructure/regions[a region]. To ensure high availability for your cluster, select a region with at least three availability zones. If your region contains fewer than three availability zones, the installation program places more than one control plane machine in the available zones.
|
|
====
|
|
|
|
.Additional Azure parameters
|
|
[cols=".^l,.^a",options="header"]
|
|
|====
|
|
|Parameter|Description
|
|
|
|
|compute:
|
|
platform:
|
|
azure:
|
|
bootDiagnostics:
|
|
type:
|
|
|Enables boot diagnostics collection for compute machines. The `type` field specifies the {azure-short} boot diagnostics type for the created compute machines.
|
|
|
|
The following values are associated with the boot diagnostics type:
|
|
|
|
`UserManaged`:: When you set `type` to `UserManaged`, you must provide values for `resourceGroup` and `storageAccountName`. For `storageAccountName` and {product-title} cluster nodes, use the same region and subscription.
|
|
|
|
`Managed`:: When you set `type` to `Managed`, {azure-short} stores the boot diagnostics data blobs in a managed storage account.
|
|
|
|
`Disabled`:: When you set `type` to `Disabled`, you turn off the parameter.
|
|
|
|
*Value:* String, for example `Enabled`.
|
|
|
|
|compute:
|
|
platform:
|
|
azure:
|
|
bootDiagnostics:
|
|
resourceGroup:
|
|
|Specifies the name of the {azure-short} resource group that contains the diagnostic storage account for compute machines. Use `resourceGroup` only when you set `type` to `UserManaged`.
|
|
|
|
*Value:* String.
|
|
|
|
|compute:
|
|
platform:
|
|
azure:
|
|
bootDiagnostics:
|
|
storageAccountName:
|
|
|Specifies the {azure-short} storage account to store the diagnostic logs for compute machines. Use `storageAccountName` only when you set`type` to `UserManaged`.
|
|
|
|
*Value:* String.
|
|
|
|
|compute:
|
|
platform:
|
|
azure:
|
|
encryptionAtHost:
|
|
|Enables host-level encryption for compute machines. You can enable this encryption alongside user-managed server-side encryption. This feature encrypts temporary, ephemeral, cached and un-managed disks on the VM host. This is not a prerequisite for user-managed server-side encryption.
|
|
|
|
*Value:* `true` or `false`. The default is `false`.
|
|
|
|
|compute:
|
|
platform:
|
|
azure:
|
|
osDisk:
|
|
diskSizeGB:
|
|
|The Azure disk size for the VM.
|
|
|
|
*Value:* Integer that represents the size of the disk in GB. The default is `128`.
|
|
|
|
|compute:
|
|
platform:
|
|
azure:
|
|
osDisk:
|
|
diskType:
|
|
|Defines the type of disk.
|
|
|
|
*Value:* `standard_LRS`, `premium_LRS`, or `standardSSD_LRS`. The default is `premium_LRS`.
|
|
|
|
|compute:
|
|
platform:
|
|
azure:
|
|
ultraSSDCapability:
|
|
|Enables the use of Azure ultra disks for persistent storage on compute nodes. This requires that your Azure region and zone have ultra disks available.
|
|
|
|
*Value:* `Enabled`, `Disabled`. The default is `Disabled`.
|
|
|
|
|compute:
|
|
platform:
|
|
azure:
|
|
osDisk:
|
|
diskEncryptionSet:
|
|
resourceGroup:
|
|
|The name of the Azure resource group that contains the disk encryption set from the installation prerequisites. This resource group should be different from the resource group where you install the cluster to avoid deleting your Azure encryption key when the cluster is destroyed. This value is only necessary if you intend to install the cluster with user-managed disk encryption.
|
|
|
|
*Value:* String, for example `production_encryption_resource_group`.
|
|
|
|
|compute:
|
|
platform:
|
|
azure:
|
|
osDisk:
|
|
diskEncryptionSet:
|
|
name:
|
|
|The name of the disk encryption set that contains the encryption key from the installation prerequisites.
|
|
|
|
*Value:* String, for example `production_disk_encryption_set`.
|
|
|
|
|compute:
|
|
platform:
|
|
azure:
|
|
osDisk:
|
|
diskEncryptionSet:
|
|
subscriptionId:
|
|
|Defines the Azure subscription of the disk encryption set where the disk encryption set resides. This secondary disk encryption set is used to encrypt compute machines.
|
|
|
|
*Value:* String, in the format `00000000-0000-0000-0000-000000000000`.
|
|
|
|
|compute:
|
|
platform:
|
|
azure:
|
|
osImage:
|
|
publisher:
|
|
|Optional. By default, the installation program downloads and installs the {op-system-first} image that is used to boot compute machines. You can override the default behavior by using a custom {op-system} image that is available from the Azure Marketplace. The installation program uses this image for compute machines only.
|
|
|
|
*Value:* String. The name of the image publisher.
|
|
|
|
|compute:
|
|
platform:
|
|
azure:
|
|
osImage:
|
|
offer:
|
|
|The name of Azure Marketplace offer that is associated with the custom {op-system} image. If you use `compute.platform.azure.osImage.publisher`, this field is required.
|
|
|
|
*Value:* String. The name of the image offer.
|
|
|
|
|compute:
|
|
platform:
|
|
azure:
|
|
osImage:
|
|
sku:
|
|
|An instance of the Azure Marketplace offer. If you use `compute.platform.azure.osImage.publisher`, this field is required.
|
|
|
|
*Value:* String. The SKU of the image offer.
|
|
|
|
|compute:
|
|
platform:
|
|
azure:
|
|
osImage:
|
|
version:
|
|
|The version number of the image SKU. If you use `compute.platform.azure.osImage.publisher`, this field is required.
|
|
|
|
*Value:* String. The version of the image to use.
|
|
|
|
|compute:
|
|
platform:
|
|
azure:
|
|
identity:
|
|
type:
|
|
|The type of identity used for compute virtual machines.
|
|
The `UserAssigned` identity is a standalone Azure resource provided by the user and assigned to compute virtual machines.
|
|
If you specify `identity.type` as `UserAssigned`, but do not provide a user-assigned identity, the installation program creates the identity.
|
|
If you provide a user-assigned identity, the Azure account that you use to create the identity must have either the "User Access Administrator" or "RBAC Access Admin" roles.
|
|
|
|
*Value:* `UserAssigned` or `None`. If you do not specify a value, the installation program generates a user-assigned identity.
|
|
|
|
|compute:
|
|
platform:
|
|
azure:
|
|
identity:
|
|
userAssignedIdentities:
|
|
- name:
|
|
resourceGroup:
|
|
subscription:
|
|
|A group of parameters that specify the name of the user-assigned identity, and the resource group and subscription that contain the identity. All three values must be provided to specify a user-assigned identity.
|
|
Only one user-assigned identity can be supplied.
|
|
Supplying more than one user-assigned identity is an experimental feature, which may be enabled with the `MachineAPIMigration` feature gate.
|
|
|
|
*Value:* Array of strings.
|
|
|
|
|compute:
|
|
platform:
|
|
azure:
|
|
vmNetworkingType:
|
|
|Enables accelerated networking. Accelerated networking enables single root I/O virtualization (SR-IOV) to a VM, improving its networking performance. If instance type of compute machines support `Accelerated` networking, by default, the installation program enables `Accelerated` networking, otherwise the default networking type is `Basic`.
|
|
|
|
*Value:* `Accelerated` or `Basic`.
|
|
|
|
|compute:
|
|
platform:
|
|
azure:
|
|
type:
|
|
|Defines the Azure instance type for compute machines.
|
|
|
|
*Value:* String
|
|
|
|
|compute:
|
|
platform:
|
|
azure:
|
|
zones:
|
|
|The availability zones where the installation program creates compute machines.
|
|
|
|
*Value:* String list
|
|
|
|
|compute:
|
|
platform:
|
|
azure:
|
|
settings:
|
|
securityType:
|
|
|Enables confidential VMs or trusted launch for compute nodes. This option is not enabled by default.
|
|
|
|
*Value:* `ConfidentialVM` or `TrustedLaunch`.
|
|
|
|
|compute:
|
|
platform:
|
|
azure:
|
|
settings:
|
|
confidentialVM:
|
|
uefiSettings:
|
|
secureBoot:
|
|
|Enables secure boot on compute nodes if you are using confidential VMs.
|
|
|
|
*Value:* `Enabled` or `Disabled`. The default is `Disabled`.
|
|
|
|
|compute:
|
|
platform:
|
|
azure:
|
|
settings:
|
|
confidentialVM:
|
|
uefiSettings:
|
|
virtualizedTrustedPlatformModule:
|
|
|Enables the virtualized Trusted Platform Module (vTPM) feature on compute nodes if you are using confidential VMs.
|
|
|
|
*Value:* `Enabled` or `Disabled`. The default is `Disabled`.
|
|
|
|
|compute:
|
|
platform:
|
|
azure:
|
|
settings:
|
|
trustedLaunch:
|
|
uefiSettings:
|
|
secureBoot:
|
|
|Enables secure boot on compute nodes if you are using trusted launch.
|
|
|
|
*Value:* `Enabled` or `Disabled`. The default is `Disabled`.
|
|
|
|
|compute:
|
|
platform:
|
|
azure:
|
|
settings:
|
|
trustedLaunch:
|
|
uefiSettings:
|
|
virtualizedTrustedPlatformModule:
|
|
|Enables the vTPM feature on compute nodes if you are using trusted launch.
|
|
|
|
*Value:* `Enabled` or `Disabled`. The default is `Disabled`.
|
|
|
|
|compute:
|
|
platform:
|
|
azure:
|
|
osDisk:
|
|
securityProfile:
|
|
securityEncryptionType:
|
|
|Enables the encryption of the virtual machine guest state for compute nodes. This parameter can only be used if you use Confidential VMs.
|
|
|
|
*Value:* `VMGuestStateOnly` is the only supported value.
|
|
|
|
|controlPlane:
|
|
diskSetup:
|
|
|Specifies node component information for dedicated disk configuration.
|
|
|
|
*Value:* Array of objects. Each object includes the `type` and `etcd` parameters as described in the following rows of the table.
|
|
|
|
[IMPORTANT]
|
|
====
|
|
Dedicated disk for `etcd` on {azure-full} is a Technology Preview feature only. Technology Preview features are not supported with Red Hat production service level agreements (SLAs) and might not be functionally complete. Red Hat does not recommend using them in production. These features provide early access to upcoming product features, enabling customers to test functionality and provide feedback during the development process.
|
|
For more information about the support scope of Red Hat Technology Preview features, see link:https://access.redhat.com/support/offerings/techpreview/[Technology Preview Features Support Scope].
|
|
====
|
|
|
|
|controlPlane:
|
|
diskSetup:
|
|
- type:
|
|
|Specifies which node component type to assign a dedicated disk.
|
|
|
|
*Value:* `etcd` is the only supported value.
|
|
|
|
[IMPORTANT]
|
|
====
|
|
Dedicated disk for `etcd` on {azure-full} is a Technology Preview feature only. Technology Preview features are not supported with Red Hat production service level agreements (SLAs) and might not be functionally complete. Red Hat does not recommend using them in production. These features provide early access to upcoming product features, enabling customers to test functionality and provide feedback during the development process.
|
|
For more information about the support scope of Red Hat Technology Preview features, see link:https://access.redhat.com/support/offerings/techpreview/[Technology Preview Features Support Scope].
|
|
====
|
|
|
|
|controlPlane:
|
|
diskSetup:
|
|
- etcd:
|
|
|Specifies parameters for an `etcd` dedicated disk.
|
|
|
|
*Value*: The `platformDiskID` object is the only supported value.
|
|
|
|
[IMPORTANT]
|
|
====
|
|
Dedicated disk for `etcd` on {azure-full} is a Technology Preview feature only. Technology Preview features are not supported with Red Hat production service level agreements (SLAs) and might not be functionally complete. Red Hat does not recommend using them in production. These features provide early access to upcoming product features, enabling customers to test functionality and provide feedback during the development process.
|
|
For more information about the support scope of Red Hat Technology Preview features, see link:https://access.redhat.com/support/offerings/techpreview/[Technology Preview Features Support Scope].
|
|
====
|
|
|
|
|controlPlane:
|
|
diskSetup:
|
|
- etcd:
|
|
platformDiskID:
|
|
|Specifies a name to identify the dedicated disk.
|
|
|
|
*Value:* String. Must not exceed 12 characters.
|
|
|
|
[IMPORTANT]
|
|
====
|
|
Dedicated disk for `etcd` on {azure-full} is a Technology Preview feature only. Technology Preview features are not supported with Red Hat production service level agreements (SLAs) and might not be functionally complete. Red Hat does not recommend using them in production. These features provide early access to upcoming product features, enabling customers to test functionality and provide feedback during the development process.
|
|
For more information about the support scope of Red Hat Technology Preview features, see link:https://access.redhat.com/support/offerings/techpreview/[Technology Preview Features Support Scope].
|
|
====
|
|
|
|
|controlPlane:
|
|
platform:
|
|
azure:
|
|
identity:
|
|
type:
|
|
|The type of identity used for control plane virtual machines.
|
|
The `UserAssigned` identity is a standalone Azure resource provided by the user and assigned to control plane virtual machines.
|
|
If you specify `identity.type` as `UserAssigned`, but do not provide a user-assigned identity, the installation program creates the identity.
|
|
If you provide a user-assigned identity, the Azure account that you use to create the identity must have either the "User Access Administrator" or "RBAC Access Admin" roles.
|
|
|
|
*Value:* `UserAssigned` or `None`. If you do not specify a value, the installation program generates a user-assigned identity.
|
|
|
|
|controlPlane:
|
|
platform:
|
|
azure:
|
|
bootDiagnostics:
|
|
type:
|
|
|Enables boot diagnostics collection for control plane machines. The `type` field specifies the {azure-short} boot diagnostics type for the created control plane machines.
|
|
|
|
The following values are associated with the boot diagnostics type:
|
|
|
|
`UserManaged`:: When you set `type` to `UserManaged`, you must provide the values for `resourceGroup` and `storageAccountName`. For `storageAccountName` and {product-title} cluster nodes, ensure that you use the same region and subscription.
|
|
|
|
`Managed`:: When you set `type` to `Managed`, {azure-short} stores the boot diagnostics data blobs in a managed storage account.
|
|
|
|
`Disabled`:: When you set `type` to `Disabled`, you turn off the parameter.
|
|
|
|
*Value:* String. For control plane machines, the default value is `Managed`.
|
|
|
|
|controlPlane:
|
|
platform:
|
|
azure:
|
|
identity:
|
|
userAssignedIdentities:
|
|
- name:
|
|
resourceGroup:
|
|
subscription:
|
|
|A group of parameters that specify the name of the user-assigned identity, and the resource group and subscription that contain the identity. All three values must be provided to specify a user-assigned identity.
|
|
Only one user-assigned identity can be supplied.
|
|
Supplying more than one user-assigned identity is an experimental feature, which may be enabled with the `MachineAPIMigration` feature gate.
|
|
|
|
*Value:* Array of strings.
|
|
|
|
|controlPlane:
|
|
platform:
|
|
azure:
|
|
bootDiagnostics:
|
|
resourceGroup:
|
|
|Specifies the name of the {azure-short} resource group that contains the diagnostic storage account for control plane machines. Use `resourceGroup` only when you set `type` to `UserManaged`.
|
|
|
|
*Value:* String.
|
|
|
|
|controlPlane:
|
|
platform:
|
|
azure:
|
|
bootDiagnostics:
|
|
storageAccountName:
|
|
|Specifies the {azure-short} storage account to store the diagnostic logs for control plane machines. Use `storageAccountName` only when you set `type` to `UserManaged`.
|
|
|
|
*Value:* String.
