openshift/openshift-docs
1
0
Fork 0
mirror of https://github.com/openshift/openshift-docs.git synced 2026-02-05 12:46:18 +01:00
Code Issues Releases Activity

OSDOCS-13532

Browse Source
This commit is contained in:
Janelle Neczypor
2025-06-06 12:03:05 -07:00
committed by openshift-cherrypick-robot
parent 6c80ee6c5f
commit e6754f3d0d
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
rosa_hcp/rosa-hcp-egress-lockdown-install.adoc
View File

@@ -9,6 +9,8 @@ Creating a {product-title} (ROSA) cluster with egress lockdown provides a way to
All public and private clusters with egress lockdown get their Red{nbsp}Hat container images from an Amazon Elastic Container Registry (ECR) located in the local region of the cluster instead of gathering these images from various endpoints and registries on the internet. ECR provides storage for OpenShift release images as well as Red{nbsp}Hat Operators. All requests for ECR are kept within your AWS network by serving them over a VPC endpoint within your cluster.
ROSA clusters with egress lockdown use AWS ECR to provision ROSA with HCP clusters without the need for public internet. Because necessary cluster lifecycle processes occur over AWS private networking, AWS ECR serves as a critical service for core cluster platform images. For more information on AWS ECR, see link:https://aws.amazon.com/ecr/[Amazon Elastic Container Registry].
You can create a fully operational cluster that does not require a public egress by configuring a virtual private cloud (VPC) and using the `--properties zero_egress:true` flag when creating your cluster.
See xref:../upgrading/rosa-hcp-upgrading.adoc#rosa-hcp-upgrading[Upgrading {product-title} clusters] to upgrade clusters using egress lockdown.