OSDOCS-2950: Adding support default IPI cluster installation to Azure Stack Hub

2026-02-05 12:46:18 +01:00 · 2021-11-18 18:32:59 -05:00
parent 49af640444
commit 4889eba5e3
25 changed files with 525 additions and 61 deletions
--- a/_topic_maps/_topic_map.yml
+++ b/_topic_maps/_topic_map.yml
@@ -177,10 +177,12 @@ Topics:
    File: preparing-to-install-on-azure-stack-hub
  - Name: Configuring an Azure Stack Hub account
    File: installing-azure-stack-hub-account
-  - Name: Manually creating IAM for Azure Stack Hub
-    File: manually-creating-iam-azure-stack-hub
+  - Name: Installing a cluster on Azure Stack Hub with an installer-provisioned infrastructure
+    File: installing-azure-stack-hub-default
  - Name: Installing a cluster on Azure Stack Hub using ARM templates
    File: installing-azure-stack-hub-user-infra
+  - Name: Uninstalling a cluster on Azure Stack Hub
+    File: uninstalling-cluster-azure-stack-hub
 - Name: Installing on GCP
  Dir: installing_gcp
  Distros: openshift-origin,openshift-enterprise
--- a/installing/installing-preparing.adoc
+++ b/installing/installing-preparing.adoc
@@ -48,7 +48,7 @@ Because you need to provision machines as part of the {product-title} cluster in

 Because the operating system is integral to {product-title}, it is easier to let the installation program for {product-title} stand up all of the infrastructure. These are called _installer provisioned infrastructure_ installations. In this type of installation, you can provide some existing infrastructure to the cluster, but the installation program deploys all of the machines that your cluster initially needs.

-You can deploy an installer-provisioned infrastructure cluster without specifying any customizations to the cluster or its underlying machines to xref:../installing/installing_aws/installing-aws-default.adoc#installing-aws-default[AWS], xref:../installing/installing_azure/installing-azure-default.adoc#installing-azure-default[Azure], xref:../installing/installing_gcp/installing-gcp-default.adoc#installing-gcp-default[GCP], or xref:../installing/installing_vmc/installing-vmc.adoc#installing-vmc[VMC on AWS]. These installation methods are the fastest way to deploy a production-capable {product-title} cluster.
+You can deploy an installer-provisioned infrastructure cluster without specifying any customizations to the cluster or its underlying machines to xref:../installing/installing_aws/installing-aws-default.adoc#installing-aws-default[AWS], xref:../installing/installing_azure/installing-azure-default.adoc#installing-azure-default[Azure], xref:../installing/installing_azure_stack_hub/installing-azure-stack-hub-default.adoc#installing-azure-stack-hub-default[Azure Stack Hub], xref:../installing/installing_gcp/installing-gcp-default.adoc#installing-gcp-default[GCP], or xref:../installing/installing_vmc/installing-vmc.adoc#installing-vmc[VMC on AWS]. These installation methods are the fastest way to deploy a production-capable {product-title} cluster.

 If you need to perform basic configuration for your installer-provisioned infrastructure cluster, such as the instance type for the cluster machines, you can customize an installation for xref:../installing/installing_aws/installing-aws-customizations.adoc#installing-aws-customizations[AWS], xref:../installing/installing_azure/installing-azure-customizations.adoc#installing-azure-customizations[Azure], xref:../installing/installing_gcp/installing-gcp-customizations.adoc#installing-gcp-customizations[GCP], or xref:../installing/installing_vmc/installing-vmc-customizations.adoc#installing-vmc-customizations[VMC on AWS].

@@ -121,7 +121,7 @@ Not all installation options are supported for all platforms, as shown in the fo
 .Installer-provisioned infrastructure options
 |===
 ifndef::openshift-origin[]
-||AWS (x86_64) |AWS (arm64) |Azure |GCP |{rh-openstack} |{rh-openstack} on SR-IOV |RHV |Bare metal |vSphere |VMC |IBM Z |IBM Power
+||AWS (x86_64) |AWS (arm64) |Azure |Azure Stack Hub |GCP |{rh-openstack} |{rh-openstack} on SR-IOV |RHV |Bare metal |vSphere |VMC |IBM Z |IBM Power
 endif::openshift-origin[]
 ifdef::openshift-origin[]
 ||AWS |Azure |GCP |{rh-openstack} |{rh-openstack} on SR-IOV |oVirt |Bare metal |vSphere |VMC |IBM Z |IBM Power
@@ -131,6 +131,7 @@ endif::openshift-origin[]
 |xref:../installing/installing_aws/installing-aws-default.adoc#installing-aws-default[X]
 |xref:../installing/installing_aws/installing-aws-default.adoc#installing-aws-default[X]
 |xref:../installing/installing_azure/installing-azure-default.adoc#installing-azure-default[X]
+|xref:../installing/installing_azure_stack_hub/installing-azure-stack-hub-default.adoc#installing-azure-stack-hub-default[X]
 |xref:../installing/installing_gcp/installing-gcp-default.adoc#installing-gcp-default[X]
 |
 |
@@ -145,6 +146,7 @@ endif::openshift-origin[]
 |xref:../installing/installing_aws/installing-aws-customizations.adoc#installing-aws-customizations[X]
 |xref:../installing/installing_aws/installing-aws-customizations.adoc#installing-aws-customizations[X]
 |xref:../installing/installing_azure/installing-azure-customizations.adoc#installing-azure-customizations[X]
+|xref:../installing/installing_azure_stack_hub/installing-azure-stack-hub-default.adoc#installing-azure-stack-hub-default[X]
 |xref:../installing/installing_gcp/installing-gcp-customizations.adoc#installing-gcp-customizations[X]
 |xref:../installing/installing_openstack/installing-openstack-installer-custom.adoc#installing-openstack-installer-custom[X]
 |xref:../installing/installing_openstack/installing-openstack-installer-sr-iov.adoc#installing-openstack-installer-sr-iov[X]
@@ -159,6 +161,7 @@ endif::openshift-origin[]
 |xref:../installing/installing_aws/installing-aws-network-customizations.adoc#installing-aws-network-customizations[X]
 |xref:../installing/installing_aws/installing-aws-network-customizations.adoc#installing-aws-network-customizations[X]
 |xref:../installing/installing_azure/installing-azure-network-customizations.adoc#installing-azure-network-customizations[X]
+|
 |xref:../installing/installing_gcp/installing-gcp-network-customizations.adoc#installing-gcp-network-customizations[X]
 |xref:../installing/installing_openstack/installing-openstack-installer-kuryr.adoc#installing-openstack-installer-kuryr[X]
 |
@@ -173,6 +176,7 @@ endif::openshift-origin[]
 |xref:../installing/installing_aws/installing-restricted-networks-aws-installer-provisioned.adoc#installing-restricted-networks-aws-installer-provisioned[X]
 |
 |
+|
 |xref:../installing/installing_gcp/installing-restricted-networks-gcp-installer-provisioned.adoc#installing-restricted-networks-gcp-installer-provisioned[X]
 |xref:../installing/installing_openstack/installing-openstack-installer-restricted.adoc#installing-openstack-installer-restricted[X]
 |
@@ -187,6 +191,7 @@ endif::openshift-origin[]
 |xref:../installing/installing_aws/installing-aws-private.adoc#installing-aws-private[X]
 |xref:../installing/installing_aws/installing-aws-private.adoc#installing-aws-private[X]
 |xref:../installing/installing_azure/installing-azure-private.adoc#installing-azure-private[X]
+|
 |xref:../installing/installing_gcp/installing-gcp-private.adoc#installing-gcp-private[X]
 |
 |
@@ -201,6 +206,7 @@ endif::openshift-origin[]
 |xref:../installing/installing_aws/installing-aws-vpc.adoc#installing-aws-vpc[X]
 |xref:../installing/installing_aws/installing-aws-vpc.adoc#installing-aws-vpc[X]
 |xref:../installing/installing_azure/installing-azure-vnet.adoc#installing-azure-vnet[X]
+|
 |xref:../installing/installing_gcp/installing-gcp-vpc.adoc#installing-gcp-vpc[X]
 |
 |
@@ -224,6 +230,7 @@ endif::openshift-origin[]
 |
 |
 |
+|

 |China regions
 |xref:../installing/installing_aws/installing-aws-china.adoc#installing-aws-china-region[X]
@@ -238,7 +245,7 @@ endif::openshift-origin[]
 |
 |
 |
-
+|
 |===