|
|
|
|
|controlPlane:
|
|
platform:
|
|
azure:
|
|
dataDisks:
|
|
|Specifies dedicated disk parameters.
|
|
|
|
*Value:* Array of objects. Each object includes `nameSuffix`, `cachingType`, `diskSizeGB`, and `lun` as described in the following rows of the table.
|
|
|
|
[IMPORTANT]
|
|
====
|
|
Dedicated disk for `etcd` on {azure-full} is a Technology Preview feature only. Technology Preview features are not supported with Red Hat production service level agreements (SLAs) and might not be functionally complete. Red Hat does not recommend using them in production. These features provide early access to upcoming product features, enabling customers to test functionality and provide feedback during the development process.
|
|
For more information about the support scope of Red Hat Technology Preview features, see link:https://access.redhat.com/support/offerings/techpreview/[Technology Preview Features Support Scope].
|
|
====
|
|
|
|
|controlPlane:
|
|
platform:
|
|
azure:
|
|
dataDisks:
|
|
- nameSuffix:
|
|
|Specifies the same value you defined for `platformDiskID`.
|
|
|
|
*Value:* String.
|
|
|
|
[IMPORTANT]
|
|
====
|
|
Dedicated disk for `etcd` on {azure-full} is a Technology Preview feature only. Technology Preview features are not supported with Red Hat production service level agreements (SLAs) and might not be functionally complete. Red Hat does not recommend using them in production. These features provide early access to upcoming product features, enabling customers to test functionality and provide feedback during the development process.
|
|
For more information about the support scope of Red Hat Technology Preview features, see link:https://access.redhat.com/support/offerings/techpreview/[Technology Preview Features Support Scope].
|
|
====
|
|
|
|
|controlPlane:
|
|
platform:
|
|
azure:
|
|
dataDisks:
|
|
- cachingType:
|
|
|Specifies the caching requirements for the disk.
|
|
|
|
*Value:* `None` is the only value currently supported.
|
|
|
|
[IMPORTANT]
|
|
====
|
|
Dedicated disk for `etcd` on {azure-full} is a Technology Preview feature only. Technology Preview features are not supported with Red Hat production service level agreements (SLAs) and might not be functionally complete. Red Hat does not recommend using them in production. These features provide early access to upcoming product features, enabling customers to test functionality and provide feedback during the development process.
|
|
For more information about the support scope of Red Hat Technology Preview features, see link:https://access.redhat.com/support/offerings/techpreview/[Technology Preview Features Support Scope].
|
|
====
|
|
|
|
|controlPlane:
|
|
platform:
|
|
azure:
|
|
dataDisks:
|
|
- diskSizeGB:
|
|
|Specifies a dedicated disk size in GB.
|
|
|
|
*Value:* Integer greater than `0`.
|
|
|
|
[IMPORTANT]
|
|
====
|
|
Dedicated disk for `etcd` on {azure-full} is a Technology Preview feature only. Technology Preview features are not supported with Red Hat production service level agreements (SLAs) and might not be functionally complete. Red Hat does not recommend using them in production. These features provide early access to upcoming product features, enabling customers to test functionality and provide feedback during the development process.
|
|
For more information about the support scope of Red Hat Technology Preview features, see link:https://access.redhat.com/support/offerings/techpreview/[Technology Preview Features Support Scope].
|
|
====
|
|
|
|
|controlPlane:
|
|
platform:
|
|
azure:
|
|
dataDisks:
|
|
- lun:
|
|
|Specifies a logical unit number (LUN) for the dedicated disk.
|
|
|
|
*Value:* Integer from `0` through `63` that is not used by another disk.
|
|
|
|
[IMPORTANT]
|
|
====
|
|
Dedicated disk for `etcd` on {azure-full} is a Technology Preview feature only. Technology Preview features are not supported with Red Hat production service level agreements (SLAs) and might not be functionally complete. Red Hat does not recommend using them in production. These features provide early access to upcoming product features, enabling customers to test functionality and provide feedback during the development process.
|
|
For more information about the support scope of Red Hat Technology Preview features, see link:https://access.redhat.com/support/offerings/techpreview/[Technology Preview Features Support Scope].
|
|
====
|
|
|
|
|controlPlane:
|
|
platform:
|
|
azure:
|
|
settings:
|
|
securityType:
|
|
|Enables confidential VMs or trusted launch for control plane nodes. This option is not enabled by default.
|
|
|
|
*Value:* `ConfidentialVM` or `TrustedLaunch`.
|
|
|
|
|controlPlane:
|
|
platform:
|
|
azure:
|
|
settings:
|
|
confidentialVM:
|
|
uefiSettings:
|
|
secureBoot:
|
|
|Enables secure boot on control plane nodes if you are using confidential VMs.
|
|
|
|
*Value:* `Enabled` or `Disabled`. The default is `Disabled`.
|
|
|
|
|controlPlane:
|
|
platform:
|
|
azure:
|
|
settings:
|
|
confidentialVM:
|
|
uefiSettings:
|
|
virtualizedTrustedPlatformModule:
|
|
|Enables the vTPM feature on control plane nodes if you are using confidential VMs.
|
|
|
|
*Value:* `Enabled` or `Disabled`. The default is `Disabled`.
|
|
|
|
|controlPlane:
|
|
platform:
|
|
azure:
|
|
settings:
|
|
trustedLaunch:
|
|
uefiSettings:
|
|
secureBoot:
|
|
|Enables secure boot on control plane nodes if you are using trusted launch.
|
|
|
|
*Value:* `Enabled` or `Disabled`. The default is `Disabled`.
|
|
|
|
|controlPlane:
|
|
platform:
|
|
azure:
|
|
settings:
|
|
trustedLaunch:
|
|
uefiSettings:
|
|
virtualizedTrustedPlatformModule:
|
|
|Enables the vTPM feature on control plane nodes if you are using trusted launch.
|
|
|
|
*Value:* `Enabled` or `Disabled`. The default is `Disabled`.
|
|
|
|
|controlPlane:
|
|
platform:
|
|
azure:
|
|
osDisk:
|
|
securityProfile:
|
|
securityEncryptionType:
|
|
|Enables the encryption of the virtual machine guest state for control plane nodes. This parameter can only be used if you use Confidential VMs.
|
|
|
|
*Value:* `VMGuestStateOnly` is the only supported value.
|
|
|
|
|controlPlane:
|
|
platform:
|
|
azure:
|
|
type:
|
|
|Defines the Azure instance type for control plane machines.
|
|
|
|
*Value:* String
|
|
|
|
|controlPlane:
|
|
platform:
|
|
azure:
|
|
zones:
|
|
|The availability zones where the installation program creates control plane machines.
|
|
|
|
*Value:* String list
|
|
|
|
|platform:
|
|
azure:
|
|
defaultMachinePlatform:
|
|
bootDiagnostics:
|
|
type:
|
|
|Enables boot diagnostics collection for all machines. The `type` field specifies the {azure-short} boot diagnostics type for all the created machines.
|
|
|
|
The following values are associated with the boot diagnostics type:
|
|
|
|
`UserManaged`:: When you set `type` to `UserManaged`, you must provide the values for `resourceGroup` and `storageAccountName`. For `storageAccountName` and {product-title} cluster nodes, ensure that you use the same region and subscription.
|
|
|
|
`Managed`:: When you set `type` to `Managed`, {azure-short} stores the boot diagnostics data blobs in a managed storage account.
|
|
|
|
`Disabled`:: When you set `type` to `Disabled`, you turn off the parameter.
|
|
|
|
*Value:* String, for example `Enabled`.
|
|
|
|
|platform:
|
|
azure:
|
|
defaultMachinePlatform:
|
|
bootDiagnostics:
|
|
resourceGroup:
|
|
|Specifies the name of the {azure-short} resource group that contains the diagnostic storage account for all machines. Use `resourceGroup` only when you set `type` to `UserManaged`.
|
|
|
|
*Value:* String.
|
|
|
|
|platform:
|
|
azure:
|
|
defaultMachinePlatform:
|
|
bootDiagnostics:
|
|
storageAccountName:
|
|
|Specifies the {azure-short} storage account to store the diagnostic logs for all machines. Use `storageAccountName` only when you set `type` to `UserManaged`.
|
|
|
|
*Value:* String.
|
|
|
|
|platform:
|
|
azure:
|
|
defaultMachinePlatform:
|
|
settings:
|
|
securityType:
|
|
|Enables confidential VMs or trusted launch for all nodes. This option is not enabled by default.
|
|
|
|
*Value:* `ConfidentialVM` or `TrustedLaunch`.
|
|
|
|
|platform:
|
|
azure:
|
|
defaultMachinePlatform:
|
|
settings:
|
|
confidentialVM:
|
|
uefiSettings:
|
|
secureBoot:
|
|
|Enables secure boot on all nodes if you are using confidential VMs.
|
|
|
|
*Value:* `Enabled` or `Disabled`. The default is `Disabled`.
|
|
|
|
|platform:
|
|
azure:
|
|
defaultMachinePlatform:
|
|
settings:
|
|
confidentialVM:
|
|
uefiSettings:
|
|
virtualizedTrustedPlatformModule:
|
|
|Enables the virtualized Trusted Platform Module (vTPM) feature on all nodes if you are using confidential VMs.
|
|
|
|
*Value:* `Enabled` or `Disabled`. The default is `Disabled`.
|
|
|
|
|platform:
|
|
azure:
|
|
defaultMachinePlatform:
|
|
settings:
|
|
trustedLaunch:
|
|
uefiSettings:
|
|
secureBoot:
|
|
|Enables secure boot on all nodes if you are using trusted launch.
|
|
|
|
*Value:* `Enabled` or `Disabled`. The default is `Disabled`.
|
|
|
|
|platform:
|
|
azure:
|
|
defaultMachinePlatform:
|
|
settings:
|
|
trustedLaunch:
|
|
uefiSettings:
|
|
virtualizedTrustedPlatformModule:
|
|
|Enables the vTPM feature on all nodes if you are using trusted launch.
|
|
|
|
*Value:* `Enabled` or `Disabled`. The default is `Disabled`.
|
|
|
|
|platform:
|
|
azure:
|
|
defaultMachinePlatform:
|
|
identity:
|
|
type:
|
|
|The type of identity used for all virtual machines.
|
|
The `UserAssigned` identity is a standalone Azure resource provided by the user and assigned to all virtual machines.
|
|
If you specify `identity.type` as `UserAssigned`, but do not provide a user-assigned identity, the installation program creates the identity.
|
|
If you provide a user-assigned identity, the Azure account that you use to create the identity must have either the "User Access Administrator" or "RBAC Access Admin" roles.
|
|
|
|
*Value:* `UserAssigned` or `None`. If you do not specify a value, the installation program generates a user-assigned identity.
|
|
|
|
|platform:
|
|
azure:
|
|
defaultMachinePlatform:
|
|
identity:
|
|
userAssignedIdentities:
|
|
- name:
|
|
resourceGroup:
|
|
subscription:
|
|
|A group of parameters that specify the name of the user-assigned identity, and the resource group and subscription that contain the identity. All three values must be provided to specify a user-assigned identity.
|
|
Only one user-assigned identity can be supplied.
|
|
Supplying more than one user-assigned identity is an experimental feature, which may be enabled with the `MachineAPIMigration` feature gate.
|
|
|
|
*Value:* Array of strings.
|
|
|
|
|platform:
|
|
azure:
|
|
defaultMachinePlatform:
|
|
osDisk:
|
|
securityProfile:
|
|
securityEncryptionType:
|
|
|Enables the encryption of the virtual machine guest state for all nodes. This parameter can only be used if you use Confidential VMs.
|
|
|
|
*Value:* `VMGuestStateOnly` is the only supported value.
|
|
|
|
|platform:
|
|
azure:
|
|
defaultMachinePlatform:
|
|
encryptionAtHost:
|
|
|Enables host-level encryption for compute machines. You can enable this encryption alongside user-managed server-side encryption. This feature encrypts temporary, ephemeral, cached, and un-managed disks on the VM host. This parameter is not a prerequisite for user-managed server-side encryption.
|
|
|
|
*Value:* `true` or `false`. The default is `false`.
|
|
|
|
|platform:
|
|
azure:
|
|
defaultMachinePlatform:
|
|
osDisk:
|
|
diskEncryptionSet:
|
|
name:
|
|
|The name of the disk encryption set that contains the encryption key from the installation prerequisites.
|
|
|
|
*Value:* String, for example, `production_disk_encryption_set`.
|
|
|
|
|platform:
|
|
azure:
|
|
defaultMachinePlatform:
|
|
osDisk:
|
|
diskEncryptionSet:
|
|
resourceGroup:
|
|
|The name of the Azure resource group that contains the disk encryption set from the installation prerequisites. To avoid deleting your Azure encryption key when the cluster is destroyed, this resource group must be different from the resource group where you install the cluster. This value is necessary only if you intend to install the cluster with user-managed disk encryption.
|
|
|
|
*Value:* String, for example, `production_encryption_resource_group`.
|
|
|
|
|platform:
|
|
azure:
|
|
defaultMachinePlatform:
|
|
osDisk:
|
|
diskEncryptionSet:
|
|
subscriptionId:
|
|
|Defines the Azure subscription of the disk encryption set where the disk encryption set resides. This secondary disk encryption set is used to encrypt compute machines.
|
|
|
|
*Value:* String, in the format `00000000-0000-0000-0000-000000000000`.
|
|
|
|
|platform:
|
|
azure:
|
|
defaultMachinePlatform:
|
|
osDisk:
|
|
diskSizeGB:
|
|
|The Azure disk size for the VM.
|
|
|
|
*Value:* Integer that represents the size of the disk in GB. The default is `128`.
|
|
|
|
|platform:
|
|
azure:
|
|
defaultMachinePlatform:
|
|
osDisk:
|
|
diskType:
|
|
|Defines the type of disk.
|
|
|
|
*Value:* `premium_LRS` or `standardSSD_LRS`. The default is `premium_LRS`.
|
|
|
|
|platform:
|
|
azure:
|
|
defaultMachinePlatform:
|
|
osImage:
|
|
publisher:
|
|
|Optional. By default, the installation program downloads and installs the {op-system-first} image that is used to boot control plane and compute machines. You can override the default behavior by using a custom {op-system} image that is available from the Azure Marketplace. The installation program uses this image for both types of machines. Control plane machines do not contribute to licensing costs when using the default image. But, if you apply an Azure Marketplace image for a control plane machine, usage costs do apply.
|
|
|
|
*Value:* String. The name of the image publisher.
|
|
|
|
|platform:
|
|
azure:
|
|
defaultMachinePlatform:
|
|
osImage:
|
|
offer:
|
|
|The name of Azure Marketplace offer that is associated with the custom {op-system} image. If you use `platform.azure.defaultMachinePlatform.osImage.publisher`, this field is required.
|
|
|
|
*Value:* String. The name of the image offer.
|
|
|
|
|platform:
|
|
azure:
|
|
defaultMachinePlatform:
|
|
osImage:
|
|
sku:
|
|
|An instance of the Azure Marketplace offer. If you use `platform.azure.defaultMachinePlatform.osImage.publisher`, this field is required.
|
|
|
|
*Value:* String. The SKU of the image offer.
|
|
|
|
|platform:
|
|
azure:
|
|
defaultMachinePlatform:
|
|
osImage:
|
|
version:
|
|
|The version number of the image SKU. If you use `platform.azure.defaultMachinePlatform.osImage.publisher`, this field is required.
|
|
|
|
*Value:* String. The version of the image to use.
|
|
|
|
|platform:
|
|
azure:
|
|
defaultMachinePlatform:
|
|
type:
|
|
|The Azure instance type for control plane and compute machines.
|
|
|
|
*Value:* The Azure instance type.
|
|
|
|
|platform:
|
|
azure:
|
|
defaultMachinePlatform:
|
|
zones:
|
|
|The availability zones where the installation program creates compute and control plane machines.
