github.com/openshift/installer@v1.4.17/docs/user/azure/customization.md (about) 1 # Azure Platform Customization 2 3 Beyond the [platform-agnostic `install-config.yaml` properties](../customization.md#platform-customization), the installer supports additional, Azure-specific properties. 4 5 ## Cluster-scoped properties 6 7 The following options are available when using Azure: 8 9 * `region` (required string): The Azure region where the cluster will be created. 10 * `baseDomainResourceGroupName` (required string): The resource group where the Azure DNS zone for the base domain is found. 11 * `defaultMachinePlatform` (optional object): Default [Azure-specific machine pool properties](#machine-pools) which applies to [machine pools](../customization.md#machine-pools) that do not define their own Azure-specific properties. 12 * `resourceGroupName` (optional string): The name of an already existing resource group where the cluster should be installed. If empty, a new resource group will created for the cluster. 13 * `networkResourceGroupName` (optional string): The resource group where the Azure VNet is found. 14 * `virtualNetwork` (optional string): The name of an existing VNet where the cluster infrastructure should be provisioned. 15 * `controlPlaneSubnet` (optional string): An existing subnet which should be used for the cluster control plane. 16 * `computeSubnet` (optional string): An existing subnet which should be used by cluster nodes. 17 * `outboundType` (optional string): OutboundType is a strategy for how egress from cluster is achieved. Valid values are `Loadbalancer` or `UserDefinedRouting` 18 * `Loadbalancer` (default): LoadbalancerOutboundType uses Standard loadbalancer for egress from the cluster, see [docs][azure-lb-outbound] 19 * `UserDefinedRouting`: UserDefinedRoutingOutboundType uses user defined routing for egress from the cluster, see [docs][azure-udr-outbound]. User defined routing for egress can only be used when deploying clusters to pre-existing virtual networks. 20 21 ## Machine pools 22 23 * `osDisk` (optional object): 24 * `diskSizeGB` (optional integer): The size of the disk in gigabytes (GB). 25 * `diskType` (optional string): The type of disk (allowed values are: `Premium_LRS`, `Standard_LRS`, and `StandardSSD_LRS`). 26 * `diskEncryptionSet` (optional object): 27 * `subscriptionId` (required string): The subscription ID of the disk encryption set. 28 * `resourceGroup` (required string): The resource group of the disk encryption set. 29 * `name` (required string): The name of the disk encryption set. 30 * `encryptionAtHost` (optional bool): enables encryption at host 31 * `type` (optional string): The Azure instance type. 32 * `zones` (optional string slice): List of Azure availability zones that can be used (for example, `["1", "2", "3"]`). 33 * `acceleratedNetworking` (optional string): Whether to enable AcceleratedNetworking on hosts (allowed values are: `Accelerated`, `Basic`). 34 35 ## Installing to Existing Resource Group 36 37 The installer can use an existing resource group when provisioning an OpenShift cluster. This resource group should only be used for this specific cluster and the cluster components will assume ownership of all resources in the resource group. Destroying the cluster using installer will delete this resource group. This resource group must be empty with no other resources when trying to use it for creating a cluster. 38 39 If you're limiting the installer's Service Principal scope to the Resource Group defined with `resourceGroupName`, you will also need to ensure proper permissions for any other resource used by the installer in your environment such as Public DNS Zone, VNet, etc. 40 41 ## Installing to Existing Networks & Subnetworks 42 43 The installer can use an existing VNet and subnets when provisioning an OpenShift cluster. If one of `networkResourceGroupName`, `virtualNetwork`, `controlPlaneSubnet`, or `computeSubnet`is specified, all must be specified [(see example below)](#existing-vnet). The installer will use these existing networks when creating infrastructure such as virtual machines, load balancers, and DNS zones. 44 45 ### Cluster Isolation 46 47 When pre-existing subnets are provided, the installer will not create a network security group (NSG) or alter an existing one attached to the subnet. Because cluster components do not modify the user-provided network security groups, which the Kubernetes controllers update, a pseudo-network security group is created for the Kubernetes controller to modify without impacting the rest of the environment. If multiple clusters are installed to the same VNet and isolation is desired, it must be enforced through an administrative task after the cluster is installed. 48 49 ## Examples 50 51 Some example `install-config.yaml` are shown below. 52 For examples of platform-agnostic configuration fragments, see [here](../customization.md#examples). 53 54 ### Minimal 55 56 An example minimal Azure install config is: 57 58 ```yaml 59 apiVersion: v1 60 baseDomain: example.com 61 metadata: 62 name: test-cluster 63 platform: 64 azure: 65 region: centralus 66 baseDomainResourceGroupName: os4-common 67 pullSecret: '{"auths": ...}' 68 sshKey: ssh-ed25519 AAAA... 69 ``` 70 71 ### Custom machine pools 72 73 An example Azure install config with custom machine pools: 74 75 ```yaml 76 apiVersion: v1 77 baseDomain: example.com 78 controlPlane: 79 name: master 80 platform: 81 azure: 82 type: Standard_DS4_v2 83 osDisk: 84 diskSizeGB: 512 85 diskType: Premium_LRS 86 replicas: 3 87 compute: 88 - name: worker 89 platform: 90 azure: 91 type: Standard_DS4_v2 92 osDisk: 93 diskSizeGB: 512 94 diskType: Standard_LRS 95 zones: 96 - "1" 97 - "2" 98 - "3" 99 replicas: 5 100 metadata: 101 name: test-cluster 102 platform: 103 azure: 104 region: centralus 105 baseDomainResourceGroupName: os4-common 106 pullSecret: '{"auths": ...}' 107 sshKey: ssh-ed25519 AAAA... 108 ``` 109 110 ### Existing Resource Group 111 112 An example Azure install config to use a pre-existing resource group: 113 114 ```yaml 115 apiVersion: v1 116 baseDomain: example.com 117 metadata: 118 creationTimestamp: null 119 name: test-cluster 120 platform: 121 azure: 122 baseDomainResourceGroupName: os4-common 123 resourceGroupName: example-rg 124 cloudName: AzurePublicCloud 125 outboundType: Loadbalancer 126 region: centralus 127 pullSecret: '{"auths": ...}' 128 sshKey: ssh-ed25519 AAAA... 129 ``` 130 131 ### Existing VNet 132 133 An example Azure install config to use a pre-existing VNet and subnets: 134 135 ```yaml 136 apiVersion: v1 137 baseDomain: example.com 138 metadata: 139 name: test-cluster 140 platform: 141 azure: 142 region: centralus 143 baseDomainResourceGroupName: os4-common 144 networkResourceGroupName: example_vnet_rg 145 virtualNetwork: example_vnet 146 controlPlaneSubnet: example_master_subnet 147 computeSubnet: example_worker_subnet 148 osDisk: 149 diskSizeGB: 512 150 diskType: Premium_LRS 151 pullSecret: '{"auths": ...}' 152 sshKey: ssh-ed25519 AAAA... 153 ``` 154 155 [azure-lb-outbound]: https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-outbound-connections#lb 156 [azure-udr-outbound]: https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-udr-overview