Chapter 15. Installation configuration parameters for Azure


Before you deploy an OpenShift Container Platform cluster on Microsoft Azure, you provide parameters to customize your cluster and the platform that hosts it. When you create the install-config.yaml file, you provide values for the required parameters through the command line. You can then modify the install-config.yaml file to customize your cluster further.

15.1. Available installation configuration parameters for Azure

The following tables specify the required, optional, and Azure-specific installation configuration parameters that you can set as part of the installation process.

Note

After installation, you cannot modify these parameters in the install-config.yaml file.

15.1.1. Required configuration parameters

Required installation configuration parameters are described in the following table:

Table 15.1. Required parameters
ParameterDescriptionValues
apiVersion:

The API version for the install-config.yaml content. The current version is v1. The installation program may also support older API versions.

String

baseDomain:

The base domain of your cloud provider. The base domain is used to create routes to your OpenShift Container Platform cluster components. The full DNS name for your cluster is a combination of the baseDomain and metadata.name parameter values that uses the <metadata.name>.<baseDomain> format.

A fully-qualified domain or subdomain name, such as example.com.

metadata:

Kubernetes resource ObjectMeta, from which only the name parameter is consumed.

Object

metadata:
  name:

The name of the cluster. DNS records for the cluster are all subdomains of {{.metadata.name}}.{{.baseDomain}}.

String of lowercase letters, hyphens (-), and periods (.), such as dev.

platform:

The configuration for the specific platform upon which to perform the installation: aws, baremetal, azure, gcp, ibmcloud, nutanix, openstack, powervs, vsphere, or {}. For additional information about platform.<platform> parameters, consult the table for your specific platform that follows.

Object

pullSecret:

Get a pull secret from Red Hat OpenShift Cluster Manager to authenticate downloading container images for OpenShift Container Platform components from services such as Quay.io.

{
   "auths":{
      "cloud.openshift.com":{
         "auth":"b3Blb=",
         "email":"you@example.com"
      },
      "quay.io":{
         "auth":"b3Blb=",
         "email":"you@example.com"
      }
   }
}

15.1.2. Network configuration parameters

You can customize your installation configuration based on the requirements of your existing network infrastructure. For example, you can expand the IP address block for the cluster network or provide different IP address blocks than the defaults.

Only IPv4 addresses are supported.

Table 15.2. Network parameters
ParameterDescriptionValues
networking:

The configuration for the cluster network.

Object

Note

You cannot modify parameters specified by the networking object after installation.

networking:
  networkType:

The Red Hat OpenShift Networking network plugin to install.

OVNKubernetes. OVNKubernetes is a CNI plugin for Linux networks and hybrid networks that contain both Linux and Windows servers. The default value is OVNKubernetes.

networking:
  clusterNetwork:

The IP address blocks for pods.

The default value is 10.128.0.0/14 with a host prefix of /23.

If you specify multiple IP address blocks, the blocks must not overlap.

An array of objects. For example:

networking:
  clusterNetwork:
  - cidr: 10.128.0.0/14
    hostPrefix: 23
networking:
  clusterNetwork:
    cidr:

Required if you use networking.clusterNetwork. An IP address block.

An IPv4 network.

An IP address block in Classless Inter-Domain Routing (CIDR) notation. The prefix length for an IPv4 block is between 0 and 32.

networking:
  clusterNetwork:
    hostPrefix:

The subnet prefix length to assign to each individual node. For example, if hostPrefix is set to 23 then each node is assigned a /23 subnet out of the given cidr. A hostPrefix value of 23 provides 510 (2^(32 - 23) - 2) pod IP addresses.

A subnet prefix.

The default value is 23.

networking:
  serviceNetwork:

The IP address block for services. The default value is 172.30.0.0/16.

The OVN-Kubernetes network plugins supports only a single IP address block for the service network.

An array with an IP address block in CIDR format. For example:

networking:
  serviceNetwork:
   - 172.30.0.0/16
networking:
  machineNetwork:

The IP address blocks for machines.

