apiVersion: machine.openshift.io/v1beta1
kind: MachineSet
metadata:
labels:
machine.openshift.io/cluster-api-cluster: <infrastructure_id> (1)
machine.openshift.io/cluster-api-machine-role: <infra> (2)
machine.openshift.io/cluster-api-machine-type: <infra> (2)
name: <infrastructure_id>-<infra>-<zone> (3)
namespace: openshift-machine-api
spec:
replicas: 1
selector:
matchLabels:
machine.openshift.io/cluster-api-cluster: <infrastructure_id> (1)
machine.openshift.io/cluster-api-machineset: <infrastructure_id>-<infra>-<zone> (3)
template:
metadata:
labels:
machine.openshift.io/cluster-api-cluster: <infrastructure_id> (1)
machine.openshift.io/cluster-api-machine-role: <infra> (2)
machine.openshift.io/cluster-api-machine-type: <infra> (2)
machine.openshift.io/cluster-api-machineset: <infrastructure_id>-<infra>-<zone> (3)
spec:
metadata:
labels:
node-role.kubernetes.io/infra: ""
providerSpec:
value:
apiVersion: machine.openshift.io/v1
credentialsSecret:
name: alibabacloud-credentials
imageId: <image_id> (4)
instanceType: <instance_type> (5)
kind: AlibabaCloudMachineProviderConfig
ramRoleName: <infrastructure_id>-role-worker (6)
regionId: <region> (7)
resourceGroup: (8)
id: <resource_group_id>
type: ID
securityGroups:
- tags: (9)
- Key: Name
Value: <infrastructure_id>-sg-<role>
type: Tags
systemDisk: (10)
category: cloud_essd
size: <disk_size>
tag: (9)
- Key: kubernetes.io/cluster/<infrastructure_id>
Value: owned
userDataSecret:
name: <user_data_secret> (11)
vSwitch:
tags: (9)
- Key: Name
Value: <infrastructure_id>-vswitch-<zone>
type: Tags
vpcId: ""
zoneId: <zone> (12)
taints: (13)
- key: node-role.kubernetes.io/infra
effect: NoSchedule- Documentation
- OKD
- Machine management
- Creating infrastructure machine sets
- About
- What's new?
- Architecture
-
Installing
- Installation overview
- Selecting an installation method and preparing a cluster
- Cluster capabilities
- Disconnected installation mirroring
-
Installing on Alibaba
- Preparing to install on Alibaba Cloud
- Creating the required Alibaba Cloud resources
- Installing a cluster quickly on Alibaba Cloud
- Installing a cluster on Alibaba Cloud with customizations
- Installing a cluster on Alibaba Cloud with network customizations
- Installing a cluster on Alibaba Cloud into an existing VPC
- Uninstalling a cluster on Alibaba Cloud
-
Installing on AWS
- Preparing to install on AWS
- Configuring an AWS account
- Manually creating IAM
- Installing a cluster quickly on AWS
- Installing a cluster on AWS with customizations
- Installing a cluster on AWS with network customizations
- Installing a cluster on AWS in a restricted network
- Installing a cluster on AWS into an existing VPC
- Installing a private cluster on AWS
- Installing a cluster on AWS into a government region
- Installing a cluster on AWS into a Secret or Top Secret Region
- Installing a cluster on AWS into a China region
- Installing a cluster on AWS using CloudFormation templates
- Installing a cluster using AWS Local Zones
- Installing a cluster on AWS in a restricted network with user-provisioned infrastructure
- Installing a cluster on AWS with remote workers on AWS Outposts
- Installing a three-node cluster on AWS
- Uninstalling a cluster on AWS
-
Installing on Azure
- Preparing to install on Azure
- Configuring an Azure account
- Manually creating IAM
- Enabling user-managed encryption on Azure
- Installing a cluster quickly on Azure
- Installing a cluster on Azure with customizations
- Installing a cluster on Azure with network customizations
- Installing a cluster on Azure into an existing VNet
- Installing a private cluster on Azure
- Installing a cluster on Azure into a government region
- Installing a cluster on Azure using ARM templates
- Installing a three-node cluster on Azure
- Uninstalling a cluster on Azure
-
Installing on Azure Stack Hub
- Preparing to install on Azure Stack Hub
- Configuring an Azure Stack Hub account
- Installing a cluster on Azure Stack Hub with an installer-provisioned infrastructure
- Installing a cluster on Azure Stack Hub with network customizations
- Installing a cluster on Azure Stack Hub using ARM templates
- Uninstalling a cluster on Azure Stack Hub
-
Installing on GCP
- Preparing to install on GCP
- Configuring a GCP project
- Manually creating IAM
- Installing a cluster quickly on GCP
- Installing a cluster on GCP with customizations
- Installing a cluster on GCP with network customizations
- Installing a cluster on GCP in a restricted network
- Installing a cluster on GCP into an existing VPC
- Installing a cluster on GCP into a shared VPC
- Installing a private cluster on GCP
- Installing a cluster on GCP using Deployment Manager templates
- Installing a cluster into a shared VPC on GCP using Deployment Manager templates
- Installing a cluster on GCP in a restricted network with user-provisioned infrastructure
- Installing a three-node cluster on GCP
- Uninstalling a cluster on GCP
-
Installing on IBM Cloud VPC
- Preparing to install on IBM Cloud VPC
- Configuring an IBM Cloud account
- Configuring IAM for IBM Cloud VPC
- Installing a cluster on IBM Cloud VPC with customizations
- Installing a cluster on IBM Cloud VPC with network customizations
- Installing a cluster on IBM Cloud VPC into an existing VPC
- Installing a private cluster on IBM Cloud VPC
- Uninstalling a cluster on IBM Cloud VPC
- Installing on Nutanix
-
Installing on bare metal
- Preparing to install on bare metal
- Installing a user-provisioned cluster on bare metal
- Installing a user-provisioned bare metal cluster with network customizations
- Installing a user-provisioned bare metal cluster on a restricted network
- Scaling a user-provisioned installation with the bare metal operator
- Deploying installer-provisioned clusters on bare metal
- Installing bare metal clusters on IBM Cloud
-
Installing on OpenStack
- Preparing to install on OpenStack
- Preparing to install a cluster that uses SR-IOV or OVS-DPDK on OpenStack
- Installing a cluster on OpenStack with customizations
- Installing a cluster on OpenStack with Kuryr
- Installing a cluster on OpenStack on your own infrastructure
- Installing a cluster on OpenStack with Kuryr on your own infrastructure
- Installing a cluster on OpenStack in a restricted network
- OpenStack Cloud Controller Manager reference guide
- Uninstalling a cluster on OpenStack
- Uninstalling a cluster on OpenStack from your own infrastructure
- Installing on oVirt
-
Installing on vSphere
- Preparing to install on vSphere
- Installing a cluster on vSphere
- Installing a cluster on vSphere with customizations
- Installing a cluster on vSphere with network customizations
- Installing a cluster on vSphere with user-provisioned infrastructure
- Installing a cluster on vSphere with user-provisioned infrastructure and network customizations
- Installing a cluster on vSphere in a restricted network
- Installing a cluster on vSphere in a restricted network with user-provisioned infrastructure
- Installing a three-node cluster on vSphere
- Uninstalling a cluster on vSphere that uses installer-provisioned infrastructure
- Using the vSphere Problem Detector Operator
-
Installing on VMC
- Preparing to install on VMC
- Installing a cluster on VMC
- Installing a cluster on VMC with customizations
- Installing a cluster on VMC with network customizations
- Installing a cluster on VMC in a restricted network
- Installing a cluster on VMC with user-provisioned infrastructure
- Installing a cluster on VMC with user-provisioned infrastructure and network customizations
- Installing a cluster on VMC in a restricted network with user-provisioned infrastructure
- Installing a three-node cluster on VMC
- Uninstalling a cluster on VMC
- Installing on any platform
- Installation configuration
- Validating an installation
- Troubleshooting installation issues
-
Post-installation configuration
- Configuring a private cluster
- Bare metal configuration
- Configuring multi-architecture compute machines on an OpenShift cluster
- Machine configuration tasks
- Cluster tasks
- Node tasks
- Network configuration
- Storage configuration
- Preparing for users
- Configuring alert notifications
- Converting a connected cluster to a disconnected cluster
- Enabling cluster capabilities
- Configuring additional devices in an IBM zSystems or IBM LinuxONE environment
- Fedora CoreOS (FCOS) image layering
-
Updating clusters
- Updating clusters overview
- Understanding OpenShift updates
- Understanding upgrade channels
- Understanding OpenShift update duration
- Preparing to update to OKD 4.12
- Preparing to perform an EUS-to-EUS update
- Updating a cluster using the web console
- Updating a cluster using the CLI
- Performing update using canary rollout strategy
- Updating hardware on nodes running on vSphere
-
Support
- Support overview
- Managing your cluster resources
-
Remote health monitoring with connected clusters
- About remote health monitoring
- Showing data collected by remote health monitoring
- Opting out of remote health reporting
- Enabling remote health reporting
- Using Insights to identify issues with your cluster
- Using Insights Operator
- Using remote health reporting in a restricted network
- Importing simple content access entitlements with Insights Operator
- Gathering data about your cluster
- Summarizing cluster specifications
-
Troubleshooting
- Troubleshooting installations
- Verifying node health
- Troubleshooting CRI-O container runtime issues
- Troubleshooting operating system issues
- Troubleshooting network issues
- Troubleshooting Operator issues
- Investigating pod issues
- Troubleshooting the Source-to-Image process
- Troubleshooting storage issues
- Troubleshooting Windows container workload issues
- Investigating monitoring issues
- Diagnosing OpenShift CLI (oc) issues
- Web console
- CLI tools
-
Security and compliance
- Security and compliance overview
-
Container security
- Understanding container security
- Understanding host and VM security
- Container image signatures
- Hardening Fedora CoreOS
- Understanding compliance
- Securing container content
- Using container registries securely
- Securing the build process
- Deploying containers
- Securing the container platform
- Securing networks
- Securing attached storage
- Monitoring cluster events and logs
- Configuring certificates
-
Certificate types and descriptions
- User-provided certificates for the API server
- Proxy certificates
- Service CA certificates
- Node certificates
- Bootstrap certificates
- etcd certificates
- OLM certificates
- Aggregated API client certificates
- Machine Config Operator certificates
- User-provided certificates for default ingress
- Ingress certificates
- Monitoring and cluster logging Operator component certificates
- Control plane certificates
-
Compliance Operator
