From 3833184c195eec30c619e2ad0399017ef1272718 Mon Sep 17 00:00:00 2001 From: Alisha Prabhu Date: Tue, 28 Jun 2022 23:05:13 +0530 Subject: [PATCH] 4.11 - IBM Cloud Power VS using installer-provisioned infrastructure --- _topic_maps/_topic_map.yml | 16 + .../installing_ibm_cloud_power_vs/_attributes | 1 + .../configuring-iam-ibm-cloud-power-vs.adoc | 29 + .../installing_ibm_cloud_power_vs/images | 1 + ...installing-ibm-cloud-account-power-vs.adoc | 30 + .../installing-power-vs-customizations.adoc | 68 + ...lling-power-vs-network-customizations.adoc | 76 + .../installing_ibm_cloud_power_vs/modules | 1 + ...ring-to-install-on-ibm-cloud-power-vs.adoc | 44 + .../installing_ibm_cloud_power_vs/snippets | 1 + .../uninstalling-cluster-power-vs.adoc | 11 + modules/cco-ccoctl-configuring-power-vs.adoc | 160 ++ .../installation-cis-ibm-cloud-power-vs.adoc | 68 + ...ion-configuration-parameters-power-vs.adoc | 1667 +++++++++++++++++ ...n-ibm-cloud-power-vs-creating-api-key.adoc | 20 + ...n-ibm-cloud-power-vs-export-variables.adoc | 28 + ...m-cloud-power-vs-iam-policies-api-key.adoc | 70 + ...stallation-ibm-cloud-power-vs-regions.adoc | 44 + .../installation-initializing-power-vs.adoc | 681 +++++++ ...nstallation-uninstall-clouds-power-vs.adoc | 147 ++ modules/power-vs-ssh-agent-using.adoc | 285 +++ .../quotas-and-limits-ibm-cloud-power-vs.adoc | 61 + welcome/index.adoc | 3 + 23 files changed, 3512 insertions(+) create mode 100644 installing/installing_ibm_cloud_power_vs/_attributes create mode 100644 installing/installing_ibm_cloud_power_vs/configuring-iam-ibm-cloud-power-vs.adoc create mode 100644 installing/installing_ibm_cloud_power_vs/images create mode 100644 installing/installing_ibm_cloud_power_vs/installing-ibm-cloud-account-power-vs.adoc create mode 100644 installing/installing_ibm_cloud_power_vs/installing-power-vs-customizations.adoc create mode 100644 installing/installing_ibm_cloud_power_vs/installing-power-vs-network-customizations.adoc create mode 100644 installing/installing_ibm_cloud_power_vs/modules create mode 100644 installing/installing_ibm_cloud_power_vs/preparing-to-install-on-ibm-cloud-power-vs.adoc create mode 100644 installing/installing_ibm_cloud_power_vs/snippets create mode 100644 installing/installing_ibm_cloud_power_vs/uninstalling-cluster-power-vs.adoc create mode 100644 modules/cco-ccoctl-configuring-power-vs.adoc create mode 100644 modules/installation-cis-ibm-cloud-power-vs.adoc create mode 100644 modules/installation-configuration-parameters-power-vs.adoc create mode 100644 modules/installation-ibm-cloud-power-vs-creating-api-key.adoc create mode 100644 modules/installation-ibm-cloud-power-vs-export-variables.adoc create mode 100644 modules/installation-ibm-cloud-power-vs-iam-policies-api-key.adoc create mode 100644 modules/installation-ibm-cloud-power-vs-regions.adoc create mode 100644 modules/installation-initializing-power-vs.adoc create mode 100644 modules/installation-uninstall-clouds-power-vs.adoc create mode 100644 modules/power-vs-ssh-agent-using.adoc create mode 100644 modules/quotas-and-limits-ibm-cloud-power-vs.adoc diff --git a/_topic_maps/_topic_map.yml b/_topic_maps/_topic_map.yml index 5cef560b4102..ddbac0b8ef57 100644 --- a/_topic_maps/_topic_map.yml +++ b/_topic_maps/_topic_map.yml @@ -258,6 +258,22 @@ Topics: File: installing-ibm-cloud-network-customizations - Name: Uninstalling a cluster on IBM Cloud VPC File: uninstalling-cluster-ibm-cloud +- Name: Installing on IBM Cloud Power VS + Dir: installing_ibm_cloud_power_vs + Distros: openshift-origin,openshift-enterprise + Topics: + - Name: Preparing to install on IBM Cloud Power VS + File: preparing-to-install-on-ibm-cloud-power-vs + - Name: Configuring an IBM Cloud account + File: installing-ibm-cloud-account-power-vs + - Name: Configuring IAM for IBM Cloud + File: configuring-iam-ibm-cloud-power-vs + - Name: Installing a cluster on Power VS with customizations + File: installing-power-vs-customizations + - Name: Installing a cluster on Power VS with network customizations + File: installing-power-vs-network-customizations + - Name: Uninstalling a cluster on Power VS + File: uninstalling-cluster-power-vs - Name: Installing on bare metal Dir: installing_bare_metal Distros: openshift-origin,openshift-enterprise diff --git a/installing/installing_ibm_cloud_power_vs/_attributes b/installing/installing_ibm_cloud_power_vs/_attributes new file mode 100644 index 000000000000..20cc1dcb77bf --- /dev/null +++ b/installing/installing_ibm_cloud_power_vs/_attributes @@ -0,0 +1 @@ +../../_attributes/ \ No newline at end of file diff --git a/installing/installing_ibm_cloud_power_vs/configuring-iam-ibm-cloud-power-vs.adoc b/installing/installing_ibm_cloud_power_vs/configuring-iam-ibm-cloud-power-vs.adoc new file mode 100644 index 000000000000..67643be30bf3 --- /dev/null +++ b/installing/installing_ibm_cloud_power_vs/configuring-iam-ibm-cloud-power-vs.adoc @@ -0,0 +1,29 @@ +:_content-type: ASSEMBLY +[id="configuring-iam-ibm-cloud"] += Configuring IAM for IBM Cloud +include::_attributes/common-attributes.adoc[] +:context: configuring-iam-ibm-cloud + +toc::[] + +In environments where the cloud identity and access management (IAM) APIs are not reachable, you must put the Cloud Credential Operator (CCO) into manual mode before you install the cluster. + +include::modules/alternatives-to-storing-admin-secrets-in-kube-system.adoc[leveloffset=+1] + +[role="_additional-resources"] +[id="additional-resources_configuring-iam-ibm-cloud-about-cco"] +.Additional resources +* xref:../../authentication/managing_cloud_provider_credentials/about-cloud-credential-operator.adoc#about-cloud-credential-operator[About the Cloud Credential Operator] + +include::modules/cco-ccoctl-configuring-power-vs.adoc[leveloffset=+1] +//include::modules/manually-maintained-credentials-upgrade.adoc[leveloffset=+1] +// Will need to revisit upgrade scenario for IBM Cloud; not needed until OCP 4.11. Tentative instructions have been added for reference later. + +[role="_additional-resources"] +[id="additional-resources_configuring-iam-ibm-cloud-refreshing-ids"] +.Additional resources +* xref:../../post_installation_configuration/cluster-tasks.adoc#refreshing-service-ids-ibm-cloud_post-install-cluster-tasks[Rotating API keys for IBM Cloud VPC] + +[id="next-steps_configuring-iam-ibm-cloud"] +== Next steps +* xref:../../installing/installing_ibm_cloud_public/installing-ibm-cloud-customizations.adoc#installing-ibm-cloud-customizations[Installing a cluster on IBM Cloud VPC with customizations] diff --git a/installing/installing_ibm_cloud_power_vs/images b/installing/installing_ibm_cloud_power_vs/images new file mode 100644 index 000000000000..5fa6987088da --- /dev/null +++ b/installing/installing_ibm_cloud_power_vs/images @@ -0,0 +1 @@ +../../images \ No newline at end of file diff --git a/installing/installing_ibm_cloud_power_vs/installing-ibm-cloud-account-power-vs.adoc b/installing/installing_ibm_cloud_power_vs/installing-ibm-cloud-account-power-vs.adoc new file mode 100644 index 000000000000..8a5d51fbba0c --- /dev/null +++ b/installing/installing_ibm_cloud_power_vs/installing-ibm-cloud-account-power-vs.adoc @@ -0,0 +1,30 @@ +:_content-type: ASSEMBLY +[id="installing-ibm-cloud-account"] += Configuring an IBM Cloud account +include::_attributes/common-attributes.adoc[] +:context: installing-ibm-cloud-account + +toc::[] + +Before you can install {product-title}, you must configure an IBM Cloud account. + +:FeatureName: IBM Cloud VPC using installer-provisioned infrastructure +include::snippets/technology-preview.adoc[] + +[id="prerequisites_installing-ibm-cloud-account"] +== Prerequisites + +* You have an IBM Cloud account with a subscription. You cannot install {product-title} on a free or trial IBM Cloud VPC account. + +include::modules/quotas-and-limits-ibm-cloud-power-vs.adoc[leveloffset=+1] + +include::modules/installation-cis-ibm-cloud.adoc[leveloffset=+1] + +include::modules/installation-ibm-cloud-iam-policies-api-key.adoc[leveloffset=+1] +include::modules/installation-ibm-cloud-creating-api-key.adoc[leveloffset=+2] + +include::modules/installation-ibm-cloud-regions.adoc[leveloffset=+1] + +[id="next-steps_installing-ibm-cloud-account"] +== Next steps +* xref:../../installing/installing_ibm_cloud_public/configuring-iam-ibm-cloud.adoc#configuring-iam-ibm-cloud[Configuring IAM for IBM Cloud VPC] diff --git a/installing/installing_ibm_cloud_power_vs/installing-power-vs-customizations.adoc b/installing/installing_ibm_cloud_power_vs/installing-power-vs-customizations.adoc new file mode 100644 index 000000000000..38d97d705929 --- /dev/null +++ b/installing/installing_ibm_cloud_power_vs/installing-power-vs-customizations.adoc @@ -0,0 +1,68 @@ +:_content-type: ASSEMBLY +[id="installing-ibm-cloud-customizations"] += Installing a cluster on Power VS with customizations +include::_attributes/common-attributes.adoc[] +:context: installing-ibm-cloud-customizations + +toc::[] + +In {product-title} version {product-version}, you can install a customized cluster on infrastructure that the installation program provisions on Power VS. To customize the installation, you modify parameters in the `install-config.yaml` file before you install the cluster. + +:FeatureName: Power VS using installer-provisioned infrastructure +include::snippets/technology-preview.adoc[] + +[id="prerequisites_installing-ibm-cloud-customizations"] +== Prerequisites + +* You reviewed details about the xref:../../architecture/architecture-installation.adoc#architecture-installation[{product-title} installation and update] processes. +* You read the documentation on xref:../../installing/installing-preparing.adoc#installing-preparing[selecting a cluster installation method and preparing it for users]. +* You xref:../../installing/installing_ibm_cloud_public/installing-ibm-cloud-account.adoc#installing-ibm-cloud-account[configured an IBM Cloud account] to host the cluster. +* If you use a firewall, you xref:../../installing/install_config/configuring-firewall.adoc#configuring-firewall[configured it to allow the sites] that your cluster requires access to. +* You configured the `ccoctl` utility before you installed the cluster. For more information, see xref:../../installing/installing_ibm_cloud_public/configuring-iam-ibm-cloud.adoc#configuring-iam-ibm-cloud[Configuring IAM for IBM Cloud]. +* You’ve created a Power VS Service Instance. + +include::modules/cluster-entitlements.adoc[leveloffset=+1] + +include::modules/power-vs-ssh-agent-using.adoc[leveloffset=+1] + +include::modules/installation-obtaining-installer.adoc[leveloffset=+1] + +include::modules/installation-ibm-cloud-power-vs-export-variables.adoc[leveloffset=+1] + +include::modules/installation-initializing-power-vs.adoc[leveloffset=+1] + +include::modules/installation-configuration-parameters-power-vs.adoc[leveloffset=+2] + +include::modules/installation-ibm-cloud-config-yaml.adoc[leveloffset=+2] + +//.Additional resources + +//* ../../machine_management/creating_machinesets/creating-machineset-ibm-cloud.adoc#machineset-enabling-customer-managed-encryption_creating-machineset-ibm-cloud[Enabling customer-managed encryption keys for a machine set] + +include::modules/installation-configure-proxy.adoc[leveloffset=+2] + +include::modules/manually-create-iam-ibm-cloud.adoc[leveloffset=+1] + +include::modules/installation-launching-installer.adoc[leveloffset=+1] + +include::modules/cli-installing-cli.adoc[leveloffset=+1] + +include::modules/cli-logging-in-kubeadmin.adoc[leveloffset=+1] + +[role="_additional-resources"] +[id="additional-resources_installing-ibm-cloud-customizations-console"] +.Additional resources +* xref:../../web_console/web-console.adoc#web-console[Accessing the web console] + +include::modules/cluster-telemetry.adoc[leveloffset=+1] + +[role="_additional-resources"] +[id="additional-resources_installing-ibm-cloud-customizations-telemetry"] +.Additional resources +* xref:../../support/remote_health_monitoring/about-remote-health-monitoring.adoc#about-remote-health-monitoring[About remote health monitoring] + +[id="next-steps_installing-ibm-cloud-customizations"] +== Next steps +* xref:../../post_installation_configuration/cluster-tasks.adoc#available_cluster_customizations[Customize your cluster]. +* If necessary, you can +xref:../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#opting-out-remote-health-reporting_opting-out-remote-health-reporting[opt out of remote health reporting]. diff --git a/installing/installing_ibm_cloud_power_vs/installing-power-vs-network-customizations.adoc b/installing/installing_ibm_cloud_power_vs/installing-power-vs-network-customizations.adoc new file mode 100644 index 000000000000..06ecd78442d1 --- /dev/null +++ b/installing/installing_ibm_cloud_power_vs/installing-power-vs-network-customizations.adoc @@ -0,0 +1,76 @@ +:_content-type: ASSEMBLY +[id="installing-ibm-cloud-network-customizations"] += Installing a cluster on Power VS with network customizations +include::_attributes/common-attributes.adoc[] +:context: installing-ibm-cloud-network-customizations + +toc::[] + +In {product-title} version {product-version}, you can install a cluster with a +customized network configuration on infrastructure that the installation program provisions on Power VS. By customizing your network configuration, your cluster can coexist with existing IP address allocations in your environment and integrate with existing MTU and VXLAN configurations. To customize the installation, you modify parameters in the `install-config.yaml` file before you install the cluster. + +You must set most of the network configuration parameters during installation, and you can modify only `kubeProxy` configuration parameters in a running cluster. + +:FeatureName: Power VS using installer-provisioned infrastructure +include::snippets/technology-preview.adoc[] + +[id="prerequisites_installing-ibm-cloud-network-customizations"] +== Prerequisites + +* You reviewed details about the xref:../../architecture/architecture-installation.adoc#architecture-installation[{product-title} installation and update] processes. +* You read the documentation on xref:../../installing/installing-preparing.adoc#installing-preparing[selecting a cluster installation method and preparing it for users]. +* You xref:../../installing/installing_ibm_cloud_public/installing-ibm-cloud-account.adoc#installing-ibm-cloud-account[configured an IBM Cloud VPC account] to host the cluster. +* If you use a firewall, you xref:../../installing/install_config/configuring-firewall.adoc#configuring-firewall[configured it to allow the sites] that your cluster requires access to. +* You configured the `ccoctl` utility before you installed the cluster. For more information, see xref:../../installing/installing_ibm_cloud_public/configuring-iam-ibm-cloud.adoc#configuring-iam-ibm-cloud[Configuring IAM for IBM Cloud VPC]. + +include::modules/cluster-entitlements.adoc[leveloffset=+1] + +include::modules/ssh-agent-using.adoc[leveloffset=+1] + +include::modules/installation-obtaining-installer.adoc[leveloffset=+1] + +include::modules/installation-ibm-cloud-export-variables.adoc[leveloffset=+1] + +include::modules/installation-initializing.adoc[leveloffset=+1] + +include::modules/installation-configuration-parameters.adoc[leveloffset=+2] + +include::modules/installation-ibm-cloud-config-yaml.adoc[leveloffset=+2] + +//.Additional resources + +//* ../../machine_management/creating_machinesets/creating-machineset-ibm-cloud.adoc#machineset-enabling-customer-managed-encryption_creating-machineset-ibm-cloud[Enabling customer-managed encryption keys for a machine set] + +include::modules/installation-configure-proxy.adoc[leveloffset=+2] + +include::modules/manually-create-iam-ibm-cloud.adoc[leveloffset=+1] + +// Network Operator specific configuration +include::modules/nw-network-config.adoc[leveloffset=+1] +include::modules/nw-modifying-operator-install-config.adoc[leveloffset=+1] +include::modules/nw-operator-cr.adoc[leveloffset=+1] + +include::modules/installation-launching-installer.adoc[leveloffset=+1] + +include::modules/cli-installing-cli.adoc[leveloffset=+1] + +include::modules/cli-logging-in-kubeadmin.adoc[leveloffset=+1] + +[role="_additional-resources"] +[id="additional-resources_installing-ibm-cloud-network-customizations-console"] +.Additional resources +* xref:../../web_console/web-console.adoc#web-console[Accessing the web console] + +include::modules/cluster-telemetry.adoc[leveloffset=+1] + +[role="_additional-resources"] +[id="additional-resources_installing-ibm-cloud-network-customizations-telemetry"] +.Additional resources +* xref:../../support/remote_health_monitoring/about-remote-health-monitoring.adoc#about-remote-health-monitoring[About remote health monitoring] + +[id="next-steps_installing-ibm-cloud-network-customizations"] +== Next steps + +* xref:../../post_installation_configuration/cluster-tasks.adoc#available_cluster_customizations[Customize your cluster]. +* If necessary, you can +xref:../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#opting-out-remote-health-reporting_opting-out-remote-health-reporting[opt out of remote health reporting]. diff --git a/installing/installing_ibm_cloud_power_vs/modules b/installing/installing_ibm_cloud_power_vs/modules new file mode 100644 index 000000000000..8b0e8540076d --- /dev/null +++ b/installing/installing_ibm_cloud_power_vs/modules @@ -0,0 +1 @@ +../../modules \ No newline at end of file diff --git a/installing/installing_ibm_cloud_power_vs/preparing-to-install-on-ibm-cloud-power-vs.adoc b/installing/installing_ibm_cloud_power_vs/preparing-to-install-on-ibm-cloud-power-vs.adoc new file mode 100644 index 000000000000..b41e65bd958f --- /dev/null +++ b/installing/installing_ibm_cloud_power_vs/preparing-to-install-on-ibm-cloud-power-vs.adoc @@ -0,0 +1,44 @@ +:_content-type: ASSEMBLY +[id="preparing-to-install-on-ibm-cloud"] += Preparing to install on IBM Cloud VPC +include::_attributes/common-attributes.adoc[] +:context: preparing-to-install-on-ibm-cloud + +toc::[] + +The installation workflows documented in this section are for IBM Cloud VPC infrastructure environments. IBM Cloud Classic is not supported at this time. For more information on the difference between Classic and VPC infrastructures, see IBM's link:https://cloud.ibm.com/docs/cloud-infrastructure?topic=cloud-infrastructure-compare-infrastructure[documentation]. + +[id="prerequisites_preparing-to-install-on-ibm-cloud"] +== Prerequisites + +* You reviewed details about the xref:../../architecture/architecture-installation.adoc#architecture-installation[{product-title} installation and update] processes. + +* You read the documentation on xref:../../installing/installing-preparing.adoc#installing-preparing[selecting a cluster installation method and preparing it for users]. + +:FeatureName: IBM Cloud using installer-provisioned infrastructure +include::snippets/technology-preview.adoc[] + +[id="requirements-for-installing-ocp-on-ibm-cloud"] +== Requirements for installing {product-title} on IBM Cloud VPC + +Before installing {product-title} on IBM Cloud Power VS, you must create a service account and configure an IBM Cloud account. See xref:../../installing/installing_ibm_cloud_public/installing-ibm-cloud-account.adoc#installing-ibm-cloud-account[Configuring an IBM Cloud VPC account] for details about creating an account, configuring DNS and supported IBM Cloud Power VS regions. + +You must manually manage your cloud credentials when installing a cluster to IBM Cloud Power VS. Do this by configuring the Cloud Credential Operator (CCO) for manual mode before you install the cluster. For more information, see xref:../../installing/installing_ibm_cloud_public/configuring-iam-ibm-cloud.adoc#configuring-iam-ibm-cloud[Configuring IAM for IBM Cloud VPC]. + +[id="choosing-a-method-to-install-ocp-on-ibm-cloud"] +== Choosing a method to install {product-title} on IBM Cloud VPC + +You can install {product-title} on IBM Cloud