String
Before you deploy an OpenShift Container Platform cluster on AWS, you provide parameters to customize your cluster and the platform that hosts it. When you create the install-config.yaml
file, you provide values for the required parameters through the command line. You can then modify the install-config.yaml
file to customize your cluster further.
The following tables specify the required, optional, and AWS-specific installation configuration parameters that you can set as part of the installation process.
After installation, you cannot modify these parameters in the |
Required installation configuration parameters are described in the following table:
Parameter | Description | Values |
---|---|---|
apiVersion: |
The API version for the |
String |
baseDomain: |
The base domain of your cloud provider. The base domain is used to create routes to your OpenShift Container Platform cluster components. The full DNS name for your cluster is a combination of the |
A fully-qualified domain or subdomain name, such as |
metadata: |
Kubernetes resource |
Object |
metadata: name: |
The name of the cluster. DNS records for the cluster are all subdomains of |
String of lowercase letters, hyphens ( |
platform: |
The configuration for the specific platform upon which to perform the installation: |
Object |
pullSecret: |
Get a pull secret from Red Hat OpenShift Cluster Manager to authenticate downloading container images for OpenShift Container Platform components from services such as Quay.io. |
|
You can customize your installation configuration based on the requirements of your existing network infrastructure. For example, you can expand the IP address block for the cluster network or provide different IP address blocks than the defaults.
Only IPv4 addresses are supported.
Globalnet is not supported with Red Hat OpenShift Data Foundation disaster recovery solutions. For regional disaster recovery scenarios, ensure that you use a nonoverlapping range of private IP addresses for the cluster and service networks in each cluster. |
Parameter | Description | Values | ||
---|---|---|---|---|
networking: |
The configuration for the cluster network. |
Object
|
||
networking: networkType: |
The Red Hat OpenShift Networking network plugin to install. |
|
||
networking: clusterNetwork: |
The IP address blocks for pods. The default value is If you specify multiple IP address blocks, the blocks must not overlap. |
An array of objects. For example:
|
||
networking: clusterNetwork: cidr: |
Required if you use An IPv4 network. |
An IP address block in Classless Inter-Domain Routing (CIDR) notation.
The prefix length for an IPv4 block is between |
||
networking: clusterNetwork: hostPrefix: |
The subnet prefix length to assign to each individual node. For example, if |
A subnet prefix. The default value is |
||
networking: serviceNetwork: |
The IP address block for services. The default value is The OVN-Kubernetes network plugins supports only a single IP address block for the service network. |
An array with an IP address block in CIDR format. For example:
|
||
networking: machineNetwork: |
The IP address blocks for machines. If you specify multiple IP address blocks, the blocks must not overlap. |
An array of objects. For example:
|
||
networking: machineNetwork: cidr: |
Required if you use |
An IP network block in CIDR notation. For example,
|
Optional installation configuration parameters are described in the following table:
Parameter | Description | Values | ||||
---|---|---|---|---|---|---|
additionalTrustBundle: |
A PEM-encoded X.509 certificate bundle that is added to the nodes' trusted certificate store. This trust bundle may also be used when a proxy has been configured. |
String |
||||
capabilities: |
Controls the installation of optional core cluster components. You can reduce the footprint of your OpenShift Container Platform cluster by disabling optional components. For more information, see the "Cluster capabilities" page in Installing. |
String array |
||||
capabilities: baselineCapabilitySet: |
Selects an initial set of optional capabilities to enable. Valid values are |
String |
||||
capabilities: additionalEnabledCapabilities: |
Extends the set of optional capabilities beyond what you specify in |
String array |
||||
cpuPartitioningMode: |
Enables workload partitioning, which isolates OpenShift Container Platform services, cluster management workloads, and infrastructure pods to run on a reserved set of CPUs. Workload partitioning can only be enabled during installation and cannot be disabled after installation. While this field enables workload partitioning, it does not configure workloads to use specific CPUs. For more information, see the Workload partitioning page in the Scalability and Performance section. |
