Este conteúdo não está disponível no idioma selecionado.
Chapter 7. Installation configuration parameters for AWS
Before you deploy an OpenShift Container Platform cluster on AWS, you provide parameters to customize your cluster and the platform that hosts it. When you create the install-config.yaml
file, you provide values for the required parameters through the command line. You can then modify the install-config.yaml
file to customize your cluster further.
7.1. Available installation configuration parameters for AWS Copiar o linkLink copiado para a área de transferência!
The following tables specify the required, optional, and AWS-specific installation configuration parameters that you can set as part of the installation process.
After installation, you cannot change these parameters in the install-config.yaml
file.
7.1.1. Required configuration parameters Copiar o linkLink copiado para a área de transferência!
Required installation configuration parameters are described in the following table:
Parameter | Description |
---|---|
apiVersion:
|
The API version for the Value: String |
baseDomain:
|
The base domain of your cloud provider. The base domain is used to create routes to your OpenShift Container Platform cluster components. The full DNS name for your cluster is a combination of the
Value: A fully-qualified domain or subdomain name, such as |
metadata:
|
Kubernetes resource Value: Object |
metadata: name:
|
The name of the cluster. DNS records for the cluster are all subdomains of
Value: String of lowercase letters, hyphens ( |
platform:
|
The configuration for the specific platform upon which to perform the installation: Value: Object |
pullSecret:
| Get a pull secret from Red Hat OpenShift Cluster Manager to authenticate downloading container images for OpenShift Container Platform components from services such as Quay.io. Value: |
7.1.2. Network configuration parameters Copiar o linkLink copiado para a área de transferência!
You can customize your installation configuration based on the requirements of your existing network infrastructure. For example, you can expand the IP address block for the cluster network or configure different IP address blocks than the defaults.
Only IPv4 addresses are supported.
Parameter | Description |
---|---|
networking:
| The configuration for the cluster network. Value: Object Note
You cannot change parameters specified by the |
networking: networkType:
| The Red Hat OpenShift Networking network plugin to install.
Value: |
networking: clusterNetwork:
| The IP address blocks for pods.
The default value is If you specify multiple IP address blocks, the blocks must not overlap. Value: An array of objects. For example: networking: clusterNetwork: - cidr: 10.128.0.0/14 hostPrefix: 23
|
networking: clusterNetwork: cidr:
|
Required if you use An IPv4 network.
Value: An IP address block in Classless Inter-Domain Routing (CIDR) notation. The prefix length for an IPv4 block is between |
networking: clusterNetwork: hostPrefix:
|
The subnet prefix length to assign to each individual node. For example, if Value: A subnet prefix.
The default value is |
networking: serviceNetwork:
|
The IP address block for services. The default value is The OVN-Kubernetes network plugins supports only a single IP address block for the service network. Value: An array with an IP address block in CIDR format. For example: networking: serviceNetwork: - 172.30.0.0/16
|
networking: machineNetwork:
| The IP address blocks for machines. If you specify multiple IP address blocks, the blocks must not overlap. Value: An array of objects. For example: networking: machineNetwork: - cidr: 10.0.0.0/16
|
networking: machineNetwork: cidr:
|
Required if you use Value: An IP network block in CIDR notation.
For example, Note
Set the |
networking: ovnKubernetesConfig: ipv4: internalJoinSubnet:
