Before you install {product-title}, decide what kind of installation process to follow and verify that you have all of the required resources to prepare the cluster for users.
Before you install an {product-title} cluster, you need to select the best installation instructions to follow. Think about your answers to the following questions to select the best option.
If you want to install and manage {product-title} yourself, you can install it on the following platforms:
-
Amazon Web Services (AWS) on 64-bit x86 instances
-
Amazon Web Services (AWS) on 64-bit ARM instances
-
Microsoft Azure on 64-bit x86 instances
-
Microsoft Azure on 64-bit ARM instances
-
Microsoft Azure Stack Hub
-
Google Cloud Platform (GCP) on 64-bit x86 instances
-
Google Cloud Platform (GCP) on 64-bit ARM instances
-
{rh-openstack-first}
-
{ibm-cloud-name}
-
{ibm-z-name} or {ibm-linuxone-name}
-
{ibm-z-name} or {ibm-linuxone-name} for {op-system-base-full} KVM
-
{ibm-power-name}
-
{ibm-power-server-name}
-
Nutanix
-
VMware vSphere
-
Bare metal or other platform agnostic infrastructure
You can deploy an {product-title} 4 cluster to both on-premise hardware and to cloud hosting services, but all of the machines in a cluster must be in the same data center or cloud hosting service.
If you want to use {product-title} but you do not want to manage the cluster yourself, you can choose from several managed service options. If you want a cluster that is fully managed by Red Hat, you can use OpenShift Dedicated. You can also use OpenShift as a managed service on {azure-short}, {aws-short}, {ibm-cloud-name}, or {gcp-full}. For more information about managed services, see the OpenShift Products page. If you install an {product-title} cluster with a cloud virtual machine as a virtual bare metal, the corresponding cloud-based storage is not supported.
If you used {product-title} 3 and want to try {product-title} 4, you need to understand how different {product-title} 4 is. {product-title} 4 weaves the Operators that package, deploy, and manage Kubernetes applications and the operating system that the platform runs on, {op-system-first}, together seamlessly. Instead of deploying machines and configuring their operating systems so that you can install {product-title} on them, the {op-system} operating system is an integral part of the {product-title} cluster. Deploying the operating system for the cluster machines is part of the installation process for {product-title}. See Differences between {product-title} 3 and 4.
Because you need to provision machines as part of the {product-title} cluster installation process, you cannot upgrade an {product-title} 3 cluster to {product-title} 4. Instead, you must create a new {product-title} 4 cluster and migrate your {product-title} 3 workloads to them. For more information about migrating, see Migrating from {product-title} 3 to 4 overview. Because you must migrate to {product-title} 4, you can use any type of production cluster installation process to create your new cluster.
Because the operating system is integral to {product-title}, it is easier to let the installation program for {product-title} stand up all of the infrastructure. These are called installer provisioned infrastructure installations. In this type of installation, you can provide some existing infrastructure to the cluster, but the installation program deploys all of the machines that your cluster initially needs.
You can deploy an installer-provisioned infrastructure cluster without specifying any customizations to the cluster or its underlying machines to AWS, Azure, Azure Stack Hub, GCP, Nutanix.
If you need to perform basic configuration for your installer-provisioned infrastructure cluster, such as the instance type for the cluster machines, you can customize an installation for AWS, Azure, GCP, Nutanix.
For installer-provisioned infrastructure installations, you can use an existing VPC in AWS, vNet in Azure, or VPC in GCP. You can also reuse part of your networking infrastructure so that your cluster in AWS, Azure, GCP can coexist with existing IP address allocations in your environment and integrate with existing MTU and VXLAN configurations. If you have existing accounts and credentials on these clouds, you can re-use them, but you might need to modify the accounts to have the required permissions to install {product-title} clusters on them.
You can use the installer-provisioned infrastructure method to create appropriate machine instances on your hardware for vSphere, and bare metal. Additionally, for vSphere, you can also customize additional network parameters during installation.
For some installer-provisioned infrastructure installations, for example on the {vmw-first} and bare metal platforms, the external traffic that reaches the ingress virtual IP (VIP) is not balanced between the default IngressController
replicas. For {vmw-short} and bare metal installer-provisioned infrastructure installations where exceeding the baseline IngressController
router performance is expected, you must configure an external load balancer. Configuring an external load balancer achieves the performance of multiple IngressController
replicas. For more information about the baseline IngressController
performance, see Baseline Ingress Controller (router) performance. For more information about configuring an external load balancer, see Configuring a user-managed load balancer.
