diff --git a/installing/installing_azure/ipi/installing-azure-customizations.adoc b/installing/installing_azure/ipi/installing-azure-customizations.adoc index ecb8b63a4c17..ca1d8056113d 100644 --- a/installing/installing_azure/ipi/installing-azure-customizations.adoc +++ b/installing/installing_azure/ipi/installing-azure-customizations.adoc @@ -40,7 +40,13 @@ include::modules/installation-azure-confidential-vms.adoc[leveloffset=+2] include::modules/installation-azure-dedicated-disks.adoc[leveloffset=+2] -include::modules/installation-azure-config-yaml.adoc[leveloffset=+2] +include::modules/installation-azure-config-yaml-simple.adoc[leveloffset=+2] + +[role="_additional-resources"] +.Additional resources + +* xref:../../../installing/installing_azure/installation-config-parameters-azure.adoc#installation-config-parameters-aws[Installation configuration parameters for Azure] + include::modules/installation-configure-proxy.adoc[leveloffset=+2] diff --git a/installing/installing_azure/ipi/installing-azure-government-region.adoc b/installing/installing_azure/ipi/installing-azure-government-region.adoc index ae886e5f9ced..3c2aaac55d1c 100644 --- a/installing/installing_azure/ipi/installing-azure-government-region.adoc +++ b/installing/installing_azure/ipi/installing-azure-government-region.adoc @@ -46,7 +46,13 @@ include::modules/installation-azure-tested-machine-types.adoc[leveloffset=+2] include::modules/installation-azure-trusted-launch.adoc[leveloffset=+2] include::modules/installation-azure-confidential-vms.adoc[leveloffset=+2] -include::modules/installation-azure-config-yaml.adoc[leveloffset=+2] +include::modules/installation-azure-config-yaml-simple.adoc[leveloffset=+2] + +[role="_additional-resources"] +.Additional resources + +* xref:../../../installing/installing_azure/installation-config-parameters-azure.adoc#installation-config-parameters-aws[Installation configuration parameters for Azure] + include::modules/installation-configure-proxy.adoc[leveloffset=+2] diff --git a/installing/installing_azure/ipi/installing-azure-network-customizations.adoc b/installing/installing_azure/ipi/installing-azure-network-customizations.adoc index eb3c27fa2c55..8a46c2af6b0a 100644 --- a/installing/installing_azure/ipi/installing-azure-network-customizations.adoc +++ b/installing/installing_azure/ipi/installing-azure-network-customizations.adoc @@ -38,7 +38,13 @@ include::modules/installation-azure-confidential-vms.adoc[leveloffset=+2] include::modules/installation-azure-dedicated-disks.adoc[leveloffset=+2] -include::modules/installation-azure-config-yaml.adoc[leveloffset=+2] +include::modules/installation-azure-config-yaml-simple.adoc[leveloffset=+2] + +[role="_additional-resources"] +.Additional resources + +* xref:../../../installing/installing_azure/installation-config-parameters-azure.adoc#installation-config-parameters-aws[Installation configuration parameters for Azure] + include::modules/installation-configure-proxy.adoc[leveloffset=+2] diff --git a/installing/installing_azure/ipi/installing-azure-private.adoc b/installing/installing_azure/ipi/installing-azure-private.adoc index 8cff096888ab..ff46de70ae40 100644 --- a/installing/installing_azure/ipi/installing-azure-private.adoc +++ b/installing/installing_azure/ipi/installing-azure-private.adoc @@ -43,7 +43,13 @@ include::modules/installation-azure-arm-tested-machine-types.adoc[leveloffset=+2 include::modules/installation-azure-trusted-launch.adoc[leveloffset=+2] include::modules/installation-azure-confidential-vms.adoc[leveloffset=+2] -include::modules/installation-azure-config-yaml.adoc[leveloffset=+2] +include::modules/installation-azure-config-yaml-simple.adoc[leveloffset=+2] + +[role="_additional-resources"] +.Additional resources + +* xref:../../../installing/installing_azure/installation-config-parameters-azure.adoc#installation-config-parameters-aws[Installation configuration parameters for