openshift-docs/modules/installation-configuration-parameters.adoc

// Module included in the following assemblies:
//
// * installing/installing_aws/installing-aws-china.adoc
// * installing/installing_aws/installing-aws-customizations.adoc
// * installing/installing_aws/installing-aws-government-region.adoc
// * installing/installing_aws/installing-aws-network-customizations.adoc
// * installing/installing_aws/installing-aws-private.adoc
// * installing/installing_aws/installing-aws-secret-region.adoc
// * installing/installing_aws/installing-aws-vpc.adoc
// * installing/installing_aws/installing-restricted-networks-aws-installer-provisioned.adoc
// * installing/installing_azure/installing-azure-customizations.adoc
// * installing/installing_azure/installing-azure-government-region.adoc
// * installing/installing_azure/installing-azure-network-customizations.adoc
// * installing/installing_azure/installing-azure-private.adoc
// * installing/installing_azure/installing-azure-vnet.adoc
// * installing/installing_bare_metal/installing-bare-metal-network-customizations.adoc
// * installing/installing_bare_metal/installing-bare-metal.adoc
// * installing/installing_bare_metal/installing-restricted-networks-bare-metal.adoc
// * installing/installing_gcp/installing-gcp-customizations.adoc
// * installing/installing_gcp/installing-gcp-network-customizations.adoc
// * installing/installing_gcp/installing-gcp-private.adoc
// * installing/installing_gcp/installing-gcp-vpc.adoc
// * installing/installing_gcp/installing-restricted-networks-gcp-installer-provisioned.adoc
// * installing/installing_ibm_power/installing-ibm-power.adoc
// * installing/installing_ibm_power/installing-restricted-networks-ibm-power.adoc
// * installing/installing_ibm_z/installing-ibm-z-kvm.adoc
// * installing/installing_ibm_z/installing-ibm-z.adoc
// * installing/installing_ibm_z/installing-restricted-networks-ibm-z-kvm.adoc
// * installing/installing_ibm_z/installing-restricted-networks-ibm-z.adoc
// * installing/installing_openstack/installing-openstack-installer-custom.adoc
// * installing/installing_openstack/installing-openstack-installer-kuryr.adoc
// * installing/installing_openstack/installing-openstack-installer-restricted.adoc
// * installing/installing_openstack/installing-openstack-installer-sr-iov.adoc
// * installing/installing_openstack/installing-openstack-user-kuryr.adoc
// * installing/installing_openstack/installing-openstack-user-sr-iov-kuryr.adoc
// * installing/installing_openstack/installing-openstack-user-sr-iov.adoc
// * installing/installing_openstack/installing-openstack-user.adoc
// * installing/installing_rhv/installing-rhv-customizations.adoc
// * installing/installing_vmc/installing-restricted-networks-vmc.adoc
// * installing/installing_vmc/installing-vmc-customizations.adoc
// * installing/installing_vmc/installing-vmc-network-customizations.adoc
// * installing/installing_vsphere/installing-restricted-networks-installer-provisioned-vsphere.adoc
// * installing/installing_vsphere/installing-vsphere-installer-provisioned-customizations.adoc
// * installing/installing_vsphere/installing-vsphere-installer-provisioned-network-customizations.adoc
// * installing/installing_azure_stack_hub/installing-azure-stack-hub-default.adoc

ifeval::["{context}" == "installing-aws-customizations"]
:aws:
endif::[]
ifeval::["{context}" == "installing-aws-government-region"]
:aws:
endif::[]
ifeval::["{context}" == "installing-aws-secret-region"]
:aws:
endif::[]
ifeval::["{context}" == "installing-aws-network-customizations"]
:aws:
endif::[]
ifeval::["{context}" == "installing-aws-private"]
:aws:
endif::[]
ifeval::["{context}" == "installing-aws-vpc"]
:aws:
endif::[]
ifeval::["{context}" == "installing-restricted-networks-aws-installer-provisioned"]
:aws:
endif::[]
ifeval::["{context}" == "installing-azure-customizations"]
:azure:
endif::[]
ifeval::["{context}" == "installing-azure-government-region"]
:azure:
endif::[]
ifeval::["{context}" == "installing-azure-network-customizations"]
:azure:
endif::[]
ifeval::["{context}" == "installing-azure-private"]
:azure:
endif::[]
ifeval::["{context}" == "installing-azure-vnet"]
:azure:
endif::[]
ifeval::["{context}" == "installing-gcp-customizations"]
:gcp:
endif::[]
// OSDOCS-1640 - IPv4/IPv6 dual-stack bare metal only
// But only for installer-provisioned
// https://bugzilla.redhat.com/show_bug.cgi?id=2020416
//ifeval::["{context}" == "installing-bare-metal"]
//:bare:
//endif::[]
// OSDOCS-1640 - IPv4/IPv6 dual-stack bare metal only
// But only for installer-provisioned
// https://bugzilla.redhat.com/show_bug.cgi?id=2020416
//ifeval::["{context}" == "installing-bare-metal-network-customizations"]
//:bare:
//endif::[]
// OSDOCS-1640 - IPv4/IPv6 dual-stack bare metal only
// But only for installer-provisioned
// https://bugzilla.redhat.com/show_bug.cgi?id=2020416
//ifeval::["{context}" == "installing-restricted-networks-bare-metal"]
//:bare:
//endif::[]
ifeval::["{context}" == "installing-gcp-private"]
:gcp:
endif::[]
ifeval::["{context}" == "installing-gcp-network-customizations"]
:gcp:
endif::[]
ifeval::["{context}" == "installing-gcp-vpc"]
:gcp:
endif::[]
ifeval::["{context}" == "installing-restricted-networks-gcp-installer-provisioned"]
:gcp:
endif::[]
ifeval::["{context}" == "installing-aws-customizations"]
:aws:
endif::[]
ifeval::["{context}" == "installing-openstack-installer-custom"]
:osp:
:osp-custom:
endif::[]
ifeval::["{context}" == "installing-openstack-installer-kuryr"]
:osp:
:osp-kuryr:
endif::[]
ifeval::["{context}" == "installing-openstack-user"]
:osp:
:osp-custom:
endif::[]
ifeval::["{context}" == "installing-openstack-user-kuryr"]
:osp:
:osp-kuryr:
endif::[]
ifeval::["{context}" == "installing-openstack-user-sr-iov"]
:osp:
:osp-custom:
endif::[]
ifeval::["{context}" == "installing-openstack-user-sr-iov-kuryr"]
:osp:
:osp-kuryr:
endif::[]
ifeval::["{context}" == "installing-rhv-customizations"]
:rhv:
endif::[]
ifeval::["{context}" == "installing-vsphere-installer-provisioned-customizations"]
:vsphere:
endif::[]
ifeval::["{context}" == "installing-vsphere-installer-provisioned-network-customizations"]
:vsphere:
endif::[]
ifeval::["{context}" == "installing-vmc-customizations"]
:vmc:
endif::[]
ifeval::["{context}" == "installing-vmc-network-customizations"]
:vmc:
endif::[]
ifeval::["{context}" == "installing-restricted-networks-vmc"]
:vmc:
endif::[]
ifeval::["{context}" == "installing-openstack-installer-restricted"]
:osp:
:osp-custom:
endif::[]
ifeval::["{context}" == "installing-restricted-networks-installer-provisioned-vsphere"]
:vsphere:
endif::[]
ifeval::["{context}" == "installing-ibm-z"]
:ibm-z:
endif::[]
ifeval::["{context}" == "installing-ibm-z-kvm"]
:ibm-z:
endif::[]
ifeval::["{context}" == "installing-restricted-networks-ibm-z"]
:ibm-z:
endif::[]
ifeval::["{context}" == "installing-restricted-networks-ibm-z-kvm"]
:ibm-z:
endif::[]
ifeval::["{context}" == "installing-ibm-power"]
:ibm-power:
endif::[]
ifeval::["{context}" == "installing-restricted-networks-ibm-power"]
:ibm-power:
endif::[]
ifeval::["{context}" == "installing-azure-stack-hub-default"]
:ash-default:
endif::[]