|
|
|
|
*Value:* String list.
|
|
|
|
|controlPlane:
|
|
platform:
|
|
azure:
|
|
encryptionAtHost:
|
|
|Enables host-level encryption for control plane machines. You can enable this encryption alongside user-managed server-side encryption. This feature encrypts temporary, ephemeral, cached and un-managed disks on the VM host. This is not a prerequisite for user-managed server-side encryption.
|
|
|
|
*Value:* `true` or `false`. The default is `false`.
|
|
|
|
|controlPlane:
|
|
platform:
|
|
azure:
|
|
osDisk:
|
|
diskEncryptionSet:
|
|
resourceGroup:
|
|
|The name of the Azure resource group that contains the disk encryption set from the installation prerequisites. This resource group should be different from the resource group where you install the cluster to avoid deleting your Azure encryption key when the cluster is destroyed. This value is only necessary if you intend to install the cluster with user-managed disk encryption.
|
|
|
|
*Value:* String, for example `production_encryption_resource_group`.
|
|
|
|
|controlPlane:
|
|
platform:
|
|
azure:
|
|
osDisk:
|
|
diskEncryptionSet:
|
|
name:
|
|
|The name of the disk encryption set that contains the encryption key from the installation prerequisites.
|
|
|
|
*Value:* String, for example `production_disk_encryption_set`.
|
|
|
|
|controlPlane:
|
|
platform:
|
|
azure:
|
|
osDisk:
|
|
diskEncryptionSet:
|
|
subscriptionId:
|
|
|Defines the Azure subscription of the disk encryption set where the disk encryption set resides. This secondary disk encryption set is used to encrypt control plane machines.
|
|
|
|
*Value:* String, in the format `00000000-0000-0000-0000-000000000000`.
|
|
|
|
|controlPlane:
|
|
platform:
|
|
azure:
|
|
osDisk:
|
|
diskSizeGB:
|
|
|The Azure disk size for the VM.
|
|
|
|
*Value:* Integer that represents the size of the disk in GB. The default is `1024`.
|
|
|
|
|controlPlane:
|
|
platform:
|
|
azure:
|
|
osDisk:
|
|
diskType:
|
|
|Defines the type of disk.
|
|
|
|
*Value:* `premium_LRS` or `standardSSD_LRS`. The default is `premium_LRS`.
|
|
|
|
|controlPlane:
|
|
platform:
|
|
azure:
|
|
osImage:
|
|
publisher:
|
|
|Optional. By default, the installation program downloads and installs the {op-system-first} image that is used to boot control plane machines. You can override the default behavior by using a custom {op-system} image that is available from the Azure Marketplace. The installation program uses this image for control plane machines only. Control plane machines do not contribute to licensing costs when using the default image. But, if you apply an Azure Marketplace image for a control plane machine, usage costs do apply.
|
|
|
|
*Value:* String. The name of the image publisher.
|
|
|
|
|controlPlane:
|
|
platform:
|
|
azure:
|
|
osImage:
|
|
offer:
|
|
|The name of Azure Marketplace offer that is associated with the custom {op-system} image. If you use `controlPlane.platform.azure.osImage.publisher`, this field is required.
|
|
|
|
*Value:* String. The name of the image offer.
|
|
|
|
|controlPlane:
|
|
platform:
|
|
azure:
|
|
osImage:
|
|
sku:
|
|
|An instance of the Azure Marketplace offer. If you use `controlPlane.platform.azure.osImage.publisher`, this field is required.
|
|
|
|
*Value:* String. The SKU of the image offer.
|
|
|
|
|controlPlane:
|
|
platform:
|
|
azure:
|
|
osImage:
|
|
version:
|
|
|The version number of the image SKU. If you use `controlPlane.platform.azure.osImage.publisher`, this field is required.
|
|
|
|
*Value:* String. The version of the image to use.
|
|
|
|
|controlPlane:
|
|
platform:
|
|
azure:
|
|
ultraSSDCapability:
|
|
|Enables the use of Azure ultra disks for persistent storage on control plane machines. This requires that your Azure region and zone have ultra disks available.
|
|
|
|
*Value:* `Enabled`, `Disabled`. The default is `Disabled`.
|
|
|
|
|controlPlane:
|
|
platform:
|
|
azure:
|
|
vmNetworkingType:
|
|
|Enables accelerated networking. Accelerated networking enables single root I/O virtualization (SR-IOV) to a VM, improving its networking performance. If instance type of control plane machines support `Accelerated` networking, by default, the installation program enables `Accelerated` networking, otherwise the default networking type is `Basic`.
|
|
|
|
*Value:* `Accelerated` or `Basic`.
|
|
|
|
|platform:
|
|
azure:
|
|
baseDomainResourceGroupName:
|
|
|The name of the resource group that contains the DNS zone for your base domain.
|
|
|
|
*Value:* String, for example `production_cluster`.
|
|
|
|
|platform:
|
|
azure:
|
|
resourceGroupName:
|
|
| The name of an already existing resource group to install your cluster to. This resource group must be empty and only used for this specific cluster; the cluster components assume ownership of all resources in the resource group. If you limit the service principal scope of the installation program to this resource group, you must ensure all other resources used by the installation program in your environment have the necessary permissions, such as the public DNS zone and virtual network. Destroying the cluster by using the installation program deletes this resource group.
|
|
|
|
*Value:* String, for example `existing_resource_group`.
|
|
|
|
|platform:
|
|
azure:
|
|
outboundType:
|
|
|The outbound routing strategy used to connect your cluster to the internet. The following strategies are available:
|
|
|
|
`UserDefinedRouting`:: Specifies to the installation program that you will provide and configure your own networking infrastructure for outbound access. The outbound routing must be configured before installing a cluster. The installation program does not configure user-defined routing.
|
|
`LoadBalancer`:: Specifies that a single load balancer will be provisioned to provide outbound access for your cluster. This is the default value.
|
|
`NATGatewaySingleZone`:: Specifies that the installation program will create one NAT Gateway. If you provide your own subnets via the `platform.azure.subnets` parameter, the installation program will attach the NAT Gateway to the compute subnet you specify. If you do not provide your own subnets, the installation program will create a subnet for the control plane and a subnet for the compute plane, and attach the NAT Gateway to the compute subnet.
|
|
`NATGatewayMultiZone`:: Specifies that the installation program will create multiple NAT Gateways. If you provide your own subnets via the `platform.azure.subnets` parameter, the installation program creates a NAT Gateway for each subnet with the `node` role, assigns a zone to each NAT Gateway, and associates a NAT Gateway to each subnet. If you do not provide your own subnets, the installation program creates a compute subnet and NAT Gateway for each zone in the region, then attaches them to each other.
|
|
|
|
If you specify either the `NATGatewaySingleZone` or the `NATGatewayMultiZone` routing strategy, your account must have the `Microsoft.Network/natGateways/read` and `Microsoft.Network/natGateways/write` permissions. NAT Gateways can only be used for compute machines.
|
|
|
|
*Value:* `LoadBalancer`, `UserDefinedRouting`, `NATGatewaySingleZone`, or `NATGatewayMultiZone`. The default is `LoadBalancer`.
|
|
|
|
|platform:
|
|
azure:
|
|
region:
|
|
|The name of the Azure region that hosts your cluster.
|
|
|
|
*Value:* Any valid region name, such as `centralus`.
|
|
|
|
|platform:
|
|
azure:
|
|
subnets:
|
|
- name:
|
|
role:
|
|
|A list of one or more pairs of parameters which specify the name and role of a pre-existing subnet. The installation program will use the provided subnets for the specified roles. You can only specify one subnet with the `control-plane` role. If you specify pre-existing subnets, you must also set the `platform.azure.networkResourceGroupName` and `platform.azure.virtualNetwork` parameters. Pre-existing subnets that you provide must use the same region as you specified in the `platform.azure.region` parameter. If you use the `NATGatewaySingleZone` outbound routing strategy, you can only specify one subnet with the `node` role.
|
|
|
|
*Value:* `name` specifies the name of the subnet. Valid `role` values are `node` or `control-plane`.
|
|
|
|
|platform:
|
|
azure:
|
|
userProvisionedDNS:
|
|
|Enables user-provisioned DNS instead of the default cluster-provisioned DNS solution. If you use this feature, you must provide your own DNS solution that includes records for `api.<cluster_name>.<base_domain>.` and `*.apps.<cluster_name>.<base_domain>.`. The default value is `Disabled`. `userProvisionedDNS` is a Technology Preview feature.
|
|
|
|
*Value:* `Enabled` or `Disabled`. The default value is `Disabled`.
|
|
|
|
|platform:
|
|
azure:
|
|
zone:
|
|
|List of availability zones to place machines in. For high availability, specify
|
|
at least two zones.
|
|
|
|
*Value:* List of zones, for example `["1", "2", "3"]`.
|
|
|
|
|platform:
|
|
azure:
|
|
customerManagedKey:
|
|
keyVault:
|
|
name:
|
|
|Specifies the name of the key vault that contains the encryption key that is used to encrypt Azure storage.
|
|
|
|
*Value:* String.
|
|
|
|
|platform:
|
|
azure:
|
|
customerManagedKey:
|
|
keyVault:
|
|
keyName:
|
|
|Specifies the name of the user-managed encryption key that is used to encrypt Azure storage.
|
|
|
|
*Value:* String.
|
|
|
|
|platform:
|
|
azure:
|
|
customerManagedKey:
|
|
keyVault:
|
|
resourceGroup:
|
|
|Specifies the name of the resource group that contains the key vault and managed identity.
|
|
|
|
*Value:* String.
|
|
|
|
|platform:
|
|
azure:
|
|
customerManagedKey:
|
|
userAssignedIdentityKey:
|
|
|Specifies the name of the user-assigned managed identity that resides in the resource group with the key vault and has access to the user-managed key.
|
|
|
|
*Value:* String.
|
|
|
|
|platform:
|
|
azure:
|
|
defaultMachinePlatform:
|
|
ultraSSDCapability:
|
|
|Enables the use of Azure ultra disks for persistent storage on control plane and compute machines. This requires that your Azure region and zone have ultra disks available.
|
|
|
|
*Value:* `Enabled`, `Disabled`. The default is `Disabled`.
|
|
|
|
|platform:
|
|
azure:
|
|
networkResourceGroupName:
|
|
|The name of the resource group that contains the existing VNet that you want to deploy your cluster to. This name cannot be the same as the `platform.azure.baseDomainResourceGroupName`.
|
|
|
|
*Value:* String.
|
|
|
|
|platform:
|
|
azure:
|
|
virtualNetwork:
|
|
|The name of the existing VNet that you want to deploy your cluster to.
|
|
|
|
*Value:* String.
|
|
|
|
|platform:
|
|
azure:
|
|
controlPlaneSubnet:
|
|
|The name of the existing subnet in your VNet that you want to deploy your control plane machines to.
|
|
|
|
*Value:* Valid CIDR, for example `10.0.0.0/16`.
|
|
|
|
|platform:
|
|
azure:
|
|
computeSubnet:
|
|
|The name of the existing subnet in your VNet that you want to deploy your compute machines to.
|
|
|
|
*Value:* Valid CIDR, for example `10.0.0.0/16`.
|
|
|
|
|platform:
|
|
azure:
|
|
cloudName:
|
|
|The name of the Azure cloud environment that is used to configure the Azure SDK with the appropriate Azure API endpoints. If empty, the default value `AzurePublicCloud` is used.
|
|
|
|
*Value:* Any valid cloud environment, such as `AzurePublicCloud` or `AzureUSGovernmentCloud`.
|
|
|
|
|platform:
|
|
azure:
|
|
defaultMachinePlatform:
|
|
vmNetworkingType:
|
|
|Enables accelerated networking. Accelerated networking enables single root I/O virtualization (SR-IOV) to a VM, improving its networking performance.
|
|
|
|
*Value:* `Accelerated` or `Basic`. If instance type of control plane and compute machines support `Accelerated` networking, by default, the installation program enables `Accelerated` networking, otherwise the default networking type is `Basic`.
|
|
|
|
|operatorPublishingStrategy:
|
|
apiserver:
|
|
|Determines whether the load balancers that service the API are public or private. Set this parameter to `Internal` to prevent the API server from being accessible outside of your VNet. Set this parameter to `External` to make the API server accessible outside of your VNet. If you set this parameter, you must set the `publish` parameter to `Mixed`.
|
|
|
|
*Value:* `External` or `Internal`. The default value is `External`.
|
|
|
|
|operatorPublishingStrategy:
|
|
ingress:
|
|
|Determines whether the DNS resources that the cluster creates for ingress traffic are publicly visible. Set this parameter to `Internal` to prevent the ingress VIP from being publicly accessible. Set this parameter to `External` to make the ingress VIP publicly accessible. If you set this parameter, you must set the `publish` parameter to `Mixed`.
|
|
|
|
*Value:* `External` or `Internal`. The default value is `External`.
|
|
|
|
|====
|
|
|
|
[NOTE]
|
|
====
|
|
You cannot customize
|
|
link:https://azure.microsoft.com/en-us/global-infrastructure/availability-zones/[Azure Availability Zones]
|
|
or
|
|
link:https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-using-tags[Use tags to organize your Azure resources]
|
|
with an Azure cluster.
|
|
====
|
|
endif::azure[]
|
|
|
|
ifdef::agent[]
|
|
[id="installation-configuration-parameters-additional-bare_{context}"]
|
|
== Additional bare metal configuration parameters for the Agent-based Installer
|
|
|
|
Additional bare metal installation configuration parameters for the Agent-based Installer are described in the following table:
|
|
|
|
[NOTE]
|
|
====
|
|
These fields are not used during the initial provisioning of the cluster, but they are available to use once the cluster has been installed.
|
|
Configuring these fields at install time eliminates the need to set them as a Day 2 operation.
|
|
====
|
|
|
|
.Additional bare metal parameters
|
|
[cols=".^l,.^a",options="header"]
|
|
|====
|
|
|Parameter|Description
|
|
|
|
|platform:
|
|
baremetal:
|
|
clusterProvisioningIP:
|
|
|The IP address within the cluster where the provisioning services run.
|
|
Defaults to the third IP address of the provisioning subnet.
|
|
For example, `172.22.0.3` or `2620:52:0:1307::3`.
|
|
|
|
*Value:* IPv4 or IPv6 address.
|
|
|
|
|platform:
|
|
baremetal:
|
|
provisioningNetwork:
|
|
|The `provisioningNetwork` configuration setting determines whether the cluster uses the provisioning network.
|
|
If it does, the configuration setting also determines if the cluster manages the network.
|
|
|
|
`Managed`: Default. Set this parameter to `Managed` to fully manage the provisioning network, including DHCP, TFTP, and so on.
|
|
|
|
`Disabled`: Set this parameter to `Disabled` to disable the requirement for a provisioning network.
|
|
When set to `Disabled`, you can use only virtual media based provisioning on Day 2.
|
|
If `Disabled` and using power management, BMCs must be accessible from the bare-metal network.
|
|
If Disabled, you must provide two IP addresses on the bare-metal network that are used for the provisioning services.
|
|
|
|
*Value:* `Managed` or `Disabled`.
|
|
|
|
|platform:
|
|
baremetal:
|
|
provisioningMACAddress:
|
|
|The MAC address within the cluster where provisioning services run.
|
|
|
|
*Value:* MAC address.
|
|
|
|
|platform:
|
|
baremetal:
|
|
provisioningNetworkCIDR:
|
|
|The CIDR for the network to use for provisioning.
|
|
This option is required when not using the default address range on the provisioning network.
|
|
|
|
*Value:* Valid CIDR, for example `10.0.0.0/16`.
|
|
|
|
|platform:
|
|
baremetal:
|
|
provisioningNetworkInterface:
|
|
|The name of the network interface on nodes connected to the provisioning network.
