mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-05 12:46:18 +01:00
190 lines
11 KiB
Plaintext
190 lines
11 KiB
Plaintext
:_mod-docs-content-type: ASSEMBLY
|
|
[id="installing-restricted-networks-aws"]
|
|
= Installing a cluster on AWS in a disconnected environment with user-provisioned infrastructure
|
|
include::_attributes/common-attributes.adoc[]
|
|
:context: installing-restricted-networks-aws
|
|
|
|
toc::[]
|
|
|
|
In {product-title} version {product-version}, you can install a
|
|
cluster on Amazon Web Services (AWS) using infrastructure that you provide and
|
|
an internal mirror of the installation release content.
|
|
|
|
[IMPORTANT]
|
|
====
|
|
While you can install an {product-title} cluster by using mirrored installation
|
|
release content, your cluster still requires internet access to use the AWS APIs.
|
|
====
|
|
|
|
One way to create this infrastructure is to use the provided
|
|
CloudFormation templates. You can modify the templates to customize your
|
|
infrastructure or use the information that they contain to create AWS objects
|
|
according to your company's policies.
|
|
|
|
[IMPORTANT]
|
|
====
|
|
The steps for performing a user-provisioned infrastructure installation are provided as an example only. Installing a cluster with infrastructure you provide requires knowledge of the cloud provider and the installation process of {product-title}. Several CloudFormation templates are provided to assist in completing these steps or to help model your own. You are also free to create the required resources through other methods; the templates are just an example.
|
|
====
|
|
|
|
== Prerequisites
|
|
|
|
* You reviewed details about the xref:../../../architecture/architecture-installation.adoc#architecture-installation[{product-title} installation and update] processes.
|
|
* You read the documentation on xref:../../../installing/overview/installing-preparing.adoc#installing-preparing[selecting a cluster installation method and preparing it for users].
|
|
* You xref:../../../disconnected/installing-mirroring-installation-images.adoc#installing-mirroring-installation-images[created a mirror registry on your mirror host] and obtained the `imageContentSources` data for your version of {product-title}.
|
|
+
|
|
[IMPORTANT]
|
|
====
|
|
Because the installation media is on the mirror host, you can use that computer to complete all installation steps.
|
|
====
|
|
* You xref:../../../installing/installing_aws/installing-aws-account.adoc#installing-aws-account[configured an AWS account] to host the cluster.
|
|
+
|
|
[IMPORTANT]
|
|
====
|
|
If you have an AWS profile stored on your computer, it must not use a temporary session token that you generated while using a multi-factor authentication device. The cluster continues to use your current AWS credentials to create AWS resources for the entire life of the cluster, so you must use key-based, long-term credentials. To generate appropriate keys, see link:https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html[Managing Access Keys for IAM Users] in the AWS documentation. You can supply the keys when you run the installation program.
|
|
====
|
|
* You xref:../../../installing/installing_aws/upi/upi-aws-installation-reqs#upi-aws-installation-reqs[prepared the user-provisioned infrastructure.]
|
|
* You downloaded the AWS CLI and installed it on your computer. See link:https://docs.aws.amazon.com/cli/latest/userguide/install-bundle.html[Install the AWS CLI Using the Bundled Installer (Linux, macOS, or UNIX)] in the AWS documentation.
|
|
* If you use a firewall and plan to use the Telemetry service, you xref:../../../installing/install_config/configuring-firewall.adoc#configuring-firewall[configured the firewall to allow the sites] that your cluster requires access to.
|
|
+
|
|
[NOTE]
|
|
====
|
|
Be sure to also review this site list if you are configuring a proxy.
|
|
====
|
|
* If the cloud identity and access management (IAM) APIs are not accessible in your environment, or if you do not want to store an administrator-level credential secret in the `kube-system` namespace, you can xref:../../../installing/installing_aws/ipi/installing-aws-customizations.adoc#manually-create-iam_installing-aws-customizations[manually create and maintain long-term credentials].