:_content-type: CONCEPT
[id="installation-configuration-parameters_{context}"]
= Installation configuration parameters

// If install-config.yaml is generated by openshift-install
ifndef::bare,ibm-power,ibm-z,ash-default[]
Before you deploy an {product-title} cluster, you provide parameter values to describe your account on the cloud platform that hosts your cluster and optionally customize your cluster's platform. When you create the `install-config.yaml` installation configuration file, you provide values for the required parameters through the command line. If you customize your cluster, you can modify the `install-config.yaml` file to provide more details about the platform.
endif::bare,ibm-power,ibm-z,ash-default[]
// If the user manually creates install-config.yaml
ifdef::bare,ibm-power,ibm-z,ash-default[]
Before you deploy an {product-title} cluster, you provide a customized `install-config.yaml` installation configuration file that describes the details for your environment.
endif::bare,ibm-power,ibm-z,ash-default[]

[NOTE]
====
After installation, you cannot modify these parameters in the `install-config.yaml` file.
====

[id="installation-configuration-parameters-required_{context}"]
== Required configuration parameters

Required installation configuration parameters are described in the following table:

.Required parameters
[cols=".^2,.^3,.^5a",options="header"]
|====
|Parameter|Description|Values

|`apiVersion`
|The API version for the `install-config.yaml` content. The current version is `v1`. The installer may also support older API versions.
|String

|`baseDomain`
|The base domain of your cloud provider. The base domain is used to create routes to your {product-title} cluster components. The full DNS name for your cluster is a combination of the `baseDomain` and `metadata.name` parameter values that uses the `<metadata.name>.<baseDomain>` format.
|A fully-qualified domain or subdomain name, such as `example.com`.

|`metadata`
|Kubernetes resource `ObjectMeta`, from which only the `name` parameter is consumed.
|Object

|`metadata.name`
|The name of the cluster. DNS records for the cluster are all subdomains of `{{.metadata.name}}.{{.baseDomain}}`.
|String of lowercase letters, hyphens (`-`), and periods (`.`), such as `dev`.
ifdef::osp[]
The string must be 14 characters or fewer long.
endif::osp[]

|`platform`
|The configuration for the specific platform upon which to perform the installation: `aws`, `baremetal`, `azure`, `openstack`, `ovirt`, `vsphere`, or `{}`. For additional information about `platform.<platform>` parameters, consult the table for your specific platform that follows.
|Object

ifndef::openshift-origin[]
|`pullSecret`
|Get a pull secret from link:https://console.redhat.com/openshift/install/pull-secret[] to authenticate downloading container images for {product-title} components from services such as Quay.io.
|
[source,json]
----
{
   "auths":{
      "cloud.openshift.com":{
         "auth":"b3Blb=",
         "email":"you@example.com"
      },
      "quay.io":{
         "auth":"b3Blb=",
         "email":"you@example.com"
      }
   }
}
----
endif::[]

|====

[id="installation-configuration-parameters-network_{context}"]
== Network configuration parameters

You can customize your installation configuration based on the requirements of your existing network infrastructure. For example, you can expand the IP address block for the cluster network or provide different IP address blocks than the defaults.

ifndef::bare[]
Only IPv4 addresses are supported.
endif::bare[]
ifdef::bare[]
If you use the OVN-Kubernetes cluster network provider, both IPv4 and IPv6 address families are supported.

If you use the OpenShift SDN cluster network provider, only the IPv4 address family is supported.

If you configure your cluster to use both IP address families, review the following requirements:

* Both IP families must use the same network interface for the default gateway.

* You must specify IPv4 and IPv6 addresses in the same order for all network configuration parameters. For example, in the following configuration IPv4 addresses are listed before IPv6 addresses.
+
[source,yaml]
----
networking:
  clusterNetwork:
  - cidr: 10.128.0.0/14
    hostPrefix: 23
  - cidr: fd00:10:128::/56
    hostPrefix: 64
  serviceNetwork:
  - 172.30.0.0/16
  - fd00:172:16::/112
----
endif::bare[]

.Network parameters
[cols=".^2,.^3a,.^3a",options="header"]
|====
|Parameter|Description|Values

|`networking`
|The configuration for the cluster network.
|Object

[NOTE]
====
You cannot modify parameters specified by the `networking` object after installation.
====

|`networking.networkType`
|The cluster network provider Container Network Interface (CNI) plug-in to install.
|
ifdef::openshift-origin[]
Either `OpenShiftSDN` or `OVNKubernetes`. The default value is `OVNKubernetes`.
endif::openshift-origin[]
ifndef::openshift-origin[]
Either `OpenShiftSDN` or `OVNKubernetes`. The default value is `OpenShiftSDN`.
endif::openshift-origin[]

|`networking.clusterNetwork`
|
The IP address blocks for pods.

The default value is `10.128.0.0/14` with a host prefix of `/23`.

If you specify multiple IP address blocks, the blocks must not overlap.
|An array of objects. For example:

[source,yaml]
----
ifndef::bare[]
networking:
  clusterNetwork:
  - cidr: 10.128.0.0/14
    hostPrefix: 23
endif::bare[]
ifdef::bare[]
networking:
  clusterNetwork:
  - cidr: 10.128.0.0/14
    hostPrefix: 23
  - cidr: fd01::/48
    hostPrefix: 64
endif::bare[]
----

|`networking.clusterNetwork.cidr`
|
Required if you use `networking.clusterNetwork`. An IP address block.

ifndef::bare[]
An IPv4 network.
endif::bare[]
ifdef::bare[]
If you use the OpenShift SDN network provider, specify an IPv4 network. If you use the OVN-Kubernetes network provider, you can specify IPv4 and IPv6 networks.
endif::bare[]
|
An IP address block in Classless Inter-Domain Routing (CIDR) notation.
The prefix length for an IPv4 block is between `0` and `32`.
ifdef::bare[]
The prefix length for an IPv6 block is between `0` and `128`. For example, `10.128.0.0/14` or `fd01::/48`.
endif::bare[]

|`networking.clusterNetwork.hostPrefix`
|The subnet prefix length to assign to each individual node. For example, if `hostPrefix` is set to `23` then each node is assigned a `/23` subnet out of the given `cidr`. A `hostPrefix` value of `23` provides 510 (2^(32 - 23) - 2) pod IP addresses.
|
A subnet prefix.

ifndef::bare[]
The default value is `23`.
endif::bare[]
ifdef::bare[]
For an IPv4 network the default value is `23`.
For an IPv6 network the default value is `64`. The default value is also the minimum value for IPv6.
endif::bare[]

|`networking.serviceNetwork`
|
The IP address block for services. The default value is `172.30.0.0/16`.

The OpenShift SDN and OVN-Kubernetes network providers support only a single IP address block for the service network.

ifdef::bare[]
If you use the OVN-Kubernetes network provider, you can specify an IP address block for both of the IPv4 and IPv6 address families.
endif::bare[]

|
An array with an IP address block in CIDR format. For example:

[source,yaml]
----
ifndef::bare[]
networking:
  serviceNetwork:
   - 172.30.0.0/16
endif::bare[]
ifdef::bare[]
networking:
  serviceNetwork:
   - 172.30.0.0/16
   - fd02::/112
endif::bare[]
----

|`networking.machineNetwork`
|
The IP address blocks for machines.

