Questo contenuto non è disponibile nella lingua selezionata.

Chapter 7. Installation configuration parameters for AWS


Before you deploy an OpenShift Container Platform cluster on AWS, you provide parameters to customize your cluster and the platform that hosts it. When you create the install-config.yaml file, you provide values for the required parameters through the command line. You can then modify the install-config.yaml file to customize your cluster further.

7.1. Available installation configuration parameters for AWS

The following tables specify the required, optional, and AWS-specific installation configuration parameters that you can set as part of the installation process.

Important

After installation, you cannot change these parameters in the install-config.yaml file.

7.1.1. Required configuration parameters

Required installation configuration parameters are described in the following table:

Expand
Table 7.1. Required parameters
ParameterDescriptionValues
apiVersion:
Copy to Clipboard Toggle word wrap

The API version for the install-config.yaml content. The current version is v1. The installation program might also support older API versions.

String

baseDomain:
Copy to Clipboard Toggle word wrap

The base domain of your cloud provider. The base domain is used to create routes to your OpenShift Container Platform cluster components. The full DNS name for your cluster is a combination of the baseDomain and metadata.name parameter values that uses the <metadata.name>.<baseDomain> format.

A fully-qualified domain or subdomain name, such as example.com.

metadata:
Copy to Clipboard Toggle word wrap

Kubernetes resource ObjectMeta, from which only the name parameter is consumed.

Object

metadata:
  name:
Copy to Clipboard Toggle word wrap

The name of the cluster. DNS records for the cluster are all subdomains of {{.metadata.name}}.{{.baseDomain}}.

String of lowercase letters, hyphens (-), and periods (.), such as dev.

platform:
Copy to Clipboard Toggle word wrap

The configuration for the specific platform upon which to perform the installation: aws, baremetal, azure, gcp, ibmcloud, nutanix, openstack, powervs, vsphere, or {}. For additional information about platform.<platform> parameters, consult the table for your specific platform that follows.

Object

pullSecret:
Copy to Clipboard Toggle word wrap

Get a pull secret from Red Hat OpenShift Cluster Manager to authenticate downloading container images for OpenShift Container Platform components from services such as Quay.io.

{
   "auths":{
      "cloud.openshift.com":{
         "auth":"b3Blb=",
         "email":"you@example.com"
      },
      "quay.io":{
         "auth":"b3Blb=",
         "email":"you@example.com"
      }
   }
}
Copy to Clipboard Toggle word wrap

7.1.2. Network configuration parameters

You can customize your installation configuration based on the requirements of your existing network infrastructure. For example, you can expand the IP address block for the cluster network or configure different IP address blocks than the defaults.

Only IPv4 addresses are supported.

Expand
Table 7.2. Network parameters
ParameterDescriptionValues
networking:
Copy to Clipboard Toggle word wrap

The configuration for the cluster network.

Object

Note

You cannot change parameters specified by the networking object after installation.

networking:
  networkType:
Copy to Clipboard Toggle word wrap

The Red Hat OpenShift Networking network plugin to install.

OVNKubernetes. OVNKubernetes is a Container Network Interface (CNI) plugin for Linux networks and hybrid networks that contain both Linux and Windows servers. The default value is OVNKubernetes.

networking:
  clusterNetwork:
Copy to Clipboard Toggle word wrap

The IP address blocks for pods.

The default value is 10.128.0.0/14 with a host prefix of /23.

If you specify multiple IP address blocks, the blocks must not overlap.

An array of objects. For example:

networking:
  clusterNetwork:
  - cidr: 10.128.0.0/14
    hostPrefix: 23
Copy to Clipboard Toggle word wrap
networking:
  clusterNetwork:
    cidr:
Copy to Clipboard Toggle word wrap

Required if you use networking.clusterNetwork. An IP address block.

An IPv4 network.

