openshift/openshift-docs
1
0
Fork 0
mirror of https://github.com/openshift/openshift-docs.git synced 2026-02-05 12:46:18 +01:00
Code Issues Releases Activity
Files
7d29136bee30ac73f01da18045f8bcd412f19670
openshift-docs/modules/installation-initializing.adoc

795 lines
30 KiB
Plaintext
Raw Blame History

// Module included in the following assemblies:
//
// * installing/installing_aws/installing-alibaba-default.adoc
// * installing/installing_aws/installing-alibaba-customizations.adoc
// * installing/installing_alibaba/installing-alibaba-network-customizations.adoc
// * installing/installing_aws/installing-alibaba-vpc.adoc
// * installing/installing_aws/installing-aws-customizations.adoc
// * installing/installing_aws/installing-aws-network-customizations.adoc
// * installing/installing_aws/installing-aws-vpc.adoc
// * installing/installing_aws/installing-restricted-networks-aws-installer-provisioned.adoc
// * installing/installing_aws/installing-aws-outposts-remote-workers.adoc
// * installing/installing_azure/installing-azure-customizations.adoc
// * installing/installing_azure/installing-azure-network-customizations
// * installing/installing_azure/installing-azure-vnet.adoc
// * installing/installing_azure/installing-azure-user-infra.adoc
// * installing/installing_gcp/installing-gcp-customizations.adoc
// * installing/installing_gcp/installing-gcp-network-customizations.adoc
// * installing/installing_gcp/installing-gcp-vpc.adoc
// * installing/installing_gcp/installing-gcp-shared-vpc.adoc
// * installing/installing_gcp/installing-gcp-user-infra.adoc
// * installing/installing_gcp/installing-restricted-networks-gcp.adoc
// * installing/installing_gcp/installing-restricted-networks-gcp-installer-provisioned.adoc
// * installing/installing_ibm_cloud_public/installing-ibm-cloud-customizations.adoc
// * installing/installing_ibm_cloud_public/installing-ibm-cloud-network-customizations.adoc
// * installing/installing_ibm_cloud_public/installing-ibm-cloud-vpc.adoc
// * installing/installing_ibm_cloud_public/installing-ibm-cloud-private.adoc
// * installing/installing_openstack/installing-openstack-installer-custom.adoc
// * installing/installing_openstack/installing-openstack-installer-kuryr.adoc
// * installing/installing_openstack/installing-openstack-installer-restricted.adoc
// * installing/installing_openstack/installing-openstack-user-kuryr.adoc
// * installing/installing_openstack/installing-openstack-user.adoc
// * installing/installing_rhv/installing-rhv-customizations.adoc
// * installing/installing_vmc/installing-vmc-customizations.adoc
// * installing/installing_vmc/installing-vmc-network-customizations.adoc
// * installing/installing_vmc/installing-restricted-networks-vmc.adoc
// * installing/installing_vsphere/installing-vsphere-installer-provisioned-customizations.adoc
// * installing/installing_vsphere/installing-vsphere-installer-provisioned-network-customizations.adoc
// * installing/installing_vsphere/installing-restricted-networks-installer-provisioned-vsphere.adoc
// * installing/installing_nutanix/configuring-iam-nutanix.adoc
// * installing/installing-restricted-networks-nutanix-installer-provisioned.adoc
// * installing/installing_gcp/installing-openstack-installer-restricted.adoc
// Consider also adding the installation-configuration-parameters.adoc module.