Azure] + include::modules/installation-configure-proxy.adoc[leveloffset=+2] diff --git a/installing/installing_azure/ipi/installing-azure-vnet.adoc b/installing/installing_azure/ipi/installing-azure-vnet.adoc index 5995e0744a08..13f99b8f8337 100644 --- a/installing/installing_azure/ipi/installing-azure-vnet.adoc +++ b/installing/installing_azure/ipi/installing-azure-vnet.adoc @@ -37,7 +37,13 @@ include::modules/installation-azure-arm-tested-machine-types.adoc[leveloffset=+2 include::modules/installation-azure-trusted-launch.adoc[leveloffset=+2] include::modules/installation-azure-confidential-vms.adoc[leveloffset=+2] -include::modules/installation-azure-config-yaml.adoc[leveloffset=+2] +include::modules/installation-azure-config-yaml-simple.adoc[leveloffset=+2] + +[role="_additional-resources"] +.Additional resources + +* xref:../../../installing/installing_azure/installation-config-parameters-azure.adoc#installation-config-parameters-aws[Installation configuration parameters for Azure] + include::modules/installation-configure-proxy.adoc[leveloffset=+2] diff --git a/installing/installing_azure/ipi/installing-restricted-networks-azure-installer-provisioned.adoc b/installing/installing_azure/ipi/installing-restricted-networks-azure-installer-provisioned.adoc index c558a973d0f6..a854bb4d43b9 100644 --- a/installing/installing_azure/ipi/installing-restricted-networks-azure-installer-provisioned.adoc +++ b/installing/installing_azure/ipi/installing-restricted-networks-azure-installer-provisioned.adoc @@ -56,7 +56,13 @@ include::modules/installation-azure-confidential-vms.adoc[leveloffset=+2] include::modules/installation-azure-dedicated-disks.adoc[leveloffset=+2] -include::modules/installation-azure-config-yaml.adoc[leveloffset=+2] +include::modules/installation-azure-config-yaml-simple.adoc[leveloffset=+2] + +[role="_additional-resources"] +.Additional resources + +* xref:../../../installing/installing_azure/installation-config-parameters-azure.adoc#installation-config-parameters-aws[Installation configuration parameters for Azure] + include::modules/installation-configure-proxy.adoc[leveloffset=+2] diff --git a/modules/installation-azure-config-yaml-simple.adoc b/modules/installation-azure-config-yaml-simple.adoc new file mode 100644 index 000000000000..28dfc7d68889 --- /dev/null +++ b/modules/installation-azure-config-yaml-simple.adoc @@ -0,0 +1,58 @@ +// Module included in the following assemblies: +// +// * installing/installing_azure/installing-azure-customizations.adoc +// * installing/installing_azure/installing-azure-government-region.adoc +// * installing/installing_azure/installing-azure-network-customizations.adoc +// * installing/installing_azure/installing-azure-private.adoc +// * installing/installing_azure/installing-azure-vnet.adoc +// * installing/installing-restricted-networks-azure-installer-provisioned.adoc + +:_mod-docs-content-type: REFERENCE +[id="installation-azure-config-yaml-simple_{context}"] += Sample customized install-config.yaml file for Azure + +You can customize the `install-config.yaml` file to specify more details about your {product-title} cluster's platform or modify the values of the required parameters. + +[IMPORTANT] +==== +This sample YAML file is provided for reference only. You must obtain your `install-config.yaml` file by using the installation program and modify it. +For a full list and description of all installation configuration parameters, see _Installation configuration parameters for Azure_. +==== + +.Sample `install-config.yaml` file for {azure-short} +[source,yaml] +---- +apiVersion: v1 <1> +baseDomain: example.com +pullSecret: '{"auths": ...