An IP address block in Classless Inter-Domain Routing (CIDR) notation. The prefix length for an IPv4 block is between 0 and 32.

networking:
  clusterNetwork:
    hostPrefix:
Copy to Clipboard Toggle word wrap

The subnet prefix length to assign to each individual node. For example, if hostPrefix is set to 23 then each node is assigned a /23 subnet out of the given cidr. A hostPrefix value of 23 provides 510 (2^(32 - 23) - 2) pod IP addresses.

A subnet prefix.

The default value is 23.

networking:
  serviceNetwork:
Copy to Clipboard Toggle word wrap

The IP address block for services. The default value is 172.30.0.0/16.

The OVN-Kubernetes network plugins supports only a single IP address block for the service network.

An array with an IP address block in CIDR format. For example:

networking:
  serviceNetwork:
   - 172.30.0.0/16
Copy to Clipboard Toggle word wrap
networking:
  machineNetwork:
Copy to Clipboard Toggle word wrap

The IP address blocks for machines.

If you specify multiple IP address blocks, the blocks must not overlap.

An array of objects. For example:

networking:
  machineNetwork:
  - cidr: 10.0.0.0/16
Copy to Clipboard Toggle word wrap
networking:
  machineNetwork:
    cidr:
Copy to Clipboard Toggle word wrap

Required if you use networking.machineNetwork. An IP address block. The default value is 10.0.0.0/16 for all platforms other than libvirt and IBM Power® Virtual Server. For libvirt, the default value is 192.168.126.0/24. For IBM Power® Virtual Server, the default value is 192.168.0.0/24.

An IP network block in CIDR notation.

For example, 10.0.0.0/16.

Note

Set the networking.machineNetwork to match the CIDR that the preferred NIC resides in.

7.1.3. Optional configuration parameters

Optional installation configuration parameters are described in the following table:

Expand
Table 7.3. Optional parameters
ParameterDescriptionValues
additionalTrustBundle:
Copy to Clipboard Toggle word wrap

A PEM-encoded X.509 certificate bundle that is added to the nodes' trusted certificate store. This trust bundle might also be used when a proxy is configured.

String

capabilities:
Copy to Clipboard Toggle word wrap

Controls the installation of optional core cluster components. You can reduce the footprint of your OpenShift Container Platform cluster by disabling optional components. For more information, see the "Cluster capabilities" page in Installing.

String array

capabilities:
  baselineCapabilitySet:
Copy to Clipboard Toggle word wrap

Selects an initial set of optional capabilities to enable. Valid values are None, v4.11, v4.12 and vCurrent. The default value is vCurrent.

String

capabilities:
  additionalEnabledCapabilities:
Copy to Clipboard Toggle word wrap

Extends the set of optional capabilities beyond what you specify in baselineCapabilitySet. You can specify multiple capabilities in this parameter.

String array

cpuPartitioningMode:
Copy to Clipboard Toggle word wrap

Enables workload partitioning, which isolates OpenShift Container Platform services, cluster management workloads, and infrastructure pods to run on a reserved set of CPUs. You can only enable workload partitioning during installation. You cannot disable it after installation. While this field enables workload partitioning, it does not configure workloads to use specific CPUs. For more information, see the Workload partitioning page in the Scalability and Performance section.

None or AllNodes. None is the default value.

compute:
Copy to Clipboard Toggle word wrap

The configuration for the machines that comprise the compute nodes.

Array of MachinePool objects.

compute:
  architecture:
Copy to Clipboard Toggle word wrap

Determines the instruction set architecture of the machines in the pool. Currently, clusters with varied architectures are not supported. All pools must specify the same architecture. Valid values are amd64 and arm64. Not all installation options support the 64-bit ARM architecture. To verify if your installation option is supported on your platform, see Supported installation methods for different platforms in Selecting a cluster installation method and preparing it for users.

String

compute:
  hyperthreading:
Copy to Clipboard Toggle word wrap

Whether to enable or disable simultaneous multithreading, or hyperthreading, on compute machines. By default, simultaneous multithreading is enabled to increase the performance of your machines' cores.