 .User-provisioned infrastructure options
--- a/installing/installing_azure_stack_hub/installing-azure-stack-hub-account.adoc
+++ b/installing/installing_azure_stack_hub/installing-azure-stack-hub-account.adoc
@@ -29,5 +29,6 @@ include::modules/installation-azure-service-principal.adoc[leveloffset=+1]
 [id="next-steps_installing-azure-stack-hub-account"]
 == Next steps

-* Configure your Azure Stack Hub credentials by following xref:../../installing/installing_azure_stack_hub/manually-creating-iam-azure-stack-hub.adoc#manually-creating-iam-azure-stack-hub[Manually creating IAM for Azure Stack Hub].
-* Install an {product-title} cluster on Azure Stack Hub with user-provisioned infrastructure by following xref:../../installing/installing_azure_stack_hub/installing-azure-stack-hub-user-infra.adoc#installing-azure-stack-hub-user-infra[Installing a cluster on Azure Stack Hub using ARM templates].
+* Install an {product-title} cluster:
+** xref:../../installing/installing_azure_stack_hub/installing-azure-stack-hub-default.adoc#installing-azure-stack-hub-default[Installing a cluster quickly on Azure Stack Hub].
+** Install an {product-title} cluster on Azure Stack Hub with user-provisioned infrastructure by following xref:../../installing/installing_azure_stack_hub/installing-azure-stack-hub-user-infra.adoc#installing-azure-stack-hub-user-infra[Installing a cluster on Azure Stack Hub using ARM templates].
--- a/installing/installing_azure_stack_hub/installing-azure-stack-hub-default.adoc
+++ b/installing/installing_azure_stack_hub/installing-azure-stack-hub-default.adoc
@@ -0,0 +1,73 @@
+:_content-type: ASSEMBLY
+[id="installing-azure-stack-hub-default"]
+= Installing a cluster on Azure Stack Hub with an installer-provisioned infrastructure
+include::modules/common-attributes.adoc[]
+:context: installing-azure-stack-hub-default
+
+toc::[]
+
+In {product-title} version {product-version}, you can install a cluster on Microsoft Azure Stack Hub with an installer-provisioned infrastructure. However, you must manually configure the `install-config.yaml` file to specify values that are specific to Azure Stack Hub.
+
+[NOTE]
+====
+While you can select `azure` when using the installation program to deploy a cluster using installer-provisioned infrastructure, this option is only supported for the Azure Public Cloud.
+====
+
+[id="prerequisites_installing-azure-stack-hub-default"]
+== Prerequisites
+
+* You reviewed details about the xref:../../architecture/architecture-installation.adoc#architecture-installation[{product-title} installation and update] processes.
+* You read the documentation on xref:../../installing/installing-preparing.adoc#installing-preparing[selecting a cluster installation method and preparing it for users].
+* You xref:../../installing/installing_azure_stack_hub/installing-azure-stack-hub-account.adoc#installing-azure-stack-hub-account[configured an Azure Stack Hub account] to host the cluster.
+* If you use a firewall, you xref:../../installing/install_config/configuring-firewall.adoc#configuring-firewall[configured it to allow the sites] that your cluster requires access to.
+* You verified that you have approximately 16 GB of local disk space. Installing the cluster requires that you download the {op-system} virtual hard disk (VHD) cluster image and upload it to your Azure Stack Hub environment so that it is accessible during deployment. Decompressing the VHD files requires this amount of local disk space.
+
+include::modules/cluster-entitlements.adoc[leveloffset=+1]
+
+include::modules/ssh-agent-using.adoc[leveloffset=+1]
+
+include::modules/installation-azure-user-infra-uploading-rhcos.adoc[leveloffset=+1]
+
+include::modules/installation-obtaining-installer.adoc[leveloffset=+1]
+
+include::modules/installation-initializing-manual.adoc[leveloffset=+1]
+include::modules/installation-configuration-parameters.adoc[leveloffset=+2]
+include::modules/installation-azure-stack-hub-config-yaml.adoc[leveloffset=+2]
+
+include::modules/manually-create-identity-access-management.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+[id="additional-resources_installing-azure-stack-hub-default-cco"]
+.Additional resources
+* xref:../../updating/updating-cluster-within-minor.adoc#manually-maintained-credentials-upgrade_updating-cluster-within-minor[Updating a cluster within a minor version using the web console]
+* xref:../../updating/updating-cluster-cli.adoc#manually-maintained-credentials-upgrade_updating-cluster-cli[Updating a cluster within a minor version using the CLI]
+
+include::modules/azure-stack-hub-internal-ca.adoc[leveloffset=+1]
+
+include::modules/installation-launching-installer.adoc[leveloffset=+1]
+
+include::modules/cli-installing-cli.adoc[leveloffset=+1]
+
+include::modules/cli-logging-in-kubeadmin.adoc[leveloffset=+1]
+
+include::modules/logging-in-by-using-the-web-console.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+[id="additional-resources_installing-azure-stack-hub-default-console"]
+.Additional resources
+* xref:../../web_console/web-console.adoc#web-console[Accessing the web console]
+
+include::modules/cluster-telemetry.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+[id="additional-resources_installing-azure-stack-hub-default-telemetry"]
+.Additional resources
+* xref:../../support/remote_health_monitoring/about-remote-health-monitoring.adoc#about-remote-health-monitoring[About remote health monitoring]
+
+[id="next-steps_installing-azure-stack-hub-default"]
+== Next steps
+
+* xref:../../installing/validating-an-installation.adoc#validating-an-installation[Validating an installation].
+* xref:../../post_installation_configuration/cluster-tasks.adoc#available_cluster_customizations[Customize your cluster].
+* If necessary, you can xref:../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#opting-out-remote-health-reporting_opting-out-remote-health-reporting[opt out of remote health reporting].
+* If necessary, you can xref:../../authentication/managing_cloud_provider_credentials/cco-mode-mint.adoc#manually-removing-cloud-creds_cco-mode-mint[remove cloud provider credentials].
--- a/installing/installing_azure_stack_hub/manually-creating-iam-azure-stack-hub.adoc
+++ b/installing/installing_azure_stack_hub/manually-creating-iam-azure-stack-hub.adoc
@@ -22,11 +22,13 @@ include::modules/alternatives-to-storing-admin-secrets-in-kube-system.adoc[level

 include::modules/manually-create-identity-access-management.adoc[leveloffset=+1]

-//include::modules/admin-credentials-root-secret-formats.adoc[leveloffset=+1]
+include::modules/admin-credentials-root-secret-formats.adoc[leveloffset=+1]

 include::modules/manually-maintained-credentials-upgrade.adoc[leveloffset=+1]

 [id="next-steps_manually-creating-iam-azure-stack-hub"]
 == Next steps

-* Install an {product-title} cluster on Azure Stack Hub with user-provisioned infrastructure by following xref:../../installing/installing_azure_stack_hub/installing-azure-stack-hub-user-infra.adoc#installing-azure-stack-hub-user-infra[Installing a cluster on Azure Stack Hub using ARM templates].
+* Install an {product-title} cluster:
+** xref:../../installing/installing_azure_stack_hub/installing-azure-stack-hub-default.adoc#installing-azure-stack-hub-default[Installing a cluster quickly on Azure Stack Hub].
+** xref:../../installing/installing_azure_stack_hub/installing-azure-stack-hub-user-infra.adoc#installing-azure-stack-hub-user-infra[Installing a cluster on Azure Stack Hub using ARM templates].
--- a/installing/installing_azure_stack_hub/preparing-to-install-on-azure-stack-hub.adoc
+++ b/installing/installing_azure_stack_hub/preparing-to-install-on-azure-stack-hub.adoc
@@ -15,17 +15,24 @@ toc::[]
 [id="requirements-for-installing-ocp-on-ash"]
 == Requirements for installing {product-title} on Azure Stack Hub

-Before installing {product-title} on Microsoft Azure Stack Hub, you must configure an Azure account. See xref:../../installing/installing_azure_stack_hub/installing-azure-stack-hub-account.adoc#installing-azure-stack-hub-account[Configuring an Azure Stack Hub account] for details about account configuration, account limits, DNS zone configuration, required roles, and creating service principals.
+Before installing {product-title} on Microsoft Azure Stack Hub, you must configure an Azure account.