|
||||
compute: |
The configuration for the machines that comprise the compute nodes. |
Array of |
||||
compute: architecture: |
Determines the instruction set architecture of the machines in the pool. Currently, clusters with varied architectures are not supported. All pools must specify the same architecture. Valid values are |
String |
||||
compute: hyperthreading: |
Whether to enable or disable simultaneous multithreading, or
|
|
||||
compute: name: |
Required if you use |
|
||||
compute: platform: |
Required if you use |
|
||||
compute: replicas: |
The number of compute machines, which are also known as worker machines, to provision. |
A positive integer greater than or equal to |
||||
featureSet: |
Enables the cluster for a feature set. A feature set is a collection of OpenShift Container Platform features that are not enabled by default. For more information about enabling a feature set during installation, see "Enabling features using feature gates". |
String. The name of the feature set to enable, such as |
||||
controlPlane: |
The configuration for the machines that comprise the control plane. |
Array of |
||||
controlPlane: architecture: |
Determines the instruction set architecture of the machines in the pool. Currently, clusters with varied architectures are not supported. All pools must specify the same architecture. Valid values are |
String |
||||
controlPlane: hyperthreading: |
Whether to enable or disable simultaneous multithreading, or
|
|
||||
controlPlane: name: |
Required if you use |
|
||||
controlPlane: platform: |
Required if you use |
|
||||
controlPlane: replicas: |
The number of control plane machines to provision. |
Supported values are |
||||
credentialsMode: |
The Cloud Credential Operator (CCO) mode. If no mode is specified, the CCO dynamically tries to determine the capabilities of the provided credentials, with a preference for mint mode on the platforms where multiple modes are supported.
|
|
||||
fips: |
Enable or disable FIPS mode. The default is
|
|
||||
imageContentSources: |
Sources and repositories for the release-image content. |
Array of objects. Includes a |
||||
imageContentSources: source: |
Required if you use |
String |
||||
imageContentSources: mirrors: |
Specify one or more repositories that may also contain the same images. |
Array of strings |
||||
platform: aws: lbType: |
Required to set the NLB load balancer type in AWS. Valid values are |
|
||||
publish: |
How to publish or expose the user-facing endpoints of your cluster, such as the Kubernetes API, OpenShift routes. |
|
||||
sshKey: |
The SSH key to authenticate access to your cluster machines.
|
For example, |
+
If your AWS account has service control policies (SCP) enabled, you must configure the |
+
Setting this parameter to |
Optional AWS configuration parameters are described in the following table:
Parameter | Description | Values | ||
---|---|---|---|---|
compute: platform: aws: amiID: |
The AWS AMI used to boot compute machines for the cluster. This is required for regions that require a custom RHCOS AMI. |
Any published or custom RHCOS AMI that belongs to the set AWS region. See RHCOS AMIs for AWS infrastructure for available AMI IDs. |
||
compute: platform: aws: iamRole: |
A pre-existing AWS IAM role applied to the compute machine pool instance profiles. You can use these fields to match naming schemes and include predefined permissions boundaries for your IAM roles. If undefined, the installation program creates a new IAM role. |
The name of a valid AWS IAM role. |
||
compute: platform: aws: rootVolume: iops: |
The Input/Output Operations Per Second (IOPS) that is reserved for the root volume. |
Integer, for example |
||
compute: platform: aws: rootVolume: size: |
The size in GiB of the root volume. |
Integer, for example |
||
compute: platform: aws: rootVolume: type: |
The type of the root volume. |
Valid AWS EBS volume type,
such as |
||
compute: platform: aws: rootVolume: kmsKeyARN: |
The Amazon Resource Name (key ARN) of a KMS key. This is required to encrypt operating system volumes of worker nodes with a specific KMS key. |
Valid key ID or the key ARN. |
||
compute: platform: aws: type: |
The EC2 instance type for the compute machines. |
Valid AWS instance type, such as |
||
compute: platform: aws: zones: |
The availability zones where the installation program creates machines for the compute machine pool. If you provide your own VPC, you must provide a subnet in that availability zone. |
A list of valid AWS availability zones, such as |
||
compute: aws: region: |