If you specify multiple IP address blocks, the blocks must not overlap.

An array of objects. For example:

networking:
  machineNetwork:
  - cidr: 10.0.0.0/16
networking:
  machineNetwork:
    cidr:

Required if you use networking.machineNetwork. An IP address block. The default value is 10.0.0.0/16 for all platforms other than libvirt and IBM Power® Virtual Server. For libvirt, the default value is 192.168.126.0/24. For IBM Power® Virtual Server, the default value is 192.168.0.0/24.

An IP network block in CIDR notation.

For example, 10.0.0.0/16.

Note

Set the networking.machineNetwork to match the CIDR that the preferred NIC resides in.

15.1.3. Optional configuration parameters

Optional installation configuration parameters are described in the following table:

Table 15.3. Optional parameters
ParameterDescriptionValues
additionalTrustBundle:

A PEM-encoded X.509 certificate bundle that is added to the nodes' trusted certificate store. This trust bundle may also be used when a proxy has been configured.

String

capabilities:

Controls the installation of optional core cluster components. You can reduce the footprint of your OpenShift Container Platform cluster by disabling optional components. For more information, see the "Cluster capabilities" page in Installing.

String array

capabilities:
  baselineCapabilitySet:

Selects an initial set of optional capabilities to enable. Valid values are None, v4.11, v4.12 and vCurrent. The default value is vCurrent.

String

capabilities:
  additionalEnabledCapabilities:

Extends the set of optional capabilities beyond what you specify in baselineCapabilitySet. You may specify multiple capabilities in this parameter.

String array

cpuPartitioningMode:

Enables workload partitioning, which isolates OpenShift Container Platform services, cluster management workloads, and infrastructure pods to run on a reserved set of CPUs. Workload partitioning can only be enabled during installation and cannot be disabled after installation. While this field enables workload partitioning, it does not configure workloads to use specific CPUs. For more information, see the Workload partitioning page in the Scalability and Performance section.

None or AllNodes. None is the default value.

compute:

The configuration for the machines that comprise the compute nodes.

Array of MachinePool objects.

compute:
  architecture:

Determines the instruction set architecture of the machines in the pool. Currently, clusters with varied architectures are not supported. All pools must specify the same architecture. Valid values are amd64 and arm64. Not all installation options support the 64-bit ARM architecture. To verify if your installation option is supported on your platform, see Supported installation methods for different platforms in Selecting a cluster installation method and preparing it for users.

String

compute:
  hyperthreading:

Whether to enable or disable simultaneous multithreading, or hyperthreading, on compute machines. By default, simultaneous multithreading is enabled to increase the performance of your machines' cores.

Important

If you disable simultaneous multithreading, ensure that your capacity planning accounts for the dramatically decreased machine performance.

Enabled or Disabled

compute:
  name:

Required if you use compute. The name of the machine pool.

worker

compute:
  platform:

Required if you use compute. Use this parameter to specify the cloud provider to host the worker machines. This parameter value must match the controlPlane.platform parameter value.

aws, azure, gcp, ibmcloud, nutanix, openstack, powervs, vsphere, or {}

compute:
  replicas:

The number of compute machines, which are also known as worker machines, to provision.

A positive integer greater than or equal to 2. The default value is 3.

featureSet:

Enables the cluster for a feature set. A feature set is a collection of OpenShift Container Platform features that are not enabled by default. For more information about enabling a feature set during installation, see "Enabling features using feature gates".

String. The name of the feature set to enable, such as TechPreviewNoUpgrade.

controlPlane:

The configuration for the machines that comprise the control plane.

Array of MachinePool objects.

controlPlane:
  architecture:

Determines the instruction set architecture of the machines in the pool. Currently, clusters with varied architectures are not supported. All pools must specify the same architecture. Valid values are amd64 and arm64. Not all installation options support the 64-bit ARM architecture. To verify if your installation option is supported on your platform, see Supported installation methods for different platforms in Selecting a cluster installation method and preparing it for users.

