github.com/openshift/installer@v1.4.17/docs/user/aws/install.md (about) 1 # Cluster Installation 2 3 At this point, you are ready to perform the OpenShift installation. You have two choices for installing your cluster on 4 AWS, Installer-Provided Infrastructure (IPI) or User-Provided Infrastructure (UPI). See below for an example of an 5 IPI install. 6 7 To see a guided example of a UPI install, please see [Install: User-Provided Infrastructure](install_upi.md) 8 9 ## Example: Installer-Provided Infrastructure (IPI) 10 11 The steps for performing an IPI-based install are outlined [here][cloud-install]. Following this guide you may begin at 12 Step 3: Download the Installer. 13 14 ## Fully air-gapped installation 15 16 It is not possible to install Openshift on AWS in a fully air-gapped design because the installation process requires Internet access to use the route 53 API, as documented in the [AWS route 53 FAQ][aws-faq]: 17 18 ``` 19 Do I need connectivity to the outside Internet in order to use Private DNS? 20 21 You can resolve internal DNS names from resources within your VPC that do not have Internet connectivity. However, to update the configuration for your Private DNS hosted zone, you need Internet connectivity to access the Route 53 API endpoint, which is outside of VPC. 22 ``` 23 24 ### Create Configuration 25 26 ```console 27 $ openshift-install create install-config 28 ? SSH Public Key /home/user_id/.ssh/id_rsa.pub 29 ? Platform aws 30 ? Region us-east-1 31 ? Base Domain example.com 32 ? Cluster Name test 33 ? Pull Secret [? for help] 34 ``` 35 36 ### Create Cluster 37 38 ```console 39 $ openshift-install create cluster 40 INFO Waiting up to 30m0s for the Kubernetes API at https://api.test.example.com:6443... 41 INFO API v1.11.0+85a0623 up 42 INFO Waiting up to 30m0s for the bootstrap-complete event... 43 INFO Destroying the bootstrap resources... 44 INTO Waiting up to 30m0s for the cluster at https://api.test.example.com:6443 to initialize... 45 INFO Waiting up to 10m0s for the openshift-console route to be created... 46 INFO Install complete! 47 INFO To access the cluster as the system:admin user when using 'oc', run 48 export KUBECONFIG=/home/user/auth/kubeconfig 49 INFO Access the OpenShift web-console here: https://console-openshift-console.apps.test.example.com 50 INFO Login to the console with user: kubeadmin, password: 5char-5char-5char-5char 51 ``` 52 53 ### Running Cluster 54 55 In Route53, there will be a new, private hosted zone (for internal lookups): 56 57  58 59 In EC2, there will be 6 running instances: 60 61  62 63 The installation creates an encrypted AMI for the bootstrap and control-plane machines. 64 The encrypted AMI is [copied][encrypted-copy] from the AMI configured in the control-plane machine-API provider spec, 65 which is RHCOS by default. 66 The encryption uses the default EBS key for your target account and region 67 (`aws kms describe-key --key-id alias/aws/ebs`). 68 The encrypted AMI is deregistered by `destroy cluster`. 69 70 An architecture diagram for the AWS elements created by the full installation is as depicted: 71 72  73 74 The nodes within the VPC utilize the internal DNS and use the Router and Internal API load balancers. External/Internet 75 access to the cluster use the Router and External API load balancers. Nodes are spread equally across 3 availability 76 zones. 77 78 The OpenShift console is available via the kubeadmin login provided by the installer: 79 80  81 82 [cloud-install]: https://console.redhat.com/openshift/create 83 [encrypted-copy]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AMIEncryption.html#create-ami-encrypted-root-snapshot 84 [aws-faq]: https://aws.amazon.com/route53/faqs/