Power VS using installer-provisioned infrastructure. This process involves using an installation program to provision the underlying infrastructure for your cluster. + +See xref:../../architecture/architecture-installation.adoc#installation-process_architecture-installation[Installation process] for more information about installer-provisioned installation processes. + +[id="choosing-an-method-to-install-ocp-on-ibm-cloud-installer-provisioned"] +=== Installing a cluster on installer-provisioned infrastructure + +You can install a cluster on IBM Cloud Power VS infrastructure that is provisioned by the {product-title} installation program by using one of the following methods: + +* **xref:../../installing/installing_ibm_cloud_public/installing-ibm-cloud-customizations.adoc#installing-ibm-cloud-customizations[Installing a customized cluster on IBM Cloud VPC]**: You can install a customized cluster on IBM Cloud VPC infrastructure that the installation program provisions. The installation program allows for some customization to be applied at the installation stage. Many other customization options are available xref:../../post_installation_configuration/cluster-tasks.adoc#post-install-cluster-tasks[post-installation]. + +[id="next-steps_preparing-to-install-on-ibm-cloud"] +== Next steps +* xref:../../installing/installing_ibm_cloud_public/installing-ibm-cloud-account.adoc#installing-ibm-cloud-account[Configuring an IBM Cloud VPC account] diff --git a/installing/installing_ibm_cloud_power_vs/snippets b/installing/installing_ibm_cloud_power_vs/snippets new file mode 100644 index 000000000000..5a3f5add140e --- /dev/null +++ b/installing/installing_ibm_cloud_power_vs/snippets @@ -0,0 +1 @@ +../../snippets/ \ No newline at end of file diff --git a/installing/installing_ibm_cloud_power_vs/uninstalling-cluster-power-vs.adoc b/installing/installing_ibm_cloud_power_vs/uninstalling-cluster-power-vs.adoc new file mode 100644 index 000000000000..e4fa90215455 --- /dev/null +++ b/installing/installing_ibm_cloud_power_vs/uninstalling-cluster-power-vs.adoc @@ -0,0 +1,11 @@ +:_content-type: ASSEMBLY +[id="uninstalling-cluster-ibm-cloud"] += Uninstalling a cluster on Power VS +include::_attributes/common-attributes.adoc[] +:context: uninstalling-cluster-ibm-cloud + +toc::[] + +You can remove a cluster that you deployed to Power VS. + +include::modules/installation-uninstall-clouds-power-vs.adoc[leveloffset=+1] diff --git a/modules/cco-ccoctl-configuring-power-vs.adoc b/modules/cco-ccoctl-configuring-power-vs.adoc new file mode 100644 index 000000000000..540812d16db3 --- /dev/null +++ b/modules/cco-ccoctl-configuring-power-vs.adoc @@ -0,0 +1,160 @@ +// Module included in the following assemblies: +// +// * authentication/managing_cloud_provider_credentials/cco-mode-sts.adoc +// * authentication/managing_cloud_provider_credentials/cco-mode-gcp-workload-identity.adoc +// * installing/installing_ibm_cloud_public/configuring-iam-ibm-cloud.adoc +// * installing/installing_alibaba/manually-creating-alibaba-ram.adoc + +ifeval::["{context}" == "cco-mode-sts"] +:aws-sts: +endif::[] +ifeval::["{context}" == "configuring-iam-ibm-cloud"] +:ibm-cloud: +endif::[] +ifeval::["{context}" == "manually-creating-alibaba-ram"] +:alibabacloud: +endif::[] +ifeval::["{context}" == "cco-mode-gcp-workload-identity"] +:google-cloud-platform: +endif::[] + +:_content-type: PROCEDURE +[id="cco-ccoctl-configuring_{context}"] += Configuring the Cloud Credential Operator utility + +To create and manage cloud credentials from outside of the cluster when the Cloud Credential Operator (CCO) is operating in +ifdef::aws-sts[manual mode with STS,] +ifdef::ibm-cloud[manual mode,] +ifdef::google-cloud-platform[manual mode with GCP Workload Identity,] +extract and prepare the CCO utility (`ccoctl`) binary. + +ifdef::alibabacloud[] +To assign RAM users and policies that provide long-lived RAM AccessKeys (AKs) for each in-cluster component, extract and prepare the {product-title} Cloud Credential Operator (CCO) utility (`ccoctl`) binary. +endif::alibabacloud[] + +[NOTE] +==== +The `ccoctl` is a Linux binary that must run in a Linux environment. +==== + +ifdef::aws-sts[] +.Prerequisites + +* You have created an AWS account for the `ccoctl` to use with the following permissions: ++ +.Required AWS permissions +[cols="a,a"] +|==== +|`iam` permissions |`s3` permissions + +|* `iam:CreateOpenIDConnectProvider` +* `iam:CreateRole` +* `iam:DeleteOpenIDConnectProvider` +* `iam:DeleteRole` +* `iam:DeleteRolePolicy` +* `iam:GetOpenIDConnectProvider` +* `iam:GetRole` +* `iam:GetUser` +* `iam:ListOpenIDConnectProviders` +* `iam:ListRolePolicies` +* `iam:ListRoles` +* `iam:PutRolePolicy` +* `iam:TagOpenIDConnectProvider` +* `iam:TagRole` +|* `s3:CreateBucket` +* `s3:DeleteBucket` +* `s3:DeleteObject` +* `s3:GetBucketAcl` +* `s3:GetBucketTagging` +* `s3:GetObject` +* `s3:GetObjectAcl` +* `s3:GetObjectTagging` +* `s3:ListBucket` +* `s3:PutBucketAcl` +* `s3:PutBucketTagging` +* `s3:PutObject` +* `s3:PutObjectAcl` +* `s3:PutObjectTagging` + +|==== +endif::aws-sts[] + +.Procedure + +. Obtain the {product-title} release image: ++ +[source,terminal] +---- +$ RELEASE_IMAGE=$(./openshift-install version | awk '/release image/ {print $3}') +---- + +. Get the CCO container image from the {product-title} release image: ++ +[source,terminal] +---- +$ CCO_IMAGE=$(oc adm release info --image-for='cloud-credential-operator' $RELEASE_IMAGE) +---- ++ +[NOTE] +==== +Ensure that the architecture of the `$RELEASE_IMAGE` matches the architecture of the environment in which you will use the `ccoctl` tool. +==== + +. Extract the `ccoctl` binary from the CCO container image within the {product-title} release image: ++ +[source,terminal] +---- +$ oc image extract $CCO_IMAGE --file="/usr/bin/ccoctl" -a ~/.pull-secret +---- + +. Change the permissions to make `ccoctl` executable: ++ +[source,terminal] +---- +$ chmod 775 ccoctl +---- + +.Verification + +* To verify that `ccoctl` is ready to use, display the help file: ++ +[source,terminal] +---- +$ ccoctl --help +---- ++ +.Output of `ccoctl --help`: ++ +[source,terminal] +---- +OpenShift credentials provisioning tool + +Usage: + ccoctl [command] + +Available Commands: + alibabacloud Manage credentials objects for alibaba cloud + aws Manage credentials objects for AWS cloud + gcp Manage credentials objects for Google cloud + help Help about any command + ibmcloud Manage credentials objects for IBM Cloud + powervs Manage credentials objects for Power VS + +Flags: + -h, --help help for ccoctl + +Use "ccoctl [command] --help" for more information about a command. +---- + +ifeval::["{context}" == "cco-mode-sts"] +:!aws-sts: +endif::[] +ifeval::["{context}" == "configuring-iam-ibm-cloud"] +:!ibm-cloud: +endif::[] +ifeval::["{context}" == "manually-creating-alibaba-ram"] +:!alibabacloud: +endif::[] +ifeval::["{context}" == "cco-mode-gcp-workload-identity"] +:!google-cloud-platform: +endif::[] diff --git a/modules/installation-cis-ibm-cloud-power-vs.adoc b/modules/installation-cis-ibm-cloud-power-vs.adoc new file mode 100644 index 000000000000..9848dd9dff58 --- /dev/null +++ b/modules/installation-cis-ibm-cloud-power-vs.adoc @@ -0,0 +1,68 @@ +// Module included in the following assemblies: +// +// installing/installing_ibm_cloud_public/installing-ibm-cloud-account.adoc + +:_content-type: PROCEDURE +[id="installation-cis-ibm-cloud_{context}"] += Configuring DNS resolution using Cloud Internet Services + +IBM Cloud Internet Services (CIS) is used by the installation program to configure cluster DNS resolution and provide name lookup for the cluster to external resources. Only public DNS is supported for Power VS IPI. + +[NOTE] +==== +Power VS does not support IPv6, so dual stack or IPv6 environments are not possible. +==== + +You must create a domain zone in CIS in the same account as your cluster. You must also ensure the zone is authoritative for the domain. You can do this using a root domain or subdomain. + +.Prerequisites + +* You have installed the link:https://www.ibm.com/cloud/cli[IBM Cloud CLI]. + +.Procedure + +. If you do not already have an existing domain and registrar, you must acquire them. For more information, see IBM's link:https://cloud.ibm.com/docs/dns?topic=dns-getting-started[documentation]. + +. Create a CIS instance to use with your cluster. + +.. Install the CIS plug-in: ++ +[source,terminal] +---- +$ ibmcloud plugin install cis +---- + +.. Create the CIS instance: ++ +[source,terminal] +---- +$ ibmcloud cis instance-create standard <1> +---- +<1> At a minimum, a `Standard` plan is required for CIS to manage the cluster subdomain and its DNS records. + +. Connect an existing domain to your CIS instance. + +.. Set the context instance for CIS: ++ +[source,terminal] +---- +$ ibmcloud cis instance-set <1> +---- +<1> The instance cloud resource name. + +.. Add the domain for CIS: ++ +[source,terminal] +---- +$ ibmcloud cis domain-add <1> +---- +<1> The fully qualified domain name. You can use either the root domain or subdomain value as the domain name, depending on which you plan to configure. ++ +[NOTE] +==== +A root domain uses the form `openshiftcorp.com`. A subdomain uses the form `clusters.openshiftcorp.com`. +==== + +. Open the link:https://cloud.ibm.com/catalog/services/internet-services[CIS web console], navigate to the *Overview* page, and note your CIS name servers. These name servers will be used in the next step. + +. Configure the name servers for your domains or subdomains at the domain's registrar or DNS provider. For more information, see IBM Cloud's link:https://cloud.ibm.com/docs/cis?topic=cis-getting-started#configure-your-name-servers-with-the-registrar-or-existing-dns-provider[documentation]. diff --git a/modules/installation-configuration-parameters-power-vs.adoc b/modules/installation-configuration-parameters-power-vs.adoc new file mode 100644 index 000000000000..7791931dec5c --- /dev/null +++ b/modules/installation-configuration-parameters-power-vs.adoc @@ -0,0 +1,1667 @@ +// Module included in the following assemblies: +// +// * installing/installing_alibaba//installing-alibaba-default.adoc +// * installing/installing_aws/installing-alibaba-customizations.adoc +// installing/installing_alibaba/installing-alibaba-network-customizations.adoc +// * installing/installing_aws/installing-aws-china.adoc +// * installing/installing_aws/installing-aws-customizations.adoc +// * installing/installing_aws/installing-aws-government-region.adoc +// * installing/installing_aws/installing-aws-network-customizations.adoc +// * installing/installing_aws/installing-aws-private.adoc +// * installing/installing_aws/installing-aws-secret-region.adoc +// * installing/installing_aws/installing-aws-vpc.adoc +// * installing/installing_aws/installing-restricted-networks-aws-installer-provisioned.adoc +// * installing/installing_azure/installing-azure-customizations.adoc +// * installing/installing_azure/installing-azure-government-region.adoc +// * installing/installing_azure/installing-azure-network-customizations.adoc +// * installing/installing_azure/installing-azure-private.adoc +// * installing/installing_azure/installing-azure-vnet.adoc +// * installing/installing_bare_metal/installing-bare-metal-network-customizations.adoc +// * installing/installing_bare_metal/installing-bare-metal.adoc +// * installing/installing_bare_metal/installing-restricted-networks-bare-metal.adoc +// * installing/installing_gcp/installing-gcp-customizations.adoc +// * installing/installing_gcp/installing-gcp-network-customizations.adoc +// * installing/installing_gcp/installing-gcp-private.adoc +// * installing/installing_gcp/installing-gcp-vpc.adoc +// * installing/installing_gcp/installing-restricted-networks-gcp-installer-provisioned.adoc +// * installing/installing_ibm_cloud_public/installing-ibm-cloud-customizations.adoc +// * installing/installing_ibm_cloud_public/installing-ibm-cloud-network-customizations.adoc +// * installing/installing_ibm_power/installing-ibm-power.adoc +// * installing/installing_ibm_power/installing-restricted-networks-ibm-power.adoc +// * installing/installing_ibm_z/installing-ibm-z-kvm.adoc +// * installing/installing_ibm_z/installing-ibm-z.adoc +// * installing/installing_ibm_z/installing-restricted-networks-ibm-z-kvm.adoc +// * installing/installing_ibm_z/installing-restricted-networks-ibm-z.adoc +// * installing/installing_openstack/installing-openstack-installer-custom.adoc +// * installing/installing_openstack/installing-openstack-installer-kuryr.adoc +// * installing/installing_openstack/installing-openstack-installer-restricted.adoc +// * installing/installing_openstack/installing-openstack-installer-sr-iov.adoc +// * installing/installing_openstack/installing-openstack-user-kuryr.adoc +// * installing/installing_openstack/installing-openstack-user-sr-iov-kuryr.adoc +// * installing/installing_openstack/installing-openstack-user-sr-iov.adoc +// * installing/installing_openstack/installing-openstack-user.adoc +// * installing/installing_rhv/installing-rhv-customizations.adoc +// * installing/installing_vmc/installing-restricted-networks-vmc.adoc +// * installing/installing_vmc/installing-vmc-customizations.adoc +// * installing/installing_vmc/installing-vmc-network-customizations.adoc +// * installing/installing_vsphere/installing-restricted-networks-installer-provisioned-vsphere.adoc +// * installing/installing_vsphere/installing-vsphere-installer-provisioned-customizations.adoc +// * installing/installing_vsphere/installing-vsphere-installer-provisioned-network-customizations.adoc +// * installing/installing_azure_stack_hub/installing-azure-stack-hub-default.adoc +// * installing/installing_azure_stack_hub/installing-azure-stack-hub-customizations.adoc + +ifeval::["{context}" == "installing-alibaba-customizations"] +:alibabacloud: +endif::[] +ifeval::["{context}" == "installing-aws-customizations"] +:aws: +endif::[] +//Starting in 4.10, aws on arm64 is only supported for installation on custom, network custom, private clusters and VPC . This attribute excludes arm64 content from installing on gov regions. When government regions are supported on arm64, change `aws-govcloud` to `aws`. +ifeval::["{context}" == "installing-aws-government-region"] +:aws-govcloud: +endif::[] +//Starting in 4.10, aws on arm64 is only supported for installation on custom, network custom, private clusters and VPC. This attribute excludes arm64 content from installing on secret regions. When secret regions are supported on arm64, change `aws-secret` to `aws`. +ifeval::["{context}" == "installing-aws-secret-region"] +:aws-secret: +endif::[] +ifeval::["{context}" == "installing-aws-network-customizations"] +:aws: +endif::[] +ifeval::["{context}" == "installing-aws-private"] +:aws: +endif::[] +ifeval::["{context}" == "installing-aws-vpc"] +:aws: +endif::[] +//Starting in 4.10, aws on arm64 is only supported for installation on custom, network custom, private clusters and VPC. This attribute excludes arm64 content from installing in restricted networks upi. When restricted networks upi is supported on arm64, change `aws-restricted` to `aws`. +ifeval::["{context}" == "installing-restricted-networks-aws-installer-provisioned"] +:aws-restricted: +endif::[] +ifeval::["{context}" == "installing-azure-customizations"] +:azure: +endif::[] +ifeval::["{context}" == "installing-azure-government-region"] +:azure: +endif::[] +ifeval::["{context}" == "installing-azure-network-customizations"] +:azure: +endif::[] +ifeval::["{context}" == "installing-azure-private"] +:azure: +endif::[] +ifeval::["{context}" == "installing-azure-vnet"] +:azure: +endif::[] +ifeval::["{context}" == "installing-gcp-customizations"] +:gcp: +endif::[] +ifeval::["{context}" == "installing-bare-metal"] +:bare: +endif::[] +ifeval::["{context}" == "installing-bare-metal-network-customizations"] +:bare: +endif::[] +ifeval::["{context}" == "installing-restricted-networks-bare-metal"] +:bare: +endif::[] +ifeval::["{context}" == "installing-gcp-private"] +:gcp: +endif::[] +ifeval::["{context}" == "installing-gcp-network-customizations"] +:gcp: +endif::[] +ifeval::["{context}" == "installing-gcp-vpc"] +:gcp: +endif::[] +ifeval::["{context}" == "installing-restricted-networks-gcp-installer-provisioned"] +:gcp: +endif::[] +ifeval::["{context}" == "installing-aws-customizations"] +:aws: +endif::[] +ifeval::["{context}" == "installing-ibm-cloud-customizations"] +:ibm-cloud: +endif::[] +ifeval::["{context}" == "installing-ibm-cloud-network-customizations"] +:ibm-cloud: +endif::[] +ifeval::["{context}" == "installing-openstack-installer-custom"] +:osp: +:osp-custom: +endif::[] +ifeval::["{context}" == "installing-openstack-installer-kuryr"] +:osp: +:osp-kuryr: +endif::[] +ifeval::["{context}" == "installing-openstack-user"] +:osp: +:osp-custom: +endif::[] +ifeval::["{context}" == "installing-openstack-user-kuryr"] +:osp: +:osp-kuryr: +endif::[] +ifeval::["{context}" == "installing-openstack-user-sr-iov"] +:osp: +:osp-custom: +endif::[] +ifeval::["{context}" == "installing-openstack-user-sr-iov-kuryr"] +:osp: +:osp-kuryr: +endif::[] +ifeval::["{context}" == "installing-rhv-customizations"] +:rhv: +endif::[] +ifeval::["{context}" == "installing-vsphere-installer-provisioned-customizations"] +:vsphere: +endif::[] +ifeval::["{context}" == "installing-vsphere-installer-provisioned-network-customizations"] +:vsphere: +endif::[] +ifeval::["{context}" == "installing-vmc-customizations"] +:vmc: +endif::[] +ifeval::["{context}" == "installing-vmc-network-customizations"] +:vmc: +endif::[] +ifeval::["{context}" == "installing-restricted-networks-vmc"] +:vmc: +endif::[] +ifeval::["{context}" == "installing-openstack-installer-restricted"] +:osp: +:osp-custom: +endif::[] +ifeval::["{context}" == "installing-restricted-networks-installer-provisioned-vsphere"] +:vsphere: +endif::[] +ifeval::["{context}" == "installing-ibm-z"] +:ibm-z: +endif::[] +ifeval::["{context}" == "installing-ibm-z-kvm"] +:ibm-z: +endif::[] +ifeval::["{context}" == "installing-restricted-networks-ibm-z"] +:ibm-z: +endif::[] +ifeval::["{context}" == "installing-restricted-networks-ibm-z-kvm"] +:ibm-z: +endif::[] +ifeval::["{context}" == "installing-ibm-power"] +:ibm-power: +endif::[] +ifeval::["{context}" == "installing-restricted-networks-ibm-power"] +:ibm-power: +endif::[] +ifeval::["{context}" == "installing-azure-stack-hub-default"] +:ash: +endif::[] +ifeval::["{context}" == "installing-azure-stack-hub-network-customizations"] +:ash: +endif::[] + +:_content-type: CONCEPT +[id="installation-configuration-parameters_{context}"] += Installation configuration parameters + +// If install-config.yaml is generated by openshift-install +ifndef::bare,ibm-power,ibm-z,ash[] +Before you deploy an {product-title} cluster, you provide parameter values to describe your account on the cloud platform that hosts your cluster and optionally customize your cluster's platform. When you create the `install-config.yaml` installation configuration file, you provide values for the required parameters through the command line. If you customize your cluster, you can modify the `install-config.yaml` file to provide more details about the platform. +endif::bare,ibm-power,ibm-z,ash[] +// If the user manually creates install-config.yaml +ifdef::bare,ibm-power,ibm-z,ash[] +Before you deploy an {product-title} cluster, you provide a customized `install-config.yaml` installation configuration file that describes the details for your environment. +endif::bare,ibm-power,ibm-z,ash[] + +[NOTE] +==== +After installation, you cannot modify these parameters in the `install-config.yaml` file. +==== + + +[id="installation-configuration-parameters-required_{context}"] +== Required configuration parameters + +Required installation configuration parameters are described in the following table: + +.Required parameters +[cols=".^2,.^3,.