|
|
Use the `bootMACAddress` configuration setting to enable Ironic to identify the IP address of the NIC instead of using the `provisioningNetworkInterface` configuration setting to identify the name of the NIC.
|
|
|
|
*Value:* String.
|
|
|
|
|platform:
|
|
baremetal:
|
|
provisioningDHCPRange:
|
|
|Defines the IP range for nodes on the provisioning network, for example `172.22.0.10,172.22.0.254`.
|
|
|
|
*Value:* IP address range.
|
|
|
|
|platform:
|
|
baremetal:
|
|
hosts:
|
|
|Configuration for bare metal hosts.
|
|
|
|
*Value:* Array of host configuration objects.
|
|
|
|
|platform:
|
|
baremetal:
|
|
hosts:
|
|
name:
|
|
|The name of the host.
|
|
|
|
*Value:* String.
|
|
|
|
|platform:
|
|
baremetal:
|
|
hosts:
|
|
bootMACAddress:
|
|
|The MAC address of the NIC used for provisioning the host.
|
|
|
|
*Value:* MAC address.
|
|
|
|
|platform:
|
|
baremetal:
|
|
hosts:
|
|
bmc:
|
|
|Configuration for the host to connect to the baseboard management controller (BMC).
|
|
|
|
*Value:* Dictionary of BMC configuration objects.
|
|
|
|
|platform:
|
|
baremetal:
|
|
hosts:
|
|
bmc:
|
|
username:
|
|
|The username for the BMC.
|
|
|
|
*Value:* String.
|
|
|
|
|platform:
|
|
baremetal:
|
|
hosts:
|
|
bmc:
|
|
password:
|
|
|Password for the BMC.
|
|
|
|
*Value:* String.
|
|
|
|
|platform:
|
|
baremetal:
|
|
hosts:
|
|
bmc:
|
|
address:
|
|
|The URL for communicating with the host's BMC controller.
|
|
The address configuration setting specifies the protocol.
|
|
For example, `redfish+http://10.10.10.1:8000/redfish/v1/Systems/1234` enables Redfish.
|
|
For more information, see "BMC addressing" in the "Deploying installer-provisioned clusters on bare metal" section.
|
|
|
|
*Value:* URL.
|
|
|
|
|platform:
|
|
baremetal:
|
|
hosts:
|
|
bmc:
|
|
disableCertificateVerification:
|
|
|`redfish` and `redfish-virtualmedia` need this parameter to manage BMC addresses.
|
|
The value should be `True` when using a self-signed certificate for BMC addresses.
|
|
|
|
*Value:* Boolean.
|
|
|
|
|====
|
|
endif::agent[]
|
|
|
|
|
|
ifdef::gcp[]
|
|
[id="installation-configuration-parameters-additional-gcp_{context}"]
|
|
== Additional {gcp-first} configuration parameters
|
|
|
|
Additional {gcp-short} configuration parameters are described in the following table:
|
|
|
|
.Additional {gcp-short} parameters
|
|
[cols=".^l,.^a",options="header"]
|
|
|====
|
|
|Parameter|Description
|
|
|
|
|controlPlane:
|
|
platform:
|
|
gcp:
|
|
osImage:
|
|
project:
|
|
|Optional. By default, the installation program downloads and installs the {op-system-first} image that is used to boot control plane machines. You can override the default behavior by specifying the location of a custom {op-system} image that the installation program is to use for control plane machines only. Control plane machines do not contribute to licensing costs when using the default image. But, if you apply a {gcp-short} Marketplace image for a control plane machine, usage costs do apply.
|
|
|
|
*Value:* String. The name of {gcp-short} project where the image is located.
|
|
|
|
|controlPlane:
|
|
platform:
|
|
gcp:
|
|
osImage:
|
|
name:
|
|
|The name of the custom {op-system} image that the installation program is to use to boot control plane machines. If you use `controlPlane.platform.gcp.osImage.project`, this field is required.
|
|
|
|
*Value:* String. The name of the {op-system} image.
|
|
|
|
|compute:
|
|
platform:
|
|
gcp:
|
|
osImage:
|
|
project:
|
|
|Optional. By default, the installation program downloads and installs the {op-system} image that is used to boot compute machines. You can override the default behavior by specifying the location of a custom {op-system} image that the installation program is to use for compute machines only.
|
|
|
|
*Value:* String. The name of {gcp-short} project where the image is located.
|
|
|
|
|compute:
|
|
platform:
|
|
gcp:
|
|
osImage:
|
|
name:
|
|
|The name of the custom {op-system} image that the installation program is to use to boot compute machines. If you use `compute.platform.gcp.osImage.project`, this field is required.
|
|
|
|
*Value:* String. The name of the {op-system} image.
|
|
|
|
|compute:
|
|
platform:
|
|
gcp:
|
|
serviceAccount:
|
|
|Specifies the email address of a {gcp-short} service account to be used during installations. This service account is used to provision compute machines.
|
|
|
|
*Value:* String. The email address of the service account.
|
|
|
|
|platform:
|
|
gcp:
|
|
firewallRulesManagement:
|
|
|Specifies the firewall management policy for the cluster. `Managed` indicates that the firewall rules will be created and destroyed by the cluster. `Unmanaged` indicates that the user should create and destroy the firewall rules. For shared VPC installation, if the credential you provided the installation program doesn't have firewall rules management permissions, the `firewallRulesManagement` parameter can be absent or set to `Unmanaged`. For non-shared VPC installation, if the credential you provided the installation program doesn't have firewall rules management permissions, the `firewallRulesManagement` parameter must be set to `Unmanaged`. If you manage your own firewall rules, you must pre-configure the VPC network and the firewall rules before the installation.
|
|
|
|
*Value:* String. `Managed` or `Unmanaged`. The default value is `Managed`.
|
|
|
|
|platform:
|
|
gcp:
|
|
network:
|
|
|The name of the existing Virtual Private Cloud (VPC) where you want to deploy your cluster. If you want to deploy your cluster into a shared VPC, you must set `platform.gcp.networkProjectID` with the name of the {gcp-short} project that contains the shared VPC.
|
|
|
|
*Value:* String.
|
|
|
|
|platform:
|
|
gcp:
|
|
networkProjectID:
|
|
|Optional. The name of the {gcp-short} project that contains the shared VPC where you want to deploy your cluster.
|
|
|
|
*Value:* String.
|
|
|
|
|platform:
|
|
gcp:
|
|
projectID:
|
|
|The name of the {gcp-short} project where the installation program installs the cluster.
|
|
|
|
*Value:* String.
|
|
|
|
|platform:
|
|
gcp:
|
|
dns:
|
|
privateZone:
|
|
name:
|
|
|The name of the private DNS zone. This parameter is only used during shared VPC installations. You can use a private DNS zone in a service project that is distinct from the projects specified by the `projectID` or `networkProjectID` parameters.
|
|
|
|
*Value:* String.
|
|
|
|
|platform:
|
|
gcp:
|
|
dns:
|
|
privateZone:
|
|
projectID:
|
|
|The ID of the project that contains the private zone from the `privateZone.name` parameter.
|
|
|
|
*Value:* String.
|
|
|
|
|platform:
|
|
gcp:
|
|
userProvisionedDNS:
|
|
|Enables user-provisioned DNS instead of the default cluster-provisioned DNS solution. If you use this feature, you must provide your own DNS solution that includes records for `api.<cluster_name>.<base_domain>.` and `*.apps.<cluster_name>.<base_domain>.`.
|
|
|
|
*Value:* `Enabled` or `Disabled`. The default value is `Disabled`.
|
|
|
|
|platform:
|
|
gcp:
|
|
region:
|
|
|The name of the {gcp-short} region that hosts your cluster.
|
|
|
|
*Value:* Any valid region name, such as `us-central1`.
|
|
|
|
|platform:
|
|
gcp:
|
|
controlPlaneSubnet:
|
|
|The name of the existing subnet where you want to deploy your control plane machines.
|
|
|
|
*Value:* The subnet name.
|
|
|
|
|platform:
|
|
gcp:
|
|
computeSubnet:
|
|
|The name of the existing subnet where you want to deploy your compute machines.
|
|
|
|
*Value:* The subnet name.
|
|
|
|
|platform:
|
|
gcp:
|
|
defaultMachinePlatform:
|
|
zones:
|
|
|The availability zones where the installation program creates machines.
|
|
|
|
*Value:* A list of valid link:https://cloud.google.com/compute/docs/regions-zones#available[{gcp-short} availability zones], such as `us-central1-a`, in a
|
|
link:https://yaml.org/spec/1.2/spec.html#sequence//[YAML sequence].
|
|
[IMPORTANT]
|
|
====
|
|
When running your cluster on {gcp-short} 64-bit ARM infrastructures, ensure that you use a zone where Ampere Altra Arm CPU's are available. You can find which zones are compatible with 64-bit ARM processors in the "{gcp-short} availability zones" link.
|
|
====
|
|
|
|
|platform:
|
|
gcp:
|
|
defaultMachinePlatform:
|
|
osDisk:
|
|
diskSizeGB:
|
|
|The size of the disk in gigabytes (GB).
|
|
|
|
*Value:* Any size between 16 GB and 65536 GB.
|
|
|
|
|platform:
|
|
gcp:
|
|
defaultMachinePlatform:
|
|
osDisk:
|
|
diskType:
|
|
|The link:https://cloud.google.com/compute/docs/disks#disk-types[{gcp-short} disk type].
|
|
|
|
*Value:* The default disk type for all machines. Valid values are `pd-balanced`, `pd-ssd`, `pd-standard`, or `hyperdisk-balanced`. The default value is `pd-ssd`. Control plane machines cannot use the `pd-standard` disk type, so if you specify `pd-standard` as the default machine platform disk type, you must specify a different disk type using the `controlPlane.platform.gcp.osDisk.diskType` parameter.
|
|
|
|
|platform:
|
|
gcp:
|
|
defaultMachinePlatform:
|
|
osImage:
|
|
project:
|
|
|Optional. By default, the installation program downloads and installs the {op-system} image that is used to boot control plane and compute machines. You can override the default behavior by specifying the location of a custom {op-system} image that the installation program is to use for both types of machines.
|
|
|
|
*Value:* String. The name of {gcp-short} project where the image is located.
|
|
|
|
|platform:
|
|
gcp:
|
|
defaultMachinePlatform:
|
|
osImage:
|
|
name:
|
|
|The name of the custom {op-system} image that the installation program is to use to boot control plane and compute machines. If you use `platform.gcp.defaultMachinePlatform.osImage.project`, this field is required.
|
|
|
|
*Value:* String. The name of the RHCOS image.
|
|
|
|
|platform:
|
|
gcp:
|
|
defaultMachinePlatform:
|
|
tags:
|
|
|Optional. Additional network tags to add to the control plane and compute machines.
|
|
|
|
*Value:* One or more strings, for example `network-tag1`.
|
|
|
|
|platform:
|
|
gcp:
|
|
defaultMachinePlatform:
|
|
type:
|
|
|The link:https://cloud.google.com/compute/docs/machine-types[{gcp-short} machine type] for control plane and compute machines.
|
|
|
|
*Value:* The {gcp-short} machine type, for example `n1-standard-4`.
|
|
|
|
|platform:
|
|
gcp:
|
|
defaultMachinePlatform:
|
|
osDisk:
|
|
encryptionKey:
|
|
kmsKey:
|
|
name:
|
|
|The name of the customer managed encryption key to be used for machine disk encryption.
|
|
|
|
*Value:* The encryption key name.
|
|
|
|
|platform:
|
|
gcp:
|
|
defaultMachinePlatform:
|
|
osDisk:
|
|
encryptionKey:
|
|
kmsKey:
|
|
keyRing:
|
|
|The name of the Key Management Service (KMS) key ring to which the KMS key belongs.
|
|
|
|
*Value:* The KMS key ring name.
|
|
|
|
|platform:
|
|
gcp:
|
|
defaultMachinePlatform:
|
|
osDisk:
|
|
encryptionKey:
|
|
kmsKey:
|
|
location:
|
|
|The link:https://cloud.google.com/kms/docs/locations[{gcp-short} location] in which the KMS key ring exists.
|
|
|
|
*Value:* The {gcp-short} location.
|
|
|
|
|platform:
|
|
gcp:
|
|
defaultMachinePlatform:
|
|
osDisk:
|
|
encryptionKey:
|
|
kmsKey:
|
|
projectID:
|
|
|The ID of the project in which the KMS key ring exists. This value defaults to the value of the `platform.gcp.projectID` parameter if it is not set.
|
|
|
|
*Value:* The {gcp-short} project ID.
|
|
|
|
|platform:
|
|
gcp:
|
|
defaultMachinePlatform:
|
|
osDisk:
|
|
encryptionKey:
|
|
kmsKeyServiceAccount:
|
|
|The {gcp-short} service account used for the encryption request for control plane and compute machines. If absent, the Compute Engine default service account is used. For more information about {gcp-short} service accounts, see Google's documentation on link:https://cloud.google.com/compute/docs/access/service-accounts#compute_engine_service_account[service accounts].
|
|
|
|
*Value:* The {gcp-short} service account email, for example `<service_account_name>@<project_id>.iam.gserviceaccount.com`.
|
|
|
|
|platform:
|
|
gcp:
|
|
defaultMachinePlatform:
|
|
secureBoot:
|
|
|Whether to enable Shielded VM secure boot for all machines in the cluster. Shielded VMs have additional security protocols such as secure boot, firmware and integrity monitoring, and rootkit protection. For more information on Shielded VMs, see Google's documentation on link:https://cloud.google.com/shielded-vm[Shielded VMs].
|
|
|
|
*Value:* `Enabled` or `Disabled`. The default value is `Disabled`.
|
|
|
|
|platform:
|
|
gcp:
|
|
defaultMachinePlatform:
|
|
confidentialCompute:
|
|
|Whether to use Confidential VMs for all machines in the cluster. Confidential VMs provide encryption for data during processing. For more information on Confidential computing, see Google's documentation about link:https://cloud.google.com/confidential-computing[Confidential Computing].
|
|
|
|
Supported values are:
|
|
|
|
* `Enabled`, which automatically selects a Confidential Computing platform
|
|
+
|
|
[IMPORTANT]
|
|
====
|
|
The `Enabled` value selects Confidential Computing with AMD Secure Encrypted Virtualization (AMD SEV), which is deprecated.
|
|
====
|
|
* `Disabled`, which disables Confidential Computing
|
|
* `AMDEncryptedVirtualizationNestedPaging`, which enables Confidential Computing with AMD Secure Encrypted Virtualization Secure Nested Paging (AMD SEV-SNP)
|
|
* `AMDEncryptedVirtualization`, which enables Confidential Computing with AMD Secure Encrypted Virtualization (AMD SEV)
|
|
+
|
|
[IMPORTANT]
|
|
====
|
|
The use of Confidential Computing with AMD Secure Encrypted Virtualization (AMD SEV) has been deprecated and will be removed in a future release.
|
|
====
|
|
* `IntelTrustedDomainExtensions`, which enables Confidential Computing with Intel Trusted Domain Extensions (Intel TDX)
|
|
|
|
If you specify any value other than `Disabled`, you must set `platform.gcp.defaultMachinePlatform.onHostMaintenance` to `Terminate`, and you must specify a region and machine type that support Confidential Computing. For more information, see Google's documentation about link:https://cloud.google.com/confidential-computing/confidential-vm/docs/supported-configurations#machine-type-cpu-zone[Supported configurations].
|
|
|
|
*Value:* String.
|
|
|
|
|platform:
|
|
gcp:
|
|
defaultMachinePlatform:
|
|
onHostMaintenance:
|
|
|Specifies the behavior of all VMs during a host maintenance event, such as a software or hardware update. For Confidential VMs, this parameter must be set to `Terminate`. Confidential VMs do not support live VM migration.