//YOU MUST SET AN IFEVAL FOR EACH NEW MODULE
ifeval::["{context}" == "installing-alibaba-default"]
:alibabacloud-default:
endif::[]
ifeval::["{context}" == "installing-alibaba-customizations"]
:alibabacloud-custom:
endif::[]
ifeval::["{context}" == "installing-alibaba-vpc"]
:alibabacloud-vpc:
endif::[]
ifeval::["{context}" == "installing-aws-customizations"]
:aws:
endif::[]
ifeval::["{context}" == "installing-aws-network-customizations"]
:aws:
endif::[]
ifeval::["{context}" == "installing-aws-vpc"]
:aws:
endif::[]
ifeval::["{context}" == "installing-restricted-networks-aws-installer-provisioned"]
:aws:
:restricted:
endif::[]
ifeval::["{context}" == "installing-aws-outposts-remote-workers"]
:aws:
:aws-outposts:
endif::[]
ifeval::["{context}" == "installing-azure-customizations"]
:azure:
endif::[]
ifeval::["{context}" == "installing-azure-network-customizations"]
:azure:
endif::[]
ifeval::["{context}" == "installing-azure-vnet"]
:azure:
endif::[]
ifeval::["{context}" == "installing-azure-user-infra"]
:azure:
:azure-user-infra:
endif::[]
ifeval::["{context}" == "installing-gcp-customizations"]
:gcp:
endif::[]
ifeval::["{context}" == "installing-gcp-vpc"]
:gcp:
endif::[]
ifeval::["{context}" == "installing-gcp-shared-vpc"]
:gcp:
endif::[]
ifeval::["{context}" == "installing-gcp-network-customizations"]
:gcp:
endif::[]
ifeval::["{context}" == "installing-gcp-user-infra"]
:gcp:
:gcp-user-infra:
endif::[]
ifeval::["{context}" == "installing-gcp-user-infra-vpc"]
:gcp:
endif::[]
ifeval::["{context}" == "installing-restricted-networks-gcp"]
:gcp:
:restricted:
endif::[]
ifeval::["{context}" == "installing-restricted-networks-gcp-installer-provisioned"]
:gcp:
:restricted:
endif::[]
ifeval::["{context}" == "installing-ibm-cloud-customizations"]
:ibm-cloud:
endif::[]
ifeval::["{context}" == "installing-ibm-cloud-network-customizations"]
:ibm-cloud:
endif::[]
ifeval::["{context}" == "installing-ibm-cloud-vpc"]
:ibm-cloud:
endif::[]
ifeval::["{context}" == "installing-ibm-cloud-private"]
:ibm-cloud:
endif::[]
ifeval::["{context}" == "installing-openstack-installer-custom"]
:osp:
endif::[]
ifeval::["{context}" == "installing-openstack-installer-kuryr"]
:osp:
endif::[]
ifeval::["{context}" == "installing-openstack-user"]
:osp:
:osp-user:
endif::[]
ifeval::["{context}" == "installing-openstack-user-kuryr"]
:osp:
:osp-user:
endif::[]
ifeval::["{context}" == "installing-openstack-user-sr-iov"]
:osp:
:osp-user:
endif::[]
ifeval::["{context}" == "installing-openstack-user-sr-iov-kuryr"]
:osp:
:osp-user:
endif::[]
ifeval::["{context}" == "installing-rhv-customizations"]
:rhv:
endif::[]
ifeval::["{context}" == "installing-rhv-default"]
:rhv:
endif::[]
ifeval::["{context}" == "installing-vsphere-installer-provisioned-customizations"]
:vsphere:
endif::[]
ifeval::["{context}" == "installing-vsphere-installer-provisioned-network-customizations"]
:vsphere:
endif::[]
ifeval::["{context}" == "installing-vmc-customizations"]
:vsphere:
endif::[]
ifeval::["{context}" == "installing-vmc-network-customizations"]
:vsphere:
endif::[]
ifeval::["{context}" == "installing-openstack-installer-restricted"]
:osp:
:restricted:
endif::[]
ifeval::["{context}" == "installing-restricted-networks-installer-provisioned-vsphere"]
:vsphere:
:restricted:
endif::[]
ifeval::["{context}" == "installing-restricted-networks-vmc"]
:vsphere:
:restricted:
endif::[]
ifeval::["{context}" == "installing-nutanix-installer-provisioned"]
:nutanix:
endif::[]
ifeval::["{context}" == "installing-restricted-networks-nutanix-installer-provisioned"]
:nutanix:
:restricted:
endif::[]
:_content-type: PROCEDURE
[id="installation-initializing_{context}"]
= Creating the installation configuration file
You can customize the {product-title} cluster you install on
ifdef::alibabacloud-default,alibabacloud-custom,alibabacloud-vpc[]
Alibaba Cloud.