-You must manually manage your cloud credentials when installing a cluster to Azure Stack Hub. Do this by configuring the Cloud Credential Operator (CCO) for manual mode before you install the cluster. For more information, see xref:../../installing/installing_azure/manually-creating-iam-azure.adoc#manually-creating-iam-azure[Manually creating IAM for Azure].
+See xref:../../installing/installing_azure_stack_hub/installing-azure-stack-hub-account.adoc#installing-azure-stack-hub-account[Configuring an Azure Stack Hub account] for details about account configuration, account limits, DNS zone configuration, required roles, and creating service principals.

 [id="choosing-a-method-to-install-ocp-on-ash"]
 == Choosing a method to install {product-title} on Azure Stack Hub

-You can install {product-title} on Azure Stack Hub using user-provisioned infrastructure. This means you must manage and maintain the cluster resources yourself. Installing {product-title} on Azure Stack Hub using an installation program that automatically provisions the cluster infrastructure is not supported at this time.
+You can install {product-title} on installer-provisioned or user-provisioned infrastructure. The default installation type uses installer-provisioned infrastructure, where the installation program provisions the underlying infrastructure for the cluster. You can also install {product-title} on infrastructure that you provision. If you do not use infrastructure that the installation program provisions, you must manage and maintain the cluster resources yourself.

 See xref:../../architecture/architecture-installation.adoc#installation-process_architecture-installation[Installation process] for more information about installer-provisioned and user-provisioned installation processes.

+[id="choosing-a-method-to-install-ocp-on-ash-installer-provisioned"]
+=== Installing a cluster on installer-provisioned infrastructure
+
+You can install a cluster on Azure Stack Hub infrastructure that is provisioned by the {product-title} installation program, by using the following method:
+
+* **xref:../../installing/installing_azure_stack_hub/installing-azure-stack-hub-default.adoc#installing-azure-stack-hub-default[Installing a cluster on Azure Stack Hub with an installer-provisioned infrastructure]**: You can install {product-title} on Azure Stack Hub infrastructure that is provisioned by the {product-title} installation program.
+
 [id="choosing-a-method-to-install-ocp-on-ash-user-provisioned"]
 === Installing a cluster on user-provisioned infrastructure

--- a/installing/installing_azure_stack_hub/uninstalling-cluster-azure-stack-hub.adoc
+++ b/installing/installing_azure_stack_hub/uninstalling-cluster-azure-stack-hub.adoc
@@ -0,0 +1,11 @@
+:_content-type: ASSEMBLY
+[id="uninstalling-cluster-azure-stack-hub"]
+= Uninstalling a cluster on Azure Stack Hub
+include::modules/common-attributes.adoc[]
+:context: uninstall-cluster-azure-stack-hub
+
+toc::[]
+
+You can remove a cluster that you deployed to Azure Stack Hub.
+
+include::modules/installation-uninstall-clouds.adoc[leveloffset=+1]
--- a/modules/azure-stack-hub-internal-ca.adoc
+++ b/modules/azure-stack-hub-internal-ca.adoc
@@ -0,0 +1,34 @@
+// Module included in the following assemblies:
+//
+// *installing/installing_azure_stack_hub/installing-azure-stack-hub-default.adoc
+
+:_content-type: PROCEDURE
+[id="internal-certificate-authority_{context}"]
+= Configuring the cluster to use an internal CA
+
+If the Azure Stack Hub environment is using an internal Certificate Authority (CA), update the `cluster-proxy-01-config.yaml file` to configure the cluster to use the internal CA.
+
+.Prerequisites
+
+* Create the `install-config.yaml` file and specify the certificate trust bundle in `.pem` format.
+* Create the cluster manifests.
+
+.Procedure
+
+. From the directory in which the installation program creates files, go to the `manifests` directory.
+. Add `user-ca-bundle` to  the `spec.trustedCA.name` field.
+
+.Example `cluster-proxy-01-config.yaml` file
+[source,yaml]
+----
+apiVersion: config.openshift.io/v1
+kind: Proxy
+metadata:
+  creationTimestamp: null
+  name: cluster
+spec:
+  trustedCA:
+    name: user-ca-bundle
+status: {}
+----
+. Optional: Back up the `manifests/ cluster-proxy-01-config.yaml` file. The installation program consumes the `manifests/` directory when you you deploy the cluster.
--- a/modules/cli-installing-cli.adoc
+++ b/modules/cli-installing-cli.adoc
@@ -17,6 +17,7 @@
 // * installing/installing_azure/installing-azure-private.adoc
 // * installing/installing_azure/installing-azure-vnet.adoc
 // * installing/installing_azure/installing-azure-user-infra.adoc
+// * installing/installing_azure_stack_hub/installing-azure-stack-hub-default.adoc
 // * installing/installing_azure_stack_hub/installing-azure-stack-hub-user-infra.adoc
 // * installing/installing_bare_metal/installing-bare-metal.adoc
 // * installing/installing_gcp/installing-gcp-customizations.adoc
--- a/modules/cli-logging-in-kubeadmin.adoc
+++ b/modules/cli-logging-in-kubeadmin.adoc
@@ -16,6 +16,7 @@
 // * installing/installing_azure/installing-azure-private.adoc
 // * installing/installing_azure/installing-azure-vnet.adoc
 // * installing/installing_azure/installing-azure-user-infra.adoc
+// * installing/installing_azure_stack_hub/installing-azure-stack-hub-default.adoc
 // * installing/installing_azure_stack_hub/installing-azure-stack-hub-user-infra.adoc
 // * installing/installing_bare_metal/installing-bare-metal.adoc
 // * installing/installing_gcp/installing-gcp-customizations.adoc
--- a/modules/cluster-entitlements.adoc
+++ b/modules/cluster-entitlements.adoc
@@ -17,6 +17,7 @@
 // * installing/installing_ibm_z/installing-ibm-z.adoc
 // * installing/installing_azure/installing-azure-vnet.adoc
 // * installing/installing_azure/installing-azure-user-infra.adoc
+// * installing/installing_azure_stack_hub/installing-azure-stack-hub-default.adoc
 // * installing/installing_azure_stack_hub/installing-azure-stack-hub-user-infra.adoc
 // * installing/installing_azure/installing-azure-default.adoc
 // * installing/installing_azure/installing-azure-network-customizations.adoc
--- a/modules/cluster-telemetry.adoc
+++ b/modules/cluster-telemetry.adoc
@@ -17,6 +17,7 @@
 // * installing/installing_ibm_z/installing-ibm-z.adoc
 // * installing/installing_azure/installing-azure-vnet.adoc
 // * installing/installing_azure/installing-azure-user-infra.adoc
+// * installing/installing_azure_stack_hub/installing-azure-stack-hub-default.adoc
 // * installing/installing_azure_stack_hub/installing-azure-stack-hub-user-infra.adoc
 // * installing/installing_azure/installing-azure-default.adoc
 // * installing/installing_azure/installing-azure-network-customizations.adoc
--- a/modules/installation-azure-limits.adoc
+++ b/modules/installation-azure-limits.adoc
@@ -101,17 +101,14 @@ zones, the installation program places more than one control plane machine in th
 available zones.
 endif::ash[]

+ifndef::ash[]
 |OS Disk
 |7
-ifndef::ash[]
 |
-endif::ash[]
-|VM OS disk must be able to sustain a minimum throughput of 5000 IOPS / 200MBps. This throughput can be provided by having a minimum of 1 TiB Premium SSD (P30). In {cp}, disk performance is directly dependent on SSD disk sizes, so to achieve the throughput supported by
-ifndef::ash[`Standard_D8s_v3`,]
-ifdef::ash[`Standard_DS4_v2`,]
-or other similar machine types available, and the target of 5000 IOPS, at least a P30 disk is required.
+|VM OS disk must be able to sustain a minimum throughput of 5000 IOPS / 200MBps. This throughput can be provided by having a minimum of 1 TiB Premium SSD (P30). In {cp}, disk performance is directly dependent on SSD disk sizes, so to achieve the throughput supported by `Standard_D8s_v3`, or other similar machine types available, and the target of 5000 IOPS, at least a P30 disk is required.