- Compliance Operator release notes
- Supported compliance profiles
- Installing the Compliance Operator
- Updating the Compliance Operator
- Compliance Operator scans
- Understanding the Compliance Operator
- Managing the Compliance Operator
- Tailoring the Compliance Operator
- Retrieving Compliance Operator raw results
- Managing Compliance Operator remediation
- Performing advanced Compliance Operator tasks
- Troubleshooting the Compliance Operator
- Uninstalling the Compliance Operator
- Using the oc-compliance plugin
- Understanding the Custom Resource Definitions
- File Integrity Operator
-
Security Profiles Operator
- Security Profiles Operator overview
- Security Profiles Operator release notes
- Understanding the Security Profiles Operator
- Enabling the Security Profiles Operator
- Managing seccomp profiles
- Managing SELinux profiles
- Advanced Security Profiles Operator tasks
- Troubleshooting the Security Profiles Operator
- Uninstalling the Security Profiles Operator
- Viewing audit logs
- Configuring the audit log policy
- Configuring TLS security profiles
- Configuring seccomp profiles
- Allowing JavaScript-based access to the API server from additional hosts
- Encrypting etcd data
- Scanning pods for vulnerabilities
- Network-Bound Disk Encryption (NBDE)
-
Authentication and authorization
- Authentication and authorization overview
- Understanding authentication
- Configuring the internal OAuth server
- Configuring OAuth clients
- Managing user-owned OAuth access tokens
- Understanding identity provider configuration
-
Configuring identity providers
- Configuring an htpasswd identity provider
- Configuring a Keystone identity provider
- Configuring an LDAP identity provider
- Configuring a basic authentication identity provider
- Configuring a request header identity provider
- Configuring a GitHub or GitHub Enterprise identity provider
- Configuring a GitLab identity provider
- Configuring a Google identity provider
- Configuring an OpenID Connect identity provider
- Using RBAC to define and apply permissions
- Removing the kubeadmin user
- Understanding and creating service accounts
- Using service accounts in applications
- Using a service account as an OAuth client
- Scoping tokens
- Using bound service account tokens
- Managing security context constraints
- Understanding and managing pod security admission
- Impersonating the system:admin user
- Syncing LDAP groups
- Managing cloud provider credentials
-
Networking
- About networking
- Understanding networking
- Accessing hosts
- Networking Operators overview
- Understanding the Cluster Network Operator
- Understanding the DNS Operator
- Understanding the Ingress Operator
- Ingress sharding
- Understanding the Ingress Node Firewall Operator
- Configuring the Ingress Controller for manual DNS management
- Configuring the Ingress Controller endpoint publishing strategy
- Verifying connectivity to an endpoint
- Changing the cluster network MTU
- Configuring the node port service range
- Configuring IP failover
- Configuring interface-level network sysctls
- Using SCTP
- Using PTP hardware
-
External DNS Operator
- Understanding the External DNS Operator
- Installing the External DNS Operator
- External DNS Operator configuration parameters
- Creating DNS records on an public hosted zone for AWS
- Creating DNS records on an public zone for Azure
- Creating DNS records on an public managed zone for GCP
- Creating DNS records on a public DNS zone for Infoblox
- Network policy
-
AWS Load Balancer Operator
- Understanding the AWS Load Balancer Operator
- Installing the AWS Load Balancer Operator
- Installing the AWS Load Balancer Operator on Security Token Service cluster
- Creating an instance of the AWS Load Balancer Controller
- Serving Multiple Ingresses through a single AWS Load Balancer
- Adding TLS termination on the AWS Load Balancer
- Configuring cluster-wide proxy on the AWS Load Balancer Operator
-
Multiple networks
- Understanding multiple networks
- Configuring an additional network
- About virtual routing and forwarding
- Configuring multi-network policy
- Attaching a pod to an additional network
- Removing a pod from an additional network
- Editing an additional network
- Removing an additional network
- Assigning a secondary network to a VRF
-
Hardware networks
- About Single Root I/O Virtualization (SR-IOV) hardware networks
- Installing the SR-IOV Operator
- Configuring the SR-IOV Operator
- Configuring an SR-IOV network device
- Configuring an SR-IOV Ethernet network attachment
- Configuring an SR-IOV InfiniBand network attachment
- Adding a pod to an SR-IOV network
- Tuning sysctl settings on an SR-IOV network
- Using high performance multicast
- Using DPDK and RDMA
- Using pod-level bonding for secondary networks
- Configuring hardware offloading
- Switching Bluefield-2 from NIC to DPU mode
- Uninstalling the SR-IOV Operator
-
OVN-Kubernetes network plugin
- About the OVN-Kubernetes network plugin
- OVN-Kubernetes architecture
- OVN-Kubernetes troubleshooting
- OVN-Kubernetes traffic tracing
- Migrating from the OpenShift SDN network plugin
- Rolling back to the OpenShift SDN network plugin
- Converting to IPv4/IPv6 dual stack networking
- Logging for egress firewall and network policy rules
- Configuring IPsec encryption
- Configuring an egress firewall for a project
- Viewing an egress firewall for a project
- Editing an egress firewall for a project
- Removing an egress firewall from a project
- Configuring an egress IP address
- Assigning an egress IP address
- Considerations for the use of an egress router pod
- Deploying an egress router pod in redirect mode
- Enabling multicast for a project
- Disabling multicast for a project
- Tracking network flows
- Configuring hybrid networking
-
OpenShift SDN network plugin
- About the OpenShift SDN network plugin
- Configuring egress IPs for a project
- Configuring an egress firewall for a project
- Viewing an egress firewall for a project
- Editing an egress firewall for a project
- Removing an egress firewall from a project
- Considerations for the use of an egress router pod
- Deploying an egress router pod in redirect mode
- Deploying an egress router pod in HTTP proxy mode
- Deploying an egress router pod in DNS proxy mode
- Configuring an egress router pod destination list from a config map
- Enabling multicast for a project
- Disabling multicast for a project
- Configuring multitenant isolation
- Configuring kube-proxy
- Configuring Routes
-
Configuring ingress cluster traffic
- Overview
- Configuring ExternalIPs for services
- Configuring ingress cluster traffic using an Ingress Controller
- Configuring ingress cluster traffic using a load balancer
- Configuring ingress cluster traffic on AWS
- Configuring ingress cluster traffic using a service external IP
- Configuring ingress cluster traffic using a NodePort
- Configuring ingress cluster traffic using load balancer allowed source ranges
- Kubernetes NMState
- Configuring the cluster-wide proxy
- Configuring a custom PKI
- Load balancing on OpenStack
-
Load balancing with MetalLB
- About MetalLB and the MetalLB Operator
- Installing the MetalLB Operator
- Upgrading the MetalLB Operator
- Configuring MetalLB address pools
- Advertising the IP address pools
- Configuring MetalLB BGP peers
- Advertising an IP address pool using the community alias
- Configuring MetalLB BFD profiles
- Configuring services to use MetalLB
- MetalLB logging, troubleshooting, and support
- Associating secondary interfaces metrics to network attachments
- Network Observability
-
Storage
- Storage overview
- Understanding ephemeral storage
- Understanding persistent storage
-
Configuring persistent storage
- Persistent storage using AWS Elastic Block Store
- Persistent storage using Azure Disk
- Persistent storage using Azure File
- Persistent storage using Cinder
- Persistent storage using Fibre Channel
- Persistent storage using FlexVolume
- Persistent storage using GCE Persistent Disk
- Persistent Storage using iSCSI
- Persistent storage using NFS
- Persistent storage using Red Hat OpenShift Data Foundation
- Persistent storage using VMware vSphere
- Persistent storage using local storage
-
Using Container Storage Interface (CSI)
- Configuring CSI volumes
- CSI inline ephemeral volumes
- Shared Resource CSI Driver Operator
- CSI volume snapshots
- CSI volume cloning
- CSI automatic migration
- AliCloud Disk CSI Driver Operator
- AWS Elastic Block Store CSI Driver Operator
- AWS Elastic File Service CSI Driver Operator
- Azure Disk CSI Driver Operator
- Azure File CSI Driver Operator
- Azure Stack Hub CSI Driver Operator
- GCP PD CSI Driver Operator
- GCP Filestore CSI Driver Operator
- IBM VPC Block CSI Driver Operator
- OpenStack Cinder CSI Driver Operator
- OpenStack Manila CSI Driver Operator
- Red Hat Virtualization CSI Driver Operator
- VMware vSphere CSI Driver Operator
- Generic ephemeral volumes
- Expanding persistent volumes
- Dynamic provisioning
-
Registry
- Registry overview
- Image Registry Operator in OKD
-
Setting up and configuring the registry
- Configuring the registry for AWS user-provisioned infrastructure
- Configuring the registry for GCP user-provisioned infrastructure
- Configuring the registry for OpenStack user-provisioned infrastructure
- Configuring the registry for Azure user-provisioned infrastructure
- Configuring the registry for OpenStack
- Configuring the registry for bare metal
- Configuring the registry for vSphere
- Configuring the registry for OpenShift Data Foundation
- Accessing the registry
- Exposing the registry
-
Operators
- Operators overview
- Understanding Operators
- User tasks
-
Administrator tasks
- Adding Operators to a cluster
- Updating installed Operators
- Deleting Operators from a cluster
- Configuring OLM features
- Configuring proxy support
- Viewing Operator status
- Managing Operator conditions
- Allowing non-cluster administrators to install Operators
- Managing custom catalogs
- Using OLM on restricted networks
- Managing platform Operators
-
Developing Operators
- About the Operator SDK
- Installing the Operator SDK CLI
- Go-based Operators
- Ansible-based Operators
- Helm-based Operators
- Java-based Operators
- Defining cluster service versions (CSVs)
- Working with bundle images
- Validating Operators using the scorecard
- Validating Operator bundles
- High-availability or single-node cluster detection and support
- Configuring built-in monitoring with Prometheus
- Configuring leader election
- Object pruning utility
- Migrating package manifest projects to bundle format
- Operator SDK CLI reference
- Migrating to Operator SDK v0.1.0
- Cluster Operators reference
-
CI/CD
- CI/CD overview
-
Builds
- Understanding image builds
- Understanding build configurations
- Creating build inputs