Important

If you disable simultaneous multithreading, ensure that your capacity planning accounts for the dramatically decreased machine performance.

Enabled or Disabled

compute:
  name:
Copy to Clipboard Toggle word wrap

Required if you use compute. The name of the machine pool.

worker

compute:
  platform:
Copy to Clipboard Toggle word wrap

Required if you use compute. Use this parameter to specify the cloud provider to host the worker machines. This parameter value must match the controlPlane.platform parameter value.

aws, azure, gcp, ibmcloud, nutanix, openstack, powervs, vsphere, or {}

compute:
  replicas:
Copy to Clipboard Toggle word wrap

The number of compute machines, which are also known as worker machines, to provision.

A positive integer greater than or equal to 2. The default value is 3.

featureSet:
Copy to Clipboard Toggle word wrap

Enables the cluster for a feature set. A feature set is a collection of OpenShift Container Platform features that are not enabled by default. For more information about enabling a feature set during installation, see "Enabling features using feature gates".

String. The name of the feature set to enable, such as TechPreviewNoUpgrade.

controlPlane:
Copy to Clipboard Toggle word wrap

The configuration for the machines that form the control plane.

Array of MachinePool objects.

controlPlane:
  architecture:
Copy to Clipboard Toggle word wrap

Determines the instruction set architecture of the machines in the pool. Currently, clusters with varied architectures are not supported. All pools must specify the same architecture. Valid values are amd64 and arm64. Not all installation options support the 64-bit ARM architecture. To verify if your installation option is supported on your platform, see Supported installation methods for different platforms in Selecting a cluster installation method and preparing it for users.

String

controlPlane:
  hyperthreading:
Copy to Clipboard Toggle word wrap

Whether to enable or disable simultaneous multithreading, or hyperthreading, on control plane machines. By default, simultaneous multithreading is enabled to increase the performance of your machines' cores.

Important

If you disable simultaneous multithreading, ensure that your capacity planning accounts for the dramatically decreased machine performance.

Enabled or Disabled

controlPlane:
  name:
Copy to Clipboard Toggle word wrap

Required if you use controlPlane. The name of the machine pool.

master

controlPlane:
  platform:
Copy to Clipboard Toggle word wrap

Required if you use controlPlane. Use this parameter to specify the cloud provider that hosts the control plane machines. This parameter value must match the compute.platform parameter value.

aws, azure, gcp, ibmcloud, nutanix, openstack, powervs, vsphere, or {}

controlPlane:
  replicas:
Copy to Clipboard Toggle word wrap

The number of control plane machines to provision.

Supported values are 3, or 1 when deploying single-node OpenShift.

credentialsMode:
Copy to Clipboard Toggle word wrap

The Cloud Credential Operator (CCO) mode. If no mode is specified, the CCO dynamically tries to determine the capabilities of the provided credentials, with a preference for mint mode on the platforms where multiple modes are supported.

Note

Not all CCO modes are supported for all cloud providers. For more information about CCO modes, see the "Managing cloud provider credentials" entry in the Authentication and authorization content.

Mint, Passthrough, Manual or an empty string ("").

fips:
Copy to Clipboard Toggle word wrap

Enable or disable FIPS mode. The default is false (disabled). If you enable FIPS mode, the Red Hat Enterprise Linux CoreOS (RHCOS) machines that OpenShift Container Platform runs on bypass the default Kubernetes cryptography suite and use the cryptography modules that RHCOS provides instead.

Important

To enable FIPS mode for your cluster, you must run the installation program from a Red Hat Enterprise Linux (RHEL) computer configured to operate in FIPS mode. For more information about configuring FIPS mode on RHEL, see Switching RHEL to FIPS mode.

When running Red Hat Enterprise Linux (RHEL) or Red Hat Enterprise Linux CoreOS (RHCOS) booted in FIPS mode, OpenShift Container Platform core components use the RHEL cryptographic libraries that have been submitted to NIST for FIPS 140-2/140-3 Validation on only the x86_64, ppc64le, and s390x architectures.