If you specify multiple IP address blocks, the blocks must not overlap.

ifdef::ibm-z,ibm-power[]
If you specify multiple IP kernel arguments, the `machineNetwork.cidr` value must be the CIDR of the primary network.
endif::ibm-z,ibm-power[]
|An array of objects. For example:

[source,yaml]
----
networking:
  machineNetwork:
  - cidr: 10.0.0.0/16
----

|`networking.machineNetwork.cidr`
|
Required if you use `networking.machineNetwork`. An IP address block. The default value is `10.0.0.0/16` for all platforms other than libvirt. For libvirt, the default value is `192.168.126.0/24`.
|
An IP network block in CIDR notation.

ifndef::bare[]
For example, `10.0.0.0/16`.
endif::bare[]
ifdef::bare[]
For example, `10.0.0.0/16` or `fd00::/48`.
endif::bare[]

[NOTE]
====
Set the `networking.machineNetwork` to match the CIDR that the preferred NIC resides in.
====

|====

[id="installation-configuration-parameters-optional_{context}"]
== Optional configuration parameters

Optional installation configuration parameters are described in the following table:

.Optional parameters
[cols=".^2,.^3a,.^3a",options="header"]
|====
|Parameter|Description|Values

|`additionalTrustBundle`
|A PEM-encoded X.509 certificate bundle that is added to the nodes' trusted certificate store. This trust bundle may also be used when a proxy has been configured.
|String

|`cgroupsV2`
|Enables link:https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v2.html[Linux control groups version 2] (cgroups v2) on specific nodes in your cluster. The {product-title} process for enabling cgroups v2 disables all cgroup version 1 controllers and hierarchies. The {product-title} cgroups version 2 feature is in Developer Preview and is not supported by Red Hat at this time.
|`true`

|`compute`
|The configuration for the machines that comprise the compute nodes.
|Array of `MachinePool` objects.
ifdef::rhv[]
For details, see the "Additional RHV parameters for machine pools" table.
endif::rhv[]

ifndef::ibm-z,ibm-power[]
|`compute.architecture`
|Determines the instruction set architecture of the machines in the pool. Currently, clusters with varied architectures are not supported. All pools must specify the same architecture. Valid values are `amd64` and `arm64`. See _Supported installation methods for different platforms_ in _Installing_ documentation for information about instance availability.
|String
endif::ibm-z,ibm-power[]

ifdef::ibm-z[]
|`compute.architecture`
|Determines the instruction set architecture of the machines in the pool. Currently, heteregeneous clusters are not supported, so all pools must specify the same architecture. Valid values are `s390x` (the default).
|String
endif::ibm-z[]

ifdef::ibm-power[]
|`compute.architecture`
|Determines the instruction set architecture of the machines in the pool. Currently, heteregeneous clusters are not supported, so all pools must specify the same architecture. Valid values are `ppc64le` (the default).
|String
endif::ibm-power[]

|`compute.hyperthreading`
|Whether to enable or disable simultaneous multithreading, or `hyperthreading`, on compute machines. By default, simultaneous multithreading is enabled to increase the performance of your machines' cores.
[IMPORTANT]
====
If you disable simultaneous multithreading, ensure that your capacity planning
accounts for the dramatically decreased machine performance.
====
|`Enabled` or `Disabled`

|`compute.name`
|Required if you use `compute`. The name of the machine pool.
|`worker`

|`compute.platform`
|Required if you use `compute`. Use this parameter to specify the cloud provider to host the worker machines. This parameter value must match the `controlPlane.platform` parameter value.
|`aws`, `azure`, `gcp`, `openstack`, `ovirt`, `vsphere`, or `{}`

|`compute.replicas`
|The number of compute machines, which are also known as worker machines, to provision.
|A positive integer greater than or equal to `2`. The default value is `3`.

|`controlPlane`
|The configuration for the machines that comprise the control plane.
|Array of `MachinePool` objects.
ifdef::rhv[]
For details, see the "Additional RHV parameters for machine pools" table.
endif::rhv[]

ifndef::ibm-z,ibm-power[]
|`controlPlane.architecture`
|Determines the instruction set architecture of the machines in the pool. Currently, clusters with varied architectures are not supported. All pools must specify the same architecture. Valid values are `amd64` and `arm64`. See _Supported installation methods for different platforms_ in _Installing_ documentation for information about instance availability.
|String
endif::ibm-z,ibm-power[]

ifdef::ibm-z[]
|`controlPlane.architecture`
|Determines the instruction set architecture of the machines in the pool. Currently, heterogeneous clusters are not supported, so all pools must specify the same architecture. Valid values are `s390x` (the default).
|String
endif::ibm-z[]

ifdef::ibm-power[]
|`controlPlane.architecture`
|Determines the instruction set architecture of the machines in the pool. Currently, heterogeneous clusters are not supported, so all pools must specify the same architecture. Valid values are `ppc64le` (the default).
|String
endif::ibm-power[]

|`controlPlane.hyperthreading`
|Whether to enable or disable simultaneous multithreading, or `hyperthreading`, on control plane machines. By default, simultaneous multithreading is enabled to increase the performance of your machines' cores.
[IMPORTANT]
====
If you disable simultaneous multithreading, ensure that your capacity planning
accounts for the dramatically decreased machine performance.
====
|`Enabled` or `Disabled`

|`controlPlane.name`
|Required if you use `controlPlane`. The name of the machine pool.
|`master`

|`controlPlane.platform`
|Required if you use `controlPlane`. Use this parameter to specify the cloud provider that hosts the control plane machines. This parameter value must match the `compute.platform` parameter value.
|`aws`, `azure`, `gcp`, `openstack`, `ovirt`, `vsphere`, or `{}`

|`controlPlane.replicas`
|The number of control plane machines to provision.
|The only supported value is `3`, which is the default value.

|`credentialsMode`
|The Cloud Credential Operator (CCO) mode. If no mode is specified, the CCO dynamically tries to determine the capabilities of the provided credentials, with a preference for mint mode on the platforms where multiple modes are supported.
[NOTE]
====
Not all CCO modes are supported for all cloud providers. For more information on CCO modes, see the _Cloud Credential Operator_ entry in the _Platform Operators reference_ content.
====
|`Mint`, `Passthrough`, `Manual`, or an empty string (`""`).
ifndef::openshift-origin[]
|`fips`
|Enable or disable FIPS mode. The default is `false` (disabled). If FIPS mode is enabled, the {op-system-first} machines that {product-title} runs on bypass the default Kubernetes cryptography suite and use the cryptography modules that are provided with {op-system} instead.
[IMPORTANT]
====
The use of FIPS Validated / Modules in Process cryptographic libraries is only supported on {product-title} deployments on the `x86_64` architecture.
====
[NOTE]
====
If you are using Azure File storage, you cannot enable FIPS mode.
====
|`false` or `true`
endif::openshift-origin[]
|`imageContentSources`
|Sources and repositories for the release-image content.
|Array of objects. Includes a `source` and, optionally, `mirrors`, as described in the following rows of this table.

|`imageContentSources.source`
|Required if you use `imageContentSources`. Specify the repository that users refer to, for example, in image pull specifications.
|String

|`imageContentSources.mirrors`
|Specify one or more repositories that may also contain the same images.
|Array of strings

|`publish`
|How to publish or expose the user-facing endpoints of your cluster, such as the Kubernetes API, OpenShift routes.
|
ifdef::aws,azure,gcp[]
`Internal` or `External`. To deploy a private cluster, which cannot be accessed from the internet, set `publish` to `Internal`. The default value is `External`.
endif::[]
ifndef::aws,azure,gcp[]
`Internal` or `External`. The default value is `External`.

