Installation configuration parameters for OpenStack

Before you deploy an OKD cluster on OpenStack, you provide parameters to customize your cluster and the platform that hosts it. When you create the install-config.yaml file, you provide values for the required parameters through the command line. You can then modify the install-config.yaml file to customize your cluster further.

Available installation configuration parameters for OpenStack

The following tables specify the required, optional, and OpenStack-specific installation configuration parameters that you can set as part of the installation process.

After installation, you cannot modify these parameters in the install-config.yaml file.

Required configuration parameters

Required installation configuration parameters are described in the following table:

Table 1. Required parameters
ParameterDescriptionValues
  1. apiVersion:

The API version for the install-config.yaml content. The current version is v1. The installation program may also support older API versions.

String

  1. baseDomain:

The base domain of your cloud provider. The base domain is used to create routes to your OKD cluster components. The full DNS name for your cluster is a combination of the baseDomain and metadata.name parameter values that uses the <metadata.name>.<baseDomain> format.

A fully-qualified domain or subdomain name, such as example.com.

  1. metadata:

Kubernetes resource ObjectMeta, from which only the name parameter is consumed.

Object

  1. metadata:
  2.   name:

The name of the cluster. DNS records for the cluster are all subdomains of {{.metadata.name}}.{{.baseDomain}}.

String of lowercase letters, hyphens (-), and periods (.), such as dev. The string must be 14 characters or fewer long.

  1. platform:

The configuration for the specific platform upon which to perform the installation: alibabacloud, aws, baremetal, azure, gcp, ibmcloud, nutanix, openstack, powervs, vsphere, or {}. For additional information about platform.<platform> parameters, consult the table for your specific platform that follows.

Object

Network configuration parameters

You can customize your installation configuration based on the requirements of your existing network infrastructure. For example, you can expand the IP address block for the cluster network or provide different IP address blocks than the defaults.

Only IPv4 addresses are supported.

Globalnet is not supported with Red Hat OpenShift Data Foundation disaster recovery solutions. For regional disaster recovery scenarios, ensure that you use a nonoverlapping range of private IP addresses for the cluster and service networks in each cluster.

Table 2. Network parameters
ParameterDescriptionValues
  1. networking:

The configuration for the cluster network.

Object

You cannot modify parameters specified by the networking object after installation.

  1. networking:
  2.   networkType:

The Red Hat OpenShift Networking network plugin to install.

Either OpenShiftSDN or OVNKubernetes. The default value is OVNKubernetes.

  1. networking:
  2.   clusterNetwork:

The IP address blocks for pods.

The default value is 10.128.0.0/14 with a host prefix of /23.

If you specify multiple IP address blocks, the blocks must not overlap.

An array of objects. For example:

  1. networking:
  2.   clusterNetwork:
  3.   - cidr: 10.128.0.0/14
  4.     hostPrefix: 23
  1. networking:
  2.   clusterNetwork:
  3.     cidr:

Required if you use networking.clusterNetwork. An IP address block.

An IPv4 network.

An IP address block in Classless Inter-Domain Routing (CIDR) notation. The prefix length for an IPv4 block is between 0 and 32.

  1. networking:
  2.   clusterNetwork:
  3.     hostPrefix:

The subnet prefix length to assign to each individual node. For example, if hostPrefix is set to 23 then each node is assigned a /23 subnet out of the given cidr. A hostPrefix value of 23 provides 510 (2^(32 - 23) - 2) pod IP addresses.

A subnet prefix.

The default value is 23.

  1. networking:
  2.   serviceNetwork:

The IP address block for services. The default value is 172.30.0.0/16.

The OpenShift SDN and OVN-Kubernetes network plugins support only a single IP address block for the service network.

An array with an IP address block in CIDR format. For example:

  1. networking:
  2.   serviceNetwork:
  3.    - 172.30.0.0/16
  1. networking:
  2.   machineNetwork:

The IP address blocks for machines.

