mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-05 12:46:18 +01:00
135 lines
6.1 KiB
Plaintext
135 lines
6.1 KiB
Plaintext
:_mod-docs-content-type: ASSEMBLY
|
|
include::_attributes/attributes-openshift-dedicated.adoc[]
|
|
:context: rosa-cloud-expert-prereq-checklist
|
|
[id="rosa-cloud-expert-prereq-checklist"]
|
|
= Prerequisites checklist for deploying {product-title}
|
|
|
|
toc::[]
|
|
|
|
//Mobb content metadata
|
|
//Brought into ROSA product docs 2023-09-15; does not follow typical OpenShift documentation formatting
|
|
//---
|
|
//date: '2023-07-27'
|
|
//title: Prerequisites Checklist to Deploy ROSA Cluster with STS
|
|
//tags: ["ROSA", "STS"]
|
|
//authors:
|
|
// - Byron Miller
|
|
// - Connor Wooley
|
|
// - Diana Sari
|
|
//---
|
|
|
|
[role="_abstract"]
|
|
ifdef::openshift-rosa[]
|
|
This is a high level checklist of prerequisites needed to create a {product-title} cluster with link:https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html[STS].
|
|
endif::openshift-rosa[]
|
|
ifdef::openshift-rosa-hcp[]
|
|
This is a high level checklist of prerequisites needed to create a {product-title} cluster.
|
|
endif::openshift-rosa-hcp[]
|
|
|
|
//TODO OSDOCS-11789: Consider adding the following to a subsection about the initiating/control machine, along with CLI sections?
|
|
The machine that you run the installation process from must have access to the following:
|
|
|
|
* Amazon Web Services API and authentication service endpoints
|
|
* Red{nbsp}Hat OpenShift API and authentication service endpoints (`api.openshift.com` and `sso.redhat.com`)
|
|
* Internet connectivity to obtain installation artifacts during deployment
|
|
//TODO OSDOCS-13133 update when zero egress is GA: "either during deployment or prior to deploying a cluster with egress zero enabled"
|
|
|
|
//TODO OSDOCS-11789: This needs to be accessible from parts of the cluster, but not the deploying machine - omit entirely, or leave in place for Classic?
|
|
ifdef::openshift-rosa[]
|
|
[IMPORTANT]
|
|
====
|
|
Starting with version 1.2.7 of the {rosa-cli-first}, all OIDC provider endpoint URLs on new clusters use Amazon CloudFront and the link:http://oidc.op1.openshiftapps.com/[oidc.op1.openshiftapps.com] domain. This change improves access speed, reduces latency, and improves resiliency for new clusters created with the {rosa-cli} 1.2.7 or later. There are no supported migration paths for existing OIDC provider configurations.
|
|
====
|
|
endif::openshift-rosa[]
|
|
|
|
include::modules/mos-checklist-accounts.adoc[leveloffset=+1]
|
|
include::modules/mos-checklist-aws-account.adoc[leveloffset=+2]
|
|
|
|
[role="_additional-resources"]
|
|
[id="additional-resources_mos-checklist-aws-account"]
|
|
.Additional resources
|
|
|
|
* xref:../cli_reference/rosa_cli/rosa-cli-permission-examples.adoc#rosa-cli-permission-examples[Least privilege permissions for common {rosa-cli} commands]
|
|
|
|
include::modules/mos-checklist-rh-account.adoc[leveloffset=+2]
|
|
include::modules/mos-checklist-cli-requirements.adoc[leveloffset=+1]
|
|
include::modules/mos-checklist-aws-cli.adoc[leveloffset=+2]
|
|
include::modules/mos-checklist-rosa-cli.adoc[leveloffset=+2]
|
|
|
|
ifdef::openshift-rosa[]
|
|
[role="_additional-resources"]
|
|
[id="additional-resources_mos-checklist-rosa-cli"]
|
|
.Additional resources
|
|
|
|
* xref:../rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-installing-rosa.adoc#rosa-installing-cli[Installing the {rosa-cli}]