|
|
|
|
*Value:* `Terminate` or `Migrate`. The default value is `Migrate`.
|
|
|
|
|controlPlane:
|
|
platform:
|
|
gcp:
|
|
osDisk:
|
|
encryptionKey:
|
|
kmsKey:
|
|
name:
|
|
|The name of the customer managed encryption key to be used for control plane machine disk encryption.
|
|
|
|
*Value:* The encryption key name.
|
|
|
|
|controlPlane:
|
|
platform:
|
|
gcp:
|
|
osDisk:
|
|
encryptionKey:
|
|
kmsKey:
|
|
keyRing:
|
|
|For control plane machines, the name of the KMS key ring to which the KMS key belongs.
|
|
|
|
*Value:* The KMS key ring name.
|
|
|
|
|controlPlane:
|
|
platform:
|
|
gcp:
|
|
osDisk:
|
|
encryptionKey:
|
|
kmsKey:
|
|
location:
|
|
|For control plane machines, the {gcp-short} location in which the key ring exists. For more information about KMS locations, see Google's documentation on link:https://cloud.google.com/kms/docs/locations[Cloud KMS locations].
|
|
|
|
*Value:* The {gcp-short} location for the key ring.
|
|
|
|
|controlPlane:
|
|
platform:
|
|
gcp:
|
|
osDisk:
|
|
encryptionKey:
|
|
kmsKey:
|
|
projectID:
|
|
|For control plane machines, the ID of the project in which the KMS key ring exists. This value defaults to the VM project ID if not set.
|
|
|
|
*Value:* The {gcp-short} project ID.
|
|
|
|
|controlPlane:
|
|
platform:
|
|
gcp:
|
|
osDisk:
|
|
encryptionKey:
|
|
kmsKeyServiceAccount:
|
|
|The {gcp-short} service account used for the encryption request for control plane machines. If absent, the Compute Engine default service account is used. For more information about {gcp-short} service accounts, see Google's documentation on link:https://cloud.google.com/compute/docs/access/service-accounts#compute_engine_service_account[service accounts].
|
|
|
|
*Value:* The {gcp-short} service account email, for example `<service_account_name>@<project_id>.iam.gserviceaccount.com`.
|
|
|
|
|controlPlane:
|
|
platform:
|
|
gcp:
|
|
osDisk:
|
|
diskSizeGB:
|
|
|The size of the disk in gigabytes (GB). This value applies to control plane machines.
|
|
|
|
*Value:* Any integer between 16 and 65536.
|
|
|
|
|controlPlane:
|
|
platform:
|
|
gcp:
|
|
osDisk:
|
|
diskType:
|
|
|The link:https://cloud.google.com/compute/docs/disks#disk-types[{gcp-short} disk type] for control plane machines.
|
|
|
|
*Value:* Valid values are `pd-balanced`, `pd-ssd`, or `hyperdisk-balanced`. The default value is `pd-ssd`.
|
|
|
|
|controlPlane:
|
|
platform:
|
|
gcp:
|
|
tags:
|
|
|Optional. Additional network tags to add to the control plane machines. If set, this parameter overrides the `platform.gcp.defaultMachinePlatform.tags` parameter for control plane machines.
|
|
|
|
*Value:* One or more strings, for example `control-plane-tag1`.
|
|
|
|
|controlPlane:
|
|
platform:
|
|
gcp:
|
|
type:
|
|
|The link:https://cloud.google.com/compute/docs/machine-types[{gcp-short} machine type] for control plane machines. If set, this parameter overrides the `platform.gcp.defaultMachinePlatform.type` parameter.
|
|
|
|
*Value:* The {gcp-short} machine type, for example `n1-standard-4`.
|
|
|
|
|controlPlane:
|
|
platform:
|
|
gcp:
|
|
zones:
|
|
|The availability zones where the installation program creates control plane machines.
|
|
|
|
*Value:* A list of valid link:https://cloud.google.com/compute/docs/regions-zones#available[{gcp-short} availability zones], such as `us-central1-a`, in a
|
|
link:https://yaml.org/spec/1.2/spec.html#sequence//[YAML sequence].
|
|
[IMPORTANT]
|
|
====
|
|
When running your cluster on {gcp-short} 64-bit ARM infrastructures, ensure that you use a zone where Ampere Altra Arm CPU's are available. You can find which zones are compatible with 64-bit ARM processors in the "{gcp-short} availability zones" link.
|
|
====
|
|
|
|
|controlPlane:
|
|
platform:
|
|
gcp:
|
|
secureBoot:
|
|
|Whether to enable Shielded VM secure boot for control plane machines. Shielded VMs have additional security protocols such as secure boot, firmware and integrity monitoring, and rootkit protection. For more information on Shielded VMs, see Google's documentation on link:https://cloud.google.com/shielded-vm[Shielded VMs].
|
|
|
|
*Value:* `Enabled` or `Disabled`. The default value is `Disabled`.
|
|
|
|
|controlPlane:
|
|
platform:
|
|
gcp:
|
|
confidentialCompute:
|
|
|Whether to use Confidential VMs for control plane machines. Confidential VMs provide encryption for data during processing. For more information on Confidential computing, see Google's documentation about link:https://cloud.google.com/confidential-computing[Confidential Computing].
|
|
|
|
Supported values are:
|
|
|
|
* `Enabled`, which automatically selects a Confidential Computing platform
|
|
+
|
|
[IMPORTANT]
|
|
====
|
|
The `Enabled` value selects Confidential Computing with AMD Secure Encrypted Virtualization (AMD SEV), which is deprecated.
|
|
====
|
|
* `Disabled`, which disables Confidential Computing
|
|
* `AMDEncryptedVirtualizationNestedPaging`, which enables Confidential Computing with AMD Secure Encrypted Virtualization Secure Nested Paging (AMD SEV-SNP)
|
|
* `AMDEncryptedVirtualization`, which enables Confidential Computing with AMD Secure Encrypted Virtualization (AMD SEV)
|
|
+
|
|
[IMPORTANT]
|
|
====
|
|
The use of Confidential Computing with AMD Secure Encrypted Virtualization (AMD SEV) has been deprecated and will be removed in a future release.
|
|
====
|
|
* `IntelTrustedDomainExtensions`, which enables Confidential Computing with Intel Trusted Domain Extensions (Intel TDX)
|
|
|
|
If you specify any value other than `Disabled`, you must set `controlPlane.platform.gcp.defaultMachinePlatform.onHostMaintenance` to `Terminate`.
|
|
|
|
*Value:* String.
|
|
|
|
|controlPlane:
|
|
platform:
|
|
gcp:
|
|
onHostMaintenance:
|
|
|Specifies the behavior of control plane VMs during a host maintenance event, such as a software or hardware update. For Confidential VMs, this parameter must be set to `Terminate`. Confidential VMs do not support live VM migration.
|
|
|
|
*Value:* `Terminate` or `Migrate`. The default value is `Migrate`.
|
|
|
|
|controlPlane:
|
|
platform:
|
|
gcp:
|
|
serviceAccount:
|
|
|Specifies the email address of a {gcp-short} service account to be used during installations. This service account is used to provision control plane machines.
|
|
[IMPORTANT]
|
|
====
|
|
In the case of shared VPC installations, when the service account is not provided, the installation program service account must have the `resourcemanager.projects.getIamPolicy` and `resourcemanager.projects.setIamPolicy` permissions in the host project.
|
|
====
|
|
|
|
*Value:* String. The email address of the service account.
|
|
|
|
|compute:
|
|
platform:
|
|
gcp:
|
|
osDisk:
|
|
encryptionKey:
|
|
kmsKey:
|
|
name:
|
|
|The name of the customer managed encryption key to be used for compute machine disk encryption.
|
|
|
|
*Value:* The encryption key name.
|
|
|
|
|compute:
|
|
platform:
|
|
gcp:
|
|
osDisk:
|
|
encryptionKey:
|
|
kmsKey:
|
|
keyRing:
|
|
|For compute machines, the name of the KMS key ring to which the KMS key belongs.
|
|
|
|
*Value:* The KMS key ring name.
|
|
|
|
|compute:
|
|
platform:
|
|
gcp:
|
|
osDisk:
|
|
encryptionKey:
|
|
kmsKey:
|
|
location:
|
|
|For compute machines, the {gcp-short} location in which the key ring exists. For more information about KMS locations, see Google's documentation on link:https://cloud.google.com/kms/docs/locations[Cloud KMS locations].
|
|
|
|
*Value:* The {gcp-short} location for the key ring.
|
|
|
|
|compute:
|
|
platform:
|
|
gcp:
|
|
osDisk:
|
|
encryptionKey:
|
|
kmsKey:
|
|
projectID:
|
|
|For compute machines, the ID of the project in which the KMS key ring exists. This value defaults to the VM project ID if not set.
|
|
|
|
*Value:* The {gcp-short} project ID.
|
|
|
|
|compute:
|
|
platform:
|
|
gcp:
|
|
osDisk:
|
|
encryptionKey:
|
|
kmsKeyServiceAccount:
|
|
|The {gcp-short} service account used for the encryption request for compute machines. If this value is not set, the Compute Engine default service account is used. For more information about {gcp-short} service accounts, see Google's documentation on link:https://cloud.google.com/compute/docs/access/service-accounts#compute_engine_service_account[service accounts].
|
|
|
|
*Value:* The {gcp-short} service account email, for example `<service_account_name>@<project_id>.iam.gserviceaccount.com`.
|
|
|
|
|compute:
|
|
platform:
|
|
gcp:
|
|
osDisk:
|
|
diskSizeGB:
|
|
|The size of the disk in gigabytes (GB). This value applies to compute machines.
|
|
|
|
*Value:* Any integer between 16 and 65536.
|
|
|
|
|compute:
|
|
platform:
|
|
gcp:
|
|
osDisk:
|
|
diskType:
|
|
|The link:https://cloud.google.com/compute/docs/disks#disk-types[{gcp-short} disk type] for compute machines.
|
|
|
|
*Value:* Valid values are `pd-balanced`, `pd-ssd`, `pd-standard`, or `hyperdisk-balanced`. The default value is `pd-ssd`.
|
|
|
|
|compute:
|
|
platform:
|
|
gcp:
|
|
tags:
|
|
|Optional. Additional network tags to add to the compute machines. If set, this parameter overrides the `platform.gcp.defaultMachinePlatform.tags` parameter for compute machines.
|
|
|
|
*Value:* One or more strings, for example `compute-network-tag1`.
|
|
|
|
|compute:
|
|
platform:
|
|
gcp:
|
|
type:
|
|
|The link:https://cloud.google.com/compute/docs/machine-types[{gcp-short} machine type] for compute machines. If set, this parameter overrides the `platform.gcp.defaultMachinePlatform.type` parameter.
|
|
|
|
*Value:* The {gcp-short} machine type, for example `n1-standard-4`.
|
|
|
|
|compute:
|
|
platform:
|
|
gcp:
|
|
zones:
|
|
|The availability zones where the installation program creates compute machines.
|
|
|
|
*Value:* A list of valid link:https://cloud.google.com/compute/docs/regions-zones#available[{gcp-short} availability zones], such as `us-central1-a`, in a
|
|
link:https://yaml.org/spec/1.2/spec.html#sequence//[YAML sequence].
|
|
[IMPORTANT]
|
|
====
|
|
When running your cluster on {gcp-short} 64-bit ARM infrastructures, ensure that you use a zone where Ampere Altra Arm CPU's are available. You can find which zones are compatible with 64-bit ARM processors in the "{gcp-short} availability zones" link.
|
|
====
|
|
|
|
|compute:
|
|
platform:
|
|
gcp:
|
|
secureBoot:
|
|
|Whether to enable Shielded VM secure boot for compute machines. Shielded VMs have additional security protocols such as secure boot, firmware and integrity monitoring, and rootkit protection. For more information on Shielded VMs, see Google's documentation on link:https://cloud.google.com/shielded-vm[Shielded VMs].
|
|
|
|
*Value:* `Enabled` or `Disabled`. The default value is `Disabled`.
|
|
|
|
|compute:
|
|
platform:
|
|
gcp:
|
|
confidentialCompute:
|
|
|Whether to use Confidential VMs for compute machines. Confidential VMs provide encryption for data during processing. For more information on Confidential computing, see Google's documentation on link:https://cloud.google.com/confidential-computing[Confidential computing].
|
|
|
|
Supported values are:
|
|
|
|
* `Enabled`, which automatically selects a Confidential Computing platform
|
|
+
|
|
[IMPORTANT]
|
|
====
|
|
The `Enabled` value selects Confidential Computing with AMD Secure Encrypted Virtualization (AMD SEV), which is deprecated.
|
|
====
|
|
* `Disabled`, which disables Confidential Computing
|
|
* `AMDEncryptedVirtualizationNestedPaging`, which enables Confidential Computing with AMD Secure Encrypted Virtualization Secure Nested Paging (AMD SEV-SNP)
|
|
* `AMDEncryptedVirtualization`, which enables Confidential Computing with AMD Secure Encrypted Virtualization (AMD SEV)
|
|
+
|
|
[IMPORTANT]
|
|
====
|
|
The use of Confidential Computing with AMD Secure Encrypted Virtualization (AMD SEV) has been deprecated and will be removed in a future release.
|
|
====
|
|
* `IntelTrustedDomainExtensions`, which enables Confidential Computing with Intel Trusted Domain Extensions (Intel TDX)
|
|
|
|
If you specify any value other than `Disabled`, you must set `compute.platform.gcp.onHostMaintenance` to `Terminate`.
|
|
|
|
*Value:* String.
|
|
|
|
|compute:
|
|
platform:
|
|
gcp:
|
|
onHostMaintenance:
|
|
|Specifies the behavior of compute VMs during a host maintenance event, such as a software or hardware update. For Confidential VMs, this parameter must be set to `Terminate`. Confidential VMs do not support live VM migration.
|
|
|
|
*Value:* `Terminate` or `Migrate`. The default value is `Migrate`.
|
|
|
|
|====
|
|
|
|
endif::gcp[]
|
|
ifdef::ibm-cloud[]
|
|
[id="installation-configuration-parameters-additional-ibm-cloud_{context}"]
|
|
== Additional {ibm-cloud-title} configuration parameters
|
|
|
|
Additional {ibm-cloud-name} configuration parameters are described in the following table:
|
|
|
|
.Additional {ibm-cloud-name} parameters
|
|
[cols=".^l,.^a",options="header"]
|
|
|====
|
|
|Parameter|Description
|
|
|
|
|controlPlane:
|
|
platform:
|
|
ibmcloud:
|
|
bootVolume:
|
|
encryptionKey:
|
|
|An {ibm-name} Key Protect for {ibm-cloud-name} (Key Protect) root key that should be used to encrypt the root (boot) volume of only control plane machines.
|
|
|
|
*Value:* The Cloud Resource Name (CRN) of the root key.
|
|
|
|
The CRN must be enclosed in quotes ("").
|
|
|
|
|compute:
|
|
platform:
|
|
ibmcloud:
|
|
bootVolume:
|
|
encryptionKey:
|
|
|A Key Protect root key that should be used to encrypt the root (boot) volume of only compute machines.
|
|
|
|
*Value:* The CRN of the root key.
|
|
|
|
The CRN must be enclosed in quotes ("").
|
|
|
|
|platform:
|
|
ibmcloud:
|
|
defaultMachinePlatform:
|
|
bootvolume:
|
|
encryptionKey:
|
|
|A Key Protect root key that should be used to encrypt the root (boot) volume of all of the cluster's machines.
|
|
|
|
When specified as part of the default machine configuration, all managed storage classes are updated with this key. Data volumes that are provisioned after the installation are also encrypted using this key.
|
|
|
|
*Value:* The CRN of the root key.
|
|
|
|
The CRN must be enclosed in quotes ("").
