mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-05 12:46:18 +01:00
OSDOCS-9286 AWS: Support for AWS Outposts (GA)
This commit is contained in:
Ben Scott
committed by
openshift-cherrypick-robot
openshift-cherrypick-robot
parent
1b7cee6cc4
commit
568483b0c1
@@ -40,5 +40,4 @@ include::modules/installation-aws-regions.adoc[leveloffset=+1]
|
||||
** xref:../../installing/installing_aws/installing-aws-default.adoc#installing-aws-default[Quickly install a cluster] with default options on installer-provisioned infrastructure
|
||||
** xref:../../installing/installing_aws/installing-aws-customizations.adoc#installing-aws-customizations[Install a cluster with cloud customizations on installer-provisioned infrastructure]
|
||||
** xref:../../installing/installing_aws/installing-aws-network-customizations.adoc#installing-aws-network-customizations[Install a cluster with network customizations on installer-provisioned infrastructure]
|
||||
** xref:../../installing/installing_aws/installing-aws-user-infra.adoc#installing-aws-user-infra[Installing a cluster on user-provisioned infrastructure in AWS by using CloudFormation templates]
|
||||
** xref:../../installing/installing_aws/installing-aws-outposts-remote-workers.adoc#installing-aws-outposts-remote-workers[Installing a cluster on AWS with remote workers on AWS Outposts]
|
||||
** xref:../../installing/installing_aws/installing-aws-user-infra.adoc#installing-aws-user-infra[Installing a cluster on user-provisioned infrastructure in AWS by using CloudFormation templates]
|
||||
@@ -1,151 +0,0 @@
|
||||
:_mod-docs-content-type: ASSEMBLY
|
||||
[id="installing-aws-outposts-remote-workers"]
|
||||
= Installing a cluster on AWS with remote workers on AWS Outposts
|
||||
include::_attributes/common-attributes.adoc[]
|
||||
:context: installing-aws-outposts-remote-workers
|
||||
|
||||
toc::[]
|
||||
|
||||
In {product-title} version {product-version}, you can install a cluster on
|
||||
Amazon Web Services (AWS) with remote workers running in AWS Outposts.
|
||||
This can be achieved by customizing the default AWS installation and performing some manual steps.
|
||||
|
||||
For more info about AWS Outposts see link:https://docs.aws.amazon.com/outposts/index.html[AWS Outposts Documentation].
|
||||
|
||||
[IMPORTANT]
|
||||
====
|
||||
In order to install a cluster with remote workers in AWS Outposts, all worker instances must be located within the same Outpost instance and cannot be located in an AWS region. It is not possible for the cluster to have instances in both AWS Outposts and AWS region. In addition, it also follows that control plane nodes mustn't be schedulable.
|
||||
====
|
||||
|
||||
== Prerequisites
|
||||
|
||||
* You reviewed details about the xref:../../architecture/architecture-installation.adoc#architecture-installation[{product-title} installation and update] processes.
|
||||
* You read the documentation on xref:../../installing/installing-preparing.adoc#installing-preparing[selecting a cluster installation method and preparing it for users].
|
||||
* You xref:../../installing/installing_aws/installing-aws-account.adoc#installing-aws-account[configured an AWS account] to host the cluster.
|
||||
* You are familiar with the instance types are supported in the AWS Outpost instance you use. This can be validated with link:https://docs.aws.amazon.com/cli/latest/reference/outposts/get-outpost-instance-types.html[get-outpost-instance-types AWS CLI command]
|
||||
* You are familiar with the AWS Outpost instance details, such as OutpostArn and AvailabilityZone. This can be validated with link:https://docs.aws.amazon.com/cli/latest/reference/outposts/list-outposts.html[list-outposts AWS CLI command]
|
||||
+
|
||||
[IMPORTANT]
|
||||
====
|
||||
Since the cluster uses the provided AWS credentials to create AWS resources for its entire life cycle, the credentials must be key-based and long-term. So, If you have an AWS profile stored on your computer, it must not use a temporary session token, generated while using a multi-factor authentication device. For more information about generating the appropriate keys, see link:https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html[Managing Access Keys for IAM Users] in the AWS documentation. You may supply the keys when you run the installation program.
|
||||
====
|
||||
* You have access to an existing Amazon Virtual Private Cloud (VPC) in Amazon Web Services (AWS). See the section "About using a custom VPC" for more information.
|
||||
* If a firewall is used, it was xref:../../installing/install_config/configuring-firewall.adoc#configuring-firewall[configured to allow the sites] that your cluster requires access to.
