Control plane machine set configuration

    The base of the CR is structured the same way for all platforms.

    Sample ControlPlaneMachineSet CR YAML file

    Additional resources

    The <platform_provider_spec> and <platform_failure_domains> sections of the control plane machine set resources are provider-specific. Refer to the example YAML for your cluster:

    Some sections of the control plane machine set CR are provider-specific. The example YAML in this section show provider specification and failure domain configurations for an Amazon Web Services (AWS) cluster.

    Sample AWS provider specification

    When you create a control plane machine set for an existing cluster, the provider specification must match the providerSpec configuration in the control plane machine CR that is created by the installation program. You can omit any field that is set in the failure domain section of the CR.

    1. $ oc get -o jsonpath='{.status.infrastructureName}{"\n"}' infrastructure cluster

    Sample AWS providerSpec values

    1. providerSpec:
    2. value:
    3. ami:
    4. id: ami-<ami_id_string> (1)
    5. apiVersion: machine.openshift.io/v1beta1
    6. blockDevices:
    7. - ebs: (2)
    8. encrypted: true
    9. iops: 0
    10. kmsKey:
    11. arn: ""
    12. volumeSize: 120
    13. volumeType: gp3
    14. credentialsSecret:
    15. name: aws-cloud-credentials (3)
    16. deviceIndex: 0
    17. iamInstanceProfile:
    18. id: <cluster_id>-master-profile (4)
    19. instanceType: m6i.xlarge (5)
    20. kind: AWSMachineProviderConfig (6)
    21. loadBalancers: (7)
    22. - name: <cluster_id>-int
    23. type: network
    24. - name: <cluster_id>-ext
    25. type: network
    26. metadata:
    27. creationTimestamp: null
    28. placement: (8)
    29. region: <region> (9)
    30. securityGroups:
    31. - filters:
    32. - name: tag:Name
    33. values:
    34. - <cluster_id>-master-sg (10)
    35. userDataSecret:
    36. name: master-user-data (12)

    The control plane machine set concept of a failure domain is analogous to existing AWS concept of an . The ControlPlaneMachineSet CR spreads control plane machines across multiple failure domains when possible.

    When configuring AWS failure domains in the control plane machine set, you must specify the availability zone name and the subnet to use.

    Sample AWS failure domain values

    1Specifies an AWS availability zone for the first failure domain.
    2Specifies a subnet configuration. In this example, the subnet type is Filters, so there is a filters stanza.
    3Specifies the subnet name for the first failure domain, using the infrastructure ID and the AWS availability zone.
    4Specifies the subnet type. The allowed values are: ARN, Filters and ID. The default value is Filters.
    5Specifies the subnet name for an additional failure domain, using the infrastructure ID and the AWS availability zone.
    6Specifies the cluster’s infrastructure ID and the AWS availability zone for the additional failure domain.
    7Specifies the cloud provider platform name. Do not change this value.

    Additional resources

    Some sections of the control plane machine set CR are provider-specific. The example YAML in this section show provider specification and failure domain configurations for a Google Cloud Platform (GCP) cluster.

    Sample GCP provider specification

    When you create a control plane machine set for an existing cluster, the provider specification must match the providerSpec configuration in the control plane machine custom resource (CR) that is created by the installation program. You can omit any field that is set in the failure domain section of the CR.

    Values obtained by using the OpenShift CLI

    In the following example, you can obtain some of the values for your cluster by using the OpenShift CLI.

    Infrastructure ID

    The <cluster_id> string is the infrastructure ID that is based on the cluster ID that you set when you provisioned the cluster. If you have the OpenShift CLI installed, you can obtain the infrastructure ID by running the following command:

    1. $ oc get -o jsonpath='{.status.infrastructureName}{"\n"}' infrastructure cluster

    Image path

    The <path_to_image> string is the path to the image that was used to create the disk. If you have the OpenShift CLI installed, you can obtain the path to the image by running the following command:

    1. $ oc -n openshift-machine-api \
    2. -o jsonpath='{.spec.template.machines_v1beta1_machine_openshift_io.spec.providerSpec.value.disks[0].image}{"\n"}' \
    3. get ControlPlaneMachineSet/cluster

    Sample GCP providerSpec values

    1. providerSpec:
    2. value:
    3. apiVersion: machine.openshift.io/v1beta1
    4. canIPForward: false
    5. credentialsSecret:
    6. name: gcp-cloud-credentials (1)
    7. deletionProtection: false
    8. disks:
    9. - autoDelete: true
    10. boot: true
    11. image: <path_to_image> (2)
    12. labels: null
    13. sizeGb: 200
    14. type: pd-ssd
    15. kind: GCPMachineProviderSpec (3)
    16. machineType: e2-standard-4
    17. metadata:
    18. creationTimestamp: null
    19. metadataServiceOptions: {}
    20. networkInterfaces:
    21. - network: <cluster_id>-network
    22. subnetwork: <cluster_id>-master-subnet
    23. projectID: <project_name> (4)
    24. region: <region> (5)
    25. serviceAccounts:
    26. - email: <cluster_id>-m@<project_name>.iam.gserviceaccount.com
    27. scopes:
    28. - https://www.googleapis.com/auth/cloud-platform
    29. shieldedInstanceConfig: {}
    30. tags:
    31. - <cluster_id>-master
    32. targetPools:
    33. - <cluster_id>-api
    34. userDataSecret:
    35. zone: "" (7)
    1Specifies the secret name for the cluster. Do not change this value.
    2Specifies the path to the image that was used to create the disk.

