From af4b0c6c10eb3e577f378e931c583004b09f505c Mon Sep 17 00:00:00 2001 From: Cody Hoag Date: Tue, 10 Aug 2021 15:32:16 -0400 Subject: [PATCH] Installing ASH UPI --- _topic_map.yml | 12 ++ installing/installing-preparing.adoc | 7 +- installing/installing_azure_stack_hub/images | 1 + .../installing-azure-stack-hub-account.adoc | 27 ++++ ...installing-azure-stack-hub-user-infra.adoc | 111 +++++++++++++++ ...manually-creating-iam-azure-stack-hub.adoc | 30 ++++ installing/installing_azure_stack_hub/modules | 1 + ...eparing-to-install-on-azure-stack-hub.adoc | 38 +++++ modules/cli-installing-cli.adoc | 1 + modules/cli-logging-in-kubeadmin.adoc | 1 + modules/cluster-entitlements.adoc | 1 + modules/cluster-telemetry.adoc | 1 + modules/installation-approve-csrs.adoc | 1 + modules/installation-arm-bootstrap.adoc | 14 ++ modules/installation-arm-control-plane.adoc | 14 ++ modules/installation-arm-dns.adoc | 14 ++ modules/installation-arm-image-storage.adoc | 14 ++ modules/installation-arm-vnet.adoc | 14 ++ modules/installation-arm-worker.adoc | 14 ++ modules/installation-azure-config-yaml.adoc | 2 +- .../installation-azure-create-dns-zones.adoc | 16 +++ ...tion-azure-create-ingress-dns-records.adoc | 22 ++- ...re-create-resource-group-and-identity.adoc | 33 ++++- modules/installation-azure-limits.adoc | 130 +++++++++++++++--- modules/installation-azure-regions.adoc | 1 + .../installation-azure-service-principal.adoc | 62 +++++++++ ...tallation-azure-stack-hub-config-yaml.adoc | 83 +++++++++++ ...lation-azure-stack-hub-network-config.adoc | 9 ++ ...tallation-azure-stack-hub-permissions.adoc | 12 ++ ...tallation-azure-user-infra-completing.adoc | 21 ++- ...tion-azure-user-infra-deploying-rhcos.adoc | 23 +++- ...tion-azure-user-infra-uploading-rhcos.adoc | 59 ++++++-- ...n-azure-user-infra-wait-for-bootstrap.adoc | 27 +++- modules/installation-configure-proxy.adoc | 1 + ...installation-creating-azure-bootstrap.adoc | 44 +++++- ...allation-creating-azure-control-plane.adoc | 44 +++++- modules/installation-creating-azure-dns.adoc | 65 ++++++++- modules/installation-creating-azure-vnet.adoc | 28 +++- .../installation-creating-azure-worker.adoc | 44 +++++- ...ation-disk-partitioning-upi-templates.adoc | 1 + modules/installation-initializing-manual.adoc | 49 ++++++- modules/installation-initializing.adoc | 1 + modules/installation-network-user-infra.adoc | 11 +- modules/installation-obtaining-installer.adoc | 12 +- ...orting-common-variables-arm-templates.adoc | 24 +++- ...-infra-generate-k8s-manifest-ignition.adoc | 90 ++++++++++-- modules/installation-user-infra-generate.adoc | 14 ++ modules/installing-azure-account.adoc | 38 +++++ modules/ssh-agent-using.adoc | 1 + 49 files changed, 1198 insertions(+), 85 deletions(-) create mode 120000 installing/installing_azure_stack_hub/images create mode 100644 installing/installing_azure_stack_hub/installing-azure-stack-hub-account.adoc create mode 100644 installing/installing_azure_stack_hub/installing-azure-stack-hub-user-infra.adoc create mode 100644 installing/installing_azure_stack_hub/manually-creating-iam-azure-stack-hub.adoc create mode 120000 installing/installing_azure_stack_hub/modules create mode 100644 installing/installing_azure_stack_hub/preparing-to-install-on-azure-stack-hub.adoc create mode 100644 modules/installation-azure-stack-hub-config-yaml.adoc create mode 100644 modules/installation-azure-stack-hub-network-config.adoc create mode 100644 modules/installation-azure-stack-hub-permissions.adoc create mode 100644 modules/installing-azure-account.adoc diff --git a/_topic_map.yml b/_topic_map.yml index 18e456ceb6..0ed6d74e0a 100644 --- a/_topic_map.yml +++ b/_topic_map.yml @@ -190,6 +190,18 @@ Topics: File: installing-azure-user-infra - Name: Uninstalling a cluster on Azure File: uninstalling-cluster-azure +- Name: Installing on Azure Stack Hub + Dir: installing_azure_stack_hub + Distros: openshift-origin,openshift-enterprise + Topics: + - Name: Preparing to install on Azure Stack Hub + File: preparing-to-install-on-azure-stack-hub + - Name: Configuring an Azure Stack Hub account + File: installing-azure-stack-hub-account + - Name: Manually creating IAM for Azure Stack Hub + File: manually-creating-iam-azure-stack-hub + - Name: Installing a cluster on Azure Stack Hub using ARM templates + File: installing-azure-stack-hub-user-infra - Name: Installing on GCP Dir: installing_gcp Distros: openshift-origin,openshift-enterprise diff --git a/installing/installing-preparing.adoc b/installing/installing-preparing.adoc index 4b6b844f2e..90afc8e85d 100644 --- a/installing/installing-preparing.adoc +++ b/installing/installing-preparing.adoc @@ -202,16 +202,17 @@ endif::openshift-origin[] .User-provisioned infrastructure options |=== ifndef::openshift-origin[] -||AWS |Azure |GCP |{rh-openstack} |{rh-openstack} on SR-IOV |RHV |Bare metal |vSphere |VMC |IBM Z |IBM Z with {op-system-base} KVM |IBM Power |Platform agnostic +||AWS |Azure |Azure Stack Hub |GCP |{rh-openstack} |{rh-openstack} on SR-IOV |RHV |Bare metal |vSphere |VMC |IBM Z |IBM Z with {op-system-base} KVM |IBM Power |Platform agnostic endif::openshift-origin[] ifdef::openshift-origin[] -||AWS |Azure |GCP |{rh-openstack} |{rh-openstack} on SR-IOV |oVirt |Bare metal |vSphere |VMC |IBM Z |IBM Z with {op-system-base} KVM |IBM Power |Platform agnostic +||AWS |Azure |Azure Stack Hub |GCP |{rh-openstack} |{rh-openstack} on SR-IOV |oVirt |Bare metal |vSphere |VMC |IBM Z |IBM Z with {op-system-base} KVM |IBM Power |Platform agnostic endif::openshift-origin[] |Custom |xref:../installing/installing_aws/installing-aws-user-infra.adoc#installing-aws-user-infra[X] |xref:../installing/installing_azure/installing-azure-user-infra.adoc#installing-azure-user-infra[X] +|xref:../installing/installing_azure_stack_hub/installing-azure-stack-hub-user-infra.adoc#installing-azure-stack-hub-user-infra[X] |xref:../installing/installing_gcp/installing-gcp-user-infra.adoc#installing-gcp-user-infra[X] |xref:../installing/installing_openstack/installing-openstack-user.adoc#installing-openstack-user[X] |xref:../installing/installing_openstack/installing-openstack-user-sr-iov.adoc#installing-openstack-user-sr-iov[X] @@ -231,6 +232,7 @@ xref:../installing/installing_platform_agnostic/installing-platform-agnostic.ado | | | +| |xref:../installing/installing_openstack/installing-openstack-user-kuryr.adoc#installing-openstack-user-kuryr[X] | | @@ -245,6 +247,7 @@ xref:../installing/installing_platform_agnostic/installing-platform-agnostic.ado |Restricted network |xref:../installing/installing_aws/installing-restricted-networks-aws.adoc#installing-restricted-networks-aws[X] | +| |xref:../installing/installing_gcp/installing-restricted-networks-gcp.adoc#installing-restricted-networks-gcp[X] | | diff --git a/installing/installing_azure_stack_hub/images b/installing/installing_azure_stack_hub/images new file mode 120000 index 0000000000..5e67573196 --- /dev/null +++ b/installing/installing_azure_stack_hub/images @@ -0,0 +1 @@ +../images \ No newline at end of file diff --git a/installing/installing_azure_stack_hub/installing-azure-stack-hub-account.adoc b/installing/installing_azure_stack_hub/installing-azure-stack-hub-account.adoc new file mode 100644 index 0000000000..24d0d39865 --- /dev/null +++ b/installing/installing_azure_stack_hub/installing-azure-stack-hub-account.adoc @@ -0,0 +1,27 @@ +[id="installing-azure-stack-hub-account"] += Configuring an Azure Stack Hub account +include::modules/common-attributes.adoc[] +:context: installing-azure-stack-hub-account + +toc::[] + +Before you can install {product-title}, you must configure a Microsoft Azure account. + +[IMPORTANT] +==== +All Azure resources that are available through public endpoints are subject to resource name restrictions, and you cannot create resources that use certain terms. For a list of terms that Azure restricts, see link:https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-reserved-resource-name[Resolve reserved resource name errors] in the Azure documentation. +==== + +include::modules/installation-azure-limits.adoc[leveloffset=+1] + +include::modules/installation-azure-stack-hub-network-config.adoc[leveloffset=+1] + +include::modules/installation-azure-stack-hub-permissions.adoc[leveloffset=+1] + +include::modules/installation-azure-service-principal.adoc[leveloffset=+1] + +[id="next-steps_installing-azure-stack-hub-account"] +== Next steps + +* Configure your Azure Stack Hub credentials by following xref:../../installing/installing_azure_stack_hub/manually-creating-iam-azure-stack-hub.adoc#manually-creating-iam-azure-stack-hub[Manually creating IAM for Azure Stack Hub]. +* Install an {product-title} cluster on Azure Stack Hub with user-provisioned infrastructure by following xref:../../installing/installing_azure_stack_hub/installing-azure-stack-hub-user-infra.adoc#installing-azure-stack-hub-user-infra[Installing a cluster on Azure Stack Hub using ARM templates]. diff --git a/installing/installing_azure_stack_hub/installing-azure-stack-hub-user-infra.adoc b/installing/installing_azure_stack_hub/installing-azure-stack-hub-user-infra.adoc new file mode 100644 index 0000000000..c9da6dc0d8 --- /dev/null +++ b/installing/installing_azure_stack_hub/installing-azure-stack-hub-user-infra.adoc @@ -0,0 +1,111 @@ +[id="installing-azure-stack-hub-user-infra"] += Installing a cluster on Azure Stack Hub using ARM templates +include::modules/common-attributes.adoc[] +:context: installing-azure-stack-hub-user-infra + +toc::[] + +In {product-title} version {product-version}, you can install a cluster on Microsoft Azure Stack Hub by using infrastructure that you provide. + +Several link:https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/overview[Azure Resource Manager] (ARM) templates are provided to assist in completing these steps or to help model your own. + +[IMPORTANT] +==== +The steps for performing a user-provisioned infrastructure installation are provided as an example only. Installing a cluster with infrastructure you provide requires knowledge of the cloud provider and the installation process of {product-title}. Several ARM templates are provided to assist in completing these steps or to help model your own. You are also free to create the required resources through other methods; the templates are just an example. +==== + +[id="prerequisites_installing-azure-stack-hub-user-infra"] +== Prerequisites + +* You reviewed details about the xref:../../architecture/architecture-installation.adoc#architecture-installation[{product-title} installation and update] processes. +* You read the documentation on xref:../../installing/installing-preparing.adoc#installing-preparing[selecting a cluster installation method and preparing it for users]. +* You xref:../../installing/installing_azure_stack_hub/installing-azure-stack-hub-account.adoc#installing-azure-stack-hub-account[configured an Azure Stack Hub account] to host the cluster. +* You downloaded the Azure CLI and installed it on your computer. See link:https://docs.microsoft.com/en-us/cli/azure/install-azure-cli?view=azure-cli-latest[Install the Azure CLI] in the Azure documentation. The documentation below was tested using version `2.28.0` of the Azure CLI. Azure CLI commands might perform differently based on the version you use. +* If you use a firewall and plan to use the Telemetry service, you xref:../../installing/install_config/configuring-firewall.adoc#configuring-firewall[configured the firewall to allow the sites] that your cluster requires access to. ++ +[NOTE] +==== +Be sure to also review this site list if you are configuring a proxy. +==== + +include::modules/cluster-entitlements.adoc[leveloffset=+1] + +[id="installation-azure-stack-hub-user-infra-config-project"] +== Configuring your Azure Stack Hub project + +Before you can install {product-title}, you must configure an Azure project to host it. + +[IMPORTANT] +==== +All Azure Stack Hub resources that are available through public endpoints are subject to resource name restrictions, and you cannot create resources that use certain terms. For a list of terms that Azure Stack Hub restricts, see link:https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-reserved-resource-name[Resolve reserved resource name errors] in the Azure documentation. +==== + +include::modules/installation-azure-limits.adoc[leveloffset=+2] +include::modules/installation-azure-stack-hub-network-config.adoc[leveloffset=+2] + +You can view Azure's DNS solution by visiting this xref:installation-azure-create-dns-zones_{context}[example for creating DNS zones]. + +[id="csr-management-azure-stack-hub_{context}"] +=== Certificate signing requests management + +Because your cluster has limited access to automatic machine management when you use infrastructure that you provision, you must provide a mechanism for approving cluster certificate signing requests (CSRs) after installation. The `kube-controller-manager` only approves the kubelet client CSRs. The `machine-approver` cannot guarantee the validity of a serving certificate that is requested by using kubelet credentials because it cannot confirm that the correct machine issued the request. You must determine and implement a method of verifying the validity of the kubelet serving certificate requests and approving