Chapter 6. Installation configuration parameters for the Agent-based Installer
Before you deploy an OpenShift Container Platform cluster using the Agent-based Installer, you provide parameters to customize your cluster and the platform that hosts it. When you create the install-config.yaml
and agent-config.yaml
files, you must provide values for the required parameters, and you can use the optional parameters to customize your cluster further.
6.1. Available installation configuration parameters
The following tables specify the required and optional installation configuration parameters that you can set as part of the Agent-based installation process.
These values are specified in the install-config.yaml
file.
These settings are used for installation only, and cannot be modified after installation.
6.1.1. Required configuration parameters
Required installation configuration parameters are described in the following table:
Parameter | Description | Values |
---|---|---|
apiVersion: |
The API version for the | String |
baseDomain: |
The base domain of your cloud provider. The base domain is used to create routes to your OpenShift Container Platform cluster components. The full DNS name for your cluster is a combination of the |
A fully-qualified domain or subdomain name, such as |
metadata: |
Kubernetes resource | Object |
metadata: name: |
The name of the cluster. DNS records for the cluster are all subdomains of |
String of lowercase letters, hyphens ( |
platform: |
The configuration for the specific platform upon which to perform the installation: | Object |
pullSecret: | Get a pull secret from Red Hat OpenShift Cluster Manager to authenticate downloading container images for OpenShift Container Platform components from services such as Quay.io. |
{ "auths":{ "cloud.openshift.com":{ "auth":"b3Blb=", "email":"you@example.com" }, "quay.io":{ "auth":"b3Blb=", "email":"you@example.com" } } } |
6.1.2. Network configuration parameters
You can customize your installation configuration based on the requirements of your existing network infrastructure. For example, you can expand the IP address block for the cluster network or provide different IP address blocks than the defaults.
Consider the following information before you configure network parameters for your cluster:
- If you use the Red Hat OpenShift Networking OVN-Kubernetes network plugin, both IPv4 and IPv6 address families are supported.
If you deployed nodes in an OpenShift Container Platform cluster with a network that supports both IPv4 and non-link-local IPv6 addresses, configure your cluster to use a dual-stack network.
- For clusters configured for dual-stack networking, both IPv4 and IPv6 traffic must use the same network interface as the default gateway. This ensures that in a multiple network interface controller (NIC) environment, a cluster can detect what NIC to use based on the available network interface. For more information, see "OVN-Kubernetes IPv6 and dual-stack limitations" in About the OVN-Kubernetes network plugin.
- To prevent network connectivity issues, do not install a single-stack IPv4 cluster on a host that supports dual-stack networking.
If you configure your cluster to use both IP address families, review the following requirements:
- Both IP families must use the same network interface for the default gateway.
- Both IP families must have the default gateway.
You must specify IPv4 and IPv6 addresses in the same order for all network configuration parameters. For example, in the following configuration IPv4 addresses are listed before IPv6 addresses.
networking: clusterNetwork: - cidr: 10.128.0.0/14 hostPrefix: 23 - cidr: fd00:10:128::/56 hostPrefix: 64 serviceNetwork: - 172.30.0.0/16 - fd00:172:16::/112
Parameter | Description | Values |
---|---|---|
networking: | The configuration for the cluster network. | Object Note
You cannot modify parameters specified by the |
networking: networkType: | The Red Hat OpenShift Networking network plugin to install. |
|
networking: clusterNetwork: | The IP address blocks for pods.
The default value is If you specify multiple IP address blocks, the blocks must not overlap. | An array of objects. For example: networking: clusterNetwork: - cidr: 10.128.0.0/14 hostPrefix: 23 - cidr: fd01::/48 hostPrefix: 64 |
networking: clusterNetwork: cidr: |
Required if you use If you use the OVN-Kubernetes network plugin, you can specify IPv4 and IPv6 networks. |
An IP address block in Classless Inter-Domain Routing (CIDR) notation. The prefix length for an IPv4 block is between |
networking: clusterNetwork: hostPrefix: |
The subnet prefix length to assign to each individual node. For example, if | A subnet prefix.
For an IPv4 network the default value is |
networking: serviceNetwork: |
The IP address block for services. The default value is The OVN-Kubernetes network plugins supports only a single IP address block for the service network. If you use the OVN-Kubernetes network plugin, you can specify an IP address block for both of the IPv4 and IPv6 address families. | An array with an IP address block in CIDR format. For example: networking: serviceNetwork: - 172.30.0.0/16 - fd02::/112 |
networking: machineNetwork: | The IP address blocks for machines. If you specify multiple IP address blocks, the blocks must not overlap. | An array of objects. For example: networking: machineNetwork: - cidr: 10.0.0.0/16 |
networking: machineNetwork: cidr: |
Required if you use | An IP network block in CIDR notation.