 Host caching must be set to `ReadOnly` for low read latency and high read IOPS and throughput. The reads performed from the cache, which is present either in the VM memory or in the local SSD disk, are much faster than the reads from the data disk, which is in the blob storage.
+endif::ash[]

 |VNet
 | 1
--- a/modules/installation-azure-stack-hub-config-yaml.adoc
+++ b/modules/installation-azure-stack-hub-config-yaml.adoc
@@ -1,9 +1,17 @@
 // Module included in the following assemblies:
 //
 // * installing/installing_azure_stack_hub/installing-azure-stack-hub-user-infra.adoc
+// * installing/installing_azure_stack_hub/installing-azure-stack-hub-default.adoc
+
+ifeval::["{context}" == "installing-azure-stack-hub-user-infra"]
+:ash:
+endif::[]
+ifeval::["{context}" == "installing-azure-stack-hub-default"]
+:ash-default:
+endif::[]

 [id="installation-azure-stack-hub-config-yaml_{context}"]
-= Sample customized `install-config.yaml` file for Azure Stack Hub
+= Sample customized install-config.yaml file for Azure Stack Hub

 You can customize the `install-config.yaml` file to specify more details about your {product-title} cluster's platform or modify the values of the required parameters.

@@ -12,6 +20,7 @@ You can customize the `install-config.yaml` file to specify more details about y
 This sample YAML file is provided for reference only. Use it as a resource to enter parameter values into the installation configuration file that you created manually.
 ====

+ifdef::ash[]
 [source,yaml]
 ----
 apiVersion: v1
@@ -91,3 +100,103 @@ endif::openshift-origin[]
 ====
 For production {product-title} clusters on which you want to perform installation debugging or disaster recovery, specify an SSH key that your `ssh-agent` process uses.
 ====
+endif::ash[]
+
+ifdef::ash-default[]
+[source,yaml]
+----
+apiVersion: v1
+baseDomain: example.com <1>
+credentialsMode: Manual
+controlPlane: <2> <3>
+  name: master
+  replicas: 3
+compute: <2>
+- name: worker
+  platform: {}
+  replicas: 3
+metadata:
+  name: test-cluster <1> <4>
+networking:
+  clusterNetwork:
+  - cidr: 10.128.0.0/14
+    hostPrefix: 23
+  machineNetwork:
+  - cidr: 10.0.0.0/16
+ifndef::openshift-origin[]
+  networkType: OpenShiftSDN
+endif::openshift-origin[]
+ifdef::openshift-origin[]
+  networkType: OVNKubernetes
+endif::openshift-origin[]
+  serviceNetwork:
+  - 172.30.0.0/16
+platform:
+  azure:
+    armEndpoint: azurestack_arm_endpoint <1> <5>
+    baseDomainResourceGroupName: resource_group <1> <6>
+    region: azure_stack_local_region <1> <7>
+    resourceGroupName: existing_resource_group <8>
+    outboundType: Loadbalancer
+    cloudName: AzureStackCloud <1>
+    clusterOSimage: https://vhdsa.blob.example.example.com/vhd/rhcos-410.84.202112040202-0-azurestack.x86_64.vhd <1> <9>
+pullSecret: '{"auths": ...}' <1> <10>
+ifndef::openshift-origin[]
+fips: false <11>
+sshKey: ssh-ed25519 AAAA... <12>
+endif::openshift-origin[]
+ifdef::openshift-origin[]
+sshKey: ssh-ed25519 AAAA...<11>
+endif::openshift-origin[]
+ifndef::openshift-origin[]
+additionalTrustBundle: | <13>
+endif::openshift-origin[]
+ifdef::openshift-origin[]
+additionalTrustBundle: | <12>
+endif::openshift-origin[]
+    -----BEGIN CERTIFICATE-----
+    <MY_TRUSTED_CA_CERT>
+    -----END CERTIFICATE-----
+----
+<1> Required.
+<2> If you do not provide these parameters and values, the installation program provides the default value.
+<3> The `controlPlane` section is a single mapping, but the `compute` section is a sequence of mappings. To meet the requirements of the different data structures, the first line of the `compute` section must begin with a hyphen, `-`, and the first line of the `controlPlane` section must not. Although both sections currently define a single machine pool, it is possible that future versions of {product-title} will support defining multiple compute pools during installation. Only one control plane pool is used.
+<4> The name of the cluster.
+<5> The Azure Resource Manager endpoint that your Azure Stack Hub operator provides.
+<6> The name of the resource group that contains the DNS zone for your base domain.
+<7> The name of your Azure Stack Hub local region.
+<8> The name of an existing resource group to install your cluster to. If undefined, a new resource group is created for the cluster.
+<9> The URL of a storage blob in the Azure Stack environment that contains an {op-system} VHD.
+<10> The pull secret required to authenticate your cluster.
+ifndef::openshift-origin[]
+<11> Whether to enable or disable FIPS mode. By default, FIPS mode is not enabled. If FIPS mode is enabled, the {op-system-first} machines that {product-title} runs on bypass the default Kubernetes cryptography suite and use the cryptography modules that are provided with {op-system} instead.
+
+[IMPORTANT]
+====
+The use of FIPS Validated / Modules in Process cryptographic libraries is only supported on {product-title} deployments on the `x86_64` architecture.
+====
+<12> You can optionally provide the `sshKey` value that you use to access the machines in your cluster.
+endif::openshift-origin[]
+ifdef::openshift-origin[]
+<11> You can optionally provide the `sshKey` value that you use to access the machines in your cluster.
+endif::openshift-origin[]
+
+[NOTE]
+====
+For production {product-title} clusters on which you want to perform installation debugging or disaster recovery, specify an SSH key that your `ssh-agent` process uses.
+====
+ifndef::openshift-origin[]
+<13> If the Azure Stack Hub environment is using an internal Certificate Authority (CA), adding the CA certificate is required.
+endif::openshift-origin[]
+ifdef::openshift-origin[]
+<12> If the Azure Stack Hub environment is using an internal Certificate Authority (CA), adding the CA certificate is required.
+endif::openshift-origin[]
+
+endif::ash-default[]
+
+ifeval::["{context}" == "installing-azure-stack-hub-user-infra"]
+:!ash:
+endif::[]
+ifeval::["{context}" == "installing-azure-stack-hub-default"]
+:!ash-default:
+endif::[]
--- a/modules/installation-azure-user-infra-uploading-rhcos.adoc
+++ b/modules/installation-azure-user-infra-uploading-rhcos.adoc
@@ -2,6 +2,7 @@
 //
 // * installing/installing_azure/installing-azure-user-infra.adoc
 // * installing/installing_azure_stack_hub/installing-azure-stack-hub-user-infra.adoc
+// * installing/installing_azure_stack_hub/installing-azure-stack-hub-default.adoc

 ifeval::["{context}" == "installing-azure-user-infra"]
 :azure:
@@ -9,24 +10,38 @@ endif::[]
 ifeval::["{context}" == "installing-azure-stack-hub-user-infra"]
 :ash:
 endif::[]
+ifeval::["{context}" == "installing-azure-stack-hub-default"]
+:ash-ipi:
+endif::[]