endif::alibabacloud-default,alibabacloud-custom,alibabacloud-vpc[]
ifdef::aws[]
Amazon Web Services (AWS).
endif::aws[]
ifdef::azure[]
Microsoft Azure.
endif::azure[]
ifdef::gcp[]
Google Cloud Platform (GCP).
endif::gcp[]
ifdef::ibm-cloud[]
IBM Cloud.
endif::ibm-cloud[]
ifdef::osp[]
{rh-openstack-first}.
endif::osp[]
ifdef::vsphere,vmc[]
VMware vSphere.
endif::vsphere,vmc[]
ifdef::rhv[]
{rh-virtualization-first}.
endif::rhv[]
ifdef::nutanix[]
Nutanix.
endif::nutanix[]
.Prerequisites
* Obtain the {product-title} installation program and the pull secret for your cluster.
ifdef::restricted[]
For a restricted network installation, these files are on your mirror host.
ifndef::nutanix[]
* Have the `imageContentSources` values that were generated during mirror registry creation.
endif::nutanix[]
ifdef::nutanix+restricted[]
* Have the `imageContentSourcePolicy.yaml` file that was created when you mirrored your registry.
* Have the location of the {op-system-first} image you download.
endif::nutanix+restricted[]
* Obtain the contents of the certificate for your mirror registry.
ifndef::aws,gcp[]
* Retrieve a {op-system-first} image and upload it to an accessible location.
endif::aws,gcp[]
endif::restricted[]
ifndef::nutanix[]
* Obtain service principal permissions at the subscription level.
endif::nutanix[]
ifdef::nutanix[]
* Verify that you have met the Nutanix networking requirements. For more information, see "Preparing to install on Nutanix".
endif::nutanix[]
.Procedure
. Create the `install-config.yaml` file.
+
.. Change to the directory that contains the installation program and run the following command:
+
[source,terminal]
----
$ ./openshift-install create install-config --dir <installation_directory> <1>
----
<1> For `<installation_directory>`, specify the directory name to store the
files that the installation program creates.
+
When specifying the directory:
* Verify that the directory has the `execute` permission. This permission is required to run Terraform binaries under the installation directory.
* Use an empty directory. Some installation assets, such as bootstrap X.509 certificates, have short expiration intervals, therefore you must not reuse an installation directory. If you want to reuse individual files from another cluster installation, you can copy them into your directory. However, the file names for the installation assets might change between releases. Use caution when copying installation files from an earlier {product-title} version.
ifndef::rhv[]
.. At the prompts, provide the configuration details for your cloud:
... Optional: Select an SSH key to use to access your cluster machines.
+
[NOTE]
====
For production {product-title} clusters on which you want to perform installation debugging or disaster recovery, specify an SSH key that your `ssh-agent` process uses.
====
endif::rhv[]
ifdef::alibabacloud-default,alibabacloud-custom,alibabacloud-vpc[]
... Select *alibabacloud* as the platform to target.
... Select the region to deploy the cluster to.
... Select the base domain to deploy the cluster to. The base domain corresponds to the public DNS zone that you created for your cluster.
... Provide a descriptive name for your cluster.
endif::alibabacloud-default,alibabacloud-custom,alibabacloud-vpc[]
ifdef::aws[]
... Select *AWS* as the platform to target.
... If you do not have an Amazon Web Services (AWS) profile stored on your computer, enter the AWS
access key ID and secret access key for the user that you configured to run the
installation program.
... Select the AWS region to deploy the cluster to.
... Select the base domain for the Route 53 service that you configured for your cluster.
endif::aws[]
ifdef::azure[]
... Select *azure* as the platform to target.
... If you do not have a Microsoft Azure profile stored on your computer, specify the
following Azure parameter values for your subscription and service principal:
**** *azure subscription id*: The subscription ID to use for the cluster.
Specify the `id` value in your account output.
**** *azure tenant id*: The tenant ID. Specify the `tenantId` value in your
account output.
**** *azure service principal client id*: The value of the `appId` parameter
for the service principal.