|
|
endif::openshift-rosa[]
|
|
|
|
include::modules/mos-checklist-oc-cli.adoc[leveloffset=+2]
|
|
|
|
[role="_additional-resources"]
|
|
[id="additional-resources_mos-checklist-oc-cli"]
|
|
.Additional resources
|
|
|
|
* xref:../cli_reference/openshift_cli/getting-started-cli.adoc#cli-getting-started[Getting started with the OpenShift CLI]
|
|
|
|
include::modules/mos-checklist-aws-infra-prereqs.adoc[leveloffset=+1]
|
|
|
|
[role="_additional-resources"]
|
|
[id="additional-resources_mos-checklist-aws-infra-prereqs"]
|
|
.Additional resources
|
|
|
|
ifdef::openshift-rosa[]
|
|
* xref:../rosa_planning/rosa-sts-aws-prereqs.adoc#rosa-aws-policy-provisioned_rosa-sts-aws-prereqs[Provisioned AWS Infrastructure]
|
|
* xref:../rosa_planning/rosa-sts-required-aws-service-quotas.adoc#rosa-sts-required-aws-service-quotas[Required AWS service quotas]
|
|
endif::openshift-rosa[]
|
|
ifdef::openshift-rosa-hcp[]
|
|
* xref:../rosa_planning/rosa-sts-aws-prereqs.adoc#rosa-aws-policy-provisioned_rosa-hcp-prereqs[Provisioned AWS Infrastructure]
|
|
* xref:../rosa_planning/rosa-sts-required-aws-service-quotas.adoc#rosa-sts-required-aws-service-quotas[Required AWS service quotas]
|
|
endif::openshift-rosa-hcp[]
|
|
|
|
include::modules/mos-checklist-scp-prereqs.adoc[leveloffset=+1]
|
|
|
|
[role="_additional-resources"]
|
|
[id="additional-resources_mos-checklist-scp-prereqs"]
|
|
.Additional resources
|
|
|
|
* xref:../rosa_architecture/rosa-sts-about-iam-resources.adoc#rosa-minimum-scp_rosa-sts-about-iam-resources[Minimum set of effective permissions for SCPs]
|
|
|
|
[id="mos-checklist-networking-prereqs"]
|
|
== Networking prerequisites
|
|
// include::modules/mos-checklist-networking-prereqs.adoc[leveloffset=+1]
|
|
include::modules/mos-checklist-firewall.adoc[leveloffset=+2]
|
|
//Moving up prereqs that are actually required for deployment
|
|
ifdef::openshift-rosa[]
|
|
include::modules/mos-checklist-vpc-privatelink.adoc[leveloffset=+2]
|
|
|
|
[role="_additional-resources"]
|
|
[id="additional-resources_mos-checklist-vpc-privatelink"]
|
|
.Additional resources
|
|
|
|
* xref:../networking/ovn_kubernetes_network_provider/configuring-cluster-wide-proxy.adoc#configuring-cluster-wide-proxy[Configuring a cluster-wide proxy]
|
|
endif::openshift-rosa[]
|
|
ifdef::openshift-rosa-hcp[]
|
|
include::modules/mos-checklist-vpc-post-install.adoc[leveloffset=+2]
|
|
endif::openshift-rosa-hcp[]
|
|
|
|
include::modules/mos-checklist-add-custom-sgs.adoc[leveloffset=+2]
|
|
|
|
[role="_additional-resources"]
|
|
[id="additional-resources_mos-checklist-add-custom-sgs"]
|
|
.Additional resources
|
|
|
|
ifdef::openshift-rosa[]
|
|
* xref:../rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-aws-prereqs.adoc#rosa-security-groups_prerequisites[Security groups]
|
|
endif::openshift-rosa[]
|
|
ifdef::openshift-rosa-hcp[]
|
|
* xref:../rosa_planning/rosa-sts-aws-prereqs.adoc#rosa-security-groups_rosa-hcp-prereqs[Security groups]
|
|
endif::openshift-rosa-hcp[]
|
|
|
|
include::modules/mos-checklist-custom-dns-domains.adoc[leveloffset=+2]
|
|
|
|
[role="_additional-resources"]
|
|
[id="additional-resources_mos-checklist-custom-dns-domains"]
|
|
.Additional resources
|
|
|
|
* xref:../cloud_experts_tutorials/cloud-experts-custom-dns-resolver.adoc#cloud-experts-custom-dns-resolver[Deploying {product-title} with a custom DNS resolver] |