If you specify multiple IP address blocks, the blocks must not overlap.

An array of objects. For example:

  1. networking:
  2.   machineNetwork:
  3.   - cidr: 10.0.0.0/16
  1. networking:
  2.   machineNetwork:
  3.     cidr:

Required if you use networking.machineNetwork. An IP address block. The default value is 10.0.0.0/16 for all platforms other than libvirt and IBM Power® Virtual Server. For libvirt, the default value is 192.168.126.0/24. For IBM Power® Virtual Server, the default value is 192.168.0.0/24.

An IP network block in CIDR notation.

For example, 10.0.0.0/16.

Set the networking.machineNetwork to match the CIDR that the preferred NIC resides in.

Optional configuration parameters

Optional installation configuration parameters are described in the following table:

Table 3. Optional parameters
ParameterDescriptionValues
  1. additionalTrustBundle:

A PEM-encoded X.509 certificate bundle that is added to the nodes’ trusted certificate store. This trust bundle may also be used when a proxy has been configured.

String

  1. capabilities:

Controls the installation of optional core cluster components. You can reduce the footprint of your OKD cluster by disabling optional components. For more information, see the “Cluster capabilities” page in Installing.

String array

  1. capabilities:
  2.   baselineCapabilitySet:

Selects an initial set of optional capabilities to enable. Valid values are None, v4.11, v4.12 and vCurrent. The default value is vCurrent.

String

  1. capabilities:
  2.   additionalEnabledCapabilities:

Extends the set of optional capabilities beyond what you specify in baselineCapabilitySet. You may specify multiple capabilities in this parameter.

String array

  1. cpuPartitioningMode:

Enables workload partitioning, which isolates OKD services, cluster management workloads, and infrastructure pods to run on a reserved set of CPUs. Workload partitioning can only be enabled during installation and cannot be disabled after installation. While this field enables workload partitioning, it does not configure workloads to use specific CPUs. For more information, see the Workload partitioning page in the Scalability and Performance section.

None or AllNodes. None is the default value.

  1. compute:

The configuration for the machines that comprise the compute nodes.

Array of MachinePool objects.

  1. compute:
  2.   architecture:

Determines the instruction set architecture of the machines in the pool. Currently, clusters with varied architectures are not supported. All pools must specify the same architecture. Valid values are amd64 (the default).

String

  1. compute:
  2.   hyperthreading:

Whether to enable or disable simultaneous multithreading, or hyperthreading, on compute machines. By default, simultaneous multithreading is enabled to increase the performance of your machines’ cores.

If you disable simultaneous multithreading, ensure that your capacity planning accounts for the dramatically decreased machine performance.

Enabled or Disabled

  1. compute:
  2.   name:

Required if you use compute. The name of the machine pool.

worker

  1. compute:
  2.   platform:

Required if you use compute. Use this parameter to specify the cloud provider to host the worker machines. This parameter value must match the controlPlane.platform parameter value.

alibabacloud, aws, azure, gcp, ibmcloud, nutanix, openstack, powervs, vsphere, or {}

  1. compute:
  2.   replicas:

The number of compute machines, which are also known as worker machines, to provision.

A positive integer greater than or equal to 2. The default value is 3.

  1. featureSet:

Enables the cluster for a feature set. A feature set is a collection of OKD features that are not enabled by default. For more information about enabling a feature set during installation, see “Enabling features using feature gates”.

String. The name of the feature set to enable, such as TechPreviewNoUpgrade.

  1. controlPlane:

The configuration for the machines that comprise the control plane.

Array of MachinePool objects.

  1. controlPlane:
  2.   architecture:

Determines the instruction set architecture of the machines in the pool. Currently, clusters with varied architectures are not supported. All pools must specify the same architecture. Valid values are amd64.