^5a",options="header"] +|==== +|Parameter|Description|Values + +|`apiVersion` +|The API version for the `install-config.yaml` content. The current version is `v1`. The installer may also support older API versions. +|String + +|`baseDomain` +|The base domain of your cloud provider. The base domain is used to create routes to your {product-title} cluster components. The full DNS name for your cluster is a combination of the `baseDomain` and `metadata.name` parameter values that uses the `.` format. +|A fully-qualified domain or subdomain name, such as `example.com`. + +|`metadata` +|Kubernetes resource `ObjectMeta`, from which only the `name` parameter is consumed. +|Object + +|`metadata.name` +|The name of the cluster. DNS records for the cluster are all subdomains of `{{.metadata.name}}.{{.baseDomain}}`. +|String of lowercase letters, hyphens (`-`), and periods (`.`), such as `dev`. +ifdef::osp[] +The string must be 14 characters or fewer long. +endif::osp[] + +|`platform` +|The configuration for the specific platform upon which to perform the installation: `alibabacloud`, `aws`, `baremetal`, `azure`, `ibmcloud`, `openstack`, `ovirt`, `powervs`, `vsphere`, or `{}`. For additional information about `platform.` parameters, consult the table for your specific platform that follows. +|Object + +ifndef::openshift-origin[] +|`pullSecret` +|Get a {cluster-manager-url-pull} to authenticate downloading container images for {product-title} components from services such as Quay.io. +| +[source,json] +---- +{ + "auths":{ + "cloud.openshift.com":{ + "auth":"b3Blb=", + "email":"you@example.com" + }, + "quay.io":{ + "auth":"b3Blb=", + "email":"you@example.com" + } + } +} +---- +endif::[] + +|==== + +[id="installation-configuration-parameters-network_{context}"] +== Network configuration parameters + +You can customize your installation configuration based on the requirements of your existing network infrastructure. For example, you can expand the IP address block for the cluster network or provide different IP address blocks than the defaults. + +// OSDOCS-1640 - IPv4/IPv6 dual-stack bare metal only +// But only for installer-provisioned +// https://bugzilla.redhat.com/show_bug.cgi?id=2020416 +// Once BM UPI supports dual-stack, uncomment all the following conditionals and blocks +//ifndef::bare[] +Only IPv4 addresses are supported. +//// +endif::bare[] +ifdef::bare[] +If you use the OVN-Kubernetes cluster network provider, both IPv4 and IPv6 address families are supported. + +If you use the OpenShift SDN cluster network provider, only the IPv4 address family is supported. + +If you configure your cluster to use both IP address families, review the following requirements: + +* Both IP families must use the same network interface for the default gateway. + +* You must specify IPv4 and IPv6 addresses in the same order for all network configuration parameters. For example, in the following configuration IPv4 addresses are listed before IPv6 addresses. ++ +[source,yaml] +---- +networking: + clusterNetwork: + - cidr: 10.128.0.0/14 + hostPrefix: 23 + - cidr: fd00:10:128::/56 + hostPrefix: 64 + serviceNetwork: + - 172.30.0.0/16 + - fd00:172:16::/112 +---- +endif::bare[] +//// + +.Network parameters +[cols=".^2,.^3a,.^3a",options="header"] +|==== +|Parameter|Description|Values + +|`networking` +|The configuration for the cluster network. +|Object + +[NOTE] +==== +You cannot modify parameters specified by the `networking` object after installation. +==== + +|`networking.networkType` +|The cluster network provider Container Network Interface (CNI) plug-in to install. +|Only OpenShiftSDN is supported + +ifdef::openshift-origin[] +Either `OpenShiftSDN` or `OVNKubernetes`. The default value is `OVNKubernetes`. +endif::openshift-origin[] +ifndef::openshift-origin[] +Either `OpenShiftSDN` or `OVNKubernetes`. The default value is `OpenShiftSDN`. +endif::openshift-origin[] + +|`networking.clusterNetwork` +| +The IP address blocks for pods. + +The default value is `10.128.0.0/14` with a host prefix of `/23`. + +If you specify multiple IP address blocks, the blocks must not overlap. +|An array of objects. For example: + +[source,yaml] +---- +//ifndef::bare[] +networking: + clusterNetwork: + - cidr: 10.128.0.0/14 + hostPrefix: 23 +//endif::bare[] +//ifdef::bare[] +//networking: +// clusterNetwork: +// - cidr: 10.128.0.0/14 +// hostPrefix: 23 +// - cidr: fd01::/48 +// hostPrefix: 64 +//endif::bare[] +---- + +|`networking.clusterNetwork.cidr` +| +Required if you use `networking.clusterNetwork`. An IP address block. + +//ifndef::bare[] +An IPv4 network. +//endif::bare[] +//ifdef::bare[] +//If you use the OpenShift SDN network provider, specify an IPv4 network. If you use the OVN-Kubernetes network provider, you can specify IPv4 and IPv6 networks. +//endif::bare[] +| +An IP address block in Classless Inter-Domain Routing (CIDR) notation. +The prefix length for an IPv4 block is between `0` and `32`. +//ifdef::bare[] +//The prefix length for an IPv6 block is between `0` and `128`. For example, `10.128.0.0/14` or `fd01::/48`. +//endif::bare[] + +|`networking.clusterNetwork.hostPrefix` +|The subnet prefix length to assign to each individual node. For example, if `hostPrefix` is set to `23` then each node is assigned a `/23` subnet out of the given `cidr`. A `hostPrefix` value of `23` provides 510 (2^(32 - 23) - 2) pod IP addresses. +| +A subnet prefix. + +//ifndef::bare[] +The default value is `23`. +//endif::bare[] +//ifdef::bare[] +//For an IPv4 network the default value is `23`. +//For an IPv6 network the default value is `64`. The default value is also the minimum value for IPv6. +//endif::bare[] + +|`networking.serviceNetwork` +| +The IP address block for services. The default value is `172.30.0.0/16`. + +The OpenShift SDN and OVN-Kubernetes network providers support only a single IP address block for the service network. + +//ifdef::bare[] +//If you use the OVN-Kubernetes network provider, you can specify an IP address block for both of the IPv4 and IPv6 address families. +//endif::bare[] + +| +An array with an IP address block in CIDR format. For example: + +[source,yaml] +---- +//ifndef::bare[] +networking: + serviceNetwork: + - 172.30.0.0/16 +//endif::bare[] +//ifdef::bare[] +//networking: +// serviceNetwork: +// - 172.30.0.0/16 +// - fd02::/112 +//endif::bare[] +---- + +|`networking.machineNetwork` +| +The IP address blocks for machines. + +If you specify multiple IP address blocks, the blocks must not overlap. + +ifdef::ibm-z,ibm-power[] +If you specify multiple IP kernel arguments, the `machineNetwork.cidr` value must be the CIDR of the primary network. +endif::ibm-z,ibm-power[] +|An array of objects. For example: + +[source,yaml] +---- +networking: + machineNetwork: + - cidr: 10.0.0.0/16 +---- + +|`networking.machineNetwork.cidr` +| +Required if you use `networking.machineNetwork`. An IP address block. The default value is `10.0.0.0/16` for all platforms other than libvirt. For libvirt, the default value is `192.168.126.0/24`. +| +An IP network block in CIDR notation. + +//ifndef::bare[] +For example, `10.0.0.0/16`. +//endif::bare[] +//ifdef::bare[] +//For example, `10.0.0.0/16` or `fd00::/48`. +//endif::bare[] + +[NOTE] +==== +Set the `networking.machineNetwork` to match the CIDR that the preferred NIC resides in. +==== + +|==== + +[id="installation-configuration-parameters-optional_{context}"] +== Optional configuration parameters + +Optional installation configuration parameters are described in the following table: + +.Optional parameters +[cols=".^2,.^3a,.^3a",options="header"] +|==== +|Parameter|Description|Values + +|`additionalTrustBundle` +|A PEM-encoded X.509 certificate bundle that is added to the nodes' trusted certificate store. This trust bundle may also be used when a proxy has been configured. +|String + +|`cgroupsV2` +|Enables link:https://www.kernel.org/doc/html/latest/admin-guide/cgroup-v2.html[Linux control groups version 2] (cgroups v2) on specific nodes in your cluster. The {product-title} process for enabling cgroups v2 disables all cgroup version 1 controllers and hierarchies. The {product-title} cgroups version 2 feature is in Developer Preview and is not supported by Red Hat at this time. +|`true` + +|`compute` +|The configuration for the machines that comprise the compute nodes. +|Array of `MachinePool` objects. +ifdef::rhv[] +For details, see the "Additional RHV parameters for machine pools" table. +endif::rhv[] + +ifndef::openshift-origin[] + +ifndef::aws,bare,ibm-power,ibm-z[] +|`compute.architecture` +|Determines the instruction set architecture of the machines in the pool. Currently, clusters with varied architectures are not supported. All pools must specify the same architecture. Valid values are `amd64` (the default). +|String +endif::aws,bare,ibm-power,ibm-z[] + +ifdef::aws[] +|`compute.architecture` +|Determines the instruction set architecture of the machines in the pool. Currently, clusters with varied architectures are not supported. All pools must specify the same architecture. Valid values are `amd64` and `arm64`. See _Supported installation methods for different platforms_ in _Installing_ documentation for information about instance availability. +|String +endif::aws[] + +ifdef::bare[] +|`compute.architecture` +|Determines the instruction set architecture of the machines in the pool. Currently, clusters with varied architectures are not supported. All pools must specify the same architecture. Valid values are `amd64` and `arm64`. +|String +endif::bare[] + +ifdef::ibm-z[] +|`compute.architecture` +|Determines the instruction set architecture of the machines in the pool. Currently, heteregeneous clusters are not supported, so all pools must specify the same architecture. Valid values are `s390x` (the default). +|String +endif::ibm-z[] + +ifdef::ibm-power[] +|`compute.architecture` +|Determines the instruction set architecture of the machines in the pool. Currently, heteregeneous clusters are not supported, so all pools must specify the same architecture. Valid values are `ppc64le` (the default). +|String +endif::ibm-power[] +endif::openshift-origin[] + +ifdef::openshift-origin[] +|`compute.architecture` +|Determines the instruction set architecture of the machines in the pool. Currently, clusters with varied architectures are not supported. All pools must specify the same architecture. Valid values are `amd64` (the default). +ifdef::aws[] +See _Supported installation methods for different platforms_ in _Installing_ documentation for information about instance availability. +endif::aws[] +|String +endif::openshift-origin[] + +|`compute.hyperthreading` +|Whether to enable or disable simultaneous multithreading, or `hyperthreading`, on compute machines. By default, simultaneous multithreading is enabled to increase the performance of your machines' cores. +[IMPORTANT] +==== +If you disable simultaneous multithreading, ensure that your capacity planning +accounts for the dramatically decreased machine performance. +==== +|`Enabled` or `Disabled` + +|`compute.name` +|Required if you use `compute`. The name of the machine pool. +|`worker` + +|`compute.platform` +|Required if you use `compute`. Use this parameter to specify the cloud provider to host the worker machines. This parameter value must match the `controlPlane.platform` parameter value. +|`alibaba`, `aws`, `azure`, `gcp`, `ibmcloud`, `openstack`, `ovirt`, `powervs`, `vsphere`, or `{}` + +|`compute.replicas` +|The number of compute machines, which are also known as worker machines, to provision. +|A positive integer greater than or equal to `2`. The default value is `3`. + +|`controlPlane` +|The configuration for the machines that comprise the control plane. +|Array of `MachinePool` objects. +ifdef::rhv[] +For details, see the "Additional RHV parameters for machine pools" table. +endif::rhv[] + +ifndef::openshift-origin[] +ifndef::aws,bare,ibm-z,ibm-power[] +|`controlPlane.architecture` +|Determines the instruction set architecture of the machines in the pool. Currently, clusters with varied architectures are not supported. All pools must specify the same architecture. Valid values are `amd64` (the default). +|String +endif::aws,bare,ibm-z,ibm-power[] + +ifdef::aws[] +|`controlPlane.architecture` +|Determines the instruction set architecture of the machines in the pool. Currently, clusters with varied architectures are not supported. All pools must specify the same architecture. Valid values are `amd64` and `arm64`. See _Supported installation methods for different platforms_ in _Installing_ documentation for information about instance availability. +|String +endif::aws[] + +ifdef::bare[] +|`controlPlane.architecture` +|Determines the instruction set architecture of the machines in the pool. Currently, clusters with varied architectures are not supported. All pools must specify the same architecture. Valid values are `amd64` and ppc64le. +|String +endif::bare[] + +ifdef::ibm-z[] +|`controlPlane.architecture` +|Determines the instruction set architecture of the machines in the pool. Currently, heterogeneous clusters are not supported, so all pools must specify the same architecture. Valid values are `s390x` (the default). +|String +endif::ibm-z[] + +ifdef::ibm-power[] +|`controlPlane.architecture` +|Determines the instruction set architecture of the machines in the pool. Currently, heterogeneous clusters are not supported, so all pools must specify the same architecture. Valid values are `ppc64le` (the default). +|String +endif::ibm-power[] +endif::openshift-origin[] + +ifdef::openshift-origin[] +|`controlPlane.architecture` +|Determines the instruction set architecture of the machines in the pool. Currently, clusters with varied architectures are not supported. All pools must specify the same architecture. Valid values are `amd64`. +ifdef::aws[] +See _Supported installation methods for different platforms_ in _Installing_ documentation for information about instance availability. +endif::aws[] +|String +endif::openshift-origin[] + +|`controlPlane.hyperthreading` +|Whether to enable or disable simultaneous multithreading, or `hyperthreading`, on control plane machines. By default, simultaneous multithreading is enabled to increase the performance of your machines' cores. +[IMPORTANT] +==== +If you disable simultaneous multithreading, ensure that your capacity planning +accounts for the dramatically decreased machine performance. +==== +|`Enabled` or `Disabled` + +|`controlPlane.name` +|Required if you use `controlPlane`. The name of the machine pool. +|`master` + +|`controlPlane.platform` +|Required if you use `controlPlane`. Use this parameter to specify the cloud provider that hosts the control plane machines. This parameter value must match the `compute.platform` parameter value. +|`alibaba`, `aws`, `azure`, `gcp`, `ibmcloud`, `openstack`, `ovirt`, `powervs`, `vsphere`, or `{}` + +|`controlPlane.replicas` +|The number of control plane machines to provision. +|The only supported value is `3`, which is the default value. + +|`credentialsMode` +|The Cloud Credential Operator (CCO) mode. If no mode is specified, the CCO dynamically tries to determine the capabilities of the provided credentials, with a preference for mint mode on the platforms where multiple modes are supported. +[NOTE] +==== +Not all CCO modes are supported for all cloud providers. For more information on CCO modes, see the _Cloud Credential Operator_ entry in the _Platform Operators reference_ content. +==== +|`Mint`, `Passthrough`, `Manual`, or an empty string (`""`). +ifndef::openshift-origin[] +|`fips` +|Enable or disable FIPS mode. The default is `false` (disabled). If FIPS mode is enabled, the {op-system-first} machines that {product-title} runs on bypass the default Kubernetes cryptography suite and use the cryptography modules that are provided with {op-system} instead. +[IMPORTANT] +==== +The use of FIPS Validated / Modules in Process cryptographic libraries is only supported on {product-title} deployments on the `x86_64` architecture. +==== +[NOTE] +==== +If you are using Azure File storage, you cannot enable FIPS mode. +==== +|`false` or `true` +endif::openshift-origin[] +|`imageContentSources` +|Sources and repositories for the release-image content. +|Array of objects. Includes a `source` and, optionally, `mirrors`, as described in the following rows of this table. + +|`imageContentSources.source` +|Required if you use `imageContentSources`. Specify the repository that users refer to, for example, in image pull specifications. +|String + +|`imageContentSources.mirrors` +|Specify one or more repositories that may also contain the same images. +|Array of strings + +|`publish` +|How to publish or expose the user-facing endpoints of your cluster, such as the Kubernetes API, OpenShift routes. +| +ifdef::aws,aws-govcloud,aws-secret,aws-restricted,azure,gcp[] +`Internal` or `External`. To deploy a private cluster, which cannot be accessed from the internet, set `publish` to `Internal`. The default value is `External`. +endif::[] +ifndef::aws,aws-govcloud,aws-secret,aws-restricted,azure,gcp[] +`Internal` or `External`. The default value is `External`. + +Setting this field to `Internal` is not supported on non-cloud platforms and IBM Cloud VPC. +ifeval::[{product-version} <= 4.7] +[IMPORTANT] +==== +If the value of the field is set to `Internal`, the cluster will become non-functional. For more information, refer to link:https://bugzilla.redhat.com/show_bug.cgi?id=1953035[BZ#1953035]. +==== +endif::[] +endif::[] + +|`sshKey` +| The SSH key to authenticate access to your cluster machines. +[NOTE] +==== +For production {product-title} clusters on which you want to perform installation debugging or disaster recovery, specify an SSH key that your `ssh-agent` process uses. +==== +a|For example, `sshKey: ssh-ed25519 AAAA..`. + +|==== + +ifdef::aws,aws-govcloud,aws-secret,aws-restricted[] +[id="installation-configuration-parameters-optional-aws_{context}"] +== Optional AWS configuration parameters + +Optional AWS configuration parameters are described in the following table: + +.Optional AWS parameters +[cols=".^2,.^3,.