- Managing build output
- Using build strategies
- Custom image builds with Buildah
- Performing and configuring basic builds
- Triggering and modifying builds
- Performing advanced builds
- Using Red Hat subscriptions in builds
- Securing builds by strategy
- Build configuration resources
- Troubleshooting builds
- Setting up additional trusted certificate authorities for builds
-
Images
- Overview of images
- Configuring the Cluster Samples Operator
- Using the Cluster Samples Operator with an alternate registry
- Creating images
- Managing images
- Managing image streams
- Using image streams with Kubernetes resources
- Triggering updates on image stream changes
- Image configuration resources
- Using templates
- Using Ruby on Rails
- Using images
-
Building applications
- Building applications overview
- Projects
- Creating applications
- Viewing application composition using the Topology view
-
Connecting applications to services
- Service Binding Operator release notes
- Understanding Service Binding Operator
- Installing Service Binding Operator
- Getting started with service binding
- Getting started with service binding on IBM Power, IBM zSystems, and IBM LinuxONE
- Exposing binding data from a service
- Projecting binding data
- Binding workloads using Service Binding Operator
- Connecting an application to a service using the Developer perspective
- Working with Helm charts
- Deployments
- Quotas
- Using config maps with applications
- Monitoring project and application metrics using the Developer perspective
- Monitoring application health
- Editing applications
- Pruning objects to reclaim resources
- Idling applications
- Deleting applications
- Using the Red Hat Marketplace
-
Machine management
- Overview of machine management
-
Creating compute machine sets
- Creating a compute machine set on Alibaba Cloud
- Creating a compute machine set on AWS
- Creating a compute machine set on Azure
- Creating a compute machine set on Azure Stack Hub
- Creating a compute machine set on GCP
- Creating a compute machine set on IBM Cloud
- Creating a compute machine set on Nutanix
- Creating a compute machine set on OpenStack
- Creating a compute machine set on oVirt
- Creating a compute machine set on vSphere
- Manually scaling a compute machine set
- Modifying a compute machine set
- Deleting a machine
- Applying autoscaling to a cluster
- Creating infrastructure machine sets
- User-provisioned infrastructure
- Managing machines with the Cluster API
- Managing control plane machines
- Deploying machine health checks
- Hosted control planes
-
Nodes
- Overview of nodes
-
Working with pods
- About pods
- Viewing pods
- Configuring a cluster for pods
- Automatically scaling pods with the horizontal pod autoscaler
- Automatically scaling pods with the custom metrics autoscaler
- Automatically adjust pod resource levels with the vertical pod autoscaler
- Providing sensitive data to pods
- Creating and using config maps
- Using Device Manager to make devices available to nodes
- Including pod priority in pod scheduling decisions
- Placing pods on specific nodes using node selectors
-
Controlling pod placement onto nodes (scheduling)
- About pod placement using the scheduler
- Scheduling pods using a scheduler profile
- Placing pods relative to other pods using pod affinity and anti-affinity rules
- Controlling pod placement on nodes using node affinity rules
- Placing pods onto overcommited nodes
- Controlling pod placement using node taints
- Placing pods on specific nodes using node selectors
- Controlling pod placement using pod topology spread constraints
- Evicting pods using the descheduler
- Secondary scheduler
- Using Jobs and DaemonSets
-
Working with nodes
- Viewing and listing the nodes in your cluster
- Working with nodes
- Managing nodes
- Managing the maximum number of pods per node
- Using the Node Tuning Operator
- Remediation, fencing, and maintenance
- Understanding node rebooting
- Freeing node resources using garbage collection
- Allocating resources for nodes
- Allocating specific CPUs for nodes in a cluster
- Configuring the TLS security profile for the kubelet
- Machine Config Daemon metrics
- Creating infrastructure nodes
-
Working with containers
- Understanding containers
- Using Init Containers to perform tasks before a pod is deployed
- Using volumes to persist container data
- Mapping volumes using projected volumes
- Allowing containers to consume API objects
- Copying files to or from a container
- Executing remote commands in a container
- Using port forwarding to access applications in a container
- Using sysctls in containers
-
Working with clusters
- Viewing system event information in a cluster
- Analyzing cluster resource levels
- Setting limit ranges
- Configuring cluster memory to meet container memory and risk requirements
- Configuring your cluster to place pods on overcommited nodes
- Configuring the Linux cgroup version on your nodes
- Enabling features using FeatureGates
- Improving cluster stability in high latency environments using worker latency profiles
-
Windows Container Support for OpenShift
- Red Hat OpenShift support for Windows Containers overview
- Red Hat OpenShift support for Windows Containers release notes
- Understanding Windows container workloads
- Enabling Windows container workloads
- Creating Windows MachineSet objects
- Scheduling Windows container workloads
- Windows node upgrades
- Using Bring-Your-Own-Host Windows instances as nodes
- Removing Windows nodes
- Disabling Windows container workloads
-
Logging
- Release notes
- Logging 5.6
- Logging 5.5
- About Logging
- Installing Logging
-
Configuring your Logging deployment
- About the Cluster Logging custom resource
- Configuring the logging collector
- Configuring the log store
- Configuring the log visualizer
- Configuring Logging storage
- Configuring CPU and memory limits for Logging components
- Using tolerations to control Logging pod placement
- Moving the Logging resources with node selectors
- Configuring systemd-journald for Logging
- Maintenance and support
- Logging with the LokiStack
- Viewing logs for a specific resource
- Viewing cluster logs in Kibana
- Forwarding logs to third party systems
- Enabling JSON logging
- Collecting and storing Kubernetes events
- Updating Logging
- Viewing cluster dashboards
- Troubleshooting Logging
- Uninstalling Logging
- Exported fields
-
Monitoring
- Monitoring overview
- Configuring the monitoring stack
- Enabling monitoring for user-defined projects
- Enabling alert routing for user-defined projects
- Managing metrics
- Querying metrics
- Managing metrics targets
- Managing alerts
- Reviewing monitoring dashboards
- The NVIDIA GPU administration dashboard
- Monitoring bare-metal events
- Accessing third-party monitoring APIs
- Troubleshooting monitoring issues
- Config map reference for the Cluster Monitoring Operator
-
Scalability and performance
- Recommended performance and scalability practices
- Using the Node Tuning Operator
- Using CPU Manager and Topology Manager
- Scheduling NUMA-aware workloads
- Scaling the Cluster Monitoring Operator
- Planning your environment according to object maximums
- Optimizing storage
- Optimizing routing
- Optimizing networking
- Optimizing CPU usage
- Managing bare metal hosts
- What huge pages do and how they are consumed by apps
- Low latency tuning
- Performing latency tests for platform verification
- Improving cluster stability in high latency environments using worker latency profiles
- Topology Aware Lifecycle Manager for cluster updates
- Creating a performance profile
- Workload partitioning in single-node OpenShift
- Requesting CRI-O and Kubelet profiling data by using the Node Observability Operator
-
Clusters at the network far edge
- Challenges of the network far edge
- Preparing the hub cluster for ZTP
- Installing managed clusters with RHACM and SiteConfig resources
- Configuring managed clusters with policies and PolicyGenTemplate resources
- Manually installing a single-node OpenShift cluster with ZTP
- Recommended single-node OpenShift cluster configuration for vDU application workloads
- Validating cluster tuning for vDU application workloads
- Advanced managed cluster configuration with SiteConfig resources
- Advanced managed cluster configuration with PolicyGenTemplate resources
- Updating managed clusters with the Topology Aware Lifecycle Manager
- Updating GitOps ZTP
- Expanding single-node OpenShift clusters with GitOps ZTP
- Pre-caching images for single-node OpenShift deployments
- Specialized hardware and driver enablement
-
Backup and restore
- Overview of backup and restore operations
- Shutting down a cluster gracefully
- Restarting a cluster gracefully
- Application backup and restore
- Control plane backup and restore
-
Migrating from version 3 to 4
- Migrating from version 3 to 4 overview
- About migrating from OKD 3 to 4
- Differences between OKD 3 and 4
- Network considerations
- About MTC
- Installing MTC
- Installing MTC in a restricted network environment
- Upgrading MTC
- Premigration checklists
- Migrating your applications
- Advanced migration options
- Troubleshooting
- Migration Toolkit for Containers
-
API reference
- Understanding API tiers
- API compatibility guidelines
- Editing kubelet log level verbosity and gathering logs
- API list
- Common object reference
-
Authorization APIs
- About Authorization APIs
- LocalResourceAccessReview [authorization.openshift.io/v1]
- LocalSubjectAccessReview [authorization.openshift.io/v1]
- ResourceAccessReview [authorization.openshift.io/v1]
- SelfSubjectRulesReview [authorization.openshift.io/v1]
- SubjectAccessReview [authorization.openshift.io/v1]
- SubjectRulesReview [authorization.openshift.io/v1]
- TokenRequest [authentication.k8s.io/v1]
- TokenReview [authentication.k8s.io/v1]
- LocalSubjectAccessReview [authorization.k8s.io/v1]
- SelfSubjectAccessReview [authorization.k8s.io/v1]
- SelfSubjectRulesReview [authorization.k8s.io/v1]
- SubjectAccessReview [authorization.k8s.io/v1]
- Autoscale APIs
-
Config APIs
- About Config APIs
- APIServer [config.openshift.io/v1]
- Authentication [config.openshift.io/v1]
- Build [config.openshift.io/v1]
- ClusterOperator [config.openshift.io/v1]
- ClusterVersion [config.openshift.io/v1]
- Console [config.openshift.io/v1]
- DNS [config.openshift.io/v1]
- FeatureGate [config.openshift.io/v1]
- HelmChartRepository [helm.openshift.io/v1beta1]
- Image [config.openshift.io/v1]
- ImageDigestMirrorSet [config.openshift.io/v1]
- ImageContentPolicy [config.openshift.io/v1]
- ImageTagMirrorSet [config.openshift.io/v1]
- Infrastructure [config.openshift.io/v1]
- Ingress [config.openshift.io/v1]
- Network [config.openshift.io/v1]
- Node [config.openshift.io/v1]
- OAuth [config.openshift.io/v1]
