From 65a7db4723dd9fecb54ee2bcb1af4d72729760ba Mon Sep 17 00:00:00 2001 From: Laura Bailey Date: Wed, 22 May 2024 21:40:06 +1000 Subject: [PATCH] OSDOCS-10637 Adding warnings re. using shared VPCs for HCP clusters --- rosa_hcp/rosa-hcp-creating-cluster-with-aws-kms-key.adoc | 2 ++ rosa_hcp/rosa-hcp-sts-creating-a-cluster-ext-auth.adoc | 2 ++ rosa_hcp/rosa-hcp-sts-creating-a-cluster-quickly.adoc | 2 ++ .../rosa-shared-vpc-config.adoc | 7 ++++++- snippets/imp-rosa-hcp-no-shared-vpc-support.adoc | 4 ++++ 5 files changed, 16 insertions(+), 1 deletion(-) create mode 100644 snippets/imp-rosa-hcp-no-shared-vpc-support.adoc diff --git a/rosa_hcp/rosa-hcp-creating-cluster-with-aws-kms-key.adoc b/rosa_hcp/rosa-hcp-creating-cluster-with-aws-kms-key.adoc index 92a65dee26..c29507a60e 100644 --- a/rosa_hcp/rosa-hcp-creating-cluster-with-aws-kms-key.adoc +++ b/rosa_hcp/rosa-hcp-creating-cluster-with-aws-kms-key.adoc @@ -34,6 +34,8 @@ You must have a Virtual Private Cloud (VPC) to create {hcp-title} cluster. You c The Terraform instructions are for testing and demonstration purposes. Your own installation requires some modifications to the VPC for your own use. You should also ensure that when you use this Terraform script it is in the same region that you intend to install your cluster. In these examples, use `us-east-2`. ==== +include::snippets/imp-rosa-hcp-no-shared-vpc-support.adoc[leveloffset=+0] + [discrete] include::modules/rosa-hcp-vpc-terraform.adoc[leveloffset=+3] diff --git a/rosa_hcp/rosa-hcp-sts-creating-a-cluster-ext-auth.adoc b/rosa_hcp/rosa-hcp-sts-creating-a-cluster-ext-auth.adoc index 9fe2fb29df..a23a63a1af 100644 --- a/rosa_hcp/rosa-hcp-sts-creating-a-cluster-ext-auth.adoc +++ b/rosa_hcp/rosa-hcp-sts-creating-a-cluster-ext-auth.adoc @@ -13,6 +13,8 @@ You can create {hcp-title-first} clusters that use external authentication to is Since it is not possible to upgrade or convert existing ROSA clusters to a {hcp} architecture, you must create a new cluster to use {hcp-title} functionality. You also cannot convert a cluster that was created to use external authentication providers to use the internal OAuth2 server. You must also create a new cluster. ==== +include::snippets/imp-rosa-hcp-no-shared-vpc-support.adoc[leveloffset=+0] + [NOTE] ==== {hcp-title} clusters only support {sts-first} authentication. diff --git a/rosa_hcp/rosa-hcp-sts-creating-a-cluster-quickly.adoc b/rosa_hcp/rosa-hcp-sts-creating-a-cluster-quickly.adoc index 5a5af4ce79..9161afcc41 100644 --- a/rosa_hcp/rosa-hcp-sts-creating-a-cluster-quickly.adoc +++ b/rosa_hcp/rosa-hcp-sts-creating-a-cluster-quickly.adoc @@ -20,6 +20,8 @@ Create a {hcp-title} cluster quickly by using the default options and automatic Since it is not possible to upgrade or convert existing ROSA clusters to a {hcp} architecture, you must create a new cluster to use {hcp-title} functionality. ==== +include::snippets/imp-rosa-hcp-no-shared-vpc-support.adoc[leveloffset=+0] + [NOTE] ==== {hcp-title} clusters only support AWS Security Token Service (STS) authentication. diff --git a/rosa_install_access_delete_clusters/rosa-shared-vpc-config.adoc b/rosa_install_access_delete_clusters/rosa-shared-vpc-config.adoc index d11c910fe9..a101f0560f 100644 --- a/rosa_install_access_delete_clusters/rosa-shared-vpc-config.adoc +++ b/rosa_install_access_delete_clusters/rosa-shared-vpc-config.adoc @@ -11,6 +11,11 @@ ifdef::openshift-rosa[] endif::openshift-rosa[] clusters in shared, centrally-managed AWS virtual private clouds (VPCs). +[IMPORTANT] +==== +link:https://docs.aws.amazon.com/vpc/latest/userguide/vpc-sharing.html[Sharing VPCs across multiple AWS accounts] is currently only supported for ROSA Classic clusters using STS for authentication. +==== + [NOTE] ==== This process requires *two separate* AWS accounts that belong to the same AWS organization. One account functions as the VPC-owning AWS account (*VPC Owner*), while the other account creates the cluster in the cluster-creating AWS account (*Cluster Creator*). @@ -45,4 +50,4 @@ include::modules/rosa-sharing-vpc-creation-and-sharing.adoc[leveloffset=+1] include::modules/rosa-sharing-vpc-dns-and-roles.adoc[leveloffset=+1] include::modules/rosa-sharing-vpc-hosted-zones.adoc[leveloffset=+1] -include::modules/rosa-sharing-vpc-cluster-creation.adoc[leveloffset=+1] \ No newline at end of file +include::modules/rosa-sharing-vpc-cluster-creation.adoc[leveloffset=+1] diff --git a/snippets/imp-rosa-hcp-no-shared-vpc-support.adoc b/snippets/imp-rosa-hcp-no-shared-vpc-support.adoc new file mode 100644 index 0000000000..1a7d6c6e18 --- /dev/null +++ b/snippets/imp-rosa-hcp-no-shared-vpc-support.adoc @@ -0,0 +1,4 @@ +[IMPORTANT] +==== +link:https://docs.aws.amazon.com/vpc/latest/userguide/vpc-sharing.html[Sharing VPCs across multiple AWS accounts] is not currently supported for {hcp-title}. Do not install a {hcp-title} cluster into subnets shared from another AWS account. See link:https://access.redhat.com/solutions/6980058["Are multiple ROSA clusters in a single VPC supported?"] for more information. +====