|
Configures the IPv4 join subnet that is used internally by
Value: An IP network block in CIDR notation. The default value is |
7.1.3. Optional configuration parameters Copiar o linkLink copiado para a área de transferência!
Optional installation configuration parameters are described in the following table:
Parameter | Description |
---|---|
additionalTrustBundle:
| A PEM-encoded X.509 certificate bundle that is added to the nodes' trusted certificate store. This trust bundle might also be used when a proxy has been configured. Value: String |
capabilities:
| Controls the installation of optional core cluster components. You can reduce the footprint of your OpenShift Container Platform cluster by disabling optional components. For more information, see the "Cluster capabilities" page in Installing. Value: String array |
capabilities: baselineCapabilitySet:
|
Selects an initial set of optional capabilities to enable. Valid values are Value: String |
capabilities: additionalEnabledCapabilities:
|
Extends the set of optional capabilities beyond what you specify in Value: String array |
cpuPartitioningMode:
| Enables workload partitioning, which isolates OpenShift Container Platform services, cluster management workloads, and infrastructure pods to run on a reserved set of CPUs. You can only enable workload partitioning during installation. You cannot disable it after installation. While this field enables workload partitioning, it does not configure workloads to use specific CPUs. For more information, see the Workload partitioning page in the Scalability and Performance section.
Value: |
compute:
| The configuration for the machines that comprise the compute nodes.
Value: Array of |
compute: architecture:
|
Determines the instruction set architecture of the machines in the pool. Currently, clusters with varied architectures are not supported. All pools must specify the same architecture. Valid values are Not all installation options support the 64-bit ARM architecture. To verify if your installation option is supported on your platform, see Supported installation methods for different platforms in Selecting a cluster installation method and preparing it for users. Value: String |
compute: hyperthreading:
|
Whether to enable or disable simultaneous multithreading, or Important If you disable simultaneous multithreading, ensure that your capacity planning accounts for the dramatically decreased machine performance.
Value: |
compute: name:
|
Required if you use
Value: |
compute: platform:
|
Required if you use
Value: |
compute: replicas:
| The number of compute machines, which are also known as worker machines, to provision.
Value: A positive integer greater than or equal to |
featureSet:
| Enables the cluster for a feature set. A feature set is a collection of OpenShift Container Platform features that are not enabled by default. For more information about enabling a feature set during installation, see "Enabling features using feature gates".
Value: String. The name of the feature set to enable, such as |
controlPlane:
| The configuration for the machines that form the control plane.
Value: Array of |
controlPlane: architecture:
|
Determines the instruction set architecture of the machines in the pool. Currently, clusters with varied architectures are not supported. All pools must specify the same architecture. Valid values are Not all installation options support the 64-bit ARM architecture. To verify if your installation option is supported on your platform, see Supported installation methods for different platforms in Selecting a cluster installation method and preparing it for users. Value: String |
controlPlane: hyperthreading:
|
Whether to enable or disable simultaneous multithreading, or Important If you disable simultaneous multithreading, ensure that your capacity planning accounts for the dramatically decreased machine performance.
Value: |
controlPlane: name:
|
Required if you use
Value: |
controlPlane: platform:
|
Required if you use
Value: |
controlPlane: replicas:
| The number of control plane machines to provision.
Value: Supported values are |
credentialsMode:
| The Cloud Credential Operator (CCO) mode. If no mode is specified, the CCO dynamically tries to determine the capabilities of the provided credentials, with a preference for mint mode on the platforms where multiple modes are supported. Note Not all CCO modes are supported for all cloud providers. For more information about CCO modes, see the "Managing cloud provider credentials" entry in the Authentication and authorization content.
Value: |
fips:
|
Enable or disable FIPS mode. The default is Important To enable FIPS mode for your cluster, you must run the installation program from a Red Hat Enterprise Linux (RHEL) computer configured to operate in FIPS mode. For more information about configuring FIPS mode on RHEL, see Switching RHEL to FIPS mode. When running Red Hat Enterprise Linux (RHEL) or Red Hat Enterprise Linux CoreOS (RHCOS) booted in FIPS mode, OpenShift Container Platform core components use the RHEL cryptographic libraries that have been submitted to NIST for FIPS 140-2/140-3 Validation on only the x86_64, ppc64le, and s390x architectures. Important If you are using Azure File storage, you cannot enable FIPS mode.
Value: |
imageContentSources:
| Sources and repositories for the release-image content.