Important

If you are using Azure File storage, you cannot enable FIPS mode.

false or true

imageContentSources:
Copy to Clipboard Toggle word wrap

Sources and repositories for the release-image content.

Array of objects. Includes a source and, optionally, mirrors, as described in the following rows of this table.

imageContentSources:
  source:
Copy to Clipboard Toggle word wrap

Required if you use imageContentSources. Specify the repository that users refer to, for example, in image pull specifications.

String

imageContentSources:
  mirrors:
Copy to Clipboard Toggle word wrap

Specify one or more repositories that might also contain the same images.

Array of strings

platform:
  aws:
    lbType:
Copy to Clipboard Toggle word wrap

Required to set the NLB load balancer type in AWS. Valid values are Classic or NLB. If no value is specified, the installation program defaults to Classic. The installation program sets the value provided here in the ingress cluster configuration object. If you do not specify a load balancer type for other Ingress Controllers, they use the type set in this parameter.

Classic or NLB. The default value is Classic.

publish:
Copy to Clipboard Toggle word wrap

How to publish or expose the user-facing endpoints of your cluster, such as the Kubernetes API, OpenShift routes.

Internal or External. To deploy a private cluster that cannot be accessed from the internet, set the publish parameter to Internal. The default value is External.

sshKey:
Copy to Clipboard Toggle word wrap

The SSH key to authenticate access to your cluster machines.

Note

For production OpenShift Container Platform clusters on which you want to perform installation debugging or disaster recovery, specify an SSH key that your ssh-agent process uses.

For example, sshKey: ssh-ed25519 AAAA...

Note

If your AWS account has service control policies (SCP) enabled, you must configure the credentialsMode parameter to Mint, Passthrough, or Manual.

Important

Setting this parameter to Manual enables alternatives to storing administrator-level secrets in the kube-system project, which require additional configuration steps. For more information, see "Alternatives to storing administrator-level secrets in the kube-system project".

7.1.4. Optional AWS configuration parameters

Optional AWS configuration parameters are described in the following table:

Expand
Table 7.4. Optional AWS parameters
ParameterDescriptionValues
compute:
  platform:
    aws:
      amiID:
Copy to Clipboard Toggle word wrap

The AWS AMI used to boot compute machines for the cluster. This is required for regions that require a custom RHCOS AMI.

Any published or custom RHCOS AMI that belongs to the set AWS region. See RHCOS AMIs for AWS infrastructure for available AMI IDs.

compute:
  platform:
    aws:
      iamRole:
Copy to Clipboard Toggle word wrap

A pre-existing AWS IAM role applied to the compute machine pool instance profiles. You can use these fields to match naming schemes and include predefined permissions boundaries for your IAM roles. If undefined, the installation program creates a new IAM role.

The name of a valid AWS IAM role.

compute:
  platform:
    aws:
      rootVolume:
        iops:
Copy to Clipboard Toggle word wrap

The Input/Output Operations Per Second (IOPS) that is reserved for the root volume.

Integer, for example 4000.

compute:
  platform:
    aws:
      rootVolume:
        size:
Copy to Clipboard Toggle word wrap

The size in GiB of the root volume.

Integer, for example 500.

compute:
  platform:
    aws:
      rootVolume:
        type:
Copy to Clipboard Toggle word wrap

The type of the root volume.

Valid AWS EBS volume type, such as io1.

compute:
  platform:
    aws:
      rootVolume:
        kmsKeyARN:
Copy to Clipboard Toggle word wrap

The Amazon Resource Name (key ARN) of a KMS key. This is required to encrypt operating system volumes of worker nodes with a specific KMS key.

Valid key ID or the key ARN.

compute:
  platform:
    aws:
      type:
Copy to Clipboard Toggle word wrap

The EC2 instance type for the compute machines.