|
||||
|
||||
include::modules/installation-custom-aws-vpc.adoc[leveloffset=+1]
|
||||
include::modules/installation-aws-security-groups.adoc[leveloffset=+2]
|
||||
|
||||
include::modules/cluster-entitlements.adoc[leveloffset=+1]
|
||||
|
||||
include::modules/ssh-agent-using.adoc[leveloffset=+1]
|
||||
|
||||
include::modules/installation-obtaining-installer.adoc[leveloffset=+1]
|
||||
|
||||
include::modules/installation-minimum-resource-requirements.adoc[leveloffset=+1]
|
||||
|
||||
[role="_additional-resources"]
|
||||
.Additional resources
|
||||
|
||||
* xref:../../scalability_and_performance/optimization/optimizing-storage.adoc#optimizing-storage[Optimizing storage]
|
||||
|
||||
include::modules/installation-identify-supported-aws-outposts-instance-types.adoc[leveloffset=+1]
|
||||
|
||||
include::modules/installation-initializing.adoc[leveloffset=+1]
|
||||
|
||||
[role="_additional-resources"]
|
||||
.Additional resources
|
||||
* xref:../../installing/installing_aws/installation-config-parameters-aws.adoc#installation-config-parameters-aws[Installation configuration parameters for AWS]
|
||||
|
||||
include::modules/installation-aws-config-yaml.adoc[leveloffset=+2]
|
||||
include::modules/installation-applying-aws-security-groups.adoc[leveloffset=+2]
|
||||
|
||||
include::modules/installation-aws-editing-manifests.adoc[leveloffset=+1]
|
||||
|
||||
//Installing the OpenShift CLI by downloading the binary: Moved up to precede `ccoctl` steps, which require the use of `oc`
|
||||
include::modules/cli-installing-cli.adoc[leveloffset=+1]
|
||||
|
||||
[id="installing-aws-manual-modes_{context}"]
|
||||
== Alternatives to storing administrator-level secrets in the kube-system project
|
||||
|
||||
By default, administrator secrets are stored in the `kube-system` project. If you configured the `credentialsMode` parameter in the `install-config.yaml` file to `Manual`, you must use one of the following alternatives:
|
||||
|
||||
* To manage long-term cloud credentials manually, follow the procedure in xref:../../installing/installing_aws/installing-aws-outposts-remote-workers.adoc#manually-create-iam_installing-aws-outposts-remote-workers[Manually creating long-term credentials].
|
||||
|
||||
* To implement short-term credentials that are managed outside the cluster for individual components, follow the procedures in xref:../../installing/installing_aws/installing-aws-outposts-remote-workers.adoc#installing-aws-with-short-term-creds_installing-aws-outposts-remote-workers[Configuring an AWS cluster to use short-term credentials].
|
||||
|
||||
//Manually creating long-term credentials
|
||||
include::modules/manually-create-identity-access-management.adoc[leveloffset=+2]
|
||||
|
||||
//Supertask: Configuring an AWS cluster to use short-term credentials
|
||||
[id="installing-aws-with-short-term-creds_{context}"]
|
||||
=== Configuring an AWS cluster to use short-term credentials
|
||||
|
||||
To install a cluster that is configured to use the AWS Security Token Service (STS), you must configure the CCO utility and create the required AWS resources for your cluster.
|
||||
|
||||
//Task part 1: Configuring the Cloud Credential Operator utility
|
||||
include::modules/cco-ccoctl-configuring.adoc[leveloffset=+3]
|
||||
|
||||
//Task part 2: Creating the required AWS resources
|
||||
[id="sts-mode-create-aws-resources-ccoctl_{context}"]
|
||||
==== Creating AWS resources with the Cloud Credential Operator utility
|
||||
|
||||
You have the following options when creating AWS resources:
|
||||
|
||||
* You can use the `ccoctl aws create-all` command to create the AWS resources automatically. This is the quickest way to create the resources. See xref:../../installing/installing_aws/installing-aws-outposts-remote-workers.adoc#cco-ccoctl-creating-at-once_installing-aws-outposts-remote-workers[Creating AWS resources with a single command].
|
||||
|
||||
* If you need to review the JSON files that the `ccoctl` tool creates before modifying AWS resources, or if the process the `ccoctl` tool uses to create AWS resources automatically does not meet the requirements of your organization, you can create the AWS resources individually. See xref:../../installing/installing_aws/installing-aws-outposts-remote-workers.adoc#cco-ccoctl-creating-individually_installing-aws-outposts-remote-workers[Creating AWS resources individually].