String

controlPlane:
  hyperthreading:

Whether to enable or disable simultaneous multithreading, or hyperthreading, on control plane machines. By default, simultaneous multithreading is enabled to increase the performance of your machines' cores.

Important

If you disable simultaneous multithreading, ensure that your capacity planning accounts for the dramatically decreased machine performance.

Enabled or Disabled

controlPlane:
  name:

Required if you use controlPlane. The name of the machine pool.

master

controlPlane:
  platform:

Required if you use controlPlane. Use this parameter to specify the cloud provider that hosts the control plane machines. This parameter value must match the compute.platform parameter value.

aws, azure, gcp, ibmcloud, nutanix, openstack, powervs, vsphere, or {}

controlPlane:
  replicas:

The number of control plane machines to provision.

Supported values are 3, or 1 when deploying single-node OpenShift.

credentialsMode:

The Cloud Credential Operator (CCO) mode. If no mode is specified, the CCO dynamically tries to determine the capabilities of the provided credentials, with a preference for mint mode on the platforms where multiple modes are supported.

Note

Not all CCO modes are supported for all cloud providers. For more information about CCO modes, see the "Managing cloud provider credentials" entry in the Authentication and authorization content.

Mint, Passthrough, Manual or an empty string ("").

fips:

Enable or disable FIPS mode. The default is false (disabled). If FIPS mode is enabled, the Red Hat Enterprise Linux CoreOS (RHCOS) machines that OpenShift Container Platform runs on bypass the default Kubernetes cryptography suite and use the cryptography modules that are provided with RHCOS instead.

Important

To enable FIPS mode for your cluster, you must run the installation program from a Red Hat Enterprise Linux (RHEL) computer configured to operate in FIPS mode. For more information about configuring FIPS mode on RHEL, see Switching RHEL to FIPS mode.

When running Red Hat Enterprise Linux (RHEL) or Red Hat Enterprise Linux CoreOS (RHCOS) booted in FIPS mode, OpenShift Container Platform core components use the RHEL cryptographic libraries that have been submitted to NIST for FIPS 140-2/140-3 Validation on only the x86_64, ppc64le, and s390x architectures.

Note

If you are using Azure File storage, you cannot enable FIPS mode.

false or true

imageContentSources:

Sources and repositories for the release-image content.

Array of objects. Includes a source and, optionally, mirrors, as described in the following rows of this table.

imageContentSources:
  source:

Required if you use imageContentSources. Specify the repository that users refer to, for example, in image pull specifications.

String

imageContentSources:
  mirrors:

Specify one or more repositories that may also contain the same images.

Array of strings

publish:

How to publish or expose the user-facing endpoints of your cluster, such as the Kubernetes API, OpenShift routes.

Internal, External, or Mixed. To deploy a private cluster, which cannot be accessed from the internet, set publish to Internal. The default value is External. To deploy a cluster where the API and the ingress server have different publishing strategies, set publish to Mixed and use the operatorPublishingStrategy parameter.

sshKey:

The SSH key to authenticate access to your cluster machines.

Note

For production OpenShift Container Platform clusters on which you want to perform installation debugging or disaster recovery, specify an SSH key that your ssh-agent process uses.

For example, sshKey: ssh-ed25519 AAAA...

+

Important

Setting this parameter to Manual enables alternatives to storing administrator-level secrets in the kube-system project, which require additional configuration steps. For more information, see "Alternatives to storing administrator-level secrets in the kube-system project".

15.1.4. Additional Azure configuration parameters

Additional Azure configuration parameters are described in the following table.

Note

By default, if you specify availability zones in the install-config.yaml file, the installation program distributes the control plane machines and the compute machines across these availability zones within a region. To ensure high availability for your cluster, select a region with at least three availability zones. If your region contains fewer than three availability zones, the installation program places more than one control plane machine in the available zones.

