Installing ASH UPI

installing/installing_azure_stack_hub/images

@@ -0,0 +1 @@
+../images

installing/installing_azure_stack_hub/installing-azure-stack-hub-account.adoc

@@ -0,0 +1,27 @@
+[id="installing-azure-stack-hub-account"]
+= Configuring an Azure Stack Hub account
+include::modules/common-attributes.adoc[]
+:context: installing-azure-stack-hub-account
+
+toc::[]
+
+Before you can install {product-title}, you must configure a Microsoft Azure account.
+
+[IMPORTANT]
+====
+All Azure resources that are available through public endpoints are subject to resource name restrictions, and you cannot create resources that use certain terms. For a list of terms that Azure restricts, see link:https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-reserved-resource-name[Resolve reserved resource name errors] in the Azure documentation.
+====
+
+include::modules/installation-azure-limits.adoc[leveloffset=+1]
+
+include::modules/installation-azure-stack-hub-network-config.adoc[leveloffset=+1]
+
+include::modules/installation-azure-stack-hub-permissions.adoc[leveloffset=+1]
+
+include::modules/installation-azure-service-principal.adoc[leveloffset=+1]
+
+[id="next-steps_installing-azure-stack-hub-account"]
+== Next steps
+
+* Configure your Azure Stack Hub credentials by following xref:../../installing/installing_azure_stack_hub/manually-creating-iam-azure-stack-hub.adoc#manually-creating-iam-azure-stack-hub[Manually creating IAM for Azure Stack Hub].
+* Install an {product-title} cluster on Azure Stack Hub with user-provisioned infrastructure by following xref:../../installing/installing_azure_stack_hub/installing-azure-stack-hub-user-infra.adoc#installing-azure-stack-hub-user-infra[Installing a cluster on Azure Stack Hub using ARM templates].

