This post briefly describes the installation process of OKD 4.4-beta5 on AWS.


AWS account has to be configured before the actual installation. The process is described in the official docs.

Once the IAM user is configured, create aws.credentials file and source it. Replace the values accordingly.

$ cat << EOF > aws.credentials

$ source aws.credentials

Download and extract the installer and cli

I am using mac, that is the reason for downloading mac binaries. Make sure to download correct tarballs for your OS.

Downloads are available at

$ mkdir -p ~/bin
$ export PATH=${PATH}:~/bin

$ wget
2020-06-15 11:01:03 (912 KB/s) - ‘openshift-install-mac-4.4.0-0.okd-2020-05-23-055148-beta5.tar.gz’ saved [95107052/95107052]

$ tar -C ~/bin -xf openshift-install-mac-4.4.0-0.okd-2020-05-23-055148-beta5.tar.gz openshift-install

$ wget
2020-06-15 11:07:20 (571 KB/s) - ‘openshift-client-mac-4.4.0-0.okd-2020-05-23-055148-beta5.tar.gz’ saved [25487408/25487408]

$ tar -C ~/bin -xf openshift-client-mac-4.4.0-0.okd-2020-05-23-055148-beta5.tar.gz oc kubectl
$ which oc kubectl openshift-install

Optionally remove downloaded tarballs.

$ rm -f openshift-install-mac-4.4.0-0.okd-2020-05-23-055148-beta5.tar.gz \

Enable autocompletion

$ source <(openshift-install completion bash)
$ source <(oc completion bash)

Deploy the cluster

The installer generates opinionated default configuration, so in order to make some modifications, we have to split the installation into two steps.

Generate and modify install-config.yaml

To be able to change the instance type and zone, install-config.yaml has to be generated first. Follow the prompts to set up your values. Pull Secret can be empty.

$ openshift-install create install-config --dir=config
? SSH Public Key ~/.ssh/
? Platform aws
INFO Credentials loaded from default AWS environment variables
? Region eu-west-1
? Base Domain
? Cluster Name demo
? Pull Secret [? for help]

The install-config.yaml file will be generated in the config directory.

My modification was to specify t3a instance type instead of the default m4 and set the zone. Here’s the diff:

--- install-config.yaml-generated	2020-06-15 11:54:33.000000000 +0200
+++ install-config.yaml-modified	2020-06-15 11:54:39.000000000 +0200
@@ -4,13 +4,21 @@
 - architecture: amd64
   hyperthreading: Enabled
   name: worker
-  platform: {}
+  platform:
+    aws:
+      zones:
+      - eu-west-1a
+      type: t3a.large
   replicas: 3
   architecture: amd64
   hyperthreading: Enabled
   name: master
-  platform: {}
+  platform:
+    aws:
+      zones:
+      - eu-west-1a
+      type: t3a.xlarge
   replicas: 3
   creationTimestamp: null

Deploy the cluster

Run the installer with our modified install-config.yaml file.

$ openshift-install create cluster --dir=config --log-level=debug
DEBUG OpenShift Installer 4.4.0-0.okd-2020-05-23-055148-beta5
DEBUG Built from commit 0f0142e7261349b93c3dd3dd02a9ce164dfd2d4f
INFO Install complete!                            
INFO To access the cluster as the system:admin user when using 'oc', run 'export KUBECONFIG=${PWD}/config/auth/kubeconfig'
INFO Access the OpenShift web-console here:
INFO Login to the console with user: kubeadmin, password: 12345-324Z4-Vasdr-5ihkL
openshift-install create cluster --dir=config --log-level=debug  35.15s user 6.41s system 2% cpu 27:46.27 total

Installer will output access information. The installation took around half an hour.

Accessing the cluster

Use instructions from the installer.

$ export KUBECONFIG=${PWD}/config/auth/kubeconfig
$ oc get node
NAME                                         STATUS   ROLES    AGE   VERSION    Ready    worker   68m   v1.17.1   Ready    master   78m   v1.17.1   Ready    master   77m   v1.17.1   Ready    worker   68m   v1.17.1    Ready    worker   68m   v1.17.1   Ready    master   78m   v1.17.1
$ oc whoami

After deployment configuration

After the installation was complete, I installed custom SSL certificates issued by Letsencrypt, installed and configured Keycloak as identity provider, and installed Syndesis. Refer to the following articles: