github.com/openshift/installer@v1.4.17/docs/user/aws/limits.md

github.com/openshift/installer@v1.4.17/docs/user/aws/limits.md (about)

1 # Limits
2
3 You can find a comprehensive list of the default AWS service limits published here:
4
5 [AWS Service Limits][service-limits]
6
7 Below, we'll identify OpenShift cluster needs and how those impact some of those limits.
8
9 ## S3
10
11 There is a default limit of 100 S3 buckets per account. The installation creates a bucket temporarily. Also, the
12 registry component creates a permanent bucket. This will limit the number of clusters per account to 99 initially. To
13 support additional clusters, you must open a support case with AWS.
14
15 ## VPC
16
17 Each cluster creates its own VPC. The default limit of VPCs per region is 5 and will allow 5 clusters. To have more
18 than 5 clusters, you will need to increase this limit.
19
20 Each cluster also creates a VPC Gateway Endpoint for a stable connection to S3. The default limit of VPC Gateway
21 Endpoints per region is 20 and will allow 20 clusters. To have more than 20 clusters, you will need to increase this
22 limit.
23
24 ## Elastic Network Interfaces (ENI)
25
26 The default installation creates 21 + the number of availability zones of ENIs (e.g. 21 + 3 = 24 ENIs for a three-zone cluster).
27 The default limit per region is 350. Additional ENIs are created for additional machines and elastic load balancers
28 created by cluster usage and deployed workloads. A service limit increase here may be required to satisfy the needs of
29 additional clusters and deployed workloads.
30
31 ## Elastic IP (EIP)
32
33 By default, the installer distributes control-plane and compute machines across [all availability zones within a region][availability-zones] to provision the cluster in a highly available configuration.
34 Please see [this map][az-map] for a current region map with availability zone count.
35 We recommend selecting regions with 3 or more availability zones.
36 You can [provide an install-config](../overview.md#multiple-invocations) to [configure](customization.md) the installer to use specific zones to override that default.
37
38 The installer creates a public and private subnet for each configured availability zone.
39 In each private subnet, a separate [NAT Gateway][nat-gateways] is created and requires a separate [EC2-VPC Elastic IP (EIP)][elastic-ip].
40 The default limit of 5 is sufficient for a single cluster, unless you have configured your cluster to use more than five zones.
41 For multiple clusters, a higher limit will likely be required (and will certainly be required to support more than five clusters, even if they are each single-zone clusters).
42
43 ### Example: Using North Virginia (us-east-1)
44
45 North Virginia (us-east-1) has six availability zones, so a higher limit is required unless you configure your cluster to use fewer zones.
46 To support the default, all-zone installation, please submit a limit increase for VPC Elastic IPs similar to the following in the support dashboard (to create more than one cluster, a higher limit will be necessary):
47
48 ![Increase Elastic IP limit in AWS](images/support_increase_elastic_ip.png)
49
50 ## NAT Gateway
51
52 The default limit for NAT Gateways is 5 per availability zone. This is sufficient for up to 5 clusters in a dedicated
53 account. If you intend to create more than 5 clusters, you will need to request an increase to this limit.
54
55 ## VPC Gateway
56
57 The default limit of VPC Gateways (for S3 access) is 20. Each cluster will create a single S3 gateway endpoint within
58 the new VPC. If you intend to create more than 20 clusters, you will need to request an increase to this limit.
59
60 ## Security Groups
61
62 Each cluster creates distinct security groups. The default limit of 2,500 for new accounts allows for many clusters
63 to be created. The security groups which exist after the default install are:
64
65 1. VPC default
66 1. Master
67 1. Worker
68 1. Router/Ingress
69
70 ## vCPU Limits
71
72 By default, a cluster will create:
73
74 * One m4.large bootstrap machine (2 vCPUs but removed after install)
75 * Three m5.xlarge master nodes (4 vCPUs each).
76 * Three m5.large worker nodes (2 vCPUs each).
77
78 Currently, these vCPU counts are not within a new account's default limit. The default limit is 1 but for all these instances you will need 20. To increase the limit you have to [contact the AWS support](https://console.aws.amazon.com/support/cases?#/create?issueType=service-limit-increase&limitType=ec2-instances).
79 If you intend to start with a higher number of workers, enable autoscaling and large workloads
80 or a different instance type, please ensure you have the necessary remaining vCPU count within the vCPU
81 limit to satisfy the need. To calculate the vCPU limit you can use the limits calculator in the EC2 console (EC2 -> Limits -> Limits calculator).
82
83 ## Elastic Load Balancing (ELB/NLB)
84
85 By default, each cluster will create 2 network load balancers for the master API server (1 internal, 1 external) and a
86 single classic elastic load balancer for the router. Additional Kubernetes LoadBalancer Service objects will create
87 additional [load balancers][load-balancing].
88
89 [availability-zones]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html
90 [az-map]: https://aws.amazon.com/about-aws/global-infrastructure/
91 [elastic-ip]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/elastic-ip-addresses-eip.html
92 [load-balancing]: https://aws.amazon.com/elasticloadbalancing/
93 [nat-gateways]: https://docs.aws.amazon.com/vpc/latest/userguide/vpc-nat-gateway.html
94 [service-limits]: https://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html