installing/installing_azure_stack_hub/installing-azure-stack-hub-user-infra.adoc

@@ -0,0 +1,111 @@
+[id="installing-azure-stack-hub-user-infra"]
+= Installing a cluster on Azure Stack Hub using ARM templates
+include::modules/common-attributes.adoc[]
+:context: installing-azure-stack-hub-user-infra
+
+toc::[]
+
+In {product-title} version {product-version}, you can install a cluster on Microsoft Azure Stack Hub by using infrastructure that you provide.
+
+Several link:https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/overview[Azure Resource Manager] (ARM) templates are provided to assist in completing these steps or to help model your own.
+
+[IMPORTANT]
+====
+The steps for performing a user-provisioned infrastructure installation are provided as an example only. Installing a cluster with infrastructure you provide requires knowledge of the cloud provider and the installation process of {product-title}. Several ARM templates are provided to assist in completing these steps or to help model your own. You are also free to create the required resources through other methods; the templates are just an example.
+====
+
+[id="prerequisites_installing-azure-stack-hub-user-infra"]
+== Prerequisites
+
+* You reviewed details about the xref:../../architecture/architecture-installation.adoc#architecture-installation[{product-title} installation and update] processes.
+* You read the documentation on xref:../../installing/installing-preparing.adoc#installing-preparing[selecting a cluster installation method and preparing it for users].
+* You xref:../../installing/installing_azure_stack_hub/installing-azure-stack-hub-account.adoc#installing-azure-stack-hub-account[configured an Azure Stack Hub account] to host the cluster.
+* You downloaded the Azure CLI and installed it on your computer. See link:https://docs.microsoft.com/en-us/cli/azure/install-azure-cli?view=azure-cli-latest[Install the Azure CLI] in the Azure documentation. The documentation below was tested using version `2.28.0` of the Azure CLI. Azure CLI commands might perform differently based on the version you use.
+* If you use a firewall and plan to use the Telemetry service, you xref:../../installing/install_config/configuring-firewall.adoc#configuring-firewall[configured the firewall to allow the sites] that your cluster requires access to.
++
+[NOTE]
+====
+Be sure to also review this site list if you are configuring a proxy.
+====
+
+include::modules/cluster-entitlements.adoc[leveloffset=+1]
+
+[id="installation-azure-stack-hub-user-infra-config-project"]
+== Configuring your Azure Stack Hub project
+
+Before you can install {product-title}, you must configure an Azure project to host it.
+
+[IMPORTANT]
+====
+All Azure Stack Hub resources that are available through public endpoints are subject to resource name restrictions, and you cannot create resources that use certain terms. For a list of terms that Azure Stack Hub restricts, see link:https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-reserved-resource-name[Resolve reserved resource name errors] in the Azure documentation.
+====
+
+include::modules/installation-azure-limits.adoc[leveloffset=+2]
+include::modules/installation-azure-stack-hub-network-config.adoc[leveloffset=+2]
+
+You can view Azure's DNS solution by visiting this xref:installation-azure-create-dns-zones_{context}[example for creating DNS zones].
+
+[id="csr-management-azure-stack-hub_{context}"]
+=== Certificate signing requests management
+
+Because your cluster has limited access to automatic machine management when you use infrastructure that you provision, you must provide a mechanism for approving cluster certificate signing requests (CSRs) after installation. The `kube-controller-manager` only approves the kubelet client CSRs. The `machine-approver` cannot guarantee the validity of a serving certificate that is requested by using kubelet credentials because it cannot confirm that the correct machine issued the request. You must determine and implement a method of verifying the validity of the kubelet serving certificate requests and approving them.
+
+include::modules/installation-azure-stack-hub-permissions.adoc[leveloffset=+2]
+include::modules/installation-azure-service-principal.adoc[leveloffset=+2]
+
+include::modules/installation-obtaining-installer.adoc[leveloffset=+1]
+
+include::modules/ssh-agent-using.adoc[leveloffset=+1]
+
+include::modules/installation-user-infra-generate.adoc[leveloffset=+1]
+include::modules/installation-initializing-manual.adoc[leveloffset=+2]
+include::modules/installation-azure-stack-hub-config-yaml.adoc[leveloffset=+2]
+
+include::modules/installation-configure-proxy.adoc[leveloffset=+2]
+include::modules/installation-user-infra-exporting-common-variables-arm-templates.adoc[leveloffset=+2]
+include::modules/installation-user-infra-generate-k8s-manifest-ignition.adoc[leveloffset=+2]
+include::modules/installation-disk-partitioning-upi-templates.adoc[leveloffset=+2]
+
+include::modules/installation-azure-create-resource-group-and-identity.adoc[leveloffset=+1]
+
+include::modules/installation-azure-user-infra-uploading-rhcos.adoc[leveloffset=+1]
+
+include::modules/installation-azure-create-dns-zones.adoc[leveloffset=+1]
+
+You can learn more about xref:installation-azure-stack-hub-network-config_{context}[configuring a DNS zone in Azure Stack Hub] by visiting that section.
+
+include::modules/installation-creating-azure-vnet.adoc[leveloffset=+1]
+include::modules/installation-arm-vnet.adoc[leveloffset=+2]
+
+include::modules/installation-azure-user-infra-deploying-rhcos.adoc[leveloffset=+1]
+include::modules/installation-arm-image-storage.adoc[leveloffset=+2]
+
+include::modules/installation-network-user-infra.adoc[leveloffset=+1]
+
+include::modules/installation-creating-azure-dns.adoc[leveloffset=+1]
+include::modules/installation-arm-dns.adoc[leveloffset=+2]
+
+include::modules/installation-creating-azure-bootstrap.adoc[leveloffset=+1]
+include::modules/installation-arm-bootstrap.adoc[leveloffset=+2]
+
+include::modules/installation-creating-azure-control-plane.adoc[leveloffset=+1]
+include::modules/installation-arm-control-plane.adoc[leveloffset=+2]
+
+include::modules/installation-azure-user-infra-wait-for-bootstrap.adoc[leveloffset=+1]
+
+include::modules/installation-creating-azure-worker.adoc[leveloffset=+1]
+include::modules/installation-arm-worker.adoc[leveloffset=+2]
+
+include::modules/cli-installing-cli.adoc[leveloffset=+1]
+
+include::modules/cli-logging-in-kubeadmin.adoc[leveloffset=+1]
+
+include::modules/installation-approve-csrs.adoc[leveloffset=+1]
+
+include::modules/installation-azure-create-ingress-dns-records.adoc[leveloffset=+1]
+
+include::modules/installation-azure-user-infra-completing.adoc[leveloffset=+1]
+
+.Additional resources
+
+* See xref:../../support/remote_health_monitoring/about-remote-health-monitoring.adoc#about-remote-health-monitoring[About remote health monitoring] for more information about the Telemetry service.

