Chapter 6. Installation configuration
6.1. Available cluster customizations
You complete most of the cluster configuration and customization after you deploy your OpenShift Container Platform cluster. A number of configuration resources are available.
You modify the configuration resources to configure the major features of the cluster, such as the image registry, networking configuration, image build behavior, and the identity provider.
For current documentation of settings these resources expose, use the oc explain command, for example oc explain builds --api-version=config.openshift.io/v1
6.1.1. Cluster configuration resources
All cluster configuration resources are globally scoped (not namespaced) and named cluster.
| Resource name | Description |
|---|---|
| apiserver.config.openshift.io | Provides api-server configuration such as certificates and certificate authorities. |
| authentication.config.openshift.io | Controls the identity providerand authentication configuration for the cluster. |
| build.config.openshift.io | Controls default and enforced configuration for all builds on the cluster. |
| console.config.openshift.io | Configures the behavior of the web console interface, including the logout behavior. |
| featuregate.config.openshift.io | Enables FeatureGates so that you can use Tech Preview features. |
| image.config.openshift.io | Configures how specific image registries should be treated (allowed, disallowed, insecure, CA details). |
| ingress.config.openshift.io | Configuration details related to routing such as the default domain for routes. |
| oauth.config.openshift.io | Configures identity providers and other behavior related to internal OAuth server flows. |
| project.config.openshift.io | Configures how projects are created including the project template. |
| proxy.config.openshift.io | Defines proxies to be used by components needing external network access. Note: not all components currently consume this value. |
| scheduler.config.openshift.io | Configures scheduler behavior such as policies and default nodeselectors. |
6.1.2. Operator configuration resources
These configuration resources are cluster-scoped instances, named cluster, which control the behavior of a specific component as owned by a particular operator.
| Resource name | Description |
|---|---|
| console.operator.openshift.io | Controls console appearance such as branding customizations |
| config.imageregistry.operator.openshift.io | Configures internal image registry settings such as public routing, log levels, proxy settings, resource constraints, replica counts, and storage type. |
| config.samples.operator.openshift.io | Configures the Samples Operator to control which example imagestreams and templates are installed on the cluster. |
6.1.3. Additional configuration resources
These configuration resources represent a single instance of a particular component, in some cases multiple instances can be requested by creating multiple instances of the resource. In other cases only a specific resource instance name in a specific namespace will be consumed by the operator. Reference the component-specific documentation for details on how and when additional resource instances can be created.
| Resource name | Instance name | Namespace | Description |
|---|---|---|---|
| alertmanager.monitoring.coreos.com | main | openshift-monitoring | Controls the alertmanager deployment parameters. |
| ingresscontroller.operator.openshift.io | default | openshift-ingress-operator | Configures Ingress Operator behavior such as domain, number of replicas, certificates, and controller placement. |
6.1.4. Informational Resources
You use these resources to retrieve information about the cluster. You should not edit these resources directly.
| Resource name | Instance name | Description |
|---|---|---|
| clusterversion.config.openshift.io | version | In OpenShift Container Platform 4.1, you must not customize the ClusterVersion resource for production clusters. Instead, follow the process to update a cluster. |
| dns.config.openshift.io | cluster | You cannot modify the DNS settings for your cluster. You can view the DNS Operator status. |
| infrastructure.config.openshift.io | cluster | Configuration details allowing the cluster to interact with its cloud provider. |
| network.config.openshift.io | cluster | You cannot modify your cluster networking after installation. To customize your network, follow the process to customize networking during installation. |
6.2. Configuring your firewall
If you use a firewall, you must configure it so that OpenShift Container Platform can access Red Hat Insights. This access is required for OpenShift Container Platform to access the Telemetry service, which is required to receive updates.
6.2.1. Configuring your firewall for OpenShift Container Platform
Before you install OpenShift Container Platform, you must configure your firewall to access Red Hat Insights.
Procedure
Set your firewall to allow the following host names and ports on the outgoing network firewall:
cert-api.access.redhat.com:443 api.access.redhat.com:443 infogw.api.openshift.com:443