Setting this field to `Internal` is not supported on non-cloud platforms.
ifeval::[{product-version} <= 4.7]
[IMPORTANT]
====
If the value of the field is set to `Internal`, the cluster will become non-functional. For more information, refer to link:https://bugzilla.redhat.com/show_bug.cgi?id=1953035[BZ#1953035].
====
endif::[]
endif::[]

|`sshKey`
| The SSH key or keys to authenticate access your cluster machines.
[NOTE]
====
For production {product-title} clusters on which you want to perform installation debugging or disaster recovery, specify an SSH key that your `ssh-agent` process uses.
====
a|One or more keys. For example:
```
sshKey:
  <key1>
  <key2>
  <key3>
```
|====

ifdef::aws[]
[id="installation-configuration-parameters-optional-aws_{context}"]
== Optional AWS configuration parameters

Optional AWS configuration parameters are described in the following table:

.Optional AWS parameters
[cols=".^2,.^3,.^5a",options="header"]
|====
|Parameter|Description|Values

|`compute.platform.aws.amiID`
|The AWS AMI used to boot compute machines for the cluster. This is required for regions that require a custom {op-system} AMI.
|Any published or custom {op-system} AMI that belongs to the set AWS region. See _{op-system} AMIs for AWS infrastructure_ for available AMI IDs.

|`compute.platform.aws.iamRole`
|A pre-existing AWS IAM role applied to the compute machine pool instance profiles. You can use these fields to match naming schemes and include predefined permissions boundaries for your IAM roles. If undefined, the installation program creates a new IAM role.
|The name of a valid AWS IAM role.

|`compute.platform.aws.rootVolume.iops`
|The Input/Output Operations Per Second (IOPS) that is reserved for the root volume.
|Integer, for example `4000`.

|`compute.platform.aws.rootVolume.size`
|The size in GiB of the root volume.
|Integer, for example `500`.

|`compute.platform.aws.rootVolume.type`
|The type of the root volume.
|Valid link:https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html[AWS EBS volume type],
such as `io1`.

|`compute.platform.aws.type`
|The EC2 instance type for the compute machines.
|Valid AWS instance type, such as `m4.2xlarge`. See the *Supported AWS machine types* table that follows.
//add an xref when possible.

|`compute.platform.aws.zones`
|The availability zones where the installation program creates machines for the compute machine pool. If you provide your own VPC, you must provide a subnet in that availability zone.
|A list of valid AWS availability zones, such as `us-east-1c`, in a
link:https://yaml.org/spec/1.2/spec.html#sequence//[YAML sequence].

|`compute.aws.region`
|The AWS region that the installation program creates compute resources in.
|Any valid link:https://docs.aws.amazon.com/general/latest/gr/rande.html[AWS region], such as `us-east-1`.
[IMPORTANT]
====
When running on ARM based AWS A1 instances, ensure that you enter a region where AWS Graviton processors are available. See link:https://aws.amazon.com/ec2/graviton/#Global_availability[Global availability] map in the AWS documentation.
====


|`controlPlane.platform.aws.amiID`
|The AWS AMI used to boot control plane machines for the cluster.  This is required for regions that require a custom {op-system} AMI.
|Any published or custom {op-system} AMI that belongs to the set AWS region. See _{op-system} AMIs for AWS infrastructure_ for available AMI IDs.

|`controlPlane.platform.aws.iamRole`
|A pre-existing AWS IAM role applied to the control plane machine pool instance profiles. You can use these fields to match naming schemes and include predefined permissions boundaries for your IAM roles. If undefined, the installation program creates a new IAM role.
|The name of a valid AWS IAM role.

|`controlPlane.platform.aws.type`
|The EC2 instance type for the control plane machines.
|Valid AWS instance type, such as `m5.xlarge`. See the *Supported AWS machine types* table that follows.
//add an xref when possible

|`controlPlane.platform.aws.zones`
|The availability zones where the installation program creates machines for the
control plane machine pool.
|A list of valid AWS availability zones, such as `us-east-1c`, in a link:https://yaml.org/spec/1.2/spec.html#sequence//[YAML sequence].

|`controlPlane.aws.region`
|The AWS region that the installation program creates control plane resources in.
|Valid link:https://docs.aws.amazon.com/general/latest/gr/rande.html[AWS region], such as `us-east-1`.

|`platform.aws.amiID`
|The AWS AMI used to boot all machines for the cluster. If set, the AMI must
belong to the same region as the cluster. This is required for regions that require a custom {op-system} AMI.
|Any published or custom {op-system} AMI that belongs to the set AWS region. See _{op-system} AMIs for AWS infrastructure_ for available AMI IDs.

|`platform.aws.hostedZone`
|An existing Route 53 private hosted zone for the cluster. You can only use a pre-existing hosted zone when also supplying your own VPC. The hosted zone must already be associated with the user-provided VPC before installation. Also, the domain of the hosted zone must be the cluster domain or a parent of the cluster domain. If undefined, the installation program creates a new hosted zone.
|String, for example `Z3URY6TWQ91KVV`.

|`platform.aws.serviceEndpoints.name`
|The AWS service endpoint name. Custom endpoints are only required for cases
where alternative AWS endpoints, like FIPS, must be used. Custom API endpoints
can be specified for EC2, S3, IAM, Elastic Load Balancing, Tagging, Route 53,
and STS AWS services.
|Valid link:https://docs.aws.amazon.com/general/latest/gr/rande.html[AWS service endpoint] name.

|`platform.aws.serviceEndpoints.url`
|The AWS service endpoint URL. The URL must use the `https` protocol and the
host must trust the certificate.
|Valid link:https://docs.aws.amazon.com/general/latest/gr/rande.html[AWS service endpoint] URL.

|`platform.aws.userTags`
|A map of keys and values that the installation program adds as tags to all resources that it creates.
|Any valid YAML map, such as key value pairs in the `<key>: <value>` format. For more information about AWS tags, see link:https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html[Tagging Your Amazon EC2 Resources] in the AWS documentation.

|`platform.aws.subnets`
|If you provide the VPC instead of allowing the installation program to create the VPC for you, specify the subnet for the cluster to use. The subnet must be part of the same `machineNetwork[].cidr` ranges that you specify. For a standard cluster, specify a public and a private subnet for each availability zone. For a private cluster, specify a private subnet for each availability zone.
|Valid subnet IDs.

|====
endif::aws[]

ifdef::osp[]
[id="installation-configuration-parameters-additional-osp_{context}"]
== Additional {rh-openstack-first} configuration parameters

Additional {rh-openstack} configuration parameters are described in the following table:

.Additional {rh-openstack} parameters
[cols=".^2m,.^3a,^5a",options="header"]
|====
|Parameter|Description|Values

|`compute.platform.openstack.rootVolume.size`
|For compute machines, the size in gigabytes of the root volume. If you do not set this value, machines use ephemeral storage.
|Integer, for example `30`.

|`compute.platform.openstack.rootVolume.type`
|For compute machines, the root volume's type.
|String, for example `performance`.

|`controlPlane.platform.openstack.rootVolume.size`
|For control plane machines, the size in gigabytes of the root volume. If you do not set this value, machines use ephemeral storage.
|Integer, for example `30`.

|`controlPlane.platform.openstack.rootVolume.type`
|For control plane machines, the root volume's type.
|String, for example `performance`.

|`platform.openstack.cloud`
|The name of the {rh-openstack} cloud to use from the list of clouds in the
`clouds.yaml` file.
|String, for example `MyCloud`.

|`platform.openstack.externalNetwork`
|The {rh-openstack} external network name to be used for installation.
|String, for example `external`.

|`platform.openstack.computeFlavor`
|The {rh-openstack} flavor to use for control plane and compute machines.

