osdocs-627 disconnected install #16696
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,134 @@ | ||
| [id="installing-restricted-networks-aws"] | ||
| = Installing a cluster on AWS that uses mirrored installation content | ||
| include::modules/common-attributes.adoc[] | ||
| :context: installing-restricted-networks-aws | ||
|
|
||
| toc::[] | ||
|
|
||
| In {product-title} version {product-version}, you can install a | ||
| cluster on Amazon Web Services (AWS) using infrastructure that you provide and | ||
| an internal mirror of the installation release content. | ||
|
|
||
| [IMPORTANT] | ||
| ==== | ||
| While you can install a {product-title} cluster by using mirrored installation | ||
| release content, your cluster still requires internet access to use the AWS APIs. | ||
| ==== | ||
|
|
||
| One way to create this infrastructure is to use the provided | ||
| CloudFormation templates. You can modify the templates to customize your | ||
| infrastructure or use the information that they contain to create AWS objects | ||
| according to your company's policies. | ||
|
|
||
| .Prerequisites | ||
|
|
||
| //* xref:../../installing/installing_restricted_networks/installing-restricted-networks-preparations.adoc[Create a mirror registry on your bastion host] | ||
| // and obtain the `imageContentSources` data for your version of {product-title}. | ||
| //// | ||
| [IMPORTANT] | ||
| ==== | ||
| Because the installation media is on the bastion host, use that computer | ||
| to complete all installation steps. | ||
| //// | ||
| * Review details about the | ||
| xref:../../architecture/architecture-installation.adoc#architecture-installation[{product-title} installation and update] | ||
| processes. | ||
| * xref:../../installing/installing_aws/installing-aws-account.adoc#installing-aws-account[Configure an AWS account] | ||
| to host the cluster. | ||
| + | ||
| [IMPORTANT] | ||
| ==== | ||
| If you have an AWS profile stored on your computer, it must not use a temporary | ||
| session token that you generated while using a multi-factor authentication | ||
| device. The cluster continues to use your current AWS credentials to | ||
| create AWS resources for the entire life of the cluster, so you must | ||
| use key-based, long-lived credentials. To generate appropriate keys, see | ||
| link:https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html[Managing Access Keys for IAM Users] | ||
| in the AWS documentation. You can supply the keys when you run the installation | ||
| program. | ||
| ==== | ||
| * Download the AWS CLI and install it on your computer. See | ||
| link:https://docs.aws.amazon.com/cli/latest/userguide/install-bundle.html[Install the AWS CLI Using the Bundled Installer (Linux, macOS, or Unix)] | ||
| in the AWS documentation. | ||
| * If you use a firewall and plan to use telemetry, you must | ||
| xref:../../installing/install_config/configuring-firewall.adoc#configuring-firewall[configure it to access Red Hat Insights]. | ||
|
|
||
| include::modules/installation-about-restricted-network.adoc[leveloffset=+1] | ||
|
|
||
| include::modules/cluster-entitlements.adoc[leveloffset=+1] | ||
|
There was a problem hiding this comment. Go through this section, seem like not suitable for disconnected install, especially for the following lines, though I am not expert for Telemetry part. You must have internet access to: """ There was a problem hiding this comment. I opened a PR here to try to address this: #16985 |
||
|
|
||
| include::modules/installation-aws-user-infra-requirements.adoc[leveloffset=+1] | ||
|
|
||
| include::modules/installation-aws-permissions.adoc[leveloffset=+2] | ||
|
|
||
| //You extract the installation program from the mirrored content. | ||
|
|
||
| include::modules/ssh-agent-using.adoc[leveloffset=+1] | ||
|
|
||
| include::modules/installation-generate-aws-user-infra.adoc[leveloffset=+1] | ||
|
There was a problem hiding this comment. In disconnected env, user probably need bring his/her own DNS, but not provisioned by ingress router, just like what is mentioned in https://bugzilla.redhat.com/show_bug.cgi?id=1743483#c20, so we need openshift/installer#2221, and mentioned that in the disconnected install doc. Once that, There was a problem hiding this comment. @jianlinliu, does the whole file need to be removed? Just part of it's removed in that installer PR. I have a draft here: https://github.com/openshift/openshift-docs/pull/17190/files There was a problem hiding this comment. Sorry, not remove the whole file, but change some line in manifests/cluster-dns-02-config.yml, will follow up in your new PR. |