}' +sshKey: ssh-ed25519 AAAA... +metadata: + name: example-cluster +controlPlane: <2> + hyperthreading: Enabled + name: master + platform: + azure: + type: Standard_D8s_v3 + replicas: 3 +compute: <3> +- hyperthreading: Enabled + name: worker + platform: + azure: + type: Standard_D2s_v3 + replicas: 3 +networking: <4> + clusterNetwork: + - cidr: 10.128.0.0/14 + hostPrefix: 23 +platform: <5> + azure: + baseDomainResourceGroupName: example-basedomain-resource-group + region: centralus +---- +<1> Parameters at the first level of indentation apply to the cluster globally. +<2> The `controlPlane` stanza applies to control plane machines. +<3> The `compute` stanza applies to compute machines. +<4> The `networking` stanza applies to the cluster networking configuration. If you do not provide networking values, the installation program provides default values. +<5> The `platform` stanza applies to the infrastructure platform that hosts the cluster. \ No newline at end of file diff --git a/modules/installation-azure-config-yaml.adoc b/modules/installation-azure-config-yaml.adoc deleted file mode 100644 index f3c84d85db63..000000000000 --- a/modules/installation-azure-config-yaml.adoc +++ /dev/null @@ -1,347 +0,0 @@ -// Module included in the following assemblies: -// -// * installing/installing_azure/installing-azure-customizations.adoc -// * installing/installing_azure/installing-azure-government-region.adoc -// * installing/installing_azure/installing-azure-private.adoc -// * installing/installing_azure/installing-azure-vnet.adoc -// * installing/installing-restricted-networks-azure-installer-provisioned.adoc - -ifeval::["{context}" == "installing-azure-customizations"] -:customizations: -endif::[] -ifeval::["{context}" == "installing-azure-vnet"] -:vnet: -endif::[] -ifeval::["{context}" == "installing-azure-private"] -:private: -endif::[] -ifeval::["{context}" == "installing-azure-government-region"] -:gov: -endif::[] -ifeval::["{context}" == "installing-restricted-networks-azure-installer-provisioned"] -:restricted: -endif::[] - -:_mod-docs-content-type: REFERENCE -[id="installation-azure-config-yaml_{context}"] -= Sample customized install-config.yaml file for Azure - -You can customize the `install-config.yaml` file to specify more details about your {product-title} cluster's platform or modify the values of the required parameters. - -[IMPORTANT] -==== -This sample YAML file is provided for reference only. You must obtain your `install-config.yaml` file by using the installation program and modify it. -==== - -[source,yaml] ----- -apiVersion: v1 -baseDomain: example.com <1> -controlPlane: <2> - hyperthreading: Enabled <3> <4> - name: master - platform: - azure: - encryptionAtHost: true - ultraSSDCapability: Enabled - osDisk: - diskSizeGB: 1024 <5> - diskType: Premium_LRS - diskEncryptionSet: - resourceGroup: disk_encryption_set_resource_group - name: disk_encryption_set_name - subscriptionId: secondary_subscription_id - osImage: - publisher: example_publisher_name - offer: example_image_offer - sku: example_offer_sku - version: example_image_version - type: Standard_D8s_v3 - replicas: 3 -compute: <2> -- hyperthreading: Enabled <3> <4> - name: worker - platform: - azure: - ultraSSDCapability: Enabled - type: Standard_D2s_v3 - encryptionAtHost: true - osDisk: - diskSizeGB: 512 <5> - diskType: Standard_LRS - diskEncryptionSet: - resourceGroup: disk_encryption_set_resource_group - name: disk_encryption_set_name - subscriptionId: secondary_subscription_id - osImage: - publisher: example_publisher_name - offer: example_image_offer - sku: example_offer_sku - version: example_image_version - zones: <6> - - "1" - - "2" - - "3" - replicas: 5 -metadata: - name: test-cluster <1> -ifdef::customizations[] -networking: <2> -endif::[] - clusterNetwork: - - cidr: 10.128.0.0/14 - hostPrefix: 23 - machineNetwork: - - cidr: 10.0.0.0/16 - networkType: OVNKubernetes <7> - serviceNetwork: - - 172.30.0.0/16 -platform: - azure: - defaultMachinePlatform: - osImage: <8> - publisher: example_publisher_name - offer: example_image_offer - sku: example_offer_sku - version: example_image_version - ultraSSDCapability: Enabled - baseDomainResourceGroupName: resource_group <9> -ifndef::gov[] - region: centralus <1> -endif::gov[] -ifdef::gov[] - region: usgovvirginia -endif::gov[] - resourceGroupName: existing_resource_group <10> -ifdef::vnet,private,gov,restricted[] - networkResourceGroupName: vnet_resource_group <11> - virtualNetwork: vnet <12> - controlPlaneSubnet: control_plane_subnet <13> - computeSubnet: compute_subnet <14> -endif::vnet,private,gov,restricted[] -ifndef::private,gov,restricted[] - outboundType: Loadbalancer -endif::private,gov,restricted[] -ifdef::private,gov[] - outboundType: UserDefinedRouting <15> -endif::private,gov[] -ifdef::restricted[] - outboundType: UserDefinedRouting <15> -endif::restricted[] -ifndef::gov[] - cloudName: AzurePublicCloud -endif::gov[] -ifdef::gov[] - cloudName: AzureUSGovernmentCloud <16> -endif::gov[] -pullSecret: '{"auths": ...}' <1> -ifdef::vnet[] -ifndef::openshift-origin[] -fips: false <15> -sshKey: ssh-ed25519 AAAA... <16> -endif::openshift-origin[] -ifdef::openshift-origin[] -sshKey: ssh-ed25519 AAAA... <15> -endif::openshift-origin[] -endif::vnet[] -ifdef::private[] -ifndef::openshift-origin[] -fips: false <16> -sshKey: ssh-ed25519 AAAA... <17> -endif::openshift-origin[] -ifdef::openshift-origin[] -sshKey: ssh-ed25519 AAAA... <16> -endif::openshift-origin[] -endif::private[] -ifdef::gov[] -ifndef::openshift-origin[] -fips: false <17> -endif::openshift-origin[] -ifndef::openshift-origin[] -sshKey: ssh-ed25519 AAAA... <18> -endif::openshift-origin[] -ifdef::openshift-origin[] -sshKey: ssh-ed25519 AAAA... <17> -endif::openshift-origin[] -endif::gov[] -ifdef::restricted[] -fips: false <16> -sshKey: ssh-ed25519 AAAA... <17> -additionalTrustBundle: | <18> - -----BEGIN CERTIFICATE----- - - -----END CERTIFICATE----- -imageContentSources: <19> -- mirrors: - - //release - source: quay.io/openshift-release-dev/ocp-release -- mirrors: - - //release - source: quay.io/openshift-release-dev/ocp-v4.0-art-dev -publish: Internal <20> -endif::restricted[] -ifndef::vnet,private,gov[] -ifndef::openshift-origin[] -ifndef::restricted[] -fips: false <11> -sshKey: ssh-ed25519 AAAA... <12> -endif::restricted[] -endif::openshift-origin[] -ifdef::openshift-origin[] -sshKey: ssh-ed25519 AAAA... <11> -endif::openshift-origin[] -endif::vnet,private,gov[] -ifdef::private[] -ifndef::openshift-origin[] -publish: Internal <18> -endif::openshift-origin[] -ifdef::openshift-origin[] -publish: Internal <17> -endif::openshift-origin[] -endif::private[] -ifdef::gov[] -ifndef::openshift-origin[] -publish: Internal <19> -endif::openshift-origin[] -ifdef::openshift-origin[] -publish: Internal <18> -endif::openshift-origin[] -endif::gov[] ----- -ifndef::gov[] -<1> Required. The installation program prompts you for this value. -endif::gov[] -ifdef::gov[] -<1> Required. -endif::gov[] -<2> If you do not provide these parameters and values, the installation program provides the default value. -<3> The `controlPlane` section is a single mapping, but the `compute` section is a sequence of mappings. To meet the requirements of the different data structures, the first line of the `compute` section must begin with a hyphen, `-`, and the first line of the `controlPlane` section must not. Only one control plane pool is used. -<4> Whether to enable or disable simultaneous multithreading, or `hyperthreading`. By default, simultaneous multithreading is enabled to increase the performance of your machines' cores. You can disable it by setting the parameter value to `Disabled`. If you disable simultaneous multithreading in some cluster machines, you must disable it in all cluster machines. -+ -[IMPORTANT] -==== -If you disable simultaneous multithreading, ensure that your capacity planning accounts for the dramatically decreased machine performance. Use larger virtual machine types, such as `Standard_D8s_v3`, for your machines if you disable simultaneous multithreading. -==== -<5> You can