 :_content-type: PROCEDURE
 [id="installation-azure-user-infra-uploading-rhcos_{context}"]
+ifndef::ash-ipi[]
 = Uploading the {op-system} cluster image and bootstrap Ignition config file
+endif::ash-ipi[]
+ifdef::ash-ipi[]
+= Uploading the {op-system} cluster image
+endif::ash-ipi[]

-The Azure client does not support deployments based on files existing locally;
-therefore, you must copy and store the {op-system} virtual hard disk (VHD)
-cluster image and bootstrap Ignition config file in a storage container so they
-are accessible during deployment.
+ifndef::ash-ipi[]
+The Azure client does not support deployments based on files existing locally. You
+must copy and store the {op-system} virtual hard disk (VHD) cluster image and bootstrap Ignition config file in a storage container so they are accessible during deployment.
+endif::ash-ipi[]
+
+ifdef::ash-ipi[]
+You must download the {op-system} virtual hard disk (VHD) cluster image and upload it to your Azure Stack Hub environment so that it is accessible during deployment.
+endif::ash-ipi[]

 .Prerequisites

 * Configure an Azure account.
-
+ifndef::ash-ipi[]
 * Generate the Ignition config files for your cluster.
+endif::ash-ipi[]

 .Procedure

+ifndef::ash-ipi[]
 . Create an Azure storage account to store the VHD cluster image:
 +
 [source,terminal]
@@ -62,7 +77,7 @@ endif::azure[]
 ifdef::ash[]
 [source,terminal]
 ----
-$ export COMPRESSED_VHD_URL=`openshift-install coreos print-stream-json | jq -r '.architectures.x86_64.artifacts.azurestack.formats."vhd.gz".disk.location'`
+$ export COMPRESSED_VHD_URL=$(openshift-install coreos print-stream-json | jq -r '.architectures.x86_64.artifacts.azurestack.formats."vhd.gz".disk.location')
 ----
 endif::ash[]
 +
@@ -92,11 +107,11 @@ $ curl -O -L ${COMPRESSED_VHD_URL}
 +
 [NOTE]
 ====
-The decompressed VHD file is approximately 16 GB, so be sure that your host system has 16 GB of free space available. The VHD file can be deleted once you have uploaded it.
+The decompressed VHD file is approximately 16 GB, so be sure that your host system has 16 GB of free space available. You can delete the VHD file after you upload it.
 ====
 endif::ash[]

-. Copy the chosen VHD to a blob:
+. Copy the local VHD to a blob:
 +
 ifdef::azure[]
 [source,terminal]
@@ -122,10 +137,37 @@ $ az storage container create --name files --account-name ${CLUSTER_NAME}sa --ac
 ----
 $ az storage blob upload --account-name ${CLUSTER_NAME}sa --account-key ${ACCOUNT_KEY} -c "files" -f "<installation_directory>/bootstrap.ign" -n "bootstrap.ign"
 ----
+endif::ash-ipi[]
+
+ifdef::ash-ipi[]
+. Obtain the {op-system} VHD cluster image:
+.. Export the URL of the {op-system} VHD to an environment variable.
+
+[source,terminal]
+----
+$ export COMPRESSED_VHD_URL=$(openshift-install coreos print-stream-json | jq -r '.architectures.x86_64.artifacts.azurestack.formats."vhd.gz".disk.location')
+----
+.. Download the compressed {op-system} VHD file locally.
+
+[source,terminal]
+----
+$ curl -O -L ${COMPRESSED_VHD_URL}
+----
+. Decompress the VHD file.
+
+[NOTE]
+====
+The decompressed VHD file is approximately 16 GB, so be sure that your host system has 16 GB of free space available. The VHD file can be deleted once you have uploaded it.
+====
+. Upload the the local VHD to the Azure Stack Hub environment, making sure that the blob is publicly available. For example, you can upload the VHD to a blob using the `az` cli or the web portal.
+endif::ash-ipi[]

 ifeval::["{context}" == "installing-azure-user-infra"]
 :!azure:
 endif::[]
 ifeval::["{context}" == "installing-azure-stack-hub-user-infra"]
 :!ash:
-endif::[]
+endif::[]
+ifeval::["{context}" == "installing-azure-stack-hub-default"]
+:!ash-ipi:
+endif::[]
--- a/modules/installation-configuration-parameters.adoc
+++ b/modules/installation-configuration-parameters.adoc
@@ -42,6 +42,7 @@
 // * installing/installing_vsphere/installing-restricted-networks-installer-provisioned-vsphere.adoc
 // * installing/installing_vsphere/installing-vsphere-installer-provisioned-customizations.adoc
 // * installing/installing_vsphere/installing-vsphere-installer-provisioned-network-customizations.adoc
+// * installing/installing_azure_stack_hub/installing-azure-stack-hub-default.adoc

 ifeval::["{context}" == "installing-aws-customizations"]
 :aws:
@@ -182,30 +183,28 @@ endif::[]
 ifeval::["{context}" == "installing-restricted-networks-ibm-power"]
 :ibm-power:
 endif::[]
+ifeval::["{context}" == "installing-azure-stack-hub-default"]
+:ash-default:
+endif::[]

 :_content-type: CONCEPT
 [id="installation-configuration-parameters_{context}"]
 = Installation configuration parameters

 // If install-config.yaml is generated by openshift-install
-ifndef::bare,ibm-power,ibm-z[]
+ifndef::bare,ibm-power,ibm-z,ash-default[]
 Before you deploy an {product-title} cluster, you provide parameter values to describe your account on the cloud platform that hosts your cluster and optionally customize your cluster's platform. When you create the `install-config.yaml` installation configuration file, you provide values for the required parameters through the command line. If you customize your cluster, you can modify the `install-config.yaml` file to provide more details about the platform.
-endif::bare,ibm-power,ibm-z[]
+endif::bare,ibm-power,ibm-z,ash-default[]
 // If the user manually creates install-config.yaml
-ifdef::bare,ibm-power,ibm-z[]
+ifdef::bare,ibm-power,ibm-z,ash-default[]
 Before you deploy an {product-title} cluster, you provide a customized `install-config.yaml` installation configuration file that describes the details for your environment.
-endif::bare,ibm-power,ibm-z[]
+endif::bare,ibm-power,ibm-z,ash-default[]

 [NOTE]
 ====
 After installation, you cannot modify these parameters in the `install-config.yaml` file.
 ====

-[IMPORTANT]
-====
-The `openshift-install` command does not validate field names for parameters. If an incorrect name is specified, the related file or object is not created, and no error is reported. Ensure that the field names for any parameters that are specified are correct.
-====
-
 [id="installation-configuration-parameters-required_{context}"]
 == Required configuration parameters

@@ -630,7 +629,7 @@ Optional AWS configuration parameters are described in the following table:

 |`compute.platform.aws.amiID`
 |The AWS AMI used to boot compute machines for the cluster. This is required for regions that require a custom {op-system} AMI.
-|Any published or custom {op-system} AMI that belongs to the set AWS region. See _RHCOS AMIs for AWS infrastructure_ for available AMI IDs.
+|Any published or custom {op-system} AMI that belongs to the set AWS region. See _{op-system} AMIs for AWS infrastructure_ for available AMI IDs.

 |`compute.platform.aws.iamRole`
 |A pre-existing AWS IAM role applied to the compute machine pool instance profiles. You can use these fields to match naming schemes and include predefined permissions boundaries for your IAM roles. If undefined, the installation program creates a new IAM role.
@@ -670,7 +669,7 @@ When running on ARM based AWS A1 instances, ensure that you enter a region where

 |`controlPlane.platform.aws.amiID`
 |The AWS AMI used to boot control plane machines for the cluster.  This is required for regions that require a custom {op-system} AMI.
-|Any published or custom {op-system} AMI that belongs to the set AWS region. See _RHCOS AMIs for AWS infrastructure_ for available AMI IDs.
+|Any published or custom {op-system} AMI that belongs to the set AWS region. See _{op-system} AMIs for AWS infrastructure_ for available AMI IDs.