**** *azure service principal client secret*: The value of the `password`
parameter for the service principal.
... Select the region to deploy the cluster to.
... Select the base domain to deploy the cluster to. The base domain corresponds
to the Azure DNS Zone that you created for your cluster.
endif::azure[]
ifdef::gcp[]
... Select *gcp* as the platform to target.
... If you have not configured the service account key for your GCP account on
your computer, you must obtain it from GCP and paste the contents of the file
or enter the absolute path to the file.
... Select the project ID to provision the cluster in. The default value is
specified by the service account that you configured.
... Select the region to deploy the cluster to.
... Select the base domain to deploy the cluster to. The base domain corresponds
to the public DNS zone that you created for your cluster.
endif::gcp[]
ifdef::ibm-cloud[]
... Select *ibmcloud* as the platform to target.
... Select the region to deploy the cluster to.
... Select the base domain to deploy the cluster to. The base domain corresponds
to the public DNS zone that you created for your cluster.
endif::ibm-cloud[]
ifdef::osp[]
... Select *openstack* as the platform to target.
... Specify the {rh-openstack-first} external network name to use for installing the cluster.
... Specify the floating IP address to use for external access to the OpenShift API.
... Specify a {rh-openstack} flavor with at least 16 GB RAM to use for control plane nodes
and 8 GB RAM for compute nodes.
... Select the base domain to deploy the cluster to. All DNS records will be
sub-domains of this base and will also include the cluster name.
endif::osp[]
ifdef::vsphere,vmc[]
... Select *vsphere* as the platform to target.
... Specify the name of your vCenter instance.
... Specify the user name and password for the vCenter account that has the required permissions to create the cluster.
+
The installation program connects to your vCenter instance.
... Select the data center in your vCenter instance to connect to.
... Select the default vCenter datastore to use.
... Select the vCenter cluster to install the {product-title} cluster in. The installation program uses the root resource pool of the vSphere cluster as the default resource pool.
... Select the network in the vCenter instance that contains the virtual IP addresses and DNS records that you configured.
... Enter the virtual IP address that you configured for control plane API access.
... Enter the virtual IP address that you configured for cluster ingress.
... Enter the base domain. This base domain must be the same one that you used in the DNS records that you configured.
endif::vsphere,vmc[]
ifdef::nutanix[]
... Select *nutanix* as the platform to target.
... Enter the Prism Central domain name or IP address.
... Enter the port that is used to log into Prism Central.
... Enter the credentials that are used to log into Prism Central.
+
The installation program connects to Prism Central.
... Select the Prism Element that will manage the {product-title} cluster.
... Select the network subnet to use.
... Enter the virtual IP address that you configured for control plane API access.
... Enter the virtual IP address that you configured for cluster ingress.
... Enter the base domain. This base domain must be the same one that you configured in the DNS records.
endif::nutanix[]
ifndef::osp[]
ifndef::rhv,alibabacloud-default,alibabacloud-custom,alibabacloud-vpc[]
... Enter a descriptive name for your cluster.
ifdef::vsphere,vmc,nutanix[]
The cluster name you enter must match the cluster name you specified when configuring the DNS records.
endif::vsphere,vmc,nutanix[]
endif::rhv,alibabacloud-default,alibabacloud-custom,alibabacloud-vpc[]
endif::osp[]
ifdef::osp[]
... Enter a name for your cluster. The name must be 14 or fewer characters long.
endif::osp[]
ifdef::azure[]
+
[IMPORTANT]
====
All Azure resources that are available through public endpoints are subject to
resource name restrictions, and you cannot create resources that use certain
terms. For a list of terms that Azure restricts, see
link:https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-reserved-resource-name[Resolve reserved resource name errors]
in the Azure documentation.
====
endif::azure[]
ifdef::rhv[]
.. Respond to the installation program prompts.
... For `SSH Public Key`, select a password-less public key, such as `~/.ssh/id_rsa.pub`. This key authenticates connections with the new {product-title} cluster.
+
[NOTE]
====
For production {product-title} clusters on which you want to perform installation debugging or disaster recovery, select an SSH key that your `ssh-agent` process uses.
