mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-05 21:46:22 +01:00
OSDOCS-9112: Added tagging requirements for subnets for ROSA with HCP
This commit is contained in:
Eric Ponvelle
committed by
openshift-cherrypick-robot
openshift-cherrypick-robot
parent
46345aedca
commit
31dae7d763
@@ -24,7 +24,7 @@ Before using the {product-title} (ROSA) CLI (`rosa`) to create {hcp-title-first}
|
||||
+
|
||||
[source,terminal]
|
||||
----
|
||||
$ rosa create account-roles --hosted-cp
|
||||
$ rosa create account-roles --hosted-cp --mode auto --yes
|
||||
----
|
||||
** Optional: Set your prefix as an environmental variable by running the following command:
|
||||
+
|
||||
@@ -32,12 +32,5 @@ $ rosa create account-roles --hosted-cp
|
||||
----
|
||||
$ export ACCOUNT_ROLES_PREFIX="${ACCOUNT_ROLES_PREFIX}"
|
||||
----
|
||||
+
|
||||
Then, run the following command to create your account roles with the environmental variable:
|
||||
+
|
||||
[source,terminal]
|
||||
----
|
||||
$ rosa create account-roles --hosted-cp --prefix $ACCOUNT_ROLES_PREFIX
|
||||
----
|
||||
|
||||
For more information regarding AWS managed IAM policies for ROSA, see link:https://docs.aws.amazon.com/ROSA/latest/userguide/security-iam-awsmanpol.html[AWS managed IAM policies for ROSA].
|
||||
For more information regarding AWS managed IAM policies for ROSA, see link:https://docs.aws.amazon.com/ROSA/latest/userguide/security-iam-awsmanpol.html[AWS managed IAM policies for ROSA].
|
||||
@@ -23,7 +23,7 @@ If you choose to manually create your Virtual Private Cloud (VPC) instead of usi
|
||||
| You need one availability zone for a single zone, and you need three for availability zones for multi-zone.
|
||||
|
||||
| Public subnet
|
||||
| You must have one public subnet with a NAT gateway.
|
||||
| You must have one public subnet with a NAT gateway for public clusters. Private clusters do not need a public subnet.
|
||||
|
||||
| DNS hostname and resolution
|
||||
| You must ensure that the DNS hostname and resolution are enabled.
|
||||
|
||||
81
modules/rosa-hcp-vpc-subnet-tagging.adoc
Normal file
81
modules/rosa-hcp-vpc-subnet-tagging.adoc
Normal file
@@ -0,0 +1,81 @@
|
||||
// Module included in the following assemblies:
|
||||
//
|
||||
// * rosa_hcp/rosa-hcp-sts-creating-a-cluster-quickly.adoc
|
||||
:_mod-docs-content-type: PROCEDURE
|
||||
[id="rosa-hcp-vpc-subnet-tagging_{context}"]
|
||||
= Tagging your subnets
|
||||
|
||||
Before you can use your VPC to create a {hcp-title} cluster, you must tag your VPC subnets. Automated service preflight checks verify that these resources are tagged correctly before you can use these resources. The following table shows how your resources should be tagged as the following:
|
||||
|
||||
[cols="3a,8a,8a", options="header"]
|
||||
|===
|
||||
| Resource
|
||||
| Key
|
||||
| Value
|
||||
|
||||
| Public subnet
|
||||
| `kubernetes.io/role/elb`
|
||||
| `1` or no value
|
||||
|
||||
| Private subnet
|
||||
| `kubernetes.io/role/internal-elb`
|
||||
| `1` or no value
|
||||
|
||||
|===
|
||||
|
||||
[NOTE]
|
||||
====
|
||||
You must tag at least one private subnet and, if applicable, and one public subnet.
|
||||
====
|
||||
|
||||
.Prerequisites
|
||||
|
||||
* You have created a VPC.
|
||||
* You have installed the `aws` CLI.
|
||||
|
||||
.Procedure
|
||||
|
||||
. Verify the tags currently on your subnet by running the following command:
|
||||
+
|
||||
[source,terminal]
|
||||
----
|
||||
$ aws ec2 describe-tags --filters "Name=resource-id,Values=<subnet-id>"
|
||||
----
|
||||
+
|
||||
.Example output
|
||||
+
|
||||
[source,text]
|
||||
----
|
||||
TAGS Name <subnet-id> subnet <prefix>-subnet-public1-us-east-1a
|
||||
----
|
||||
|
||||
. Tag your resources in your terminal by running the following commands:
|
||||
.. For public subnets, run:
|
||||
+
|
||||
[source,terminal]
|
||||
----
|
||||
$ aws ec2 create-tags --resources <public-subnet-id> --tags Key=kubernetes.io/role/elb,Value=1
|
||||
----
|
||||
.. For private subnets, run:
|
||||
+
|
||||
[source,terminal]
|
||||
----
|
||||
$ aws ec2 create-tags --resources <private-subnet-id> --tags Key=kubernetes.io/role/internal-elb,Value=1
|
||||
----
|
||||
|
||||
.Verification
|
||||
|
||||
. Verify that the tag is correctly applied by running the following command:
|
||||
+
|
||||
[source,terminal]
|
||||
----
|
||||
$ aws ec2 describe-tags --filters "Name=resource-id,Values=<subnet_id>"
|
||||
----
|
||||
+
|
||||
.Example output
|
||||
+
|
||||
[source,text]
|
||||
----
|
||||
TAGS Name <subnet-id> subnet <prefix>-subnet-public1-us-east-1a
|
||||
TAGS kubernetes.io/role/elb <subnet-id> subnet 1
|
||||
----
|
||||
@@ -92,7 +92,9 @@ include::modules/rosa-hcp-vpc-terraform.adoc[leveloffset=+3]
|
||||
* See the link:https://github.com/openshift-cs/terraform-vpc-example[Terraform VPC] repository for a detailed list of all options available when customizing the VPC for your needs.
|
||||
|
||||
[discrete]
|
||||
include::modules/rosa-hcp-vpc-manual.adoc[leveloffset=+3]
|
||||
include::modules/rosa-hcp-vpc-manual.adoc[leveloffset=+2]
|
||||
[discrete]
|
||||
include::modules/rosa-hcp-vpc-subnet-tagging.adoc[leveloffset=+2]
|
||||
|
||||
[role="_additional-resources"]
|
||||
[id="additional-resources_rosa-hcp-vpc-aws"]
|
||||
@@ -100,6 +102,7 @@ include::modules/rosa-hcp-vpc-manual.adoc[leveloffset=+3]
|
||||
|
||||
* link:https://docs.aws.amazon.com/vpc/latest/userguide/vpc-getting-started.html[Get Started with Amazon VPC]
|
||||
* link:https://developer.hashicorp.com/terraform[HashiCorp Terraform documentation]
|
||||
* link:https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.2/deploy/subnet_discovery/[Subnet Auto Discovery]
|
||||
|
||||
include::modules/rosa-hcp-creating-account-wide-sts-roles-and-policies.adoc[leveloffset=+2]
|
||||
|
||||
|
||||
Reference in New Issue
Block a user