openshift/openshift-docs
1
0
Fork 0
mirror of https://github.com/openshift/openshift-docs.git synced 2026-02-05 12:46:18 +01:00
Code Issues Releases Activity
Files
fb3daeeeb416a7cf349e2ea14b74c173bcc94df2
openshift-docs/modules/create-gcp-cluster.adoc

105 lines
5.6 KiB
Plaintext
Raw Blame History

// Module included in the following assemblies:
//
// * assemblies/creating-your-cluster.adoc
[id="create-gcp-cluster_{context}"]
= Creating a cluster on GCP
You can create an {product-title} cluster on {GCP} using a standard cloud account owned by Red Hat or with your own cloud account using the Customer Cloud Subscription (CCS) model.
Using the CCS model to deploy and manage {product-title} into your GCP account requires several prerequisites to be met.
.Prerequisites
* Your GCP account has been configured for use with {product-title}.
* The necessary resource quotas and limits needed to support the desired cluster size are available in your GCP account.
* A GCP project has already been created.
+
[NOTE]
====
The project name must be 10 characters or less.
====
* An IAM service account in GCP called `osd-ccs-admin` with the following roles attached:
** DNS Administrator
** Organization Policy Viewer Owner
** Project IAM Admin
** Service Management Administrator
** Service Usage Admin
** Storage Admin
* A key has been created for your GCP service account and exported to a file named `osServiceAccount.json`.
* It is recommended that you have at least *Production Support* from GCP.
* To prevent potential conflicts, it is recommended that no other resources are provisioned in the project prior to provisioning {product-title}.
.Procedure
. Log in to {console-redhat-com}.
. Click *Create Cluster* -> *Red Hat OpenShift Dedicated* -> *Create cluster*.
. Select *Google Cloud* as your infrastructure provider.
. Select your billing model.
** *Standard* is selected by default.
** If you select the *Customer cloud subscription* model, an informational dialogue window will open. Review the prerequisites for installing a GCP CCS cluster and click *Close*. You must provide your GCP service account information with a JSON file. Click *Browse* to locate and attach the *Service account JSON* file to your cluster.
. Enter your *Cluster name*.
. Select a *Region* and choose either a *Single zone* or *Multizone* availability.
. Select your *Compute node instance type* and the *Compute node count (per zone)*. After your cluster is created, you can change the number of compute nodes in your cluster, but you can not change the worker node instance type. The number and types of nodes available to you depend on your {product-title} subscription.
. Optional: Expand *Edit node labels* to add labels to your nodes. Click *Add label* to add more node labels.
. If you are creating a standard {product-title} cluster, select the amount of *Persistent storage* and *Load balancers* you want to set on the deployed cluster. You can also accept the provided defaults.
. Select your preferred network configuration.
** *Basic* is selected by default. This setting creates a new VPC for your cluster using the default values.
** Select *Advanced* if you want to configure your networking IP ranges or set your cluster privacy.
... Enter the desired values to configure your network IP ranges or enter the following defaults:
.... Node CIDR: 10.0.0.0/16
.... Service CIDR: 172.30.0.0/16
.... Pod CIDR: 10.128.0.0/14
.... Host Prefix: /23
... If you are creating a CCS {product-title} cluster, you can enable private clusters. This option is not available for standard clusters. Select your preferred cluster privacy. *Private* is selected by default.
+
[IMPORTANT]
====
CIDR configurations cannot be changed later. Confirm your selections with your network administrator before proceeding.
If the cluster privacy is set to *Private*, you will not be able to access your cluster until you configure private connections in your cloud provider.
====
. Optional: Select *Enable etcd encryption* if you require etcd key value encryption. With this option, the etcd key values are encrypted, but not the keys. The option is in addition to the control plane storage encryption that encrypts the etcd volumes in {product-title} clusters by default.
+
[IMPORTANT]
====
By enabling etcd encryption for the key values in etcd, you will incur a performance overhead of approximately 20%. The overhead is a result of introducing this second layer of encryption, in addition to the default control plane storage encryption that encrypts the etcd volumes. Red Hat recommends that you enable etcd encryption only if you specifically require it for your use case.
====
. Leave *Enable user workload monitoring* selected to monitor your own projects in isolation from Red Hat Site Reliability Engineer (SRE) platform metrics. The option is enabled by default.
. Select your cluster update method.
** *Manual* is selected by default. With this option, you are responsible for updating your cluster. If your cluster version falls too far behind, it will be automatically updated.
** Select *Automatic* if you want your cluster to be automatically upgraded when new versions are available. If you opt for automatic upgrades, you must specify the preferred day of the week and the time (UTC) for the upgrade to start.
+
[WARNING]
====
High and Critical security concerns (CVEs) are patched automatically within 48 hours, regardless of your chosen update strategy.
====
. Optional: You can set a grace period for *Node Draining* during cluster upgrades. A *1 hour* grace period is set by default.
. Click *Create cluster*. The cluster creation process begins and takes about 30-40 minutes to complete.
.Verification
* The *Installing cluster* heading, under the *Overview* tab, indicates that the cluster is installing and you can view the installation logs from this heading. The *Status* indicator under the *Details* heading indicates when your cluster is *Ready* for use.
View Git Blame Copy Permalink