This property is deprecated. To use a flavor as the default for all machine pools, add it as the value of the `type` key in the `platform.openstack.defaultMachinePlatform` property. You can also set a flavor value for each machine pool individually.

|String, for example `m1.xlarge`.
|====

[id="installation-configuration-parameters-optional-osp_{context}"]
== Optional {rh-openstack} configuration parameters

Optional {rh-openstack} configuration parameters are described in the following table:

.Optional {rh-openstack} parameters
[%header, cols=".^2,.^3,.^5a"]
|====
|Parameter|Description|Values

|`compute.platform.openstack.additionalNetworkIDs`
|Additional networks that are associated with compute machines. Allowed address pairs are not created for additional networks.
|A list of one or more UUIDs as strings. For example, `fa806b2f-ac49-4bce-b9db-124bc64209bf`.

|`compute.platform.openstack.additionalSecurityGroupIDs`
|Additional security groups that are associated with compute machines.
|A list of one or more UUIDs as strings. For example, `7ee219f3-d2e9-48a1-96c2-e7429f1b0da7`.

|`compute.platform.openstack.zones`
|{rh-openstack} Compute (Nova) availability zones (AZs) to install machines on. If this parameter is not set, the installer relies on the default settings for Nova that the {rh-openstack} administrator configured.

On clusters that use Kuryr, {rh-openstack} Octavia does not support availability zones. Load balancers and, if you are using the Amphora provider driver, {product-title} services that rely on Amphora VMs, are not created according to the value of this property.
|A list of strings. For example, `["zone-1", "zone-2"]`.

|`compute.platform.openstack.rootVolume.zones`
|For compute machines, the availability zone to install root volumes on. If you do not set a value for this parameter, the installer selects the default availability zone.
|A list of strings, for example `["zone-1", "zone-2"]`.

|`controlPlane.platform.openstack.additionalNetworkIDs`
|Additional networks that are associated with control plane machines. Allowed address pairs are not created for additional networks.
|A list of one or more UUIDs as strings. For example, `fa806b2f-ac49-4bce-b9db-124bc64209bf`.

|`controlPlane.platform.openstack.additionalSecurityGroupIDs`
|Additional security groups that are associated with control plane machines.
|A list of one or more UUIDs as strings. For example, `7ee219f3-d2e9-48a1-96c2-e7429f1b0da7`.

|`controlPlane.platform.openstack.zones`
|{rh-openstack} Compute (Nova) availability zones (AZs) to install machines on. If this parameter is not set, the installer relies on the default settings for Nova that the {rh-openstack} administrator configured.

On clusters that use Kuryr, {rh-openstack} Octavia does not support availability zones. Load balancers and, if you are using the Amphora provider driver, {product-title} services that rely on Amphora VMs, are not created according to the value of this property.
|A list of strings. For example, `["zone-1", "zone-2"]`.

|`controlPlane.platform.openstack.rootVolume.zones`
|For control plane machines,  the availability zone to install root volumes on. If you do not set this value, the installer selects the default availability zone.
|A list of strings, for example `["zone-1", "zone-2"]`.

|`platform.openstack.clusterOSImage`
|The location from which the installer downloads the {op-system} image.

You must set this parameter to perform an installation in a restricted network.
|An HTTP or HTTPS URL, optionally with an SHA-256 checksum.

For example, `\http://mirror.example.com/images/rhcos-43.81.201912131630.0-openstack.x86_64.qcow2.gz?sha256=ffebbd68e8a1f2a245ca19522c16c86f67f9ac8e4e0c1f0a812b068b16f7265d`.
The value can also be the name of an existing Glance image, for example `my-rhcos`.

|`platform.openstack.clusterOSImageProperties`
|Properties to add to the installer-uploaded ClusterOSImage in Glance. This property is ignored if `platform.openstack.clusterOSImage` is set to an existing Glance image.

You can use this property to exceed the default persistent volume (PV) limit for {rh-openstack} of 26 PVs per node. To exceed the limit, set the `hw_scsi_model` property value to `virtio-scsi` and the `hw_disk_bus` value to  `scsi`.

You can also use this property to enable the QEMU guest agent by including the `hw_qemu_guest_agent` property with a value of `yes`.
|A list of key-value string pairs. For example, `["hw_scsi_model": "virtio-scsi", "hw_disk_bus": "scsi"]`.

|`platform.openstack.defaultMachinePlatform`
|The default machine pool platform configuration.
|
[source,json]
----
{
   "type": "ml.large",
   "rootVolume": {
      "size": 30,
      "type": "performance"
   }
}
----

|`platform.openstack.ingressFloatingIP`
|An existing floating IP address to associate with the Ingress port. To use this property, you must also define the `platform.openstack.externalNetwork` property.
|An IP address, for example `128.0.0.1`.

|`platform.openstack.apiFloatingIP`
|An existing floating IP address to associate with the API load balancer. To use this property, you must also define the `platform.openstack.externalNetwork` property.
|An IP address, for example `128.0.0.1`.

|`platform.openstack.externalDNS`
|IP addresses for external DNS servers that cluster instances use for DNS resolution.
|A list of IP addresses as strings. For example, `["8.8.8.8", "192.168.1.12"]`.

|`platform.openstack.machinesSubnet`
|The UUID of a {rh-openstack} subnet that the cluster's nodes use. Nodes and virtual IP (VIP) ports are created on this subnet.

The first item in `networking.machineNetwork` must match the value of `machinesSubnet`.

If you deploy to a custom subnet, you cannot specify an external DNS server to the {product-title} installer. Instead, link:https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/16.0/html/command_line_interface_reference/subnet[add DNS to the subnet in {rh-openstack}].

|A UUID as a string. For example, `fa806b2f-ac49-4bce-b9db-124bc64209bf`.
|====
endif::osp[]

ifdef::azure[]
[id="installation-configuration-parameters-additional-azure_{context}"]
== Additional Azure configuration parameters

Additional Azure configuration parameters are described in the following table:

.Additional Azure parameters
[cols=".^2,.^3a,.^3a",options="header"]
|====
|Parameter|Description|Values

|`controlPlane.platform.azure.osDisk.diskSizeGB`
|The Azure disk size for the VM.
|Integer that represents the size of the disk in GB. The minimum supported disk size is `1024`.

|`platform.azure.baseDomainResourceGroupName`
|The name of the resource group that contains the DNS zone for your base domain.
|String, for example `production_cluster`.

|`platform.azure.resourceGroupName`
| The name of an already existing resource group to install your cluster to. This resource group must be empty and only used for this specific cluster; the cluster components assume ownership of all resources in the resource group. If you limit the service principal scope of the installation program to this resource group, you must ensure all other resources used by the installation program in your environment have the necessary permissions, such as the public DNS zone and virtual network. Destroying the cluster using the installation program deletes this resource group.
|String, for example `existing_resource_group`.

|`platform.azure.outboundType`
|The outbound routing strategy used to connect your cluster to the internet. If
you are using user-defined routing, you must have pre-existing networking
available where the outbound routing has already been configured prior to
installing a cluster. The installation program is not responsible for
configuring user-defined routing.
|`LoadBalancer` or `UserDefinedRouting`. The default is `LoadBalancer`.

|`platform.azure.region`
|The name of the Azure region that hosts your cluster.
|Any valid region name, such as `centralus`.

|`platform.azure.zone`
|List of availability zones to place machines in. For high availability, specify
at least two zones.
|List of zones, for example `["1", "2", "3"]`.

|`platform.azure.networkResourceGroupName`
|The name of the resource group that contains the existing VNet that you want to deploy your cluster to. This name cannot be the same as the `platform.azure.baseDomainResourceGroupName`.
|String.

|`platform.azure.virtualNetwork`
|The name of the existing VNet that you want to deploy your cluster to.
|String.