^5a",options="header"] +|==== +|Parameter|Description|Values + +|`compute.platform.aws.amiID` +|The AWS AMI used to boot compute machines for the cluster. This is required for regions that require a custom {op-system} AMI. +|Any published or custom {op-system} AMI that belongs to the set AWS region. See _{op-system} AMIs for AWS infrastructure_ for available AMI IDs. + +|`compute.platform.aws.iamRole` +|A pre-existing AWS IAM role applied to the compute machine pool instance profiles. You can use these fields to match naming schemes and include predefined permissions boundaries for your IAM roles. If undefined, the installation program creates a new IAM role. +|The name of a valid AWS IAM role. + +|`compute.platform.aws.rootVolume.iops` +|The Input/Output Operations Per Second (IOPS) that is reserved for the root volume. +|Integer, for example `4000`. + +|`compute.platform.aws.rootVolume.size` +|The size in GiB of the root volume. +|Integer, for example `500`. + +|`compute.platform.aws.rootVolume.type` +|The type of the root volume. +|Valid link:https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/EBSVolumeTypes.html[AWS EBS volume type], +such as `io1`. + +|`compute.platform.aws.type` +|The EC2 instance type for the compute machines. +|Valid AWS instance type, such as `m4.2xlarge`. See the *Supported AWS machine types* table that follows. +//add an xref when possible. + +|`compute.platform.aws.zones` +|The availability zones where the installation program creates machines for the compute machine pool. If you provide your own VPC, you must provide a subnet in that availability zone. +|A list of valid AWS availability zones, such as `us-east-1c`, in a +link:https://yaml.org/spec/1.2/spec.html#sequence//[YAML sequence]. + +|`compute.aws.region` +|The AWS region that the installation program creates compute resources in. +|Any valid link:https://docs.aws.amazon.com/general/latest/gr/rande.html[AWS region], such as `us-east-1`. +ifndef::openshift-origin[] +[IMPORTANT] +==== +When running on ARM based AWS instances, ensure that you enter a region where AWS Graviton processors are available. See link:https://aws.amazon.com/ec2/graviton/#Global_availability[Global availability] map in the AWS documentation. +==== +endif::openshift-origin[] + + +|`controlPlane.platform.aws.amiID` +|The AWS AMI used to boot control plane machines for the cluster. This is required for regions that require a custom {op-system} AMI. +|Any published or custom {op-system} AMI that belongs to the set AWS region. See _{op-system} AMIs for AWS infrastructure_ for available AMI IDs. + +|`controlPlane.platform.aws.iamRole` +|A pre-existing AWS IAM role applied to the control plane machine pool instance profiles. You can use these fields to match naming schemes and include predefined permissions boundaries for your IAM roles. If undefined, the installation program creates a new IAM role. +|The name of a valid AWS IAM role. + +|`controlPlane.platform.aws.type` +|The EC2 instance type for the control plane machines. +|Valid AWS instance type, such as `m6i.xlarge`. See the *Supported AWS machine types* table that follows. +//add an xref when possible + +|`controlPlane.platform.aws.zones` +|The availability zones where the installation program creates machines for the +control plane machine pool. +|A list of valid AWS availability zones, such as `us-east-1c`, in a link:https://yaml.org/spec/1.2/spec.html#sequence//[YAML sequence]. + +|`controlPlane.aws.region` +|The AWS region that the installation program creates control plane resources in. +|Valid link:https://docs.aws.amazon.com/general/latest/gr/rande.html[AWS region], such as `us-east-1`. + +|`platform.aws.amiID` +|The AWS AMI used to boot all machines for the cluster. If set, the AMI must +belong to the same region as the cluster. This is required for regions that require a custom {op-system} AMI. +|Any published or custom {op-system} AMI that belongs to the set AWS region. See _{op-system} AMIs for AWS infrastructure_ for available AMI IDs. + +|`platform.aws.hostedZone` +|An existing Route 53 private hosted zone for the cluster. You can only use a pre-existing hosted zone when also supplying your own VPC. The hosted zone must already be associated with the user-provided VPC before installation. Also, the domain of the hosted zone must be the cluster domain or a parent of the cluster domain. If undefined, the installation program creates a new hosted zone. +|String, for example `Z3URY6TWQ91KVV`. + +|`platform.aws.serviceEndpoints.name` +|The AWS service endpoint name. Custom endpoints are only required for cases +where alternative AWS endpoints, like FIPS, must be used. Custom API endpoints +can be specified for EC2, S3, IAM, Elastic Load Balancing, Tagging, Route 53, +and STS AWS services. +|Valid link:https://docs.aws.amazon.com/general/latest/gr/rande.html[AWS service endpoint] name. + +|`platform.aws.serviceEndpoints.url` +|The AWS service endpoint URL. The URL must use the `https` protocol and the +host must trust the certificate. +|Valid link:https://docs.aws.amazon.com/general/latest/gr/rande.html[AWS service endpoint] URL. + +|`platform.aws.userTags` +|A map of keys and values that the installation program adds as tags to all resources that it creates. +|Any valid YAML map, such as key value pairs in the `: ` format. For more information about AWS tags, see link:https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html[Tagging Your Amazon EC2 Resources] in the AWS documentation. + +|`platform.aws.subnets` +|If you provide the VPC instead of allowing the installation program to create the VPC for you, specify the subnet for the cluster to use. The subnet must be part of the same `machineNetwork[].cidr` ranges that you specify. For a standard cluster, specify a public and a private subnet for each availability zone. For a private cluster, specify a private subnet for each availability zone. +|Valid subnet IDs. + +|==== +endif::aws,aws-govcloud,aws-secret,aws-restricted[] + +ifdef::osp[] +[id="installation-configuration-parameters-additional-osp_{context}"] +== Additional {rh-openstack-first} configuration parameters + +Additional {rh-openstack} configuration parameters are described in the following table: + +.Additional {rh-openstack} parameters +[cols=".^2m,.^3a,^5a",options="header"] +|==== +|Parameter|Description|Values + +|`compute.platform.openstack.rootVolume.size` +|For compute machines, the size in gigabytes of the root volume. If you do not set this value, machines use ephemeral storage. +|Integer, for example `30`. + +|`compute.platform.openstack.rootVolume.type` +|For compute machines, the root volume's type. +|String, for example `performance`. + +|`controlPlane.platform.openstack.rootVolume.size` +|For control plane machines, the size in gigabytes of the root volume. If you do not set this value, machines use ephemeral storage. +|Integer, for example `30`. + +|`controlPlane.platform.openstack.rootVolume.type` +|For control plane machines, the root volume's type. +|String, for example `performance`. + +|`platform.openstack.cloud` +|The name of the {rh-openstack} cloud to use from the list of clouds in the +`clouds.yaml` file. +|String, for example `MyCloud`. + +|`platform.openstack.externalNetwork` +|The {rh-openstack} external network name to be used for installation. +|String, for example `external`. + +|`platform.openstack.computeFlavor` +|The {rh-openstack} flavor to use for control plane and compute machines. + +This property is deprecated. To use a flavor as the default for all machine pools, add it as the value of the `type` key in the `platform.openstack.defaultMachinePlatform` property. You can also set a flavor value for each machine pool individually. + +|String, for example `m1.xlarge`. +|==== + +[id="installation-configuration-parameters-optional-osp_{context}"] +== Optional {rh-openstack} configuration parameters + +Optional {rh-openstack} configuration parameters are described in the following table: + +.Optional {rh-openstack} parameters +[%header, cols=".^2,.^3,.^5a"] +|==== +|Parameter|Description|Values + +|`compute.platform.openstack.additionalNetworkIDs` +|Additional networks that are associated with compute machines. Allowed address pairs are not created for additional networks. +|A list of one or more UUIDs as strings. For example, `fa806b2f-ac49-4bce-b9db-124bc64209bf`. + +|`compute.platform.openstack.additionalSecurityGroupIDs` +|Additional security groups that are associated with compute machines. +|A list of one or more UUIDs as strings. For example, `7ee219f3-d2e9-48a1-96c2-e7429f1b0da7`. + +|`compute.platform.openstack.zones` +|{rh-openstack} Compute (Nova) availability zones (AZs) to install machines on. If this parameter is not set, the installer relies on the default settings for Nova that the {rh-openstack} administrator configured. + +On clusters that use Kuryr, {rh-openstack} Octavia does not support availability zones. Load balancers and, if you are using the Amphora provider driver, {product-title} services that rely on Amphora VMs, are not created according to the value of this property. +|A list of strings. For example, `["zone-1", "zone-2"]`. + +|`compute.platform.openstack.rootVolume.zones` +|For compute machines, the availability zone to install root volumes on. If you do not set a value for this parameter, the installer selects the default availability zone. +|A list of strings, for example `["zone-1", "zone-2"]`. + +|`compute.platform.openstack.serverGroupPolicy` +|Server group policy to apply to the group that will contain the compute machines in the pool. You cannot change server group policies or affiliations after creation. Supported options include `anti-affinity`, `soft-affinity`, and `soft-anti-affinity`. The default value is `soft-anti-affinity`. + +An `affinity` policy prevents migrations and therefore affects {rh-openstack} upgrades. The `affinity` policy is not supported. + +If you use a strict `anti-affinity` policy, an additional {rh-openstack} host is required during instance migration. +|A server group policy to apply to the machine pool. For example, `soft-affinity`. + +|`controlPlane.platform.openstack.additionalNetworkIDs` +|Additional networks that are associated with control plane machines. Allowed address pairs are not created for additional networks. +|A list of one or more UUIDs as strings. For example, `fa806b2f-ac49-4bce-b9db-124bc64209bf`. + +|`controlPlane.platform.openstack.additionalSecurityGroupIDs` +|Additional security groups that are associated with control plane machines. +|A list of one or more UUIDs as strings. For example, `7ee219f3-d2e9-48a1-96c2-e7429f1b0da7`. + +|`controlPlane.platform.openstack.zones` +|{rh-openstack} Compute (Nova) availability zones (AZs) to install machines on. If this parameter is not set, the installer relies on the default settings for Nova that the {rh-openstack} administrator configured. + +On clusters that use Kuryr, {rh-openstack} Octavia does not support availability zones. Load balancers and, if you are using the Amphora provider driver, {product-title} services that rely on Amphora VMs, are not created according to the value of this property. +|A list of strings. For example, `["zone-1", "zone-2"]`. + +|`controlPlane.platform.openstack.rootVolume.zones` +|For control plane machines, the availability zone to install root volumes on. If you do not set this value, the installer selects the default availability zone. +|A list of strings, for example `["zone-1", "zone-2"]`. + +|`controlPlane.platform.openstack.serverGroupPolicy` +|Server group policy to apply to the group that will contain the control plane machines in the pool. You cannot change server group policies or affiliations after creation. Supported options include `anti-affinity`, `soft-affinity`, and `soft-anti-affinity`. The default value is `soft-anti-affinity`. + +An `affinity` policy prevents migrations, and therefore affects {rh-openstack} upgrades. The `affinity` policy is not supported. + +If you use a strict `anti-affinity` policy, an additional {rh-openstack} host is required during instance migration. +|A server group policy to apply to the machine pool. For example, `soft-affinity`. + +|`platform.openstack.clusterOSImage` +|The location from which the installer downloads the {op-system} image. + +You must set this parameter to perform an installation in a restricted network. +|An HTTP or HTTPS URL, optionally with an SHA-256 checksum. + +For example, `\http://mirror.example.com/images/rhcos-43.81.201912131630.0-openstack.x86_64.qcow2.gz?sha256=ffebbd68e8a1f2a245ca19522c16c86f67f9ac8e4e0c1f0a812b068b16f7265d`. +The value can also be the name of an existing Glance image, for example `my-rhcos`. + +|`platform.openstack.clusterOSImageProperties` +|Properties to add to the installer-uploaded ClusterOSImage in Glance. This property is ignored if `platform.openstack.clusterOSImage` is set to an existing Glance image. + +You can use this property to exceed the default persistent volume (PV) limit for {rh-openstack} of 26 PVs per node. To exceed the limit, set the `hw_scsi_model` property value to `virtio-scsi` and the `hw_disk_bus` value to `scsi`. + +You can also use this property to enable the QEMU guest agent by including the `hw_qemu_guest_agent` property with a value of `yes`. +|A list of key-value string pairs. For example, `["hw_scsi_model": "virtio-scsi", "hw_disk_bus": "scsi"]`. + +|`platform.openstack.defaultMachinePlatform` +|The default machine pool platform configuration. +| +[source,json] +---- +{ + "type": "ml.large", + "rootVolume": { + "size": 30, + "type": "performance" + } +} +---- + +|`platform.openstack.ingressFloatingIP` +|An existing floating IP address to associate with the Ingress port. To use this property, you must also define the `platform.openstack.externalNetwork` property. +|An IP address, for example `128.0.0.1`. + +|`platform.openstack.apiFloatingIP` +|An existing floating IP address to associate with the API load balancer. To use this property, you must also define the `platform.openstack.externalNetwork` property. +|An IP address, for example `128.0.0.1`. + +|`platform.openstack.externalDNS` +|IP addresses for external DNS servers that cluster instances use for DNS resolution. +|A list of IP addresses as strings. For example, `["8.8.8.8", "192.168.1.12"]`. + +|`platform.openstack.machinesSubnet` +|The UUID of a {rh-openstack} subnet that the cluster's nodes use. Nodes and virtual IP (VIP) ports are created on this subnet. + +The first item in `networking.machineNetwork` must match the value of `machinesSubnet`. + +If you deploy to a custom subnet, you cannot specify an external DNS server to the {product-title} installer. Instead, link:https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/16.0/html/command_line_interface_reference/subnet[add DNS to the subnet in {rh-openstack}]. + +|A UUID as a string. For example, `fa806b2f-ac49-4bce-b9db-124bc64209bf`. +|==== +endif::osp[] + +ifdef::azure[] +[id="installation-configuration-parameters-additional-azure_{context}"] +== Additional Azure configuration parameters + +Additional Azure configuration parameters are described in the following table: + +.Additional Azure parameters +[cols=".^2,.^3a,.^3a",options="header"] +|==== +|Parameter|Description|Values + +|`compute.platform.azure.osDisk.diskSizeGB` +|The Azure disk size for the VM. +|Integer that represents the size of the disk in GB. The default is `128`. + +|`compute.platform.azure.osDisk.diskType` +|Defines the type of disk. +|`standard_LRS`, `premium_LRS`, or `standardSSD_LRS`. The default is `premium_LRS`. + +|`controlPlane.platform.azure.osDisk.diskSizeGB` +|The Azure disk size for the VM. +|Integer that represents the size of the disk in GB. The default is `1024`. + +|`controlPlane.platform.azure.osDisk.diskType` +|Defines the type of disk. +|`premium_LRS` or `standardSSD_LRS`. The default is `premium_LRS`. + +|`platform.azure.baseDomainResourceGroupName` +|The name of the resource group that contains the DNS zone for your base domain. +|String, for example `production_cluster`. + +|`platform.azure.resourceGroupName` +| The name of an already existing resource group to install your cluster to. This resource group must be empty and only used for this specific cluster; the cluster components assume ownership of all resources in the resource group. If you limit the service principal scope of the installation program to this resource group, you must ensure all other resources used by the installation program in your environment have the necessary permissions, such as the public DNS zone and virtual network. Destroying the cluster using the installation program deletes this resource group. +|String, for example `existing_resource_group`. + +|`platform.azure.outboundType` +|The outbound routing strategy used to connect your cluster to the internet. If +you are using user-defined routing, you must have pre-existing networking +available where the outbound routing has already been configured prior to +installing a cluster. The installation program is not responsible for +configuring user-defined routing. +|`LoadBalancer` or `UserDefinedRouting`. The default is `LoadBalancer`. + +|`platform.azure.region` +|The name of the Azure region that hosts your cluster. +|Any valid region name, such as `centralus`. + +|`platform.azure.zone` +|List of availability zones to place machines in. For high availability, specify +at least two zones. +|List of zones, for example `["1", "2", "3"]`. + +|`platform.azure.networkResourceGroupName` +|The name of the resource group that contains the existing VNet that you want to deploy your cluster to. This name cannot be the same as the `platform.azure.baseDomainResourceGroupName`. +|String. + +|`platform.azure.virtualNetwork` +|The name of the existing VNet that you want to deploy your cluster to. +|String. + +|`platform.azure.controlPlaneSubnet` +|The name of the existing subnet in your VNet that you want to deploy your control plane machines to. +|Valid CIDR, for example `10.0.0.0/16`. + +|`platform.azure.computeSubnet` +|The name of the existing subnet in your VNet that you want to deploy your compute machines to. +|Valid CIDR, for example `10.0.0.0/16`. + +|`platform.azure.cloudName` +|The name of the Azure cloud environment that is used to configure the Azure SDK with the appropriate Azure API endpoints. If empty, the default value `AzurePublicCloud` is used. +|Any valid cloud environment, such as `AzurePublicCloud` or `AzureUSGovernmentCloud`. + +|==== + +[NOTE] +==== +You cannot customize +link:https://azure.microsoft.com/en-us/global-infrastructure/availability-zones/[Azure Availability Zones] +or +link:https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-group-using-tags[Use tags to organize your Azure resources] +with an Azure cluster. +==== +endif::azure[] + +ifdef::gcp[] +[id="installation-configuration-parameters-additional-gcp_{context}"] +== Additional Google Cloud Platform (GCP) configuration parameters + +Additional GCP configuration parameters are described in the following table: + +.Additional GCP parameters +[cols=".^1,.^6a,.