Value: Array of objects. Includes a |
imageContentSources: source:
|
Required if you use Value: String |
imageContentSources: mirrors:
| Specify one or more repositories that might also contain the same images. Value: Array of strings |
platform: aws: lbType:
|
Required to set the NLB load balancer type in AWS. Valid values are
Value: |
publish:
| How to publish or expose the user-facing endpoints of your cluster, such as the Kubernetes API, OpenShift routes.
Value: |
sshKey:
| The SSH key to authenticate access to your cluster machines. Note
For production OpenShift Container Platform clusters on which you want to perform installation debugging or disaster recovery, specify an SSH key that your
Value: For example, |
If your AWS account has service control policies (SCP) enabled, you must configure the credentialsMode
parameter to Mint
, Passthrough
, or Manual
.
Setting this parameter to Manual
enables alternatives to storing administrator-level secrets in the kube-system
project, which require additional configuration steps. For more information, see "Alternatives to storing administrator-level secrets in the kube-system project".
7.1.4. Optional AWS configuration parameters Copiar o linkLink copiado para a área de transferência!
Optional AWS configuration parameters are described in the following table:
Parameter | Description |
---|---|
compute: platform: aws: amiID:
| The AWS AMI used to boot compute machines for the cluster. This is required for regions that require a custom RHCOS AMI. Value: Any published or custom RHCOS AMI that belongs to the set AWS region. See RHCOS AMIs for AWS infrastructure for available AMI IDs. |
compute: platform: aws: iamProfile:
|
The name of the IAM instance profile that you use for the machine. If you want the installation program to create the IAM instance profile for you, do not use the Value: String |
compute: platform: aws: iamRole:
|
The name of the IAM instance role that you use for the machine. When you specify an IAM role, the installation program creates an instance profile. If you want the installation program to create the IAM instance role for you, do not select the Value: String |
compute: platform: aws: rootVolume: iops:
| The Input/Output Operations Per Second (IOPS) that is reserved for the root volume.
Value: Integer, for example |
compute: platform: aws: rootVolume: size:
| The size in GiB of the root volume.
Value: Integer, for example |
compute: platform: aws: rootVolume: type:
| The type of the root volume.
Value: Valid AWS EBS volume type, such as |
compute: platform: aws: rootVolume: kmsKeyARN:
| The Amazon Resource Name (key ARN) of a KMS key. This is required to encrypt operating system volumes of worker nodes with a specific KMS key. Value: Valid key ID or the key ARN. |
compute: platform: aws: type:
| The EC2 instance type for the compute machines.
Value: Valid AWS instance type, such as |
compute: platform: aws: zones:
| The availability zones where the installation program creates machines for the compute machine pool. If you provide your own VPC, you must provide a subnet in that availability zone.
Value: A list of valid AWS availability zones, such as |
controlPlane: platform: aws: amiID:
| The AWS AMI used to boot control plane machines for the cluster. This is required for regions that require a custom RHCOS AMI. Value: Any published or custom RHCOS AMI that belongs to the set AWS region. See RHCOS AMIs for AWS infrastructure for available AMI IDs. |
controlPlane: platform: aws: iamProfile:
|
The name of the IAM instance profile that you use for the machine. If you want the installation program to create the IAM instance profile for you, do not use the Value: String |
controlPlane: platform: aws: iamRole:
|
The name of the IAM instance role that you use for the machine. When you specify an IAM role, the installation program creates an instance profile. If you want the installation program to create the IAM instance role for you, do not use the Value: String |
controlPlane: platform: aws: rootVolume: iops:
| The Input/Output Operations Per Second (IOPS) that is reserved for the root volume on control plane machines.
Value: Integer, for example |
controlPlane: platform: aws: rootVolume: size:
| The size in GiB of the root volume for control plane machines.
Value: Integer, for example |
controlPlane: platform: aws: rootVolume: type:
| The type of the root volume for control plane machines.
Value: Valid AWS EBS volume type, such as |
controlPlane: platform: aws: rootVolume: kmsKeyARN:
| The Amazon Resource Name (key ARN) of a KMS key. This is required to encrypt operating system volumes of control plane nodes with a specific KMS key. Value: Valid key ID and the key ARN. |
controlPlane: platform: aws: type:
| The EC2 instance type for the control plane machines.