|`platform.azure.controlPlaneSubnet`
|The name of the existing subnet in your VNet that you want to deploy your control plane machines to.
|Valid CIDR, for example `10.0.0.0/16`.

|`platform.azure.computeSubnet`
|The name of the existing subnet in your VNet that you want to deploy your compute machines to.
|Valid CIDR, for example `10.0.0.0/16`.

|`platform.azure.cloudName`
|The name of the Azure cloud environment that is used to configure the Azure SDK with the appropriate Azure API endpoints. If empty, the default value `AzurePublicCloud` is used.
|Any valid cloud environment, such as `AzurePublicCloud` or `AzureUSGovernmentCloud`.

|====

[NOTE]
====
You cannot customize
link:https://azure.microsoft.com/en-us/global-infrastructure/availability-zones/[Azure Availability Zones]
or
link:https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-using-tags[Use tags to organize your Azure resources]
with an Azure cluster.
====
endif::azure[]

ifdef::gcp[]
[id="installation-configuration-parameters-additional-gcp_{context}"]
== Additional Google Cloud Platform (GCP) configuration parameters

Additional GCP configuration parameters are described in the following table:

.Additional GCP parameters
[cols=".^1,.^6a,.^3a",options="header"]
|====
|Parameter|Description|Values

|`platform.gcp.network`
|The name of the existing VPC that you want to deploy your cluster to.
|String.

|`platform.gcp.region`
|The name of the GCP region that hosts your cluster.
|Any valid region name, such as `us-central1`.

|`platform.gcp.type`
|The link:https://cloud.google.com/compute/docs/machine-types[GCP machine type].
|The GCP machine type.

|`platform.gcp.zones`
|The availability zones where the installation program creates machines for the specified MachinePool.
|A list of valid link:https://cloud.google.com/compute/docs/regions-zones#available[GCP availability zones], such as `us-central1-a`, in a
link:https://yaml.org/spec/1.2/spec.html#sequence//[YAML sequence].

|`platform.gcp.controlPlaneSubnet`
|The name of the existing subnet in your VPC that you want to deploy your control plane machines to.
|The subnet name.

|`platform.gcp.computeSubnet`
|The name of the existing subnet in your VPC that you want to deploy your compute machines to.
|The subnet name.

|`platform.gcp.licenses`
|A list of license URLs that must be applied to the compute images.
[IMPORTANT]
====
The `licenses` parameter is a deprecated field and nested virtualization is enabled by default. It is not recommended to use this field.
====
|Any license available with the link:https://cloud.google.com/compute/docs/reference/rest/v1/licenses/list[license API], such as the license to enable link:https://cloud.google.com/compute/docs/instances/nested-virtualization/overview[nested virtualization]. You cannot use this parameter with a mechanism that generates pre-built images. Using a license URL forces the installer to copy the source image before use.

|`platform.gcp.osDisk.diskSizeGB`
|The size of the disk in gigabytes (GB).
|Any size between 16 GB and 65536 GB.

|`platform.gcp.osDisk.diskType`
|The type of disk.
|Either the default `pd-ssd` or the `pd-standard` disk type. The control plane nodes must be the `pd-ssd` disk type. The worker nodes can be either type.

|`controlPlane.platform.gcp.osDisk.encryptionKey.kmsKey.name`
|The name of the customer managed encryption key to be used for control plane machine disk encryption.
|The encryption key name.

|`controlPlane.platform.gcp.osDisk.encryptionKey.kmsKey.keyRing`
|For control plane machines, the name of the KMS key ring to which the KMS key belongs.
|The KMS key ring name.

|`controlPlane.platform.gcp.osDisk.encryptionKey.kmsKey.location`
|For control plane machines, the GCP location in which the key ring exists. For more information on KMS locations, see Google's documentation on link:https://cloud.google.com/kms/docs/locations[Cloud KMS locations].
|The GCP location for the key ring.

|`controlPlane.platform.gcp.osDisk.encryptionKey.kmsKey.projectID`
|For control plane machines, the ID of the project in which the KMS key ring exists. This value defaults to the VM project ID if not set.
|The GCP project ID.

////
`controlPlane.platform.gcp.osDisk.encryptionKey.kmsKeyServiceAccount`

The GCP Compute Engine System service account used for the encryption request for the given KMS key. The Compute Engine default service account is always used for control plane machines during installation, which follows this pattern: `service-<project_number>@compute-system.iam.gserviceaccount.com`. The default service account must have access to the KMS key specified for the control plane machines. The custom service account defined is available for use during post-installation operations. For more information on GCP service accounts, see Google's documentation on link:https://cloud.google.com/iam/docs/service-accounts#types[Types of service accounts].

The GCP Compute Engine System service account email, like `<service_account_name>@<project_id>.iam.gserviceaccount.com`.
////
// kmsKeyServiceAccount not yet fully supported in 4.7. Re-add when more stable.

|`compute.platform.gcp.osDisk.encryptionKey.kmsKey.name`
|The name of the customer managed encryption key to be used for compute machine disk encryption.
|The encryption key name.

|`compute.platform.gcp.osDisk.encryptionKey.kmsKey.keyRing`
|For compute machines, the name of the KMS key ring to which the KMS key belongs.
|The KMS key ring name.

|`compute.platform.gcp.osDisk.encryptionKey.kmsKey.location`
|For compute machines, the GCP location in which the key ring exists. For more information on KMS locations, see Google's documentation on link:https://cloud.google.com/kms/docs/locations[Cloud KMS locations].
|The GCP location for the key ring.

|`compute.platform.gcp.osDisk.encryptionKey.kmsKey.projectID`
|For compute machines, the ID of the project in which the KMS key ring exists. This value defaults to the VM project ID if not set.
|The GCP project ID.

////
`compute.platform.gcp.osDisk.encryptionKey.kmsKeyServiceAccount`

For compute machines, the GCP Compute Engine System service account used for the encryption request for the given KMS key. If left undefined, the Compute Engine default service account is used, which follows this pattern: `service-<project_number>@compute-system.iam.gserviceaccount.com`. For more information on GCP service accounts, see Google's documentation on link:https://cloud.google.com/iam/docs/service-accounts#types[Types of service accounts].

The GCP Compute Engine System service account email, like `<service_account_name>@<project_id>.iam.gserviceaccount.com`.
////
// kmsKeyServiceAccount not yet fully supported in 4.7. Re-add when more stable.
|====

endif::gcp[]

ifdef::rhv[]
[id="installation-configuration-parameters-additional-rhv_{context}"]
== Additional {rh-virtualization-first} configuration parameters

Additional {rh-virtualization} configuration parameters are described in the following table:

[id="additional-virt-parameters-for-clusters_{context}"]
.Additional {rh-virtualization-first} parameters for clusters
[cols=".^2,.^3a,.^3a",options="header"]
|====
|Parameter|Description|Values

|`platform.ovirt.ovirt_cluster_id`
|Required. The Cluster where the VMs will be created.
|String. For example: `68833f9f-e89c-4891-b768-e2ba0815b76b`

|`platform.ovirt.ovirt_storage_domain_id`
|Required. The Storage Domain ID where the VM disks will be created.
|String. For example: `ed7b0f4e-0e96-492a-8fff-279213ee1468`

|`platform.ovirt.ovirt_network_name`
|Required. The network name where the VM nics will be created.
|String. For example: `ocpcluster`

|`platform.ovirt.vnicProfileID`
|Required. The vNIC profile ID of the VM network interfaces. This can be inferred if the cluster network has a single profile.
|String. For example: `3fa86930-0be5-4052-b667-b79f0a729692`

|`platform.ovirt.api_vip`
|Required. An IP address on the machine network that will be assigned to the API virtual IP (VIP). You can access the OpenShift API at this endpoint.
|String. Example: `10.46.8.230`

|`platform.ovirt.ingress_vip`
|Required. An IP address on the machine network that will be assigned to the Ingress virtual IP (VIP).
|String. Example: `10.46.8.232`

|`platform.ovirt.affinityGroups`
|Optional. A list of affinity groups to create during the installation process.
|List of objects.

