openshift/openshift-docs
1
0
Fork 0
mirror of https://github.com/openshift/openshift-docs.git synced 2026-02-05 12:46:18 +01:00
Code Issues Releases Activity

OSDOCS-13257: Added a note about the supported AWS regions for egress lockdown functionality.

Browse Source
This commit is contained in:
EricPonvelle
2025-01-29 14:38:49 -05:00
committed by openshift-cherrypick-robot
parent 1df4941e83
commit b1fe31a991
2 changed files with 33 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
rosa_hcp/rosa-hcp-egress-lockdown-install.adoc
View File

@@ -6,7 +6,32 @@ include::_attributes/attributes-openshift-dedicated.adoc[]
toc::[]
Creating a {product-title} cluster with egress lockdown provides a way to enhance your cluster's stability and security by allowing your cluster to use the image registry in the local region if the cluster cannot access the Internet. Your cluster will try to pull the images from Quay, but when they aren't reached, it will instead pull the images from the image registry in the local region. All public and private clusters with egress lockdown get their Red Hat container images from a registery that is located in the local region of the cluster instead of gathering these images from various endpoints and registeries on the Internet. You can create a fully operational cluster that does not require a public egress by configuring a virtual private cloud (VPC) and using the `--properties zero_egress:true` flag when creating your cluster.
Creating a {product-title} cluster with egress lockdown provides a way to enhance your cluster's stability and security by allowing your cluster to use the image registry in the local region if the cluster cannot access the Internet. Your cluster will try to pull the images from Quay, but when they aren't reached, it will instead pull the images from the image registry in the local region.
[IMPORTANT]
====
You can only use egress lockdown on clusters that use the following AWS regions:
* `us-west-1`
* `us-west-2`
* `us-east-1`
* `us-east-2`
* `ap-northeast-1`
* `ap-northeast-2`
* `ap-northeast-3`
* `ap-south-1`
* `ap-southeast-1`
* `ap-southeast-2`
* `ca-central-1`
* `eu-central-1`
* `eu-north-1`
* `eu-west-1`
* `eu-west-2`
* `eu-west-3`
* `sa-east-1`
====
All public and private clusters with egress lockdown get their Red Hat container images from a registery that is located in the local region of the cluster instead of gathering these images from various endpoints and registeries on the Internet. You can create a fully operational cluster that does not require a public egress by configuring a virtual private cloud (VPC) and using the `--properties zero_egress:true` flag when creating your cluster.
:FeatureName: Egress lockdown
include::snippets/technology-preview.adoc[]
@@ -36,7 +61,7 @@ You must have a Virtual Private Cloud (VPC) to create {hcp-title} clusters. You
[NOTE]
====
The Terraform instructions are for testing and demonstration purposes. Your own installation requires modifications to the VPC for your specific needs and constraints. You should also ensure that when you use the following Terraform script it is in the same region that you intend to install your cluster. In the following examples, use `us-east-2`.
The Terraform instructions are for testing and demonstration purposes. Your own installation requires modifications to the VPC for your specific needs and constraints. You should also ensure that when you use the following Terraform script it is in the same region that you intend to install your cluster.
====
include::modules/rosa-hcp-vpc-terraform.adoc[leveloffset=+2]