mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-05 12:46:18 +01:00
187 lines
6.3 KiB
Plaintext
187 lines
6.3 KiB
Plaintext
// Module included in the following assemblies:
|
|
//
|
|
// AWS assemblies:
|
|
// * installing/installing_aws/installing-aws-customizations.adoc
|
|
// * installing/installing_aws/installing-restricted-networks-aws-installer-provisioned.adoc
|
|
// * installing/installing_aws/installing-aws-vpc.adoc
|
|
// * installing/installing_aws/installing-aws-private.adoc
|
|
// * installing/installing_aws/installing-aws-government-region.adoc
|
|
// * installing/installing_aws/installing-aws-secret-region.adoc
|
|
// * installing/installing_aws/installing-aws-china.adoc
|
|
// * installing/installing_aws/installing-aws-outposts-remote-workers.adoc
|
|
//
|
|
// GCP assemblies:
|
|
// * installing/installing_gcp/installing-gcp-customizations.adoc
|
|
// * installing/installing_gcp/installing-gcp-network-customizations.adoc
|
|
// * installing/installing_gcp/installing-restricted-networks-gcp-installer-provisioned.adoc
|
|
// * installing/installing_gcp/installing-gcp-vpc.adoc
|
|
// * installing/installing_gcp/installing-gcp-shared-vpc.adoc
|
|
// * installing/installing_gcp/installing-gcp-private.adoc
|
|
//
|
|
// Azure assemblies
|
|
// * installing/installing_azure/installing-azure-customizations.adoc
|
|
// * installing/installing_azure/installing-azure-government-region.adoc
|
|
// * installing/installing_azure/installing-azure-private.adoc
|
|
// * installing/installing_azure/installing-azure-vnet.adoc
|
|
// * installing/installing_azure/installing-restricted-networks-azure-installer-provisioned.adoc
|
|
|
|
//global Azure install assemblies
|
|
ifeval::["{context}" == "installing-azure-customizations"]
|
|
:azure-workload-id:
|
|
endif::[]
|
|
ifeval::["{context}" == "installing-azure-government-region"]
|
|
:azure-workload-id:
|
|
endif::[]
|
|
ifeval::["{context}" == "installing-azure-private"]
|
|
:azure-workload-id:
|
|
endif::[]
|
|
ifeval::["{context}" == "installing-azure-vnet"]
|
|
:azure-workload-id:
|
|
endif::[]
|
|
ifeval::["{context}" == "installing-restricted-networks-azure-installer-provisioned"]
|
|
:azure-workload-id:
|
|
endif::[]
|
|
|
|
//GCP install assemblies
|
|
ifeval::["{context}" == "installing-gcp-customizations"]
|
|
:google-cloud-platform:
|
|
endif::[]
|
|
ifeval::["{context}" == "installing-gcp-network-customizations"]
|
|
:google-cloud-platform:
|
|
endif::[]
|
|
ifeval::["{context}" == "installing-restricted-networks-gcp-installer-provisioned"]
|
|
:google-cloud-platform:
|
|
endif::[]
|
|
ifeval::["{context}" == "installing-gcp-vpc"]
|
|
:google-cloud-platform:
|
|
endif::[]
|
|
ifeval::["{context}" == "installing-gcp-shared-vpc"]
|
|
:google-cloud-platform:
|
|
endif::[]
|
|
ifeval::["{context}" == "installing-gcp-private"]
|
|
:google-cloud-platform:
|
|
endif::[]
|
|
|
|
:_mod-docs-content-type: PROCEDURE
|
|
[id="cco-ccoctl-install-creating-manifests_{context}"]
|
|
= Incorporating the Cloud Credential Operator utility manifests
|
|
|
|
To implement short-term security credentials managed outside the cluster for individual components, you must move the manifest files that the Cloud Credential Operator utility (`ccoctl`) created to the correct directories for the installation program.
|
|
|
|
.Prerequisites
|
|
|
|
* You have configured an account with the cloud platform that hosts your cluster.
|
|
* You have configured the Cloud Credential Operator utility (`ccoctl`).
|
|
* You have created the cloud provider resources that are required for your cluster with the `ccoctl` utility.