String

  1. controlPlane:
  2.   hyperthreading:

Whether to enable or disable simultaneous multithreading, or hyperthreading, on control plane machines. By default, simultaneous multithreading is enabled to increase the performance of your machines’ cores.

If you disable simultaneous multithreading, ensure that your capacity planning accounts for the dramatically decreased machine performance.

Enabled or Disabled

  1. controlPlane:
  2.   name:

Required if you use controlPlane. The name of the machine pool.

master

  1. controlPlane:
  2.   platform:

Required if you use controlPlane. Use this parameter to specify the cloud provider that hosts the control plane machines. This parameter value must match the compute.platform parameter value.

alibabacloud, aws, azure, gcp, ibmcloud, nutanix, openstack, powervs, vsphere, or {}

  1. controlPlane:
  2.   replicas:

The number of control plane machines to provision.

Supported values are 3, or 1 when deploying single-node OpenShift.

  1. credentialsMode:

The Cloud Credential Operator (CCO) mode. If no mode is specified, the CCO dynamically tries to determine the capabilities of the provided credentials, with a preference for mint mode on the platforms where multiple modes are supported.

Mint, Passthrough, Manual or an empty string (“”). [1]

  1. imageContentSources:

Sources and repositories for the release-image content.

Array of objects. Includes a source and, optionally, mirrors, as described in the following rows of this table.

  1. imageContentSources:
  2.   source:

Required if you use imageContentSources. Specify the repository that users refer to, for example, in image pull specifications.

String

  1. imageContentSources:
  2.   mirrors:

Specify one or more repositories that may also contain the same images.

Array of strings

  1. publish:

How to publish or expose the user-facing endpoints of your cluster, such as the Kubernetes API, OpenShift routes.

Internal or External. The default value is External.

Setting this field to Internal is not supported on non-cloud platforms.

If the value of the field is set to Internal, the cluster will become non-functional. For more information, refer to BZ#1953035.

  1. sshKey:

The SSH key to authenticate access to your cluster machines.

For production OKD clusters on which you want to perform installation debugging or disaster recovery, specify an SSH key that your ssh-agent process uses.

For example, sshKey: ssh-ed25519 AAAA...

  1. Not all CCO modes are supported for all cloud providers. For more information about CCO modes, see the “Managing cloud provider credentials” entry in the Authentication and authorization content.

Additional OpenStack configuration parameters

Additional OpenStack configuration parameters are described in the following table:

Table 4. Additional OpenStack parameters
ParameterDescriptionValues
  1. compute:
  2.   platform:
  3.     openstack:
  4.       rootVolume:
  5.         size:

For compute machines, the size in gigabytes of the root volume. If you do not set this value, machines use ephemeral storage.

Integer, for example 30.

  1. compute:
  2.   platform:
  3.     openstack:
  4.       rootVolume:
  5.         types:

For compute machines, the root volume types.

A list of strings, for example, {performance-host1, performance-host2, performance-host3}. [1]

  1. compute:
  2.   platform:
  3.     openstack:
  4.       rootVolume:
  5.         type:

For compute machines, the root volume’s type. This property is deprecated and is replaced by compute.platform.openstack.rootVolume.types.

String, for example, performance. [2]

  1. compute:
  2.   platform:
  3.     openstack:
  4.       rootVolume:
  5.         zones:

For compute machines, the Cinder availability zone to install root volumes on. If you do not set a value for this parameter, the installation program selects the default availability zone. This parameter is mandatory when compute.platform.openstack.zones is defined.

A list of strings, for example [“zone-1”, “zone-2”].

  1. controlPlane:
  2.   platform:
  3.     openstack:
  4.       rootVolume:
  5.         size:

For control plane machines, the size in gigabytes of the root volume. If you do not set this value, machines use ephemeral storage.

Integer, for example 30.

  1. controlPlane:
  2.   platform:
  3.     openstack:
  4.       rootVolume:
  5.         types:

For control plane machines, the root volume types.