them. + +include::modules/installation-azure-stack-hub-permissions.adoc[leveloffset=+2] +include::modules/installation-azure-service-principal.adoc[leveloffset=+2] + +include::modules/installation-obtaining-installer.adoc[leveloffset=+1] + +include::modules/ssh-agent-using.adoc[leveloffset=+1] + +include::modules/installation-user-infra-generate.adoc[leveloffset=+1] +include::modules/installation-initializing-manual.adoc[leveloffset=+2] +include::modules/installation-azure-stack-hub-config-yaml.adoc[leveloffset=+2] + +include::modules/installation-configure-proxy.adoc[leveloffset=+2] +include::modules/installation-user-infra-exporting-common-variables-arm-templates.adoc[leveloffset=+2] +include::modules/installation-user-infra-generate-k8s-manifest-ignition.adoc[leveloffset=+2] +include::modules/installation-disk-partitioning-upi-templates.adoc[leveloffset=+2] + +include::modules/installation-azure-create-resource-group-and-identity.adoc[leveloffset=+1] + +include::modules/installation-azure-user-infra-uploading-rhcos.adoc[leveloffset=+1] + +include::modules/installation-azure-create-dns-zones.adoc[leveloffset=+1] + +You can learn more about xref:installation-azure-stack-hub-network-config_{context}[configuring a DNS zone in Azure Stack Hub] by visiting that section. + +include::modules/installation-creating-azure-vnet.adoc[leveloffset=+1] +include::modules/installation-arm-vnet.adoc[leveloffset=+2] + +include::modules/installation-azure-user-infra-deploying-rhcos.adoc[leveloffset=+1] +include::modules/installation-arm-image-storage.adoc[leveloffset=+2] + +include::modules/installation-network-user-infra.adoc[leveloffset=+1] + +include::modules/installation-creating-azure-dns.adoc[leveloffset=+1] +include::modules/installation-arm-dns.adoc[leveloffset=+2] + +include::modules/installation-creating-azure-bootstrap.adoc[leveloffset=+1] +include::modules/installation-arm-bootstrap.adoc[leveloffset=+2] + +include::modules/installation-creating-azure-control-plane.adoc[leveloffset=+1] +include::modules/installation-arm-control-plane.adoc[leveloffset=+2] + +include::modules/installation-azure-user-infra-wait-for-bootstrap.adoc[leveloffset=+1] + +include::modules/installation-creating-azure-worker.adoc[leveloffset=+1] +include::modules/installation-arm-worker.adoc[leveloffset=+2] + +include::modules/cli-installing-cli.adoc[leveloffset=+1] + +include::modules/cli-logging-in-kubeadmin.adoc[leveloffset=+1] + +include::modules/installation-approve-csrs.adoc[leveloffset=+1] + +include::modules/installation-azure-create-ingress-dns-records.adoc[leveloffset=+1] + +include::modules/installation-azure-user-infra-completing.adoc[leveloffset=+1] + +.Additional resources + +* See xref:../../support/remote_health_monitoring/about-remote-health-monitoring.adoc#about-remote-health-monitoring[About remote health monitoring] for more information about the Telemetry service. diff --git a/installing/installing_azure_stack_hub/manually-creating-iam-azure-stack-hub.adoc b/installing/installing_azure_stack_hub/manually-creating-iam-azure-stack-hub.adoc new file mode 100644 index 0000000000..00ba801c43 --- /dev/null +++ b/installing/installing_azure_stack_hub/manually-creating-iam-azure-stack-hub.adoc @@ -0,0 +1,30 @@ +[id="manually-creating-iam-azure-stack-hub"] += Manually creating IAM for Azure Stack Hub +include::modules/common-attributes.adoc[] +:context: manually-creating-iam-azure-stack-hub + +toc::[] + +In environments where the cloud identity and access management (IAM) APIs are not reachable, you must put the Cloud Credential Operator (CCO) into manual mode before you install the cluster. + +//// +In environments where the cloud identity and access management (IAM) APIs are not reachable, or the administrator prefers not to store an administrator-level credential secret in the cluster `kube-system` namespace, you can put the Cloud Credential Operator (CCO) into manual mode before you install the cluster. +//// +// Until ASH supports other credential scenarios besides manual mode, the tone for this article will be manual mode use only. + +include::modules/alternatives-to-storing-admin-secrets-in-kube-system.adoc[leveloffset=+1] + +.Additional resources + +For a detailed description of all available CCO credential modes and their supported platforms, see xref:../../authentication/managing_cloud_provider_credentials/about-cloud-credential-operator.adoc[About the Cloud Credential Operator]. + +include::modules/manually-create-identity-access-management.adoc[leveloffset=+1] + +//include::modules/admin-credentials-root-secret-formats.adoc[leveloffset=+1] + +include::modules/manually-maintained-credentials-upgrade.adoc[leveloffset=+1] + +[id="next-steps_manually-creating-iam-azure-stack-hub"] +== Next steps + +* Install an {product-title} cluster on Azure Stack Hub with user-provisioned infrastructure by following xref:../../installing/installing_azure_stack_hub/installing-azure-stack-hub-user-infra.adoc#installing-azure-stack-hub-user-infra[Installing a cluster on Azure Stack Hub using ARM templates]. diff --git a/installing/installing_azure_stack_hub/modules b/installing/installing_azure_stack_hub/modules new file mode 120000 index 0000000000..464b823aca --- /dev/null +++ b/installing/installing_azure_stack_hub/modules @@ -0,0 +1 @@ +../modules \ No newline at end of file diff --git a/installing/installing_azure_stack_hub/preparing-to-install-on-azure-stack-hub.adoc b/installing/installing_azure_stack_hub/preparing-to-install-on-azure-stack-hub.adoc new file mode 100644 index 0000000000..2a31fc67b4 --- /dev/null +++ b/installing/installing_azure_stack_hub/preparing-to-install-on-azure-stack-hub.adoc @@ -0,0 +1,38 @@ +[id="preparing-to-install-on-azure-stack-hub"] += Preparing to install on Azure Stack Hub +include::modules/common-attributes.adoc[] +:context: preparing-to-install-on-azure-stack-hub + +toc::[] + +[id="preparing-to-install-on-ash-prerequisites"] +== Prerequisites + +* You reviewed details about the xref:../../architecture/architecture-installation.adoc#architecture-installation[{product-title} installation and update] processes. +* You read the documentation on xref:../../installing/installing-preparing.adoc#installing-preparing[selecting a cluster installation method and preparing it for users]. + +[id="requirements-for-installing-ocp-on-ash"] +== Requirements for installing {product-title} on Azure Stack Hub + +Before installing {product-title} on Microsoft Azure Stack Hub, you must configure an Azure account. See xref:../../installing/installing_azure_stack_hub/installing-azure-stack-hub-account.adoc#installing-azure-stack-hub-account[Configuring an Azure Stack Hub account] for details about account configuration, account limits, DNS zone configuration, required roles, and creating service principals. + +You must manually manage your cloud credentials when installing a cluster to Azure Stack Hub. Do this by configuring the Cloud Credential Operator (CCO) for manual mode before you install the cluster. For more information, see xref:../../installing/installing_azure/manually-creating-iam-azure.adoc#manually-creating-iam-azure[Manually creating IAM for Azure]. + +[id="choosing-a-method-to-install-ocp-on-ash"] +== Choosing a method to install {product-title} on Azure Stack Hub + +You can install {product-title} on Azure Stack Hub using user-provisioned infrastructure. This means you must manage and maintain the cluster resources yourself. Installing {product-title} on Azure Stack Hub using an installation program that automatically provisions the cluster infrastructure is not supported at this time. + +See xref:../../architecture/architecture-installation.adoc#installation-process_architecture-installation[Installation process] for more information about installer-provisioned and user-provisioned installation processes. + +[id="choosing-a-method-to-install-ocp-on-ash-user-provisioned"] +=== Installing a cluster on user-provisioned infrastructure + +You can install a cluster on Azure Stack Hub infrastructure that you provision, by using the following method: + +* **xref:../../installing/installing_azure_stack_hub/installing-azure-stack-hub-user-infra.adoc#installing-azure-stack-hub-user-infra[Installing a cluster on Azure Stack Hub using ARM templates]**: You can install {product-title} on Azure Stack Hub by using infrastructure that you provide. You can use the provided Azure Resource Manager (ARM) templates to assist with an installation. + +[id="preparing-to-install-on-ash-next-steps"] +== Next steps + +* xref:../../installing/installing_azure_stack_hub/installing-azure-stack-hub-account.adoc#installing-azure-stack-hub-account[Configuring an Azure Stack Hub account] diff --git a/modules/cli-installing-cli.adoc b/modules/cli-installing-cli.adoc index cf634481fc..1147c31776 100644 --- a/modules/cli-installing-cli.adoc +++ b/modules/cli-installing-cli.adoc @@ -16,6 +16,7 @@ // * installing/installing_azure/installing-azure-private.adoc // * installing/installing_azure/installing-azure-vnet.adoc // * installing/installing_azure/installing-azure-user-infra.adoc +// * installing/installing_azure_stack_hub/installing-azure-stack-hub-user-infra.adoc // * installing/installing_bare_metal/installing-bare-metal.adoc // * installing/installing_gcp/installing-gcp-customizations.adoc // * installing/installing_gcp/installing-gcp-private.adoc diff --git a/modules/cli-logging-in-kubeadmin.adoc b/modules/cli-logging-in-kubeadmin.adoc index b8985f0733..f2fc304d27 100644 --- a/modules/cli-logging-in-kubeadmin.adoc +++ b/modules/cli-logging-in-kubeadmin.adoc @@ -15,6 +15,7 @@ // * installing/installing_azure/installing-azure-private.adoc // * installing/installing_azure/installing-azure-vnet.adoc // * installing/installing_azure/installing-azure-user-infra.adoc +// * installing/installing_azure_stack_hub/installing-azure-stack-hub-user-infra.adoc // * installing/installing_bare_metal/installing-bare-metal.adoc // * installing/installing_gcp/installing-gcp-customizations.adoc // * installing/installing_gcp/installing-gcp-private.adoc diff --git a/modules/cluster-entitlements.adoc b/modules/cluster-entitlements.adoc index 817414b69c..807a868a06 100644 --- a/modules/cluster-entitlements.adoc +++ b/modules/cluster-entitlements.adoc @@ -17,6 +17,7 @@ // * installing/installing_ibm_z/installing-ibm-z.adoc // * installing/installing_azure/installing-azure-vnet.adoc // * installing/installing_azure/installing-azure-user-infra.adoc +// * installing/installing_azure_stack_hub/installing-azure-stack-hub-user-infra.adoc // * installing/installing_azure/installing-azure-default.adoc // * installing/installing_azure/installing-azure-network-customizations.adoc // * installing/installing_azure/installing-azure-government-region.adoc diff --git a/modules/cluster-telemetry.adoc b/modules/cluster-telemetry.adoc index a3640d629c..ae2eeeddd4 100644 --- a/modules/cluster-telemetry.adoc +++ b/modules/cluster-telemetry.adoc @@ -17,6 +17,7 @@ // * installing/installing_ibm_z/installing-ibm-z.adoc // * installing/installing_azure/installing-azure-vnet.adoc // * installing/installing_azure/installing-azure-user-infra.adoc +// * installing/installing_azure_stack_hub/installing-azure-stack-hub-user-infra.adoc // * installing/installing_azure/installing-azure-default.adoc // * installing/installing_azure/installing-azure-network-customizations.adoc // * installing/installing_azure/installing-azure-government-region.adoc diff --git a/modules/installation-approve-csrs.adoc b/modules/installation-approve-csrs.adoc index 9b9be747c5..64f0bac7a4 100644 --- a/modules/installation-approve-csrs.adoc +++ b/modules/installation-approve-csrs.adoc @@ -2,6 +2,7 @@ // // * installing/installing_aws/installing-aws-user-infra.adoc // * installing/installing_azure/installing-azure-user-infra.adoc +// * installing/installing_azure_stack_hub/installing-azure-stack-hub-user-infra.adoc // * installing/installing_gcp/installing-gcp-user-infra.adoc // * installing/installing_gcp/installing-gcp-restricted-networks.adoc // * installing/installing_bare_metal/installing-bare-metal.adoc diff --git a/modules/installation-arm-bootstrap.adoc b/modules/installation-arm-bootstrap.adoc index 55ea481b84..85ee41139b 100644 --- a/modules/installation-arm-bootstrap.adoc +++ b/modules/installation-arm-bootstrap.adoc @@ -1,6 +1,11 @@ // Module included in the following assemblies: // // * installing/installing_azure/installing-azure-user-infra.adoc +// * installing/installing_azure_stack_hub/installing-azure-stack-hub-user-infra.adoc + +ifeval::["{context}" == "installing-azure-stack-hub-user-infra"] +:ash: +endif::[] [id="installation-arm-bootstrap_{context}"] = ARM template for the bootstrap machine @@ -13,6 +18,15 @@ bootstrap machine that you need for your {product-title} cluster: ==== [source,json] ---- +ifndef::ash[] include::https://raw.githubusercontent.com/openshift/installer/release-4.9/upi/azure/04_bootstrap.json[] +endif::ash[] +ifdef::ash[] +include::https://raw.githubusercontent.com/openshift/installer/release-4.9/upi/azurestack/04_bootstrap.json[] +endif::ash[] ---- ==== + +ifeval::["{context}" == "installing-azure-stack-hub-user-infra"] +:!ash: +endif::[] diff --git a/modules/installation-arm-control-plane.adoc b/modules/installation-arm-control-plane.adoc index 70d5f097e3..bc2c3db06d 100644 --- a/modules/installation-arm-control-plane.adoc +++ b/modules/installation-arm-control-plane.adoc @@ -1,6 +1,11 @@ // Module included in the following assemblies: // // * installing/installing_azure/installing-azure-user-infra.adoc +// * installing/installing_azure_stack_hub/installing-azure-stack-hub-user-infra.adoc + +ifeval::["{context}" == "installing-azure-stack-hub-user-infra"] +:ash: +endif::[] [id="installation-arm-control-plane_{context}"] = ARM template for control plane machines @@ -13,6 +18,15 @@ control plane machines that you need for your {product-title} cluster: ==== [source,json] ---- +ifndef::ash[] include::https://raw.githubusercontent.com/openshift/installer/release-4.9/upi/azure/05_masters.json[] +endif::ash[] +ifdef::ash[] +include::https://raw.githubusercontent.com/openshift/installer/release-4.9/upi/azurestack/05_masters.json[] +endif::ash[] ---- ==== + +ifeval::["{context}" == "installing-azure-stack-hub-user-infra"] +:!ash: +endif::[] diff --git a/modules/installation-arm-dns.adoc b/modules/installation-arm-dns.adoc index 74942c8bf4..8d4ed67bf3 100644 --- a/modules/installation-arm-dns.adoc +++ b/modules/installation-arm-dns.adoc @@ -1,6 +1,11 @@ // Module included in the following assemblies: // // * installing/installing_azure/installing-azure-user-infra.adoc +// * installing/installing_azure_stack_hub/installing-azure-stack-hub-user-infra.adoc + +ifeval::["{context}" == "installing-azure-stack-hub-user-infra"] +:ash: +endif::[] [id="installation-arm-dns_{context}"] = ARM template for the network and load balancers @@ -14,6 +19,15 @@ cluster: ==== [source,json] ---- +ifndef::ash[] include::https://raw.githubusercontent.com/openshift/installer/release-4.9/upi/azure/03_infra.json[] +endif::ash[] +ifdef::ash[] +include::https://raw.githubusercontent.com/openshift/installer/release-4.9/upi/azurestack/03_infra.json[] +endif::ash[] ---- ==== + +ifeval::["{context}" == "installing-azure-stack-hub-user-infra"] +:!ash: +endif::[] diff --git a/modules/installation-arm-image-storage.adoc b/modules/installation-arm-image-storage.adoc index 616a9f8500..e722a885fc 100644 --- a/modules/installation-arm-image-storage.adoc +++ b/modules/installation-arm-image-storage.adoc @@ -1,6 +1,11 @@ // Module included in the following assemblies: // // * installing/installing_azure/installing-azure-user-infra.adoc +// * installing/installing_azure_stack_hub/installing-azure-stack-hub-user-infra.adoc + +ifeval::["{context}" == "installing-azure-stack-hub-user-infra"] +:ash: +endif::[] [id="installation-arm-image-storage_{context}"] = ARM template for image storage @@ -13,6 +18,15 @@ stored {op-system-first} image that you need for your {product-title} cluster: ==== [source,json] ---- +ifndef::ash[] include::https://raw.githubusercontent.com/openshift/installer/release-4.9/upi/azure/02_storage.json[] +endif::ash[] +ifdef::ash[] +include::https://raw.githubusercontent.com/openshift/installer/release-4.9/upi/azurestack/02_storage.json[] +endif::ash[] ---- ==== + +ifeval::["{context}" == "installing-azure-stack-hub-user-infra"] +:!ash: +endif::[] diff --git a/modules/installation-arm-vnet.adoc b/modules/installation-arm-vnet.adoc index 79362f60ec..b1557c9392 100644 --- a/modules/installation-arm-vnet.adoc +++ b/modules/installation-arm-vnet.adoc @@ -1,6 +1,11 @@ // Module included in the following assemblies: // // * installing/installing_azure/installing-azure-user-infra.adoc +// * installing/installing_azure_stack_hub/installing-azure-stack-hub-user-infra.adoc + +ifeval::["{context}" == "installing-azure-stack-hub-user-infra"] +:ash: +endif::[] [id="installation-arm-vnet_{context}"] = ARM template for the VNet @@ -13,6 +18,15 @@ VNet that you need for your {product-title} cluster: ==== [source,json] ---- +ifndef::ash[] include::https://raw.githubusercontent.com/openshift/installer/release-4.9/upi/azure/01_vnet.json[] +endif::ash[] +ifdef::ash[] +include::https://raw.githubusercontent.com/openshift/installer/release-4.9/upi/azurestack/01_vnet.json[] +endif::ash[] ---- ==== + +ifeval::["{context}" == "installing-azure-stack-hub-user-infra"] +:!ash: +endif::[] \ No newline at end of file diff --git a/modules/installation-arm-worker.adoc b/modules/installation-arm-worker.adoc index 8eb2304924..c9516a134a 100644 --- a/modules/installation-arm-worker.adoc +++ b/modules/installation-arm-worker.adoc @@ -1,6 +1,11 @@ // Module included in the following assemblies: // // * installing/installing_azure/installing-azure-user-infra.adoc +// * installing/installing_azure_stack_hub/installing-azure-stack-hub-user-infra.adoc + +ifeval::["{context}" == "installing-azure-stack-hub-user-infra"] +:ash: +endif::[] [id="installation-arm-worker_{context}"] = ARM template for worker machines @@ -13,6 +18,15 @@ worker machines that you need for your {product-title} cluster: ==== [source,json] ---- +ifndef::ash[] include::https://raw.githubusercontent.com/openshift/installer/release-4.9/upi/azure/06_workers.json[] +endif::ash[] +ifdef::ash[] +include::https://raw.githubusercontent.com/openshift/installer/release-4.9/upi/azurestack/06_workers.json[] +endif::ash[] ---- ==== + +ifeval::["{context}" == "installing-azure-stack-hub-user-infra"] +:!ash: +endif::[] diff --git a/modules/installation-azure-config-yaml.adoc b/modules/installation-azure-config-yaml.adoc index bf8f414645..8e5acdb0da 100644 --- a/modules/installation-azure-config-yaml.adoc +++ b/modules/installation-azure-config-yaml.adoc @@ -287,4 +287,4 @@ ifeval::["{context}" == "installing-azure-private"] endif::[] ifeval::["{context}" == "installing-azure-government-region"] :!gov: -endif::[] +endif::[] \ No newline at end of file diff --git a/modules/installation-azure-create-dns-zones.adoc b/modules/installation-azure-create-dns-zones.adoc index 680598d86a..5d7d67adf6 100644 --- a/modules/installation-azure-create-dns-zones.adoc +++ b/modules/installation-azure-create-dns-zones.adoc @@ -1,6 +1,11 @@ // Module included in the following assemblies: // // * installing/installing_azure/installing-azure-user-infra.adoc +// * installing/installing_azure_stack_hub/installing-azure-stack-hub-user-infra.adoc + +ifeval::["{context}" == "installing-azure-stack-hub-user-infra"] +:ash: +endif::[] [id="installation-azure-create-dns-zones_{context}"] = Example for creating DNS zones @@ -8,9 +13,14 @@ DNS records are required for clusters that use user-provisioned infrastructure. You should choose the DNS strategy that fits your scenario. +ifndef::ash[] For this example, link:https://docs.microsoft.com/en-us/azure/dns/dns-overview[Azure's DNS solution] is used, so you will create a new public DNS zone for external (internet) visibility and a private DNS zone for internal cluster resolution. +endif::ash[] +ifdef::ash[] +For this example, link:https://docs.microsoft.com/en-us/azure-stack/operator/azure-stack-integrate-dns?view=azs-2102[Azure Stack Hub's datacenter DNS integration] is used, so you will create a public DNS zone. +endif::ash[] [NOTE] ==== @@ -38,6 +48,7 @@ $ az network dns zone create -g ${BASE_DOMAIN_RESOURCE_GROUP} -n ${CLUSTER_NAME} + You can skip this step if you are using a public DNS zone that already exists. +ifndef::ash[] . Create the private DNS zone in the same resource group as the rest of this deployment: + @@ -45,3 +56,8 @@ deployment: ---- $ az network private-dns zone create -g ${RESOURCE_GROUP} -n ${CLUSTER_NAME}.${BASE_DOMAIN} ---- +endif::ash[] + +ifeval::["{context}" == "installing-azure-user-infra"] +:!ash: +endif::[] diff --git a/modules/installation-azure-create-ingress-dns-records.adoc b/modules/installation-azure-create-ingress-dns-records.adoc index 0669f098d3..e7a8b0fe7d 100644 --- a/modules/installation-azure-create-ingress-dns-records.adoc +++ b/modules/installation-azure-create-ingress-dns-records.adoc @@ -1,6 +1,15 @@ // Module included in the following assemblies: // // * installing/installing_azure/installing-azure-user-infra.adoc +// * installing/installing_azure_stack_hub/installing-azure-stack-hub-user-infra.adoc + +ifeval::["{context}" == "installing-azure-user-infra"] +:cp: Azure +endif::[] +ifeval::["{context}" == "installing-azure-stack-hub-user-infra"] +:ash: +:cp: Azure Stack Hub +endif::[] [id="installation-azure-create-ingress-dns-records_{context}"] = Adding the Ingress DNS records @@ -13,9 +22,8 @@ records per your requirements. .Prerequisites -* You deployed an {product-title} cluster on Microsoft Azure by using infrastructure that you provisioned. +* You deployed an {product-title} cluster on Microsoft {cp} by using infrastructure that you provisioned. * Install the OpenShift CLI (`oc`). -* Install the `jq` package. * Install or update the link:https://docs.microsoft.com/en-us/cli/azure/install-azure-cli-yum?view=azure-cli-latest[Azure CLI]. .Procedure @@ -58,6 +66,7 @@ $ az network dns record-set a add-record -g ${BASE_DOMAIN_RESOURCE_GROUP} -z ${C $ az network dns record-set a add-record -g ${BASE_DOMAIN_RESOURCE_GROUP} -z ${BASE_DOMAIN} -n *.apps.${CLUSTER_NAME} -a ${PUBLIC_IP_ROUTER} --ttl 300 ---- +ifndef::ash[] . Add a `*.apps` record to the private DNS zone: .. Create a `*.apps` record by using the following command: + @@ -71,6 +80,7 @@ $ az network private-dns record-set a create -g ${RESOURCE_GROUP} -z ${CLUSTER_N ---- $ az network private-dns record-set a add-record -g ${RESOURCE_GROUP} -z ${CLUSTER_NAME}.${BASE_DOMAIN} -n *.apps -a ${PUBLIC_IP_ROUTER} ---- +endif::ash[] If you prefer to add explicit domains instead of using a wildcard, you can create entries for each of the cluster's current routes: @@ -90,3 +100,11 @@ alertmanager-main-openshift-monitoring.apps.cluster.basedomain.com grafana-openshift-monitoring.apps.cluster.basedomain.com prometheus-k8s-openshift-monitoring.apps.cluster.basedomain.com ---- + +ifeval::["{context}" == "installing-azure-user-infra"] +:!cp: Azure +endif::[] +ifeval::["{context}" == "installing-azure-stack-hub-user-infra"] +:!ash: +:!cp: Azure Stack Hub +endif::[] diff --git a/modules/installation-azure-create-resource-group-and-identity.adoc b/modules/installation-azure-create-resource-group-and-identity.adoc index 34cc32fb13..b871f0b06a 100644 --- a/modules/installation-azure-create-resource-group-and-identity.adoc +++ b/modules/installation-azure-create-resource-group-and-identity.adoc @@ -1,13 +1,24 @@ // Module included in the following assemblies: // // * installing/installing_azure/installing-azure-user-infra.adoc +// * installing/installing_azure_stack_hub/installing-azure-stack-hub-user-infra.adoc + +ifeval::["{context}" == "installing-azure-user-infra"] +:azure: +endif::[] +ifeval::["{context}" == "installing-azure-stack-hub-user-infra"] +:ash: +endif::[] [id="installation-azure-create-resource-group-and-identity_{context}"] -= Creating the Azure resource group and identity += Creating the Azure resource group -You must create a Microsoft Azure link:https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/overview#resource-groups[resource group] and an identity for that resource group. -These are both used during the installation of your {product-title} cluster on -Azure. +ifdef::azure[] +You must create a Microsoft Azure link:https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/overview#resource-groups[resource group] and an identity for that resource group. These are both used during the installation of your {product-title} cluster on Azure. +endif::azure[] +ifdef::ash[] +You must create a Microsoft Azure link:https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/overview#resource-groups[resource group]. This is used during the installation of your {product-title} cluster on Azure Stack Hub. +endif::ash[] .Prerequisites @@ -17,13 +28,19 @@ Azure. .Procedure +ifdef::azure[] . Create the resource group in a supported Azure region: +endif::azure[] +ifdef::ash[] +* Create the resource group in a supported Azure region: +endif::ash[] + [source,terminal] ---- $ az group create --name ${RESOURCE_GROUP} --location ${AZURE_REGION} ---- +ifdef::azure[] . Create an Azure identity for the resource group: + [source,terminal] @@ -55,3 +72,11 @@ $ export RESOURCE_GROUP_ID=`az group show -g ${RESOURCE_GROUP} --query id --out ---- $ az role assignment create --assignee "${PRINCIPAL_ID}" --role 'Contributor' --scope "${RESOURCE_GROUP_ID}" ---- +endif::azure[] + +ifeval::["{context}" == "installing-azure-user-infra"] +:!azure: +endif::[] +ifeval::["{context}" == "installing-azure-stack-hub-user-infra"] +:!ash: +endif::[] diff --git a/modules/installation-azure-limits.adoc b/modules/installation-azure-limits.adoc index 3bfaf0bd91..1690251587 100644 --- a/modules/installation-azure-limits.adoc +++ b/modules/installation-azure-limits.adoc @@ -2,14 +2,32 @@ // // * installing/installing_azure/installing-azure-account.adoc // * installing/installing_azure/installing-azure-user-infra.adoc +// * installing/installing_azure_stack_hub/installing-azure-stack-hub-user-infra.adoc +// * installing/installing_azure_stack_hub/installing-azure-stack-hub-account.adoc + +ifeval::["{context}" == "installing-azure-stack-hub-user-infra"] +:ash: +:cp: Azure Stack Hub +:upi: +endif::[] +ifeval::["{context}" == "installing-azure-stack-hub-account"] +:ash: +:upi: +:cp: Azure Stack Hub +endif::[] +ifeval::["{context}" == "installing-azure-user-infra"] +:cp: Azure +:upi: +endif::[] +ifeval::["{context}" == "installing-azure-account"] +:cp: Azure +endif::[] [id="installation-azure-limits_{context}"] -= Azure account limits += {cp} account limits -The {product-title} cluster uses a number of Microsoft Azure -components, and the default -link:https://docs.microsoft.com/en-us/azure/azure-subscription-service-limits[Azure subscription and service limits, quotas, and constraints] -affect your ability to install {product-title} clusters. +ifndef::ash[] +The {product-title} cluster uses a number of Microsoft {cp} components, and the default link:https://docs.microsoft.com/en-us/azure/azure-subscription-service-limits[Azure subscription and service limits, quotas, and constraints] affect your ability to install {product-title} clusters. [IMPORTANT] ==== @@ -18,16 +36,27 @@ Default limits vary by offer category types, such as Free Trial and Pay-As-You-G Check the limits for your subscription type and if necessary, increase quota limits for your account before you install a default cluster on Azure. ==== +endif::ash[] +ifdef::ash[] +The {product-title} cluster uses a number of Microsoft Azure Stack Hub components, and the default link:https://docs.microsoft.com/en-us/azure-stack/operator/azure-stack-quota-types?view=azs-2102[Quota types in Azure Stack Hub] affect your ability to install {product-title} clusters. +endif::ash[] -The following table summarizes the Azure components whose limits can impact your +The following table summarizes the {cp} components whose limits can impact your ability to install and run {product-title} clusters. - +ifndef::ash[] [cols="2a,3a,3a,8a",options="header"] |=== -|Component |Number of components required by default| Default Azure limit |Description +|Component |Number of components required by default| Default {cp} limit |Description +endif::ash[] +ifdef::ash[] +[cols="2a,3a,8a",options="header"] +|=== +|Component |Number of components required by default |Description +endif::ash[] |vCPU +ifndef::ash[] |40 |20 per region |A default cluster requires 40 vCPUs, so you must increase the account limit. @@ -43,11 +72,25 @@ the control plane machines use `Standard_D8s_v3` virtual machines, which use 8 vCPUs, and the worker machines use `Standard_D4s_v3` virtual machines, which use 4 vCPUs, a default cluster requires 40 vCPUs. The bootstrap node VM, which uses 4 vCPUs, is used only during installation. +endif::ash[] +ifdef::ash[] +|56 +|A default cluster requires 56 vCPUs, so you must increase the account limit. + +By default, each cluster creates the following instances: + +* One bootstrap machine, which is removed after installation +* Three control plane machines +* Three compute machines + +Because the bootstrap, control plane, and worker machines use `Standard_DS4_v2` virtual machines, which use 8 vCPUs, a default cluster requires 56 vCPUs. The bootstrap node VM is used only during installation. +endif::ash[] To deploy more worker nodes, enable autoscaling, deploy large workloads, or use a different instance type, you must further increase the vCPU limit for your account to ensure that your cluster can deploy the machines that you require. +ifndef::ash[] By default, the installation program distributes control plane and compute machines across link:https://azure.microsoft.com/en-us/global-infrastructure/availability-zones/[all availability zones] within @@ -56,36 +99,43 @@ To ensure high availability for your cluster, select a region with at least three availability zones. If your region contains fewer than three availability zones, the installation program places more than one control plane machine in the available zones. -//// -You can [provide an install-config](../overview.md#multiple-invocations) to -[configure](customization.md) the installation program to use specific zones to override the defaults. -//// +endif::ash[] |OS Disk |7 +ifndef::ash[] | -|VM OS disk must be able to sustain a minimum throughput of 5000 IOPS / 200MBps. This throughput can be provided by having a minimum of 1 TiB Premium SSD (P30). In Azure, disk performance is directly dependent on SSD disk sizes, so to achieve the throughput supported by `Standard_D8s_v3`, or other similar machine types available, and the target of 5000 IOPS, at least a P30 disk is required. +endif::ash[] +|VM OS disk must be able to sustain a minimum throughput of 5000 IOPS / 200MBps. This throughput can be provided by having a minimum of 1 TiB Premium SSD (P30). In {cp}, disk performance is directly dependent on SSD disk sizes, so to achieve the throughput supported by +ifndef::ash[`Standard_D8s_v3`,] +ifdef::ash[`Standard_DS4_v2`,] +or other similar machine types available, and the target of 5000 IOPS, at least a P30 disk is required. Host caching must be set to `ReadOnly` for low read latency and high read IOPS and throughput. The reads performed from the cache, which is present either in the VM memory or in the local SSD disk, are much faster than the reads from the data disk, which is in the blob storage. |VNet | 1 +ifndef::ash[] | 1000 per region +endif::ash[] | Each default cluster requires one Virtual Network (VNet), which contains two subnets. |Network interfaces -|6 +|7 +ifndef::ash[] |65,536 per region -|Each default cluster requires six network interfaces. If you create more +endif::ash[] +|Each default cluster requires seven network interfaces. If you create more machines or your deployed workloads create load balancers, your cluster uses more network interfaces. |Network security groups |2 +ifndef::ash[] |5000 -| Each default cluster -Each cluster creates network security groups for each subnet in the VNet. +endif::ash[] +| Each cluster creates network security groups for each subnet in the VNet. The default cluster creates network security groups for the control plane and for the compute node subnets: @@ -95,6 +145,7 @@ security groups for the control plane and for the compute node subnets: `node`:: Allows worker nodes to be reached from the internet on ports 80 and 443 |Network load balancers +ifndef::upi,ash[] | 3 | 1000 per region |Each cluster creates the following @@ -107,18 +158,63 @@ link:https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-overview If your applications create more Kubernetes `LoadBalancer` service objects, your cluster uses more load balancers. +endif::upi,ash[] +ifdef::upi[] +| 2 +ifndef::ash[] +| 1000 per region +endif::ash[] +|Each cluster creates the following +link:https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-overview[load balancers]: + +[horizontal] +`default`:: Public IP address that load balances requests to ports 80 and 443 across worker machines +`api`:: Public IP address that load balances requests to ports 6443 and 22623 across control plane machines + +If your applications create more Kubernetes `LoadBalancer` service objects, +your cluster uses more load balancers. +endif::upi[] |Public IP addresses +ifndef::ash[] |3 | |Each of the two public load balancers uses a public IP address. The bootstrap machine also uses a public IP address so that you can SSH into the machine to troubleshoot issues during installation. The IP address for the bootstrap node is used only during installation. +endif::ash[] +ifdef::ash[] +|2 +|The public load balancer uses a public IP address. The bootstrap +machine also uses a public IP address so that you can SSH into the +machine to troubleshoot issues during installation. The IP address for the +bootstrap node is used only during installation. +endif::ash[] |Private IP addresses |7 +ifndef::ash[] | +endif::ash[] |The internal load balancer, each of the three control plane machines, and each of the three worker machines each use a private IP address. |=== + +ifeval::["{context}" == "installing-azure-stack-hub-user-infra"] +:!ash: +:!cp: Azure Stack Hub +:!upi: +endif::[] +ifeval::["{context}" == "installing-azure-stack-hub-account"] +:!ash: +:!cp: Azure Stack Hub +:!upi: +endif::[] +ifeval::["{context}" == "installing-azure-user-infra"] +:!cp: Azure +:!upi: +endif::[] +ifeval::["{context}" == "installing-azure-account"] +:!cp: Azure +endif::[] diff --git a/modules/installation-azure-regions.adoc b/modules/installation-azure-regions.adoc index eb08362293..3ea0d38254 100644 --- a/modules/installation-azure-regions.adoc +++ b/modules/installation-azure-regions.adoc @@ -2,6 +2,7 @@ // // * installing/installing_azure/installing-azure-account.adoc // * installing/installing_azure/installing-azure-user-infra.adoc +// * installing/installing_azure_stack_hub/installing-azure-stack-hub-user-infra.adoc [id="installation-azure-regions_{context}"] = Supported Azure regions diff --git a/modules/installation-azure-service-principal.adoc b/modules/installation-azure-service-principal.adoc index 85590775b7..298b8eb2dc 100644 --- a/modules/installation-azure-service-principal.adoc +++ b/modules/installation-azure-service-principal.adoc @@ -2,6 +2,15 @@ // // * installing/installing_azure/installing-azure-account.adoc // * installing/installing_azure/installing-azure-user-infra.adoc +// * installing/installing_azure_stack_hub/installing-azure-stack-hub-user-infra.adoc +// * installing/installing_azure_stack_hub/installing-azure-stack-hub-account.adoc + +ifeval::["{context}" == "installing-azure-stack-hub-user-infra"] +:ash: +endif::[] +ifeval::["{context}" == "installing-azure-stack-hub-account"] +:ash: +endif::[] [id="installation-azure-service-principal_{context}"] = Creating a service principal @@ -18,6 +27,32 @@ to represent it. .Procedure +ifdef::ash[] +. Register your Azure Stack Cloud environment with your Azure CLI. For more details on this process, see Microsoft's documentation for link:https://docs.microsoft.com/en-us/azure-stack/mdc/azure-stack-version-profiles-azurecli-2-tzl#connect-to-azure-stack-hub[Connecting to Azure Stack Hub]. + +.. Register your environment with the Azure CLI: ++ +[source,terminal] +---- +$ az cloud register -n --endpoint-resource-manager +---- + +.. Set the active environment: ++ +[source,terminal] +---- +$ az cloud set -n +---- + +.. Update your environment configuration to use the specific API version for Azure Stack Hub: ++ +[source,terminal] +---- +$ az cloud update --profile 2019-03-01-hybrid +---- + +endif::ash[] + . Log in to the Azure CLI: + [source,terminal] @@ -26,6 +61,9 @@ $ az login ---- + Log in to Azure in the web console by using your credentials. +ifdef::ash[] +If you are in a multitenant environment, you must also supply the tenant ID. +endif::ash[] . If your Azure account uses subscriptions, ensure that you are using the right subscription. @@ -42,7 +80,12 @@ $ az account list --refresh ---- [ { +ifndef::ash[] "cloudName": "AzureCloud", +endif::[] +ifdef::ash[] + "cloudName": AzureStackCloud", +endif::[] "id": "9bab1460-96d5-40b3-a78e-17b15e978a80", "isDefault": true, "name": "Subscription Name", @@ -68,7 +111,12 @@ $ az account show [source,terminal] ---- { +ifndef::ash[] "environmentName": "AzureCloud", +endif::[] +ifdef::ash[] + "environmentName": AzureStackCloud", +endif::[] "id": "9bab1460-96d5-40b3-a78e-17b15e978a80", "isDefault": true, "name": "Subscription Name", @@ -103,7 +151,12 @@ $ az account show [source,terminal] ---- { +ifndef::ash[] "environmentName": "AzureCloud", +endif::[] +ifdef::ash[] + "environmentName": AzureStackCloud", +endif::[] "id": "33212d16-bdf6-45cb-b038-f6565b61edda", "isDefault": true, "name": "Subscription Name", @@ -147,6 +200,7 @@ Retrying role assignment creation: 4/36 . Record the values of the `appId` and `password` parameters from the previous output. You need these values during {product-title} installation. +ifndef::ash[] . Grant additional permissions to the service principal. + -- @@ -203,3 +257,11 @@ $ az ad app permission grant --id \ <1> --api 00000002-0000-0000-c000-000000000000 ---- <1> Replace `` with the `appId` parameter value for your service principal. +endif::ash[] + +ifeval::["{context}" == "installing-azure-stack-hub-user-infra"] +:!ash: +endif::[] +ifeval::["{context}" == "installing-azure-stack-hub-account"] +:!ash: +endif::[] diff --git a/modules/installation-azure-stack-hub-config-yaml.adoc b/modules/installation-azure-stack-hub-config-yaml.adoc new file mode 100644 index 0000000000..9eb675f6ba --- /dev/null +++ b/modules/installation-azure-stack-hub-config-yaml.adoc @@ -0,0 +1,83 @@ +// Module included in the following assemblies: +// +// * installing/installing_azure_stack_hub/installing-azure-stack-hub-user-infra.adoc + +[id="installation-azure-stack-hub-config-yaml_{context}"] += Sample customized `install-config.yaml` file for Azure Stack Hub + +You can customize the `install-config.yaml` file to specify more details about your {product-title} cluster's platform or modify the values of the required parameters. + +[IMPORTANT] +==== +This sample YAML file is provided for reference only. Use it as a resource to enter parameter values into the installation configuration file that you created manually. +==== + +[source,yaml] +---- +apiVersion: v1 +baseDomain: example.com +controlPlane: <1> + name: master + replicas: 3 +compute: <1> +- name: worker + platform: {} + replicas: 0 +metadata: + name: test-cluster <2> +networking: + clusterNetwork: + - cidr: 10.128.0.0/14 + hostPrefix: 23 + machineNetwork: + - cidr: 10.0.0.0/16 +ifndef::openshift-origin[] + networkType: OpenShiftSDN +endif::openshift-origin[] +ifdef::openshift-origin[] + networkType: OVNKubernetes +endif::openshift-origin[] + serviceNetwork: + - 172.30.0.0/16 +platform: + azure: + armEndpoint: azurestack_arm_endpoint <3> + baseDomainResourceGroupName: resource_group <4> + region: azure_stack_local_region <5> + resourceGroupName: existing_resource_group <6> + outboundType: Loadbalancer + cloudName: AzureStackCloud <7> +pullSecret: '{"auths": ...