|
|
|
|
|platform:
|
|
ibmcloud:
|
|
resourceGroupName:
|
|
|The name of an existing resource group.
|
|
By default, an installer-provisioned VPC and cluster resources are created and placed in this resource group. The installation program creates the resource group for the cluster if you do not specify these parameters.
|
|
|
|
If you are deploying the cluster into an existing VPC, the installation-program-provisioned cluster resources are placed in this resource group. The installation program creates the resource group for the cluster if you do not specify these parameters. The VPC resources that you have provisioned must exist in a resource group that you specify using the `networkResourceGroupName` parameter.
|
|
|
|
In either case, this resource group must only be used for a single cluster installation, as the cluster components assume ownership of all of the resources in the resource group. [^1^]
|
|
|
|
*Value:* String, for example `existing_resource_group`.
|
|
|
|
|platform:
|
|
ibmcloud:
|
|
serviceEndpoints:
|
|
- name:
|
|
url:
|
|
|A list of service endpoint names and URIs.
|
|
|
|
By default, the installation program and cluster components use public service endpoints to access the required {ibm-cloud-name} services.
|
|
|
|
If network restrictions limit access to public service endpoints, you can specify an alternate service endpoint to override the default behavior.
|
|
|
|
You can specify only one alternate service endpoint for each of the following services:
|
|
|
|
* Cloud Object Storage
|
|
* DNS Services
|
|
* Global Search
|
|
* Global Tagging
|
|
* Identity Services
|
|
* Key Protect
|
|
* Resource Controller
|
|
* Resource Manager
|
|
* VPC
|
|
|
|
*Value:* A valid service endpoint name and fully qualified URI.
|
|
|
|
Valid names include:
|
|
|
|
* `COS`
|
|
* `DNSServices`
|
|
* `GlobalServices`
|
|
* `GlobalTagging`
|
|
* `IAM`
|
|
* `KeyProtect`
|
|
* `ResourceController`
|
|
* `ResourceManager`
|
|
* `VPC`
|
|
|
|
|platform:
|
|
ibmcloud:
|
|
networkResourceGroupName:
|
|
|The name of an existing resource group. This resource contains the existing VPC and subnets to which the cluster is deployed. This parameter is required when deploying the cluster to a VPC that you have provisioned.
|
|
|
|
*Value:* String, for example `existing_network_resource_group`.
|
|
|
|
|platform:
|
|
ibmcloud:
|
|
dedicatedHosts:
|
|
profile:
|
|
|The new dedicated host to create. If you specify a value for `platform.ibmcloud.dedicatedHosts.name`, this parameter is not required.
|
|
|
|
*Value:* Valid {ibm-cloud-name} dedicated host profile, such as `cx2-host-152x304`. [^2^]
|
|
|
|
|platform:
|
|
ibmcloud:
|
|
dedicatedHosts:
|
|
name:
|
|
|An existing dedicated host. If you specify a value for `platform.ibmcloud.dedicatedHosts.profile`, this parameter is not required.
|
|
|
|
*Value:* String, for example `my-dedicated-host-name`.
|
|
|
|
|platform:
|
|
ibmcloud:
|
|
type:
|
|
|The instance type for all {ibm-cloud-name} machines.
|
|
|
|
*Value:* Valid {ibm-cloud-name} instance type, such as `bx2-8x32`. [^2^]
|
|
|
|
|platform:
|
|
ibmcloud:
|
|
vpcName:
|
|
| The name of the existing VPC that you want to deploy your cluster to.
|
|
|
|
*Value:* String.
|
|
|
|
|platform:
|
|
ibmcloud:
|
|
controlPlaneSubnets:
|
|
| The name(s) of the existing subnet(s) in your VPC that you want to deploy your control plane machines to. Specify a subnet for each availability zone.
|
|
|
|
*Value:* String array
|
|
|
|
|platform:
|
|
ibmcloud:
|
|
computeSubnets:
|
|
| The name(s) of the existing subnet(s) in your VPC that you want to deploy your compute machines to. Specify a subnet for each availability zone. Subnet IDs are not supported.
|
|
|
|
*Value:* String array
|
|
|
|
|====
|
|
[.small]
|
|
--
|
|
1. Whether you define an existing resource group, or if the installation program creates one, determines how the resource group is treated when the cluster is uninstalled. If you define a resource group, the installation program removes all of the installer-provisioned resources, but leaves the resource group alone; if a resource group is created as part of the installation, the installation program removes all of the installer-provisioned resources and the resource group.
|
|
2. To determine which profile best meets your needs, see https://cloud.ibm.com/docs/vpc?topic=vpc-profiles&interface=ui[Instance Profiles] in the {ibm-name} documentation.
|
|
--
|
|
endif::ibm-cloud[]
|
|
|
|
ifdef::agent,vsphere[]
|
|
[id="installation-configuration-parameters-additional-vsphere_{context}"]
|
|
== Additional VMware vSphere configuration parameters
|
|
|
|
Additional VMware vSphere configuration parameters are described in the following table:
|
|
|
|
.Additional VMware vSphere cluster parameters
|
|
[cols=".^l,.^a",options="header"]
|
|
|====
|
|
|Parameter|Description
|
|
|
|
|platform:
|
|
vsphere:
|
|
|Describes your account on the cloud platform that hosts your cluster. You can use the parameter to customize the platform. If you provide additional configuration settings for compute and control plane machines in the machine pool, the parameter is not required.
|
|
|
|
*Value:* A dictionary of vSphere configuration objects
|
|
|
|
ifdef::vsphere[]
|
|
|platform:
|
|
vsphere:
|
|
apiVIPs:
|
|
|Virtual IP (VIP) addresses that you configured for control plane API access.
|
|
[NOTE]
|
|
====
|
|
This parameter applies only to installer-provisioned infrastructure without an external load balancer configured. You must not specify this parameter in user-provisioned infrastructure.
|
|
====
|
|
|
|
*Value:* Multiple IP addresses
|
|
|
|
|platform:
|
|
vsphere:
|
|
diskType:
|
|
|Optional: The disk provisioning method. This value defaults to the vSphere default storage policy if not set.
|
|
|
|
*Value:* Valid values are `thin`, `thick`, or `eagerZeroedThick`.
|
|
endif::vsphere[]
|
|
|
|
|platform:
|
|
vsphere:
|
|
failureDomains:
|
|
|Establishes the relationships between a region and zone. You define a failure domain by using vCenter objects, such as a `datastore` object. A failure domain defines the vCenter location for {product-title} cluster nodes.
|
|
|
|
*Value:* An array of failure domain configuration objects.
|
|
|
|
|platform:
|
|
vsphere:
|
|
failureDomains:
|
|
name:
|
|
|The name of the failure domain.
|
|
|
|
*Value:* String
|
|
|
|
|platform:
|
|
vsphere:
|
|
failureDomains:
|
|
region:
|
|
|If you define multiple failure domains for your cluster, you must attach the tag to each vCenter data center. To define a region, use a tag from the `openshift-region` tag category. For a single vSphere data center environment, you do not need to attach a tag, but you must enter an alphanumeric value, such as `datacenter`, for the parameter.
|
|
If you want to base your failure domains on host groups, attach these tags to your vSphere clusters instead of your data centers.
|
|
|
|
[IMPORTANT]
|
|
====
|
|
OpenShift zones support for vSphere host groups is a Technology Preview feature only. Technology Preview features are not supported with Red Hat production service level agreements (SLAs) and might not be functionally complete. Red Hat does not recommend using them in production. These features provide early access to upcoming product features, enabling customers to test functionality and provide feedback during the development process.
|
|
|
|
For more information about the support scope of Red Hat Technology Preview features, see link:https://access.redhat.com/support/offerings/techpreview/[Technology Preview Features Support Scope].
|
|
====
|
|
|
|
*Value:* String
|
|
|
|
|platform:
|
|
vsphere:
|
|
failureDomains:
|
|
regionType:
|
|
|Specifies the `ComputeCluster` region type to enable host groups.
|
|
|
|
[IMPORTANT]
|
|
====
|
|
OpenShift zones support for vSphere host groups is a Technology Preview feature only. Technology Preview features are not supported with Red Hat production service level agreements (SLAs) and might not be functionally complete. Red Hat does not recommend using them in production. These features provide early access to upcoming product features, enabling customers to test functionality and provide feedback during the development process.
|
|
|
|
For more information about the support scope of Red Hat Technology Preview features, see link:https://access.redhat.com/support/offerings/techpreview/[Technology Preview Features Support Scope].
|
|
====
|
|
|
|
*Value:* String
|
|
|
|
|platform:
|
|
vsphere:
|
|
failureDomains:
|
|
server:
|
|
|Specifies the fully-qualified hostname or IP address of the VMware vCenter server, so that a client can access failure domain resources. You must apply the `server` role to the vSphere vCenter server location.
|
|
|
|
*Value:* String
|
|
|
|
|platform:
|
|
vsphere:
|
|
failureDomains:
|
|
zone:
|
|
|If you define multiple failure domains for your cluster, you must attach a tag to each vCenter cluster. To define a zone, use a tag from the `openshift-zone` tag category. For a single vSphere data center environment, you do not need to attach a tag, but you must enter an alphanumeric value, such as `cluster`, for the parameter.
|
|
If you want to base your failure domains on host groups, define zones that correspond to your host groups instead of your clusters. Use these tags to associate each ESXi host with its host group.
|
|
|
|
[IMPORTANT]
|
|
====
|
|
OpenShift zones support for vSphere host groups is a Technology Preview feature only. Technology Preview features are not supported with Red Hat production service level agreements (SLAs) and might not be functionally complete. Red Hat does not recommend using them in production. These features provide early access to upcoming product features, enabling customers to test functionality and provide feedback during the development process.
|
|
|
|
For more information about the support scope of Red Hat Technology Preview features, see link:https://access.redhat.com/support/offerings/techpreview/[Technology Preview Features Support Scope].
|
|
====
|
|
|
|
*Value:* String
|
|
|
|
|platform:
|
|
vsphere:
|
|
failureDomains:
|
|
zoneType:
|
|
|Specifies the `HostGroup` zone type to enable host groups.
|
|
|
|
[IMPORTANT]
|
|
====
|
|
OpenShift zones support for vSphere host groups is a Technology Preview feature only. Technology Preview features are not supported with Red Hat production service level agreements (SLAs) and might not be functionally complete. Red Hat does not recommend using them in production. These features provide early access to upcoming product features, enabling customers to test functionality and provide feedback during the development process.
|
|
|
|
For more information about the support scope of Red Hat Technology Preview features, see link:https://access.redhat.com/support/offerings/techpreview/[Technology Preview Features Support Scope].
|
|
====
|
|
|
|
*Value:* String
|
|
|
|
|platform:
|
|
vsphere:
|
|
failureDomains:
|
|
topology:
|
|
computeCluster:
|
|
|The path to the vSphere compute cluster.
|
|
|
|
*Value:* String
|
|
|
|
|platform:
|
|
vsphere:
|
|
failureDomains:
|
|
topology:
|
|
datacenter:
|
|
|Lists and defines the data centers where {product-title} virtual machines (VMs) operate.
|
|
The list of data centers must match the list of data centers specified in the `vcenters` field.
|
|
|
|
*Value:* String
|
|
|
|
ifdef::vsphere[]
|
|
|platform:
|
|
vsphere:
|
|
failureDomains:
|
|
topology:
|
|
datastore:
|
|
|Specifies the path to a vSphere datastore that stores virtual machines files for a failure domain. You must apply the `datastore` role to the vSphere vCenter datastore location.
|
|
|
|
*Value:* String
|
|
endif::vsphere[]
|
|
ifdef::agent[]
|
|
|platform:
|
|
vsphere:
|
|
failureDomains:
|
|
topology:
|
|
datastore:
|
|
|The path to the vSphere datastore that holds virtual machine files, templates, and ISO images.
|
|
[IMPORTANT]
|
|
====
|
|
You can specify the path of any datastore that exists in a datastore cluster.
|
|
By default, Storage vMotion is automatically enabled for a datastore cluster.
|
|
Red{nbsp}Hat does not support Storage vMotion, so you must disable Storage vMotion to avoid data loss issues for your {product-title} cluster.
|
|
|
|
If you must specify VMs across multiple datastores, use a `datastore` object to specify a failure domain in your cluster's `install-config.yaml` configuration file. For more information, see "VMware vSphere region and zone enablement".
|
|
====
|
|
|
|
*Value:* String
|
|
endif::agent[]
|
|
|
|
|platform:
|
|
vsphere:
|
|
failureDomains:
|
|
topology:
|
|
folder:
|
|
|Optional: The absolute path of an existing folder where the user creates the virtual machines, for example, `/<data_center_name>/vm/<folder_name>/<subfolder_name>`.
|
|
ifdef::vsphere[]
|
|
If you do not provide this value, the installation program creates a top-level folder in the data center virtual machine folder that is named with the infrastructure ID. If you are providing the infrastructure for the cluster and you do not want to use the default `StorageClass` object, named `thin`, you can omit the `folder` parameter from the `install-config.yaml` file.
|
|
endif::vsphere[]
|
|
|
|
*Value:* String
|
|
|
|
|platform:
|
|
vsphere:
|
|
failureDomains:
|
|
topology:
|
|
hostGroup:
|
|
|Specifies the vSphere host group to associate with the failure domain.
|
|
|
|
[IMPORTANT]
|
|
====
|
|
OpenShift zones support for vSphere host groups is a Technology Preview feature only. Technology Preview features are not supported with Red Hat production service level agreements (SLAs) and might not be functionally complete. Red Hat does not recommend using them in production. These features provide early access to upcoming product features, enabling customers to test functionality and provide feedback during the development process.
|
|
|
|
For more information about the support scope of Red Hat Technology Preview features, see link:https://access.redhat.com/support/offerings/techpreview/[Technology Preview Features Support Scope].
|
|
====
|
|
|
|
*Value:* String
|
|
|
|
|platform:
|
|
vsphere:
|
|
failureDomains:
|
|
topology:
|
|
networks:
|
|
|Lists any network in the vCenter instance that contains the virtual IP addresses and DNS records that you configured.
|
|
|
|
*Value:* String
|
|
|
|
|platform:
|
|
vsphere:
|
|
failureDomains:
|
|
topology:
|
|
resourcePool:
|
|
|
|
|Optional: The absolute path of an existing resource pool where the installation program creates the virtual machines, for example, `/<data_center_name>/host/<cluster_name>/Resources/<resource_pool_name>/<optional_nested_resource_pool_name>`.
|
|
ifdef::vsphere[]
|
|
If you do not specify a value, the installation program installs the resources in the root of the cluster under `/<data_center_name>/host/<cluster_name>/Resources`.
|
|
endif::vsphere[]
|
|
|
|
*Value:* String
|
|
|
|
|platform:
|
|
vsphere:
|
|
failureDomains:
|
|
topology
|
|
template:
|
|
|Specifies the absolute path to a pre-existing {op-system-first} image template or virtual machine. The installation program can use the image template or virtual machine to quickly install {op-system} on vSphere hosts. Consider using this parameter as an alternative to uploading an {op-system} image on vSphere hosts. This parameter is available for use only on installer-provisioned infrastructure.
|
|
|
|
*Value:* String
|
|
|
|
ifdef::vsphere[]
|
|
|platform:
|
|
vsphere:
|
|
ingressVIPs:
|
|
|Virtual IP (VIP) addresses that you configured for cluster Ingress.
|
|
[NOTE]
|
|
====
|
|
This parameter applies only to installer-provisioned infrastructure without an external load balancer configured. You must not specify this parameter in user-provisioned infrastructure.
|
|
====
|
|
|
|
*Value:* Multiple IP addresses
|
|
endif::vsphere[]
|
|
|
|
|platform:
|
|
vsphere:
|
|
vcenters:
|
|
|Configures the connection details so that services can communicate with a vCenter server.
