openshift/openshift-docs
1
0
Fork 0
mirror of https://github.com/openshift/openshift-docs.git synced 2026-02-05 12:46:18 +01:00
Code Issues Releases Activity
Files
e8593cf7cd90a9e35da132e421d9b5da831fa122
openshift-docs/modules/installation-aws-limits.adoc

113 lines
4.3 KiB
Plaintext
Raw Blame History

// Module included in the following assemblies:
//
// * installing/installing_aws/installing-aws-account.adoc
[id="installation-aws-limits_{context}"]
= AWS account limits
The {product-title} cluster uses a number of Amazon Web Services (AWS)
components, and the default
link:https://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html[Service Limits]
affect your ability to install {product-title} clusters. If you use certain
cluster configurations, deploy your cluster in certain AWS regions, or
run multiple clusters from your account, you might need
to request additional resources for your AWS account.
The following table summarizes the AWS components whose limits can impact your
ability to install and run {product-title} clusters.
[cols="2a,3a,3a,8a",options="header"]
|===
|Component |Number of clusters available by default| Default AWS limit |Description
|Instance Limits
|Varies
|Varies
|By default, each cluster creates the following instances:
* One bootstrap machine, which is removed after installation
* Three control plane nodes
* Three worker nodes
These instance type counts are within a new account's default limit. To deploy
more worker nodes, enable autoscaling, deploy large workloads, or use a
different instance type, review your account limits to ensure that your cluster
can deploy the machines that you need.
In most regions, the worker machines use an `m6i.large` instance
and the bootstrap and control plane machines use `m6i.xlarge` instances. In some regions, including
all regions that do not support these instance types, `m5.large` and `m5.xlarge`
instances are used instead.
|Elastic IPs (EIPs)
|0 to 1
|5 EIPs per account
|To provision the cluster in a highly available configuration, the installation program
creates a public and private subnet for each
link:https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html[availability zone within a region].
Each private subnet requires a
link:https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html[NAT Gateway],
and each NAT gateway requires a separate
link:https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html[elastic IP].
Review the
link:https://aws.amazon.com/about-aws/global-infrastructure/[AWS region map] to
determine how many availability zones are in each region. To take advantage of
the default high availability, install the cluster in a region with at least
three availability zones. To install a cluster in a region with more than five
availability zones, you must increase the EIP limit.
[IMPORTANT]
====
To use the `us-east-1` region, you must increase the EIP limit for your account.
====
|Virtual Private Clouds (VPCs)
|5
|5 VPCs per region
|Each cluster creates its own VPC.
|Elastic Load Balancing (ELB/NLB)
|3
|20 per region
|By default, each cluster creates internal and external network load balancers for the master
API server and a single Classic Load Balancer for the router. Deploying
more Kubernetes `Service` objects with type `LoadBalancer` will create additional
link:https://aws.amazon.com/elasticloadbalancing/[load balancers].
|NAT Gateways
|5
|5 per availability zone
|The cluster deploys one NAT gateway in each availability zone.
|Elastic Network Interfaces (ENIs)
|At least 12
|350 per region
|The default installation creates 21 ENIs and an ENI for each availability zone
in your region. For example, the `us-east-1` region contains six availability
zones, so a cluster that is deployed in that zone uses 27 ENIs. Review the
link:https://aws.amazon.com/about-aws/global-infrastructure/[AWS region map] to
determine how many availability zones are in each region.
Additional ENIs are created for additional machines and ELB load balancers
that are created by cluster usage and deployed workloads.
|VPC Gateway
|20
|20 per account
|Each cluster creates a single VPC Gateway for S3 access.
|S3 buckets
|99
|100 buckets per account
|Because the installation process creates a temporary bucket and the registry
component in each cluster creates a bucket, you can create only 99
{product-title} clusters per AWS account.
|Security Groups
|250
|2,500 per account
|Each cluster creates 10 distinct security groups.
| Fail, optionally surfacing response body to the user
|===
View Git Blame Copy Permalink