For example, Note
Set the |
6.1.3. Optional configuration parameters
Optional installation configuration parameters are described in the following table:
Parameter | Description | Values |
---|---|---|
additionalTrustBundle: | A PEM-encoded X.509 certificate bundle that is added to the nodes' trusted certificate store. This trust bundle may also be used when a proxy has been configured. | String |
capabilities: | Controls the installation of optional core cluster components. You can reduce the footprint of your OpenShift Container Platform cluster by disabling optional components. For more information, see the "Cluster capabilities" page in Installing. | String array |
capabilities: baselineCapabilitySet: |
Selects an initial set of optional capabilities to enable. Valid values are | String |
capabilities: additionalEnabledCapabilities: |
Extends the set of optional capabilities beyond what you specify in | String array |
cpuPartitioningMode: | Enables workload partitioning, which isolates OpenShift Container Platform services, cluster management workloads, and infrastructure pods to run on a reserved set of CPUs. Workload partitioning can only be enabled during installation and cannot be disabled after installation. While this field enables workload partitioning, it does not configure workloads to use specific CPUs. For more information, see the Workload partitioning page in the Scalability and Performance section. |
|
compute: | The configuration for the machines that comprise the compute nodes. |
Array of |
compute: architecture: |
Determines the instruction set architecture of the machines in the pool. Currently, clusters with varied architectures are not supported. All pools must specify the same architecture. Valid values are | String |
compute: hyperthreading: |
Whether to enable or disable simultaneous multithreading, or Important If you disable simultaneous multithreading, ensure that your capacity planning accounts for the dramatically decreased machine performance. |
|
compute: name: |
Required if you use |
|
compute: platform: |
Required if you use |
|
compute: replicas: | The number of compute machines, which are also known as worker machines, to provision. |
A positive integer greater than or equal to |
featureSet: | Enables the cluster for a feature set. A feature set is a collection of OpenShift Container Platform features that are not enabled by default. For more information about enabling a feature set during installation, see "Enabling features using feature gates". |
String. The name of the feature set to enable, such as |
controlPlane: | The configuration for the machines that comprise the control plane. |
Array of |
controlPlane: architecture: |
Determines the instruction set architecture of the machines in the pool. Currently, clusters with varied architectures are not supported. All pools must specify the same architecture. Valid values are | String |
controlPlane: hyperthreading: |
Whether to enable or disable simultaneous multithreading, or Important If you disable simultaneous multithreading, ensure that your capacity planning accounts for the dramatically decreased machine performance. |
|
controlPlane: name: |
Required if you use |
|
controlPlane: platform: |
Required if you use |
|
controlPlane: replicas: | The number of control plane machines to provision. |
Supported values are |
credentialsMode: | The Cloud Credential Operator (CCO) mode. If no mode is specified, the CCO dynamically tries to determine the capabilities of the provided credentials, with a preference for mint mode on the platforms where multiple modes are supported. Note Not all CCO modes are supported for all cloud providers. For more information about CCO modes, see the "Managing cloud provider credentials" entry in the Authentication and authorization content. |
|
fips: |
Enable or disable FIPS mode. The default is Important To enable FIPS mode for your cluster, you must run the installation program from a Red Hat Enterprise Linux (RHEL) computer configured to operate in FIPS mode. For more information about configuring FIPS mode on RHEL, see Switching RHEL to FIPS mode. When running Red Hat Enterprise Linux (RHEL) or Red Hat Enterprise Linux CoreOS (RHCOS) booted in FIPS mode, OpenShift Container Platform core components use the RHEL cryptographic libraries that have been submitted to NIST for FIPS 140-2/140-3 Validation on only the x86_64, ppc64le, and s390x architectures. Note If you are using Azure File storage, you cannot enable FIPS mode. |
|
imageContentSources: | Sources and repositories for the release-image content. |
Array of objects. Includes a |
imageContentSources: source: |
Required if you use | String |
imageContentSources: mirrors: | Specify one or more repositories that may also contain the same images. | Array of strings |
publish: | How to publish or expose the user-facing endpoints of your cluster, such as the Kubernetes API, OpenShift routes. |
Setting this field to Important
If the value of the field is set to |
sshKey: | The SSH key to authenticate access to your cluster machines. Note
For production OpenShift Container Platform clusters on which you want to perform installation debugging or disaster recovery, specify an SSH key that your |
For example, |
6.1.4. Additional bare metal configuration parameters for the Agent-based Installer
Additional bare metal installation configuration parameters for the Agent-based Installer are described in the following table:
These fields are not used during the initial provisioning of the cluster, but they are available to use once the cluster has been installed. Configuring these fields at install time eliminates the need to set them as a Day 2 operation.