A list of strings, for example, {performance-host1, performance-host2, performance-host3}. [1]

  1. controlPlane:
  2.   platform:
  3.     openstack:
  4.       rootVolume:
  5.         type:

For control plane machines, the root volume’s type. This property is deprecated and is replaced by compute.platform.openstack.rootVolume.types.

String, for example, performance. [2]

  1. controlPlane:
  2.   platform:
  3.     openstack:
  4.       rootVolume:
  5.         zones:

For control plane machines, the Cinder availability zone to install root volumes on. If you do not set this value, the installation program selects the default availability zone. This parameter is mandatory when controlPlane.platform.openstack.zones is defined.

A list of strings, for example [“zone-1”, “zone-2”].

  1. platform:
  2.   openstack:
  3.     cloud:

The name of the OpenStack cloud to use from the list of clouds in the clouds.yaml file.

In the cloud configuration in the clouds.yaml file, if possible, use application credentials rather than a user name and password combination. Using application credentials avoids disruptions from secret propogation that follow user name and password rotation.

String, for example MyCloud.

  1. platform:
  2.   openstack:
  3.     externalNetwork:

The OpenStack external network name to be used for installation.

String, for example external.

  1. platform:
  2.   openstack:
  3.     computeFlavor:

The OpenStack flavor to use for control plane and compute machines.

This property is deprecated. To use a flavor as the default for all machine pools, add it as the value of the type key in the platform.openstack.defaultMachinePlatform property. You can also set a flavor value for each machine pool individually.

String, for example m1.xlarge.

  1. If the machine pool defines zones, the count of types can either be a single item or match the number of items in zones. For example, the count of types cannot be 2 if there are 3 items in zones.

  2. If you have any existing reference to this property, the installer populates the corresponding value in the controlPlane.platform.openstack.rootVolume.types field.

Optional OpenStack configuration parameters

Optional OpenStack configuration parameters are described in the following table:

Table 5. Optional OpenStack parameters
ParameterDescriptionValues
  1. compute:
  2.   platform:
  3.     openstack:
  4.       additionalNetworkIDs:

Additional networks that are associated with compute machines. Allowed address pairs are not created for additional networks.

A list of one or more UUIDs as strings. For example, fa806b2f-ac49-4bce-b9db-124bc64209bf.

  1. compute:
  2.   platform:
  3.     openstack:
  4.       additionalSecurityGroupIDs:

Additional security groups that are associated with compute machines.

A list of one or more UUIDs as strings. For example, 7ee219f3-d2e9-48a1-96c2-e7429f1b0da7.

  1. compute:
  2.   platform:
  3.     openstack:
  4.       zones:

OpenStack Compute (Nova) availability zones (AZs) to install machines on. If this parameter is not set, the installation program relies on the default settings for Nova that the OpenStack administrator configured.

A list of strings. For example, [“zone-1”, “zone-2”].

  1. compute:
  2.   platform:
  3.     openstack:
  4.       serverGroupPolicy:

Server group policy to apply to the group that will contain the compute machines in the pool. You cannot change server group policies or affiliations after creation. Supported options include anti-affinity, soft-affinity, and soft-anti-affinity. The default value is soft-anti-affinity.

An affinity policy prevents migrations and therefore affects OpenStack upgrades. The affinity policy is not supported.

If you use a strict anti-affinity policy, an additional OpenStack host is required during instance migration.

A server group policy to apply to the machine pool. For example, soft-affinity.

  1. controlPlane:
  2.   platform:
  3.     openstack:
  4.       additionalNetworkIDs:

Additional networks that are associated with control plane machines. Allowed address pairs are not created for additional networks.

Additional networks that are attached to a control plane machine are also attached to the bootstrap node.

A list of one or more UUIDs as strings. For example, fa806b2f-ac49-4bce-b9db-124bc64209bf.

  1. controlPlane:
  2.   platform:
  3.     openstack:
  4.       additionalSecurityGroupIDs:

Additional security groups that are associated with control plane machines.