Table 15.4. Additional Azure parameters
ParameterDescriptionValues
compute:
  platform:
    azure:
      encryptionAtHost:

Enables host-level encryption for compute machines. You can enable this encryption alongside user-managed server-side encryption. This feature encrypts temporary, ephemeral, cached and un-managed disks on the VM host. This is not a prerequisite for user-managed server-side encryption.

true or false. The default is false.

compute:
  platform:
    azure:
      osDisk:
        diskSizeGB:

The Azure disk size for the VM.

Integer that represents the size of the disk in GB. The default is 128.

compute:
  platform:
    azure:
      osDisk:
        diskType:

Defines the type of disk.

standard_LRS, premium_LRS, or standardSSD_LRS. The default is premium_LRS.

compute:
  platform:
    azure:
      ultraSSDCapability:

Enables the use of Azure ultra disks for persistent storage on compute nodes. This requires that your Azure region and zone have ultra disks available.

Enabled, Disabled. The default is Disabled.

compute:
  platform:
    azure:
      osDisk:
        diskEncryptionSet:
          resourceGroup:

The name of the Azure resource group that contains the disk encryption set from the installation prerequisites. This resource group should be different from the resource group where you install the cluster to avoid deleting your Azure encryption key when the cluster is destroyed. This value is only necessary if you intend to install the cluster with user-managed disk encryption.

String, for example production_encryption_resource_group.

compute:
  platform:
    azure:
      osDisk:
        diskEncryptionSet:
          name:

The name of the disk encryption set that contains the encryption key from the installation prerequisites.

String, for example production_disk_encryption_set.

compute:
  platform:
    azure:
      osDisk:
        diskEncryptionSet:
          subscriptionId:

Defines the Azure subscription of the disk encryption set where the disk encryption set resides. This secondary disk encryption set is used to encrypt compute machines.

String, in the format 00000000-0000-0000-0000-000000000000.

compute:
  platform:
    azure:
      osImage:
        publisher:

Optional. By default, the installation program downloads and installs the Red Hat Enterprise Linux CoreOS (RHCOS) image that is used to boot compute machines. You can override the default behavior by using a custom RHCOS image that is available from the Azure Marketplace. The installation program uses this image for compute machines only.

String. The name of the image publisher.

compute:
  platform:
    azure:
      osImage:
        offer:

The name of Azure Marketplace offer that is associated with the custom RHCOS image. If you use compute.platform.azure.osImage.publisher, this field is required.

String. The name of the image offer.

compute:
  platform:
    azure:
      osImage:
        sku:

An instance of the Azure Marketplace offer. If you use compute.platform.azure.osImage.publisher, this field is required.

String. The SKU of the image offer.

compute:
  platform:
    azure:
      osImage:
        version:

The version number of the image SKU. If you use compute.platform.azure.osImage.publisher, this field is required.

String. The version of the image to use.

compute:
  platform:
    azure:
      vmNetworkingType:

Enables accelerated networking. Accelerated networking enables single root I/O virtualization (SR-IOV) to a VM, improving its networking performance. If instance type of compute machines support Accelerated networking, by default, the installer enables Accelerated networking, otherwise the default networking type is Basic.

Accelerated or Basic.

compute:
  platform:
    azure:
      type:

Defines the Azure instance type for compute machines.

String

compute:
  platform:
    azure:
      zones:

The availability zones where the installation program creates compute machines.

String list

compute:
  platform:
    azure:
      settings:
        securityType:

Enables confidential VMs or trusted launch for compute nodes. This option is not enabled by default.

ConfidentialVM or TrustedLaunch.

compute:
  platform:
    azure:
      settings:
        confidentialVM:
          uefiSettings:
            secureBoot:

Enables secure boot on compute nodes if you are using confidential VMs.