^3a",options="header"] +|==== +|Parameter|Description|Values + +|`platform.gcp.network` +|The name of the existing VPC that you want to deploy your cluster to. +|String. + +|`platform.gcp.region` +|The name of the GCP region that hosts your cluster. +|Any valid region name, such as `us-central1`. + +|`platform.gcp.type` +|The link:https://cloud.google.com/compute/docs/machine-types[GCP machine type]. +|The GCP machine type. + +|`platform.gcp.zones` +|The availability zones where the installation program creates machines for the specified MachinePool. +|A list of valid link:https://cloud.google.com/compute/docs/regions-zones#available[GCP availability zones], such as `us-central1-a`, in a +link:https://yaml.org/spec/1.2/spec.html#sequence//[YAML sequence]. + +|`platform.gcp.controlPlaneSubnet` +|The name of the existing subnet in your VPC that you want to deploy your control plane machines to. +|The subnet name. + +|`platform.gcp.computeSubnet` +|The name of the existing subnet in your VPC that you want to deploy your compute machines to. +|The subnet name. + +|`platform.gcp.licenses` +|A list of license URLs that must be applied to the compute images. +[IMPORTANT] +==== +The `licenses` parameter is a deprecated field and nested virtualization is enabled by default. It is not recommended to use this field. +==== +|Any license available with the link:https://cloud.google.com/compute/docs/reference/rest/v1/licenses/list[license API], such as the license to enable link:https://cloud.google.com/compute/docs/instances/nested-virtualization/overview[nested virtualization]. You cannot use this parameter with a mechanism that generates pre-built images. Using a license URL forces the installer to copy the source image before use. + +|`platform.gcp.osDisk.diskSizeGB` +|The size of the disk in gigabytes (GB). +|Any size between 16 GB and 65536 GB. + +|`platform.gcp.osDisk.diskType` +|The type of disk. +|Either the default `pd-ssd` or the `pd-standard` disk type. The control plane nodes must be the `pd-ssd` disk type. The worker nodes can be either type. + +|`controlPlane.platform.gcp.osDisk.encryptionKey.kmsKey.name` +|The name of the customer managed encryption key to be used for control plane machine disk encryption. +|The encryption key name. + +|`controlPlane.platform.gcp.osDisk.encryptionKey.kmsKey.keyRing` +|For control plane machines, the name of the KMS key ring to which the KMS key belongs. +|The KMS key ring name. + +|`controlPlane.platform.gcp.osDisk.encryptionKey.kmsKey.location` +|For control plane machines, the GCP location in which the key ring exists. For more information on KMS locations, see Google's documentation on link:https://cloud.google.com/kms/docs/locations[Cloud KMS locations]. +|The GCP location for the key ring. + +|`controlPlane.platform.gcp.osDisk.encryptionKey.kmsKey.projectID` +|For control plane machines, the ID of the project in which the KMS key ring exists. This value defaults to the VM project ID if not set. +|The GCP project ID. + +//// +`controlPlane.platform.gcp.osDisk.encryptionKey.kmsKeyServiceAccount` + +The GCP Compute Engine System service account used for the encryption request for the given KMS key. The Compute Engine default service account is always used for control plane machines during installation, which follows this pattern: `service-@compute-system.iam.gserviceaccount.com`. The default service account must have access to the KMS key specified for the control plane machines. The custom service account defined is available for use during post-installation operations. For more information on GCP service accounts, see Google's documentation on link:https://cloud.google.com/iam/docs/service-accounts#types[Types of service accounts]. + +The GCP Compute Engine System service account email, like `@.iam.gserviceaccount.com`. +//// +// kmsKeyServiceAccount not yet fully supported in 4.7. Re-add when more stable. + +|`compute.platform.gcp.osDisk.encryptionKey.kmsKey.name` +|The name of the customer managed encryption key to be used for compute machine disk encryption. +|The encryption key name. + +|`compute.platform.gcp.osDisk.encryptionKey.kmsKey.keyRing` +|For compute machines, the name of the KMS key ring to which the KMS key belongs. +|The KMS key ring name. + +|`compute.platform.gcp.osDisk.encryptionKey.kmsKey.location` +|For compute machines, the GCP location in which the key ring exists. For more information on KMS locations, see Google's documentation on link:https://cloud.google.com/kms/docs/locations[Cloud KMS locations]. +|The GCP location for the key ring. + +|`compute.platform.gcp.osDisk.encryptionKey.kmsKey.projectID` +|For compute machines, the ID of the project in which the KMS key ring exists. This value defaults to the VM project ID if not set. +|The GCP project ID. + +//// +`compute.platform.gcp.osDisk.encryptionKey.kmsKeyServiceAccount` + +For compute machines, the GCP Compute Engine System service account used for the encryption request for the given KMS key. If left undefined, the Compute Engine default service account is used, which follows this pattern: `service-@compute-system.iam.gserviceaccount.com`. For more information on GCP service accounts, see Google's documentation on link:https://cloud.google.com/iam/docs/service-accounts#types[Types of service accounts]. + +The GCP Compute Engine System service account email, like `@.iam.gserviceaccount.com`. +//// +// kmsKeyServiceAccount not yet fully supported in 4.7. Re-add when more stable. +|==== + +endif::gcp[] +ifdef::ibm-cloud[] +[id="installation-configuration-parameters-additional-ibm-cloud_{context}"] +== Additional IBM Cloud VPC configuration parameters + +Additional IBM Cloud VPC configuration parameters are described in the following table: + +.Additional IBM Cloud VPC parameters +[cols=".^1,.^6a,.^3a",options="header"] +|==== +|Parameter|Description|Values + +|`platform.ibmcloud.resourceGroupName` +|The name of an existing resource group to install your cluster to. This resource group must only be used for this specific cluster because the cluster components assume ownership of all of the resources in the resource group. If undefined, a new resource group is created for the cluster. [^1^] +|String, for example `existing_resource_group`. + +|`platform.ibmcloud.dedicatedHosts.profile` +|The new dedicated host to create. If you specify a value for `platform.ibmcloud.dedicatedHosts.name`, this parameter is not required. +|Valid IBM Cloud VPC dedicated host profile, such as `cx2-host-152x304`. [^2^] + +|`platform.ibmcloud.dedicatedHosts.name` +|An existing dedicated host. If you specify a value for `platform.ibmcloud.dedicatedHosts.profile`, this parameter is not required. +|String, for example `my-dedicated-host-name`. + +|`platform.ibmcloud.type` +|The instance type for all IBM Cloud VPC machines. +|Valid IBM Cloud VPC instance type, such as `bx2-8x32`. [^2^] + +|==== +[.small] +-- +1. Whether you define an existing resource group, or if the installer creates one, determines how the resource group is treated when the cluster is uninstalled. If you define a resource group, the installer removes all of the installer-provisioned resources, but leaves the resource group alone; if a resource group is created as part of the installation, the installer removes all of the installer provisioned resources and the resource group. +2. To determine which profile best meets your needs, see https://cloud.ibm.com/docs/vpc?topic=vpc-profiles&interface=ui[Instance Profiles] in the IBM documentation. +-- +endif::ibm-cloud[] + +ifdef::rhv[] +[id="installation-configuration-parameters-additional-rhv_{context}"] +== Additional {rh-virtualization-first} configuration parameters + +Additional {rh-virtualization} configuration parameters are described in the following table: + +[id="additional-virt-parameters-for-clusters_{context}"] +.Additional {rh-virtualization-first} parameters for clusters +[cols=".^2,.^3a,.^3a",options="header"] +|==== +|Parameter|Description|Values + +|`platform.ovirt.ovirt_cluster_id` +|Required. The Cluster where the VMs will be created. +|String. For example: `68833f9f-e89c-4891-b768-e2ba0815b76b` + +|`platform.ovirt.ovirt_storage_domain_id` +|Required. The Storage Domain ID where the VM disks will be created. +|String. For example: `ed7b0f4e-0e96-492a-8fff-279213ee1468` + +|`platform.ovirt.ovirt_network_name` +|Required. The network name where the VM nics will be created. +|String. For example: `ocpcluster` + +|`platform.ovirt.vnicProfileID` +|Required. The vNIC profile ID of the VM network interfaces. This can be inferred if the cluster network has a single profile. +|String. For example: `3fa86930-0be5-4052-b667-b79f0a729692` + +|`platform.ovirt.api_vip` +|Required. An IP address on the machine network that will be assigned to the API virtual IP (VIP). You can access the OpenShift API at this endpoint. +|String. Example: `10.46.8.230` + +|`platform.ovirt.ingress_vip` +|Required. An IP address on the machine network that will be assigned to the Ingress virtual IP (VIP). +|String. Example: `10.46.8.232` + +|`platform.ovirt.affinityGroups` +|Optional. A list of affinity groups to create during the installation process. +|List of objects. + +|`platform.ovirt.affinityGroups.description` +|Required if you include `platform.ovirt.affinityGroups`. A description of the affinity group. +|String. Example: `AffinityGroup for spreading each compute machine to a different host` + +|`platform.ovirt.affinityGroups.enforcing` +|Required if you include `platform.ovirt.affinityGroups`. When set to `true`, {rh-virtualization} does not provision any machines if not enough hardware nodes are available. When set to `false`, {rh-virtualization} does provision machines even if not enough hardware nodes are available, resulting in multiple virtual machines being hosted on the same physical machine. + +|String. Example: `true` + +|`platform.ovirt.affinityGroups.name` +|Required if you include `platform.ovirt.affinityGroups`. The name of the affinity group. +|String. Example: `compute` + +|`platform.ovirt.affinityGroups.priority` +|Required if you include `platform.ovirt.affinityGroups`. The priority given to an affinity group when `platform.ovirt.affinityGroups.enforcing = false`. {rh-virtualization} applies affinity groups in the order of priority, where a greater number takes precedence over a lesser one. If multiple affinity groups have the same priority, the order in which they are applied is not guaranteed. +|Integer. Example: `3` +|==== + +[id="installation-configuration-parameters-additional-machine_{context}"] +== Additional {rh-virtualization} parameters for machine pools + +Additional {rh-virtualization} configuration parameters for machine pools are described in the following table: + +.Additional {rh-virtualization} parameters for machine pools +[cols=".^2,.^3a,.^3a",options="header"] +|==== +|Parameter|Description|Values + +|`.platform.ovirt.cpu` +|Optional. Defines the CPU of the VM. +|Object + +|`.platform.ovirt.cpu.cores` +|Required if you use `.platform.ovirt.cpu`. The number of cores. Total virtual CPUs (vCPUs) is cores * sockets. +|Integer + +|`.platform.ovirt.cpu.sockets` +|Required if you use `.platform.ovirt.cpu`. The number of sockets per core. Total virtual CPUs (vCPUs) is cores * sockets. +|Integer + +|`.platform.ovirt.memoryMB` +|Optional. Memory of the VM in MiB. +|Integer + +|`.platform.ovirt.instanceTypeID` +|Optional. An instance type UUID, such as `00000009-0009-0009-0009-0000000000f1`, which you can get from the `https:///ovirt-engine/api/instancetypes` endpoint. +[WARNING] +==== +The `instance_type_id` field is deprecated and will be removed in a future release. +==== +|String of UUID + +|`.platform.ovirt.osDisk` +|Optional. Defines the first and bootable disk of the VM. +|String + +|`.platform.ovirt.osDisk.sizeGB` +|Required if you use `.platform.ovirt.osDisk`. Size of the disk in GiB. +|Number + +|`.platform.ovirt.vmType` +|Optional. The VM workload type, such as `high-performance`, `server`, or `desktop`. By default, master nodes use `high-performance`, and worker nodes use `server`. For details, see link:https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/html-single/virtual_machine_management_guide/index#Virtual_Machine_General_settings_explained[Explanation of Settings in the New Virtual Machine and Edit Virtual Machine Windows] and link:https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/html-single/virtual_machine_management_guide/index#Configuring_High_Performance_Virtual_Machines_Templates_and_Pools[Configuring High Performance Virtual Machines, Templates, and Pools] in the _Virtual Machine Management Guide_. +[NOTE] +==== +`high_performance` improves performance on the VM, but there are limitations. For example, you cannot access the VM with a graphical console. For more information, see link:https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/html-single/virtual_machine_management_guide/index#Configuring_High_Performance_Virtual_Machines_Templates_and_Pools[Configuring High Performance Virtual Machines, Templates, and Pools] in the _Virtual Machine Management Guide_. +==== +|String + +|`.platform.ovirt.affinityGroupsNames` +|Optional. A list of affinity group names that should be applied to the virtual machines. The affinity groups must exist in {rh-virtualization}, or be created during installation as described in _Additional {rh-virtualization} parameters for clusters_ in this topic. This entry can be empty. +// xref:../../installing/installing_rhv/installing-rhv-customizations.adoc#additional-virt-parameters-for-clusters[Additional {rh-virtualization} parameters for clusters]. This entry can be empty. +//xref:../../additional-virt-parameters-for-clusters[Additional {rh-virtualization} parameters for clusters]. This entry can be empty. + +.Example with two affinity groups + +This example defines two affinity groups, named `compute` and `clusterWideNonEnforcing`: + +[source,yaml] +---- +: + platform: + ovirt: + affinityGroupNames: + - compute + - clusterWideNonEnforcing +---- + +This example defines no affinity groups: + +[source,yaml] +---- +: + platform: + ovirt: + affinityGroupNames: [] +---- +|String +|`.platform.ovirt.AutoPinningPolicy` +| Optional. AutoPinningPolicy defines the policy to automatically set the CPU and NUMA settings, including pinning to the host for the instance. When the field is omitted, the default is `none`. Supported values: `none`, `resize_and_pin`. For more information, see link:https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/html-single/virtual_machine_management_guide/index#Setting_NUMA_Nodes[Setting NUMA Nodes] in the _Virtual Machine Management Guide_. + +|String +|`.platform.ovirt.hugepages` +|Optional. Hugepages is the size in KiB for defining hugepages in a VM. Supported values: `2048` or `1048576`. For more information, see link:https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/html-single/virtual_machine_management_guide/index#Configuring_Huge_Pages[Configuring Huge Pages] in the _Virtual Machine Management Guide_. + +|Integer + +|==== + +[NOTE] +==== +You can replace `` with `controlPlane` or `compute`. +==== + +endif::rhv[] + +ifdef::vsphere,vmc[] +[id="installation-configuration-parameters-additional-vsphere_{context}"] +== Additional VMware vSphere configuration parameters + +Additional VMware vSphere configuration parameters are described in the following table: + +.Additional VMware vSphere cluster parameters +[cols=".^2,.^3a,.^3a",options="header"] +|==== +|Parameter|Description|Values + +|`platform.vsphere.vCenter` +|The fully-qualified hostname or IP address of the vCenter server. +|String + +|`platform.vsphere.username` +|The user name to use to connect to the vCenter instance with. This user must have at least +the roles and privileges that are required for +link:https://github.com/vmware-archive/vsphere-storage-for-kubernetes/blob/master/documentation/vcp-roles.md[static or dynamic persistent volume provisioning] +in vSphere. +|String + +|`platform.vsphere.password` +|The password for the vCenter user name. +|String + +|`platform.vsphere.datacenter` +|The name of the datacenter to use in the vCenter instance. +|String + +|`platform.vsphere.defaultDatastore` +|The name of the default datastore to use for provisioning volumes. +|String + +|`platform.vsphere.folder` +|Optional. The absolute path of an existing folder where the installation program creates the virtual machines. If you do not provide this value, the installation program creates a folder that is named with the infrastructure ID in the datacenter virtual machine folder. +|String, for example, `//vm//`. + +|`platform.vsphere.resourcePool` +|Optional. The absolute path of an existing resource pool where the installer creates the virtual machines. If you do not specify a value, resources are installed in the root of the cluster `//host//Resources`. +|String, for example, `//host//Resources//`. + +|`platform.vsphere.network` +|The network in the vCenter instance that contains the virtual IP addresses and DNS records that you configured. +|String + +|`platform.vsphere.cluster` +|The vCenter cluster to install the {product-title} cluster in. +|String + +|`platform.vsphere.apiVIP` +|The virtual IP (VIP) address that you configured for control plane API access. +|An IP address, for example `128.0.0.1`. + +|`platform.vsphere.ingressVIP` +|The virtual IP (VIP) address that you configured for cluster ingress. +|An IP address, for example `128.0.0.1`. + +|`platform.vsphere.diskType` +|Optional. The disk provisioning method. This value defaults to the vSphere default storage policy if not set. +|Valid values are `thin`, `thick`, or `eagerZeroedThick`. +|==== + +[id="installation-configuration-parameters-optional-vsphere_{context}"] +== Optional VMware vSphere machine pool configuration parameters + +Optional VMware vSphere machine pool configuration parameters are described in the following table: + +.Optional VMware vSphere machine pool parameters +[cols=".^2,.^3a,.^3a",options="header"] +|==== +|Parameter|Description|Values + +|`platform.vsphere.clusterOSImage` +|The location from which the installer downloads the {op-system} image. You must set this parameter to perform an installation in a restricted network. +|An HTTP or HTTPS URL, optionally with a SHA-256 checksum. For example, `\https://mirror.openshift.com/images/rhcos--vmware..ova`. + +|`platform.vsphere.osDisk.diskSizeGB` +|The size of the disk in gigabytes. +|Integer + +|`platform.vsphere.cpus` +|The total number of virtual processor cores to assign a virtual machine. +|Integer + +|`platform.vsphere.coresPerSocket` +|The number of cores per socket in a virtual machine. The number of virtual sockets on the virtual machine is `platform.vsphere.cpus`/`platform.vsphere.coresPerSocket`. The default value is `1` +|Integer + +|`platform.vsphere.memoryMB` +|The size of a virtual machine's memory in megabytes. +|Integer +|==== + +endif::vsphere,vmc[] + +ifdef::ash[] +[id="installation-configuration-parameters-additional-azure-stack-hub_{context}"] +== Additional Azure Stack Hub configuration parameters + +Additional Azure configuration parameters are described in the following table: + +.Additional Azure Stack Hub parameters +[cols=".^2,.^3a,.^3a",options="header"] +|==== +|Parameter|Description|Values + +|`platform.azure.armEndpoint` +|The URL of the Azure Resource Manager endpoint that your Azure Stack Hub operator provides. +|String + +|`platform.azure.baseDomainResourceGroupName` +|The name of the resource group that contains the DNS zone for your base domain. +|String, for example `production_cluster`. + +|`platform.azure.region` +|The name of your Azure Stack Hub local region. +|String + +|`platform.azure.resourceGroupName` +| The name of an already existing resource group to install your cluster to. If undefined, a new resource group is created for the cluster. +|String, for example `existing_resource_group`. + +|`platform.azure.outboundType` +|The outbound routing strategy used to connect your cluster to the internet. If +you are using user-defined routing, you must have pre-existing networking +available where the outbound routing has already been configured prior to +installing a cluster. The installation program is not responsible for +configuring user-defined routing. +|`LoadBalancer` or `UserDefinedRouting`. The default is `LoadBalancer`. + +|`platform.azure.cloudName` +|The name of the Azure cloud environment that is used to configure the Azure SDK with the appropriate Azure API endpoints. +|`AzureStackCloud` + +|`clusterOSImage` +|The URL of a storage blob in the Azure Stack environment that contains an {op-system} VHD. +|String, for example, \https://vhdsa.blob.example.example.com/vhd/rhcos-410.84.202112040202-0-azurestack.x86_64.vhd + +|==== +endif::ash[] + +ifdef::alibabacloud[] +//From: https://github.com/openshift/installer/blob/master/data/data/install.openshift.io_installconfigs.yaml#L20; https://github.com/openshift/openshift-docs/pull/40651/files#r792388476 + +[id="installation-configuration-parameters-additional-alibaba_{context}"] +== Additional Alibaba Cloud configuration parameters + +Additional Alibaba Cloud configuration parameters are described in the following table. The `alibabacloud` parameters are the configuration used when installing on Alibaba Cloud. The `defaultMachinePlatform` parameters are the default configuration used when installing on Alibaba Cloud for machine pools that do not define their own platform configuration. + +.Optional {alibaba} parameters +[cols=".^2,.^3,.