|
|
|
|
include::modules/installation-about-restricted-network.adoc[leveloffset=+1]
|
|
|
|
//You extract the installation program from the mirrored content.
|
|
|
|
include::modules/installation-user-infra-generate.adoc[leveloffset=+1]
|
|
|
|
include::modules/installation-disk-partitioning-upi-templates.adoc[leveloffset=+2]
|
|
|
|
include::modules/installation-generate-aws-user-infra-install-config.adoc[leveloffset=+2]
|
|
|
|
[role="_additional-resources"]
|
|
.Additional resources
|
|
|
|
* See link:https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html[Configuration and credential file settings] in the AWS documentation for more information about AWS profile and credential configuration.
|
|
|
|
include::modules/installation-configure-proxy.adoc[leveloffset=+2]
|
|
|
|
//include::modules/installation-three-node-cluster.adoc[leveloffset=+2]
|
|
|
|
// Creating the Kubernetes manifest and Ignition config files
|
|
include::modules/installation-user-infra-generate-k8s-manifest-ignition.adoc[leveloffset=+2]
|
|
|
|
[role="_additional-resources"]
|
|
.Additional resources
|
|
* xref:../../../installing/installing_aws/ipi/installing-restricted-networks-aws-installer-provisioned.adoc#manually-create-iam_installing-restricted-networks-aws-installer-provisioned[Manually creating long-term credentials]
|
|
|
|
include::modules/installation-extracting-infraid.adoc[leveloffset=+1]
|
|
|
|
include::modules/installation-creating-aws-vpc.adoc[leveloffset=+1]
|
|
|
|
include::modules/installation-cloudformation-vpc.adoc[leveloffset=+2]
|
|
|
|
include::modules/installation-creating-aws-dns.adoc[leveloffset=+1]
|
|
|
|
include::modules/installation-cloudformation-dns.adoc[leveloffset=+2]
|
|
|
|
[role="_additional-resources"]
|
|
.Additional resources
|
|
|
|
* link:https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/ListInfoOnHostedZone.html[Listing public hosted zones({aws-short} documentation)]
|
|
|
|
include::modules/installation-creating-aws-security.adoc[leveloffset=+1]
|
|
|
|
include::modules/installation-cloudformation-security.adoc[leveloffset=+2]
|
|
|
|
include::modules/installation-aws-ami-stream-metadata.adoc[leveloffset=+1]
|
|
|
|
include::modules/installation-aws-user-infra-rhcos-ami.adoc[leveloffset=+1]
|
|
|
|
include::modules/installation-creating-aws-bootstrap.adoc[leveloffset=+1]
|
|
|
|
include::modules/installation-cloudformation-bootstrap.adoc[leveloffset=+2]
|
|
|
|
[role="_additional-resources"]
|
|
.Additional resources
|
|
|
|
* xref:../../../installing/installing_aws/upi/installing-aws-user-infra.adoc#installation-aws-user-infra-rhcos-ami_installing-aws-user-infra[{op-system} AMIs for the AWS infrastructure({aws-short} documentation)]
|
|
|
|
include::modules/installation-creating-aws-control-plane.adoc[leveloffset=+2]
|
|
|
|
include::modules/installation-cloudformation-control-plane.adoc[leveloffset=+2]
|
|
|
|
include::modules/installation-creating-aws-worker.adoc[leveloffset=+1]
|
|
|
|
////
|
|
[id="installing-workers-aws-user-infra"]
|
|
== Creating worker nodes
|
|
|
|
You can either manually create worker nodes or use a MachineSet to create worker nodes after the cluster deploys. If you use a MachineSet to create and maintain the workers, you can allow the cluster to manage them. This allows you to easily scale, manage, and upgrade your workers.
|
|
////
|
|
|
|
include::modules/installation-cloudformation-worker.adoc[leveloffset=+2]
|
|
|
|
include::modules/installation-aws-creating-cloudformation-stack-compute.adoc[leveloffset=+2]
|
|
|
|
include::modules/installation-aws-user-infra-bootstrap.adoc[leveloffset=+1]
|
|
|
|
[role="_additional-resources"]
|
|
.Additional resources
|
|
|
|
* See xref:../../../support/troubleshooting/troubleshooting-installations.adoc#monitoring-installation-progress_troubleshooting-installations[Monitoring installation progress] for details about monitoring the installation, bootstrap, and control plane logs as an {product-title} installation progresses.