installing/installing_azure_stack_hub/manually-creating-iam-azure-stack-hub.adoc

@@ -0,0 +1,30 @@
+[id="manually-creating-iam-azure-stack-hub"]
+= Manually creating IAM for Azure Stack Hub
+include::modules/common-attributes.adoc[]
+:context: manually-creating-iam-azure-stack-hub
+
+toc::[]
+
+In environments where the cloud identity and access management (IAM) APIs are not reachable, you must put the Cloud Credential Operator (CCO) into manual mode before you install the cluster.
+
+////
+In environments where the cloud identity and access management (IAM) APIs are not reachable, or the administrator prefers not to store an administrator-level credential secret in the cluster `kube-system` namespace, you can put the Cloud Credential Operator (CCO) into manual mode before you install the cluster.
+////
+// Until ASH supports other credential scenarios besides manual mode, the tone for this article will be manual mode use only.
+
+include::modules/alternatives-to-storing-admin-secrets-in-kube-system.adoc[leveloffset=+1]
+
+.Additional resources
+
+For a detailed description of all available CCO credential modes and their supported platforms, see xref:../../authentication/managing_cloud_provider_credentials/about-cloud-credential-operator.adoc[About the Cloud Credential Operator].
+
+include::modules/manually-create-identity-access-management.adoc[leveloffset=+1]
+
+//include::modules/admin-credentials-root-secret-formats.adoc[leveloffset=+1]
+
+include::modules/manually-maintained-credentials-upgrade.adoc[leveloffset=+1]
+
+[id="next-steps_manually-creating-iam-azure-stack-hub"]
+== Next steps
+
+* Install an {product-title} cluster on Azure Stack Hub with user-provisioned infrastructure by following xref:../../installing/installing_azure_stack_hub/installing-azure-stack-hub-user-infra.adoc#installing-azure-stack-hub-user-infra[Installing a cluster on Azure Stack Hub using ARM templates].

installing/installing_azure_stack_hub/modules

@@ -0,0 +1 @@
+../modules

installing/installing_azure_stack_hub/preparing-to-install-on-azure-stack-hub.adoc

@@ -0,0 +1,38 @@
+[id="preparing-to-install-on-azure-stack-hub"]
+= Preparing to install on Azure Stack Hub
+include::modules/common-attributes.adoc[]
+:context: preparing-to-install-on-azure-stack-hub
+
+toc::[]
+
+[id="preparing-to-install-on-ash-prerequisites"]
+== Prerequisites
+
+* You reviewed details about the xref:../../architecture/architecture-installation.adoc#architecture-installation[{product-title} installation and update] processes.
+* You read the documentation on xref:../../installing/installing-preparing.adoc#installing-preparing[selecting a cluster installation method and preparing it for users].
+
+[id="requirements-for-installing-ocp-on-ash"]
+== Requirements for installing {product-title} on Azure Stack Hub
+
+Before installing {product-title} on Microsoft Azure Stack Hub, you must configure an Azure account. See xref:../../installing/installing_azure_stack_hub/installing-azure-stack-hub-account.adoc#installing-azure-stack-hub-account[Configuring an Azure Stack Hub account] for details about account configuration, account limits, DNS zone configuration, required roles, and creating service principals.
+
+You must manually manage your cloud credentials when installing a cluster to Azure Stack Hub. Do this by configuring the Cloud Credential Operator (CCO) for manual mode before you install the cluster. For more information, see xref:../../installing/installing_azure/manually-creating-iam-azure.adoc#manually-creating-iam-azure[Manually creating IAM for Azure].
+
+[id="choosing-a-method-to-install-ocp-on-ash"]
+== Choosing a method to install {product-title} on Azure Stack Hub
+
+You can install {product-title} on Azure Stack Hub using user-provisioned infrastructure. This means you must manage and maintain the cluster resources yourself. Installing {product-title} on Azure Stack Hub using an installation program that automatically provisions the cluster infrastructure is not supported at this time.
+
+See xref:../../architecture/architecture-installation.adoc#installation-process_architecture-installation[Installation process] for more information about installer-provisioned and user-provisioned installation processes.
+
+[id="choosing-a-method-to-install-ocp-on-ash-user-provisioned"]
+=== Installing a cluster on user-provisioned infrastructure
+
+You can install a cluster on Azure Stack Hub infrastructure that you provision, by using the following method:
+
+* **xref:../../installing/installing_azure_stack_hub/installing-azure-stack-hub-user-infra.adoc#installing-azure-stack-hub-user-infra[Installing a cluster on Azure Stack Hub using ARM templates]**: You can install {product-title} on Azure Stack Hub by using infrastructure that you provide. You can use the provided Azure Resource Manager (ARM) templates to assist with an installation.
+
+[id="preparing-to-install-on-ash-next-steps"]
+== Next steps
+
+* xref:../../installing/installing_azure_stack_hub/installing-azure-stack-hub-account.adoc#installing-azure-stack-hub-account[Configuring an Azure Stack Hub account]