Enabled or Disabled. The default is Disabled.

compute:
  platform:
    azure:
      settings:
        confidentialVM:
          uefiSettings:
            virtualizedTrustedPlatformModule:

Enables the virtualized Trusted Platform Module (vTPM) feature on compute nodes if you are using confidential VMs.

Enabled or Disabled. The default is Disabled.

compute:
  platform:
    azure:
      settings:
        trustedLaunch:
          uefiSettings:
            secureBoot:

Enables secure boot on compute nodes if you are using trusted launch.

Enabled or Disabled. The default is Disabled.

compute:
  platform:
    azure:
      settings:
        trustedLaunch:
          uefiSettings:
            virtualizedTrustedPlatformModule:

Enables the vTPM feature on compute nodes if you are using trusted launch.

Enabled or Disabled. The default is Disabled.

compute:
  platform:
    azure:
      osDisk:
        securityProfile:
          securityEncryptionType:

Enables the encryption of the virtual machine guest state for compute nodes. This parameter can only be used if you use Confidential VMs.

VMGuestStateOnly is the only supported value.

controlPlane:
  platform:
    azure:
      settings:
        securityType:

Enables confidential VMs or trusted launch for control plane nodes. This option is not enabled by default.

ConfidentialVM or TrustedLaunch.

controlPlane:
  platform:
    azure:
      settings:
        confidentialVM:
          uefiSettings:
            secureBoot:

Enables secure boot on control plane nodes if you are using confidential VMs.

Enabled or Disabled. The default is Disabled.

controlPlane:
  platform:
    azure:
      settings:
        confidentialVM:
          uefiSettings:
            virtualizedTrustedPlatformModule:

Enables the vTPM feature on control plane nodes if you are using confidential VMs.

Enabled or Disabled. The default is Disabled.

controlPlane:
  platform:
    azure:
      settings:
        trustedLaunch:
          uefiSettings:
            secureBoot:

Enables secure boot on control plane nodes if you are using trusted launch.

Enabled or Disabled. The default is Disabled.

controlPlane:
  platform:
    azure:
      settings:
        trustedLaunch:
          uefiSettings:
            virtualizedTrustedPlatformModule:

Enables the vTPM feature on control plane nodes if you are using trusted launch.

Enabled or Disabled. The default is Disabled.

controlPlane:
  platform:
    azure:
      osDisk:
        securityProfile:
          securityEncryptionType:

Enables the encryption of the virtual machine guest state for control plane nodes. This parameter can only be used if you use Confidential VMs.

VMGuestStateOnly is the only supported value.

controlPlane:
  platform:
    azure:
      type:

Defines the Azure instance type for control plane machines.

String

controlPlane:
  platform:
    azure:
      zones:

The availability zones where the installation program creates control plane machines.

String list

platform:
  azure:
    defaultMachinePlatform:
      settings:
        securityType:

Enables confidential VMs or trusted launch for all nodes. This option is not enabled by default.

ConfidentialVM or TrustedLaunch.

platform:
  azure:
    defaultMachinePlatform:
      settings:
        confidentialVM:
          uefiSettings:
            secureBoot:

Enables secure boot on all nodes if you are using confidential VMs.

Enabled or Disabled. The default is Disabled.

platform:
  azure:
    defaultMachinePlatform:
      settings:
        confidentialVM:
          uefiSettings:
            virtualizedTrustedPlatformModule:

Enables the virtualized Trusted Platform Module (vTPM) feature on all nodes if you are using confidential VMs.

Enabled or Disabled. The default is Disabled.

platform:
  azure:
    defaultMachinePlatform:
      settings:
        trustedLaunch:
          uefiSettings:
            secureBoot:

Enables secure boot on all nodes if you are using trusted launch.

Enabled or Disabled. The default is Disabled.

platform:
  azure:
    defaultMachinePlatform:
      settings:
        trustedLaunch:
          uefiSettings:
            virtualizedTrustedPlatformModule:

Enables the vTPM feature on all nodes if you are using trusted launch.