|
||||
|
||||
//Task part 2a: Creating the required AWS resources all at once
|
||||
include::modules/cco-ccoctl-creating-at-once.adoc[leveloffset=+4]
|
||||
|
||||
//Task part 2b: Creating the required AWS resources individually
|
||||
include::modules/cco-ccoctl-creating-individually.adoc[leveloffset=+4]
|
||||
|
||||
//Task part 3: Incorporating the Cloud Credential Operator utility manifests
|
||||
include::modules/cco-ccoctl-install-creating-manifests.adoc[leveloffset=+3]
|
||||
|
||||
include::modules/installation-launching-installer.adoc[leveloffset=+1]
|
||||
|
||||
include::modules/cli-logging-in-kubeadmin.adoc[leveloffset=+1]
|
||||
|
||||
include::modules/logging-in-by-using-the-web-console.adoc[leveloffset=+1]
|
||||
|
||||
include::modules/cluster-telemetry.adoc[leveloffset=+1]
|
||||
|
||||
[role="_additional-resources"]
|
||||
.Additional resources
|
||||
|
||||
* See xref:../../web_console/web-console.adoc#web-console[Accessing the web console] for more details about accessing and understanding the {product-title} web console.
|
||||
* See xref:../../support/remote_health_monitoring/about-remote-health-monitoring.adoc#about-remote-health-monitoring[About remote health monitoring] for more information about the Telemetry service.
|
||||
|
||||
== Cluster Limitations
|
||||
|
||||
[IMPORTANT]
|
||||
====
|
||||
Network Load Balancer (NLB) and Classic Load Balancer are not supported on AWS Outposts. After the cluster is created, all the Load Balancers are created in the AWS region. In order to use Load Balancers created inside the Outpost instances, Application Load Balancer should be used. The AWS Load Balancer Operator can be used in order to achieve that goal.
|
||||
|
||||
If you want to use a public subnet located in the outpost instance for the ALB, you need to remove the special tag (`kubernetes.io/cluster/.*-outposts: owned`) that was added earlier during the VPC creation. This will prevent you from creating new Services of type LoadBalancer (Network Load Balancer).
|
||||
|
||||
See xref:../../networking/aws_load_balancer_operator/understanding-aws-load-balancer-operator.adoc[Understanding the AWS Load Balancer Operator] for more information
|
||||
====
|
||||
|
||||
[IMPORTANT]
|
||||
====
|
||||
Persistent storage using AWS Elastic Block Store limitations
|
||||
|
||||
* AWS Outposts does not support Amazon Elastic Block Store (EBS) gp3 volumes. After installation, the cluster includes two storage classes - gp3-csi and gp2-csi, with gp3-csi being the default storage class. It is important to always use gp2-csi. You can change the default storage class using the following OpenShift CLI (oc) commands:
|
||||
+
|
||||
[source,terminal]
|
||||
----
|
||||
$ oc annotate --overwrite storageclass gp3-csi storageclass.kubernetes.io/is-default-class=false
|
||||
$ oc annotate --overwrite storageclass gp2-csi storageclass.kubernetes.io/is-default-class=true
|
||||
----
|
||||
* To create a Volume in the Outpost instance, the CSI driver determines the Outpost ARN based on the topology keys stored on the CSINode objects. To ensure that the CSI driver uses the correct topology values, it is necessary to use the `WaitForConsumer` volume binding mode and avoid setting allowed topologies on any new storage class created.
|
||||
====
|
||||
|
||||
== Next steps
|
||||
|
||||
* xref:../../installing/validating-an-installation.adoc#validating-an-installation[Validating an installation].
|
||||
* xref:../../post_installation_configuration/cluster-tasks.adoc#available_cluster_customizations[Customize your cluster].
|
||||
* If necessary, you can xref:../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#opting-out-remote-health-reporting_opting-out-remote-health-reporting[opt out of remote health reporting].
|
||||
* If necessary, you can xref:../../post_installation_configuration/cluster-tasks.adoc#manually-removing-cloud-creds_post-install-cluster-tasks[remove cloud provider credentials].
|
||||
11
installing/installing_aws/installing-aws-outposts.adoc
Normal file
11
installing/installing_aws/installing-aws-outposts.adoc
Normal file
@@ -0,0 +1,11 @@
|
||||
:_mod-docs-content-type: ASSEMBLY
|
||||
[id="installing-aws-outposts"]
|
||||
= Installing a cluster on AWS with compute nodes on AWS Outposts
|
||||
include::_attributes/common-attributes.adoc[]
|
||||
:context: installing-aws-outposts
|
||||
|
||||
toc::[]
|
||||
|
||||
In {product-title} version 4.14, you could install a cluster on Amazon Web Services (AWS) with compute nodes running in AWS Outposts as a Technology Preview. As of {product-title} version 4.15, this installation method is no longer supported.
|
||||
|
||||
Instead, you can xref:../../installing/installing_aws/installing-aws-vpc.adoc#installing-aws-vpc[install a cluster on AWS into an existing VPC] and provision compute nodes on AWS Outposts as a postinstallation configuration task.
|
||||
Reference in New Issue
Block a user