The AWS region that the installation program creates compute resources in. |
Any valid AWS region, such as
|
||
controlPlane: platform: aws: amiID: |
The AWS AMI used to boot control plane machines for the cluster. This is required for regions that require a custom RHCOS AMI. |
Any published or custom RHCOS AMI that belongs to the set AWS region. See RHCOS AMIs for AWS infrastructure for available AMI IDs. |
||
controlPlane: platform: aws: iamRole: |
A pre-existing AWS IAM role applied to the control plane machine pool instance profiles. You can use these fields to match naming schemes and include predefined permissions boundaries for your IAM roles. If undefined, the installation program creates a new IAM role. |
The name of a valid AWS IAM role. |
||
controlPlane: platform: aws: rootVolume: iops: |
The Input/Output Operations Per Second (IOPS) that is reserved for the root volume on control plane machines. |
Integer, for example |
||
controlPlane: platform: aws: rootVolume: size: |
The size in GiB of the root volume for control plane machines. |
Integer, for example |
||
controlPlane: platform: aws: rootVolume: type: |
The type of the root volume for control plane machines. |
Valid AWS EBS volume type,
such as |
||
controlPlane: platform: aws: rootVolume: kmsKeyARN: |
The Amazon Resource Name (key ARN) of a KMS key. This is required to encrypt operating system volumes of control plane nodes with a specific KMS key. |
Valid key ID and the key ARN. |
||
controlPlane: platform: aws: type: |
The EC2 instance type for the control plane machines. |
Valid AWS instance type, such as |
||
controlPlane: platform: aws: zones: |
The availability zones where the installation program creates machines for the control plane machine pool. |
A list of valid AWS availability zones, such as |
||
controlPlane: aws: region: |
The AWS region that the installation program creates control plane resources in. |
Valid AWS region, such as |
||
platform: aws: amiID: |
The AWS AMI used to boot all machines for the cluster. If set, the AMI must belong to the same region as the cluster. This is required for regions that require a custom RHCOS AMI. |
Any published or custom RHCOS AMI that belongs to the set AWS region. See RHCOS AMIs for AWS infrastructure for available AMI IDs. |
||
platform: aws: hostedZone: |
An existing Route 53 private hosted zone for the cluster. You can only use a pre-existing hosted zone when also supplying your own VPC. The hosted zone must already be associated with the user-provided VPC before installation. Also, the domain of the hosted zone must be the cluster domain or a parent of the cluster domain. If undefined, the installation program creates a new hosted zone. |
String, for example |
||
platform: aws: hostedZoneRole: |
An Amazon Resource Name (ARN) for an existing IAM role in the account containing the specified hosted zone. The installation program and cluster operators will assume this role when performing operations on the hosted zone. This parameter should only be used if you are installing a cluster into a shared VPC. |
String, for example |
||
platform: aws: serviceEndpoints: - name: url: |
The AWS service endpoint name and URL. Custom endpoints are only required for cases where alternative AWS endpoints, like FIPS, must be used. Custom API endpoints can be specified for EC2, S3, IAM, Elastic Load Balancing, Tagging, Route 53, and STS AWS services. |
Valid AWS service endpoint name and valid AWS service endpoint URL. |
||
platform: aws: userTags: |
A map of keys and values that the installation program adds as tags to all resources that it creates. |
Any valid YAML map, such as key value pairs in the
|
||
platform: aws: propagateUserTags: |
A flag that directs in-cluster Operators to include the specified user tags in the tags of the AWS resources that the Operators create. |
Boolean values, for example |
||
platform: aws: subnets: |
If you provide the VPC instead of allowing the installation program to create the VPC for you, specify the subnet for the cluster to use. The subnet must be part of the same For a standard cluster, specify a public and a private subnet for each availability zone. For a private cluster, specify a private subnet for each availability zone. For clusters that use AWS Local Zones, you must add AWS Local Zone subnets to this list to ensure edge machine pool creation. |
Valid subnet IDs. |
||
platform: aws: publicIpv4Pool: |
The public IPv4 pool ID that is used to allocate Elastic IPs (EIPs) when |
A valid public IPv4 pool id
|
||
platform: aws: preserveBootstrapIgnition: |
Prevents the S3 bucket from being deleted after completion of bootstrapping. |
|