====
... For `Platform`, select `ovirt`.
... For `Enter oVirt's API endpoint URL`, enter the URL of the {rh-virtualization} API using this format:
+
[source,terminal]
----
https://<engine-fqdn>/ovirt-engine/api <1>
----
<1> For `<engine-fqdn>`, specify the fully qualified domain name of the {rh-virtualization} environment.
+
For example:
+
ifndef::openshift-origin[]
[source,terminal]
----
$ curl -k -u ocpadmin@internal:pw123 \
https://rhv-env.virtlab.example.com/ovirt-engine/api
----
endif::openshift-origin[]
ifdef::openshift-origin[]
[source,terminal]
----
$ curl -k -u admin@internal:pw123 \
https://ovirtlab.example.com/ovirt-engine/api
----
endif::openshift-origin[]
+
... For `Is the oVirt CA trusted locally?`, enter `Yes`, because you have already set up a CA certificate. Otherwise, enter `No`.
... For `oVirt's CA bundle`, if you entered `Yes` for the preceding question, copy the certificate content from `/etc/pki/ca-trust/source/anchors/ca.pem` and paste it here. Then, press `Enter` twice. Otherwise, if you entered `No` for the preceding question, this question does not appear.
... For `oVirt engine username`, enter the user name and profile of the {rh-virtualization} administrator using this format:
+
[source,terminal]
----
<username>@<profile> <1>
----
<1> For `<username>`, specify the user name of an {rh-virtualization} administrator. For `<profile>`, specify the login profile, which you can get by going to the {rh-virtualization} Administration Portal login page and reviewing the *Profile* dropdown list. Together, the user name and profile should look similar to this example:
+
ifndef::openshift-origin[]
[source,terminal]
----
ocpadmin@internal
----
endif::openshift-origin[]
ifdef::openshift-origin[]
[source,terminal]
----
admin@internal
----
endif::openshift-origin[]
+
... For `oVirt engine password`, enter the {rh-virtualization} admin password.
... For `oVirt cluster`, select the cluster for installing {product-title}.
... For `oVirt storage domain`, select the storage domain for installing {product-title}.
... For `oVirt network`, select a virtual network that has access to the {rh-virtualization} {rh-virtualization-engine-name} REST API.
... For `Internal API Virtual IP`, enter the static IP address you set aside for the cluster's REST API.
... For `Ingress virtual IP`, enter the static IP address you reserved for the wildcard apps domain.
... For `Base Domain`, enter the base domain of the {product-title} cluster. If this cluster is exposed to the outside world, this must be a valid domain recognized by DNS infrastructure. For example, enter: `virtlab.example.com`
... For `Cluster Name`, enter the name of the cluster. For example, `my-cluster`. Use cluster name from the externally registered/resolvable DNS entries you created for the {product-title} REST API and apps domain names. The installation program also gives this name to the cluster in the {rh-virtualization} environment.
... For `Pull Secret`, copy the pull secret from the `pull-secret.txt` file you downloaded earlier and paste it here. You can also get a copy of the same {cluster-manager-url-pull}.
endif::rhv[]
ifndef::rhv[]
... Paste the {cluster-manager-url-pull}.
ifdef::openshift-origin[]
This field is optional.
endif::[]
endif::rhv[]
ifdef::gcp-user-infra,azure-user-infra[]
.. Optional: If you do not want the cluster to provision compute machines, empty
the compute pool by editing the resulting `install-config.yaml` file to set
`replicas` to `0` for the `compute` pool:
+
[source,yaml]
----
compute:
- hyperthreading: Enabled
name: worker
platform: {}
replicas: 0 <1>
----
<1> Set to `0`.
endif::[]
ifdef::aws-outposts[]
. Modify the `install-config.yaml` file. The AWS Outposts installation has the following limitations which require manual modification of the `install-config.yaml` file:
* Unlike AWS Regions, which offer near-infinite scale, AWS Outposts are limited by their provisioned capacity, EC2 family and generations, configured instance sizes, and availability of compute capacity that is not already consumed by other workloads. Therefore, when creating new {product-title} cluster, you need to provide the supported instance type in the `compute.platform.aws.type` section in the configuration file.