 |`controlPlane.platform.aws.iamRole`
 |A pre-existing AWS IAM role applied to the control plane machine pool instance profiles. You can use these fields to match naming schemes and include predefined permissions boundaries for your IAM roles. If undefined, the installation program creates a new IAM role.
@@ -693,7 +692,7 @@ control plane machine pool.
 |`platform.aws.amiID`
 |The AWS AMI used to boot all machines for the cluster. If set, the AMI must
 belong to the same region as the cluster. This is required for regions that require a custom {op-system} AMI.
-|Any published or custom {op-system} AMI that belongs to the set AWS region. See _RHCOS AMIs for AWS infrastructure_ for available AMI IDs.
+|Any published or custom {op-system} AMI that belongs to the set AWS region. See _{op-system} AMIs for AWS infrastructure_ for available AMI IDs.

 |`platform.aws.hostedZone`
 |An existing Route 53 private hosted zone for the cluster. You can only use a pre-existing hosted zone when also supplying your own VPC. The hosted zone must already be associated with the user-provided VPC before installation. Also, the domain of the hosted zone must be the cluster domain or a parent of the cluster domain. If undefined, the installation program creates a new hosted zone.
@@ -1286,6 +1285,52 @@ Optional VMware vSphere machine pool configuration parameters are described in t

 endif::vsphere,vmc[]

+ifdef::ash-default[]
+[id="installation-configuration-parameters-additional-azure-stack-hub_{context}"]
+== Additional Azure Stack Hub configuration parameters
+
+Additional Azure configuration parameters are described in the following table:
+
+.Additional Azure Stack Hub parameters
+[cols=".^2,.^3a,.^3a",options="header"]
+|====
+|Parameter|Description|Values
+
+|`platform.azure.armEndpoint`
+|The URL of the Azure Resource Manager endpoint that your Azure Stack Hub operator provides.
+|String
+
+|`platform.azure.baseDomainResourceGroupName`
+|The name of the resource group that contains the DNS zone for your base domain.
+|String, for example `production_cluster`.
+
+|`platform.azure.region`
+|The name of your Azure Stack Hub local region.
+|String
+
+|`platform.azure.resourceGroupName`
+| The name of an already existing resource group to install your cluster to. If undefined, a new resource group is created for the cluster.
+|String, for example `existing_resource_group`.
+
+|`platform.azure.outboundType`
+|The outbound routing strategy used to connect your cluster to the internet. If
+you are using user-defined routing, you must have pre-existing networking
+available where the outbound routing has already been configured prior to
+installing a cluster. The installation program is not responsible for
+configuring user-defined routing.
+|`LoadBalancer` or `UserDefinedRouting`. The default is `LoadBalancer`.
+
+|`platform.azure.cloudName`
+|The name of the Azure cloud environment that is used to configure the Azure SDK with the appropriate Azure API endpoints.
+|`AzureStackCloud`
+
+|`clusterOSImage`
+|The URL of a storage blob in the Azure Stack environment that contains an {op-system} VHD.
+|String, for example, \https://vhdsa.blob.example.example.com/vhd/rhcos-410.84.202112040202-0-azurestack.x86_64.vhd
+
+|====
+endif::ash-default[]
+
 ifdef::bare[]
 :!bare:
 endif::bare[]
@@ -1410,3 +1455,6 @@ endif::[]
 ifeval::["{context}" == "installing-restricted-networks-ibm-power"]
 :!ibm-power:
 endif::[]
+ifeval::["{context}" == "installing-azure-stack-hub-default"]
+:!ash-default:
+endif::[]
--- a/modules/installation-initializing-manual.adoc
+++ b/modules/installation-initializing-manual.adoc
@@ -6,6 +6,7 @@
 // * installing/installing_azure/installing-azure-government-region.adoc
 // * installing/installing_azure/installing-azure-private.adoc
 // * installing/installing_azure_stack_hub/installing-azure-stack-hub-user-infra.adoc
+// * installing/installing_azure_stack_hub/installing-azure-stack-hub-default.adoc
 // * installing/installing_bare_metal/installing-bare-metal.adoc
 // * installing/installing_gcp/installing-gcp-private.adoc
 // * installing/installing_bare_metal/installing-restricted-networks-bare-metal.adoc
@@ -51,18 +52,21 @@ endif::[]
 ifeval::["{context}" == "installing-gcp-private"]
 :gcp-private:
 endif::[]
+ifeval::["{context}" == "installing-azure-stack-hub-default"]
+:ash-default:
+endif::[]

 :_content-type: PROCEDURE
 [id="installation-initializing-manual_{context}"]
 = Manually creating the installation configuration file

-ifndef::aws-china,aws-gov,aws-secret,ash,aws-private,azure-private,gcp-private[]
+ifndef::aws-china,aws-gov,aws-secret,azure-gov,ash,aws-private,azure-private,gcp-private,ash-default[]
 For user-provisioned installations of {product-title}, you manually generate your installation configuration file.
-endif::aws-china,aws-gov,aws-secret,ash,aws-private,azure-private,gcp-private[]
-ifdef::aws-china,aws-secret,aws-gov[]
+endif::aws-china,aws-gov,aws-secret,azure-gov,ash,aws-private,azure-private,gcp-private,ash-default[]
+ifdef::aws-china,aws-gov,aws-secret[]
 Installing the cluster requires that you manually generate the installation configuration file.
 //Made this update as part of feedback in PR3961. tl;dr Simply state you have to create the config file, instead of creating a number of conditions to explain why.
-endif::aws-china,aws-secret,aws-gov[]
+endif::aws-china,aws-gov,aws-secret[]
 ifdef::azure-gov[]
 When installing {product-title} on Microsoft Azure into a government region, you
 must manually generate your installation configuration file.
@@ -70,6 +74,9 @@ endif::azure-gov[]
 ifdef::aws-private,azure-private,gcp-private[]
 For installations of a private {product-title} cluster that are only accessible from an internal network and are not visible to the internet, you must manually generate your installation configuration file.
 endif::aws-private,azure-private,gcp-private[]
+ifdef::ash-default[]
+When installing {product-title} on Microsoft Azure Stack Hub, you must manually create your installation configuration file.
+endif::ash-default[]

 .Prerequisites

@@ -87,8 +94,7 @@ endif::restricted[]

 .Procedure

-. Create an installation directory to store your required installation assets
-in:
+. Create an installation directory to store your required installation assets in:
 +
 [source,terminal]
 ----
@@ -122,12 +128,12 @@ mirror the repository.
 endif::restricted[]
 +

-ifndef::aws-china,aws-gov,aws-secret,ash,azure-gov[]
+ifndef::aws-china,aws-gov,aws-secret,azure-gov,ash,ash-default[]
 [NOTE]
 ====
 For some platform types, you can alternatively run `./openshift-install create install-config --dir <installation_directory>` to generate an `install-config.yaml` file. You can provide details about your cluster configuration at the prompts.
 ====
-endif::aws-china,aws-gov,aws-secret,ash,azure-gov[]
+endif::aws-china,aws-gov,aws-secret,azure-gov,ash,ash-default[]
 ifdef::ash[]
 +
 Make the following modifications for Azure Stack Hub:
@@ -163,6 +169,19 @@ platform:
 <4> Specify the name of your Azure Stack Hub region.
 endif::ash[]

