From 9a98e8545fa4d2a798de0ae122712d40de687a29 Mon Sep 17 00:00:00 2001 From: Frances_McDonald Date: Tue, 2 Sep 2025 15:33:11 +0100 Subject: [PATCH] adding in a note for VPC in prep your environ and installing clusters for all repos adding in a note for VPC in prep your environ and installing clusters adding in a note for VPC in prep your environ and installing cluster for ods gcp line160 adding in a note for VPC in prep your environ and installing cluster for osd gcp line128 adding in a note for VPC in prep your environ and installing cluster for osd gcp adding in a note for VPC in prep your environ and installing cluster for osd adding in a note for VPC in prep your environ and installing cluster adding in a note for VPC in prep your environ and installing cluster adding in a note for VPC for OSD adding in a note for VPC adding in a note adding in a notes adding in a note fixing numbering after using snippet removed snippet from rhm module as out of use --- modules/ccs-aws-provisioned.adoc | 4 +++- modules/ccs-gcp-provisioned.adoc | 2 ++ modules/create-wif-cluster-ocm.adoc | 7 ++++-- modules/osd-create-cluster-ccs-aws.adoc | 5 ++++ modules/osd-create-cluster-ccs-gcp.adoc | 5 ++-- modules/osd-create-cluster-ccs.adoc | 7 ++++-- modules/osd-create-cluster-gcp-account.adoc | 1 + .../osd-create-cluster-rhm-gcp-account.adoc | 1 + rosa_hcp/rosa-hcp-shared-vpc-config.adoc | 2 ++ .../rosa-shared-vpc-config.adoc | 2 ++ .../rosa-cloud-expert-prereq-checklist.adoc | 4 ++++ snippets/install-cluster-in-vpc.adoc | 23 +++++++++++++++++++ 12 files changed, 56 insertions(+), 7 deletions(-) create mode 100644 snippets/install-cluster-in-vpc.adoc diff --git a/modules/ccs-aws-provisioned.adoc b/modules/ccs-aws-provisioned.adoc index 56848a087f..373950a452 100644 --- a/modules/ccs-aws-provisioned.adoc +++ b/modules/ccs-aws-provisioned.adoc @@ -63,13 +63,15 @@ Two buckets are required with a typical size of 2 TB each. == VPC Customers should expect to see one VPC per cluster. Additionally, the VPC needs the following configurations: +include::snippets/install-cluster-in-vpc.adoc[] + * *Subnets*: Two subnets for a cluster with a single availability zone, or six subnets for a cluster with multiple availability zones. + [NOTE] ==== A *public subnet* connects directly to the internet through an internet gateway. A *private subnet* connects to the internet through a network address translation (NAT) gateway. ==== -+ ++ * *Route tables*: One route table per private subnet, and one additional table per cluster. * *Internet gateways*: One Internet Gateway per cluster. diff --git a/modules/ccs-gcp-provisioned.adoc b/modules/ccs-gcp-provisioned.adoc index a1adf6c2eb..f70014262f 100644 --- a/modules/ccs-gcp-provisioned.adoc +++ b/modules/ccs-gcp-provisioned.adoc @@ -36,6 +36,8 @@ GCP compute instances are required to deploy the control plane and data plane fu [id="gcp-policy-vpc_{context}"] == VPC +include::snippets/install-cluster-in-vpc.adoc[] + * **Subnets:** One master subnet for the control plane workloads and one worker subnet for all others. * **Router tables:** One global route table per VPC. * **Internet gateways:** One internet gateway per cluster. diff --git a/modules/create-wif-cluster-ocm.adoc b/modules/create-wif-cluster-ocm.adoc index a0276e0dd0..3a71906eba 100644 --- a/modules/create-wif-cluster-ocm.adoc +++ b/modules/create-wif-cluster-ocm.adoc @@ -145,6 +145,9 @@ For more information about custom application ingress settings, click on the inf . Optional: To install the cluster into a GCP Shared VPC, follow these steps. + +-- +include::snippets/install-cluster-in-vpc.adoc[] + [IMPORTANT] ==== The VPC owner of the host project must enable a project as a host project in their Google Cloud console and add the *Computer Network Administrator*, *Compute Security Administrator*, and *DNS Administrator* roles to the following service accounts prior to cluster installation: @@ -157,7 +160,7 @@ Failure to do so will cause the cluster go into the "Installation Waiting" state The VPC owner of the host project has 30 days to grant the listed permissions before the cluster creation fails. For more information, see link:https://cloud.google.com/vpc/docs/provisioning-shared-vpc#set-up-shared-vpc[Enable a host project] and link:https://cloud.google.com/vpc/docs/provisioning-shared-vpc#migs-service-accounts[Provision Shared VPC]. ==== -+ + .. Select *Install into GCP Shared VPC*. .. Specify the *Host project ID*. If the specified host project ID is incorrect, cluster creation fails. @@ -169,7 +172,7 @@ You must have created the Cloud network address translation (NAT) and