|
|
|
|
.Procedure
|
|
|
|
ifdef::google-cloud-platform[]
|
|
. Add the following granular permissions to the {gcp-short} account that the installation program uses:
|
|
+
|
|
.Required {gcp-short} permissions
|
|
[%collapsible]
|
|
====
|
|
* compute.machineTypes.list
|
|
* compute.regions.list
|
|
* compute.zones.list
|
|
* dns.changes.create
|
|
* dns.changes.get
|
|
* dns.managedZones.create
|
|
* dns.managedZones.delete
|
|
* dns.managedZones.get
|
|
* dns.managedZones.list
|
|
* dns.networks.bindPrivateDNSZone
|
|
* dns.resourceRecordSets.create
|
|
* dns.resourceRecordSets.delete
|
|
* dns.resourceRecordSets.list
|
|
====
|
|
endif::google-cloud-platform[]
|
|
|
|
. If you did not set the `credentialsMode` parameter in the `install-config.yaml` configuration file to `Manual`, modify the value as shown:
|
|
+
|
|
.Sample configuration file snippet
|
|
[source,yaml]
|
|
----
|
|
apiVersion: v1
|
|
baseDomain: example.com
|
|
credentialsMode: Manual
|
|
# ...
|
|
----
|
|
|
|
ifdef::azure-workload-id[]
|
|
. If you used the `ccoctl` utility to create a new Azure resource group instead of using an existing resource group, modify the `resourceGroupName` parameter in the `install-config.yaml` as shown:
|
|
+
|
|
.Sample configuration file snippet
|
|
[source,yaml]
|
|
----
|
|
apiVersion: v1
|
|
baseDomain: example.com
|
|
# ...
|
|
platform:
|
|
azure:
|
|
resourceGroupName: <azure_infra_name> # <1>
|
|
# ...
|
|
----
|
|
<1> This value must match the user-defined name for Azure resources that was specified with the `--name` argument of the `ccoctl azure create-all` command.
|
|
endif::azure-workload-id[]
|
|
|
|
. If you have not previously created installation manifest files, do so by running the following command:
|
|
+
|
|
[source,terminal]
|
|
----
|
|
$ openshift-install create manifests --dir <installation_directory>
|
|
----
|
|
+
|
|
where `<installation_directory>` is the directory in which the installation program creates files.
|
|
|
|
. Copy the manifests that the `ccoctl` utility generated to the `manifests` directory that the installation program created by running the following command:
|
|
+
|
|
[source,terminal,subs="+quotes"]
|
|
----
|
|
$ cp /<path_to_ccoctl_output_dir>/manifests/* ./manifests/
|
|
----
|
|
|
|
. Copy the `tls` directory that contains the private key to the installation directory:
|
|
+
|
|
[source,terminal,subs="+quotes"]
|
|
----
|
|
$ cp -a /<path_to_ccoctl_output_dir>/tls .
|
|
----
|
|
|
|
//global Azure install assemblies
|
|
ifeval::["{context}" == "installing-azure-customizations"]
|
|
:!azure-workload-id:
|
|
endif::[]
|
|
ifeval::["{context}" == "installing-azure-government-region"]
|
|
:!azure-workload-id:
|
|
endif::[]
|
|
ifeval::["{context}" == "installing-azure-private"]
|
|
:!azure-workload-id:
|
|
endif::[]
|
|
ifeval::["{context}" == "installing-azure-vnet"]
|
|
:!azure-workload-id:
|
|
endif::[]
|
|
ifeval::["{context}" == "installing-restricted-networks-azure-installer-provisioned"]
|
|
:!azure-workload-id:
|
|
endif::[]
|
|
|
|
//GCP install assemblies
|
|
ifeval::["{context}" == "installing-gcp-customizations"]
|
|
:!google-cloud-platform:
|
|
endif::[]
|
|
ifeval::["{context}" == "installing-gcp-network-customizations"]
|
|
:!google-cloud-platform:
|
|
endif::[]
|
|
ifeval::["{context}" == "installing-restricted-networks-gcp-installer-provisioned"]
|
|
:!google-cloud-platform:
|
|
endif::[]
|
|
ifeval::["{context}" == "installing-gcp-vpc"]
|
|
:!google-cloud-platform:
|
|
endif::[]
|
|
ifeval::["{context}" == "installing-gcp-shared-vpc"]
|
|
:!google-cloud-platform:
|
|
endif::[]
|
|
ifeval::["{context}" == "installing-gcp-private"]
|
|
:!google-cloud-platform:
|
|
endif::[] |