From 8f552054d9b6132b53295baffe4630c9d6c5d477 Mon Sep 17 00:00:00 2001 From: dfitzmau Date: Fri, 2 Aug 2024 11:32:52 +0100 Subject: [PATCH] OCPBUGS-37863: Documented a private infra notice for ARO --- .../installing-private-image-registry-private-azure.adoc | 6 ++++++ ...registry-configuring-private-storage-endpoint-azure.adoc | 5 +++++ 2 files changed, 11 insertions(+) diff --git a/modules/installing-private-image-registry-private-azure.adoc b/modules/installing-private-image-registry-private-azure.adoc index ae864b95ff..7c6310e865 100644 --- a/modules/installing-private-image-registry-private-azure.adoc +++ b/modules/installing-private-image-registry-private-azure.adoc @@ -7,6 +7,12 @@ = Optional: Preparing a private Microsoft Azure cluster for a private image registry By installing a private image registry on a private Microsoft Azure cluster, you can create private storage endpoints. Private storage endpoints disable public facing endpoints to the registry's storage account, adding an extra layer of security to your {product-title} deployment. + +[IMPORTANT] +==== +Do not install a private image registry on {azure-first} Red{nbsp}Hat OpenShift (ARO), because the endpoint can put your {azure-first} Red{nbsp}Hat OpenShift cluster in an unrecoverable state. +==== + Use the following guide to prepare your private Microsoft Azure cluster for installation with a private image registry. .Prerequisites diff --git a/modules/registry-configuring-private-storage-endpoint-azure.adoc b/modules/registry-configuring-private-storage-endpoint-azure.adoc index b37390110c..9caa1f93d3 100644 --- a/modules/registry-configuring-private-storage-endpoint-azure.adoc +++ b/modules/registry-configuring-private-storage-endpoint-azure.adoc @@ -8,6 +8,11 @@ You can leverage the Image Registry Operator to use private endpoints on Azure, which enables seamless configuration of private storage accounts when {product-title} is deployed on private Azure clusters. This allows you to deploy the image registry without exposing public-facing storage endpoints. +[IMPORTANT] +==== +Do not configure a private storage endpoint on {azure-first} Red{nbsp}Hat OpenShift (ARO), because the endpoint can put your {azure-first} Red{nbsp}Hat OpenShift cluster in an unrecoverable state. +==== + You can configure the Image Registry Operator to use private storage endpoints on Azure in one of two ways: * By configuring the Image Registry Operator to discover the VNet and subnet names