}' <8> +ifndef::openshift-origin[] +fips: false <9> +sshKey: ssh-ed25519 AAAA... <10> +endif::openshift-origin[] +ifdef::openshift-origin[] +sshKey: ssh-ed25519 AAAA... <9> +endif::openshift-origin[] +---- +<1> The `controlPlane` section is a single mapping, but the compute section is a sequence of mappings. To meet the requirements of the different data structures, the first line of the `compute` section must begin with a hyphen, `-`, and the first line of the `controlPlane` section must not. Although both sections currently define a single machine pool, it is possible that future versions of {product-title} will support defining multiple compute pools during installation. Only one control plane pool is used. +<2> Specify the name of the cluster. +<3> Specify the Azure Resource Manager endpoint that your Azure Stack Hub operator provides. +<4> Specify the name of the resource group that contains the DNS zone for your base domain. +<5> Specify the name of your Azure Stack Hub local region. +<6> Specify the name of an already existing resource group to install your cluster to. If undefined, a new resource group is created for the cluster. +<7> Specify the Azure Stack Hub environment as your target platform. +<8> Specify the pull secret required to authenticate your cluster. +ifndef::openshift-origin[] +<9> Whether to enable or disable FIPS mode. By default, FIPS mode is not enabled. If FIPS mode is enabled, the {op-system-first} machines that {product-title} runs on bypass the default Kubernetes cryptography suite and use the cryptography modules that are provided with {op-system} instead. ++ +[IMPORTANT] +==== +The use of FIPS Validated / Modules in Process cryptographic libraries is only supported on {product-title} deployments on the `x86_64` architecture. +==== +<10> You can optionally provide the `sshKey` value that you use to access the machines in your cluster. +endif::openshift-origin[] +ifdef::openshift-origin[] +<9> You can optionally provide the `sshKey` value that you use to access the machines in your cluster. +endif::openshift-origin[] ++ +[NOTE] +==== +For production {product-title} clusters on which you want to perform installation debugging or disaster recovery, specify an SSH key that your `ssh-agent` process uses. +==== diff --git a/modules/installation-azure-stack-hub-network-config.adoc b/modules/installation-azure-stack-hub-network-config.adoc new file mode 100644 index 0000000000..fe2129ed41 --- /dev/null +++ b/modules/installation-azure-stack-hub-network-config.adoc @@ -0,0 +1,9 @@ +// Module included in the following assemblies: +// +// * installing/installing_azure_stack_hub/installing-azure-stack-hub-user-infra.adoc +// * installing/installing_azure_stack_hub/installing-azure-stack-hub-account.adoc + +[id="installation-azure-stack-hub-network-config_{context}"] += Configuring a DNS zone in Azure Stack Hub + +To successfully install {product-title} on Azure Stack Hub, you must create DNS records in an Azure Stack Hub DNS zone. The DNS zone must be authoritative for the domain. To delegate a registrar's DNS zone to Azure Stack Hub, see Microsoft's documentation for link:https://docs.microsoft.com/en-us/azure-stack/operator/azure-stack-integrate-dns?view=azs-2102[Azure Stack Hub datacenter DNS integration]. diff --git a/modules/installation-azure-stack-hub-permissions.adoc b/modules/installation-azure-stack-hub-permissions.adoc new file mode 100644 index 0000000000..fd44263216 --- /dev/null +++ b/modules/installation-azure-stack-hub-permissions.adoc @@ -0,0 +1,12 @@ +// Module included in the following assemblies: +// +// * installing/installing_azure_stack_hub/installing-azure-stack-hub-user-infra.adoc + +[id="installation-azure-stack-hub-permissions_{context}"] += Required Azure Stack Hub roles + +Your Microsoft Azure Stack Hub account must have the following roles for the subscription that you use: + +* `Owner` + +To set roles on the Azure portal, see the link:https://docs.microsoft.com/en-us/azure-stack/user/azure-stack-manage-permissions?view=azs-2102[Manage access to resources in Azure Stack Hub with role-based access control] in the Microsoft documentation. diff --git a/modules/installation-azure-user-infra-completing.adoc b/modules/installation-azure-user-infra-completing.adoc index d0f0c1658b..61bcdaa266 100644 --- a/modules/installation-azure-user-infra-completing.adoc +++ b/modules/installation-azure-user-infra-completing.adoc @@ -1,17 +1,25 @@ // Module included in the following assemblies: // // * installing/installing_azure/installing-azure-user-infra.adoc +// * installing/installing_azure_stack_hub/installing-azure-stack-hub-user-infra.adoc + +ifeval::["{context}" == "installing-azure-user-infra"] +:cp: Azure +endif::[] +ifeval::["{context}" == "installing-azure-stack-hub-user-infra"] +:cp: Azure Stack Hub +endif::[] [id="installation-azure-user-infra-completing_{context}"] -= Completing an Azure installation on user-provisioned infrastructure += Completing an {cp} installation on user-provisioned infrastructure -After you start the {product-title} installation on Microsoft Azure +After you start the {product-title} installation on Microsoft {cp} user-provisioned infrastructure, you can monitor the cluster events until the cluster is ready. .Prerequisites -* Deploy the bootstrap machine for an {product-title} cluster on user-provisioned Azure infrastructure. +* Deploy the bootstrap machine for an {product-title} cluster on user-provisioned {cp} infrastructure. * Install the `oc` CLI and log in. .Procedure @@ -35,3 +43,10 @@ stored the installation files in. ==== The Ignition config files that the installation program generates contain certificates that expire after 24 hours, which are then renewed at that time. If the cluster is shut down before renewing the certificates and the cluster is later restarted after the 24 hours have elapsed, the cluster automatically recovers the expired certificates. The exception is that you must manually approve the pending `node-bootstrapper` certificate signing requests (CSRs) to recover kubelet certificates. See the documentation for _Recovering from expired control plane certificates_ for more information. ==== + +ifeval::["{context}" == "installing-azure-user-infra"] +:!cp: Azure +endif::[] +ifeval::["{context}" == "installing-azure-stack-hub-user-infra"] +:!cp: Azure Stack Hub +endif::[] diff --git a/modules/installation-azure-user-infra-deploying-rhcos.adoc b/modules/installation-azure-user-infra-deploying-rhcos.adoc index a62a5aee43..c8c5b0007b 100644 --- a/modules/installation-azure-user-infra-deploying-rhcos.adoc +++ b/modules/installation-azure-user-infra-deploying-rhcos.adoc @@ -1,11 +1,21 @@ // Module included in the following assemblies: // // * installing/installing_azure/installing-azure-user-infra.adoc +// * installing/installing_azure_stack_hub/installing-azure-stack-hub-user-infra.adoc + +ifeval::["{context}" == "installing-azure-user-infra"] +:azure: +:cp: Azure +endif::[] +ifeval::["{context}" == "installing-azure-stack-hub-user-infra"] +:ash: +:cp: Azure Stack Hub +endif::[] [id="installation-azure-user-infra-deploying-rhcos_{context}"] -= Deploying the {op-system} cluster image for the Azure infrastructure += Deploying the {op-system} cluster image for the {cp} infrastructure -You must use a valid {op-system-first} image for Microsoft Azure for your +You must use a valid {op-system-first} image for Microsoft {cp} for your {product-title} nodes. .Prerequisites @@ -42,3 +52,12 @@ $ az deployment group create -g ${RESOURCE_GROUP} \ ---- <1> The blob URL of the {op-system} VHD to be used to create master and worker machines. <2> The base name to be used in resource names; this is usually the cluster's infrastructure ID. + +ifeval::["{context}" == "installing-azure-user-infra"] +:!azure: +:!cp: Azure +endif::[] +ifeval::["{context}" == "installing-azure-stack-hub-user-infra"] +:!ash: +:!cp: Azure Stack Hub +endif::[] diff --git a/modules/installation-azure-user-infra-uploading-rhcos.adoc b/modules/installation-azure-user-infra-uploading-rhcos.adoc index 7de674b24f..0e883f0f40 100644 --- a/modules/installation-azure-user-infra-uploading-rhcos.adoc +++ b/modules/installation-azure-user-infra-uploading-rhcos.adoc @@ -1,6 +1,14 @@ // Module included in the following assemblies: // -// * installing/installing_gcp/installing-azure-user-infra.adoc +// * installing/installing_azure/installing-azure-user-infra.adoc +// * installing/installing_azure_stack_hub/installing-azure-stack-hub-user-infra.adoc + +ifeval::["{context}" == "installing-azure-user-infra"] +:azure: +endif::[] +ifeval::["{context}" == "installing-azure-stack-hub-user-infra"] +:ash: +endif::[] [id="installation-azure-user-infra-uploading-rhcos_{context}"] = Uploading the {op-system} cluster image and bootstrap Ignition config file @@ -45,10 +53,18 @@ $ export ACCOUNT_KEY=`az storage account keys list -g ${RESOURCE_GROUP} --accoun . Choose the {op-system} version to use and export the URL of its VHD to an environment variable: + +ifdef::azure[] [source,terminal] ---- $ export VHD_URL=`curl -s https://raw.githubusercontent.com/openshift/installer/release-4.9/data/data/rhcos.json | jq -r .azure.url` ---- +endif::azure[] +ifdef::ash[] +[source,terminal] +---- +$ export COMPRESSED_VHD_URL=`curl -s https://raw.githubusercontent.com/openshift/installer/release-4.9/data/data/rhcos-amd64.json | jq -r '(.baseURI + .images.azurestack.path)'` +---- +endif::ash[] + [IMPORTANT] ==== @@ -58,28 +74,42 @@ less than or equal to the {product-title} version that you install. Use the imag that matches your {product-title} version if it is available. ==== -. Copy the chosen VHD to a blob: +. Create the storage container for the VHD: + [source,terminal] ---- $ az storage container create --name vhd --account-name ${CLUSTER_NAME}sa --account-key ${ACCOUNT_KEY} ---- +ifdef::ash[] +. Download the compressed {op-system} VHD file locally: + [source,terminal] ---- +$ curl -O -L ${COMPRESSED_VHD_URL} +---- + +. Decompress the VHD file. ++ +[NOTE] +==== +The decompressed VHD file is approximately 16 GB, so be sure that your host system has 16 GB of free space available. The VHD file can be deleted once you have uploaded it. +==== +endif::ash[] + +. Copy the chosen VHD to a blob: ++ +ifdef::azure[] +[source,terminal] +---- $ az storage blob copy start --account-name ${CLUSTER_NAME}sa --account-key ${ACCOUNT_KEY} --destination-blob "rhcos.vhd" --destination-container vhd --source-uri "${VHD_URL}" ---- -+ -To track the progress of the VHD copy task, run this script: -+ +endif::azure[] +ifdef::ash[] +[source,terminal] ---- -status="unknown" -while [ "$status" != "success" ] -do - status=`az storage blob show --container-name vhd --name "rhcos.vhd" --account-name ${CLUSTER_NAME}sa --account-key ${ACCOUNT_KEY} -o tsv --query properties.copy.status` - echo $status -done +$ az storage blob upload --account-name ${CLUSTER_NAME}sa --account-key ${ACCOUNT_KEY} -c vhd -n "rhcos.vhd" -f rhcos--azurestack.x86_64.vhd ---- +endif::ash[] . Create a blob storage container and upload the generated `bootstrap.ign` file: + @@ -92,3 +122,10 @@ $ az storage container create --name files --account-name ${CLUSTER_NAME}sa --ac ---- $ az storage blob upload --account-name ${CLUSTER_NAME}sa --account-key ${ACCOUNT_KEY} -c "files" -f "/bootstrap.ign" -n "bootstrap.ign" ---- + +ifeval::["{context}" == "installing-azure-user-infra"] +:!azure: +endif::[] +ifeval::["{context}" == "installing-azure-stack-hub-user-infra"] +:!ash: +endif::[] \ No newline at end of file diff --git a/modules/installation-azure-user-infra-wait-for-bootstrap.adoc b/modules/installation-azure-user-infra-wait-for-bootstrap.adoc index a64a29ca9a..f69fa9f855 100644 --- a/modules/installation-azure-user-infra-wait-for-bootstrap.adoc +++ b/modules/installation-azure-user-infra-wait-for-bootstrap.adoc @@ -1,11 +1,21 @@ // Module included in the following assemblies: // // * installing/installing_azure/installing-azure-user-infra.adoc +// * installing/installing_azure_stack_hub/installing-azure-stack-hub-user-infra.adoc + +ifeval::["{context}" == "installing-azure-user-infra"] +:azure: +:cp: Azure +endif::[] +ifeval::["{context}" == "installing-azure-stack-hub-user-infra"] +:ash: +:cp: Azure Stack Hub +endif::[] [id="installation-azure-user-infra-wait-for-bootstrap_{context}"] -= Wait for bootstrap completion and remove bootstrap resources in Azure += Wait for bootstrap completion and remove bootstrap resources in {cp} -After you create all of the required infrastructure in Microsoft Azure, wait for +After you create all of the required infrastructure in Microsoft {cp}, wait for the bootstrap process to complete on the machines that you provisioned by using the Ignition config files that you generated with the installation program. @@ -13,8 +23,8 @@ the Ignition config files that you generated with the installation program. * Configure an Azure account. * Generate the Ignition config files for your cluster. -* Create and configure a VNet and associated