If you want to reuse extensive cloud infrastructure, you can complete a user-provisioned infrastructure installation. With these installations, you manually deploy the machines that your cluster requires during the installation process. If you perform a user-provisioned infrastructure installation on AWS, Azure, Azure Stack Hub, you can use the provided templates to help you stand up all of the required components. You can also reuse a shared VPC on GCP. Otherwise, you can use the provider-agnostic installation method to deploy a cluster into other clouds.
You can also complete a user-provisioned infrastructure installation on your existing hardware. If you use {rh-openstack}, {ibm-z-name} or {ibm-linuxone-name}, {ibm-z-name} and {ibm-linuxone-name} with {op-system-base} KVM, {ibm-power-title}, or vSphere, use the specific installation instructions to deploy your cluster. If you use other supported hardware, follow the bare metal installation procedure. For some of these platforms, such as vSphere, and bare metal, you can also customize additional network parameters during installation.
If you use a user-provisioned installation method, you can configure a proxy for your cluster. The instructions are included in each installation procedure.
If you want to prevent your cluster on a public cloud from exposing endpoints externally, you can deploy a private cluster with installer-provisioned infrastructure on AWS, Azure, or GCP.
If you need to install your cluster that has limited access to the internet, such as a disconnected or restricted network cluster, you can mirror the installation packages and install the cluster from them. Follow detailed instructions for user-provisioned infrastructure installations into restricted networks for AWS, GCP, {ibm-z-name} or {ibm-linuxone-name}, {ibm-z-name} or {ibm-linuxone-name} with {op-system-base} KVM, {ibm-power-name}, vSphere, or bare metal. You can also install a cluster into a restricted network using installer-provisioned infrastructure by following detailed instructions for AWS, GCP, {ibm-cloud-name}, Nutanix, {rh-openstack}, and vSphere.
If you need to deploy your cluster to an AWS GovCloud region, AWS China region, or Azure government region, you can configure those custom regions during an installer-provisioned infrastructure installation.
You can also configure the cluster machines to use the {op-system-base} cryptographic libraries that have been submitted to NIST for FIPS 140-2/140-3 Validation during installation.
Important
|
When running {op-system-base-full} or {op-system-first} booted in FIPS mode, {product-title} core components use the {op-system-base} cryptographic libraries that have been submitted to NIST for FIPS 140-2/140-3 Validation on only the x86_64, ppc64le, and s390x architectures. |
Some configuration is not required to install the cluster but recommended before your users access the cluster. You can customize the cluster itself by customizing the Operators that make up your cluster and integrate you cluster with other required systems, such as an identity provider.
For a production cluster, you must configure the following integrations:
Depending on your workload needs, you might need to take extra steps before you begin deploying applications. For example, after you prepare infrastructure to support your application build strategy, you might need to make provisions for low-latency workloads or to protect sensitive workloads. You can also configure monitoring for application workloads. If you plan to run Windows workloads, you must enable hybrid networking with OVN-Kubernetes during the installation process; hybrid networking cannot be enabled after your cluster is installed.
You can perform different types of installations on different platforms.
Note
|
Not all installation options are supported for all platforms, as shown in the following tables. A checkmark indicates that the option is supported and links to the relevant section. |
AWS (64-bit x86) | AWS (64-bit ARM) | Azure (64-bit x86) | Azure (64-bit ARM) | Azure Stack Hub | GCP (64-bit x86) | GCP (64-bit ARM) | Nutanix | {rh-openstack} | Bare metal (64-bit x86) | Bare metal (64-bit ARM) | vSphere | {ibm-cloud-name} | {ibm-z-name} | {ibm-power-name} | {ibm-power-server-name} | |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Default |
||||||||||||||||
Custom |
||||||||||||||||
Network customization |
||||||||||||||||
Restricted network |
||||||||||||||||
Private clusters |
||||||||||||||||
Existing virtual private networks |
||||||||||||||||
Government regions |
||||||||||||||||
Secret regions |
||||||||||||||||
China regions |
AWS (64-bit x86) | AWS (64-bit ARM) | Azure (64-bit x86) | Azure (64-bit ARM) | Azure Stack Hub | GCP (64-bit x86) | GCP (64-bit ARM) | Nutanix | {rh-openstack} | Bare metal (64-bit x86) | Bare metal (64-bit ARM) | vSphere | {ibm-cloud-name} | {ibm-z-name} | {ibm-z-name} with {op-system-base} KVM | {ibm-power-name} | Platform agnostic | |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Custom |
|||||||||||||||||
Network customization |
|||||||||||||||||
Restricted network |
|||||||||||||||||
Shared VPC hosted outside of cluster project |