Enabled or Disabled. The default is Disabled.

platform:
  azure:
    defaultMachinePlatform:
      osDisk:
        securityProfile:
          securityEncryptionType:

Enables the encryption of the virtual machine guest state for all nodes. This parameter can only be used if you use Confidential VMs.

VMGuestStateOnly is the only supported value.

platform:
  azure:
    defaultMachinePlatform:
      encryptionAtHost:

Enables host-level encryption for compute machines. You can enable this encryption alongside user-managed server-side encryption. This feature encrypts temporary, ephemeral, cached, and un-managed disks on the VM host. This parameter is not a prerequisite for user-managed server-side encryption.

true or false. The default is false.

platform:
  azure:
    defaultMachinePlatform:
      osDisk:
        diskEncryptionSet:
          name:

The name of the disk encryption set that contains the encryption key from the installation prerequisites.

String, for example, production_disk_encryption_set.

platform:
  azure:
    defaultMachinePlatform:
      osDisk:
        diskEncryptionSet:
          resourceGroup:

The name of the Azure resource group that contains the disk encryption set from the installation prerequisites. To avoid deleting your Azure encryption key when the cluster is destroyed, this resource group must be different from the resource group where you install the cluster. This value is necessary only if you intend to install the cluster with user-managed disk encryption.

String, for example, production_encryption_resource_group.

platform:
  azure:
    defaultMachinePlatform:
      osDisk:
        diskEncryptionSet:
          subscriptionId:

Defines the Azure subscription of the disk encryption set where the disk encryption set resides. This secondary disk encryption set is used to encrypt compute machines.

String, in the format 00000000-0000-0000-0000-000000000000.

platform:
  azure:
    defaultMachinePlatform:
      osDisk:
        diskSizeGB:

The Azure disk size for the VM.

Integer that represents the size of the disk in GB. The default is 128.

platform:
  azure:
    defaultMachinePlatform:
      osDisk:
        diskType:

Defines the type of disk.

premium_LRS or standardSSD_LRS. The default is premium_LRS.

platform:
  azure:
    defaultMachinePlatform:
      osImage:
        publisher:

Optional. By default, the installation program downloads and installs the Red Hat Enterprise Linux CoreOS (RHCOS) image that is used to boot control plane and compute machines. You can override the default behavior by using a custom RHCOS image that is available from the Azure Marketplace. The installation program uses this image for both types of machines.

String. The name of the image publisher.

platform:
  azure:
    defaultMachinePlatform:
      osImage:
        offer:

The name of Azure Marketplace offer that is associated with the custom RHCOS image. If you use platform.azure.defaultMachinePlatform.osImage.publisher, this field is required.

String. The name of the image offer.

platform:
  azure:
    defaultMachinePlatform:
      osImage:
        sku:

An instance of the Azure Marketplace offer. If you use platform.azure.defaultMachinePlatform.osImage.publisher, this field is required.

String. The SKU of the image offer.

platform:
  azure:
    defaultMachinePlatform:
      osImage:
        version:

The version number of the image SKU. If you use platform.azure.defaultMachinePlatform.osImage.publisher, this field is required.

String. The version of the image to use.

platform:
  azure:
    defaultMachinePlatform:
      type:

The Azure instance type for control plane and compute machines.

The Azure instance type.

platform:
  azure:
    defaultMachinePlatform:
      zones:

The availability zones where the installation program creates compute and control plane machines.

String list.

controlPlane:
  platform:
    azure:
      encryptionAtHost:

Enables host-level encryption for control plane machines. You can enable this encryption alongside user-managed server-side encryption. This feature encrypts temporary, ephemeral, cached and un-managed disks on the VM host. This is not a prerequisite for user-managed server-side encryption.

true or false. The default is false.

controlPlane:
  platform:
    azure:
      osDisk:
        diskEncryptionSet:
          resourceGroup:

The name of the Azure resource group that contains the disk encryption set from the installation prerequisites. This resource group should be different from the resource group where you install the cluster to avoid deleting your Azure encryption key when the cluster is destroyed. This value is only necessary if you intend to install the cluster with user-managed disk encryption.