|`platform.ovirt.affinityGroups.description`
|Required if you include `platform.ovirt.affinityGroups`. A description of the affinity group.
|String. Example: `AffinityGroup for spreading each compute machine to a different host`

|`platform.ovirt.affinityGroups.enforcing`
|Required if you include `platform.ovirt.affinityGroups`. When set to `true`, {rh-virtualization} does not provision any machines if not enough hardware nodes are available. When set to `false`, {rh-virtualization} does provision machines even if not enough hardware nodes are available, resulting in multiple virtual machines being hosted on the same physical machine.

|String. Example: `true`

|`platform.ovirt.affinityGroups.name`
|Required if you include `platform.ovirt.affinityGroups`. The name of the affinity group.
|String. Example: `compute`

|`platform.ovirt.affinityGroups.priority`
|Required if you include `platform.ovirt.affinityGroups`. The priority given to an affinity group when `platform.ovirt.affinityGroups.enforcing = false`. {rh-virtualization} applies affinity groups in the order of priority, where a greater number takes precedence over a lesser one. If multiple affinity groups have the same priority, the order in which they are applied is not guaranteed.
|Integer. Example: `3`
|====

[id="installation-configuration-parameters-additional-machine_{context}"]
== Additional {rh-virtualization} parameters for machine pools

Additional {rh-virtualization} configuration parameters for machine pools are described in the following table:

.Additional {rh-virtualization} parameters for machine pools
[cols=".^2,.^3a,.^3a",options="header"]
|====
|Parameter|Description|Values

|`<machine-pool>.platform.ovirt.cpu`
|Optional. Defines the CPU of the VM.
|Object

|`<machine-pool>.platform.ovirt.cpu.cores`
|Required if you use `<machine-pool>.platform.ovirt.cpu`. The number of cores. Total virtual CPUs (vCPUs) is cores * sockets.
|Integer

|`<machine-pool>.platform.ovirt.cpu.sockets`
|Required if you use `<machine-pool>.platform.ovirt.cpu`. The number of sockets per core. Total virtual CPUs (vCPUs) is cores * sockets.
|Integer

|`<machine-pool>.platform.ovirt.memoryMB`
|Optional. Memory of the VM in MiB.
|Integer

|`<machine-pool>.platform.ovirt.instanceTypeID`
|Optional. An instance type UUID, such as `00000009-0009-0009-0009-0000000000f1`, which you can get from the `https://<engine-fqdn>/ovirt-engine/api/instancetypes` endpoint.
|String of UUID

|`<machine-pool>.platform.ovirt.osDisk`
|Optional. Defines the first and bootable disk of the VM.
|String

|`<machine-pool>.platform.ovirt.osDisk.sizeGB`
|Required if you use `<machine-pool>.platform.ovirt.osDisk`. Size of the disk in GiB.
|Number

|`<machine-pool>.platform.ovirt.vmType`
|Optional. The VM workload type, such as `high-performance`, `server`, or `desktop`.  By default, master nodes use `high-performance`, and worker nodes use `server`. For details, see link:https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/html-single/virtual_machine_management_guide/index#Virtual_Machine_General_settings_explained[Explanation of Settings in the New Virtual Machine and Edit Virtual Machine Windows] and link:https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/html-single/virtual_machine_management_guide/index#Configuring_High_Performance_Virtual_Machines_Templates_and_Pools[Configuring High Performance Virtual Machines, Templates, and Pools] in the _Virtual Machine Management Guide_.
[NOTE]
====
`high_performance` improves performance on the VM, but there are limitations. For example, you cannot access the VM with a graphical console. For more information, see link:https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/html-single/virtual_machine_management_guide/index#Configuring_High_Performance_Virtual_Machines_Templates_and_Pools[Configuring High Performance Virtual Machines, Templates, and Pools] in the _Virtual Machine Management Guide_.
====
|String

|`<machine-pool>.platform.ovirt.affinityGroupsNames`
|Optional. A list of affinity group names that should be applied to the virtual machines. The affinity groups must exist in {rh-virtualization}, or be created during installation as described in _Additional {rh-virtualization} parameters for clusters_ in this topic. This entry can be empty.
// xref:../../installing/installing_rhv/installing-rhv-customizations.adoc#additional-virt-parameters-for-clusters[Additional {rh-virtualization} parameters for clusters]. This entry can be empty.
//xref:../../additional-virt-parameters-for-clusters[Additional {rh-virtualization} parameters for clusters]. This entry can be empty.

.Example with two affinity groups

This example defines two affinity groups, named `compute` and `clusterWideNonEnforcing`:

[source,yaml]
----
<machine-pool>:
  platform:
    ovirt:
      affinityGroupNames:
        - compute
        - clusterWideNonEnforcing
----

This example defines no affinity groups:

[source,yaml]
----
<machine-pool>:
  platform:
    ovirt:
      affinityGroupNames: []
----
|String
|`<machine-pool>.platform.ovirt.AutoPinningPolicy`
| Optional. AutoPinningPolicy defines the policy to automatically set the CPU and NUMA settings, including pinning to the host for the instance. When the field is omitted, the default is `none`. Supported values: `none`, `resize_and_pin`. For more information, see link:https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/html-single/virtual_machine_management_guide/index#Setting_NUMA_Nodes[Setting NUMA Nodes] in the _Virtual Machine Management Guide_.

|String
|`<machine-pool>.platform.ovirt.hugepages`
|Optional. Hugepages is the size in KiB for defining hugepages in a VM. Supported values: `2048` or `1048576`. For more information, see link:https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/html-single/virtual_machine_management_guide/index#Configuring_Huge_Pages[Configuring Huge Pages] in the _Virtual Machine Management Guide_.

|Integer

|====

[NOTE]
====
You can replace `<machine-pool>` with `controlPlane` or `compute`.
====

endif::rhv[]

ifdef::vsphere,vmc[]
[id="installation-configuration-parameters-additional-vsphere_{context}"]
== Additional VMware vSphere configuration parameters

Additional VMware vSphere configuration parameters are described in the following table:

.Additional VMware vSphere cluster parameters
[cols=".^2,.^3a,.^3a",options="header"]
|====
|Parameter|Description|Values

|`platform.vsphere.vCenter`
|The fully-qualified hostname or IP address of the vCenter server.
|String

|`platform.vsphere.username`
|The user name to use to connect to the vCenter instance with. This user must have at least
the roles and privileges that are required for
link:https://vmware.github.io/vsphere-storage-for-kubernetes/documentation/vcp-roles.html[static or dynamic persistent volume provisioning]
in vSphere.
|String

|`platform.vsphere.password`
|The password for the vCenter user name.
|String

|`platform.vsphere.datacenter`
|The name of the datacenter to use in the vCenter instance.
|String

|`platform.vsphere.defaultDatastore`
|The name of the default datastore to use for provisioning volumes.
|String

|`platform.vsphere.folder`
|_Optional_. The absolute path of an existing folder where the installation program creates the virtual machines. If you do not provide this value, the installation program creates a folder that is named with the infrastructure ID in the datacenter virtual machine folder.
|String, for example, `/<datacenter_name>/vm/<folder_name>/<subfolder_name>`.