+ifdef::ash-default[]
+
+Make the following modifications:
+
+.. Specify the required installation parameters.
+
+.. Update the `platform.azure` section to specify the parameters that are specific to Azure Stack Hub.
+
+.. Optional: Update one or more of the default configuration parameters to customize the installation.
+
+For more information about the parameters, see "Installation configuration parameters".
+endif::ash-default[]
+
 . Back up the `install-config.yaml` file so that you can use it to install
 multiple clusters.
 +
@@ -205,3 +224,6 @@ endif::[]
 ifeval::["{context}" == "installing-gcp-private"]
 :!gcp-private:
 endif::[]
+ifeval::["{context}" == "installing-azure-stack-hub-default"]
+:!ash-default:
+endif::[]
--- a/modules/installation-launching-installer.adoc
+++ b/modules/installation-launching-installer.adoc
@@ -13,6 +13,7 @@
 // * installing/installing_azure/installing-azure-government-region.adoc
 // * installing/installing_azure/installing-azure-private.adoc
 // * installing/installing_azure/installing-azure-vnet.adoc
+// * installing/installing_azure_stack_hub/installing-azure-stack-hub-default.adoc
 // * installing/installing_gcp/installing-gcp-customizations.adoc
 // * installing/installing_gcp/installing-gcp-private.adoc
 // * installing/installing_gcp/installing-gcp-default.adoc
@@ -102,6 +103,10 @@ ifeval::["{context}" == "installing-azure-network-customizations"]
 :custom-config:
 :azure:
 endif::[]
+ifeval::["{context}" == "installing-azure-stack-hub-default"]
+:custom-config:
+:ash:
+endif::[]
 ifeval::["{context}" == "installing-openstack-installer-custom"]
 :osp:
 :custom-config:
@@ -237,7 +242,7 @@ The AWS access key ID and secret access key are stored in `~/.aws/credentials` i
 .. Select the AWS region to deploy the cluster to.
 .. Select the base domain for the Route 53 service that you configured for your cluster.
 endif::aws[]
-ifdef::azure[]
+ifdef::azure,ash[]
 .. Select *azure* as the platform to target.
 .. If you do not have a Microsoft Azure profile stored on your computer, specify the
 following Azure parameter values for your subscription and service principal:
@@ -252,7 +257,7 @@ parameter for the service principal.
 .. Select the region to deploy the cluster to.
 .. Select the base domain to deploy the cluster to. The base domain corresponds
 to the Azure DNS Zone that you created for your cluster.
-endif::azure[]
+endif::azure,ash[]
 ifdef::gcp[]
 .. Select *gcp* as the platform to target.
 .. If you have not configured the service account key for your GCP account on
@@ -503,6 +508,10 @@ ifeval::["{context}" == "installing-azure-vnet"]
 :!custom-config:
 :!azure:
 endif::[]
+ifeval::["{context}" == "installing-azure-stack-hub-default"]
+:!custom-config:
+:!ash:
+endif::[]
 ifeval::["{context}" == "installing-openstack-installer-custom"]
 :!osp:
 :!custom-config:
--- a/modules/installation-obtaining-installer.adoc
+++ b/modules/installation-obtaining-installer.adoc
@@ -14,6 +14,7 @@
 // * installing/installing_azure/installing-azure-private.adoc
 // * installing/installing_azure/installing-azure-vnet.adoc
 // * installing/installing_azure/installing-azure-user-infra.adoc
+// * installing/installing_azure_stack_hub/installing-azure-stack-hub-default.adoc
 // * installing/installing_azure_stack_hub/installing-azure-stack-hub-user-infra.adoc
 // * installing/installing_bare_metal/installing-bare-metal.adoc
 // * installing/installing_gcp/installing-gcp-customizations.adoc
@@ -47,6 +48,9 @@ endif::[]
 ifeval::["{context}" == "installing-ibm-z-kvm"]
 :ibm-z-kvm:
 endif::[]
+ifeval::["{context}" == "installing-azure-stack-hub-default"]
+:ash:
+endif::[]
 ifeval::["{context}" == "installing-azure-stack-hub-user-infra"]
 :ash:
 endif::[]
@@ -72,12 +76,13 @@ ifndef::ibm-z,ibm-z-kvm[* You have a computer that runs Linux or macOS, with 500
 .Procedure

 ifndef::openshift-origin[]
-. Access the link:https://console.redhat.com/openshift/install[Infrastructure Provider]
-page on the {console-redhat-com} site. If you have a Red Hat account, log in with your credentials. If you do not, create an account.
+. Access the link:https://console.redhat.com/openshift/install[Infrastructure Provider] page on the {console-redhat-com} site. If you have a Red Hat account, log in with your credentials. If you do not, create an account.
+ifndef::ash[]
 . Select your infrastructure provider.
+endif::ash[]
 ifdef::ash[]
-Select *Azure* as the cloud provider if you are installing your cluster on Azure Stack Hub.
-endif::[]
+. Select *Azure* as the cloud provider.
+endif::ash[]
 . Navigate to the page for your installation type, download the installation program that corresponds with your host operating system and architecture, and place the file in the directory where you will store the installation configuration files.
 endif::[]
 ifdef::openshift-origin[]
@@ -127,6 +132,9 @@ endif::[]
 ifeval::["{context}" == "installing-ibm-z-kvm"]
 :!ibm-z-kvm:
 endif::[]
+ifeval::["{context}" == "installing-azure-stack-hub-default"]
+:!ash:
+endif::[]
 ifeval::["{context}" == "installing-azure-stack-hub-user-infra"]
 :!ash:
 endif::[]
--- a/modules/installation-uninstall-clouds.adoc
+++ b/modules/installation-uninstall-clouds.adoc
@@ -2,6 +2,7 @@
 //
 // * installing/installing_aws/uninstalling-cluster-aws.adoc
 // * installing/installing_azure/uninstalling-cluster-azure.adoc
+// * installing/installing_azure/uninstalling-cluster-azure-stack-hub.adoc
 // * installing/installing_gcp/uninstalling-cluster-gcp.adoc
 // * installing/installing_osp/uninstalling-cluster-openstack.adoc
 // * installing/installing_rhv/uninstalling-cluster-rhv.adoc
@@ -19,8 +20,7 @@ endif::[]
 [id="installation-uninstall-clouds_{context}"]
 = Removing a cluster that uses installer-provisioned infrastructure

-You can remove a cluster that uses installer-provisioned infrastructure from
-your cloud.
+You can remove a cluster that uses installer-provisioned infrastructure from your cloud.

 ifdef::aws[]
 [NOTE]
--- a/modules/installation-user-infra-generate-k8s-manifest-ignition.adoc
+++ b/modules/installation-user-infra-generate-k8s-manifest-ignition.adoc
@@ -396,6 +396,27 @@ spec:
    - role: Contributor
 ----

+.. Remove the YAML file for any `CredentialRequest` object that is in Technology Preview or they cause the installation to fail. As of {product-version}, the only credential request in Technology Preview is for the `capi-operator`. To remove this request:
+To remove this request:
+... To list the credential request, run the following command:
+
+[source,terminal]
+----
+$ grep "release.openshift.io/feature-gate" *
+----
+
+.Example output
+[source,terminal]
+----
+0000_30_capi-operator_00_credentials-request.yaml:  release.openshift.io/feature-gate: TechPreviewNoUpgrade
+----
+... To remove the credential request, run the following command:
+
+[source,terminal]
+----
+$ rm 0000_30_capi-operator_00_credentials-request.yaml
+----
+
 .. Create YAML files for secrets in the `openshift-install` manifests directory that you generated previously. The secrets must be stored using the namespace and secret name defined in the `spec.secretRef` for each `CredentialsRequest` object. The format for the secret data varies for each cloud provider.