String, for example production_encryption_resource_group.

controlPlane:
  platform:
    azure:
      osDisk:
        diskEncryptionSet:
          name:

The name of the disk encryption set that contains the encryption key from the installation prerequisites.

String, for example production_disk_encryption_set.

controlPlane:
  platform:
    azure:
      osDisk:
        diskEncryptionSet:
          subscriptionId:

Defines the Azure subscription of the disk encryption set where the disk encryption set resides. This secondary disk encryption set is used to encrypt control plane machines.

String, in the format 00000000-0000-0000-0000-000000000000.

controlPlane:
  platform:
    azure:
      osDisk:
        diskSizeGB:

The Azure disk size for the VM.

Integer that represents the size of the disk in GB. The default is 1024.

controlPlane:
  platform:
    azure:
      osDisk:
        diskType:

Defines the type of disk.

premium_LRS or standardSSD_LRS. The default is premium_LRS.

controlPlane:
  platform:
    azure:
      osImage:
        publisher:

Optional. By default, the installation program downloads and installs the Red Hat Enterprise Linux CoreOS (RHCOS) image that is used to boot control plane machines. You can override the default behavior by using a custom RHCOS image that is available from the Azure Marketplace. The installation program uses this image for control plane machines only.

String. The name of the image publisher.

controlPlane:
  platform:
    azure:
      osImage:
        offer:

The name of Azure Marketplace offer that is associated with the custom RHCOS image. If you use controlPlane.platform.azure.osImage.publisher, this field is required.

String. The name of the image offer.

controlPlane:
  platform:
    azure:
      osImage:
        sku:

An instance of the Azure Marketplace offer. If you use controlPlane.platform.azure.osImage.publisher, this field is required.

String. The SKU of the image offer.

controlPlane:
  platform:
    azure:
      osImage:
        version:

The version number of the image SKU. If you use controlPlane.platform.azure.osImage.publisher, this field is required.

String. The version of the image to use.

controlPlane:
  platform:
    azure:
      ultraSSDCapability:

Enables the use of Azure ultra disks for persistent storage on control plane machines. This requires that your Azure region and zone have ultra disks available.

Enabled, Disabled. The default is Disabled.

controlPlane:
  platform:
    azure:
      vmNetworkingType:

Enables accelerated networking. Accelerated networking enables single root I/O virtualization (SR-IOV) to a VM, improving its networking performance. If instance type of control plane machines support Accelerated networking, by default, the installer enables Accelerated networking, otherwise the default networking type is Basic.

Accelerated or Basic.

platform:
  azure:
    baseDomainResourceGroupName:

The name of the resource group that contains the DNS zone for your base domain.

String, for example production_cluster.

platform:
  azure:
    resourceGroupName:

The name of an already existing resource group to install your cluster to. This resource group must be empty and only used for this specific cluster; the cluster components assume ownership of all resources in the resource group. If you limit the service principal scope of the installation program to this resource group, you must ensure all other resources used by the installation program in your environment have the necessary permissions, such as the public DNS zone and virtual network. Destroying the cluster by using the installation program deletes this resource group.

String, for example existing_resource_group.

platform:
  azure:
    outboundType:

The outbound routing strategy used to connect your cluster to the internet. If you are using user-defined routing, you must have pre-existing networking available where the outbound routing has already been configured prior to installing a cluster. The installation program is not responsible for configuring user-defined routing. If you specify the NatGateway routing strategy, the installation program will only create one NAT gateway. If you specify the NatGateway routing strategy, your account must have the Microsoft.Network/natGateways/read and Microsoft.Network/natGateways/write permissions.

