OSDOCS-11920: Added OSD GCP Architecture models page.

_topic_maps/_topic_map_osd.yml

@@ -74,6 +74,8 @@ Topics:
   File: index
 - Name: Product architecture
   File: architecture
+- Name: Architecture models
+  File: osd-architecture-models-gcp
 - Name: Control plane architecture
   File: control-plane
 - Name: NVIDIA GPU architecture overview

architecture/osd-architecture-models-gcp.adoc

@@ -0,0 +1,23 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="osd-architecture-models-gcp"]
+= {product-title} on {GCP} architecture models
+include::_attributes/attributes-openshift-dedicated.adoc[]
+:context: osd-architecture-models-gcp
+
+toc::[]
+
+With {product-title} on {GCP}, you can create clusters that are accessible over public or private networks.
+
+include::modules/osd-gcp-architecture.adoc[leveloffset=+1]
+include::modules/private-service-connect-overview.adoc[leveloffset=+2]
+include::modules/osd-private-psc-architecture-model-gcp.adoc[leveloffset=+2]
+include::modules/osd-private-architecture-model-gcp.adoc[leveloffset=+2]
+include::modules/osd-public-architecture-model-gcp.adoc[leveloffset=+2]
+
+[role="_additional-resources"]
+[id="osd-architecture-models-additional-resources"]
+== Additional resources
+
+* xref:../osd_install_access_delete_cluster/creating-a-gcp-psc-enabled-private-cluster.adoc[Creating a GCP Private Service Connect enabled private cluster]
+
+

modules/osd-gcp-architecture.adoc

@@ -0,0 +1,19 @@
+// Module included in the following assemblies:
+//
+// * osd-architecture-models-gcp.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="osd-gcp-architecture_{context}"]
+= Private {product-title} on {GCP} architecture on public and private networks
+
+You can customize the access patterns for your API service endpoint and Red Hat SRE management by choosing one of the following network configuration types:
+
+* Private cluster with Private Service Connect (PSC).
+* Private cluster without PSC
+* Public cluster
+
+[IMPORTANT]
+====
+Red Hat recommends using PSC when deploying a private {product-title} cluster on {GCP}. PSC ensures there is a secured, private connectivity between Red Hat infrastructure, Site Reliability Engineering (SRE), and private OpenShift clusters.
+====
+

modules/osd-private-architecture-model-gcp.adoc

@@ -0,0 +1,20 @@
+// Module included in the following assemblies:
+//
+// * osd-architecture-models-gcp.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="osd-private-architecture-model_{context}"]
+= Private {product-title} on {GCP} without Private Service Connect (PSC) architecture model
+
+With a private network configuration, your cluster API server endpoint and application routes are private. Private {product-title} on GCP clusters use some public subnets, but no control plane or worker nodes are deployed in public subnets.
+
+[IMPORTANT]
+====
+Red Hat recommends using Private Service Connect (PSC) when deploying a private {product-title} cluster on {GCP}. PSC ensures there is a secured, private connectivity between Red Hat infrastructure, Site Reliability Engineering (SRE), and private OpenShift clusters.
+====
+
+Red Hat SRE management access the cluster through a public load balancer endpoint that are restricted to Red Hat IPs. The API server endpoint is private. A separate Red Hat API server endpoint is public (but restricted to Red Hat trusted IP addresses). The default ingress controller can be public or private. The following image shows network connectivity of a private cluster without Private Service Connect (PSC).
+
+.{product-title} on {GCP} deployed on a private network without PSC
+image::osd_gcp_private_no_psc_arch.png[Private without PSC architecture model]
+

modules/osd-private-psc-architecture-model-gcp.adoc

@@ -0,0 +1,13 @@
+// Module included in the following assemblies:
+//
+// * osd-architecture-models-gcp.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="osd-private-psc-architecture-model-gcp_{context}"]
+= Private {product-title} on {GCP} with Private Service Connect architecture model
+
+With a private GCP Private Service Connect (PSC) network configuration, your cluster API server endpoint and application routes are private. Public subnets or NAT gateways are not required in your VPC for egress.
+Red Hat SRE management access the cluster over the GCP PSC-enabled private connectivity. The default ingress controller are private. Additional ingress controllers can be public or private. The following diagram shows network connectivity of a private cluster with PSC.
+
+.{product-title} on {GCP} deployed on a private network with PSC
+image::osd_gcp_private_with_psc_arch.png[Private with PSC architecture model]

modules/osd-public-architecture-model-gcp.adoc

@@ -0,0 +1,13 @@
+// Module included in the following assemblies:
+//
+// * osd-architecture-models-gcp.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="osd-public-architecture-model-gcp_{context}"]
+= Public {product-title} on {GCP} architecture model
+
+With a public network configuration, your cluster API server endpoint and application routes are internet-facing. The default ingress controller can be public or private. The following image shows the network connectivity of a public cluster.
+
+.{product-title} on {GCP} deployed on a public network
+image::osd_gcp_public_arch.png[Public architecture model]
+

modules/private-service-connect-overview.adoc

@@ -3,7 +3,7 @@
 // * osd_install_access_delete_cluster/creating-a-gcp-psc-enabled-private-cluster.adoc
 
 :_mod-docs-content-type: CONCEPT
-[id="private-service-connect-overview"]
+[id="private-service-connect-overview_{context}"]
 = Private Service Connect overview
 Private Service Connect (PSC), a capability of Google Cloud networking, enables private communication between services across different projects or organizations within GCP. Users that implement PSC as part of their network connectivity can deploy {product-title} clusters in a private and secured environment within {GCP} without any public facing cloud resources.
 For more information on PSC, see link:https://cloud.google.com/vpc/docs/private-service-connect[Private Service Connect].