|`platform.vsphere.network`
|The network in the vCenter instance that contains the virtual IP addresses and DNS records that you configured.
|String

|`platform.vsphere.cluster`
|The vCenter cluster to install the {product-title} cluster in.
|String

|`platform.vsphere.apiVIP`
|The virtual IP (VIP) address that you configured for control plane API access.
|An IP address, for example `128.0.0.1`.

|`platform.vsphere.ingressVIP`
|The virtual IP (VIP) address that you configured for cluster ingress.
|An IP address, for example `128.0.0.1`.
|====

[id="installation-configuration-parameters-optional-vsphere_{context}"]
== Optional VMware vSphere machine pool configuration parameters

Optional VMware vSphere machine pool configuration parameters are described in the following table:

.Optional VMware vSphere machine pool parameters
[cols=".^2,.^3a,.^3a",options="header"]
|====
|Parameter|Description|Values

|`platform.vsphere.clusterOSImage`
|The location from which the installer downloads the {op-system} image. You must set this parameter to perform an installation in a restricted network.
|An HTTP or HTTPS URL, optionally with a SHA-256 checksum. For example, `\https://mirror.openshift.com/images/rhcos-<version>-vmware.<architecture>.ova`.

|`platform.vsphere.osDisk.diskSizeGB`
|The size of the disk in gigabytes.
|Integer

|`platform.vsphere.cpus`
|The total number of virtual processor cores to assign a virtual machine.
|Integer

|`platform.vsphere.coresPerSocket`
|The number of cores per socket in a virtual machine. The number of virtual sockets on the virtual machine is `platform.vsphere.cpus`/`platform.vsphere.coresPerSocket`. The default value is `1`
|Integer

|`platform.vsphere.memoryMB`
|The size of a virtual machine's memory in megabytes.
|Integer

|`platform.vsphere.diskType`
|The disk provisioning method. This value defaults to the vSphere default storage policy if not set.
|Valid values are `thin`, `thick`, or `eagerZeroedThick`.
|====

endif::vsphere,vmc[]

ifdef::ash-default[]
[id="installation-configuration-parameters-additional-azure-stack-hub_{context}"]
== Additional Azure Stack Hub configuration parameters

Additional Azure configuration parameters are described in the following table:

.Additional Azure Stack Hub parameters
[cols=".^2,.^3a,.^3a",options="header"]
|====
|Parameter|Description|Values

|`platform.azure.armEndpoint`
|The URL of the Azure Resource Manager endpoint that your Azure Stack Hub operator provides.
|String

|`platform.azure.baseDomainResourceGroupName`
|The name of the resource group that contains the DNS zone for your base domain.
|String, for example `production_cluster`.

|`platform.azure.region`
|The name of your Azure Stack Hub local region.
|String

|`platform.azure.resourceGroupName`
| The name of an already existing resource group to install your cluster to. If undefined, a new resource group is created for the cluster.
|String, for example `existing_resource_group`.

|`platform.azure.outboundType`
|The outbound routing strategy used to connect your cluster to the internet. If
you are using user-defined routing, you must have pre-existing networking
available where the outbound routing has already been configured prior to
installing a cluster. The installation program is not responsible for
configuring user-defined routing.
|`LoadBalancer` or `UserDefinedRouting`. The default is `LoadBalancer`.

|`platform.azure.cloudName`
|The name of the Azure cloud environment that is used to configure the Azure SDK with the appropriate Azure API endpoints.
|`AzureStackCloud`

|`clusterOSImage`
|The URL of a storage blob in the Azure Stack environment that contains an {op-system} VHD.
|String, for example, \https://vhdsa.blob.example.example.com/vhd/rhcos-410.84.202112040202-0-azurestack.x86_64.vhd

|====
endif::ash-default[]

ifdef::bare[]
:!bare:
endif::bare[]
ifeval::["{context}" == "installing-aws-customizations"]
:!aws:
endif::[]
ifeval::["{context}" == "installing-aws-government-region"]
:!aws:
endif::[]
ifeval::["{context}" == "installing-aws-secret-region"]
:!aws:
endif::[]
ifeval::["{context}" == "installing-aws-network-customizations"]
:!aws:
endif::[]
ifeval::["{context}" == "installing-aws-private"]
:!aws:
endif::[]
ifeval::["{context}" == "installing-aws-vpc"]
:!aws:
endif::[]
ifeval::["{context}" == "installing-restricted-networks-aws-installer-provisioned"]
:!aws:
endif::[]
ifeval::["{context}" == "installing-azure-customizations"]
:!azure:
endif::[]
ifeval::["{context}" == "installing-azure-government-region"]
:!azure:
endif::[]
ifeval::["{context}" == "installing-azure-network-customizations"]
:!azure:
endif::[]
ifeval::["{context}" == "installing-azure-private"]
:!azure:
endif::[]
ifeval::["{context}" == "installing-azure-vnet"]
:!azure:
endif::[]
ifeval::["{context}" == "installing-gcp-customizations"]
:!gcp:
endif::[]
ifeval::["{context}" == "installing-gcp-private"]
:!gcp:
endif::[]
ifeval::["{context}" == "installing-gcp-network-customizations"]
:!gcp:
endif::[]
ifeval::["{context}" == "installing-gcp-vpc"]
:!gcp:
endif::[]
ifeval::["{context}" == "installing-restricted-networks-gcp-installer-provisioned"]
:!gcp:
endif::[]
ifeval::["{context}" == "installing-aws-customizations"]
:!aws:
endif::[]
ifeval::["{context}" == "installing-openstack-installer-custom"]
:!osp:
:!osp-custom:
endif::[]
ifeval::["{context}" == "installing-openstack-installer-kuryr"]
:!osp:
:!osp-kuryr:
endif::[]
ifeval::["{context}" == "installing-openstack-user"]
:!osp:
:!osp-custom:
endif::[]
ifeval::["{context}" == "installing-openstack-user-kuryr"]
:!osp:
:!osp-kuryr:
endif::[]
ifeval::["{context}" == "installing-openstack-user-sr-iov"]
:!osp:
:!osp-custom:
endif::[]
ifeval::["{context}" == "installing-openstack-user-sr-iov-kuryr"]
:!osp:
:!osp-kuryr:
endif::[]
ifeval::["{context}" == "installing-rhv-customizations"]
:!rhv:
endif::[]
ifeval::["{context}" == "installing-vsphere-installer-provisioned-customizations"]
:!vsphere:
endif::[]
ifeval::["{context}" == "installing-vsphere-installer-provisioned-network-customizations"]
:!vsphere:
endif::[]
ifeval::["{context}" == "installing-vmc-customizations"]
:!vmc:
endif::[]
ifeval::["{context}" == "installing-vmc-network-customizations"]
:!vmc:
endif::[]
ifeval::["{context}" == "installing-restricted-networks-vmc"]
:!vmc:
endif::[]
ifeval::["{context}" == "installing-openstack-installer-restricted"]
:!osp:
:!osp-custom:
endif::[]
ifeval::["{context}" == "installing-restricted-networks-installer-provisioned-vsphere"]
:!vsphere:
endif::[]
ifeval::["{context}" == "installing-ibm-z"]
:!ibm-z:
endif::[]
ifeval::["{context}" == "installing-ibm-z-kvm"]
:!ibm-z:
endif::[]
ifeval::["{context}" == "installing-restricted-networks-ibm-z"]
:!ibm-z:
endif::[]
ifeval::["{context}" == "installing-restricted-networks-ibm-z-kvm"]
:!ibm-z:
endif::[]
ifeval::["{context}" == "installing-ibm-power"]
:!ibm-power:
endif::[]
ifeval::["{context}" == "installing-restricted-networks-ibm-power"]
:!ibm-power:
endif::[]
ifeval::["{context}" == "installing-azure-stack-hub-default"]
:!ash-default:
endif::[]