Important

NatGateway is a Technology Preview feature only. Technology Preview features are not supported with Red Hat production service level agreements (SLAs) and might not be functionally complete. Red Hat does not recommend using them in production. These features provide early access to upcoming product features, enabling customers to test functionality and provide feedback during the development process.

For more information about the support scope of Red Hat Technology Preview features, see Technology Preview Features Support Scope.

LoadBalancer, UserDefinedRouting, or NatGateway. The default is LoadBalancer.

platform:
  azure:
    region:

The name of the Azure region that hosts your cluster.

Any valid region name, such as centralus.

platform:
  azure:
    zone:

List of availability zones to place machines in. For high availability, specify at least two zones.

List of zones, for example ["1", "2", "3"].

platform:
  azure:
    customerManagedKey:
      keyVault:
        name:

Specifies the name of the key vault that contains the encryption key that is used to encrypt Azure storage.

String.

platform:
  azure:
    customerManagedKey:
      keyVault:
        keyName:

Specifies the name of the user-managed encryption key that is used to encrypt Azure storage.

String.

platform:
  azure:
    customerManagedKey:
      keyVault:
        resourceGroup:

Specifies the name of the resource group that contains the key vault and managed identity.

String.

platform:
  azure:
    customerManagedKey:
      keyVault:
        subscriptionId:

Specifies the subscription ID that is associated with the key vault.

String, in the format 00000000-0000-0000-0000-000000000000.

platform:
  azure:
    customerManagedKey:
      userAssignedIdentityKey:

Specifies the name of the user-assigned managed identity that resides in the resource group with the key vault and has access to the user-managed key.

String.

platform:
  azure:
    defaultMachinePlatform:
      ultraSSDCapability:

Enables the use of Azure ultra disks for persistent storage on control plane and compute machines. This requires that your Azure region and zone have ultra disks available.

Enabled, Disabled. The default is Disabled.

platform:
  azure:
    networkResourceGroupName:

The name of the resource group that contains the existing VNet that you want to deploy your cluster to. This name cannot be the same as the platform.azure.baseDomainResourceGroupName.

String.

platform:
  azure:
    virtualNetwork:

The name of the existing VNet that you want to deploy your cluster to.

String.

platform:
  azure:
    controlPlaneSubnet:

The name of the existing subnet in your VNet that you want to deploy your control plane machines to.

Valid CIDR, for example 10.0.0.0/16.

platform:
  azure:
    computeSubnet:

The name of the existing subnet in your VNet that you want to deploy your compute machines to.

Valid CIDR, for example 10.0.0.0/16.

platform:
  azure:
    cloudName:

The name of the Azure cloud environment that is used to configure the Azure SDK with the appropriate Azure API endpoints. If empty, the default value AzurePublicCloud is used.

Any valid cloud environment, such as AzurePublicCloud or AzureUSGovernmentCloud.

platform:
  azure:
    defaultMachinePlatform:
      vmNetworkingType:

Enables accelerated networking. Accelerated networking enables single root I/O virtualization (SR-IOV) to a VM, improving its networking performance.

Accelerated or Basic. If instance type of control plane and compute machines support Accelerated networking, by default, the installer enables Accelerated networking, otherwise the default networking type is Basic.

operatorPublishingStrategy:
  apiserver:

Determines whether the load balancers that service the API are public or private. Set this parameter to Internal to prevent the API server from being accessible outside of your VNet. Set this parameter to External to make the API server accessible outside of your VNet. If you set this parameter, you must set the publish parameter to Mixed.

External or Internal. The default value is External.

operatorPublishingStrategy:
  ingress:

Determines whether the DNS resources that the cluster creates for ingress traffic are publicly visible. Set this parameter to Internal to prevent the ingress VIP from being publicly accessible. Set this parameter to External to make the ingress VIP publicly accessible. If you set this parameter, you must set the publish parameter to Mixed.

External or Internal. The default value is External.

Note

You cannot customize Azure Availability Zones or Use tags to organize your Azure resources with an Azure cluster.

Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.