^5a",options="header"] +|==== +|Parameter|Description|Values + +|`platform.alibabacloud.region` +|Required.The Alibaba Cloud region where the cluster will be created. +|String. + +|`platform.alibabacloud.resourceGroupID` +|The ID of an already existing resource group where the cluster will be installed. If empty, the installer will create a new resource group for the cluster. +|String. + +|`platform.alibabacloud.tags` +|Additional keys and values to apply to all Alibaba Cloud resources created for the cluster. +|Object. + +|`platform.alibabacloud.vpcID` +|The ID of an already existing VPC where the cluster should be installed. If empty, the installer will create a new VPC for the cluster. +|String. + +|`platform.alibabacloud.vswitchIDs` +|The ID list of already existing VSwitches where cluster resources will be created. The existing VSwitches can only be used when also using existing VPC. If empty, the installer will create new VSwitches for the cluster. +|String list. + +|`platform.alibabacloud.defaultMachinePlatform.imageID` +|For compute machines, the image ID that should be used to create ECS instance. If set, the image ID should belong to the same region as the cluster +|String. + +|`platform.alibabacloud.defaultMachinePlatform.instanceType` +|For compute machines, the configuration used when installing on Alibaba Cloud. +|String. For example `ecs.g6.large`. + +|`platform.alibabacloud.defaultMachinePlatform.systemDiskCategory` +|For compute machines, the category of the system disk. +|String, for example "", `cloud_efficiency`, `cloud_essd`. + +|`platform.alibabacloud.defaultMachinePlatform.systemDiskSize` +|For compute machine, the size of the system disk in gibibytes (GiB). The minimum is `120`. +|Integer. + +|`platform.alibabacloud.defaultMachinePlatform.zones` +|For compute machine, list of availability zones that can be used. +|String. + +|`platform.alibabacloud.privateZoneID` +|The ID of an existing private zone into which to add DNS records for the cluster's internal API. An existing private zone can only be used when also using existing VPC. The private zone must be associated with the VPC containing the subnets. Leave the private zone unset to have the installer create the private zone on your behalf. +|String. + +|==== + +endif::alibabacloud[] + +ifdef::bare[] +:!bare: +endif::bare[] +ifeval::["{context}" == "installing-alibaba-customizations"] +:!alibabacloud: +endif::[] +ifeval::["{context}" == "installing-aws-customizations"] +:!aws: +endif::[] +ifeval::["{context}" == "installing-aws-government-region"] +:!aws-govcloud: +endif::[] +ifeval::["{context}" == "installing-aws-secret-region"] +:!aws-secret: +endif::[] +ifeval::["{context}" == "installing-aws-network-customizations"] +:!aws: +endif::[] +ifeval::["{context}" == "installing-aws-private"] +:!aws: +endif::[] +ifeval::["{context}" == "installing-aws-vpc"] +:!aws: +endif::[] +ifeval::["{context}" == "installing-restricted-networks-aws-installer-provisioned"] +:!aws-restricted: +endif::[] +ifeval::["{context}" == "installing-azure-customizations"] +:!azure: +endif::[] +ifeval::["{context}" == "installing-azure-government-region"] +:!azure: +endif::[] +ifeval::["{context}" == "installing-azure-network-customizations"] +:!azure: +endif::[] +ifeval::["{context}" == "installing-azure-private"] +:!azure: +endif::[] +ifeval::["{context}" == "installing-azure-vnet"] +:!azure: +endif::[] +ifeval::["{context}" == "installing-gcp-customizations"] +:!gcp: +endif::[] +ifeval::["{context}" == "installing-gcp-private"] +:!gcp: +endif::[] +ifeval::["{context}" == "installing-gcp-network-customizations"] +:!gcp: +endif::[] +ifeval::["{context}" == "installing-gcp-vpc"] +:!gcp: +endif::[] +ifeval::["{context}" == "installing-restricted-networks-gcp-installer-provisioned"] +:!gcp: +endif::[] +ifeval::["{context}" == "installing-aws-customizations"] +:!aws: +endif::[] +ifeval::["{context}" == "installing-ibm-cloud-customizations"] +:!ibm-cloud: +endif::[] +ifeval::["{context}" == "installing-ibm-cloud-network-customizations"] +:!ibm-cloud: +endif::[] +ifeval::["{context}" == "installing-openstack-installer-custom"] +:!osp: +:!osp-custom: +endif::[] +ifeval::["{context}" == "installing-openstack-installer-kuryr"] +:!osp: +:!osp-kuryr: +endif::[] +ifeval::["{context}" == "installing-openstack-user"] +:!osp: +:!osp-custom: +endif::[] +ifeval::["{context}" == "installing-openstack-user-kuryr"] +:!osp: +:!osp-kuryr: +endif::[] +ifeval::["{context}" == "installing-openstack-user-sr-iov"] +:!osp: +:!osp-custom: +endif::[] +ifeval::["{context}" == "installing-openstack-user-sr-iov-kuryr"] +:!osp: +:!osp-kuryr: +endif::[] +ifeval::["{context}" == "installing-rhv-customizations"] +:!rhv: +endif::[] +ifeval::["{context}" == "installing-vsphere-installer-provisioned-customizations"] +:!vsphere: +endif::[] +ifeval::["{context}" == "installing-vsphere-installer-provisioned-network-customizations"] +:!vsphere: +endif::[] +ifeval::["{context}" == "installing-vmc-customizations"] +:!vmc: +endif::[] +ifeval::["{context}" == "installing-vmc-network-customizations"] +:!vmc: +endif::[] +ifeval::["{context}" == "installing-restricted-networks-vmc"] +:!vmc: +endif::[] +ifeval::["{context}" == "installing-openstack-installer-restricted"] +:!osp: +:!osp-custom: +endif::[] +ifeval::["{context}" == "installing-restricted-networks-installer-provisioned-vsphere"] +:!vsphere: +endif::[] +ifeval::["{context}" == "installing-ibm-z"] +:!ibm-z: +endif::[] +ifeval::["{context}" == "installing-ibm-z-kvm"] +:!ibm-z: +endif::[] +ifeval::["{context}" == "installing-restricted-networks-ibm-z"] +:!ibm-z: +endif::[] +ifeval::["{context}" == "installing-restricted-networks-ibm-z-kvm"] +:!ibm-z: +endif::[] +ifeval::["{context}" == "installing-ibm-power"] +:!ibm-power: +endif::[] +ifeval::["{context}" == "installing-restricted-networks-ibm-power"] +:!ibm-power: +endif::[] +ifeval::["{context}" == "installing-azure-stack-hub-default"] +:!ash: +endif::[] +ifeval::["{context}" == "installing-azure-stack-hub-network-customizations"] +:!ash: +endif::[] diff --git a/modules/installation-ibm-cloud-power-vs-creating-api-key.adoc b/modules/installation-ibm-cloud-power-vs-creating-api-key.adoc new file mode 100644 index 000000000000..8de3f4e45ae4 --- /dev/null +++ b/modules/installation-ibm-cloud-power-vs-creating-api-key.adoc @@ -0,0 +1,20 @@ +// Module included in the following assemblies: +// +// installing/installing_ibm_cloud_public/installing-ibm-cloud-account.adoc + +:_content-type: PROCEDURE +[id="installation-ibm-cloud-creating-api-key_{context}"] += Creating an API key + +You must create a user API key or a service ID API key for your IBM Cloud account. + +.Prerequisites + +* You have assigned the required access policies to your IBM Cloud account. +* You have attached you IAM access policies to an access group, or other appropriate resource. + +.Procedure + +* Create an API key, depending on how you defined your IAM access policies. ++ +For example, if you assigned your access policies to a user, you must create a link:https://cloud.ibm.com/docs/account?topic=account-userapikey[user API key]. If you assigned your access policies to a service ID, you must create a link:https://cloud.ibm.com/docs/account?topic=account-serviceidapikeys[service ID API key]. If your access policies are assigned to an access group, you can use either API key type. For more information on IBM Cloud VPC API keys, see link:https://cloud.ibm.com/docs/account?topic=account-manapikey&interface=ui[Understanding API keys]. diff --git a/modules/installation-ibm-cloud-power-vs-export-variables.adoc b/modules/installation-ibm-cloud-power-vs-export-variables.adoc new file mode 100644 index 000000000000..e652c5f86d0e --- /dev/null +++ b/modules/installation-ibm-cloud-power-vs-export-variables.adoc @@ -0,0 +1,28 @@ +// Module included in the following assemblies: +// +// installing/installing_ibm_cloud_public/installing-ibm-cloud-customizations.adoc +// * installing/installing_ibm_cloud_public/installing-ibm-cloud-network-customizations.adoc + +:_content-type: PROCEDURE +[id="installation-ibm-cloud-export-variables_{context}"] += Exporting the IBM Cloud API key + +You must set the IBM Cloud VPC API key you created as a global variable; the installation program ingests the variable during startup to set the API key. + +.Prerequisties + +* You have created either a user API key or service ID API key for your IBM Cloud account. + +.Procedure + +* Export your IBM Cloud Power key as a global variable: ++ +[source,terminal] +---- +$ export IC_API_KEY= +---- + +[IMPORTANT] +==== +You must set the variable name exactly as specified; the installation program expects the variable name to be present during startup. +==== diff --git a/modules/installation-ibm-cloud-power-vs-iam-policies-api-key.adoc b/modules/installation-ibm-cloud-power-vs-iam-policies-api-key.adoc new file mode 100644 index 000000000000..e85eafb526e4 --- /dev/null +++ b/modules/installation-ibm-cloud-power-vs-iam-policies-api-key.adoc @@ -0,0 +1,70 @@ +// Module included in the following assemblies: +// +// installing/installing_ibm_cloud_public/installing-ibm-cloud-account.adoc + +:_content-type: CONCEPT +[id="installation-ibm-cloud-iam-policies-api-key_{context}"] += IBM Cloud IAM Policies and API Key + +To install {product-title} into your IBM Cloud account, the installation program requires an IAM API key, which provides authentication and authorization to access IBM Cloud service APIs. You can use an existing IAM API key that contains the required policies or create a new one. + +For an IBM Cloud IAM overview, see the IBM Cloud link:https://cloud.ibm.com/docs/account?topic=account-iamoverview[documentation]. + +[id="required-access-policies-ibm-cloud_{context}"] +== Required access policies + +You must assign the required access policies to your IBM Cloud account. + +.Required access policies +[cols="1,2,2,2,3",options="header"] +|=== +|Service type |Service |Access policy scope |Platform access |Service access + +|Account management +|IAM Identity Service +|All resources or a subset of resources ^[1]^ +|Editor, Operator, Viewer, Administrator +|Service ID creator + +|Account management ^[2]^ +|Identity and Access Management +|All resources +|Editor, Operator, Viewer, Administrator +| + +|IAM services +|Cloud Object Storage +|All resources or a subset of resources ^[1]^ +|Editor, Operator, Viewer, Administrator +|Reader, Writer, Manager, Content Reader, Object Reader, Object Writer + +|IAM services +|Internet Services +|All resources or a subset of resources ^[1]^ +|Editor, Operator, Viewer, Administrator +|Reader, Writer, Manager + + +|IAM services +|VPC Infrastructure Services +|All resources or a subset of resources ^[1]^ +|Editor, Operator, Viewer, Administrator +|Reader, Writer, Manager +|=== +[.small] +-- +1. The policy access scope should be set based on how granular you want to assign access. The scope can be set to *All resources* or *Resources based on selected attributes*. +2. Optional: This access policy is only required if you want the installation program to create a resource group. For more information on resource groups, see IBM Cloud's link:https://cloud.ibm.com/docs/account?topic=account-rgs[documentation]. +-- +//TODO: IBM confirmed current values in the table above. They hope to provide more guidance on possibly scoping down the permissions (related to resource group actions). + +[id="access-policy-assignment-ibm-cloud_{context}"] +== Access policy assignment + +In IBM Cloud VPC IAM, access policies can be attached to different subjects: + +* Access group (Recommended) +* Service ID +* User + +The recommended method is to define IAM access policies in an link:https://cloud.ibm.com/docs/account?topic=account-groups[access group]. This helps organize all the access required for {product-title} and enables you to onboard users and service IDs to this group. You can also assign access to link:https://cloud.ibm.com/docs/account?topic=account-assign-access-resources[users and service IDs] directly, if desired. diff --git a/modules/installation-ibm-cloud-power-vs-regions.adoc b/modules/installation-ibm-cloud-power-vs-regions.adoc new file mode 100644 index 000000000000..a8982c43a7b8 --- /dev/null +++ b/modules/installation-ibm-cloud-power-vs-regions.adoc @@ -0,0 +1,44 @@ +// Module included in the following assemblies: +// +// installing/installing_ibm_cloud_public/installing-ibm-cloud-account.adoc + +:_content-type: REFERENCE +[id="installation-ibm-cloud-regions_{context}"] += Supported IBM Cloud VPC regions + +You can deploy an {product-title} cluster to the following regions: + +//Not listed for openshift-install: br-sao, in-che, kr-seo + +* `dal` (Dallas, USA) +** `dal12` +* `us-east` (Washington DC, USA) +** `us-east` +* `eu-de` (Frankfurt, Germany) +** `eu-de-1` +** `eu-de-2` +* `lon` (London, UK) +** `lon04` +** `lon06` +* `osa` (Osaka, Japan) +** `osa21` +* `sao` (Sao Paulo, Brazil) +** `osa21` +* `syd` (Sydney, Australia) +** `syd04` +* `tok` (Tokyo, Japan) +** `tok04` +* `tor` (Toronto, Canada) +** `tor01` + +You may optionally specify the IBM Cloud VPC region in which the installer will create any VPC components. Supported regions in IBM Cloud are: + +* `us-south` +* `eu-de` +* `eu-gb` +* `jp-osa` +* `au-syd` +* `br-sao` +* `ca-tor` +* `jp-tok` + diff --git a/modules/installation-initializing-power-vs.adoc b/modules/installation-initializing-power-vs.adoc new file mode 100644 index 000000000000..3b6c434c6b13 --- /dev/null +++ b/modules/installation-initializing-power-vs.adoc @@ -0,0 +1,681 @@ +// Module included in the following assemblies: +// +// * installing/installing_aws/installing-alibaba-default.adoc +// * installing/installing_aws/installing-alibaba-customizations.adoc +// installing/installing_alibaba/installing-alibaba-network-customizations.adoc +// * installing/installing_aws/installing-aws-customizations.adoc +// * installing/installing_aws/installing-aws-network-customizations.adoc +// * installing/installing_aws/installing-aws-vpc.adoc +// * installing/installing_aws/installing-restricted-networks-aws-installer-provisioned.adoc +// * installing/installing_azure/installing-azure-customizations.adoc +// * installing/installing_azure/installing-azure-network-customizations +// * installing/installing_azure/installing-azure-vnet.adoc +// * installing/installing_azure/installing-azure-user-infra.adoc +// * installing/installing_gcp/installing-gcp-customizations.adoc +// * installing/installing_gcp/installing-gcp-network-customizations.adoc +// * installing/installing_gcp/installing-gcp-vpc.adoc +// * installing/installing_gcp/installing-gcp-user-infra.adoc +// * installing/installing_gcp/installing-restricted-networks-gcp.adoc +// * installing/installing_gcp/installing-restricted-networks-gcp-installer-provisioned.adoc +// * installing/installing_ibm_cloud_public/installing-ibm-cloud-customizations.adoc +// * installing/installing_ibm_cloud_public/installing-ibm-cloud-network-customizations.adoc +// * installing/installing_openstack/installing-openstack-installer-custom.adoc +// * installing/installing_openstack/installing-openstack-installer-kuryr.adoc +// * installing/installing_openstack/installing-openstack-installer-restricted.adoc +// * installing/installing_openstack/installing-openstack-user-kuryr.adoc +// * installing/installing_openstack/installing-openstack-user.adoc +// * installing/installing_rhv/installing-rhv-customizations.adoc +// * installing/installing_vmc/installing-vmc-customizations.adoc +// * installing/installing_vmc/installing-vmc-network-customizations.adoc +// * installing/installing_vmc/installing-restricted-networks-vmc.adoc +// * installing/installing_vsphere/installing-vsphere-installer-provisioned-customizations.adoc +// * installing/installing_vsphere/installing-vsphere-installer-provisioned-network-customizations.adoc +// * installing/installing_vsphere/installing-restricted-networks-installer-provisioned-vsphere.adoc + +// * installing/installing_gcp/installing-openstack-installer-restricted.adoc +// Consider also adding the installation-configuration-parameters.adoc module. +//YOU MUST SET AN IFEVAL FOR EACH NEW MODULE + +ifeval::["{context}" == "installing-alibaba-default"] +:alibabacloud-default: +endif::[] +ifeval::["{context}" == "installing-alibaba-customizations"] +:alibabacloud-custom: +endif::[] +ifeval::["{context}" == "installing-aws-customizations"] +:aws: +endif::[] +ifeval::["{context}" == "installing-aws-network-customizations"] +:aws: +endif::[] +ifeval::["{context}" == "installing-aws-vpc"] +:aws: +endif::[] +ifeval::["{context}" == "installing-restricted-networks-aws-installer-provisioned"] +:aws: +:restricted: +endif::[] +ifeval::["{context}" == "installing-azure-customizations"] +:azure: +endif::[] +ifeval::["{context}" == "installing-azure-network-customizations"] +:azure: +endif::[] +ifeval::["{context}" == "installing-azure-vnet"] +:azure: +endif::[] +ifeval::["{context}" == "installing-azure-user-infra"] +:azure: +:azure-user-infra: +endif::[] +ifeval::["{context}" == "installing-gcp-customizations"] +:gcp: +endif::[] +ifeval::["{context}" == "installing-gcp-vpc"] +:gcp: +endif::[] +ifeval::["{context}" == "installing-gcp-network-customizations"] +:gcp: +endif::[] +ifeval::["{context}" == "installing-gcp-user-infra"] +:gcp: +:gcp-user-infra: +endif::[] +ifeval::["{context}" == "installing-gcp-user-infra-vpc"] +:gcp: +endif::[] +ifeval::["{context}" == "installing-restricted-networks-gcp"] +:gcp: +:restricted: +endif::[] +ifeval::["{context}" == "installing-restricted-networks-gcp-installer-provisioned"] +:gcp: +:restricted: +endif::[] +ifeval::["{context}" == "installing-ibm-cloud-customizations"] +:ibm-cloud: +endif::[] +ifeval::["{context}" == "installing-ibm-cloud-network-customizations"] +:ibm-cloud: +endif::[] +ifeval::["{context}" == "installing-openstack-installer-custom"] +:osp: +endif::[] +ifeval::["{context}" == "installing-openstack-installer-kuryr"] +:osp: +endif::[] +ifeval::["{context}" == "installing-openstack-user"] +:osp: +:osp-user: +endif::[] +ifeval::["{context}" == "installing-openstack-user-kuryr"] +:osp: +:osp-user: +endif::[] +ifeval::["{context}" == "installing-openstack-user-sr-iov"] +:osp: +:osp-user: +endif::[] +ifeval::["{context}" == "installing-openstack-user-sr-iov-kuryr"] +:osp: +:osp-user: +endif::[] +ifeval::["{context}" == "installing-rhv-customizations"] +:rhv: +endif::[] +ifeval::["{context}" == "installing-rhv-default"] +:rhv: +endif::[] +ifeval::["{context}" == "installing-vsphere-installer-provisioned-customizations"] +:vsphere: +endif::[] +ifeval::["{context}" == "installing-vsphere-installer-provisioned-network-customizations"] +:vsphere: +endif::[] +ifeval::["{context}" == "installing-vmc-customizations"] +:vsphere: +endif::[] +ifeval::["{context}" == "installing-vmc-network-customizations"] +:vsphere: +endif::[] +ifeval::["{context}" == "installing-openstack-installer-restricted"] +:osp: +:restricted: +endif::[] +ifeval::["{context}" == "installing-restricted-networks-installer-provisioned-vsphere"] +:vsphere: +:restricted: +endif::[] +ifeval::["{context}" == "installing-restricted-networks-vmc"] +:vsphere: +:restricted: +endif::[] + +:_content-type: PROCEDURE +[id="installation-initializing_{context}"] += Creating the installation configuration file + +You can customize the {product-title} cluster you install on +ifdef::alibabacloud-default,alibabacloud-custom[] +Alibaba Cloud. +endif::alibabacloud-default,alibabacloud-custom[] +ifdef::aws[] +Amazon Web Services (AWS). +endif::aws[] +ifdef::azure[] +Microsoft Azure. +endif::azure[] +ifdef::gcp[] +Google Cloud Platform (GCP). +endif::gcp[] +ifdef::ibm-cloud[] +IBM Cloud. +endif::ibm-cloud[] +ifdef::osp[] +{rh-openstack-first}. +endif::osp[] +ifdef::vsphere,vmc[] +VMware vSphere. +endif::vsphere,vmc[] +ifdef::rhv[] +{rh-virtualization-first}. +endif::rhv[] + +.Prerequisites + +* Obtain the {product-title} installation program and the pull secret for your cluster. +ifdef::restricted[] +For a restricted network installation, these files are on your mirror host. +* Have the `imageContentSources` values that were generated during mirror registry creation. +* Obtain the contents of the certificate for your mirror registry. +ifndef::aws,gcp[] +* Retrieve a {op-system-first} image and upload it to an accessible location. +endif::aws,gcp[] +endif::restricted[] +* Obtain service principal permissions at the subscription level. + +.Procedure + +. Create the `install-config.yaml` file. ++ +.. Change to the directory that contains the installation program and run the following command: ++ +[source,terminal] +---- +$ ./openshift-install create install-config --dir <1> +---- +<1> For ``, specify the directory name to store the +files that the installation program creates. ++ +When specifying the directory: +* Verify that the directory has the `execute` permission. This permission is required to run Terraform binaries under the installation directory. +* Use an empty directory. Some installation assets, such as bootstrap