 .. Create a `cco-configmap.yaml` file in the manifests directory with the Cloud Config Operator (CCO) disabled:
--- a/modules/logging-in-by-using-the-web-console.adoc
+++ b/modules/logging-in-by-using-the-web-console.adoc
@@ -4,6 +4,7 @@
 // * installing/installing_aws/installing-aws-secret-region.adoc
 // *installing/validating-an-installation.adoc
 // *installing/installing_aws/installing-aws-user-infra.adoc
+// *installing/installing_azure_stack_hub/installing-azure-stack-hub-default.adoc
 // *installing/installing_aws/installing-restricted-networks-aws.adoc

 :_content-type: PROCEDURE
--- a/modules/manually-create-identity-access-management.adoc
+++ b/modules/manually-create-identity-access-management.adoc
@@ -3,28 +3,57 @@
 // * installing/installing_aws/manually-creating-iam.adoc
 // * installing/installing_azure/manually-creating-iam-azure.adoc
 // * installing/installing_gcp/manually-creating-iam-gcp.adoc
+// *installing/installing_azure_stack_hub/installing-azure-stack-hub-default.adoc

 ifeval::["{context}" == "manually-creating-iam-aws"]
 :aws:
+:cco-multi-mode:
 endif::[]
 ifeval::["{context}" == "manually-creating-iam-azure"]
 :azure:
+:cco-multi-mode:
 endif::[]
 ifeval::["{context}" == "manually-creating-iam-gcp"]
 :google-cloud-platform:
+:cco-multi-mode:
 endif::[]
+ifeval::["{context}" == "installing-azure-stack-hub-default"]
+:ash:
+:cco-manual-mode:
+endif::[]
+

 :_content-type: PROCEDURE
 [id="manually-create-iam_{context}"]
+//For providers that support multiple modes of operation
+ifdef::cco-multi-mode[]
 = Manually create IAM
+endif::cco-multi-mode[]

+//For providers who only support manual mode
+ifdef::cco-manual-mode[]
+= Manually manage cloud credentials
+endif::cco-manual-mode[]
+
+//For providers that support multiple modes of operation
+ifdef::cco-multi-mode[]
 The Cloud Credential Operator (CCO) can be put into manual mode prior to
 installation in environments where the cloud identity and access management
 (IAM) APIs are not reachable, or the administrator prefers not to store an
 administrator-level credential secret in the cluster `kube-system` namespace.
+endif::cco-multi-mode[]
+
+//For providers who only support manual mode
+ifdef::cco-manual-mode[]
+
+The Cloud Credential Operator (CCO) only supports your cloud provider in manual mode. As a result, you must specify the identity and access management (IAM) secrets for your cloud provider.
+
+For more information about CCO credential modes, see xref:../../authentication/managing_cloud_provider_credentials/about-cloud-credential-operator.adoc[About the Cloud Credential Operator].
+endif::cco-manual-mode[]

 .Procedure

+ifdef::cco-multi-mode[]
 . Change to the directory that contains the installation program and create the `install-config.yaml` file:
 +
 [source,terminal]
@@ -48,6 +77,7 @@ compute:
 ...
 ----
 <1> This line is added to set the `credentialsMode` parameter to `Manual`.
+endif::cco-multi-mode[]

 . To generate the manifests, run the following command from the directory that contains the installation program:
 +
@@ -55,6 +85,8 @@ compute:
 ----
 $ openshift-install create manifests --dir <installation_directory>
 ----
+
+where `<installation_directory>` is the directory in which the installation program creates files.

 . From the directory that contains the installation program, obtain details of the {product-title} release image that your `openshift-install` binary is built to use:
 +
@@ -77,11 +109,11 @@ ifdef::aws[]
 $ oc adm release extract quay.io/openshift-release-dev/ocp-release:4.y.z-x86_64 --credentials-requests --cloud=aws
 ----
 endif::aws[]
-ifdef::azure[]
+ifdef::azure,ash[]
 ----
 $ oc adm release extract quay.io/openshift-release-dev/ocp-release:4.y.z-x86_64 --credentials-requests --cloud=azure
 ----
-endif::azure[]
+endif::azure,ash[]
 ifdef::google-cloud-platform[]
 ----
 $ oc adm release extract quay.io/openshift-release-dev/ocp-release:4.y.z-x86_64 --credentials-requests --cloud=gcp
@@ -115,7 +147,7 @@ spec:
      resource: "*"
 ----
 endif::aws[]
-ifdef::azure[]
+ifdef::azure,ash[]
 .Sample `CredentialsRequest` object
 [source,yaml]
 ----
@@ -136,7 +168,7 @@ spec:
    roleBindings:
    - role: Contributor
 ----
-endif::azure[]
+endif::azure,ash[]
 ifdef::google-cloud-platform[]
 .Sample `CredentialsRequest` object
 [source,yaml]
@@ -162,26 +194,58 @@ spec:
 ----
 endif::google-cloud-platform[]

+ifdef::cco-manual-mode[]
+
+. Remove the YAML file for any `CredentialRequest` object that is in Technology Preview or they cause the installation to fail. As of {product-version}, the only credential request in Technology Preview is for the `capi-operator`. To remove this request:
+.. To list the credential request, run the following command:
+
+[source,terminal]
+----
+$ grep "release.openshift.io/feature-gate" *
+----
+
+.Example output
+[source,terminal]
+----
+0000_30_capi-operator_00_credentials-request.yaml:  release.openshift.io/feature-gate: TechPreviewNoUpgrade
+----
+.. To remove the credential request, run the following command:
+
+[source,terminal]
+----
+$ rm 0000_30_capi-operator_00_credentials-request.yaml
+----
+endif::cco-manual-mode[]
+
 . Create YAML files for secrets in the `openshift-install` manifests directory that you generated previously. The secrets must be stored using the namespace and secret name defined in the `spec.secretRef` for each `CredentialsRequest` object. The format for the secret data varies for each cloud provider.

+ifdef::cco-multi-mode[]
 . From the directory that contains the installation program, proceed with your cluster creation:
 +
 [source,terminal]
 ----
 $ openshift-install create cluster --dir <installation_directory>
 ----
+endif::cco-multi-mode[]
 +
 [IMPORTANT]
 ====
-Before upgrading a cluster that uses manually maintained credentials, you must ensure that the CCO is in an upgradeable state. For details, see the "Upgrading clusters with manually maintained credentials" section of the update procedure you are using.
+Before upgrading a cluster that uses manually maintained credentials, you must ensure that the CCO is in an upgradeable state.
 ====

 ifeval::["{context}" == "manually-creating-iam-aws"]
 :!aws:
+:!cco-multi-mode:
 endif::[]
 ifeval::["{context}" == "manually-creating-iam-azure"]
 :!azure:
+:!cco-multi-mode:
 endif::[]
 ifeval::["{context}" == "manually-creating-iam-gcp"]
 :!google-cloud-platform:
+:!cco-multi-mode:
+endif::[]
+ifeval::["{context}" == "installing-azure-stack-hub-default"]
+:!ash:
+:!cco-manual-mode:
 endif::[]
--- a/modules/ssh-agent-using.adoc
+++ b/modules/ssh-agent-using.adoc
@@ -16,6 +16,7 @@
 // * installing/installing_azure/installing-azure-private.adoc
 // * installing/installing_azure/installing-azure-vnet.adoc
 // * installing/installing_azure/installing-azure-user-infra.adoc
+// * installing/installing_azure_stack_hub/installing-azure-stack-hub-default.adoc
 // * installing/installing_azure_stack_hub/installing-azure-stack-hub-user-infra.adoc
 // * installing/installing_bare_metal/installing-bare-metal.adoc
 // * installing/installing_gcp/installing-gcp-customizations.adoc
--- a/modules/supported-platforms-for-openshift-clusters.adoc
+++ b/modules/supported-platforms-for-openshift-clusters.adoc
@@ -11,6 +11,7 @@ In {product-title} {product-version}, you can install a cluster that uses instal
 * Amazon Web Services (AWS)
 * Google Cloud Platform (GCP)
 * Microsoft Azure
+* Microsoft Azure Stack Hub
 * {rh-openstack-first} version 13 and 16
 ** The latest {product-title} release supports both the latest {rh-openstack} long-life release and intermediate release. For complete {rh-openstack} release compatibility, see the link:https://access.redhat.com/articles/4679401[{product-title} on {rh-openstack} support matrix].
 * {rh-virtualization-first}