Valid AWS instance type, such as m4.2xlarge. See the "Tested instance types for AWS" table on the "Installing a cluster on AWS with customizations" page.

compute:
  platform:
    aws:
      zones:
Copy to Clipboard Toggle word wrap

The availability zones where the installation program creates machines for the compute machine pool. If you provide your own VPC, you must provide a subnet in that availability zone.

A list of valid AWS availability zones, such as us-east-1c, in a YAML sequence.

controlPlane:
  platform:
    aws:
      amiID:
Copy to Clipboard Toggle word wrap

The AWS AMI used to boot control plane machines for the cluster. This is required for regions that require a custom RHCOS AMI.

Any published or custom RHCOS AMI that belongs to the set AWS region. See RHCOS AMIs for AWS infrastructure for available AMI IDs.

controlPlane:
  platform:
    aws:
      iamRole:
Copy to Clipboard Toggle word wrap

A pre-existing AWS IAM role applied to the control plane machine pool instance profiles. You can use these fields to match naming schemes and include predefined permissions boundaries for your IAM roles. If undefined, the installation program creates a new IAM role.

The name of a valid AWS IAM role.

controlPlane:
  platform:
    aws:
      rootVolume:
        iops:
Copy to Clipboard Toggle word wrap

The Input/Output Operations Per Second (IOPS) that is reserved for the root volume on control plane machines.

Integer, for example 4000.

controlPlane:
  platform:
    aws:
      rootVolume:
        size:
Copy to Clipboard Toggle word wrap

The size in GiB of the root volume for control plane machines.

Integer, for example 500.

controlPlane:
  platform:
    aws:
      rootVolume:
        type:
Copy to Clipboard Toggle word wrap

The type of the root volume for control plane machines.

Valid AWS EBS volume type, such as io1.

controlPlane:
  platform:
    aws:
      rootVolume:
        kmsKeyARN:
Copy to Clipboard Toggle word wrap

The Amazon Resource Name (key ARN) of a KMS key. This is required to encrypt operating system volumes of control plane nodes with a specific KMS key.

Valid key ID and the key ARN.

controlPlane:
  platform:
    aws:
      type:
Copy to Clipboard Toggle word wrap

The EC2 instance type for the control plane machines.

Valid AWS instance type, such as m6i.xlarge. See the "Tested instance types for AWS" table on the "Installing a cluster on AWS with customizations" page.

controlPlane:
  platform:
    aws:
      zones:
Copy to Clipboard Toggle word wrap

The availability zones where the installation program creates machines for the control plane machine pool.

A list of valid AWS availability zones, such as us-east-1c, in a YAML sequence.

platform:
  aws:
    amiID:
Copy to Clipboard Toggle word wrap

The AWS AMI used to boot all machines for the cluster. If set, the AMI must belong to the same region as the cluster. This is required for regions that require a custom RHCOS AMI.

Any published or custom RHCOS AMI that belongs to the set AWS region. See RHCOS AMIs for AWS infrastructure for available AMI IDs.

platform:
  aws:
    hostedZone:
Copy to Clipboard Toggle word wrap

An existing Route 53 private hosted zone for the cluster. You can only use a pre-existing hosted zone when also supplying your own VPC. The hosted zone must already be associated with the user-provided VPC before installation. Also, the domain of the hosted zone must be the cluster domain or a parent of the cluster domain. If undefined, the installation program creates a new hosted zone.

String, for example Z3URY6TWQ91KVV.

platform:
  aws:
    hostedZoneRole:
Copy to Clipboard Toggle word wrap

An Amazon Resource Name (ARN) for an existing IAM role in the account containing the specified hosted zone. The installation program and cluster operators assume this role when performing operations on the hosted zone. Use this parameter only when you are installing a cluster into a shared VPC.

String, for example arn:aws:iam::1234567890:role/shared-vpc-role.

platform:
  aws:
    region:
Copy to Clipboard Toggle word wrap

The AWS region that the installation program creates all cluster resources in.