subnets in Azure. -* Create and configure networking and load balancers in Azure. +* Create and configure a VNet and associated subnets in {cp}. +* Create and configure networking and load balancers in {cp}. * Create control plane and compute roles. * Create the bootstrap machine. * Create the control plane machines. @@ -50,3 +60,12 @@ $ az network nic delete -g ${RESOURCE_GROUP} --name ${INFRA_ID}-bootstrap-nic -- $ az storage blob delete --account-key ${ACCOUNT_KEY} --account-name ${CLUSTER_NAME}sa --container-name files --name bootstrap.ign $ az network public-ip delete -g ${RESOURCE_GROUP} --name ${INFRA_ID}-bootstrap-ssh-pip ---- + +ifeval::["{context}" == "installing-azure-user-infra"] +:!azure: +:!cp: Azure +endif::[] +ifeval::["{context}" == "installing-azure-stack-hub-user-infra"] +:!ash: +:!cp: Azure Stack Hub +endif::[] diff --git a/modules/installation-configure-proxy.adoc b/modules/installation-configure-proxy.adoc index cc0f5644fb..5f7c0d944c 100644 --- a/modules/installation-configure-proxy.adoc +++ b/modules/installation-configure-proxy.adoc @@ -7,6 +7,7 @@ // * installing/installing_azure/installing-azure-government-region.adoc // * installing/installing_azure/installing-azure-private.adoc // * installing/installing_azure/installing-azure-user-infra.adoc +// * installing/installing_azure_stack_hub/installing-azure-stack-hub-user-infra.adoc // * installing/installing_gcp/installing-gcp-user-infra.adoc // * installing/installing_gcp/installing-restricted-networks-gcp.adoc // * installing/installing_gcp/installing-restricted-networks-gcp-installer-provisioned.adoc diff --git a/modules/installation-creating-azure-bootstrap.adoc b/modules/installation-creating-azure-bootstrap.adoc index 8746fa2b5a..7c8781a271 100644 --- a/modules/installation-creating-azure-bootstrap.adoc +++ b/modules/installation-creating-azure-bootstrap.adoc @@ -1,11 +1,21 @@ // Module included in the following assemblies: // // * installing/installing_azure/installing-azure-user-infra.adoc +// * installing/installing_azure_stack_hub/installing-azure-stack-hub-user-infra.adoc + +ifeval::["{context}" == "installing-azure-user-infra"] +:azure: +:cp: Azure +endif::[] +ifeval::["{context}" == "installing-azure-stack-hub-user-infra"] +:ash: +:cp: Azure Stack Hub +endif::[] [id="installation-creating-azure-bootstrap_{context}"] -= Creating the bootstrap machine in Azure += Creating the bootstrap machine in {cp} -You must create the bootstrap machine in Microsoft Azure to use during +You must create the bootstrap machine in Microsoft {cp} to use during {product-title} cluster initialization. One way to create this machine is to modify the provided Azure Resource Manager (ARM) template. @@ -21,8 +31,8 @@ support with your installation logs. * Configure an Azure account. * Generate the Ignition config files for your cluster. -* Create and configure a VNet and associated subnets in Azure. -* Create and configure networking and load balancers in Azure. +* Create and configure a VNet and associated subnets in {cp}. +* Create and configure networking and load balancers in {cp}. * Create control plane and compute roles. .Procedure @@ -41,6 +51,7 @@ $ export BOOTSTRAP_IGNITION=`jq -rcnM --arg v "3.2.0" --arg url ${BOOTSTRAP_URL} . Create the deployment by using the `az` CLI: + +ifdef::azure[] [source,terminal] ---- $ az deployment group create -g ${RESOURCE_GROUP} \ @@ -52,3 +63,28 @@ $ az deployment group create -g ${RESOURCE_GROUP} \ <1> The bootstrap Ignition content for the bootstrap cluster. <2> The SSH RSA public key file as a string. <3> The base name to be used in resource names; this is usually the cluster's infrastructure ID. +endif::azure[] +ifdef::ash[] +[source,terminal] +---- +$ az deployment group create --verbose -g ${RESOURCE_GROUP} \ + --template-file "/04_bootstrap.json" \ + --parameters bootstrapIgnition="${BOOTSTRAP_IGNITION}" \ <1> + --parameters sshKeyData="${SSH_KEY}" \ <2> + --parameters baseName="${INFRA_ID}" \ <3> + --parameters diagnosticsStorageAccountName="${CLUSTER_NAME}sa" <4> +---- +<1> The bootstrap Ignition content for the bootstrap cluster. +<2> The SSH RSA public key file as a string. +<3> The base name to be used in resource names; this is usually the cluster's infrastructure ID. +<4> The name of the storage account for your cluster. +endif::ash[] + +ifeval::["{context}" == "installing-azure-user-infra"] +:!azure: +:!cp: Azure +endif::[] +ifeval::["{context}" == "installing-azure-stack-hub-user-infra"] +:!ash: +:!cp: Azure Stack Hub +endif::[] diff --git a/modules/installation-creating-azure-control-plane.adoc b/modules/installation-creating-azure-control-plane.adoc index 41e484290f..315153d2af 100644 --- a/modules/installation-creating-azure-control-plane.adoc +++ b/modules/installation-creating-azure-control-plane.adoc @@ -1,11 +1,21 @@ // Module included in the following assemblies: // // * installing/installing_azure/installing-azure-user-infra.adoc +// * installing/installing_azure_stack_hub/installing-azure-stack-hub-user-infra.adoc + +ifeval::["{context}" == "installing-azure-user-infra"] +:azure: +:cp: Azure +endif::[] +ifeval::["{context}" == "installing-azure-stack-hub-user-infra"] +:ash: +:cp: Azure Stack Hub +endif::[] [id="installation-creating-azure-control-plane_{context}"] -= Creating the control plane machines in Azure += Creating the control plane machines in {cp} -You must create the control plane machines in Microsoft Azure for your cluster +You must create the control plane machines in Microsoft {cp} for your cluster to use. One way to create these machines is to modify the provided Azure Resource Manager (ARM) template. @@ -21,8 +31,8 @@ contact Red Hat support with your installation logs. * Configure an Azure account. * Generate the Ignition config files for your cluster. -* Create and configure a VNet and associated subnets in Azure. -* Create and configure networking and load balancers in Azure. +* Create and configure a VNet and associated subnets in {cp}. +* Create and configure networking and load balancers in {cp}. * Create control plane and compute roles. * Create the bootstrap machine. @@ -41,6 +51,7 @@ $ export MASTER_IGNITION=`cat /master.ign | base64 | tr . Create the deployment by using the `az` CLI: + +ifdef::azure[] [source,terminal] ---- $ az deployment group create -g ${RESOURCE_GROUP} \ @@ -54,3 +65,28 @@ $ az deployment group create -g ${RESOURCE_GROUP} \ <2> The SSH RSA public key file as a string. <3> The name of the private DNS zone to which the control plane nodes are attached. <4> The base name to be used in resource names; this is usually the cluster's infrastructure ID. +endif::azure[] +ifdef::ash[] +[source,terminal] +---- +$ az deployment group create -g ${RESOURCE_GROUP} \ + --template-file "/05_masters.json" \ + --parameters masterIgnition="${MASTER_IGNITION}" \ <1> + --parameters sshKeyData="${SSH_KEY}" \ <2> + --parameters baseName="${INFRA_ID}" \ <3> + --parameters diagnosticsStorageAccountName="${CLUSTER_NAME}sa" <4> +---- +<1> The Ignition content for the control plane nodes (also known as the master nodes). +<2> The SSH RSA public key file as a string. +<3> The base name to be used in resource names; this is usually the cluster's infrastructure ID. +<4> The name of the storage account for your cluster. +endif::ash[] + +ifeval::["{context}" == "installing-azure-user-infra"] +:!azure: +:!cp: Azure +endif::[] +ifeval::["{context}" == "installing-azure-stack-hub-user-infra"] +:!ash: +:!cp: Azure Stack Hub +endif::[] diff --git a/modules/installation-creating-azure-dns.adoc b/modules/installation-creating-azure-dns.adoc index 8260c3738d..800df6233e 100644 --- a/modules/installation-creating-azure-dns.adoc +++ b/modules/installation-creating-azure-dns.adoc @@ -1,17 +1,27 @@ // Module included in the following assemblies: // // * installing/installing_azure/installing-azure-user-infra.adoc +// * installing/installing_azure_stack_hub/installing-azure-stack-hub-user-infra.adoc + +ifeval::["{context}" == "installing-azure-user-infra"] +:azure: +:cp: Azure +endif::[] +ifeval::["{context}" == "installing-azure-stack-hub-user-infra"] +:ash: +:cp: Azure Stack Hub +endif::[] [id="installation-creating-azure-dns_{context}"] -= Creating networking and load balancing components in Azure += Creating networking and load balancing components in {cp} -You must configure networking and load balancing in Microsoft Azure for your +You must configure networking and load balancing in Microsoft {cp} for your {product-title} cluster to use. One way to create these components is to modify the provided Azure Resource Manager (ARM) template. [NOTE] ==== -If you do not use the provided ARM template to create your Azure infrastructure, +If you do not use the provided ARM template to create your {cp} infrastructure, you must review the provided information and manually create the infrastructure. If your cluster does not initialize correctly, you might have to contact Red Hat support with your installation logs. @@ -21,7 +31,7 @@ support with your installation logs. * Configure an Azure account. * Generate the Ignition config files for your cluster. -* Create and configure a VNet and associated subnets in Azure. +* Create and configure a VNet and associated subnets in {cp}. .Procedure @@ -32,6 +42,7 @@ requires. . Create the deployment by using the `az` CLI: + +ifdef::azure[] [source,terminal] ---- $ az deployment group create -g ${RESOURCE_GROUP} \ @@ -45,6 +56,20 @@ $ az deployment group create -g ${RESOURCE_GROUP} \ . Create an `api` DNS record in the public zone for the API public load balancer. The `${BASE_DOMAIN_RESOURCE_GROUP}` variable must point to the resource group where the public DNS zone exists. +endif::azure[] +ifdef::ash[] +[source,terminal] +---- +$ az deployment group create -g ${RESOURCE_GROUP} \ + --template-file "/03_infra.json" \ + --parameters baseName="${INFRA_ID}"<1> +---- +<1> The base name to be used in resource names; this is usually the cluster's infrastructure ID. + +. Create an `api` and `api-int` DNS record in the public zone for the API public load +balancer. The `${BASE_DOMAIN_RESOURCE_GROUP}` variable must point to the +resource group where the public DNS zone exists. +endif::ash[] .. Export the following variable: + @@ -53,17 +78,43 @@ resource group where the public DNS zone exists. $ export PUBLIC_IP=`az network public-ip list -g ${RESOURCE_GROUP} --query "[?name=='${INFRA_ID}-master-pip'] | [0].ipAddress" -o tsv` ---- -.. Create the DNS record in a new public zone: +.. Create the `api` DNS record in a new public zone: + [source,terminal] ---- $ az network dns record-set a add-record -g ${BASE_DOMAIN_RESOURCE_GROUP} -z ${CLUSTER_NAME}.${BASE_DOMAIN} -n api -a ${PUBLIC_IP} --ttl 60 ---- - -.. If you are adding the cluster to an existing public zone, you can create the DNS ++ +If you are adding the cluster to an existing public zone, you can create the `api` DNS record in it instead: + [source,terminal] ---- $ az network dns record-set a add-record -g ${BASE_DOMAIN_RESOURCE_GROUP} -z ${BASE_DOMAIN} -n api.${CLUSTER_NAME} -a ${PUBLIC_IP} --ttl 60 ---- + +ifdef::ash[] +.. Create the `api-int` DNS record in a new public zone: ++ +[source,terminal] +---- +$ az network dns record-set a add-record -g ${BASE_DOMAIN_RESOURCE_GROUP} -z "${CLUSTER_NAME}.${BASE_DOMAIN}" -n api-int -a ${PUBLIC_IP} --ttl 60 +---- ++ +If you are adding the cluster to an existing public zone, you can create the `api-int` DNS +record in it instead: ++ +[source,terminal] +---- +$ az network dns record-set a add-record -g ${BASE_DOMAIN_RESOURCE_GROUP} -z ${BASE_DOMAIN} -n api-int.${CLUSTER_NAME} -a ${PUBLIC_IP} --ttl 60 +---- +endif::ash[] + +ifeval::["{context}" == "installing-azure-user-infra"] +:!azure: +:!cp: Azure +endif::[] +ifeval::["{context}" == "installing-azure-stack-hub-user-infra"] +:!ash: +:!cp: Azure Stack Hub +endif::[] diff --git a/modules/installation-creating-azure-vnet.adoc b/modules/installation-creating-azure-vnet.adoc index 5dd734af32..bfc63fc22e 100644 --- a/modules/installation-creating-azure-vnet.adoc +++ b/modules/installation-creating-azure-vnet.adoc @@ -2,17 +2,26 @@ // // * installing/installing_azure/installing-azure-user-infra.adoc -[id="installation-creating-azure-vnet_{context}"] -= Creating a VNet in Azure +ifeval::["{context}" == "installing-azure-user-infra"] +:azure: +:cp: Azure +endif::[] +ifeval::["{context}" == "installing-azure-stack-hub-user-infra"] +:ash: +:cp: Azure Stack Hub +endif::[] -You must create a virtual network (VNet) in Microsoft Azure for your +[id="installation-creating-azure-vnet_{context}"] += Creating a VNet in {cp} + +You must create a virtual network (VNet) in Microsoft {cp} for your {product-title} cluster to use. You can customize the VNet to meet your requirements. One way to create the VNet is to modify the provided Azure Resource Manager (ARM) template. [NOTE] ==== -If you do not use the provided ARM template to create your Azure infrastructure, +If you do not use the provided ARM template to create your {cp} infrastructure, you must review the provided information and manually create the infrastructure. If your cluster does not initialize correctly, you might have to contact Red Hat support with your installation logs. @@ -39,9 +48,20 @@ $ az deployment group create -g ${RESOURCE_GROUP} \ ---- <1> The base name to be used in resource names; this is usually the cluster's infrastructure ID. +ifndef::ash[] . Link the VNet template to the private DNS zone: + [source,terminal] ---- $ az network private-dns link vnet create -g ${RESOURCE_GROUP} -z ${CLUSTER_NAME}.