a Cloud ro ==== If you are installing a cluster into a Shared VPC, the VPC name and subnets are shared from the host project. ==== -+ +-- . Click *Next*. . If you opted to configure a cluster-wide proxy, provide your proxy configuration details on the *Cluster-wide proxy* page: + diff --git a/modules/osd-create-cluster-ccs-aws.adoc b/modules/osd-create-cluster-ccs-aws.adoc index 404d52afc7..1bb0c4ff55 100644 --- a/modules/osd-create-cluster-ccs-aws.adoc +++ b/modules/osd-create-cluster-ccs-aws.adoc @@ -134,6 +134,10 @@ If you are using private API endpoints, you cannot access your cluster until you ==== + . Optional: To install the cluster in an existing AWS Virtual Private Cloud (VPC): ++ +-- +include::snippets/install-cluster-in-vpc.adoc[] + .. Select *Install into an existing VPC*. .. If you are installing into an existing VPC and opted to use private API endpoints, you can select *Use a PrivateLink*. This option enables connections to the cluster by Red Hat Site Reliability Engineering (SRE) using only AWS PrivateLink endpoints. + @@ -143,6 +147,7 @@ The *Use a PrivateLink* option cannot be changed after a cluster is created. ==== + .. If you are installing into an existing VPC and you want to enable an HTTP or HTTPS proxy for your cluster, select *Configure a cluster-wide proxy*. +-- . If you opted to install the cluster in an existing AWS VPC, provide your *Virtual Private Cloud (VPC) subnet settings* and select *Next*. You must have created the Cloud network address translation (NAT) and a Cloud router. See the "Additional resources" section for information about Cloud NATs and Google VPCs. + diff --git a/modules/osd-create-cluster-ccs-gcp.adoc b/modules/osd-create-cluster-ccs-gcp.adoc index dedd32bf66..b720b3ce2b 100644 --- a/modules/osd-create-cluster-ccs-gcp.adoc +++ b/modules/osd-create-cluster-ccs-gcp.adoc @@ -1,6 +1,7 @@ // Module included in the following assemblies: // // * osd_install_access_delete_cluster/creating-a-gcp-cluster.adoc +// * I do not believe this is in use, confirm with Mark Letalien. @@ -157,11 +158,12 @@ Private Service Connect is supported only with *Install into an existing VPC*. + .. If you are installing into an existing VPC and you want to enable an HTTP or HTTPS proxy for your cluster, select *Configure a cluster-wide proxy*. + + [IMPORTANT] ==== In order to configure a cluster-wide proxy for your cluster, you must first create the Cloud network address translation (NAT) and a Cloud router. See the _Additional resources_ section for more information. ==== -+ + . Accept the default application ingress settings, or to create your own custom settings, select *Custom Settings*. .. Optional: Provide route selector. @@ -171,7 +173,6 @@ In order to configure a cluster-wide proxy for your cluster, you must first crea + For more information about custom application ingress settings, click on the information icon provided for each setting. -+ . Click *Next*. . Optional: To install the cluster into a GCP Shared VPC: diff --git a/modules/osd-create-cluster-ccs.adoc b/modules/osd-create-cluster-ccs.adoc index e229ab8c41..3c3bc533ba 100644 --- a/modules/osd-create-cluster-ccs.adoc +++ b/modules/osd-create-cluster-ccs.adoc @@ -153,6 +153,10 @@ If you are using private API endpoints, you cannot access your cluster until you + . Optional: To install the cluster in an existing GCP Virtual Private Cloud (VPC): ++ +-- +include::snippets/install-cluster-in-vpc.adoc[] + .. Select *Install into an existing VPC*. + [IMPORTANT] @@ -166,7 +170,7 @@ Private Service Connect is supported only with *Install into an existing VPC*. ==== In order to configure a cluster-wide proxy for your cluster, you must first create the Cloud network address translation (NAT) and a Cloud router. See the _Additional resources_ section for more information. ==== -+ +-- . Accept the default application ingress settings, or to create your own custom settings, select *Custom Settings*. .. Optional: Provide route selector. @@ -265,7 +269,6 @@ By default, clusters are created with the delete protection feature disabled. If you delete a cluster that was installed into a GCP Shared VPC, inform the VPC owner of the host project to remove the IAM policy roles granted to the service account that was referenced during cluster creation. ==== - .Verification * You can monitor the progress of the installation in the *Overview* page for your cluster. You can view the installation logs on the same page. Your cluster is ready when the *Status* in the *Details* section of the page is listed as *Ready*. diff --git a/modules/osd-create-cluster-gcp-account.adoc