|
|
|
|
* See xref:../../../support/troubleshooting/troubleshooting-installations.adoc#gathering-bootstrap-diagnostic-data_troubleshooting-installations[Gathering bootstrap node diagnostic data] for information about troubleshooting issues related to the bootstrap process.
|
|
|
|
//You can install the CLI on the mirror host.
|
|
|
|
include::modules/installation-approve-csrs.adoc[leveloffset=+1]
|
|
|
|
include::modules/installation-operators-config.adoc[leveloffset=+1]
|
|
|
|
include::modules/olm-restricted-networks-configuring-operatorhub.adoc[leveloffset=+2]
|
|
|
|
include::modules/installation-registry-storage-config.adoc[leveloffset=+2]
|
|
|
|
include::modules/registry-configuring-storage-aws-user-infra.adoc[leveloffset=+3]
|
|
|
|
include::modules/installation-registry-storage-non-production.adoc[leveloffset=+3]
|
|
|
|
include::modules/installation-aws-user-infra-delete-bootstrap.adoc[leveloffset=+1]
|
|
|
|
include::modules/installation-create-ingress-dns-records.adoc[leveloffset=+1]
|
|
|
|
include::modules/installation-aws-user-infra-installation.adoc[leveloffset=+1]
|
|
|
|
include::modules/cli-logging-in-kubeadmin.adoc[leveloffset=+1]
|
|
|
|
include::modules/logging-in-by-using-the-web-console.adoc[leveloffset=+1]
|
|
|
|
[role="_additional-resources"]
|
|
.Additional resources
|
|
|
|
* xref:../../../web_console/web-console.adoc#web-console[Accessing the web console]
|
|
|
|
[role="_additional-resources"]
|
|
.Additional resources
|
|
|
|
* See xref:../../../support/remote_health_monitoring/about-remote-health-monitoring.adoc#about-remote-health-monitoring[About remote health monitoring] for more information about the Telemetry service
|
|
|
|
[role="_additional-resources"]
|
|
[id="installing-restricted-networks-aws-additional-resources"]
|
|
== Additional resources
|
|
|
|
* link:https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacks.html[Working with stacks ({aws-short} documentation)]
|
|
|
|
[id="installing-restricted-networks-aws-next-steps"]
|
|
== Next steps
|
|
|
|
* xref:../../../installing/validation_and_troubleshooting/validating-an-installation.adoc#validating-an-installation[Validate an installation].
|
|
* xref:../../../post_installation_configuration/cluster-tasks.adoc#available_cluster_customizations[Customize your cluster].
|
|
* xref:../../../post_installation_configuration/cluster-tasks.adoc#post-install-must-gather-disconnected[Configure image streams] for the Cluster Samples Operator and the `must-gather` tool.
|
|
* Learn how to xref:../../../disconnected/using-olm.adoc#olm-restricted-networks[use Operator Lifecycle Manager in disconnected environments].
|
|
* If the mirror registry that you used to install your cluster has a trusted CA, add it to the cluster by xref:../../../openshift_images/image-configuration.adoc#images-configuration-cas_image-configuration[configuring additional trust stores].
|
|
* If necessary, you can xref:../../../support/remote_health_monitoring/remote-health-reporting.adoc#remote-health-reporting[Remote health reporting].
|
|
* If necessary, see xref:../../../support/remote_health_monitoring/remote-health-reporting.adoc#insights-operator-register-disconnected-cluster_remote-health-reporting[Registering your disconnected cluster]
|
|
* If necessary, you can xref:../../../post_installation_configuration/changing-cloud-credentials-configuration.adoc#manually-removing-cloud-creds_changing-cloud-credentials-configuration[remove cloud provider credentials].
|