${BASE_DOMAIN} -n ${INFRA_ID}-network-link -v "${INFRA_ID}-vnet" -e false ---- +endif::ash[] + +ifeval::["{context}" == "installing-azure-user-infra"] +:!azure: +:!cp: Azure +endif::[] +ifeval::["{context}" == "installing-azure-stack-hub-user-infra"] +:!ash: +:!cp: Azure Stack Hub +endif::[] diff --git a/modules/installation-creating-azure-worker.adoc b/modules/installation-creating-azure-worker.adoc index 885c9e9254..8e0433d964 100644 --- a/modules/installation-creating-azure-worker.adoc +++ b/modules/installation-creating-azure-worker.adoc @@ -1,11 +1,21 @@ // Module included in the following assemblies: // // * installing/installing_azure/installing-azure-user-infra.adoc +// * installing/installing_azure_stack_hub/installing-azure-stack-hub-user-infra.adoc + +ifeval::["{context}" == "installing-azure-user-infra"] +:azure: +:cp: Azure +endif::[] +ifeval::["{context}" == "installing-azure-stack-hub-user-infra"] +:ash: +:cp: Azure Stack Hub +endif::[] [id="installation-creating-azure-worker_{context}"] -= Creating additional worker machines in Azure += Creating additional worker machines in {cp} -You can create worker machines in Microsoft Azure for your cluster +You can create worker machines in Microsoft {cp} for your cluster to use by launching individual instances discretely or by automated processes outside the cluster, such as auto scaling groups. You can also take advantage of the built-in cluster scaling mechanisms and the machine API in {product-title}. @@ -26,8 +36,8 @@ support with your installation logs. * Configure an Azure account. * Generate the Ignition config files for your cluster. -* Create and configure a VNet and associated subnets in Azure. -* Create and configure networking and load balancers in Azure. +* Create and configure a VNet and associated subnets in {cp}. +* Create and configure networking and load balancers in {cp}. * Create control plane and compute roles. * Create the bootstrap machine. * Create the control plane machines. @@ -47,6 +57,7 @@ $ export WORKER_IGNITION=`cat /worker.ign | base64 | tr . Create the deployment by using the `az` CLI: + +ifdef::azure[] [source,terminal] ---- $ az deployment group create -g ${RESOURCE_GROUP} \ @@ -58,3 +69,28 @@ $ az deployment group create -g ${RESOURCE_GROUP} \ <1> The Ignition content for the worker nodes. <2> The SSH RSA public key file as a string. <3> The base name to be used in resource names; this is usually the cluster's infrastructure ID. +endif::azure[] +ifdef::ash[] +[source,terminal] +---- +$ az deployment group create -g ${RESOURCE_GROUP} \ + --template-file "/06_workers.json" \ + --parameters workerIgnition="${WORKER_IGNITION}" \ <1> + --parameters sshKeyData="${SSH_KEY}" \ <2> + --parameters baseName="${INFRA_ID}" <3> + --parameters diagnosticsStorageAccountName="${CLUSTER_NAME}sa" <4> +---- +<1> The Ignition content for the worker nodes. +<2> The SSH RSA public key file as a string. +<3> The base name to be used in resource names; this is usually the cluster's infrastructure ID. +<4> The name of the storage account for your cluster. +endif::ash[] + +ifeval::["{context}" == "installing-azure-user-infra"] +:!azure: +:!cp: Azure +endif::[] +ifeval::["{context}" == "installing-azure-stack-hub-user-infra"] +:!ash: +:!cp: Azure Stack Hub +endif::[] diff --git a/modules/installation-disk-partitioning-upi-templates.adoc b/modules/installation-disk-partitioning-upi-templates.adoc index a7ffdbf25e..a2cf622811 100644 --- a/modules/installation-disk-partitioning-upi-templates.adoc +++ b/modules/installation-disk-partitioning-upi-templates.adoc @@ -3,6 +3,7 @@ // * installing/installing_aws/installing-aws-user-infra.adoc // * installing/installing_aws/installing-restricted-networks-aws.adoc // * installing/installing_azure/installing-azure-user-infra.adoc +// * installing/installing_azure_stack_hub/installing-azure-stack-hub-user-infra.adoc // * installing/installing_gcp/installing-gcp-user-infra.adoc // * installing/installing_gcp/installing-restricted-networks-gcp.adoc diff --git a/modules/installation-initializing-manual.adoc b/modules/installation-initializing-manual.adoc index bc8dc8bb1e..446924b578 100644 --- a/modules/installation-initializing-manual.adoc +++ b/modules/installation-initializing-manual.adoc @@ -4,6 +4,7 @@ // * installing/installing_aws/installing-aws-private.adoc // * installing/installing_azure/installing-azure-government-region.adoc // * installing/installing_azure/installing-azure-private.adoc +// * installing/installing_azure_stack_hub/installing-azure-stack-hub-user-infra.adoc // * installing/installing_bare_metal/installing-bare-metal.adoc // * installing/installing_gcp/installing-gcp-private.adoc // * installing/installing_bare_metal/installing-restricted-networks-bare-metal.adoc @@ -19,6 +20,9 @@ ifeval::["{context}" == "installing-azure-government-region"] :azure-gov: endif::[] +ifeval::["{context}" == "installing-azure-stack-hub-user-infra"] +:ash: +endif::[] ifeval::["{context}" == "installing-restricted-networks-vsphere"] :restricted: endif::[] @@ -47,9 +51,9 @@ endif::[] [id="installation-initializing-manual_{context}"] = Manually creating the installation configuration file -ifndef::aws-china,aws-gov,azure-gov,aws-private,azure-private,gcp-private[] +ifndef::aws-china,aws-gov,azure-gov,ash,aws-private,azure-private,gcp-private[] For user-provisioned installations of {product-title}, you manually generate your installation configuration file. -endif::aws-china,aws-gov,azure-gov,aws-private,azure-private,gcp-private[] +endif::aws-china,aws-gov,azure-gov,ash,aws-private,azure-private,gcp-private[] ifdef::aws-china,aws-gov[] When installing {product-title} on Amazon Web Services (AWS) into a region requiring a custom {op-system-first} AMI, you must manually generate your @@ -114,12 +118,46 @@ mirror the repository. endif::restricted[] + -ifndef::aws-china,aws-gov[] +ifndef::aws-china,aws-gov,ash[] [NOTE] ==== For some platform types, you can alternatively run `./openshift-install create install-config --dir=` to generate an `install-config.yaml` file. You can provide details about your cluster configuration at the prompts. ==== -endif::aws-china,aws-gov[] +endif::aws-china,aws-gov,ash[] +ifdef::ash[] ++ +Make the following modifications for Azure Stack Hub: + +.. Set the `replicas` parameter to `0` for the `compute` pool: ++ +[source,yaml] +---- +compute: +- hyperthreading: Enabled + name: worker + platform: {} + replicas: 0 <1> +---- +<1> Set to `0`. ++ +The compute machines will be provisioned manually later. + +.. Update the `platform.azure` section of the `install-config.yaml` file to configure your Azure Stack Hub configuration: ++ +[source,yaml] +---- +platform: + azure: + armEndpoint: <1> + baseDomainResourceGroupName: <2> + cloudName: AzureStackCloud <3> + region: <4> +---- +<1> Specify the Azure Resource Manager endpoint of your Azure Stack Hub environment, like `\https://adminmanagement.local.azurestack.external`. +<2> Specify the name of the resource group that contains the DNS zone for your base domain. +<3> Specify the Azure Stack Hub environment, which is used to configure the Azure SDK with the appropriate Azure API endpoints. +<4> Specify the name of your Azure Stack Hub region. +endif::ash[] . Back up the `install-config.yaml` file so that you can use it to install multiple clusters. @@ -133,6 +171,9 @@ installation process. You must back it up now. ifeval::["{context}" == "installing-azure-government-region"] :!azure-gov: endif::[] +ifeval::["{context}" == "installing-azure-stack-hub-user-infra"] +:!ash: +endif::[] ifeval::["{context}" == "installing-restricted-networks-vsphere"] :!restricted: endif::[] diff --git a/modules/installation-initializing.adoc b/modules/installation-initializing.adoc index 7c88405a4d..a2e9fa1bea 100644 --- a/modules/installation-initializing.adoc +++ b/modules/installation-initializing.adoc @@ -366,6 +366,7 @@ endif::[] ifndef::restricted[] . Modify the `install-config.yaml` file. You can find more information about the available parameters in the "Installation configuration parameters" section. + ifdef::rhv[] + [NOTE] diff --git a/modules/installation-network-user-infra.adoc b/modules/installation-network-user-infra.adoc index a0dd459f87..cfc48f80b1 100644 --- a/modules/installation-network-user-infra.adoc +++ b/modules/installation-network-user-infra.adoc @@ -1,6 +1,7 @@ // Module included in the following assemblies: // // * installing/installing_azure/installing-azure-user-infra.adoc +// * installing/installing_azure_stack_hub/installing-azure-stack-hub-user-infra.adoc // * installing/installing_bare_metal/installing-bare-metal.adoc // * installing/installing_bare_metal/installing-bare-metal-network-customizations.adoc // * installing/installing_bare_metal/installing-restricted-networks-bare-metal.adoc @@ -55,6 +56,9 @@ endif::[] ifeval::["{context}" == "installing-azure-user-infra"] :azure: endif::[] +ifeval::["{context}" == "installing-azure-stack-hub-user-infra"] +:azure: +endif::[] ifeval::["{context}" == "installing-gcp-user-infra"] :gcp: endif::[] @@ -139,14 +143,14 @@ Configure infrastructure-provided DNS to allow the correct resolution of the mai * Create a DNS record for `*.apps..` that points to the load balancer for the Ingress router. For example, ports `443` and `80` of the compute machines. endif::rhv[] -ifndef::ibm-z[] +ifndef::ibm-z,azure[] [id="installation-host-names-dhcp-user-infra_{context}"] == Setting the cluster node hostnames through DHCP On {op-system-first} machines, the hostname is set through NetworkManager. By default, the machines obtain their hostname through DHCP. If the hostname is not provided by DHCP, it is obtained through a reverse DNS lookup. Reverse DNS lookup occurs after the network has been initialized on a node and can take time to resolve. Other system services can start prior to this and detect the hostname as `localhost` or similar. You can avoid this by using DHCP to provide the hostname for each cluster node. Additionally, setting the hostnames through DHCP can bypass any manual DNS record name configuration errors in environments that have a DNS split-horizon implementation. -endif::ibm-z[] +endif::ibm-z,azure[] [id="installation-network-connectivity-user-infra_{context}"] == Network connectivity requirements @@ -295,6 +299,9 @@ endif::[] ifeval::["{context}" == "installing-azure-user-infra"] :!azure: endif::[] +ifeval::["{context}" == "installing-azure-stack-hub-user-infra"] +:!azure: +endif::[] ifeval::["{context}" == "installing-gcp-user-infra"] :!gcp: endif::[] diff --git a/modules/installation-obtaining-installer.adoc b/modules/installation-obtaining-installer.adoc index 104441fd7a..64ce823cb3 100644 --- a/modules/installation-obtaining-installer.adoc +++ b/modules/installation-obtaining-installer.adoc @@ -13,6 +13,7 @@ // * installing/installing_azure/installing-azure-private.adoc // * installing/installing_azure/installing-azure-vnet.adoc // * installing/installing_azure/installing-azure-user-infra.adoc +// * installing/installing_azure_stack_hub/installing-azure-stack-hub-user-infra.adoc // * installing/installing_bare_metal/installing-bare-metal.adoc // * installing/installing_gcp/installing-gcp-customizations.adoc // * installing/installing_gcp/installing-gcp-private.adoc @@ -45,6 +46,9 @@ endif::[] ifeval::["{context}" == "installing-ibm-z-kvm"] :ibm-z-kvm: endif::[] +ifeval::["{context}" == "installing-azure-stack-hub-user-infra"] +:ash: +endif::[] [id="installation-obtaining-installer_{context}"] = Obtaining the installation program @@ -69,6 +73,9 @@ ifndef::openshift-origin[] . Access the link:https://console.redhat.com/openshift/install[Infrastructure Provider] page on the {cloud-redhat-com} site. If you have a Red Hat account, log in with your credentials. If you do not, create an account. . Select your infrastructure provider. +ifdef::ash[] +Select *Azure* as the cloud provider if you are installing your cluster on Azure Stack Hub. +endif::[] . Navigate to the page for your installation type, download the installation program for your operating system, and place the file in the directory where you will store the installation configuration files. endif::[] ifdef::openshift-origin[] @@ -94,7 +101,7 @@ operating system, run the following command: + [source,terminal] ---- -$ tar xvf openshift-install-linux.tar.gz +$ tar -xvf openshift-install-linux.tar.gz ---- . From the @@ -118,3 +125,6 @@ endif::[] ifeval::["{context}" == "installing-ibm-z-kvm"] :!ibm-z-kvm: endif::[] +ifeval::["{context}" == "installing-azure-stack-hub-user-infra"] +:!ash: +endif::[] diff --git a/modules/installation-user-infra-exporting-common-variables-arm-templates.adoc b/modules/installation-user-infra-exporting-common-variables-arm-templates.adoc index 6fa56bf527..5161b61970 100644 --- a/modules/installation-user-infra-exporting-common-variables-arm-templates.adoc +++ b/modules/installation-user-infra-exporting-common-variables-arm-templates.adoc @@ -1,13 +1,22 @@ // Module included in the following assemblies: // // * installing/installing_azure/installing-azure-user-infra.adoc +// * installing/installing_azure_stack_hub/installing-azure-stack-hub-user-infra.adoc + +ifeval::["{context}" == "installing-azure-user-infra"] +:cp: Azure +endif::[] +ifeval::["{context}" == "installing-azure-stack-hub-user-infra"] +:cp: Azure Stack Hub +:ash: +endif::[] [id="installation-user-infra-exporting-common-variables-arm-templates_{context}"] = Exporting common variables for ARM templates You must export a common set of variables that are used with the provided Azure Resource Manager (ARM) templates used to assist in completing a user-provided -infrastructure install on Microsoft Azure. +infrastructure install on Microsoft {cp}. [NOTE] ==== @@ -33,7 +42,12 @@ $ export BASE_DOMAIN=<4> $ export BASE_DOMAIN_RESOURCE_GROUP=<5> ---- <1> The value of the `.metadata.name` attribute from the `install-config.yaml` file. +ifndef::ash[] <2> The region to deploy the cluster into, for example `centralus`. This is the value of the `.platform.azure.region` attribute from the `install-config.yaml` file. +endif::ash[] +ifdef::ash[] +<2> The region to deploy the cluster into. This is the value of the `.platform.azure.region` attribute from the `install-config.yaml` file. +endif::ash[] <3> The SSH RSA public key file as a string. You must enclose the SSH key in quotes since it contains spaces. This is the value of the `.sshKey` attribute from the `install-config.yaml` file. <4> The base domain to deploy the cluster to. The base domain corresponds to the public DNS zone that you created for your cluster. This is the value of the `.baseDomain` attribute from the `install-config.yaml` file. <5> The resource group where the public DNS zone exists. This is the value of the `.platform.azure.baseDomainResourceGroupName` attribute from the `install-config.yaml` file. @@ -56,3 +70,11 @@ $ export BASE_DOMAIN_RESOURCE_GROUP=ocp-cluster $ export KUBECONFIG=/auth/kubeconfig <1> ---- <1> For ``, specify the path to the directory that you stored the installation files in. + +ifeval::["{context}" == "installing-azure-user-infra"] +:!cp: +endif::[] +ifeval::["{context}" == "installing-azure-stack-hub-user-infra"] +:!cp: +:!ash: +endif::[] diff --git a/modules/installation-user-infra-generate-k8s-manifest-ignition.adoc b/modules/installation-user-infra-generate-k8s-manifest-ignition.adoc index d13bb383e9..b9ca24138c 100644 --- a/modules/installation-user-infra-generate-k8s-manifest-ignition.adoc +++ b/modules/installation-user-infra-generate-k8s-manifest-ignition.adoc @@ -2,6 +2,7 @@ // // * installing/installing_aws/installing-aws-user-infra.adoc // * installing/installing_azure/installing-azure-user-infra.adoc +// * installing/installing_azure_stack_hub/installing-azure-stack-hub-user-infra.adoc // * installing/installing_bare_metal/installing-bare-metal.adoc // * installing/installing_gcp/installing-gcp-user-infra.adoc // * installing/installing_gcp/installing-restricted-networks-gcp.adoc @@ -32,6 +33,10 @@ ifeval::["{context}" == "installing-azure-user-infra"] :azure: :azure-user-infra: endif::[] +ifeval::["{context}" == "installing-azure-stack-hub-user-infra"] +:ash: +:azure-user-infra: +endif::[] ifeval::["{context}" == "installing-restricted-networks-vsphere"] :vsphere: :restricted: @@ -154,7 +159,7 @@ INFO Manifests created in: install_dir/manifests and install_dir/openshift <1> For ``, specify the installation directory that contains the `install-config.yaml` file you created. -ifdef::aws,azure,gcp[] +ifdef::aws,azure,ash,gcp[] . Remove the Kubernetes manifest files that define the control plane machines: + [source,terminal] @@ -163,7 +168,7 @@ $ rm -f /openshift/99_openshift-cluster-api_master-machi ---- + By removing these files, you prevent the cluster from automatically generating control plane machines. -endif::aws,azure,gcp[] +endif::aws,azure,ash,gcp[] ifdef::gcp[] ifndef::user-infra-vpc[] @@ -171,10 +176,10 @@ ifndef::user-infra-vpc[] the Kubernetes manifest files that define the worker machines: endif::user-infra-vpc[] endif::gcp[] -ifdef::aws,azure,user-infra-vpc[] +ifdef::aws,azure,ash,user-infra-vpc[] . Remove the Kubernetes manifest files that define the worker machines: -endif::aws,azure,user-infra-vpc[] -ifdef::aws,azure,gcp[] +endif::aws,azure,ash,user-infra-vpc[] +ifdef::aws,azure,ash,gcp[] + [source,terminal] ---- @@ -183,7 +188,7 @@ $ rm -f /openshift/99_openshift-cluster-api_worker-machi + Because you create and manage the worker machines yourself, you do not need to initialize these machines. -endif::aws,azure,gcp[] +endif::aws,azure,ash,gcp[] ifdef::osp,vsphere,vmc[] . Remove the Kubernetes manifest files that define the control plane machines and compute machine sets: @@ -214,7 +219,7 @@ endif::baremetal,baremetal-restricted,ibm-z,ibm-power[] .. Save and exit the file. -- -ifdef::gcp,aws,azure[] +ifdef::gcp,aws,azure,ash[] ifndef::user-infra-vpc[] . Optional: If you do not want link:https://github.com/openshift/cluster-ingress-operator[the Ingress Operator] @@ -248,7 +253,7 @@ status: {} ifndef::user-infra-vpc[] If you do so, you must add ingress DNS records manually in a later step. endif::user-infra-vpc[] -endif::gcp,aws,azure[] +endif::gcp,aws,azure,ash[] ifdef::user-infra-vpc[] . Configure the cloud provider for your VPC. @@ -322,6 +327,71 @@ $ export RESOURCE_GROUP= <1> <1> All resources created in this Azure deployment exists as part of a link:https://docs.microsoft.com/en-us/azure/azure-resource-manager/management/overview#resource-groups[resource group]. The resource group name is also based on the `INFRA_ID`, in the form of `--rg`. This is the value of the `.status.platformStatus.azure.resourceGroupName` attribute from the `manifests/cluster-infrastructure-02-config.yml` file. endif::azure-user-infra[] +ifdef::ash[] +. Manually create your cloud credentials. + +.. From the directory that contains the installation program, obtain details of the {product-title} release image that your `openshift-install` binary is built to use: ++ +[source,terminal] +---- +$ openshift-install version +---- ++ +.Example output +[source,terminal] +---- +release image quay.io/openshift-release-dev/ocp-release:4.y.z-x86_64 +---- + +.. Locate all `CredentialsRequest` objects in this release image that target the cloud you are deploying on: ++ +[source,terminal] +---- +$ oc adm release extract quay.io/openshift-release-dev/ocp-release:4.y.z-x86_64 --credentials-requests --cloud=azure +---- ++ +This command creates a YAML file for each `CredentialsRequest` object. ++ +.Sample `CredentialsRequest` object +[source,yaml] +---- +apiVersion: cloudcredential.openshift.io/v1 +kind: CredentialsRequest +metadata: + labels: + controller-tools.k8s.io: "1.0" + name: openshift-image-registry-azure + namespace: openshift-cloud-credential-operator +spec: + secretRef: + name: installer-cloud-credentials + namespace: openshift-image-registry + providerSpec: + apiVersion: cloudcredential.openshift.io/v1 + kind: AzureProviderSpec + roleBindings: + - role: Contributor +---- + +.. Create YAML files for secrets in the `openshift-install` manifests directory that you generated previously. The secrets must be stored using the namespace and secret name defined in the `spec.secretRef` for each `CredentialsRequest` object. The format for the secret data varies for each cloud provider. + +.. Create a `cco-configmap.yaml` file in the manifests directory with the Cloud Config Operator (CCO) disabled: ++ +.Sample `ConfigMap` object +[source,yaml] +---- +apiVersion: v1 +kind: ConfigMap +metadata: +name: cloud-credential-operator-config +namespace: openshift-cloud-credential-operator + annotations: + release.openshift.io/create-only: "true" +data: + disabled: "true" +---- +endif::ash[] + . To create the Ignition configuration files, run the following command from the directory that contains the installation program: + [source,terminal] @@ -366,6 +436,10 @@ ifeval::["{context}" == "installing-azure-user-infra"] :!azure: :!azure-user-infra: endif::[] +ifeval::["{context}" == "installing-azure-stack-hub-user-infra"] +:!ash: +:!azure-user-infra: +endif::[] ifeval::["{context}" == "installing-gcp-user-infra"] :!gcp: endif::[] diff --git a/modules/installation-user-infra-generate.adoc b/modules/installation-user-infra-generate.adoc index 9d07e1ee6d..a38fad30da 100644 --- a/modules/installation-user-infra-generate.adoc +++ b/modules/installation-user-infra-generate.adoc @@ -2,6 +2,7 @@ // // * installing/installing_aws/installing-aws-user-infra.adoc // * installing/installing_azure/installing-azure-user-infra.adoc +// * installing/installing_azure_stack_hub/installing-azure-stack-hub-user-infra.adoc // * installing/installing_gcp/installing-gcp-user-infra.adoc // * installing/installing_aws/installing-restricted-networks-aws.adoc // * installing/installing_gcp/installing-restricted-networks-gcp.adoc @@ -22,6 +23,11 @@ ifeval::["{context}" == "installing-azure-user-infra"] :cp: Azure :azure: endif::[] +ifeval::["{context}" == "installing-azure-stack-hub-user-infra"] +:cp-first: Microsoft Azure Stack Hub +:cp: Azure Stack Hub +:ash: +endif::[] ifeval::["{context}" == "installing-gcp-user-infra"] :cp-first: Google Cloud Platform :cp: GCP @@ -60,6 +66,9 @@ endif::[] ifdef::azure[] To install {product-title} on {cp-first} using user-provisioned infrastructure, you must generate the files that the installation program needs to deploy your cluster and modify them so that the cluster creates only the machines that it will use. You generate and customize the `install-config.yaml` file, Kubernetes manifests, and Ignition config files. You also have the option to first set up a separate `var` partition during the preparation phases of installation. endif::azure[] +ifdef::ash[] +To install {product-title} on {cp-first} using user-provisioned infrastructure, you must generate the files that the installation program needs to deploy your cluster and modify them so that the cluster creates only the machines that it will use. You manually create the `install-config.yaml` file, and then generate and customize the Kubernetes manifests and Ignition config files. You also have the option to first set up a separate `var` partition during the preparation phases of installation. +endif::ash[] ifdef::aws,gcp[] To install {product-title} on {cp-first} ({cp}) using user-provisioned infrastructure, you must generate the files that the installation program needs to deploy your cluster and modify them so that the cluster creates only the machines that it will use. You generate and customize the `install-config.yaml` file, Kubernetes manifests, and Ignition config files. You also have the option to first set up a separate `var` partition during the preparation phases of installation. endif::aws,gcp[] @@ -80,6 +89,11 @@ ifeval::["{context}" == "installing-azure-user-infra"] :!cp: :!azure: endif::[] +ifeval::["{context}" == "installing-azure-stack-hub-user-infra"] +:!cp-first: Microsoft Azure Stack Hub +:!cp: Azure Stack Hub +:!ash: +endif::[] ifeval::["{context}" == "installing-gcp-user-infra"] :!cp-first: :!cp: diff --git a/modules/installing-azure-account.adoc b/modules/installing-azure-account.adoc new file mode 100644 index 0000000000..29f20f5cff --- /dev/null +++ b/modules/installing-azure-account.adoc @@ -0,0 +1,38 @@ +[id="installing-azure-account"] += Configuring an Azure account +include::modules/common-attributes.adoc[] +:context: installing-azure-account + +toc::[] + +Before you can install {product-title}, you must configure a Microsoft Azure +account. + +[IMPORTANT] +==== +All Azure resources that are available through public endpoints are subject to +resource name restrictions, and you cannot create resources that use certain +terms. For a list of terms that Azure restricts, see +link:https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-reserved-resource-name[Resolve reserved resource name errors] +in the Azure documentation. +==== + +include::modules/installation-azure-limits.adoc[leveloffset=+1] + +include::modules/installation-azure-network-config.adoc[leveloffset=+1] + +include::modules/installation-azure-increasing-limits.adoc[leveloffset=+1] + +include::modules/installation-azure-permissions.adoc[leveloffset=+1] + +include::modules/installation-azure-service-principal.adoc[leveloffset=+1] + +include::modules/installation-azure-regions.adoc[leveloffset=+1] + +== Next steps + +* Install an {product-title} cluster on Azure. You can +xref:../../installing/installing_azure/installing-azure-customizations.adoc#installing-azure-customizations[install a customized cluster] +or +xref:../../installing/installing_azure/installing-azure-default.adoc#installing-azure-default[quickly install a cluster] +with default options. diff --git a/modules/ssh-agent-using.adoc b/modules/ssh-agent-using.adoc index ab35bfe915..795d03f232 100644 --- a/modules/ssh-agent-using.adoc +++ b/modules/ssh-agent-using.adoc @@ -15,6 +15,7 @@ // * installing/installing_azure/installing-azure-private.adoc // * installing/installing_azure/installing-azure-vnet.adoc // * installing/installing_azure/installing-azure-user-infra.adoc +// * installing/installing_azure_stack_hub/installing-azure-stack-hub-user-infra.adoc // * installing/installing_bare_metal/installing-bare-metal.adoc // * installing/installing_gcp/installing-gcp-customizations.adoc // * installing/installing_gcp/installing-gcp-private.adoc