b/modules/osd-create-cluster-gcp-account.adoc index 60d2489fea..3412cef785 100644 --- a/modules/osd-create-cluster-gcp-account.adoc +++ b/modules/osd-create-cluster-gcp-account.adoc @@ -124,6 +124,7 @@ Red Hat recommends using Private Service Connect when deploying a private {produ //Once PSC docs are live add link from note above. + . Optional: To install the cluster in an existing GCP Virtual Private Cloud (VPC): + .. Select *Install into an existing VPC*. + [IMPORTANT] diff --git a/modules/osd-create-cluster-rhm-gcp-account.adoc b/modules/osd-create-cluster-rhm-gcp-account.adoc index 36486f2f65..d620eb85b7 100644 --- a/modules/osd-create-cluster-rhm-gcp-account.adoc +++ b/modules/osd-create-cluster-rhm-gcp-account.adoc @@ -124,6 +124,7 @@ Red Hat recommends using Private Service Connect when deploying a private {produ //Once PSC docs are live add link from note above. + . Optional: To install the cluster in an existing GCP Virtual Private Cloud (VPC): + .. Select *Install into an existing VPC*. + [IMPORTANT] diff --git a/rosa_hcp/rosa-hcp-shared-vpc-config.adoc b/rosa_hcp/rosa-hcp-shared-vpc-config.adoc index 583cb4e2d7..b488590a76 100644 --- a/rosa_hcp/rosa-hcp-shared-vpc-config.adoc +++ b/rosa_hcp/rosa-hcp-shared-vpc-config.adoc @@ -8,6 +8,8 @@ toc::[] You can create {hcp-title-first} clusters in shared, centrally-managed AWS virtual private clouds (VPCs). +include::snippets/install-cluster-in-vpc.adoc[] + [NOTE] ==== * This process requires *two separate* AWS accounts that belong to the same AWS organization. One account functions as the VPC-owning AWS account (*VPC Owner*), while the other account creates the cluster in the cluster-creating AWS account (*Cluster Creator*). diff --git a/rosa_install_access_delete_clusters/rosa-shared-vpc-config.adoc b/rosa_install_access_delete_clusters/rosa-shared-vpc-config.adoc index 5131c7906b..ada57c0111 100644 --- a/rosa_install_access_delete_clusters/rosa-shared-vpc-config.adoc +++ b/rosa_install_access_delete_clusters/rosa-shared-vpc-config.adoc @@ -11,6 +11,8 @@ ifdef::openshift-rosa[] endif::openshift-rosa[] clusters in shared, centrally-managed AWS virtual private clouds (VPCs). +include::snippets/install-cluster-in-vpc.adoc[] + [NOTE] ==== This process requires *two separate* AWS accounts that belong to the same AWS organization. One account functions as the VPC-owning AWS account (*VPC Owner*), while the other account creates the cluster in the cluster-creating AWS account (*Cluster Creator*). diff --git a/rosa_planning/rosa-cloud-expert-prereq-checklist.adoc b/rosa_planning/rosa-cloud-expert-prereq-checklist.adoc index 07172eb632..83c3310738 100644 --- a/rosa_planning/rosa-cloud-expert-prereq-checklist.adoc +++ b/rosa_planning/rosa-cloud-expert-prereq-checklist.adoc @@ -180,6 +180,8 @@ ifdef::openshift-rosa[] If you choose to deploy a PrivateLink cluster, then be sure to deploy the cluster in the pre-existing BYO VPC: +include::snippets/install-cluster-in-vpc.adoc[] + * Create a public and private subnet for each AZ that your cluster uses. ** Alternatively, implement transit gateway for internet and egress with appropriate routes. * The VPC's CIDR block must contain the `Networking.MachineCIDR` range, which is the IP address for cluster machines. @@ -208,6 +210,8 @@ ifdef::openshift-rosa-hcp[] {product-title} clusters must be deployed into an existing AWS Virtual Private Cloud (VPC). +include::snippets/install-cluster-in-vpc.adoc[] + include::snippets/rosa-existing-vpc-requirements.adoc[leveloffset=+0] //TODO OSDOCS-11789: Does the following section need to be moved into this document only? diff --git a/snippets/install-cluster-in-vpc.adoc b/snippets/install-cluster-in-vpc.adoc new file mode 100644 index 0000000000..4822d3addb --- /dev/null +++ b/snippets/install-cluster-in-vpc.adoc @@ -0,0 +1,23 @@ +// Text snippet included in the following modules: +// * OSD files +// * modules/create-wif-cluster-ocm.adoc +// * modules/osd-create-cluster-ccs-gcp.adoc +// * modules/osd-create-cluster-ccs-aws.adoc +// * modules/ccs-gcp-provisioned.adoc +// * modules/ccs-aws-provisioned.adoc + +// * ROSA files +// * modules/rosa-shared-vpc-config.adoc - installing clusters +// * modules/rosa-cloud-expert-prereq-checklist.adoc - line 181 prep your enviro + + +// * HCP files +// * modules/rosa-hcp-shared-vpc-config.adoc +// * modules/rosa-cloud-expert-prereq-checklist.adoc - line 211 for HCP + + +:_mod-docs-content-type: SNIPPET +[NOTE] +==== +Installing a new {product-title} cluster into a VPC that was automatically created by the installer for a different cluster is not supported. +==== \ No newline at end of file