specify the size of the disk to use in GB. Minimum recommendation for control plane nodes is 1024 GB. -//To configure faster storage for etcd, especially for larger clusters, set the -//storage type as `io1` and set `iops` to `2000`. -<6> Specify a list of zones to deploy your machines to. For high availability, specify at least two zones. -<7> The cluster network plugin to install. The default value `OVNKubernetes` is the only supported value. -<8> Optional: A custom {op-system-first} image that should be used to boot control plane and compute machines. The `publisher`, `offer`, `sku`, and `version` parameters under `platform.azure.defaultMachinePlatform.osImage` apply to both control plane and compute machines. If the parameters under `controlPlane.platform.azure.osImage` or `compute.platform.azure.osImage` are set, they override the `platform.azure.defaultMachinePlatform.osImage` parameters. -<9> Specify the name of the resource group that contains the DNS zone for your base domain. -<10> Specify the name of an already existing resource group to install your cluster to. If undefined, a new resource group is created for the cluster. -ifdef::vnet,private,gov,restricted[] -<11> If you use an existing VNet, specify the name of the resource group that contains it. -<12> If you use an existing VNet, specify its name. -<13> If you use an existing VNet, specify the name of the subnet to host the control plane machines. -<14> If you use an existing VNet, specify the name of the subnet to host the compute machines. -endif::vnet,private,gov,restricted[] -ifdef::private,gov[] -<15> You can customize your own outbound routing. Configuring user-defined routing prevents exposing external endpoints in your cluster. User-defined routing for egress requires deploying your cluster to an existing VNet. -endif::private,gov[] -ifdef::gov[] -<16> Specify the name of the Azure cloud environment to deploy your cluster to. Set `AzureUSGovernmentCloud` to deploy to a Microsoft Azure Government (MAG) region. The default value is `AzurePublicCloud`. -endif::gov[] -ifdef::restricted[] -<15> When using Azure Firewall to restrict Internet access, you must configure outbound routing to send traffic through the Azure Firewall. Configuring user-defined routing prevents exposing external endpoints in your cluster. -<16> Whether to enable or disable FIPS mode. By default, FIPS mode is not enabled. If FIPS mode is enabled, the {op-system-first} machines that {product-title} runs on bypass the default Kubernetes cryptography suite and use the cryptography modules that are provided with {op-system} instead. -+ --- -include::snippets/fips-snippet.adoc[] --- -<17> You can optionally provide the `sshKey` value that you use to access the machines in your cluster. -endif::restricted[] -ifdef::vnet[] -ifndef::openshift-origin[] -<15> Whether to enable or disable FIPS mode. By default, FIPS mode is not enabled. If FIPS mode is enabled, the {op-system-first} machines that {product-title} runs on bypass the default Kubernetes cryptography suite and use the cryptography modules that are provided with {op-system} instead. -+ --- -include::snippets/fips-snippet.adoc[] --- -<16> You can optionally provide the `sshKey` value that you use to access the machines in your cluster. -endif::openshift-origin[] -ifdef::openshift-origin[] -<15> You can optionally provide the `sshKey` value that you use to access the machines in your cluster. -endif::openshift-origin[] -endif::vnet[] -ifdef::private[] -ifndef::openshift-origin[] -<16> Whether to enable or disable FIPS mode. By default, FIPS mode is not enabled. If FIPS mode is enabled, the {op-system-first} machines that {product-title} runs on bypass the default Kubernetes cryptography suite and use the cryptography modules that are provided with {op-system} instead. -+ --- -include::snippets/fips-snippet.adoc[] --- -<17> You can optionally provide the `sshKey` value that you use to access the machines in your cluster. -endif::openshift-origin[] -ifdef::openshift-origin[] -<16> You can optionally provide the `sshKey` value that you use to access the machines in your cluster. -endif::openshift-origin[] -endif::private[] -ifdef::gov[] -ifndef::openshift-origin[] -<17> Whether to enable or disable FIPS mode. By default, FIPS mode is not enabled. If FIPS mode is enabled, the {op-system-first} machines that {product-title} runs on bypass the default Kubernetes cryptography suite and use the cryptography modules that are provided with {op-system} instead. -+ --- -include::snippets/fips-snippet.adoc[] --- -<18> You can optionally provide the `sshKey` value that you use to access the machines in your cluster. -endif::openshift-origin[] -ifdef::openshift-origin[] -<17> You can optionally provide the `sshKey` value that you use to access the machines in your cluster. -endif::openshift-origin[] -endif::gov[] -ifndef::vnet,private,gov,restricted[] -ifndef::openshift-origin[] -<11> Whether to enable or disable FIPS mode. By default, FIPS mode is not enabled. If FIPS mode is enabled, the {op-system-first} machines that {product-title} runs on bypass the default Kubernetes cryptography suite and use the cryptography modules that are provided with {op-system} instead. -+ --- -include::snippets/fips-snippet.adoc[] --- -<12> You can optionally provide the `sshKey` value that you use to access the machines in your cluster. -endif::openshift-origin[] -ifdef::openshift-origin[] -<11> You can optionally provide the `sshKey` value that you use to access the machines in your cluster. -endif::openshift-origin[] -endif::vnet,private,gov,restricted[] -+ -[NOTE] -==== -For production {product-title} clusters on which you want to perform installation debugging or disaster recovery, specify an SSH key that your `ssh-agent` process uses. -==== -ifdef::restricted[] -<18> Provide the contents of the certificate file that you used for your mirror registry. -<19> Provide the `imageContentSources` section from the output of the command to mirror the repository. -<20> How to publish the user-facing endpoints of your cluster. When using Azure Firewall to restrict Internet access, set `publish` to `Internal` to deploy a private cluster. The user-facing endpoints then cannot be accessed from the internet. The default value is `External`. -endif::restricted[] -ifdef::private[] -ifndef::openshift-origin[] -<18> How to publish the user-facing endpoints of your cluster. Set `publish` to `Internal` to deploy a private cluster, which cannot be accessed from the internet. The default value is `External`. -endif::openshift-origin[] -ifdef::openshift-origin[] -<17> How to publish the user-facing endpoints of your cluster. Set `publish` to `Internal` to deploy a private cluster, which cannot be accessed from the internet. The default value is `External`. -endif::openshift-origin[] -endif::private[] -ifdef::gov[] -ifndef::openshift-origin[] -<19> How to publish the user-facing endpoints of your cluster. Set `publish` to `Internal` to deploy a private cluster, which cannot be accessed from the internet. The default value is `External`. -endif::openshift-origin[] -ifdef::openshift-origin[] -<18> How to publish the user-facing endpoints of your cluster. Set `publish` to `Internal` to deploy a private cluster, which cannot be accessed from the internet. The default value is `External`. -endif::openshift-origin[] -endif::gov[] - -ifeval::["{context}" == "installing-azure-customizations"] -:!customizations: -endif::[] -ifeval::["{context}" == "installing-azure-vnet"] -:!vnet: -endif::[] -ifeval::["{context}" == "installing-azure-private"] -:!private: -endif::[] -ifeval::["{context}" == "installing-azure-government-region"] -:!gov: -endif::[] -ifeval::["{context}" == "installing-restricted-networks-azure-installer-provisioned"] -:!restricted: -endif::[]