|
|
|
|
*Value:* An array of vCenter configuration objects.
|
|
|
|
|platform:
|
|
vsphere:
|
|
vcenters:
|
|
datacenters:
|
|
|Lists and defines the data centers where {product-title} virtual machines (VMs) operate. The list of data centers must match the list of data centers specified in the `failureDomains` field.
|
|
|
|
*Value:* String
|
|
|
|
|platform:
|
|
vsphere:
|
|
vcenters:
|
|
password:
|
|
|The password associated with the vSphere user.
|
|
|
|
*Value:* String
|
|
|
|
|platform:
|
|
vsphere:
|
|
vcenters:
|
|
port:
|
|
|The port number used to communicate with the vCenter server.
|
|
|
|
*Value:* Integer
|
|
|
|
|platform:
|
|
vsphere:
|
|
vcenters:
|
|
server:
|
|
|The fully qualified host name (FQHN) or IP address of the vCenter server.
|
|
|
|
*Value:* String
|
|
|
|
|platform:
|
|
vsphere:
|
|
vcenters:
|
|
user:
|
|
|The username associated with the vSphere user.
|
|
|
|
*Value:* String
|
|
|====
|
|
|
|
[id="deprecated-parameters-vsphere_{context}"]
|
|
== Deprecated VMware vSphere configuration parameters
|
|
|
|
In {product-title} 4.13, the following vSphere configuration parameters are deprecated. You can continue to use these parameters, but the installation program does not automatically specify these parameters in the `install-config.yaml` file.
|
|
|
|
The following table lists each deprecated vSphere configuration parameter:
|
|
|
|
.Deprecated VMware vSphere cluster parameters
|
|
[cols=".^l,.^a",options="header"]
|
|
|====
|
|
|Parameter|Description
|
|
ifdef::vsphere[]
|
|
|
|
|platform:
|
|
vsphere:
|
|
apiVIP:
|
|
|The virtual IP (VIP) address that you configured for control plane API access.
|
|
|
|
[NOTE]
|
|
====
|
|
In {product-title} 4.12 and later, the `apiVIP` configuration setting is deprecated. Instead, use a `List` format to enter a value in the `apiVIPs` configuration setting.
|
|
====
|
|
|
|
*Value:* An IP address, for example `128.0.0.1`.
|
|
endif::vsphere[]
|
|
|
|
|platform:
|
|
vsphere:
|
|
cluster:
|
|
|The vCenter cluster to install the {product-title} cluster in.
|
|
|
|
*Value:* String
|
|
|
|
|platform:
|
|
vsphere:
|
|
datacenter:
|
|
|Defines the data center where {product-title} virtual machines (VMs) operate.
|
|
|
|
*Value:* String
|
|
|
|
|platform:
|
|
vsphere:
|
|
defaultDatastore:
|
|
|The name of the default datastore to use for provisioning volumes.
|
|
|
|
*Value:* String
|
|
|
|
|platform:
|
|
vsphere:
|
|
folder:
|
|
|Optional: The absolute path of an existing folder where the installation program creates the virtual machines. If you do not provide this value, the installation program creates a folder that is named with the infrastructure ID in the data center virtual machine folder.
|
|
|
|
*Value:* String, for example, `/<data_center_name>/vm/<folder_name>/<subfolder_name>`.
|
|
|
|
ifdef::vsphere[]
|
|
|platform:
|
|
vsphere:
|
|
ingressVIP:
|
|
|Virtual IP (VIP) addresses that you configured for cluster Ingress.
|
|
[NOTE]
|
|
====
|
|
In {product-title} 4.12 and later, the `ingressVIP` configuration setting is deprecated. Instead, use a `List` format to enter a value in the `ingressVIPs` configuration setting.
|
|
====
|
|
|
|
*Value:* An IP address, for example `128.0.0.1`.
|
|
|
|
|platform:
|
|
vsphere:
|
|
network:
|
|
|The network in the vCenter instance that contains the virtual IP addresses and DNS records that you configured.
|
|
|
|
*Value:* String
|
|
endif::vsphere[]
|
|
|
|
|platform:
|
|
vsphere:
|
|
password:
|
|
|The password for the vCenter user name.
|
|
|
|
*Value:* String
|
|
|
|
|platform:
|
|
vsphere:
|
|
resourcePool:
|
|
|Optional: The absolute path of an existing resource pool where the installation program creates the virtual machines. If you do not specify a value, the installation program installs the resources in the root of the cluster under `/<data_center_name>/host/<cluster_name>/Resources`.
|
|
|
|
*Value:* String, for example, `/<data_center_name>/host/<cluster_name>/Resources/<resource_pool_name>/<optional_nested_resource_pool_name>`.
|
|
|
|
|platform:
|
|
vsphere:
|
|
username:
|
|
|The user name to use to connect to the vCenter instance with. This user must have at least
|
|
the roles and privileges that are required for
|
|
link:https://github.com/vmware-archive/vsphere-storage-for-kubernetes/blob/master/documentation/vcp-roles.md[static or dynamic persistent volume provisioning]
|
|
in vSphere.
|
|
|
|
*Value:* String
|
|
|
|
|platform:
|
|
vsphere:
|
|
vCenter:
|
|
|The fully-qualified hostname or IP address of a vCenter server.
|
|
|
|
*Value:* String
|
|
|====
|
|
endif::agent,vsphere[]
|
|
|
|
ifdef::vsphere[]
|
|
[id="installation-configuration-parameters-optional-vsphere_{context}"]
|
|
== Optional VMware vSphere machine pool configuration parameters
|
|
|
|
Optional VMware vSphere machine pool configuration parameters are described in the following table:
|
|
|
|
.Optional VMware vSphere machine pool parameters
|
|
[cols=".^l,.^a",options="header"]
|
|
|====
|
|
|Parameter|Description
|
|
|
|
|platform:
|
|
vsphere:
|
|
clusterOSImage:
|
|
|The location from which the installation program downloads the {op-system-first} image. Before setting a path value for this parameter, ensure that the default {op-system} boot image in the {product-title} release matches the {op-system} image template or virtual machine version; otherwise, cluster installation might fail.
|
|
|
|
*Value:* An HTTP or HTTPS URL, optionally with a SHA-256 checksum. For example, `\https://mirror.openshift.com/images/rhcos-<version>-vmware.<architecture>.ova`.
|
|
|
|
|platform:
|
|
vsphere:
|
|
osDisk:
|
|
diskSizeGB:
|
|
|The size of the disk in gigabytes.
|
|
|
|
*Value:* Integer
|
|
|
|
|platform:
|
|
vsphere:
|
|
cpus:
|
|
|The total number of virtual processor cores to assign a virtual machine. The value of `platform.vsphere.cpus` must be a multiple of `platform.vsphere.coresPerSocket` value.
|
|
|
|
*Value:* Integer
|
|
|
|
|platform:
|
|
vsphere:
|
|
coresPerSocket:
|
|
|The number of cores per socket in a virtual machine, where `platform.vsphere.cpus` divided by `platform.vsphere.coresPerSocket` determines the number of virtual sockets on a virtual machine. Control plane nodes and compute nodes default to `4` virtual sockets on a virtual machine.
|
|
|
|
*Value:* Integer
|
|
|
|
|platform:
|
|
vsphere:
|
|
memoryMB:
|
|
|The size of a virtual machine's memory in megabytes.
|
|
|
|
*Value:* Integer
|
|
|
|
|platform:
|
|
vsphere:
|
|
dataDisks:
|
|
name:
|
|
|The name of the data disk to add to the virtual machines. The maximum name length is 80 characters.
|
|
|
|
[IMPORTANT]
|
|
====
|
|
[subs="attributes+"]
|
|
Installing {product-title} on {vmw-full} using multiple data disks is a Technology Preview feature only. Technology Preview features are not supported with Red Hat production service level agreements (SLAs) and might not be functionally complete. Red Hat does not recommend using them in production. These features provide early access to upcoming product features, enabling customers to test functionality and provide feedback during the development process.
|
|
|
|
For more information about the support scope of Red Hat Technology Preview features, see link:https://access.redhat.com/support/offerings/techpreview/[Technology Preview Features Support Scope].
|
|
====
|
|
//You can't put a snippet within a conditional.
|
|
|
|
*Value:* String
|
|
|
|
|platform:
|
|
vsphere:
|
|
dataDisks:
|
|
sizeGiB:
|
|
|The size of the data disk to add to the virtual machines. The maximum size is 16384 GiB.
|
|
|
|
*Value:* Integer
|
|
|
|
|platform:
|
|
vsphere:
|
|
dataDisks:
|
|
provisioningMode:
|
|
|Optional: The data disk provisioning method. This value defaults to the vSphere default storage policy, if not set.
|
|
|
|
*Value:* Valid values are `Thin`, `Thick`, or `EagerlyZeroed`.
|
|
|====
|
|
endif::vsphere[]
|
|
|
|
ifdef::ash[]
|
|
[id="installation-configuration-parameters-additional-azure-stack-hub_{context}"]
|
|
== Additional Azure Stack Hub configuration parameters
|
|
|
|
Additional Azure configuration parameters are described in the following table:
|
|
|
|
.Additional Azure Stack Hub parameters
|
|
[cols=".^l,.^a",options="header"]
|
|
|====
|
|
|Parameter|Description
|
|
|
|
|compute:
|
|
platform:
|
|
azure:
|
|
osDisk:
|
|
diskSizeGB:
|
|
|The Azure disk size for the VM.
|
|
|
|
*Value:* Integer that represents the size of the disk in GB. The default is `128`.
|
|
|
|
|compute:
|
|
platform:
|
|
azure:
|
|
osDisk:
|
|
diskType:
|
|
|Defines the type of disk.
|
|
|
|
*Value:* `standard_LRS` or `premium_LRS`. The default is `premium_LRS`.
|
|
|
|
|compute:
|
|
platform:
|
|
azure:
|
|
type:
|
|
|Defines the azure instance type for compute machines.
|
|
|
|
*Value:* String
|
|
|
|
|controlPlane:
|
|
platform:
|
|
azure:
|
|
osDisk:
|
|
diskSizeGB:
|
|
|The Azure disk size for the VM.
|
|
|
|
*Value:* Integer that represents the size of the disk in GB. The default is `1024`.
|
|
|
|
|controlPlane:
|
|
platform:
|
|
azure:
|
|
osDisk:
|
|
diskType:
|
|
|Defines the type of disk.
|
|
|
|
*Value:* `premium_LRS`.
|
|
|
|
|controlPlane:
|
|
platform:
|
|
azure:
|
|
type:
|
|
|Defines the azure instance type for control plane machines.
|
|
|
|
*Value:* String
|
|
|
|
|platform:
|
|
azure:
|
|
defaultMachinePlatform:
|
|
osDisk:
|
|
diskSizeGB:
|
|
|The Azure disk size for the VM.
|
|
|
|
*Value:* Integer that represents the size of the disk in GB. The default is `128`.
|
|
|
|
|platform:
|
|
azure:
|
|
defaultMachinePlatform:
|
|
osDisk:
|
|
diskType:
|
|
|Defines the type of disk.
|
|
|
|
*Value:* `standard_LRS` or `premium_LRS`. The default is `premium_LRS`.
|
|
|
|
|platform:
|
|
azure:
|
|
defaultMachinePlatform:
|
|
type:
|
|
|The Azure instance type for control plane and compute machines.
|
|
|
|
*Value:* The Azure instance type.
|
|
|
|
|platform:
|
|
azure:
|
|
armEndpoint:
|
|
|The URL of the Azure Resource Manager endpoint that your Azure Stack Hub operator provides.
|
|
|
|
*Value:* String
|
|
|
|
|platform:
|
|
azure:
|
|
baseDomainResourceGroupName:
|
|
|The name of the resource group that contains the DNS zone for your base domain.
|
|
|
|
*Value:* String, for example `production_cluster`.
|
|
|
|
|platform:
|
|
azure:
|
|
region:
|
|
|The name of your Azure Stack Hub local region.
|
|
|
|
*Value:* String
|
|
|
|
|platform:
|
|
azure:
|
|
resourceGroupName:
|
|
|The name of an already existing resource group to install your cluster to. This resource group must be empty and only used for this specific cluster; the cluster components assume ownership of all resources in the resource group. If you limit the service principal scope of the installation program to this resource group, you must ensure all other resources used by the installation program in your environment have the necessary permissions, such as the public DNS zone and virtual network. Destroying the cluster by using the installation program deletes this resource group.
|
|
|
|
*Value:* String, for example `existing_resource_group`.
|
|
|
|
|platform:
|
|
azure:
|
|
outboundType:
|
|
|The outbound routing strategy used to connect your cluster to the internet. If you are using user-defined routing, you must have pre-existing networking available. The outbound routing must be configured before installing a cluster. The installation program does not configure user-defined routing.
|
|
|
|
*Value:* `LoadBalancer` or `UserDefinedRouting`. The default is `LoadBalancer`.
|
|
|
|
|platform:
|
|
azure:
|
|
cloudName:
|
|
|The name of the Azure cloud environment that is used to configure the Azure SDK with the appropriate Azure API endpoints.
|
|
|
|
*Value:* `AzureStackCloud`
|
|
|
|
|clusterOSImage:
|
|
|The URL of a storage blob in the Azure Stack environment that contains an {op-system} VHD.
|
|
|
|
*Value:* String, for example, \https://vhdsa.blob.example.example.com/vhd/rhcos-410.84.202112040202-0-azurestack.x86_64.vhd
|
|
|
|
|====
|
|
endif::ash[]
|
|
|
|
ifdef::nutanix[]
|
|
[id="installation-configuration-parameters-additional-nutanix_{context}"]
|
|
== Additional Nutanix configuration parameters
|
|
|
|
Additional Nutanix configuration parameters are described in the following table:
|
|
|
|
.Additional Nutanix cluster parameters
|
|
[cols=".^l,.^a",options="header"]
|
|
|====
|
|
|Parameter|Description
|
|
|
|
|compute:
|
|
platform:
|
|
nutanix:
|
|
categories:
|
|
key:
|
|
|The name of a prism category key to apply to compute VMs. This parameter must be accompanied by the `value` parameter, and both `key` and `value` parameters must exist in Prism Central. For more information on categories, see link:https://portal.nutanix.com/page/documents/details?targetId=Prism-Central-Guide-vpc_2022_6:ssp-ssp-categories-manage-pc-c.html[Category management].
|
|
|
|
*Value:* String
|
|
|
|
|compute:
|
|
platform:
|
|
nutanix:
|
|
categories:
|
|
value:
|
|
|The value of a prism category key-value pair to apply to compute VMs. This parameter must be accompanied by the `key` parameter, and both `key` and `value` parameters must exist in Prism Central.
|
|
|
|
*Value:* String
|
|
|
|
|compute:
|
|
platform:
|
|
nutanix:
|
|
failureDomains:
|
|
|The failure domains that apply to only compute machines.
|
|
|
|
Failure domains are specified in `platform.nutanix.failureDomains`.
|
|
|
|
*Value:* List.
|
|
|
|
The name of one or more failures domains.
|
|
|
|
|compute:
|
|
platform:
|
|
nutanix:
|
|
gpus:
|
|
type:
|
|
|The type of identifier used to attach a GPU to a compute machine. Valid values are "Name" or "DeviceID".
|
|
|
|
*Value:* String
|
|
|
|
|compute:
|
|
platform:
|
|
nutanix:
|
|
gpus:
|
|
name:
|
|
|The name of the GPU device to attach to a compute machine. This parameter is required if the GPU `type` is "Name".
|
|
|
|
*Value:* String
|
|
|
|
|compute:
|
|
platform:
|
|
nutanix:
|
|
gpus:
|
|
deviceID:
|
|
|The device identifier of the GPU device to attach to a compute machine. This information is available in Prism Central. This parameter is required if the GPU `type` is "DeviceID".