||
|
|
||
| // After the proxy change merges, I need to put it in and emphasize that you | ||
| // must configure a proxy for the AWS mirrored content story. | ||
|
|
||
| include::modules/installation-extracting-infraid.adoc[leveloffset=+1] | ||
|
|
||
| include::modules/installation-creating-aws-vpc.adoc[leveloffset=+1] | ||
|
|
||
| include::modules/installation-cloudformation-vpc.adoc[leveloffset=+2] | ||
|
There was a problem hiding this comment. If follow the same CF template and process to install cluster, personally I do not think it is meaningful to link a common UPI install here (except the part of consuming release image from mirror registry). From customer perspective, I will be more interested in what change should be applied once the installation is happening in restricted networks. The long document is easy to make user miss his/her focus. There was a problem hiding this comment. The idea of the assembly is to provide all of the context that a user would need to complete the the installation. They shouldn't have to use the other assembly at all. Can you tell me more about the other improvements at the end of the process? |
||
|
|
||
| include::modules/installation-creating-aws-dns.adoc[leveloffset=+1] | ||
|
|
||
| include::modules/installation-cloudformation-dns.adoc[leveloffset=+2] | ||
|
|
||
| include::modules/installation-creating-aws-security.adoc[leveloffset=+1] | ||
|
|
||
| include::modules/installation-cloudformation-security.adoc[leveloffset=+2] | ||
|
|
||
| include::modules/installation-aws-user-infra-rhcos-ami.adoc[leveloffset=+1] | ||
|
|
||
| include::modules/installation-creating-aws-bootstrap.adoc[leveloffset=+1] | ||
|
|
||
| include::modules/installation-cloudformation-bootstrap.adoc[leveloffset=+2] | ||
|
|
||
| include::modules/installation-creating-aws-control-plane.adoc[leveloffset=+1] | ||
|
|
||
| include::modules/installation-cloudformation-control-plane.adoc[leveloffset=+2] | ||
|
|
||
| include::modules/installation-aws-user-infra-bootstrap.adoc[leveloffset=+1] | ||
|
|
||
| //// | ||
| [id="installing-workers-aws-user-infra"] | ||
| == Creating worker nodes | ||
|
|
||
| You can either manually create worker nodes or use a MachineSet to create worker | ||
| nodes after the cluster deploys. If you use a MachineSet to create and maintain | ||
| the workers, you can allow the cluster to manage them. This allows you to easily | ||
| scale, manage, and upgrade your workers. | ||
| //// | ||
|
|
||
|
|
||
| include::modules/installation-creating-aws-worker.adoc[leveloffset=+2] | ||
|
|
||
| include::modules/installation-cloudformation-worker.adoc[leveloffset=+3] | ||
|
|
||
| //You install the CLI on the bastion host. | ||
|
|
||
| include::modules/cli-logging-in-kubeadmin.adoc[leveloffset=+1] | ||
|
|
||
| include::modules/installation-approve-csrs.adoc[leveloffset=+1] | ||
|
|
||
| include::modules/installation-operators-config.adoc[leveloffset=+1] | ||
|
|
||
| include::modules/installation-registry-storage-config.adoc[leveloffset=+2] | ||
|
|
||
| include::modules/registry-configuring-storage-aws-user-infra.adoc[leveloffset=+3] | ||
|
|
||
| include::modules/installation-registry-storage-non-production.adoc[leveloffset=+3] | ||
|
|
||
| include::modules/installation-aws-user-infra-installation.adoc[leveloffset=+1] | ||
|
|
||
| .Next steps | ||
|
|
||
| * xref:../../installing/install_config/customizations.adoc#customizations[Customize your cluster]. | ||
| * If necessary, you can | ||
| xref:../../telemetry/opting-out-of-telemetry.adoc#opting-out-of-telemetry[opt out of telemetry]. | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,95 @@ | ||
| [id="installing-restricted-networks-bare-metal"] | ||
| = Installing a cluster on bare metal in a restricted network | ||
| include::modules/common-attributes.adoc[] | ||
| :context: installing-restricted-networks-bare-metal | ||
|
|
||
| toc::[] | ||
|
|
||
| In {product-title} version {product-version}, you can install a cluster on | ||
| bare metal infrastructure that you provision in a restricted network. | ||
|
|
||
| [IMPORTANT] | ||
| ==== | ||
| While you might be able to follow this procedure to deploy a cluster on | ||
| virtualized or cloud environments, you must be aware of additional | ||
| considerations for non-bare metal platforms. Review the information in the | ||
| link:https://access.redhat.com/articles/4207611[guidelines for deploying {product-title} on non-tested platforms] | ||
| before you attempt to install an {product-title} cluster in such an environment. | ||