* When deploying {product-title} cluster with remote workers running in AWS Outposts, only one Availability Zone can be used for the compute instances - the Availability Zone in which the Outpost instance was created in. Therefore, when creating new {product-title} cluster, it recommended to provide the relevant Availability Zone in the `compute.platform.aws.zones` section in the configuration file, in order to limit the compute instances to this Availability Zone.
* Amazon Elastic Block Store (EBS) gp3 volumes aren't supported by the AWS Outposts service. This volume type is the default type used by the {product-title} cluster. Therefore, when creating new {product-title} cluster, you must change the volume type in the `compute.platform.aws.rootVolume.type` section to gp2.
You will find more information about how to change these values below.
endif::aws-outposts[]
ifndef::restricted,alibabacloud-default,alibabacloud-custom,alibabacloud-vpc,nutanix,aws-outposts[]
. Modify the `install-config.yaml` file. You can find more information about
the available parameters in the "Installation configuration parameters" section.
endif::restricted,alibabacloud-default,alibabacloud-custom,alibabacloud-vpc,nutanix,aws-outposts[]
ifdef::alibabacloud-default,alibabacloud-custom,alibabacloud-vpc[]
. Installing the cluster into Alibaba Cloud requires that the Cloud Credential Operator (CCO) operate in manual mode. Modify the `install-config.yaml` file to set the `credentialsMode` parameter to `Manual`:
+
.Example install-config.yaml configuration file with `credentialsMode` set to `Manual`
[source,yaml]
----
apiVersion: v1
baseDomain: cluster1.example.com
credentialsMode: Manual <1>
compute:
- architecture: amd64
hyperthreading: Enabled
...
----
<1> Add this line to set the `credentialsMode` to `Manual`.
endif::alibabacloud-default,alibabacloud-custom,alibabacloud-vpc[]
ifdef::alibabacloud-custom,alibabacloud-vpc[]
. Modify the `install-config.yaml` file. You can find more information about
the available parameters in the "Installation configuration parameters" section.
endif::alibabacloud-custom,alibabacloud-vpc[]
ifndef::restricted[]
ifdef::rhv[]
+
[NOTE]
====
If you have any intermediate CA certificates on the {rh-virtualization-engine-name}, verify that the certificates appear in the `ovirt-config.yaml` file and the `install-config.yaml` file. If they do not appear, add them as follows:
. In the `~/.ovirt/ovirt-config.yaml` file:
+
[source,yaml]
----
[ovirt_ca_bundle]: |
-----BEGIN CERTIFICATE-----
<MY_TRUSTED_CA>
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
<INTERMEDIATE_CA>
-----END CERTIFICATE-----
----
. In the `install-config.yaml` file:
+
[source,yaml]
----
[additionalTrustBundle]: |
-----BEGIN CERTIFICATE-----
<MY_TRUSTED_CA>
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
<INTERMEDIATE_CA>
-----END CERTIFICATE-----
----
====
endif::rhv[]
endif::restricted[]
ifdef::osp+restricted[]
. In the `install-config.yaml` file, set the value of `platform.openstack.clusterOSImage` to the image location or name. For example:
+
[source,yaml]
----
platform:
openstack:
clusterOSImage: http://mirror.example.com/images/rhcos-43.81.201912131630.0-openstack.x86_64.qcow2.gz?sha256=ffebbd68e8a1f2a245ca19522c16c86f67f9ac8e4e0c1f0a812b068b16f7265d
----
endif::osp+restricted[]
ifdef::vsphere+restricted[]
. In the `install-config.yaml` file, set the value of `platform.vsphere.clusterOSImage` to the image location or name. For example:
+
[source,yaml]
----
platform:
vsphere:
clusterOSImage: http://mirror.example.com/images/rhcos-43.81.201912131630.0-vmware.x86_64.ova?sha256=ffebbd68e8a1f2a245ca19522c16c86f67f9ac8e4e0c1f0a812b068b16f7265d
----
endif::vsphere+restricted[]
ifdef::nutanix+restricted[]
. In the `install-config.yaml` file, set the value of `platform.nutanix.clusterOSImage` to the image location or name. For example:
+
[source,yaml]
----
platform:
nutanix:
clusterOSImage: http://mirror.example.com/images/rhcos-47.83.202103221318-0-nutanix.x86_64.qcow2
----
endif::nutanix+restricted[]
ifdef::restricted[]
. Edit the `install-config.yaml` file to give the additional information that
is required for an installation in a restricted network.
