8.5.10. Deploying the cluster
You can install OpenShift Container Platform on a compatible cloud platform.
You can run the
create cluster command of the installation program only once, during initial installation.
- Configure an account with the cloud platform that hosts your cluster.
- Obtain the OpenShift Container Platform installation program and the pull secret for your cluster.
Remove any existing GCP credentials that do not use the service account key for the GCP account that you configured for your cluster and that are stored in the following locations:
gcloud clidefault credentials
Run the installation program:
$ ./openshift-install create cluster --dir=<installation_directory> \ 1 --log-level=info 2注記
If the cloud provider account that you configured on your host does not have sufficient permissions to deploy the cluster, the installation process stops, and the missing permissions are displayed.
When the cluster deployment completes, directions for accessing your cluster, including a link to its web console and credentials for the
kubeadminuser, display in your terminal.重要
The Ignition config files that the installation program generates contain certificates that expire after 24 hours, which are then renewed at that time. If the cluster is shut down before renewing the certificates and the cluster is later restarted after the 24 hours have elapsed, the cluster automatically recovers the expired certificates. The exception is that you must manually approve the pending
node-bootstrappercertificate signing requests (CSRs) to recover kubelet certificates. See the documentation for Recovering from expired control plane certificates for more information.重要
You must not delete the installation program or the files that the installation program creates. Both are required to delete the cluster.
Optional: You can reduce the number of permissions for the service account that you used to install the cluster.
If you assigned the
Ownerrole to your service account, you can remove that role and replace it with the
If you included the
Service Account Key Adminrole, you can remove it.
- If you assigned the