    To use a GCP Marketplace image, specify the offer to use:

    3Specifies the cloud provider platform type. Do not change this value.
    4Specifies the name of the GCP project that you use for your cluster.
    5Specifies the GCP region for the cluster.
    6Specifies the control plane user data secret. Do not change this value.
    7This parameter is configured in the failure domain, and is shown with an empty value here. If a value specified for this parameter differs from the value in the failure domain, the Operator overwrites it with the value in the failure domain.

    The control plane machine set concept of a failure domain is analogous to the existing GCP concept of a . The CR spreads control plane machines across multiple failure domains when possible.

    When configuring GCP failure domains in the control plane machine set, you must specify the zone name to use.

    Sample GCP failure domain values

    Some sections of the control plane machine set CR are provider-specific. The example YAML in this section show provider specification and failure domain configurations for an Azure cluster.

    Sample Azure provider specification

    When you create a control plane machine set for an existing cluster, the provider specification must match the providerSpec configuration in the control plane Machine CR that is created by the installation program. You can omit any field that is set in the failure domain section of the CR.

    In the following example, <cluster_id> is the infrastructure ID that is based on the cluster ID that you set when you provisioned the cluster. If you have the OpenShift CLI installed, you can obtain the infrastructure ID by running the following command:

    1. $ oc get -o jsonpath='{.status.infrastructureName}{"\n"}' infrastructure cluster

    Sample Azure providerSpec values

    1. providerSpec:
    2. value:
    3. acceleratedNetworking: true
    4. apiVersion: machine.openshift.io/v1beta1
    5. credentialsSecret:
    6. name: azure-cloud-credentials (1)
    7. namespace: openshift-machine-api
    8. diagnostics: {}
    9. image: (2)
    10. offer: ""
    11. publisher: ""
    12. resourceID: /resourceGroups/<cluster_id>-rg/providers/Microsoft.Compute/galleries/gallery_<cluster_id>/images/<cluster_id>-gen2/versions/412.86.20220930 (3)
    13. sku: ""
    14. version: ""
    15. internalLoadBalancer: <cluster_id>-internal (4)
    16. kind: AzureMachineProviderSpec (5)
    17. location: <region> (6)
    18. managedIdentity: <cluster_id>-identity
    19. metadata:
    20. creationTimestamp: null
    21. name: <cluster_id>
    22. networkResourceGroup: <cluster_id>-rg
    23. osDisk: (7)
    24. diskSettings: {}
    25. diskSizeGB: 1024
    26. managedDisk:
    27. storageAccountType: Premium_LRS
    28. osType: Linux
    29. publicIP: false
    30. publicLoadBalancer: <cluster_id> (8)
    31. resourceGroup: <cluster_id>-rg
    32. subnet: <cluster_id>-master-subnet (9)
    33. userDataSecret:
    34. name: master-user-data (10)
    35. vmSize: Standard_D8s_v3
    36. vnet: <cluster_id>-vnet
    37. zone: "" (11)
    1Specifies the secret name for the cluster. Do not change this value.
    2Specifies the image details for your control plane machine set.
    3Specifies an image that is compatible with your instance type. The Hyper-V generation V2 images created by the installation program have a -gen2 suffix, while V1 images have the same name without the suffix.
    4Specifies the internal load balancer for the control plane. This field might not be preconfigured but is required in both the ControlPlaneMachineSet and control plane Machine CRs.
    5Specifies the cloud provider platform type. Do not change this value.
    6Specifies the region to place control plane machines on.
    7Specifies the disk configuration for the control plane.
    8Specifies the public load balancer for the control plane.
    9Specifies the subnet for the control plane.
    10Specifies the control plane user data secret. Do not change this value.
    11This parameter is configured in the failure domain, and is shown with an empty value here. If a value specified for this parameter differs from the value in the failure domain, the Operator overwrites it with the value in the failure domain.

    The control plane machine set concept of a failure domain is analogous to existing Azure concept of an . The ControlPlaneMachineSet CR spreads control plane machines across multiple failure domains when possible.

    When configuring Azure failure domains in the control plane machine set, you must specify the availability zone name.

    Sample Azure failure domain values

    1. failureDomains:
    2. azure: (1)
    3. - zone: "1"
    4. - zone: "2"
    5. - zone: "3"
    6. platform: Azure (2)
    1Each instance of zone specifies an Azure availability zone for a failure domain.
    2Specifies the cloud provider platform name. Do not change this value.

    Additional resources

    Some sections of the control plane machine set CR are provider-specific. The example YAML in this section shows a provider specification configuration for a VMware vSphere cluster.

    Sample vSphere provider specification

    Sample vSphere providerSpec values