Value: Valid AWS instance type, such as |
controlPlane: platform: aws: zones:
| The availability zones where the installation program creates machines for the control plane machine pool.
Value: A list of valid AWS availability zones, such as |
platform: aws: amiID:
| The AWS AMI used to boot all machines for the cluster. If set, the AMI must belong to the same region as the cluster. This is required for regions that require a custom RHCOS AMI. Value: Any published or custom RHCOS AMI that belongs to the set AWS region. See RHCOS AMIs for AWS infrastructure for available AMI IDs. |
platform: aws: hostedZone:
| An existing Route 53 private hosted zone for the cluster. You can only use a pre-existing hosted zone when also supplying your own VPC. The hosted zone must already be associated with the user-provided VPC before installation. Also, the domain of the hosted zone must be the cluster domain or a parent of the cluster domain. If undefined, the installation program creates a new hosted zone.
Value: String, for example |
platform: aws: hostedZoneRole:
| An Amazon Resource Name (ARN) for an existing IAM role in the account containing the specified hosted zone. The installation program and cluster operators assume this role when performing operations on the hosted zone. Use this parameter only when you are installing a cluster into a shared VPC.
Value: String, for example |
platform: aws: region:
| The AWS region that the installation program creates all cluster resources in.
Value: Any valid AWS region, such as aws ec2 describe-instance-type-offerings --filters Name=instance-type,Values=c7g.xlarge
Important When running on ARM based AWS instances, ensure that you enter a region where AWS Graviton processors are available. See Global availability map in the AWS documentation. Currently, AWS Graviton3 processors are only available in some regions. |
platform: aws: serviceEndpoints: - name: url:
| The AWS service endpoint name and URL. Custom endpoints are only required for cases where alternative AWS endpoints, such as FIPS, must be used. Custom API endpoints can be specified for EC2, S3, IAM, Elastic Load Balancing, Tagging, Route 53, and STS AWS services. Value: Valid AWS service endpoint name and valid AWS service endpoint URL. |
platform: aws: userTags:
| A map of keys and values that the installation program adds as tags to all resources that it creates.
Value: Any valid YAML map, such as key value pairs in the Note You can add up to 25 user-defined tags during installation. The remaining 25 tags are reserved for OpenShift Container Platform. |
platform: aws: propagateUserTags:
| A flag that directs in-cluster Operators to include the specified user tags in the tags of the AWS resources that the Operators create.
Value: Boolean values, for example |
platform: aws: publicIpv4Pool:
|
The public IPv4 pool ID that is used to allocate Elastic IPs (EIPs) when Value: A valid public IPv4 pool id Note You can enable BYOIP only for customized installations that do not have any network restrictions. |
platform: aws: preserveBootstrapIgnition:
| Prevents the S3 bucket from being deleted after completion of bootstrapping.
Value: |
platform: aws: vpc: subnets:
|
A list of subnets in an existing VPC to be used in place of automatically created subnets. You specify a subnet by providing the subnet ID and an optional list of roles that apply to that subnet. If you specify subnet IDs but do not specify roles for any subnet, the subnets' roles are decided automatically. If you do not specify any roles, you must ensure that any other subnets in your VPC have the
The subnets must be part of the same For a public cluster, specify a public and a private subnet for each availability zone. For a private cluster, specify a private subnet for each availability zone. For clusters that use AWS Local Zones, you must add AWS Local Zone subnets to this list to ensure edge machine pool creation.
Value: List of pairs of |
platform: aws: vpc: subnets: - id:
| The ID of an existing subnet to be used in place of a subnet created by the installation program. Value: String. The subnet ID must be a unique ID containing only alphanumeric characters, beginning with "subnet-". The ID must be exactly 24 characters long. |
|
One or more roles that apply to the subnet specified by
You can only assign the
Value: List of one or more role types. Valid values include |