Parameter | Description | Values |
---|---|---|
platform: baremetal: clusterProvisioningIP: |
The IP address within the cluster where the provisioning services run. Defaults to the third IP address of the provisioning subnet. For example, | IPv4 or IPv6 address. |
platform: baremetal: provisioningNetwork: |
The
|
|
platform: baremetal: provisioningMACAddress: | The MAC address within the cluster where provisioning services run. | MAC address. |
platform: baremetal: provisioningNetworkCIDR: | The CIDR for the network to use for provisioning. This option is required when not using the default address range on the provisioning network. |
Valid CIDR, for example |
platform: baremetal: provisioningNetworkInterface: |
The name of the network interface on nodes connected to the provisioning network. Use the | String. |
platform: baremetal: provisioningDHCPRange: |
Defines the IP range for nodes on the provisioning network, for example | IP address range. |
platform: baremetal: hosts: | Configuration for bare metal hosts. | Array of host configuration objects. |
platform: baremetal: hosts: name: | The name of the host. | String. |
platform: baremetal: hosts: bootMACAddress: | The MAC address of the NIC used for provisioning the host. | MAC address. |
platform: baremetal: hosts: bmc: | Configuration for the host to connect to the baseboard management controller (BMC). | Dictionary of BMC configuration objects. |
platform: baremetal: hosts: bmc: username: | The username for the BMC. | String. |
platform: baremetal: hosts: bmc: password: | Password for the BMC. | String. |
platform: baremetal: hosts: bmc: address: |
The URL for communicating with the host’s BMC controller. The address configuration setting specifies the protocol. For example, | URL. |
platform: baremetal: hosts: bmc: disableCertificateVerification: |
| Boolean. |
6.1.5. Additional VMware vSphere configuration parameters
Additional VMware vSphere configuration parameters are described in the following table:
Parameter | Description | Values |
---|---|---|
platform: vsphere: | Describes your account on the cloud platform that hosts your cluster. You can use the parameter to customize the platform. If you provide additional configuration settings for compute and control plane machines in the machine pool, the parameter is not required. | A dictionary of vSphere configuration objects |
platform: vsphere: failureDomains: |
Establishes the relationships between a region and zone. You define a failure domain by using vCenter objects, such as a | An array of failure domain configuration objects. |
platform: vsphere: failureDomains: name: | The name of the failure domain. | String |
platform: vsphere: failureDomains: region: |
If you define multiple failure domains for your cluster, you must attach the tag to each vCenter data center. To define a region, use a tag from the | String |
platform: vsphere: failureDomains: server: |
Specifies the fully-qualified hostname or IP address of the VMware vCenter server, so that a client can access failure domain resources. You must apply the | String |
platform: vsphere: failureDomains: zone: |
If you define multiple failure domains for your cluster, you must attach a tag to each vCenter cluster. To define a zone, use a tag from the | String |
platform: vsphere: failureDomains: topology: computeCluster: | The path to the vSphere compute cluster. | String |
platform: vsphere: failureDomains: topology: datacenter: |
Lists and defines the data centers where OpenShift Container Platform virtual machines (VMs) operate. The list of data centers must match the list of data centers specified in the | String |
platform: vsphere: failureDomains: topology: datastore: | The path to the vSphere datastore that holds virtual machine files, templates, and ISO images. Important You can specify the path of any datastore that exists in a datastore cluster. By default, Storage vMotion is automatically enabled for a datastore cluster. Red Hat does not support Storage vMotion, so you must disable Storage vMotion to avoid data loss issues for your OpenShift Container Platform cluster.
If you must specify VMs across multiple datastores, use a | String |
platform: vsphere: failureDomains: topology: folder: |
Optional: The absolute path of an existing folder where the user creates the virtual machines, for example, | String |
platform: vsphere: failureDomains: topology: networks: | Lists any network in the vCenter instance that contains the virtual IP addresses and DNS records that you configured. | String |
platform: vsphere: failureDomains: topology: resourcePool: |
Optional: The absolute path of an existing resource pool where the installation program creates the virtual machines, for example, | String |
platform: vsphere: failureDomains: topology template: | Specifies the absolute path to a pre-existing Red Hat Enterprise Linux CoreOS (RHCOS) image template or virtual machine. The installation program can use the image template or virtual machine to quickly install RHCOS on vSphere hosts. Consider using this parameter as an alternative to uploading an RHCOS image on vSphere hosts. This parameter is available for use only on installer-provisioned infrastructure. | String |
platform: vsphere: vcenters: | Configures the connection details so that services can communicate with a vCenter server. | An array of vCenter configuration objects. |
platform: vsphere: vcenters: datacenters: |
Lists and defines the data centers where OpenShift Container Platform virtual machines (VMs) operate. The list of data centers must match the list of data centers specified in the | String |
platform: vsphere: vcenters: password: | The password associated with the vSphere user. | String |
platform: vsphere: vcenters: port: | The port number used to communicate with the vCenter server. | Integer |
platform: vsphere: vcenters: server: | The fully qualified host name (FQHN) or IP address of the vCenter server. | String |
platform: vsphere: vcenters: user: | The username associated with the vSphere user. | String |
6.1.6. Deprecated VMware vSphere configuration parameters
In OpenShift Container Platform 4.13, the following vSphere configuration parameters are deprecated. You can continue to use these parameters, but the installation program does not automatically specify these parameters in the install-config.yaml
file.
