-
Notifications
You must be signed in to change notification settings - Fork 1.8k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Installing a cluster on GCP in a restricted network
- Loading branch information
Showing
13 changed files
with
214 additions
and
17 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
62 changes: 62 additions & 0 deletions
62
...ng/installing_gcp/installing-restricted-networks-gcp-installer-provisioned.adoc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,62 @@ | ||
[id="installing-restricted-networks-gcp-installer-provisioned"] | ||
= Installing a cluster on GCP in a restricted network | ||
include::modules/common-attributes.adoc[] | ||
:context: installing-restricted-networks-gcp-installer-provisioned | ||
|
||
toc::[] | ||
|
||
In {product-title} {product-version}, you can install a cluster on Google Cloud Platform (GCP) in a restricted network by creating an internal mirror of the installation release content on an existing Google Virtual Private Cloud (VPC). | ||
|
||
[IMPORTANT] | ||
==== | ||
You can install an {product-title} cluster by using mirrored installation release content, but your cluster will require internet access to use the GCP APIs. | ||
==== | ||
|
||
[id="prerequisites_installing-restricted-networks-gcp-installer-provisioned"] | ||
== Prerequisites | ||
|
||
* You xref:../../installing/install_config/installing-restricted-networks-preparations.adoc#installing-restricted-networks-preparations[created a mirror registry on your bastion host] and obtained the `imageContentSources` data for your version of {product-title}. | ||
+ | ||
[IMPORTANT] | ||
==== | ||
Because the installation media is on the bastion host, use that computer to complete all installation steps. | ||
==== | ||
* You have an existing VPC in GCP. While installing a cluster in a restricted network that uses installer-provisioned infrastructure, you cannot use the installer-provisioned VPC. You must use a user-provisioned VPC that satisfies one of the following requirements: | ||
** Contains the mirror registry | ||
** Has firewall rules or a peering connection to access the mirror registry hosted elsewhere | ||
* You reviewed details about the xref:../../architecture/architecture-installation.adoc#architecture-installation[{product-title} installation and update] processes. | ||
* If you use a firewall, you must xref:../../installing/install_config/configuring-firewall.adoc#configuring-firewall[configure it to allow the sites] that your cluster requires access to. While you might need to grant access to more sites, you must grant access to `*.googleapis.com` and `accounts.google.com`. | ||
* If you do not allow the system to manage identity and access management (IAM), then a cluster administrator can xref:../../installing/installing_gcp/manually-creating-iam-gcp.adoc#manually-creating-iam-gcp[manually create and maintain IAM credentials]. Manual mode can also be used in environments where the cloud IAM APIs are not reachable. | ||
|
||
include::modules/installation-about-restricted-network.adoc[leveloffset=+1] | ||
|
||
include::modules/cluster-entitlements.adoc[leveloffset=+1] | ||
|
||
.Additional resources | ||
|
||
* See xref:../../support/remote_health_monitoring/about-remote-health-monitoring.adoc#about-remote-health-monitoring[About remote health monitoring] for more information about the Telemetry service | ||
|
||
include::modules/ssh-agent-using.adoc[leveloffset=+1] | ||
|
||
include::modules/installation-initializing.adoc[leveloffset=+1] | ||
|
||
include::modules/installation-configuration-parameters.adoc[leveloffset=+2] | ||
|
||
include::modules/installation-gcp-config-yaml.adoc[leveloffset=+2] | ||
|
||
include::modules/installation-configure-proxy.adoc[leveloffset=+2] | ||
|
||
include::modules/installation-launching-installer.adoc[leveloffset=+1] | ||
|
||
include::modules/cli-installing-cli.adoc[leveloffset=+1] | ||
|
||
include::modules/cli-logging-in-kubeadmin.adoc[leveloffset=+1] | ||
|
||
[id="next-steps_installing-restricted-networks-gcp-installer-provisioned"] | ||
== Next steps | ||
|
||
* xref:../../installing/validating-an-installation.adoc#validating-an-installation[Validate an installation]. | ||
* xref:../../post_installation_configuration/cluster-tasks.adoc#available_cluster_customizations[Customize your cluster]. | ||
* Learn how to xref:../../operators/admin/olm-restricted-networks.adoc#olm-understanding-operator-catalog-images_olm-restricted-networks[use Operator Lifecycle Manager (OLM) on restricted networks]. | ||
* If the mirror registry that you used to install your cluster has a trusted CA, add it to the cluster by xref:../../openshift_images/image-configuration.adoc#images-configuration-cas_image-configuration[configuring additional trust stores]. | ||
* If necessary, you can xref:../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#opting-out-remote-health-reporting_opting-out-remote-health-reporting[opt out of remote health reporting]. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.