- OperatorHub [config.openshift.io/v1]
- Project [config.openshift.io/v1]
- ProjectHelmChartRepository [helm.openshift.io/v1beta1]
- Proxy [config.openshift.io/v1]
- Scheduler [config.openshift.io/v1]
-
Console APIs
- About Console APIs
- ConsoleCLIDownload [console.openshift.io/v1]
- ConsoleExternalLogLink [console.openshift.io/v1]
- ConsoleLink [console.openshift.io/v1]
- ConsoleNotification [console.openshift.io/v1]
- ConsolePlugin [console.openshift.io/v1]
- ConsoleQuickStart [console.openshift.io/v1]
- ConsoleYAMLSample [console.openshift.io/v1]
- Extension APIs
-
Image APIs
- About Image APIs
- Image [image.openshift.io/v1]
- ImageSignature [image.openshift.io/v1]
- ImageStreamImage [image.openshift.io/v1]
- ImageStreamImport [image.openshift.io/v1]
- ImageStreamLayers [image.openshift.io/v1]
- ImageStreamMapping [image.openshift.io/v1]
- ImageStream [image.openshift.io/v1]
- ImageStreamTag [image.openshift.io/v1]
- ImageTag [image.openshift.io/v1]
- SecretList [image.openshift.io/v1]
-
Machine APIs
- About Machine APIs
- ContainerRuntimeConfig [machineconfiguration.openshift.io/v1]
- ControllerConfig [machineconfiguration.openshift.io/v1]
- ControlPlaneMachineSet [machine.openshift.io/v1]
- KubeletConfig [machineconfiguration.openshift.io/v1]
- MachineConfigPool [machineconfiguration.openshift.io/v1]
- MachineConfig [machineconfiguration.openshift.io/v1]
- MachineHealthCheck [machine.openshift.io/v1beta1]
- Machine [machine.openshift.io/v1beta1]
- MachineSet [machine.openshift.io/v1beta1]
- Metadata APIs
-
Monitoring APIs
- About Monitoring APIs
- Alertmanager [monitoring.coreos.com/v1]
- AlertmanagerConfig [monitoring.coreos.com/v1beta1]
- PodMonitor [monitoring.coreos.com/v1]
- Probe [monitoring.coreos.com/v1]
- Prometheus [monitoring.coreos.com/v1]
- PrometheusRule [monitoring.coreos.com/v1]
- ServiceMonitor [monitoring.coreos.com/v1]
- ThanosRuler [monitoring.coreos.com/v1]
-
Network APIs
- About Network APIs
- CloudPrivateIPConfig [cloud.network.openshift.io/v1]
- EgressFirewall [k8s.ovn.org/v1]
- EgressIP [k8s.ovn.org/v1]
- EgressQoS [k8s.ovn.org/v1]
- Endpoints [undefined/v1]
- EndpointSlice [discovery.k8s.io/v1]
- EgressRouter [network.operator.openshift.io/v1]
- Ingress [networking.k8s.io/v1]
- IngressClass [networking.k8s.io/v1]
- IPPool [whereabouts.cni.cncf.io/v1alpha1]
- NetworkAttachmentDefinition [k8s.cni.cncf.io/v1]
- NetworkPolicy [networking.k8s.io/v1]
- OverlappingRangeIPReservation [whereabouts.cni.cncf.io/v1alpha1]
- PodNetworkConnectivityCheck [controlplane.operator.openshift.io/v1alpha1]
- Route [route.openshift.io/v1]
- Service [undefined/v1]
- Node APIs
- OAuth APIs
-
Operator APIs
- About Operator APIs
- Authentication [operator.openshift.io/v1]
- CloudCredential [operator.openshift.io/v1]
- ClusterCSIDriver [operator.openshift.io/v1]
- Console [operator.openshift.io/v1]
- Config [operator.openshift.io/v1]
- Config [imageregistry.operator.openshift.io/v1]
- Config [samples.operator.openshift.io/v1]
- CSISnapshotController [operator.openshift.io/v1]
- DNS [operator.openshift.io/v1]
- DNSRecord [ingress.operator.openshift.io/v1]
- Etcd [operator.openshift.io/v1]
- ImageContentSourcePolicy [operator.openshift.io/v1alpha1]
- ImagePruner [imageregistry.operator.openshift.io/v1]
- IngressController [operator.openshift.io/v1]
- InsightsOperator [operator.openshift.io/v1]
- KubeAPIServer [operator.openshift.io/v1]
- KubeControllerManager [operator.openshift.io/v1]
- KubeScheduler [operator.openshift.io/v1]
- KubeStorageVersionMigrator [operator.openshift.io/v1]
- Network [operator.openshift.io/v1]
- OpenShiftAPIServer [operator.openshift.io/v1]
- OpenShiftControllerManager [operator.openshift.io/v1]
- OperatorPKI [network.operator.openshift.io/v1]
- ServiceCA [operator.openshift.io/v1]
- Storage [operator.openshift.io/v1]
-
OperatorHub APIs
- About OperatorHub APIs
- CatalogSource [operators.coreos.com/v1alpha1]
- ClusterServiceVersion [operators.coreos.com/v1alpha1]
- InstallPlan [operators.coreos.com/v1alpha1]
- OLMConfig [operators.coreos.com/v1]
- Operator [operators.coreos.com/v1]
- OperatorCondition [operators.coreos.com/v2]
- OperatorGroup [operators.coreos.com/v1]
- PackageManifest [packages.operators.coreos.com/v1]
- Subscription [operators.coreos.com/v1alpha1]
- Policy APIs
- Project APIs
-
Provisioning APIs
- About Provisioning APIs
- BMCEventSubscription [metal3.io/v1alpha1]
- BareMetalHost [metal3.io/v1alpha1]
- FirmwareSchema [metal3.io/v1alpha1]
- HardwareData [metal3.io/v1alpha1]
- HostFirmwareSettings [metal3.io/v1alpha1]
- Metal3Remediation [infrastructure.cluster.x-k8s.io/v1beta1]
- Metal3RemediationTemplate [infrastructure.cluster.x-k8s.io/v1beta1]
- PreprovisioningImage [metal3.io/v1alpha1]
- Provisioning [metal3.io/v1alpha1]
- RBAC APIs
- Role APIs
-
Schedule and quota APIs
- About Schedule and quota APIs
- AppliedClusterResourceQuota [quota.openshift.io/v1]
- ClusterResourceQuota [quota.openshift.io/v1]
- FlowSchema [flowcontrol.apiserver.k8s.io/v1beta1]
- LimitRange [undefined/v1]
- PriorityClass [scheduling.k8s.io/v1]
- PriorityLevelConfiguration [flowcontrol.apiserver.k8s.io/v1beta1]
- ResourceQuota [undefined/v1]
-
Security APIs
- About Security APIs
- CertificateSigningRequest [certificates.k8s.io/v1]
- CredentialsRequest [cloudcredential.openshift.io/v1]
- PodSecurityPolicyReview [security.openshift.io/v1]
- PodSecurityPolicySelfSubjectReview [security.openshift.io/v1]
- PodSecurityPolicySubjectReview [security.openshift.io/v1]
- RangeAllocation [security.openshift.io/v1]
- Secret [undefined/v1]
- SecurityContextConstraints [security.openshift.io/v1]
- ServiceAccount [undefined/v1]
-
Storage APIs
- About Storage APIs
- CSIDriver [storage.k8s.io/v1]
- CSINode [storage.k8s.io/v1]
- CSIStorageCapacity [storage.k8s.io/v1]
- PersistentVolume [undefined/v1]
- PersistentVolumeClaim [undefined/v1]
- StorageClass [storage.k8s.io/v1]
- StorageState [migration.k8s.io/v1alpha1]
- StorageVersionMigration [migration.k8s.io/v1alpha1]
- VolumeAttachment [storage.k8s.io/v1]
- VolumeSnapshot [snapshot.storage.k8s.io/v1]
- VolumeSnapshotClass [snapshot.storage.k8s.io/v1]
- VolumeSnapshotContent [snapshot.storage.k8s.io/v1]
- Template APIs
- User and group APIs
-
Workloads APIs
- About Workloads APIs
- BuildConfig [build.openshift.io/v1]
- Build [build.openshift.io/v1]
- BuildLog [build.openshift.io/v1]
- BuildRequest [build.openshift.io/v1]
- CronJob [batch/v1]
- DaemonSet [apps/v1]
- Deployment [apps/v1]
- DeploymentConfig [apps.openshift.io/v1]
- DeploymentConfigRollback [apps.openshift.io/v1]
- DeploymentLog [apps.openshift.io/v1]
- DeploymentRequest [apps.openshift.io/v1]
- Job [batch/v1]
- Pod [undefined/v1]
- ReplicationController [undefined/v1]
- ReplicaSet [apps/v1]
- StatefulSet [apps/v1]
-
Virtualization
- About OpenShift Virtualization
- About OKD Virtualization
- Getting started with OKD Virtualization
- Installing
- Updating OKD Virtualization
- Security policies
- Using the CLI tools
-
Virtual machines
- Creating virtual machines
- Editing virtual machines
- Editing boot order
- Deleting virtual machines
- Exporting virtual machines
- Managing virtual machine instances
- Controlling virtual machine states
- Accessing virtual machine consoles
- Automating Windows installation with sysprep
- Triggering virtual machine failover by resolving a failed node
- Installing the QEMU guest agent on virtual machines
- Viewing the QEMU guest agent information for virtual machines
- Managing config maps, secrets, and service accounts in virtual machines
- Installing VirtIO driver on an existing Windows virtual machine
- Installing VirtIO driver on a new Windows virtual machine
- Using virtual Trusted Platform Module devices
- Managing virtual machines with OpenShift Pipelines
-
Advanced virtual machine management
- Working with resource quotas for virtual machines
- Specifying nodes for virtual machines
- Configuring certificate rotation
- UEFI mode for virtual machines
- Configuring PXE booting for virtual machines
- Using huge pages with virtual machines
- Enabling dedicated resources for a virtual machine
- Scheduling virtual machines
- Configuring PCI passthrough
- Configuring vGPU passthrough
- Configuring mediated devices
- Automatic importing and updating of pre-defined boot sources
- Enabling descheduler evictions on virtual machines
- Importing virtual machines
- Cloning virtual machines
-
Virtual machine networking
- Configuring a virtual machine for the default pod network with OKD Virtualization
- Creating a service to expose a virtual machine
- Connecting a virtual machine to a Linux bridge network
- Connecting a virtual machine to an SR-IOV network
- Connecting a virtual machine to a service mesh
- Configuring IP addresses for virtual machines
- Viewing the IP address of NICs on a virtual machine
- Using a MAC address pool for virtual machines
-
Virtual machine disks
- Features for storage
- Configuring local storage for virtual machines
- Creating data volumes
- Reserving PVC space for file system overhead
- Configuring CDI to work with namespaces that have a compute resource quota
- Managing data volume annotations
- Using preallocation for data volumes
- Uploading local disk images by using the web console
- Uploading local disk images by using the virtctl tool
- Uploading a local disk image to a block storage data volume
- Managing virtual machine snapshots
- Moving a local virtual machine disk to a different node
- Expanding virtual storage by adding blank disk images
- Cloning a data volume using smart-cloning
- Creating and using boot sources
- Hot plugging virtual disks
- Using container disks with virtual machines
- Preparing CDI scratch space
- Re-using statically provisioned persistent volumes
- Expanding a virtual machine disk
- Virtual machine templates
-
Live migration
- Virtual machine live migration
- Live migration limits and timeouts
- Migrating a virtual machine instance to another node
- Migrating a virtual machine over a dedicated additional network
- Cancelling the live migration of a virtual machine instance
- Configuring virtual machine eviction strategy
- Configuring live migration policies
- Node maintenance
- Support
- Backup and restore
×
Creating infrastructure machine sets
|
This process is not applicable for clusters with manually provisioned machines. You can use the advanced machine management and scaling capabilities only in clusters where the Machine API is operational. |
You can use infrastructure machine sets to create machines that host only infrastructure components, such as the default router, the integrated container image registry, and the components for cluster metrics and monitoring. These infrastructure machines are not counted toward the total number of subscriptions that are required to run the environment.
In a production deployment, it is recommended that you deploy at least three machine sets to hold infrastructure components. Both OpenShift Logging and Red Hat OpenShift Service Mesh deploy Elasticsearch, which requires three instances to be installed on different nodes. Each of these nodes can be deployed to different availability zones for high availability. This configuration requires three different machine sets, one for each availability zone. In global Azure regions that do not have multiple availability zones, you can use availability sets to ensure high availability.
OKD infrastructure components
The following infrastructure workloads do not incur OKD worker subscriptions:
-
Kubernetes and OKD control plane services that run on masters
-
The default router
-
The integrated container image registry
-
The HAProxy-based Ingress Controller
-
The cluster metrics collection, or monitoring service, including components for monitoring user-defined projects
-
Cluster aggregated logging
-
Service brokers
-
Red Hat Quay
-
Red Hat OpenShift Data Foundation
-
Red Hat Advanced Cluster Manager
-
Red Hat Advanced Cluster Security for Kubernetes
-
Red Hat OpenShift GitOps
-
Red Hat OpenShift Pipelines
Any node that runs any other container, pod, or component is a worker node that your subscription must cover.
For information about infrastructure nodes and which components can run on infrastructure nodes, see the "Red Hat OpenShift control plane and infrastructure nodes" section in the OpenShift sizing and subscription guide for enterprise Kubernetes document.
To create an infrastructure node, you can use a machine set, label the node, or use a machine config pool.
Creating infrastructure machine sets for production environments
In a production deployment, it is recommended that you deploy at least three compute machine sets to hold infrastructure components. Both OpenShift Logging and Red Hat OpenShift Service Mesh deploy Elasticsearch, which requires three instances to be installed on different nodes. Each of these nodes can be deployed to different availability zones for high availability. A configuration like this requires three different compute machine sets, one for each availability zone. In global Azure regions that do not have multiple availability zones, you can use availability sets to ensure high availability.
Creating infrastructure machine sets for different clouds
Use the sample compute machine set for your cloud.
Sample YAML for a compute machine set custom resource on Alibaba Cloud
This sample YAML defines a compute machine set that runs in a specified Alibaba Cloud zone in a region and creates nodes that are labeled with
node-role.kubernetes.io/infra: "".
In this sample, <infrastructure_id> is the infrastructure ID label that is based on the cluster ID that you set when you provisioned the cluster, and
<infra>
is the node label to add.
| 1 | Specify the infrastructure ID that is based on the cluster ID that you set when you provisioned the cluster. If you have the OpenShift CLI (oc) installed, you can obtain the infrastructure ID by running the following command:
|
| 2 | Specify the <infra> node label. |
| 3 | Specify the infrastructure ID, <infra> node label, and zone. |
| 4 | Specify the image to use. Use an image from an existing default compute machine set for the cluster. |
| 5 | Specify the instance type you want to use for the compute machine set. |
| 6 | Specify the name of the RAM role to use for the compute machine set. Use the value that the installer populates in the default compute machine set. |
| 7 | Specify the region to place machines on. |
| 8 | Specify the resource group and type for the cluster. You can use the value that the installer populates in the default compute machine set, or specify a different one. |
| 9 | Specify the tags to use for the compute machine set. Minimally, you must include the tags shown in this example, with appropriate values for your cluster. You can include additional tags, including the tags that the installer populates in the default compute machine set it creates, as needed. |
| 10 | Specify the type and size of the root disk. Use the category value that the installer populates in the default compute machine set it creates. If required, specify a different value in gigabytes for size. |
| 11 | Specify the name of the secret in the user data YAML file that is in the openshift-machine-api namespace. Use the value that the installer populates in the default compute machine set. |
| 12 | Specify the zone within your region to place machines on. Be sure that your region supports the zone that you specify. |
| 13 | Specify a taint to prevent user workloads from being scheduled on infra nodes. |
Machine set parameters for Alibaba Cloud usage statistics
The default compute machine sets that the installer creates for Alibaba Cloud clusters include nonessential tag values that Alibaba Cloud uses internally to track usage statistics. These tags are populated in the securityGroups, tag, and vSwitch parameters of the spec.template.spec.providerSpec.value list.
When creating compute machine sets to deploy additional machines, you must include the required Kubernetes tags. The usage statistics tags are applied by default, even if they are not specified in the compute machine sets you create. You can also include additional tags as needed.
The following YAML snippets indicate which tags in the default compute machine sets are optional and which are required.
Tags in
spec.template.spec.providerSpec.value.securityGroupsspec:
template:
spec:
providerSpec:
value:
securityGroups:
- tags:
- Key: kubernetes.io/cluster/<infrastructure_id> (1)
Value: owned
- Key: GISV
Value: ocp
- Key: sigs.k8s.io/cloud-provider-alibaba/origin (1)
Value: ocp
- Key: Name
Value: <infrastructure_id>-sg-<role> (2)
type: Tags| 1 | Optional: This tag is applied even when not specified in the compute machine set. |
| 2 | Required.
where:
|
Tags in
spec.template.spec.providerSpec.value.tagspec:
template:
spec:
providerSpec:
value:
tag:
- Key: kubernetes.io/cluster/<infrastructure_id> (2)
Value: owned
- Key: GISV (1)
Value: ocp
- Key: sigs.k8s.io/cloud-provider-alibaba/origin (1)
Value: ocp| 1 | Optional: This tag is applied even when not specified in the compute machine set. |
| 2 | Required.
where |
Tags in
spec.template.spec.providerSpec.value.vSwitchspec:
template:
spec:
providerSpec:
value:
vSwitch:
tags:
- Key: kubernetes.io/cluster/<infrastructure_id> (1)
Value: owned
- Key: GISV (1)
Value: ocp
- Key: sigs.k8s.io/cloud-provider-alibaba/origin (1)
Value: ocp
- Key: Name
Value: <infrastructure_id>-vswitch-<zone> (2)
type: Tags| 1 | Optional: This tag is applied even when not specified in the compute machine set. |
| 2 | Required.
where:
|
Sample YAML for a compute machine set custom resource on AWS
This sample YAML defines a compute machine set that runs in the us-east-1a Amazon Web Services (AWS) zone and creates nodes that are labeled with
node-role.kubernetes.io/infra: "".
In this sample, <infrastructure_id> is the infrastructure ID label that is based on the cluster ID that you set when you provisioned the cluster, and
<infra>
is the node label to add.
apiVersion: machine.openshift.io/v1beta1
kind: MachineSet
metadata:
labels:
machine.openshift.io/cluster-api-cluster: <infrastructure_id> (1)
name: <infrastructure_id>-infra-<zone> (2)
namespace: openshift-machine-api
spec:
replicas: 1
selector:
matchLabels:
machine.openshift.io/cluster-api-cluster: <infrastructure_id> (1)
machine.openshift.io/cluster-api-machineset: <infrastructure_id>-infra-<zone> (2)
template:
metadata:
labels:
machine.openshift.io/cluster-api-cluster: <infrastructure_id> (1)
machine.openshift.io/cluster-api-machine-role: infra (3)
machine.openshift.io/cluster-api-machine-type: infra (3)
machine.openshift.io/cluster-api-machineset: <infrastructure_id>-infra-<zone> (2)
spec:
metadata:
labels:
node-role.kubernetes.io/infra: "" (3)
providerSpec:
value:
ami:
id: ami-046fe691f52a953f9 (4)
apiVersion: awsproviderconfig.openshift.io/v1beta1
blockDevices:
- ebs:
iops: 0
volumeSize: 120
volumeType: gp2
credentialsSecret:
name: aws-cloud-credentials
deviceIndex: 0
iamInstanceProfile:
id: <infrastructure_id>-worker-profile (1)
instanceType: m6i.large
kind: AWSMachineProviderConfig
placement:
availabilityZone: <zone> (6)
region: <region> (7)
securityGroups:
- filters:
- name: tag:Name
values:
- <infrastructure_id>-worker-sg (1)
subnet:
filters:
- name: tag:Name
values:
- <infrastructure_id>-private-<zone> (8)
tags:
- name: kubernetes.io/cluster/<infrastructure_id> (1)
value: owned
- name: <custom_tag_name> (5)
value: <custom_tag_value> (5)
userDataSecret:
name: worker-user-data
taints: (9)
- key: node-role.kubernetes.io/infra
effect: NoSchedule| 1 | Specify the infrastructure ID that is based on the cluster ID that you set when you provisioned the cluster. If you have the OpenShift CLI installed, you can obtain the infrastructure ID by running the following command:
|
||
| 2 | Specify the infrastructure ID, infra role node label, and zone. |
||
| 3 | Specify the infra role node label. |
||
| 4 | Specify a valid Fedora CoreOS (FCOS) Amazon
Machine Image (AMI) for your AWS zone for your OKD nodes. If you want to use an AWS Marketplace image, you must complete the OKD subscription from the AWS Marketplace to obtain an AMI ID for your region.