Any valid AWS region, such as us-east-1. You can use the AWS CLI to access the regions available based on your selected instance type by running the following command:

$ aws ec2 describe-instance-type-offerings --filters Name=instance-type,Values=c7g.xlarge
Copy to Clipboard Toggle word wrap
Important

When running on ARM based AWS instances, ensure that you enter a region where AWS Graviton processors are available. See Global availability map in the AWS documentation. Currently, AWS Graviton3 processors are only available in some regions.

platform:
  aws:
    serviceEndpoints:
      - name:
        url:
Copy to Clipboard Toggle word wrap

The AWS service endpoint name and URL. Custom endpoints are only required for cases where alternative AWS endpoints, such as FIPS, must be used. Custom API endpoints can be specified for EC2, S3, IAM, Elastic Load Balancing, Tagging, Route 53, and STS AWS services.

Valid AWS service endpoint name and valid AWS service endpoint URL.

platform:
  aws:
    userTags:
Copy to Clipboard Toggle word wrap

A map of keys and values that the installation program adds as tags to all resources that it creates.

Any valid YAML map, such as key value pairs in the <key>: <value> format. For more information about AWS tags, see Tagging Your Amazon EC2 Resources in the AWS documentation.

Note

You can add up to 25 user-defined tags during installation. The remaining 25 tags are reserved for OpenShift Container Platform.

platform:
  aws:
    propagateUserTags:
Copy to Clipboard Toggle word wrap

A flag that directs in-cluster Operators to include the specified user tags in the tags of the AWS resources that the Operators create.

Boolean values, for example true or false.

platform:
  aws:
    subnets:
Copy to Clipboard Toggle word wrap

If you provide the VPC instead of allowing the installation program to create the VPC for you, specify the subnet for the cluster to use. The subnet must be part of the same machineNetwork[].cidr ranges that you specify.

For a standard cluster, specify a public and a private subnet for each availability zone.

For a private cluster, specify a private subnet for each availability zone.

For clusters that use AWS Local Zones, you must add AWS Local Zone subnets to this list to ensure edge machine pool creation.

Valid subnet IDs.

platform:
  aws:
    publicIpv4Pool:
Copy to Clipboard Toggle word wrap

The public IPv4 pool ID that is used to allocate Elastic IPs (EIPs) when publish is set to External. You must provision and advertise the pool in the same AWS account and region of the cluster. You must ensure that you have 2n + 1 IPv4 addresses available in the pool where n is the total number of AWS zones used to deploy the Network Load Balancer (NLB) for API, NAT gateways, and bootstrap node. For more information about bring your own IP addresses (BYOIP) in AWS, see Onboard your BYOIP.

A valid public IPv4 pool id

Note

You can enable BYOIP only for customized installations that do not have any network restrictions.

platform:
  aws:
    preserveBootstrapIgnition:
Copy to Clipboard Toggle word wrap

Prevents the S3 bucket from being deleted after completion of bootstrapping.

true or false. The default value is false, which results in the S3 bucket being deleted.

Torna in cima
Red Hat logoGithubredditYoutubeTwitter

Formazione

Prova, acquista e vendi

Community

Informazioni sulla documentazione di Red Hat

Aiutiamo gli utenti Red Hat a innovarsi e raggiungere i propri obiettivi con i nostri prodotti e servizi grazie a contenuti di cui possono fidarsi. Esplora i nostri ultimi aggiornamenti.

Rendiamo l’open source più inclusivo

Red Hat si impegna a sostituire il linguaggio problematico nel codice, nella documentazione e nelle proprietà web. Per maggiori dettagli, visita il Blog di Red Hat.

Informazioni su Red Hat

Forniamo soluzioni consolidate che rendono più semplice per le aziende lavorare su piattaforme e ambienti diversi, dal datacenter centrale all'edge della rete.

Theme

© 2025 Red Hat