X.509 certificates, have short expiration intervals, therefore you must not reuse an installation directory. If you want to reuse individual files from another cluster installation, you can copy them into your directory. However, the file names for the installation assets might change between releases. Use caution when copying installation files from an earlier {product-title} version. + +ifndef::rhv[] +.. At the prompts, provide the configuration details for your cloud: +... Optional: Select an SSH key to use to access your cluster machines. ++ +[NOTE] +==== +For production {product-title} clusters on which you want to perform installation debugging or disaster recovery, specify an SSH key that your `ssh-agent` process uses. +==== +endif::rhv[] +ifdef::alibabacloud-default,alibabacloud-custom[] +... Specify *alibabacloud* as the platform to target. +... Specify the region to deploy the cluster to. +... Specify the base domain to deploy the cluster to. All DNS records will be sub-domains of this base and will also include the cluster name. +... Specify a descriptive name for your cluster. +endif::alibabacloud-default,alibabacloud-custom[] +ifdef::aws[] +... Select *AWS* as the platform to target. +... If you do not have an Amazon Web Services (AWS) profile stored on your computer, enter the AWS +access key ID and secret access key for the user that you configured to run the +installation program. +... Select the AWS region to deploy the cluster to. +... Select the base domain for the Route 53 service that you configured for your cluster. +endif::aws[] +ifdef::azure[] +... Select *azure* as the platform to target. +... If you do not have a Microsoft Azure profile stored on your computer, specify the +following Azure parameter values for your subscription and service principal: +**** *azure subscription id*: The subscription ID to use for the cluster. +Specify the `id` value in your account output. +**** *azure tenant id*: The tenant ID. Specify the `tenantId` value in your +account output. +**** *azure service principal client id*: The value of the `appId` parameter +for the service principal. +**** *azure service principal client secret*: The value of the `password` +parameter for the service principal. +... Select the region to deploy the cluster to. +... Select the base domain to deploy the cluster to. The base domain corresponds +to the Azure DNS Zone that you created for your cluster. +endif::azure[] +ifdef::gcp[] +... Select *gcp* as the platform to target. +... If you have not configured the service account key for your GCP account on +your computer, you must obtain it from GCP and paste the contents of the file +or enter the absolute path to the file. +... Select the project ID to provision the cluster in. The default value is +specified by the service account that you configured. +... Select the region to deploy the cluster to. +... Select the base domain to deploy the cluster to. The base domain corresponds +to the public DNS zone that you created for your cluster. +endif::gcp[] +ifdef::ibm-cloud[] +... Select *ibmcloud* as the platform to target. +... Select the region to deploy the cluster to. +... Select the base domain to deploy the cluster to. The base domain corresponds +to the public DNS zone that you created for your cluster. +endif::ibm-cloud[] +ifdef::osp[] +... Select *openstack* as the platform to target. +... Specify the {rh-openstack-first} external network name to use for installing the cluster. +... Specify the floating IP address to use for external access to the OpenShift API. +... Specify a {rh-openstack} flavor with at least 16 GB RAM to use for control plane +and compute nodes. +... Select the base domain to deploy the cluster to. All DNS records will be +sub-domains of this base and will also include the cluster name. +endif::osp[] +ifdef::vsphere,vmc[] +... Select *vsphere* as the platform to target. +... Specify the name of your vCenter instance. +... Specify the user name and password for the vCenter account that has the required permissions to create the cluster. ++ +The installation program connects to your vCenter instance. +... Select the datacenter in your vCenter instance to connect to. +... Select the default vCenter datastore to use. +... Select the vCenter cluster to install the {product-title} cluster in. The installation program uses the root resource pool of the vSphere cluster as the default resource pool. +... Select the network in the vCenter instance that contains the virtual IP addresses and DNS records that you configured. +... Enter the virtual IP address that you configured for control plane API access. +... Enter the virtual IP address that you configured for cluster ingress. +... Enter the base domain. This base domain must be the same one that you used in the DNS records that you configured. +endif::vsphere,vmc[] +ifndef::osp[] +ifndef::rhv,alibabacloud-default,alibabacloud-custom[] +... Enter a descriptive name for your cluster. +ifdef::vsphere,vmc[] +The cluster name must be the same one that you used in the DNS records that you configured. +endif::vsphere,vmc[] +endif::rhv,alibabacloud-default,alibabacloud-custom[] +endif::osp[] +ifdef::osp[] +... Enter a name for your cluster. The name must be 14 or fewer characters long. +endif::osp[] +ifdef::azure[] ++ +[IMPORTANT] +==== +All Azure resources that are available through public endpoints are subject to +resource name restrictions, and you cannot create resources that use certain +terms. For a list of terms that Azure restricts, see +link:https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-reserved-resource-name[Resolve reserved resource name errors] +in the Azure documentation. +==== +endif::azure[] +ifdef::rhv[] +.. Respond to the installation program prompts. +... For `SSH Public Key`, select a password-less public key, such as `~/.ssh/id_rsa.pub`. This key authenticates connections with the new {product-title} cluster. ++ +[NOTE] +==== +For production {product-title} clusters on which you want to perform installation debugging or disaster recovery, select an SSH key that your `ssh-agent` process uses. +==== +... For `Platform`, select `ovirt`. +... For `Enter oVirt's API endpoint URL`, enter the URL of the {rh-virtualization} API using this format: ++ +[source,terminal] +---- +https:///ovirt-engine/api <1> +---- +<1> For ``, specify the fully qualified domain name of the {rh-virtualization} environment. ++ +For example: ++ +ifndef::openshift-origin[] +[source,terminal] +---- +$ curl -k -u ocpadmin@internal:pw123 \ +https://rhv-env.virtlab.example.com/ovirt-engine/api +---- +endif::openshift-origin[] +ifdef::openshift-origin[] +[source,terminal] +---- +$ curl -k -u admin@internal:pw123 \ +https://ovirtlab.example.com/ovirt-engine/api +---- +endif::openshift-origin[] ++ +... For `Is the oVirt CA trusted locally?`, enter `Yes`, because you have already set up a CA certificate. Otherwise, enter `No`. + +... For `oVirt's CA bundle`, if you entered `Yes` for the preceding question, copy the certificate content from `/etc/pki/ca-trust/source/anchors/ca.pem` and paste it here. Then, press `Enter` twice. Otherwise, if you entered `No` for the preceding question, this question does not appear. +... For `oVirt engine username`, enter the user name and profile of the {rh-virtualization} administrator using this format: ++ +[source,terminal] +---- +@ <1> +---- +<1> For ``, specify the user name of an {rh-virtualization} administrator. For ``, specify the login profile, which you can get by going to the {rh-virtualization} Administration Portal login page and reviewing the *Profile* dropdown list. Together, the user name and profile should look similar to this example: ++ +ifndef::openshift-origin[] +[source,terminal] +---- +ocpadmin@internal +---- +endif::openshift-origin[] +ifdef::openshift-origin[] +[source,terminal] +---- +admin@internal +---- +endif::openshift-origin[] ++ +... For `oVirt engine password`, enter the {rh-virtualization} admin password. +... For `oVirt cluster`, select the cluster for installing {product-title}. +... For `oVirt storage domain`, select the storage domain for installing {product-title}. +... For `oVirt network`, select a virtual network that has access to the {rh-virtualization} {rh-virtualization-engine-name} REST API. +... For `Internal API Virtual IP`, enter the static IP address you set aside for the cluster's REST API. +... For `Ingress virtual IP`, enter the static IP address you reserved for the wildcard apps domain. +... For `Base Domain`, enter the base domain of the {product-title} cluster. If this cluster is exposed to the outside world, this must be a valid domain recognized by DNS infrastructure. For example, enter: `virtlab.example.com` +... For `Cluster Name`, enter the name of the cluster. For example, `my-cluster`. Use cluster name from the externally registered/resolvable DNS entries you created for the {product-title} REST API and apps domain names. The installation program also gives this name to the cluster in the {rh-virtualization} environment. +... For `Pull Secret`, copy the pull secret from the `pull-secret.txt` file you downloaded earlier and paste it here. You can also get a copy of the same {cluster-manager-url-pull}. +endif::rhv[] +ifndef::rhv[] +... Paste the {cluster-manager-url-pull}. +ifdef::openshift-origin[] +This field is optional. +endif::[] +endif::rhv[] +ifdef::gcp-user-infra,azure-user-infra[] +.. Optional: If you do not want the cluster to provision compute machines, empty +the compute pool by editing the resulting `install-config.yaml` file to set +`replicas` to `0` for the `compute` pool: ++ +[source,yaml] +---- +compute: +- hyperthreading: Enabled + name: worker + platform: {} + replicas: 0 <1> +---- +<1> Set to `0`. +endif::[] + +ifndef::restricted,alibabacloud-default,alibabacloud-custom[] +. Modify the `install-config.yaml` file. You can find more information about +the available parameters in the "Installation configuration parameters" section. +endif::restricted,alibabacloud-default,alibabacloud-custom[] + +ifdef::alibabacloud-default,alibabacloud-custom[] +. Installing the cluster into Alibaba Cloud requires that the Cloud Credential Operator (CCO) operate in manual mode. Modify the `install-config.yaml` file to set the `credentialsMode` parameter to `Manual`: ++ +.Example install-config.yaml configuration file with `credentialsMode` set to `Manual` +[source,yaml] +---- +apiVersion: v1 +baseDomain: cluster1.example.com +credentialsMode: Manual <1> +compute: +- architecture: amd64 + hyperthreading: Enabled + ... +---- +<1> Add this line to set the `credentialsMode` to `Manual`. +endif::alibabacloud-default,alibabacloud-custom[] + +ifdef::alibabacloud-custom[] +. Set the available parameters in the "Installation configuration parameters" section, as needed. +endif::alibabacloud-custom[] + +ifndef::restricted[] + +ifdef::rhv[] ++ +[NOTE] +==== +If you have any intermediate CA certificates on the {rh-virtualization-engine-name}, verify that the certificates appear in the `ovirt-config.yaml` file and the `install-config.yaml` file. If they do not appear, add them as follows: + +. In the `~/.ovirt/ovirt-config.yaml` file: ++ +[source,yaml] +---- +[ovirt_ca_bundle]: | + -----BEGIN CERTIFICATE----- + + -----END CERTIFICATE----- + -----BEGIN CERTIFICATE----- + + -----END CERTIFICATE----- +---- +. In the `install-config.yaml` file: ++ +[source,yaml] +---- +[additionalTrustBundle]: | + -----BEGIN CERTIFICATE----- + + -----END CERTIFICATE----- + -----BEGIN CERTIFICATE----- + + -----END CERTIFICATE----- +---- +==== +endif::rhv[] +endif::restricted[] + +ifdef::osp+restricted[] +. In the `install-config.yaml` file, set the value of `platform.openstack.clusterOSImage` to the image location or name. For example: ++ +[source,yaml] +---- +platform: + openstack: + clusterOSImage: http://mirror.example.com/images/rhcos-43.81.201912131630.0-openstack.x86_64.qcow2.gz?sha256=ffebbd68e8a1f2a245ca19522c16c86f67f9ac8e4e0c1f0a812b068b16f7265d +---- +endif::osp+restricted[] +ifdef::vsphere+restricted[] +. In the `install-config.yaml` file, set the value of `platform.vsphere.clusterOSImage` to the image location or name. For example: ++ +[source,yaml] +---- +platform: + vsphere: + clusterOSImage: http://mirror.example.com/images/rhcos-43.81.201912131630.0-vmware.x86_64.ova?sha256=ffebbd68e8a1f2a245ca19522c16c86f67f9ac8e4e0c1f0a812b068b16f7265d +---- +endif::vsphere+restricted[] +ifdef::restricted[] +. Edit the `install-config.yaml` file to give the additional information that +is required for an installation in a restricted network. +.. Update the `pullSecret` value to contain the authentication information for +your registry: ++ +[source,yaml] +---- +pullSecret: '{"auths":{":5000": {"auth": "","email": "you@example.com"}}}' +---- ++ +For ``, specify the registry domain name +that you specified in the certificate for your mirror registry, and for +``, specify the base64-encoded user name and password for +your mirror registry. +.. Add the `additionalTrustBundle` parameter and value. ++ +[source,yaml] +---- +additionalTrustBundle: | + -----BEGIN CERTIFICATE----- + ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ + -----END CERTIFICATE----- +---- ++ +The value must be the contents of the certificate file that you used for your mirror registry. The certificate file can be an existing, trusted certificate authority, or the self-signed certificate that you generated for the mirror registry. + +ifdef::aws+restricted[] +.. Define the subnets for the VPC to install the cluster in: ++ +[source,yaml] +---- +subnets: +- subnet-1 +- subnet-2 +- subnet-3 +---- +endif::aws+restricted[] +ifdef::gcp+restricted[] +.. Define the network and subnets for the VPC to install the cluster in under the parent `platform.gcp` field: ++ +[source,yaml] +---- +network: +controlPlaneSubnet: +computeSubnet: +---- ++ +For `platform.gcp.network`, specify the name for the existing Google VPC. For `platform.gcp.controlPlaneSubnet` and `platform.gcp.computeSubnet`, specify the existing subnets to deploy the control plane machines and compute machines, respectively. +endif::gcp+restricted[] + +.. Add the image content resources, which resemble the following YAML excerpt: ++ +[source,yaml] +---- +imageContentSources: +- mirrors: + - :5000//release + source: quay.example.com/openshift-release-dev/ocp-release +- mirrors: + - :5000//release + source: registry.example.com/ocp/release +---- ++ +For these values, use the `imageContentSources` that you recorded during mirror registry creation. + +. Make any other modifications to the `install-config.yaml` file that you require. You can find more information about +the available parameters in the *Installation configuration parameters* section. +endif::restricted[] + +. Back up the `install-config.yaml` file so that you can use +it to install multiple clusters. ++ +[IMPORTANT] +==== +The `install-config.yaml` file is consumed during the installation process. If +you want to reuse the file, you must back it up now. +==== + +ifdef::osp-user[You now have the file `install-config.yaml` in the directory that you specified.] + +ifeval::["{context}" == "installing-alibaba-default"] +:!alibabacloud-default: +endif::[] +ifeval::["{context}" == "installing-alibaba-customizations"] +:!alibabacloud-custom: +endif::[] +ifeval::["{context}" == "installing-aws-customizations"] +:!aws: +endif::[] +ifeval::["{context}" == "installing-aws-network-customizations"] +:!aws: +endif::[] +ifeval::["{context}" == "installing-aws-vpc"] +:!aws: +endif::[] +ifeval::["{context}" == "installing-restricted-networks-aws-installer-provisioned"] +:!aws: +:!restricted: +endif::[] +ifeval::["{context}" == "installing-azure-customizations"] +:!azure: +endif::[] +ifeval::["{context}" == "installing-azure-network-customizations"] +:!azure: +endif::[] +ifeval::["{context}" == "installing-azure-vnet"] +:!azure: +endif::[] +ifeval::["{context}" == "installing-azure-user-infra"] +:!azure: +:!azure-user-infra: +endif::[] +ifeval::["{context}" == "installing-gcp-customizations"] +:!gcp: +endif::[] +ifeval::["{context}" == "installing-gcp-network-customizations"] +:!gcp: +endif::[] +ifeval::["{context}" == "installing-gcp-vpc"] +:!gcp: +endif::[] +ifeval::["{context}" == "installing-gcp-user-infra"] +:!gcp: +:!gcp-user-infra: +endif::[] +ifeval::["{context}" == "installing-gcp-user-infra-vpc"] +:!gcp: +endif::[] +ifeval::["{context}" == "installing-restricted-networks-gcp"] +:!gcp: +:!restricted: +endif::[] +ifeval::["{context}" == "installing-restricted-networks-gcp-installer-provisioned"] +:!gcp: +:!restricted: +endif::[] +ifeval::["{context}" == "installing-ibm-cloud-customizations"] +:!ibm-cloud: +endif::[] +ifeval::["{context}" == "installing-ibm-cloud-network-customizations"] +:!ibm-cloud: +endif::[] +ifeval::["{context}" == "installing-openstack-installer-custom"] +:!osp: +endif::[] +ifeval::["{context}" == "installing-openstack-installer-kuryr"] +:!osp: +endif::[] +ifeval::["{context}" == "installing-openstack-user"] +:!osp: +:!osp-user: +endif::[] +ifeval::["{context}" == "installing-openstack-user-kuryr"] +:!osp: +:!osp-user: +endif::[] +ifeval::["{context}" == "installing-openstack-user-sr-iov"] +:!osp: +:!osp-user: +endif::[] +ifeval::["{context}" == "installing-openstack-user-sr-iov-kuryr"] +:!osp: +:!osp-user: +endif::[] +ifeval::["{context}" == "installing-rhv-customizations"] +:!rhv: +endif::[] +ifeval::["{context}" == "installing-rhv-default"] +:!rhv: +endif::[] +ifeval::["{context}" == "installing-vsphere-installer-provisioned-customizations"] +:!vsphere: +endif::[] +ifeval::["{context}" == "installing-vsphere-installer-provisioned-network-customizations"] +:!vsphere: +endif::[] +ifeval::["{context}" == "installing-vmc-customizations"] +:!vsphere: +endif::[] +ifeval::["{context}" == "installing-vmc-network-customizations"] +:!vsphere: +endif::[] +ifeval::["{context}" == "installing-openstack-installer-restricted"] +:!osp: +:!restricted: +endif::[] +ifeval::["{context}" == "installing-restricted-networks-installer-provisioned-vsphere"] +:!vsphere: +:!restricted: +endif::[] +ifeval::["{context}" == "installing-restricted-networks-vmc"] +:!vsphere: +:!restricted: +endif::[] diff --git a/modules/installation-uninstall-clouds-power-vs.adoc b/modules/installation-uninstall-clouds-power-vs.adoc new file mode 100644 index 000000000000..9c498b064517 --- /dev/null +++ b/modules/installation-uninstall-clouds-power-vs.adoc @@ -0,0 +1,147 @@ +// Module included in the following assemblies: +// +// * installing/installing_aws/uninstalling-cluster-aws.adoc +// * installing/installing_azure/uninstalling-cluster-azure.adoc +// * installing/installing_azure/uninstalling-cluster-azure-stack-hub.adoc +// * installing/installing_gcp/uninstalling-cluster-gcp.adoc +// * installing/installing_ibm_cloud_public/uninstalling-cluster-ibm-cloud.adoc +// * installing/installing_osp/uninstalling-cluster-openstack.adoc +// * installing/installing_rhv/uninstalling-cluster-rhv.adoc +// * installing/installing_vmc/uninstalling-cluster-vmc.adoc +// * installing/installing_vsphere/uninstalling-cluster-vsphere-installer-provisioned.adoc + +ifeval::["{context}" == "uninstalling-cluster-aws"] +:aws: +endif::[] +ifeval::["{context}" == "uninstalling-cluster-gcp"] +:gcp: +endif::[] +ifeval::["{context}" == "uninstalling-cluster-ibm-cloud"] +:ibm-cloud: +endif::[] + +:_content-type: PROCEDURE +[id="installation-uninstall-clouds_{context}"] += Removing a cluster that uses installer-provisioned infrastructure + +You can remove a cluster that uses installer-provisioned infrastructure from your cloud. + +ifdef::aws[] +[NOTE] +==== +If you deployed your cluster to the AWS C2S Secret Region, the installation program does not support destroying the cluster; you must manually remove the cluster resources. +==== +endif::aws[] + +[NOTE] +==== +After uninstallation, check your cloud provider for any resources not removed properly, especially with