|
||
| 5 | Optional: Specify custom tag data for your cluster. For example, you might add an admin contact email address by specifying a name:value pair of Email:admin-email@example.com.
|
||
| 6 | Specify the zone, for example, us-east-1a. |
||
| 7 | Specify the region, for example, us-east-1. |
||
| 8 | Specify the infrastructure ID and zone. | ||
| 9 | Specify a taint to prevent user workloads from being scheduled on infra nodes. |
Machine sets running on AWS support non-guaranteed Spot Instances. You can save on costs by using Spot Instances at a lower price compared to
On-Demand Instances on AWS. Configure Spot Instances by adding spotMarketOptions to the MachineSet YAML file.
Sample YAML for a compute machine set custom resource on Azure
This sample YAML defines a compute machine set that runs in the 1 Microsoft Azure zone in a region and creates nodes that are labeled with
node-role.kubernetes.io/infra: "".
In this sample, <infrastructure_id> is the infrastructure ID label that is based on the cluster ID that you set when you provisioned the cluster, and
<infra>
is the node label to add.
apiVersion: machine.openshift.io/v1beta1
kind: MachineSet
metadata:
labels:
machine.openshift.io/cluster-api-cluster: <infrastructure_id> (1)
machine.openshift.io/cluster-api-machine-role: <infra> (2)
machine.openshift.io/cluster-api-machine-type: <infra> (2)
name: <infrastructure_id>-infra-<region> (3)
namespace: openshift-machine-api
spec:
replicas: 1
selector:
matchLabels:
machine.openshift.io/cluster-api-cluster: <infrastructure_id> (1)
machine.openshift.io/cluster-api-machineset: <infrastructure_id>-infra-<region> (3)
template:
metadata:
creationTimestamp: null
labels:
machine.openshift.io/cluster-api-cluster: <infrastructure_id> (1)
machine.openshift.io/cluster-api-machine-role: <infra> (2)
machine.openshift.io/cluster-api-machine-type: <infra> (2)
machine.openshift.io/cluster-api-machineset: <infrastructure_id>-infra-<region> (3)
spec:
metadata:
creationTimestamp: null
labels:
machine.openshift.io/cluster-api-machineset: <machineset_name> (4)
node-role.kubernetes.io/infra: "" (2)
providerSpec:
value:
apiVersion: azureproviderconfig.openshift.io/v1beta1
credentialsSecret:
name: azure-cloud-credentials
namespace: openshift-machine-api
image: (5)
offer: ""
publisher: ""
resourceID: /resourceGroups/<infrastructure_id>-rg/providers/Microsoft.Compute/images/<infrastructure_id> (6)
sku: ""
version: ""
internalLoadBalancer: ""
kind: AzureMachineProviderSpec
location: <region> (7)
managedIdentity: <infrastructure_id>-identity (1)
metadata:
creationTimestamp: null
natRule: null
networkResourceGroup: ""
osDisk:
diskSizeGB: 128
managedDisk:
storageAccountType: Premium_LRS
osType: Linux
publicIP: false
publicLoadBalancer: ""
resourceGroup: <infrastructure_id>-rg (1)
sshPrivateKey: ""
sshPublicKey: ""
tags:
- name: <custom_tag_name> (9)
value: <custom_tag_value> (9)
subnet: <infrastructure_id>-<role>-subnet (1) (2)
userDataSecret:
name: worker-user-data (2)
vmSize: Standard_D4s_v3
vnet: <infrastructure_id>-vnet (1)
zone: "1" (8)
taints: (10)
- key: node-role.kubernetes.io/infra
effect: NoSchedule| 1 | Specify the infrastructure ID that is based on the cluster ID that you set when you provisioned the cluster. If you have the OpenShift CLI installed, you can obtain the infrastructure ID by running the following command:
You can obtain the subnet by running the following command: You can obtain the vnet by running the following command: |
| 2 | Specify the <infra> node label. |
| 3 | Specify the infrastructure ID, <infra> node label, and region. |
| 4 | Optional: Specify the compute machine set name to enable the use of availability sets. This setting only applies to new compute machines. |
| 5 | Specify the image details for your compute machine set. If you want to use an Azure Marketplace image, see "Selecting an Azure Marketplace image". |
| 6 | Specify an image that is compatible with your instance type. The Hyper-V generation V2 images created by the installation program have a -gen2 suffix, while V1 images have the same name without the suffix. |
| 7 | Specify the region to place machines on. |
| 8 | Specify the zone within your region to place machines on. Be sure that your region supports the zone that you specify. |
| 9 | Optional: Specify custom tags in your machine set. Provide the tag name in <custom_tag_name> field and the corresponding tag value in <custom_tag_value> field. |
| 10 | Specify a taint to prevent user workloads from being scheduled on infra nodes. |
Machine sets running on Azure support non-guaranteed Spot VMs. You can save on costs by using Spot VMs at a lower price compared to standard VMs on Azure. You can configure Spot VMs by adding spotVMOptions to the MachineSet YAML file.
Additional resources
Sample YAML for a compute machine set custom resource on Azure Stack Hub
This sample YAML defines a compute machine set that runs in the 1 Microsoft Azure zone in a region and creates nodes that are labeled with
node-role.kubernetes.io/infra: "".
In this sample, <infrastructure_id> is the infrastructure ID label that is based on the cluster ID that you set when you provisioned the cluster, and
<infra>
is the node label to add.
apiVersion: machine.openshift.io/v1beta1
kind: MachineSet
metadata:
labels:
machine.openshift.io/cluster-api-cluster: <infrastructure_id> (1)
machine.openshift.io/cluster-api-machine-role: <infra> (2)
machine.openshift.io/cluster-api-machine-type: <infra> (2)
name: <infrastructure_id>-infra-<region> (3)
namespace: openshift-machine-api
spec:
replicas: 1
selector:
matchLabels:
machine.openshift.io/cluster-api-cluster: <infrastructure_id> (1)
machine.openshift.io/cluster-api-machineset: <infrastructure_id>-infra-<region> (3)
template:
metadata:
creationTimestamp: null
labels:
machine.openshift.io/cluster-api-cluster: <infrastructure_id> (1)
machine.openshift.io/cluster-api-machine-role: <infra> (2)
machine.openshift.io/cluster-api-machine-type: <infra> (2)
machine.openshift.io/cluster-api-machineset: <infrastructure_id>-infra-<region> (3)
spec:
metadata:
creationTimestamp: null
labels:
node-role.kubernetes.io/infra: "" (2)
taints: (4)
- key: node-role.kubernetes.io/infra
effect: NoSchedule
providerSpec:
value:
apiVersion: machine.openshift.io/v1beta1
availabilitySet: <availability_set> (6)
credentialsSecret:
name: azure-cloud-credentials
namespace: openshift-machine-api
image:
offer: ""
publisher: ""
resourceID: /resourceGroups/<infrastructure_id>-rg/providers/Microsoft.Compute/images/<infrastructure_id> (1)
sku: ""
version: ""
internalLoadBalancer: ""
kind: AzureMachineProviderSpec
location: <region> (5)
managedIdentity: <infrastructure_id>-identity (1)
metadata:
creationTimestamp: null
natRule: null
networkResourceGroup: ""
osDisk:
diskSizeGB: 128
managedDisk:
storageAccountType: Premium_LRS
osType: Linux
publicIP: false
publicLoadBalancer: ""
resourceGroup: <infrastructure_id>-rg (1)
sshPrivateKey: ""
sshPublicKey: ""
subnet: <infrastructure_id>-<role>-subnet (1) (2)
userDataSecret:
name: worker-user-data (2)
vmSize: Standard_DS4_v2
vnet: <infrastructure_id>-vnet (1)
zone: "1" (7)| 1 | Specify the infrastructure ID that is based on the cluster ID that you set when you provisioned the cluster. If you have the OpenShift CLI installed, you can obtain the infrastructure ID by running the following command:
You can obtain the subnet by running the following command: You can obtain the vnet by running the following command: |
| 2 | Specify the <infra> node label. |
| 3 | Specify the infrastructure ID, <infra> node label, and region. |
| 4 | Specify a taint to prevent user workloads from being scheduled on infra nodes. |
| 5 | Specify the region to place machines on. |
| 6 | Specify the availability set for the cluster. |
| 7 | Specify the zone within your region to place machines on. Be sure that your region supports the zone that you specify. |
|
Machine sets running on Azure Stack Hub do not support non-guaranteed Spot VMs. |
Sample YAML for a compute machine set custom resource on IBM Cloud
This sample YAML defines a compute machine set that runs in a specified IBM Cloud zone in a region and creates nodes that are labeled with
node-role.kubernetes.io/infra: "".
