mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-07 09:46:53 +01:00
114 lines
4.3 KiB
Plaintext
114 lines
4.3 KiB
Plaintext
// Module included in the following assemblies:
|
|
//
|
|
// * installing/installing_ibm_cloud/installing-ibm-cloud-vpc.adoc
|
|
// * installing/installing_ibm_powervs/installing-restricted-networks-ibm-power-vs.adoc
|
|
// * installing/installing_ibm_cloud_public/installing-ibm-cloud-restricted.adoc
|
|
// * installing/installing_ibm_cloud_public/installing-ibm-cloud-private.adoc
|
|
|
|
ifeval::["{context}" == "installing-ibm-cloud-vpc"]
|
|
:ibm-cloud:
|
|
endif::[]
|
|
ifeval::["{context}" == "installing-ibm-cloud-restricted"]
|
|
:ibm-cloud:
|
|
endif::[]
|
|
ifeval::["{context}" == "installing-ibm-cloud-private"]
|
|
:ibm-cloud:
|
|
endif::[]
|
|
|
|
:_mod-docs-content-type: CONCEPT
|
|
[id="installation-custom-ibm-cloud-vpc_{context}"]
|
|
= About using a custom VPC
|
|
|
|
In {product-title} {product-version}, you can deploy a cluster into the subnets of an existing {ibm-name} Virtual Private Cloud (VPC). Deploying {product-title} into an existing VPC can help you avoid limit constraints in new accounts or more easily abide by the operational constraints that your company's guidelines set. If you cannot obtain the infrastructure creation permissions that are required to create the VPC yourself, use this installation option.
|
|
|
|
Because the installation program cannot know what other components are in your existing subnets, it cannot choose subnet CIDRs and so forth. You must configure networking for the subnets to which you will install the cluster.
|
|
|
|
[id="installation-custom-ibm-cloud-vpc-requirements_{context}"]
|
|
== Requirements for using your VPC
|
|
|
|
You must correctly configure the existing VPC and its subnets before you install the cluster. The installation program does not create the following components:
|
|
|
|
* NAT gateways
|
|
* Subnets
|
|
* Route tables
|
|
* VPC network
|
|
|
|
The installation program cannot:
|
|
|
|
* Subdivide network ranges for the cluster to use
|
|
* Set route tables for the subnets
|
|
* Set VPC options like DHCP
|
|
|
|
include::snippets/custom-dns-server.adoc[]
|
|
|
|
[id="installation-custom-ibm-cloud-vpc-validation_{context}"]
|
|
== VPC validation
|
|
|
|
The VPC and all of the subnets must be in an existing resource group. The cluster is deployed to the existing VPC.
|
|
|
|
As part of the installation, specify the following in the `install-config.yaml` file:
|
|
|
|
ifndef::ibm-cloud[]
|
|
* The name of the existing resource group that contains the VPC and subnets
|
|
endif::ibm-cloud[]
|
|
ifdef::ibm-cloud[]
|
|
* The name of the existing resource group that contains the VPC and subnets (`networkResourceGroupName`)
|
|
endif::ibm-cloud[]
|
|
ifndef::ibm-cloud[]
|
|
* The name of the existing VPC
|
|
endif::ibm-cloud[]
|
|
ifdef::ibm-cloud[]
|
|
* The name of the existing VPC (`vpcName`)
|
|
endif::ibm-cloud[]
|
|
ifndef::ibm-cloud[]
|
|
* The subnets that were created for control plane machines and compute machines
|
|
endif::ibm-cloud[]
|
|
ifdef::ibm-cloud[]
|
|
* The subnets that were created for control plane machines and compute machines (`controlPlaneSubnets` and `computeSubnets`)
|
|
endif::ibm-cloud[]
|
|
|
|
ifdef::ibm-cloud[]
|
|
[NOTE]
|
|
====
|
|
Additional installer-provisioned cluster resources are deployed to a separate resource group (`resourceGroupName`). You can specify this resource group before installing the cluster. If undefined, a new resource group is created for the cluster.
|
|
====
|
|
endif::ibm-cloud[]
|
|
|
|
To ensure that the subnets that you provide are suitable, the installation program confirms the following:
|
|
|
|
* All of the subnets that you specify exist.
|
|
* For each availability zone in the region, you specify:
|
|
** One subnet for control plane machines.
|
|
** One subnet for compute machines.
|
|
* The machine CIDR that you specified contains the subnets for the compute machines and control plane machines.
|
|
|
|
[NOTE]
|
|
====
|
|
Subnet IDs are not supported.
|
|
====
|
|
|
|
[id="installation-custom-ibm-cloud-vpc-isolation_{context}"]
|
|
== Isolation between clusters
|
|
|
|
If you deploy {product-title} to an existing network, the isolation of cluster services is reduced in the following ways:
|
|
|
|
* You can install multiple {product-title} clusters in the same VPC.
|
|
|
|
* ICMP ingress is allowed to the entire network.
|
|
|
|
* TCP port 22 ingress (SSH) is allowed to the entire network.
|
|
|
|
* Control plane TCP 6443 ingress (Kubernetes API) is allowed to the entire network.
|
|
|
|
* Control plane TCP 22623 ingress (MCS) is allowed to the entire network.
|
|
|
|
ifeval::["{context}" == "installing-ibm-cloud-vpc"]
|
|
:!ibm-cloud:
|
|
endif::[]
|
|
ifeval::["{context}" == "installing-ibm-cloud-restricted"]
|
|
:!ibm-cloud:
|
|
endif::[]
|
|
ifeval::["{context}" == "installing-ibm-cloud-private"]
|
|
:!ibm-cloud:
|
|
endif::[]
|