The following table lists each deprecated vSphere configuration parameter:
Parameter | Description | Values |
---|---|---|
platform: vsphere: cluster: | The vCenter cluster to install the OpenShift Container Platform cluster in. | String |
platform: vsphere: datacenter: | Defines the data center where OpenShift Container Platform virtual machines (VMs) operate. | String |
platform: vsphere: defaultDatastore: | The name of the default datastore to use for provisioning volumes. | String |
platform: vsphere: folder: | Optional: The absolute path of an existing folder where the installation program creates the virtual machines. If you do not provide this value, the installation program creates a folder that is named with the infrastructure ID in the data center virtual machine folder. |
String, for example, |
platform: vsphere: password: | The password for the vCenter user name. | String |
platform: vsphere: resourcePool: |
Optional: The absolute path of an existing resource pool where the installation program creates the virtual machines. If you do not specify a value, the installation program installs the resources in the root of the cluster under |
String, for example, |
platform: vsphere: username: | The user name to use to connect to the vCenter instance with. This user must have at least the roles and privileges that are required for static or dynamic persistent volume provisioning in vSphere. | String |
platform: vsphere: vCenter: | The fully-qualified hostname or IP address of a vCenter server. | String |
6.2. Available Agent configuration parameters
The following tables specify the required and optional Agent configuration parameters that you can set as part of the Agent-based installation process.
These values are specified in the agent-config.yaml
file.
These settings are used for installation only, and cannot be modified after installation.
6.2.1. Required configuration parameters
Required Agent configuration parameters are described in the following table:
Parameter | Description | Values |
---|---|---|
apiVersion: |
The API version for the | String |
metadata: |
Kubernetes resource | Object |
metadata: name: |
The name of the cluster. DNS records for the cluster are all subdomains of |
String of lowercase letters and hyphens ( |
6.2.2. Optional configuration parameters
Optional Agent configuration parameters are described in the following table:
Parameter | Description | Values |
---|---|---|
rendezvousIP: |
The IP address of the node that performs the bootstrapping process as well as running the | IPv4 or IPv6 address. |
bootArtifactsBaseURL: | The URL of the server to upload Preboot Execution Environment (PXE) assets to when using the Agent-based Installer to generate an iPXE script. For more information, see "Preparing PXE assets for OpenShift Container Platform". | String. |
additionalNTPSources: | A list of Network Time Protocol (NTP) sources to be added to all cluster hosts, which are added to any NTP sources that are configured through other means. | List of hostnames or IP addresses. |
hosts: |
Host configuration. An optional list of hosts. The number of hosts defined must not exceed the total number of hosts defined in the | An array of host configuration objects. |
hosts: hostname: | Hostname. Overrides the hostname obtained from either the Dynamic Host Configuration Protocol (DHCP) or a reverse DNS lookup. Each host must have a unique hostname supplied by one of these methods, although configuring a hostname through this parameter is optional. | String. |
hosts: interfaces: |
Provides a table of the name and MAC address mappings for the interfaces on the host. If a | An array of host configuration objects. |
hosts: interfaces: name: | The name of an interface on the host. | String. |
hosts: interfaces: macAddress: | The MAC address of an interface on the host. |
A MAC address such as the following example: |
hosts: role: |
Defines whether the host is a |
|
hosts: rootDeviceHints: | Enables provisioning of the Red Hat Enterprise Linux CoreOS (RHCOS) image to a particular device. The installation program examines the devices in the order it discovers them, and compares the discovered values with the hint values. It uses the first discovered device that matches the hint value. This is the device that the operating system is written on during installation. | A dictionary of key-value pairs. For more information, see "Root device hints" in the "Setting up the environment for an OpenShift installation" page. |
hosts: rootDeviceHints: deviceName: | The name of the device the RHCOS image is provisioned to. | String. |
hosts: networkConfig: | The host network definition. The configuration must match the Host Network Management API defined in the nmstate documentation. | A dictionary of host network configuration objects. |
Additional resources