github.com/openshift/installer@v1.4.17/docs/user/gcp/customization.md (about) 1 # GCP Platform Customization 2 3 Beyond the [platform-agnostic `install-config.yaml` properties](../customization.md#platform-customization), the installer supports additional, GCP-specific properties. 4 5 * `projectID` (required string): The project where the cluster should be created. 6 * `region` (required string): The GCP region where the cluster should be created. 7 * `network` (optional string): The name of an existing GCP VPC where the cluster infrastructure should be provisioned. 8 * `controlPlaneSubnet` (optional string): The name of an existing GCP subnet which should be used by the cluster control plane. 9 * `computeSubnet` (optional string): The name of an existing GCP subnet which should be used by the cluster nodes. 10 * `defaultMachinePlatform` (optional object): Default [GCP-specific machine pool properties](#machine-pools) which apply to [machine pools](../customization.md#machine-pools) that do not define their own GCP-specific properties. 11 * `licenses` (optional list of strings): A list of license URLs (https) that should be applied to the compute images (as defined in [the API][compute-images]). The use of this property in combination with any mechanism that results in using pre-built images (such as the current OPENSHIFT_INSTALL_OS_IMAGE_OVERRIDE) is forbidden. Also, note that use of these URLs will force the installer to copy the source image before being used. An example of this license is the one that enables [nested virtualization][gcp-nested]. A full list of available licenses can be retrieved using [the license API][license-api]. 12 13 ## Machine pools 14 15 * `type` (optional string): The [GCP machine type][machine-type]. 16 * `zones` (optional array of strings): The availability zones used for machines in the pool. 17 * `osDisk` (optional object): 18 * `diskSizeGB` (optional integer): The size of the disk in gigabytes (GB) (Minimum: 16GB, Maximum: 65536GB). 19 * `diskType` (optional string): The type of disk (allowed values are: `pd-ssd`, and `pd-standard`. Default: `pd-ssd`). 20 * `encryptionKey` (optional object): 21 * `kmsKey` (optional object): 22 * `name` (string): The name of the customer managed encryption key to be used for the disk encryption. 23 * `keyRing` (string): The name of the KMS Key Ring which the KMS Key belongs to. 24 * `location` (string): The GCP location in which the Key Ring exists. 25 * `projectID` (optional string): The ID of the Project in which the KMS Key Ring exists. Defaults to the VM ProjectID if not set. 26 * `kmsKeyServiceAccount` (optional string): The service account being used for the encryption request for the given KMS key. If absent, the [Compute Engine default service account][default-service-account] is used. 27 28 ## Installing to Existing Networks & Subnetworks 29 30 The installer can use an existing VPC and subnets when provisioning an OpenShift cluster. If one of `network`, `controlPlaneSubnet`, or `computeSubnet` is specified, all must be specified ([see example below](#pre-existing-networks--subnets)). Furthermore, each of the networks must belong to the project specified by `projectID`, and the subnets must belong to the specified cluster `region`. The installer will use these existing networks when creating infrastructure such as VM instances, load balancers, firewall rules, and DNS zones. 31 32 ### Cluster Isolation 33 34 In a scenario where multiple clusters are installed to the same VPC network, the installer maintains cluster isolation by using firewall rules which specify allowed sources and destinations through network tags. By tagging each Compute Engine VM instance with a unique cluster id and creating corresponding firewall rules, the installer ensures that a cluster's control plane is only accessible by its own member nodes. 35 36 By design, possible inter-cluster access is limited to: 37 * The API, which is globally available with an external publishing strategy or available throughout the network in an internal publishing strategy 38 * Debugging tools; i.e. ports on VM instances are open to the `machineCidr` for SSH & ICMP 39 40 ## Examples 41 42 Some example `install-config.yaml` are shown below. 43 For examples of platform-agnostic configuration fragments, see [here](../customization.md#examples). 44 45 ### Minimal 46 47 An example minimal GCP install config is: 48 49 ```yaml 50 apiVersion: v1 51 baseDomain: example.com 52 metadata: 53 name: example-cluster 54 platform: 55 gcp: 56 projectID: example-project 57 region: us-east1 58 defaultMachinePlatform: 59 osDisk: 60 diskType: pd-ssd 61 diskSizeGB: 120 62 pullSecret: '{"auths": ...}' 63 sshKey: ssh-ed25519 AAAA... 64 ``` 65 66 ### Custom machine pools 67 68 An example GCP install config with custom machine pools: 69 70 ```yaml 71 apiVersion: v1 72 baseDomain: example.com 73 compute: 74 - name: worker 75 platform: 76 gcp: 77 type: n2-standard-2 78 zones: 79 - us-central1-a 80 - us-central1-c 81 osDisk: 82 diskType: pd-standard 83 diskSizeGB: 128 84 encryptionKey: 85 kmsKey: 86 name: worker-key 87 keyRing: openshift-machine-keys 88 location: global 89 projectID: openshift-dev-installer 90 kmsKeyServiceAccount: openshift-dev-installer@openshift-gce-devel.iam.gserviceaccount.com 91 replicas: 3 92 controlPlane: 93 name: master 94 platform: 95 gcp: 96 type: n2-standard-4 97 zones: 98 - us-central1-a 99 - us-central1-c 100 osDisk: 101 diskType: pd-ssd 102 diskSizeGB: 1024 103 replicas: 3 104 metadata: 105 name: example-cluster 106 platform: 107 gcp: 108 projectID: openshift-dev-installer 109 region: us-central1 110 pullSecret: '{"auths": ...}' 111 sshKey: ssh-ed25519 AAAA... 112 ``` 113 114 ### Pre-existing Networks & Subnets 115 116 An example GCP install config utilizing an existing network and subnets: 117 118 ```yaml 119 apiVersion: v1 120 baseDomain: example.com 121 metadata: 122 name: example-cluster 123 platform: 124 gcp: 125 projectID: example-project 126 region: us-east1 127 computeSubnet: example-worker-subnet 128 controlPlaneSubnet: example-controlplane-subnet 129 network: example-network 130 pullSecret: '{"auths": ...}' 131 sshKey: ssh-ed25519 AAAA... 132 ``` 133 134 ### Nested virtualization 135 136 An example GCP install config enabling [GCP's nested virtualization license][gcp-nested]: 137 138 ```yaml 139 apiVersion: v1 140 baseDomain: example.com 141 metadata: 142 name: example-cluster 143 platform: 144 gcp: 145 projectID: example-project 146 region: us-east1 147 licenses: 148 - https://compute.googleapis.com/compute/v1/projects/vm-options/global/licenses/enable-vmx 149 pullSecret: '{"auths": ...}' 150 ``` 151 152 [machine-type]: https://cloud.google.com/compute/docs/machine-types 153 [compute-images]: https://cloud.google.com/compute/docs/reference/rest/v1/images 154 [gcp-nested]: https://cloud.google.com/compute/docs/instances/enable-nested-virtualization-vm-instances 155 [license-api]: https://cloud.google.com/compute/docs/reference/rest/v1/licenses/list 156 [default-service-account]: https://cloud.google.com/compute/docs/access/service-accounts#compute_engine_service_account