.. Update the `pullSecret` value to contain the authentication information for
your registry:
+
[source,yaml]
----
pullSecret: '{"auths":{"<mirror_host_name>:5000": {"auth": "<credentials>","email": "you@example.com"}}}'
----
+
For `<mirror_host_name>`, specify the registry domain name
that you specified in the certificate for your mirror registry, and for
`<credentials>`, specify the base64-encoded user name and password for
your mirror registry.
.. Add the `additionalTrustBundle` parameter and value.
+
[source,yaml]
----
additionalTrustBundle: |
-----BEGIN CERTIFICATE-----
ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ
-----END CERTIFICATE-----
----
+
The value must be the contents of the certificate file that you used for your mirror registry. The certificate file can be an existing, trusted certificate authority, or the self-signed certificate that you generated for the mirror registry.
ifdef::aws+restricted[]
.. Define the subnets for the VPC to install the cluster in:
+
[source,yaml]
----
subnets:
- subnet-1
- subnet-2
- subnet-3
----
endif::aws+restricted[]
ifdef::gcp+restricted[]
.. Define the network and subnets for the VPC to install the cluster in under the parent `platform.gcp` field:
+
[source,yaml]
----
network: <existing_vpc>
controlPlaneSubnet: <control_plane_subnet>
computeSubnet: <compute_subnet>
----
+
For `platform.gcp.network`, specify the name for the existing Google VPC. For `platform.gcp.controlPlaneSubnet` and `platform.gcp.computeSubnet`, specify the existing subnets to deploy the control plane machines and compute machines, respectively.
endif::gcp+restricted[]
.. Add the image content resources, which resemble the following YAML excerpt:
+
[source,yaml]
----
imageContentSources:
- mirrors:
- <mirror_host_name>:5000/<repo_name>/release
source: quay.example.com/openshift-release-dev/ocp-release
- mirrors:
- <mirror_host_name>:5000/<repo_name>/release
source: registry.example.com/ocp/release
----
+
ifndef::nutanix[]
For these values, use the `imageContentSources` that you recorded during mirror registry creation.
endif::nutanix[]
ifdef::nutanix[]
For these values, use the `imageContentSourcePolicy.yaml` file that was created when you mirrored the registry.
endif::nutanix[]
ifndef::nutanix[]
. Make any other modifications to the `install-config.yaml` file that you require. You can find more information about
the available parameters in the *Installation configuration parameters* section.
endif::nutanix[]
endif::restricted[]
ifdef::nutanix[]
. Optional: Update one or more of the default configuration parameters in the `install.config.yaml` file to customize the installation.
+
For more information about the parameters, see "Installation configuration parameters".
endif::nutanix[]
. Back up the `install-config.yaml` file so that you can use
it to install multiple clusters.
+
[IMPORTANT]
====
The `install-config.yaml` file is consumed during the installation process. If
you want to reuse the file, you must back it up now.
====
ifdef::osp-user[You now have the file `install-config.yaml` in the directory that you specified.]