|
|
|
|
*Value:* Integer
|
|
|
|
|compute:
|
|
platform:
|
|
nutanix:
|
|
project:
|
|
type:
|
|
|The type of identifier you use to select a project for compute VMs. Projects define logical groups of user roles for managing permissions, networks, and other parameters. For more information on projects, see link:https://portal.nutanix.com/page/documents/details?targetId=Prism-Central-Guide-vpc_2022_9:ssp-app-mgmt-project-env-c.html[Projects Overview].
|
|
|
|
*Value:* `name` or `uuid`
|
|
|
|
|compute:
|
|
platform:
|
|
nutanix:
|
|
project:
|
|
name: or uuid:
|
|
|The name or UUID of a project with which compute VMs are associated. This parameter must be accompanied by the `type` parameter.
|
|
|
|
*Value:* String
|
|
|
|
|compute:
|
|
platform:
|
|
nutanix:
|
|
bootType:
|
|
|The boot type that the compute machines use. You must use the `Legacy` boot type in {product-title} {product-version}. For more information on boot types, see link:https://portal.nutanix.com/page/documents/kbs/details?targetId=kA07V000000H3K9SAK[Understanding UEFI, Secure Boot, and TPM in the Virtualized Environment].
|
|
|
|
*Value:* `Legacy`, `SecureBoot` or `UEFI`. The default is `Legacy`.
|
|
|
|
|compute:
|
|
platform:
|
|
nutanix:
|
|
dataDisks:
|
|
dataSourceImage:
|
|
name:
|
|
|Optional. The name of the data source image for the virtual machine disk in Prism Central.
|
|
|
|
*Value:* String
|
|
|
|
|compute:
|
|
platform:
|
|
nutanix:
|
|
dataDisks:
|
|
dataSourceImage:
|
|
referenceName:
|
|
|Optional. The reference name of the data source image in the failure domain. If you use this parameter, you must configure a matching `dataSourceImage` with the same `referenceName` in each failure domain that the compute nodes occupy. For more information about configuring failure domains, see _Configuring failure domains_ in the _Installing a cluster on Nutanix_ page.
|
|
|
|
*Value:* String
|
|
|
|
|compute:
|
|
platform:
|
|
nutanix:
|
|
dataDisks:
|
|
dataSourceImage:
|
|
uuid:
|
|
|The UUID of the data source image in Prism Central. This value is required.
|
|
|
|
*Value:* String
|
|
|
|
|compute:
|
|
platform:
|
|
nutanix:
|
|
dataDisks:
|
|
deviceProperties:
|
|
adapterType:
|
|
|The adapter type of the disk address. If the disk type is "Disk", valid values are "SCSI", "IDE", "PCI", "SATA" or "SPAPR".
|
|
If the disk type is "CDRom", valid values are "IDE" or "SATA".
|
|
|
|
*Value:* String
|
|
|
|
|compute:
|
|
platform:
|
|
nutanix:
|
|
dataDisks:
|
|
deviceProperties:
|
|
deviceIndex:
|
|
|The index of the disk address. Valid values are non-negative integers including `0`. The device index for disks that share the same adapter type should start at 0 and increase consecutively. The default value is `0`. For each virtual machine, the `Disk.SCSI.0` and `CDRom.IDE.0` indices are reserved. If you use the `Disk.SCSI` or `CDRom.IDE` disk and adapter types, the `deviceIndex` should start at `1`.
|
|
|
|
*Value:* Non-negative integer, including `0`.
|
|
|
|
|compute:
|
|
platform:
|
|
nutanix:
|
|
dataDisks:
|
|
deviceProperties:
|
|
deviceType:
|
|
|The disk device type. Valid values are "Disk" and "CDRom".
|
|
|
|
*Value:* String
|
|
|
|
|compute:
|
|
platform:
|
|
nutanix:
|
|
dataDisks:
|
|
diskSize:
|
|
|The size of the disk to attach to the virtual machine. The minimum size is 1Gb.
|
|
|
|
*Value:* Quantity format, such as 100G or 100Gi. For more information on this format, see link:https://pkg.go.dev/k8s.io/apimachinery/pkg/api/resource#Format.
|
|
|
|
|compute:
|
|
platform:
|
|
nutanix:
|
|
dataDisks:
|
|
storageConfig:
|
|
diskMode:
|
|
|The disk mode. Valid values are `Standard` or `Flash`, and the default is `Standard`.
|
|
|
|
*Value:* String
|
|
|
|
|compute:
|
|
platform:
|
|
nutanix:
|
|
dataDisks:
|
|
storageConfig:
|
|
storageContainer:
|
|
name:
|
|
|Optional. The name of the storage container object used by the virtual machine disk in Prism Central.
|
|
|
|
*Value:* String
|
|
|
|
|compute:
|
|
platform:
|
|
nutanix:
|
|
dataDisks:
|
|
storageConfig:
|
|
storageContainer:
|
|
referenceName:
|
|
|Optional. The reference name of the storage container in the failure domain. If you use this, you must configure a matching `storageContainer` with the same `referenceName` in each failure domain the compute nodes occupy. For more information about configuring failure domains, see _Configuring failure domains_ in the _Installing a cluster on Nutanix_ page.
|
|
|
|
*Value:* String
|
|
|
|
|compute:
|
|
platform:
|
|
nutanix:
|
|
dataDisks:
|
|
storageConfig:
|
|
storageContainer:
|
|
uuid:
|
|
|The UUID of the storage container in Prism Central.
|
|
|
|
*Value:* String
|
|
|
|
|controlPlane:
|
|
platform:
|
|
nutanix:
|
|
categories:
|
|
key:
|
|
|The name of a prism category key to apply to control plane VMs. This parameter must be accompanied by the `value` parameter, and both `key` and `value` parameters must exist in Prism Central. For more information on categories, see link:https://portal.nutanix.com/page/documents/details?targetId=Prism-Central-Guide-vpc_2022_6:ssp-ssp-categories-manage-pc-c.html[Category management].
|
|
|
|
*Value:* String
|
|
|
|
|controlPlane:
|
|
platform:
|
|
nutanix:
|
|
categories:
|
|
value:
|
|
|The value of a prism category key-value pair to apply to control plane VMs. This parameter must be accompanied by the `key` parameter, and both `key` and `value` parameters must exist in Prism Central.
|
|
|
|
*Value:* String
|
|
|
|
|controlPlane:
|
|
platform:
|
|
nutanix:
|
|
failureDomains:
|
|
|The failure domains that apply to only control plane machines.
|
|
|
|
Failure domains are specified in `platform.nutanix.failureDomains`.
|
|
|
|
*Value:* List.
|
|
|
|
The name of one or more failures domains.
|
|
|
|
|controlPlane:
|
|
platform:
|
|
nutanix:
|
|
project:
|
|
type:
|
|
|The type of identifier you use to select a project for control plane VMs. Projects define logical groups of user roles for managing permissions, networks, and other parameters. For more information on projects, see link:https://portal.nutanix.com/page/documents/details?targetId=Prism-Central-Guide-vpc_2022_9:ssp-app-mgmt-project-env-c.html[Projects Overview].
|
|
|
|
*Value:* `name` or `uuid`
|
|
|
|
|controlPlane:
|
|
platform:
|
|
nutanix:
|
|
project:
|
|
name: or uuid:
|
|
|The name or UUID of a project with which control plane VMs are associated. This parameter must be accompanied by the `type` parameter.
|
|
|
|
*Value:* String
|
|
|
|
|platform:
|
|
nutanix:
|
|
defaultMachinePlatform:
|
|
categories:
|
|
key:
|
|
|The name of a prism category key to apply to all VMs. This parameter must be accompanied by the `value` parameter, and both `key` and `value` parameters must exist in Prism Central. For more information on categories, see link:https://portal.nutanix.com/page/documents/details?targetId=Prism-Central-Guide-vpc_2022_6:ssp-ssp-categories-manage-pc-c.html[Category management].
|
|
|
|
*Value:* String
|
|
|
|
|platform:
|
|
nutanix:
|
|
defaultMachinePlatform:
|
|
categories:
|
|
value:
|
|
|The value of a prism category key-value pair to apply to all VMs. This parameter must be accompanied by the `key` parameter, and both `key` and `value` parameters must exist in Prism Central.
|
|
|
|
*Value:* String
|
|
|
|
|platform:
|
|
nutanix:
|
|
defaultMachinePlatform:
|
|
failureDomains:
|
|
|The failure domains that apply to both control plane and compute machines.
|
|
|
|
Failure domains are specified in `platform.nutanix.failureDomains`.
|
|
|
|
*Value:* List.
|
|
|
|
The name of one or more failures domains.
|
|
|
|
|platform:
|
|
nutanix:
|
|
defaultMachinePlatform:
|
|
project:
|
|
type:
|
|
|The type of identifier you use to select a project for all VMs. Projects define logical groups of user roles for managing permissions, networks, and other parameters. For more information on projects, see link:https://portal.nutanix.com/page/documents/details?targetId=Prism-Central-Guide-vpc_2022_9:ssp-app-mgmt-project-env-c.html[Projects Overview].
|
|
|
|
*Value:* `name` or `uuid`.
|
|
|
|
|platform:
|
|
nutanix:
|
|
defaultMachinePlatform:
|
|
project:
|
|
name: or uuid:
|
|
|The name or UUID of a project with which all VMs are associated. This parameter must be accompanied by the `type` parameter.
|
|
|
|
*Value:* String
|
|
|
|
|platform:
|
|
nutanix:
|
|
defaultMachinePlatform:
|
|
bootType:
|
|
|The boot type for all machines. You must use the `Legacy` boot type in {product-title} {product-version}. For more information on boot types, see link:https://portal.nutanix.com/page/documents/kbs/details?targetId=kA07V000000H3K9SAK[Understanding UEFI, Secure Boot, and TPM in the Virtualized Environment].
|
|
|
|
*Value:* `Legacy`, `SecureBoot` or `UEFI`. The default is `Legacy`.
|
|
|
|
|platform:
|
|
nutanix:
|
|
apiVIP:
|
|
|The virtual IP (VIP) address that you configured for control plane API access.
|
|
|
|
*Value:* IP address
|
|
|
|
|platform:
|
|
nutanix:
|
|
failureDomains:
|
|
- name:
|
|
prismElement:
|
|
name:
|
|
uuid:
|
|
subnetUUIDs:
|
|
-
|
|
|By default, the installation program installs cluster machines to a single Prism Element instance. A maximum of 32 subnets for each failure domain (Prism Element) in an {product-title} cluster is supported. All `subnetUUID` values must be unique. You can specify additional Prism Element instances for fault tolerance, and then apply them to:
|
|
|
|
* The cluster's default machine configuration
|
|
* Only control plane or compute machine pools
|
|
|
|
*Value:* A list of configured failure domains.
|
|
|
|
For more information on usage, see "Configuring a failure domain" in "Installing a cluster on Nutanix".
|
|
|
|
|platform:
|
|
nutanix:
|
|
ingressVIP:
|
|
|The virtual IP (VIP) address that you configured for cluster ingress.
|
|
|
|
*Value:* IP address
|
|
|
|
|platform:
|
|
nutanix:
|
|
prismCentral:
|
|
endpoint:
|
|
address:
|
|
|The Prism Central domain name or IP address.
|
|
|
|
*Value:* String
|
|
|
|
|platform:
|
|
nutanix:
|
|
prismCentral:
|
|
endpoint:
|
|
port:
|
|
|The port that is used to log into Prism Central.
|
|
|
|
*Value:* String
|
|
|
|
|platform:
|
|
nutanix:
|
|
prismCentral:
|
|
password:
|
|
|The password for the Prism Central user name.
|
|
|
|
*Value:* String
|
|
|
|
|platform:
|
|
nutanix:
|
|
preloadedOSImageName:
|
|
|Instead of creating and uploading a {op-system} image object for each {product-title} cluster, this parameter uses the named, preloaded {op-system} image object from the Prism Elements to which the {product-title} cluster is deployed.
|
|
|
|
*Value:* String
|
|
|
|
|platform:
|
|
nutanix:
|
|
prismCentral:
|
|
username:
|
|
|The user name that is used to log into Prism Central.
|
|
|
|
*Value:* String
|
|
|
|
|platform:
|
|
nutanix:
|
|
prismElements:
|
|
endpoint:
|
|
address:
|
|
|The Prism Element domain name or IP address. [^1^]
|
|
|
|
*Value:* String
|
|
|
|
|platform:
|
|
nutanix:
|
|
prismElements:
|
|
endpoint:
|
|
port:
|
|
|The port that is used to log into Prism Element.
|
|
|
|
*Value:* String
|
|
|
|
|platform:
|
|
nutanix:
|
|
prismElements:
|
|
uuid:
|
|
|The universally unique identifier (UUID) for Prism Element.
|
|
|
|
*Value:* String
|
|
|
|
|platform:
|
|
nutanix:
|
|
subnetUUIDs:
|
|
|The UUID of the Prism Element network that contains the virtual IP addresses and DNS records that you configured. [^2^]
|
|
|
|
*Value:* String
|
|
|
|
|platform:
|
|
nutanix:
|
|
clusterOSImage:
|
|
|Optional: By default, the installation program downloads and installs the {op-system-first} image. If Prism Central does not have internet access, you can override the default behavior by hosting the {op-system} image on any HTTP server and pointing the installation program to the image.
|
|
|
|
*Value:* An HTTP or HTTPS URL, optionally with a SHA-256 checksum. For example, \http://example.com/images/rhcos-47.83.202103221318-0-nutanix.x86_64.qcow2
|
|
|====
|
|
[.small]
|
|
--
|
|
1. The `prismElements` section holds a list of Prism Elements (clusters). A Prism Element encompasses all of the Nutanix resources, for example virtual machines and subnets, that are used to host the {product-title} cluster.
|
|
2. A maximum of 32 subnets for each Prism Element in an {product-title} cluster is supported. All `subnetUUID` values must be unique.
|
|
--
|
|
endif::nutanix[]
|
|
|
|
ifeval::["{context}" == "installation-config-parameters-vsphere"]
|
|
:!vsphere:
|
|
endif::[]
|
|
ifeval::["{context}" == "installation-config-parameters-gcp"]
|
|
:!gcp:
|
|
endif::[]
|
|
ifeval::["{context}" == "installation-config-parameters-ibm-z"]
|
|
:!ibm-z:
|
|
endif::[]
|
|
ifeval::["{context}" == "installation-config-parameters-ibm-power"]
|
|
:!ibm-power:
|
|
endif::[]
|
|
ifeval::["{context}" == "installation-config-parameters-ash"]
|
|
:!ash:
|
|
endif::[]
|
|
ifeval::["{context}" == "installation-config-parameters-bare-metal"]
|
|
:!bare:
|
|
endif::[]
|
|
ifeval::["{context}" == "installation-config-parameters-ibm-cloud-vpc"]
|
|
:!ibm-cloud:
|
|
endif::[]
|
|
ifeval::["{context}" == "installation-config-parameters-ibm-power-vs"]
|
|
:!ibm-power-vs:
|
|
endif::[]
|
|
ifeval::["{context}" == "installation-config-parameters-nutanix"]
|
|
:!nutanix:
|
|
endif::[]
|
|
ifeval::["{context}" == "installation-config-parameters-openstack"]
|
|
:!osp:
|
|
endif::[]
|
|
ifeval::["{context}" == "installation-config-parameters-azure"]
|
|
:!azure:
|
|
endif::[]
|
|
ifeval::["{context}" == "installation-config-parameters-aws"]
|
|
:!aws:
|
|
endif::[]
|
|
ifeval::["{context}" == "installation-config-parameters-agent"]
|
|
:!agent:
|
|
endif::[]
|
|
:!platform:
|