A list of one or more UUIDs as strings. For example, 7ee219f3-d2e9-48a1-96c2-e7429f1b0da7.

  1. controlPlane:
  2.   platform:
  3.     openstack:
  4.       zones:

OpenStack Compute (Nova) availability zones (AZs) to install machines on. If this parameter is not set, the installation program relies on the default settings for Nova that the OpenStack administrator configured.

A list of strings. For example, [“zone-1”, “zone-2”].

  1. controlPlane:
  2.   platform:
  3.     openstack:
  4.       serverGroupPolicy:

Server group policy to apply to the group that will contain the control plane machines in the pool. You cannot change server group policies or affiliations after creation. Supported options include anti-affinity, soft-affinity, and soft-anti-affinity. The default value is soft-anti-affinity.

An affinity policy prevents migrations, and therefore affects OpenStack upgrades. The affinity policy is not supported.

If you use a strict anti-affinity policy, an additional OpenStack host is required during instance migration.

A server group policy to apply to the machine pool. For example, soft-affinity.

  1. platform:
  2.   openstack:
  3.     clusterOSImage:

The location from which the installation program downloads the FCOS image.

You must set this parameter to perform an installation in a restricted network.

An HTTP or HTTPS URL, optionally with an SHA-256 checksum.

  1. platform:
  2.   openstack:
  3.     clusterOSImageProperties:

Properties to add to the installer-uploaded ClusterOSImage in Glance. This property is ignored if platform.openstack.clusterOSImage is set to an existing Glance image.

You can use this property to exceed the default persistent volume (PV) limit for OpenStack of 26 PVs per node. To exceed the limit, set the hw_scsi_model property value to virtio-scsi and the hw_disk_bus value to scsi.

You can also use this property to enable the QEMU guest agent by including the hw_qemu_guest_agent property with a value of yes.

A list of key-value string pairs. For example, [“hw_scsi_model”: “virtio-scsi”, “hw_disk_bus”: “scsi”].

  1. platform:
  2.   openstack:
  3.     defaultMachinePlatform:

The default machine pool platform configuration.

  1. {
  2.    type”: ml.large”,
  3.    rootVolume”: {
  4.       size”: 30,
  5.       type”: performance
  6.    }
  7. }
  1. platform:
  2.   openstack:
  3.     ingressFloatingIP:

An existing floating IP address to associate with the Ingress port. To use this property, you must also define the platform.openstack.externalNetwork property.

An IP address, for example 128.0.0.1.

  1. platform:
  2.   openstack:
  3.     apiFloatingIP:

An existing floating IP address to associate with the API load balancer. To use this property, you must also define the platform.openstack.externalNetwork property.

An IP address, for example 128.0.0.1.

  1. platform:
  2.   openstack:
  3.     externalDNS:

IP addresses for external DNS servers that cluster instances use for DNS resolution.

A list of IP addresses as strings. For example, [“8.8.8.8”, “192.168.1.12”].

  1. platform:
  2.   openstack:
  3.     loadbalancer:

Whether or not to use the default, internal load balancer. If the value is set to UserManaged, this default load balancer is disabled so that you can deploy a cluster that uses an external, user-managed load balancer. If the parameter is not set, or if the value is OpenShiftManagedDefault, the cluster uses the default load balancer.

UserManaged or OpenShiftManagedDefault.

  1. platform:
  2.   openstack:
  3.     machinesSubnet:

The UUID of a OpenStack subnet that the cluster’s nodes use. Nodes and virtual IP (VIP) ports are created on this subnet.

The first item in networking.machineNetwork must match the value of machinesSubnet.

If you deploy to a custom subnet, you cannot specify an external DNS server to the OKD installer. Instead, add DNS to the subnet in OpenStack.

A UUID as a string. For example, fa806b2f-ac49-4bce-b9db-124bc64209bf.