In this sample, <infrastructure_id> is the infrastructure ID label that is based on the cluster ID that you set when you provisioned the cluster, and
<infra>
is the node label to add.
apiVersion: machine.openshift.io/v1beta1
kind: MachineSet
metadata:
labels:
machine.openshift.io/cluster-api-cluster: <infrastructure_id> (1)
machine.openshift.io/cluster-api-machine-role: <infra> (2)
machine.openshift.io/cluster-api-machine-type: <infra> (2)
name: <infrastructure_id>-<infra>-<region> (3)
namespace: openshift-machine-api
spec:
replicas: 1
selector:
matchLabels:
machine.openshift.io/cluster-api-cluster: <infrastructure_id> (1)
machine.openshift.io/cluster-api-machineset: <infrastructure_id>-<infra>-<region> (3)
template:
metadata:
labels:
machine.openshift.io/cluster-api-cluster: <infrastructure_id> (1)
machine.openshift.io/cluster-api-machine-role: <infra> (2)
machine.openshift.io/cluster-api-machine-type: <infra> (2)
machine.openshift.io/cluster-api-machineset: <infrastructure_id>-<infra>-<region> (3)
spec:
metadata:
labels:
node-role.kubernetes.io/infra: ""
providerSpec:
value:
apiVersion: ibmcloudproviderconfig.openshift.io/v1beta1
credentialsSecret:
name: ibmcloud-credentials
image: <infrastructure_id>-rhcos (4)
kind: IBMCloudMachineProviderSpec
primaryNetworkInterface:
securityGroups:
- <infrastructure_id>-sg-cluster-wide
- <infrastructure_id>-sg-openshift-net
subnet: <infrastructure_id>-subnet-compute-<zone> (5)
profile: <instance_profile> (6)
region: <region> (7)
resourceGroup: <resource_group> (8)
userDataSecret:
name: <role>-user-data (2)
vpc: <vpc_name> (9)
zone: <zone> (10)
taints: (11)
- key: node-role.kubernetes.io/infra
effect: NoSchedule| 1 | The infrastructure ID that is based on the cluster ID that you set when you provisioned the cluster. If you have the OpenShift CLI installed, you can obtain the infrastructure ID by running the following command:
|
| 2 | The <infra> node label. |
| 3 | The infrastructure ID, <infra> node label, and region. |
| 4 | The custom Fedora CoreOS (FCOS) image that was used for cluster installation. |
| 5 | The infrastructure ID and zone within your region to place machines on. Be sure that your region supports the zone that you specify. |
| 6 | Specify the IBM Cloud instance profile. |
| 7 | Specify the region to place machines on. |
| 8 | The resource group that machine resources are placed in. This is either an existing resource group specified at installation time, or an installer-created resource group named based on the infrastructure ID. |
| 9 | The VPC name. |
| 10 | Specify the zone within your region to place machines on. Be sure that your region supports the zone that you specify. |
| 11 | The taint to prevent user workloads from being scheduled on infra nodes. |
Sample YAML for a compute machine set custom resource on GCP
This sample YAML defines a compute machine set that runs in Google Cloud Platform (GCP) and creates nodes that are labeled with
node-role.kubernetes.io/infra: "",
where
infra
is the node label to add.
Values obtained by using the OpenShift CLI
In the following example, you can obtain some of the values for your cluster by using the OpenShift CLI.
- Infrastructure ID
-
The
<infrastructure_id>string is the infrastructure ID that is based on the cluster ID that you set when you provisioned the cluster. If you have the OpenShift CLI installed, you can obtain the infrastructure ID by running the following command:$ oc get -o jsonpath='{.status.infrastructureName}{"\n"}' infrastructure cluster - Image path
-
The
<path_to_image>string is the path to the image that was used to create the disk. If you have the OpenShift CLI installed, you can obtain the path to the image by running the following command:$ oc -n openshift-machine-api \ -o jsonpath='{.spec.template.spec.providerSpec.value.disks[0].image}{"\n"}' \ get machineset/<infrastructure_id>-worker-a
Sample GCP
MachineSet valuesapiVersion: machine.openshift.io/v1beta1
kind: MachineSet
metadata:
labels:
machine.openshift.io/cluster-api-cluster: <infrastructure_id> (1)
name: <infrastructure_id>-w-a
namespace: openshift-machine-api
spec:
replicas: 1
selector:
matchLabels:
machine.openshift.io/cluster-api-cluster: <infrastructure_id>
machine.openshift.io/cluster-api-machineset: <infrastructure_id>-w-a
template:
metadata:
creationTimestamp: null
labels:
machine.openshift.io/cluster-api-cluster: <infrastructure_id>
machine.openshift.io/cluster-api-machine-role: <infra> (2)
machine.openshift.io/cluster-api-machine-type: <infra>
machine.openshift.io/cluster-api-machineset: <infrastructure_id>-w-a
spec:
metadata:
labels:
node-role.kubernetes.io/infra: ""
providerSpec:
value:
apiVersion: gcpprovider.openshift.io/v1beta1
canIPForward: false
credentialsSecret:
name: gcp-cloud-credentials
deletionProtection: false
disks:
- autoDelete: true
boot: true
image: <path_to_image> (3)
labels: null
sizeGb: 128
type: pd-ssd
gcpMetadata: (4)
- key: <custom_metadata_key>
value: <custom_metadata_value>
kind: GCPMachineProviderSpec
machineType: n1-standard-4
metadata:
creationTimestamp: null
networkInterfaces:
- network: <infrastructure_id>-network
subnetwork: <infrastructure_id>-worker-subnet
projectID: <project_name> (5)
region: us-central1
serviceAccounts:
- email: <infrastructure_id>-w@<project_name>.iam.gserviceaccount.com
scopes:
- https://www.googleapis.com/auth/cloud-platform
tags:
- <infrastructure_id>-worker
userDataSecret:
name: worker-user-data
zone: us-central1-a
taints: (6)
- key: node-role.kubernetes.io/infra
effect: NoSchedule| 1 | For <infrastructure_id>, specify the infrastructure ID that is based on the cluster ID that you set when you provisioned the cluster. |
| 2 | For <infra>, specify the <infra> node label. |
| 3 | Specify the path to the image that is used in current compute machine sets.
To use a GCP Marketplace image, specify the offer to use:
|
| 4 | Optional: Specify custom metadata in the form of a key:value pair. For example use cases, see the GCP documentation for setting custom metadata. |
| 5 | For <project_name>, specify the name of the GCP project that you use for your cluster. |
| 6 | Specify a taint to prevent user workloads from being scheduled on infra nodes. |
Machine sets running on GCP support non-guaranteed preemptible VM instances. You can save on costs by using preemptible VM instances at a lower price
compared to normal instances on GCP. You can configure preemptible VM instances by adding preemptible to the MachineSet YAML file.
Sample YAML for a compute machine set custom resource on Nutanix
This sample YAML defines a Nutanix compute machine set that creates nodes that are labeled with
node-role.kubernetes.io/infra: "".
In this sample, <infrastructure_id> is the infrastructure ID label that is based on the cluster ID that you set when you provisioned the cluster, and
<infra>
is the node label to add.
apiVersion: machine.openshift.io/v1beta1
kind: MachineSet
metadata:
labels:
machine.openshift.io/cluster-api-cluster: <infrastructure_id> (1)
machine.openshift.io/cluster-api-machine-role: <infra> (2)
machine.openshift.io/cluster-api-machine-type: <infra> (2)
name: <infrastructure_id>-<infra>-<zone> (3)
namespace: openshift-machine-api
annotations: (4)
machine.openshift.io/memoryMb: "16384"
machine.openshift.io/vCPU: "4"
spec:
replicas: 3
selector:
matchLabels:
machine.openshift.io/cluster-api-cluster: <infrastructure_id> (1)
machine.openshift.io/cluster-api-machineset: <infrastructure_id>-<infra>-<zone> (3)
template:
metadata:
labels:
machine.openshift.io/cluster-api-cluster: <infrastructure_id> (1)
machine.openshift.io/cluster-api-machine-role: <infra> (2)
machine.openshift.io/cluster-api-machine-type: <infra> (2)
machine.openshift.io/cluster-api-machineset: <infrastructure_id>-<infra>-<zone> (3)
spec:
metadata:
labels:
node-role.kubernetes.io/infra: ""
providerSpec:
value:
apiVersion: machine.openshift.io/v1
cluster:
type: uuid
uuid: <cluster_uuid>
credentialsSecret:
name: nutanix-creds-secret
image:
name: <infrastructure_id>-rhcos (5)
type: name
kind: NutanixMachineProviderConfig
memorySize: 16Gi (6)
subnets:
- type: uuid
uuid: <subnet_uuid>
systemDiskSize: 120Gi (7)
userDataSecret:
name: <user_data_secret> (8)
vcpuSockets: 4 (9)
vcpusPerSocket: 1 (10)
taints: (11)
- key: node-role.kubernetes.io/infra
effect: NoSchedule| 1 | Specify the infrastructure ID that is based on the cluster ID that you set when you provisioned the cluster. If you have the OpenShift CLI (oc) installed, you can obtain the infrastructure ID by running the following command:
|
| 2 | Specify the <infra> node label. |
| 3 | Specify the infrastructure ID, <infra> node label, and zone. |
| 4 | Annotations for the cluster autoscaler. |
| 5 | Specify the image to use. Use an image from an existing default compute machine set for the cluster. |
| 6 | Specify the amount of memory for the cluster in Gi. |
| 7 | Specify the size of the system disk in Gi. |
| 8 | Specify the name of the secret in the user data YAML file that is in the openshift-machine-api namespace. Use the value that the installer populates in the default compute machine set. |
| 9 | Specify the number of vCPU sockets. |
| 10 | Specify the number of vCPUs per socket. |
| 11 | Specify a taint to prevent user workloads from being scheduled on infra nodes. |
Sample YAML for a compute machine set custom resource on OpenStack
This sample YAML defines a compute machine set that runs on OpenStack and creates nodes that are labeled with
node-role.kubernetes.io/infra: "".