User Provisioned Infrastructure (UPI) clusters. There might be resources that the installer did not create or that the installer is unable to access. +ifdef::gcp[] +For example, some Google Cloud resources require link:https://cloud.google.com/iam/docs/overview#concepts_related_to_access_management[IAM permissions] in shared VPC host projects, or there might be unused link:https://cloud.google.com/sdk/gcloud/reference/compute/health-checks/delete[health checks that must be deleted]. +endif::gcp[] +==== + +.Prerequisites + +* Have a copy of the installation program that you used to deploy the cluster. +* Have the files that the installation program generated when you created your +cluster. +ifdef::ibm-cloud[] +* You have configured the `ccoctl` binary. +* You have installed the IBM Cloud CLI and installed or updated the VPC infrastructure service plug-in. For more information see "Prerequisites" in the link:https://cloud.ibm.com/docs/vpc?topic=vpc-infrastructure-cli-plugin-vpc-reference&interface=ui#cli-ref-prereqs[IBM Cloud VPC CLI documentation]. +endif::ibm-cloud[] + +.Procedure +ifdef::ibm-cloud[] +. If the following conditions are met, this step is required: +** The installer created a resource group as part of the installation process. +** You or one of your applications created persistent volume claims (PVCs) after the cluster was deployed. + ++ +In which case, the PVCs are not removed when uninstalling the cluster, which might prevent the resource group from being successfully removed. To prevent a failure: + +.. Log in to the IBM Cloud using the CLI. +.. To list the PVCs, run the following command: ++ +[source, terminal] +---- +$ ibmcloud is volumes --resource-group-name +---- ++ +For more information about listing volumes, see the link:https://cloud.ibm.com/docs/vpc?topic=vpc-infrastructure-cli-plugin-vpc-reference&interface=ui#volume-cli[IBM Cloud VPC CLI documentation]. + +.. To delete the PVCs, run the following command: ++ +[source, terminal] +---- +$ ibmcloud is volume-delete --force +---- ++ +For more information about deleting volumes, see the link:https://cloud.ibm.com/docs/vpc?topic=vpc-infrastructure-cli-plugin-vpc-reference&interface=ui#volume-delete[IBM Cloud VPC CLI documentation]. + +. Export the IBM Cloud API key that was created as part of the installation process. ++ +[source,terminal] +---- +$ export IC_API_KEY= +---- ++ +[NOTE] +==== +You must set the variable name exactly as specified. The installation program expects the variable name to be present to remove the service IDs that were created when the cluster was installed. +==== +endif::ibm-cloud[] +. From the directory that contains the installation program on the computer that you used to install the cluster, run the following command: ++ +[source,terminal] +---- +$ ./openshift-install destroy cluster \ +--dir --log-level info <1> <2> +---- +<1> For ``, specify the path to the directory that you +stored the installation files in. +<2> To view different details, specify `warn`, `debug`, or `error` instead of `info`. ++ +[NOTE] +==== +You must specify the directory that contains the cluster definition files for +your cluster. The installation program requires the `metadata.json` file in this +directory to delete the cluster. +==== + +ifdef::ibm-cloud[] +. Remove the manual CCO credentials that were created for the cluster: ++ +[source,terminal] +---- +$ ccoctl ibmcloud delete-service-id \ + --credentials-requests-dir \ + --name +---- ++ +-- +[NOTE] +==== +If your cluster uses Technology Preview features that are enabled by the `TechPreviewNoUpgrade` feature set, you must include the `--enable-tech-preview` parameter. +==== +-- +endif::ibm-cloud[] +// The above CCO credential removal for IBM Cloud is only necessary for manual mode. Future releases that support other credential methods will not require this step. + +. Optional: Delete the `` directory and the +{product-title} installation program. + +[NOTE] +==== +You may have to run openshift-install destroy command twice sequentially in order to do a proper cleanup. +==== + +ifeval::["{context}" == "uninstalling-cluster-aws"] +:!aws: +endif::[] +ifeval::["{context}" == "uninstalling-cluster-gcp"] +:!gcp: +endif::[] +ifeval::["{context}" == "uninstalling-cluster-ibm-cloud"] +:!ibm-cloud: +endif::[] diff --git a/modules/power-vs-ssh-agent-using.adoc b/modules/power-vs-ssh-agent-using.adoc new file mode 100644 index 000000000000..b0cca7468b55 --- /dev/null +++ b/modules/power-vs-ssh-agent-using.adoc @@ -0,0 +1,285 @@ +// Module included in the following assemblies: +// +// installing/installing_alibaba/installing-alibaba-network-customizations.adoc +// * installing/installing_aws/installing-aws-user-infra.adoc +// * installing/installing_aws/installing-aws-china.adoc +// * installing/installing_aws/installing-aws-customizations.adoc +// * installing/installing_aws/installing-aws-default.adoc +// * installing/installing_aws/installing-aws-government-region.adoc +// * installing/installing_aws/installing-aws-secret-region.adoc +// * installing/installing_aws/installing-aws-network-customizations.adoc +// * installing/installing_aws/installing-aws-private.adoc +// * installing/installing_aws/installing-aws-vpc.adoc +// * installing/installing_aws/installing-restricted-networks-aws-installer-provisioned.adoc +// * installing/installing_azure/installing-azure-customizations.adoc +// * installing/installing_azure/installing-azure-default.adoc +// * installing/installing_azure/installing-azure-government-region.adoc +// * installing/installing_azure/installing-azure-private.adoc +// * installing/installing_azure/installing-azure-vnet.adoc +// * installing/installing_azure/installing-azure-user-infra.adoc +// * installing/installing_azure_stack_hub/installing-azure-stack-hub-default.adoc +// * installing/installing_azure_stack_hub/installing-azure-stack-hub-user-infra.adoc +// * installing/installing_bare_metal/installing-bare-metal.adoc +// * installing/installing_gcp/installing-gcp-customizations.adoc +// * installing/installing_gcp/installing-gcp-private.adoc +// * installing/installing_gcp/installing-gcp-default.adoc +// * installing/installing_gcp/installing-gcp-vpc.adoc +// * installing/installing_gcp/installing-restricted-networks-gcp-installer-provisioned.adoc +// * installing/installing_ibm_cloud_public/installing-ibm-cloud-customizations.adoc +// * installing/installing_ibm_cloud_public/installing-ibm-cloud-network-customizations.adoc +// * installing/installing_openstack/installing-openstack-installer-custom.adoc +// * installing/installing_openstack/installing-openstack-installer-kuryr.adoc +// * installing/installing_openstack/installing-openstack-installer.adoc +// * installing/installing_aws/installing-restricted-networks-aws.adoc +// * installing/installing_bare_metal/installing-restricted-networks-bare-metal.adoc +// * installing/installing_platform_agnostic/installing-platform-agnostic.adoc +// * installing/installing_vmc/installing-restricted-networks-vmc.adoc +// * installing/installing_vmc/installing-restricted-networks-vmc-user-infra.adoc +// * installing/installing_vmc/installing-vmc-user-infra.adoc +// * installing/installing_vmc/installing-vmc-network-customizations-user-infra.adoc +// * installing/installing_vmc/installing-vmc.adoc +// * installing/installing_vmc/installing-vmc-customizations.adoc +// * installing/installing_vmc/installing-vmc-network-customizations.adoc +// * installing/installing_vsphere/installing-restricted-networks-vsphere.adoc +// * installing/installing_vsphere/installing-vsphere.adoc +// * installing/installing_vsphere/installing-vsphere-network-customizations.adoc +// * installing/installing_vsphere/installing-vsphere-installer-provisioned.adoc +// * installing/installing_vsphere/installing-vsphere-installer-provisioned-customizations.adoc +// * installing/installing_vsphere/installing-vsphere-installer-provisioned-network-customizations.adoc +// * installing/installing_vsphere/installing-restricted-networks-installer-provisioned-vsphere.adoc +// * installing/installing_ibm_z/installing-ibm-z.adoc +// * installing/installing_ibm_z/installing-ibm-z-kvm.adoc +// * installing/installing_ibm_z/installing-ibm-power.adoc +// * installing/installing-rhv-restricted-network.adoc + + +ifeval::["{context}" == "installing-restricted-networks-vsphere"] +:user-infra: +endif::[] +ifeval::["{context}" == "installing-restricted-networks-vmc-user-infra"] +:user-infra: +endif::[] +ifeval::["{context}" == "installing-restricted-networks-bare-metal"] +:user-infra: +endif::[] +ifeval::["{context}" == "installing-restricted-networks-aws"] +:user-infra: +endif::[] +ifeval::["{context}" == "installing-gcp-customizations"] +:gcp: +endif::[] +ifeval::["{context}" == "installing-gcp-default"] +:gcp: +endif::[] +ifeval::["{context}" == "installing-gcp-network-customizations"] +:gcp: +endif::[] +ifeval::["{context}" == "installing-gcp-private"] +:gcp: +endif::[] +ifeval::["{context}" == "installing-gcp-vpc"] +:gcp: +endif::[] +ifeval::["{context}" == "installing-restricted-networks-gcp-installer-provisioned"] +:gcp: +endif::[] +ifeval::["{context}" == "installing-bare-metal"] +:user-infra: +endif::[] +ifeval::["{context}" == "installing-vsphere"] +:user-infra: +endif::[] +ifeval::["{context}" == "installing-vmc-user-infra"] +:user-infra: +endif::[] +ifeval::["{context}" == "installing-aws-user-infra"] +:user-infra: +endif::[] +ifeval::["{context}" == "installing-azure-user-infra"] +:user-infra: +endif::[] +ifeval::["{context}" == "installing-openstack-installer-custom"] +:osp: +endif::[] +ifeval::["{context}" == "installing-openstack-installer-kuryr"] +:osp: +endif::[] +ifeval::["{context}" == "installing-openstack-installer"] +:osp: +endif::[] +ifeval::["{context}" == "installing-ibm-z"] +:ibm-z: +endif::[] +ifeval::["{context}" == "installing-ibm-z-kvm"] +:ibm-z-kvm: +endif::[] +ifeval::["{context}" == "installing-restricted-networks-ibm-z"] +:ibm-z: +endif::[] +ifeval::["{context}" == "installing-rhv-default"] +:rhv: +endif::[] +ifeval::["{context}" == "installing-rhv-customizations"] +:rhv: +endif::[] +ifeval::["{context}" == "installing-platform-agnostic"] +:user-infra: +endif::[] + +:_content-type: PROCEDURE +[id="ssh-agent-using_{context}"] += Generating a key pair for cluster node SSH access + +During an {product-title} installation, you must provide an SSH public key to the installation program. Power VS APIs require that a key be provided, and an ssh key will be created in your account during installation. The key is also passed to the {op-system-first} nodes through their Ignition config files and is used to authenticate SSH access to the nodes. The key is added to the `~/.ssh/authorized_keys` list for the `core` user on each node, which enables password-less authentication. + +After the key is passed to the nodes, you can use the key pair to SSH in to the {op-system} nodes as the user `core`. To access the nodes through SSH, the private key identity must be managed by SSH for your local user. + +If you want to SSH in to your cluster nodes to perform installation debugging or disaster recovery, you must provide the SSH public key during the installation process. The `./openshift-install gather` command also requires the SSH public key to be in place on the cluster nodes. + +.Procedure + +. If you do not have an existing SSH key pair on your local machine to use for authentication onto your cluster nodes, create one. For example, on a computer that uses a Linux operating system, run the following command: ++ +[source,terminal] +---- +$ ssh-keygen -t ed25519 -N '' -f / <1> +---- +<1> Specify the path and file name, such as `~/.ssh/id_ed25519`, of the new SSH key. If you have an existing key pair, ensure your public key is in the your `~/.ssh` directory. ++ +[NOTE] +==== +If you plan to install an {product-title} cluster that uses FIPS Validated / Modules in Process cryptographic libraries on the `x86_64` architecture, do not create a key that uses the `ed25519` algorithm. Instead, create a key that uses the `rsa` or `ecdsa` algorithm. +==== + +. View the public SSH key: ++ +[source,terminal] +---- +$ cat /.pub +---- ++ +For example, run the following to view the `~/.ssh/id_ed25519.pub` public key: ++ +[source,termanal] +---- +$ cat ~/.ssh/id_ed25519.pub +---- + +. Add the SSH private key identity to the SSH agent for your local user, if it has not already been added. SSH agent management of the key is required for password-less SSH authentication onto your cluster nodes, or if you want to use the `./openshift-install gather` command. ++ +[NOTE] +==== +On some distributions, default SSH private key identities such as `~/.ssh/id_rsa` and `~/.ssh/id_dsa` are managed automatically. +==== ++ +.. If the `ssh-agent` process is not already running for your local user, start it as a background task: ++ +[source,terminal] +---- +$ eval "$(ssh-agent -s)" +---- ++ +.Example output +[source,terminal] +---- +Agent pid 31874 +---- ++ +[NOTE] +==== +If your cluster is in FIPS mode, only use FIPS-compliant algorithms to generate the SSH key. The key must be either RSA or ECDSA. +==== + +. Add your SSH private key to the `ssh-agent`: ++ +[source,terminal] +---- +$ ssh-add / <1> +---- +<1> Specify the path and file name for your SSH private key, such as `~/.ssh/id_ed25519` ++ +.Example output +[source,terminal] +---- +Identity added: /home/// () +---- + +.Next steps + +* When you install {product-title}, provide the SSH public key to the installation program. +ifdef::user-infra[] +If you install a cluster on infrastructure that you provision, you must provide the key to the installation program. +endif::user-infra[] + +ifeval::["{context}" == "installing-restricted-networks-vsphere"] +:!user-infra: +endif::[] +ifeval::["{context}" == "installing-restricted-networks-vmc-user-infra"] +:!user-infra: +endif::[] +ifeval::["{context}" == "installing-restricted-networks-bare-metal"] +:!user-infra: +endif::[] +ifeval::["{context}" == "installing-restricted-networks-aws"] +:!user-infra: +endif::[] +ifeval::["{context}" == "installing-gcp-customizations"] +:!gcp: +endif::[] +ifeval::["{context}" == "installing-gcp-default"] +:!gcp: +endif::[] +ifeval::["{context}" == "installing-gcp-network-customizations"] +:!gcp: +endif::[] +ifeval::["{context}" == "installing-gcp-private"] +:!gcp: +endif::[] +ifeval::["{context}" == "installing-gcp-vpc"] +:!gcp: +endif::[] +ifeval::["{context}" == "installing-restricted-networks-gcp-installer-provisioned"] +:!gcp: +endif::[] +ifeval::["{context}" == "installing-bare-metal"] +:!user-infra: +endif::[] +ifeval::["{context}" == "installing-vsphere"] +:!user-infra: +endif::[] +ifeval::["{context}" == "installing-vmc-user-infra"] +:!user-infra: +endif::[] +ifeval::["{context}" == "installing-aws-user-infra"] +:!user-infra: +endif::[] +ifeval::["{context}" == "installing-azure-user-infra"] +:!user-infra: +endif::[] +ifeval::["{context}" == "installing-openstack-installer-custom"] +:!osp: +endif::[] +ifeval::["{context}" == "installing-openstack-installer-kuryr"] +:!osp: +endif::[] +ifeval::["{context}" == "installing-openstack-installer"] +:!osp: +endif::[] +ifeval::["{context}" == "installing-ibm-z"] +:!ibm-z: +endif::[] +ifeval::["{context}" == "installing-ibm-z-kvm"] +:!ibm-z-kvm: +endif::[] +ifeval::["{context}" == "installing-rhv-default"] +:!rhv: +endif::[] +ifeval::["{context}" == "installing-restricted-networks-ibm-z"] +:!ibm-z: +endif::[] +ifeval::["{context}" == "installing-rhv-customizations"] +:!rhv: +endif::[] +ifeval::["{context}" == "installing-platform-agnostic"] +:!user-infra: +endif::[] diff --git a/modules/quotas-and-limits-ibm-cloud-power-vs.adoc b/modules/quotas-and-limits-ibm-cloud-power-vs.adoc new file mode 100644 index 000000000000..fe7845e10b84 --- /dev/null +++ b/modules/quotas-and-limits-ibm-cloud-power-vs.adoc @@ -0,0 +1,61 @@ +// Module included in the following assemblies: +// +// installing/installing_ibm_cloud_public/installing-ibm-cloud-account.adoc + +:_content-type: CONCEPT +[id="quotas-and-limits-ibm-cloud_{context}"] += Quotas and limits on IBM Cloud Power VS + +The {product-title} cluster uses a number of IBM Cloud and Power VS components, and the default quotas and limits affect your ability to install {product-title} clusters. If you use certain cluster configurations, deploy your cluster in certain regions, or run multiple clusters from your account, you might need to request additional resources for your IBM Cloud Power VS account. + +For a comprehensive list of the default IBM Cloud VPC quotas and service limits, see IBM Cloud's documentation for link:https://cloud.ibm.com/docs/vpc?topic=vpc-quotas[Quotas and service limits]. + +[discrete] +== Virtual Private Cloud (VPC) + +Each {product-title} cluster creates its own VPC. The default quota of VPCs per region is 10. If you have 10 VPCs created, you will need to increase your quota before attempting an installation. + +[discrete] +== Application load balancer + +By default, each cluster creates three application load balancers (ALBs): + +* Internal load balancer for the master API server +* External load balancer for the master API server +* Load balancer for the router + +You can create additional `LoadBalancer` service objects to create additional ALBs. The default quota of VPC ALBs are 50 per region. To have more than 50 ALBs, you must increase this quota. + +VPC ALBs are supported. Classic ALBs are not supported for IBM Cloud VPC. + +[discrete] +== Floating IP address + +By default, the installation program distributes control plane and compute machines across all availability zones within a region to provision the cluster in a highly available configuration. In each availability zone, a public gateway is created and requires a separate floating IP address. + +The default quota for a floating IP address is 20 addresses per availability zone. The default cluster configuration yields three floating IP addresses: + +* Two floating IP addresses in the `us-east-1` primary zone. The IP address associated with the bootstrap node is removed after installation. +* One floating IP address in the `us-east-2` secondary zone. +* One floating IP address in the `us-east-3` secondary zone. + +IBM Cloud VPC can support up to 19 clusters per region in an account. If you plan to have more than 19 default clusters, you must increase this quota. + +[discrete] +== Virtual Server Instances (VSI) + +By default, a cluster creates server instances with the following resources : + +* 0.5 CPUs +* 32 GB RAM +* System Type: s922 +* Processor Type: uncapped, shared +* Storage Tier: Tier-3 + +The following nodes are created: + +* One bootstrap machine, which is removed after the installation is complete +* Three control plane nodes +* Three compute nodes + +For more information, see IBM Cloud's documentation on link:https://cloud.ibm.com/docs/vpc?topic=vpc-profiles[supported profiles]. diff --git a/welcome/index.adoc b/welcome/index.adoc index bd122607b2d4..a84ef1e6d00a 100644 --- a/welcome/index.adoc +++ b/welcome/index.adoc @@ -73,6 +73,9 @@ You can also deploy a cluster on AWS infrastructure that you provisioned yoursel ifndef::openshift-origin[] - **xref:../installing/installing_ibm_cloud_public/preparing-to-install-on-ibm-cloud.adoc#preparing-to-install-on-ibm-cloud[Install a cluster on IBM Cloud]**: You can install {product-title} on IBM Cloud on installer-provisioned infrastructure. +ifndef::openshift-origin[] +- **xref:../installing/installing_ibm_cloud_power_vs/preparing-to-install-on-ibm-cloud-power-vs.adoc#preparing-to-install-on-ibm-cloud-power-vs[Install a cluster on IBM Cloud Power VS]**: You can install {product-title} on IBM Cloud Power VS on installer-provisioned infrastructure. + - **xref:../installing/installing_ibm_power/installing-ibm-power.adoc#installing-ibm-power[Install a cluster on IBM Power]**: You can install {product-title} on IBM Power on user-provisioned infrastructure. endif::openshift-origin[]