ifeval::["{context}" == "installing-alibaba-default"]
:!alibabacloud-default:
endif::[]
ifeval::["{context}" == "installing-alibaba-customizations"]
:!alibabacloud-custom:
endif::[]
ifeval::["{context}" == "installing-alibaba-vpc"]
:!alibabacloud-vpc:
endif::[]
ifeval::["{context}" == "installing-aws-customizations"]
:!aws:
endif::[]
ifeval::["{context}" == "installing-aws-network-customizations"]
:!aws:
endif::[]
ifeval::["{context}" == "installing-aws-vpc"]
:!aws:
endif::[]
ifeval::["{context}" == "installing-restricted-networks-aws-installer-provisioned"]
:!aws:
:!restricted:
endif::[]
ifeval::["{context}" == "installing-aws-outposts-remote-workers"]
:!aws:
:!aws-outposts:
endif::[]
ifeval::["{context}" == "installing-azure-customizations"]
:!azure:
endif::[]
ifeval::["{context}" == "installing-azure-network-customizations"]
:!azure:
endif::[]
ifeval::["{context}" == "installing-azure-vnet"]
:!azure:
endif::[]
ifeval::["{context}" == "installing-azure-user-infra"]
:!azure:
:!azure-user-infra:
endif::[]
ifeval::["{context}" == "installing-gcp-customizations"]
:!gcp:
endif::[]
ifeval::["{context}" == "installing-gcp-network-customizations"]
:!gcp:
endif::[]
ifeval::["{context}" == "installing-gcp-vpc"]
:!gcp:
endif::[]
ifeval::["{context}" == "installing-gcp-shared-vpc"]
:!gcp:
endif::[]
ifeval::["{context}" == "installing-gcp-user-infra"]
:!gcp:
:!gcp-user-infra:
endif::[]
ifeval::["{context}" == "installing-gcp-user-infra-vpc"]
:!gcp:
endif::[]
ifeval::["{context}" == "installing-restricted-networks-gcp"]
:!gcp:
:!restricted:
endif::[]
ifeval::["{context}" == "installing-restricted-networks-gcp-installer-provisioned"]
:!gcp:
:!restricted:
endif::[]
ifeval::["{context}" == "installing-ibm-cloud-customizations"]
:!ibm-cloud:
endif::[]
ifeval::["{context}" == "installing-ibm-cloud-network-customizations"]
:!ibm-cloud:
endif::[]
ifeval::["{context}" == "installing-ibm-cloud-vpc"]
:!ibm-cloud:
endif::[]
ifeval::["{context}" == "installing-ibm-cloud-private"]
:!ibm-cloud:
endif::[]
ifeval::["{context}" == "installing-openstack-installer-custom"]
:!osp:
endif::[]
ifeval::["{context}" == "installing-openstack-installer-kuryr"]
:!osp:
endif::[]
ifeval::["{context}" == "installing-openstack-user"]
:!osp:
:!osp-user:
endif::[]
ifeval::["{context}" == "installing-openstack-user-kuryr"]
:!osp:
:!osp-user:
endif::[]
ifeval::["{context}" == "installing-openstack-user-sr-iov"]
:!osp:
:!osp-user:
endif::[]
ifeval::["{context}" == "installing-openstack-user-sr-iov-kuryr"]
:!osp:
:!osp-user:
endif::[]
ifeval::["{context}" == "installing-rhv-customizations"]
:!rhv:
endif::[]
ifeval::["{context}" == "installing-rhv-default"]
:!rhv:
endif::[]
ifeval::["{context}" == "installing-vsphere-installer-provisioned-customizations"]
:!vsphere:
endif::[]
ifeval::["{context}" == "installing-vsphere-installer-provisioned-network-customizations"]
:!vsphere:
endif::[]
ifeval::["{context}" == "installing-vmc-customizations"]
:!vsphere:
endif::[]
ifeval::["{context}" == "installing-vmc-network-customizations"]
:!vsphere:
endif::[]
ifeval::["{context}" == "installing-openstack-installer-restricted"]
:!osp:
:!restricted:
endif::[]
ifeval::["{context}" == "installing-restricted-networks-installer-provisioned-vsphere"]
:!vsphere:
:!restricted:
endif::[]
ifeval::["{context}" == "installing-restricted-networks-vmc"]
:!vsphere:
:!restricted:
endif::[]
ifeval::["{context}" == "installing-nutanix-installer-provisioned"]
:!nutanix:
endif::[]
ifeval::["{context}" == "installing-restricted-networks-nutanix-installer-provisioned"]
:!nutanix:
:!restricted:
endif::[]
View Git Blame Copy Permalink