In this sample, <infrastructure_id> is the infrastructure ID label that is based on the cluster ID that you set when you provisioned the cluster, and
<infra>
is the node label to add.
apiVersion: machine.openshift.io/v1beta1
kind: MachineSet
metadata:
labels:
machine.openshift.io/cluster-api-cluster: <infrastructure_id> (1)
machine.openshift.io/cluster-api-machine-role: <infra> (2)
machine.openshift.io/cluster-api-machine-type: <infra> (2)
name: <infrastructure_id>-infra (3)
namespace: openshift-machine-api
spec:
replicas: <number_of_replicas>
selector:
matchLabels:
machine.openshift.io/cluster-api-cluster: <infrastructure_id> (1)
machine.openshift.io/cluster-api-machineset: <infrastructure_id>-infra (3)
template:
metadata:
labels:
machine.openshift.io/cluster-api-cluster: <infrastructure_id> (1)
machine.openshift.io/cluster-api-machine-role: <infra> (2)
machine.openshift.io/cluster-api-machine-type: <infra> (2)
machine.openshift.io/cluster-api-machineset: <infrastructure_id>-infra (3)
spec:
metadata:
creationTimestamp: null
labels:
node-role.kubernetes.io/infra: ""
taints: (4)
- key: node-role.kubernetes.io/infra
effect: NoSchedule
providerSpec:
value:
apiVersion: openstackproviderconfig.openshift.io/v1alpha1
cloudName: openstack
cloudsSecret:
name: openstack-cloud-credentials
namespace: openshift-machine-api
flavor: <nova_flavor>
image: <glance_image_name_or_location>
serverGroupID: <optional_UUID_of_server_group> (5)
kind: OpenstackProviderSpec
networks: (6)
- filter: {}
subnets:
- filter:
name: <subnet_name>
tags: openshiftClusterID=<infrastructure_id> (1)
primarySubnet: <rhosp_subnet_UUID> (7)
securityGroups:
- filter: {}
name: <infrastructure_id>-worker (1)
serverMetadata:
Name: <infrastructure_id>-worker (1)
openshiftClusterID: <infrastructure_id> (1)
tags:
- openshiftClusterID=<infrastructure_id> (1)
trunk: true
userDataSecret:
name: worker-user-data (2)
availabilityZone: <optional_openstack_availability_zone>| 1 | Specify the infrastructure ID that is based on the cluster ID that you set when you provisioned the cluster. If you have the OpenShift CLI installed, you can obtain the infrastructure ID by running the following command:
|
| 2 | Specify the <infra> node label. |
| 3 | Specify the infrastructure ID and <infra> node label. |
| 4 | Specify a taint to prevent user workloads from being scheduled on infra nodes. |
| 5 | To set a server group policy for the MachineSet, enter the value that is returned from
creating a server group. For most deployments, anti-affinity or soft-anti-affinity policies are recommended. |
| 6 | Required for deployments to multiple networks. If deploying to multiple networks, this list must include the network that is used as the primarySubnet value. |
| 7 | Specify the OpenStack subnet that you want the endpoints of nodes to be published on. Usually, this is the same subnet that is used as the value of machinesSubnet in the install-config.yaml file. |
Sample YAML for a compute machine set custom resource on oVirt
This sample YAML defines a compute machine set that runs on oVirt and creates nodes that are labeled with node-role.kubernetes.io/<node_role>: "".
In this sample, <infrastructure_id> is the infrastructure ID label that is based on the cluster ID that you set when you provisioned the cluster, and <role> is the node label to add.
apiVersion: machine.openshift.io/v1beta1
kind: MachineSet
metadata:
labels:
machine.openshift.io/cluster-api-cluster: <infrastructure_id> (1)
machine.openshift.io/cluster-api-machine-role: <role> (2)
machine.openshift.io/cluster-api-machine-type: <role> (2)
name: <infrastructure_id>-<role> (3)
namespace: openshift-machine-api
spec:
replicas: <number_of_replicas> (4)
Selector: (5)
matchLabels:
machine.openshift.io/cluster-api-cluster: <infrastructure_id> (1)
machine.openshift.io/cluster-api-machineset: <infrastructure_id>-<role> (3)
template:
metadata:
labels:
machine.openshift.io/cluster-api-cluster: <infrastructure_id> (1)
machine.openshift.io/cluster-api-machine-role: <role> (2)
machine.openshift.io/cluster-api-machine-type: <role> (2)
machine.openshift.io/cluster-api-machineset: <infrastructure_id>-<role> (3)
spec:
metadata:
labels:
node-role.kubernetes.io/<role>: "" (2)
providerSpec:
value:
apiVersion: ovirtproviderconfig.machine.openshift.io/v1beta1
cluster_id: <ovirt_cluster_id> (6)
template_name: <ovirt_template_name> (7)
sparse: <boolean_value> (8)
format: <raw_or_cow> (9)
cpu: (10)
sockets: <number_of_sockets> (11)
cores: <number_of_cores> (12)
threads: <number_of_threads> (13)
memory_mb: <memory_size> (14)
guaranteed_memory_mb: <memory_size> (15)
os_disk: (16)
size_gb: <disk_size> (17)
storage_domain_id: <storage_domain_UUID> (18)
network_interfaces: (19)
vnic_profile_id: <vnic_profile_id> (20)
credentialsSecret:
name: ovirt-credentials (21)
kind: OvirtMachineProviderSpec
type: <workload_type> (22)
auto_pinning_policy: <auto_pinning_policy> (23)
hugepages: <hugepages> (24)
affinityGroupsNames:
- compute (25)
userDataSecret:
name: worker-user-data| 1 | Specify the infrastructure ID that is based on the cluster ID that you set when you provisioned the cluster. If you have the OpenShift CLI (oc) installed, you can obtain the infrastructure ID by running the following command:
|
||
| 2 | Specify the node label to add. | ||
| 3 | Specify the infrastructure ID and node label. These two strings together cannot be longer than 35 characters. | ||
| 4 | Specify the number of machines to create. | ||
| 5 | Selector for the machines. | ||
| 6 | Specify the UUID for the oVirt cluster to which this VM instance belongs. | ||
| 7 | Specify the oVirt VM template to use to create the machine. | ||
| 8 | Setting this option to false enables preallocation of disks. The default is true. Setting sparse to true with format set to raw is not available for block storage domains. The raw format writes the entire virtual disk to the underlying physical disk. |
||
| 9 | Can be set to cow or raw. The default is cow. The cow format is optimized for virtual machines.
|
||
| 10 | Optional: The CPU field contains the CPU configuration, including sockets, cores, and threads. | ||
| 11 | Optional: Specify the number of sockets for a VM. | ||
| 12 | Optional: Specify the number of cores per socket. | ||
| 13 | Optional: Specify the number of threads per core. | ||
| 14 | Optional: Specify the size of a VM’s memory in MiB. | ||
| 15 | Optional: Specify the size of a virtual machine’s guaranteed memory in MiB. This is the amount of memory that is guaranteed not to be drained by the ballooning mechanism. For more information, see Memory Ballooning and Optimization Settings Explained.
|
||
| 16 | Optional: Root disk of the node. | ||
| 17 | Optional: Specify the size of the bootable disk in GiB. | ||
| 18 | Optional: Specify the UUID of the storage domain for the compute node’s disks. If none is provided, the compute node is created on the same storage domain as the control nodes. (default) | ||
| 19 | Optional: List of the network interfaces of the VM. If you include this parameter, OKD discards all network interfaces from the template and creates new ones. | ||
| 20 | Optional: Specify the vNIC profile ID. | ||
| 21 | Specify the name of the secret object that holds the oVirt credentials. | ||
| 22 | Optional: Specify the workload type for which the instance is optimized. This value affects the oVirt VM parameter. Supported values: desktop, server (default), high_performance. high_performance improves performance on the VM. Limitations exist, for example, you cannot access the VM with a graphical console. For more information, see Configuring High Performance Virtual Machines, Templates, and Pools in the Virtual Machine Management Guide. |
||
| 23 | Optional: AutoPinningPolicy defines the policy that automatically sets CPU and NUMA settings, including pinning to the host for this instance. Supported values: none, resize_and_pin. For more information, see Setting NUMA Nodes in the Virtual Machine Management Guide. |
||
| 24 | Optional: Hugepages is the size in KiB for defining hugepages in a VM. Supported values: 2048 or 1048576. For more information, see Configuring Huge Pages in the Virtual Machine Management Guide. |
||
| 25 | Optional: A list of affinity group names to be applied to the VMs. The affinity groups must exist in oVirt. |
|
Because oVirt uses a template when creating a VM, if you do not specify a value for an optional parameter, oVirt uses the value for that parameter that is specified in the template. |
Sample YAML for a compute machine set custom resource on vSphere
This sample YAML defines a compute machine set that runs on VMware vSphere and creates nodes that are labeled with
node-role.kubernetes.io/infra: "".
In this sample, <infrastructure_id> is the infrastructure ID label that is based on the cluster ID that you set when you provisioned the cluster, and
<infra>
is the node label to add.
apiVersion: machine.openshift.io/v1beta1
kind: MachineSet
metadata:
creationTimestamp: null
labels:
machine.openshift.io/cluster-api-cluster: <infrastructure_id> (1)
name: <infrastructure_id>-infra (2)
namespace: openshift-machine-api
spec:
replicas: 1
selector:
matchLabels:
machine.openshift.io/cluster-api-cluster: <infrastructure_id> (1)
machine.openshift.io/cluster-api-machineset: <infrastructure_id>-infra (2)
template:
metadata:
creationTimestamp: null
labels:
machine.openshift.io/cluster-api-cluster: <infrastructure_id> (1)
machine.openshift.io/cluster-api-machine-role: <infra> (3)
machine.openshift.io/cluster-api-machine-type: <infra> (3)
machine.openshift.io/cluster-api-machineset: <infrastructure_id>-infra (2)
spec:
metadata:
creationTimestamp: null
labels:
node-role.kubernetes.io/infra: "" (3)
taints: (4)
- key: node-role.kubernetes.io/infra
effect: NoSchedule
providerSpec:
value:
apiVersion: vsphereprovider.openshift.io/v1beta1
credentialsSecret:
name: vsphere-cloud-credentials
diskGiB: 120
kind: VSphereMachineProviderSpec
memoryMiB: 8192
metadata:
creationTimestamp: null
network:
devices:
- networkName: "<vm_network_name>" (5)
numCPUs: 4
numCoresPerSocket: 1
snapshot: ""
template: <vm_template_name> (6)
userDataSecret:
name: worker-user-data
workspace:
datacenter: <vcenter_datacenter_name> (7)
datastore: <vcenter_datastore_name> (8)
folder: <vcenter_vm_folder_path> (9)
resourcepool: <vsphere_resource_pool> (10)
server: <vcenter_server_ip> (11)| 1 | Specify the infrastructure ID that is based on the cluster ID that you set when you provisioned the cluster. If you have the OpenShift CLI (oc) installed, you can obtain the infrastructure ID by running the following command:
|
| 2 | Specify the infrastructure ID and <infra> |