| ==== | ||
|
|
||
| .Prerequisites | ||
|
|
||
| //* xref:../../installing/installing_restricted_networks/installing-restricted-networks-preparations.adoc[Create a mirror registry on your bastion host] | ||
| // and obtain the `imageContentSources` data for your version of {product-title}. | ||
| //// | ||
| [IMPORTANT] | ||
| ==== | ||
| Because the installation media is on the bastion host, use that computer | ||
| to complete all installation steps. | ||
| //// | ||
| * Provision | ||
| xref:../../storage/understanding-persistent-storage.adoc#understanding-persistent-storage[persistent storage] | ||
| for your cluster. To deploy a private image registry, your storage must provide | ||
| ReadWriteMany access modes. | ||
| * Review details about the | ||
| xref:../../architecture/architecture-installation.adoc#architecture-installation[{product-title} installation and update] | ||
| processes. | ||
| * If you use a firewall and plan to use telemetry, you must | ||
| xref:../../installing/install_config/configuring-firewall.adoc#configuring-firewall[configure it to access Red Hat Insights]. | ||
|
|
||
| include::modules/installation-about-restricted-network.adoc[leveloffset=+1] | ||
|
|
||
| include::modules/cluster-entitlements.adoc[leveloffset=+1] | ||
|
|
||
| include::modules/installation-requirements-user-infra.adoc[leveloffset=+1] | ||
|
|
||
| include::modules/installation-infrastructure-user-infra.adoc[leveloffset=+1] | ||
|
|
||
| include::modules/installation-network-user-infra.adoc[leveloffset=+2] | ||
|
|
||
| include::modules/installation-dns-user-infra.adoc[leveloffset=+2] | ||
|
|
||
| include::modules/ssh-agent-using.adoc[leveloffset=+1] | ||
|
|
||
| //You extract the installation program from the mirrored content. | ||
|
|
||
| //You install the CLI on the bastion host. | ||
|
|
||
| include::modules/installation-initializing-manual.adoc[leveloffset=+1] | ||
|
|
||
| include::modules/installation-bare-metal-config-yaml.adoc[leveloffset=+2] | ||
|
|
||
| include::modules/installation-generate-ignition-configs.adoc[leveloffset=+1] | ||
|
|
||
| [id="creating-machines-bare-metal-restricted-network"] | ||
| == Creating {op-system-first} machines | ||
|
|
||
| Before you install a cluster on bare metal infrastructure that you provision, | ||
| you must create {op-system} machines for it to use. Follow either the steps | ||
| to use an ISO image or network PXE booting to create the machines. | ||
|
|
||
| include::modules/installation-user-infra-machines-iso.adoc[leveloffset=+2] | ||
|
|
||
| include::modules/installation-user-infra-machines-pxe.adoc[leveloffset=+2] | ||
|
|
||
| include::modules/installation-installing-bare-metal.adoc[leveloffset=+1] | ||
|
|
||
| include::modules/cli-logging-in-kubeadmin.adoc[leveloffset=+1] | ||
|
|
||
| include::modules/installation-approve-csrs.adoc[leveloffset=+1] | ||
|
|
||
| include::modules/installation-operators-config.adoc[leveloffset=+1] | ||
|
|
||
| include::modules/installation-registry-storage-config.adoc[leveloffset=+2] | ||
|
|
||
| include::modules/registry-configuring-storage-baremetal.adoc[leveloffset=+3] | ||
|
|
||
| include::modules/installation-registry-storage-non-production.adoc[leveloffset=+3] | ||
|
|
||
| include::modules/installation-complete-user-infra.adoc[leveloffset=+1] | ||
|
|
||
| .Next steps | ||
|
|
||
| * xref:../../installing/install_config/customizations.adoc#customizations[Customize your cluster]. | ||
| * If necessary, you can | ||
| xref:../../telemetry/opting-out-of-telemetry.adoc#opting-out-of-telemetry[opt out of telemetry]. |
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@morenod Could you help review this part - upi install on baremetal in a restricted network (originally we call it 'disconnected')?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
On "Sample install-config.yaml file for bare metal". Point 14: imageContentSources is a requirement?
What happens if quay.io connection is also not allowed from the host where installer is being executed and image have been already uploaded to the internal registry?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You still need to provide imageContentSources with the mirror mapping of quay.io and the internal registry to the install-config.yaml. This way you don't have to go in and manually change the names of the images to be
internal-registry/internal-repo, it can still bequay.io/myrepoand with the mirror mapping, the installer will know to try the mirrored location (i.e the internal registry) first.