mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-05 12:46:18 +01:00
136 lines
7.3 KiB
Plaintext
136 lines
7.3 KiB
Plaintext
:_mod-docs-content-type: ASSEMBLY
|
|
include::_attributes/attributes-openshift-dedicated.adoc[]
|
|
ifdef::openshift-rosa[]
|
|
:context: rosa-sts-aws-prereqs
|
|
[id="rosa-sts-aws-prereqs"]
|
|
= Detailed requirements for deploying {product-title} using STS
|
|
|
|
endif::openshift-rosa[]
|
|
ifdef::openshift-rosa-hcp[]
|
|
:context: rosa-hcp-prereqs
|
|
[id="rosa-hcp-prereqs"]
|
|
= Detailed requirements for deploying {product-title}
|
|
endif::openshift-rosa-hcp[]
|
|
|
|
toc::[]
|
|
|
|
[role="_abstract"]
|
|
{product-title} provides a model that allows Red{nbsp}Hat to deploy clusters into a customer's existing Amazon Web Service (AWS) account.
|
|
|
|
ifdef::openshift-rosa[]
|
|
include::snippets/snip_rosa-sts.adoc[leveloffset=+0]
|
|
endif::openshift-rosa[]
|
|
|
|
Ensure that the following prerequisites are met before installing your cluster.
|
|
|
|
ifdef::openshift-rosa[]
|
|
[id="rosa-sts-customer-requirements_{context}"]
|
|
endif::openshift-rosa[]
|
|
ifdef::openshift-rosa-hcp[]
|
|
[id="rosa-hcp-customer-requirements_{context}"]
|
|
endif::openshift-rosa-hcp[]
|
|
== Customer requirements for all {product-title} clusters
|
|
|
|
[role="_abstract"]
|
|
ifdef::openshift-rosa[]
|
|
The following prerequisites must be complete before you deploy a {product-title} cluster that uses the AWS Security Token Service (STS).
|
|
endif::openshift-rosa[]
|
|
ifdef::openshift-rosa-hcp[]
|
|
The following prerequisites must be complete before you deploy a {product-title} cluster.
|
|
endif::openshift-rosa-hcp[]
|
|
|
|
include::modules/rosa-sts-aws-requirements-account.adoc[leveloffset=+1]
|
|
|
|
//Adding conditions around these in case the Additional resources don't get ported to HCP or have different file names / locations; keeping all included for now
|
|
ifdef::openshift-rosa[]
|
|
[role="_additional-resources"]
|
|
[id="additional-resources_aws-account-requirements_{context}"]
|
|
.Additional resources
|
|
// Removed as part of OSDOCS-13310, until figures are verified.
|
|
//* xref:../rosa_planning/rosa-limits-scalability.adoc#rosa-limits-scalability[Limits and scalability]
|
|
* xref:../support/troubleshooting/rosa-troubleshooting-deployments.adoc#rosa-troubleshooting-elb-service-role_rosa-troubleshooting-cluster-deployments[Creating the Elastic Load Balancing (ELB) service-linked role]
|
|
endif::openshift-rosa[]
|
|
|
|
include::modules/rosa-sts-aws-requirements-support-req.adoc[leveloffset=+2]
|
|
include::modules/rosa-sts-aws-requirements-security-req.adoc[leveloffset=+2]
|
|
|
|
//Adding conditions around these in case the Additional resources don't get ported to HCP or have different file names / locations; keeping all included for now
|
|
[role="_additional-resources"]
|
|
[id="additional-resources_aws-security-requirements_{context}"]
|
|
.Additional resources
|
|
ifdef::openshift-dedicated[]
|
|
* xref:../rosa_planning/rosa-sts-aws-prereqs.adoc#osd-aws-privatelink-firewall-prerequisites_rosa-sts-aws-prereqs[AWS firewall prerequisites]
|
|
endif::openshift-dedicated[]
|
|
ifdef::openshift-rosa[]
|
|
* xref:../rosa_planning/rosa-sts-aws-prereqs.adoc#rosa-classic-firewall-prerequisites_rosa-sts-aws-prereqs[AWS firewall prerequisites]
|
|
endif::openshift-rosa[]
|
|
ifdef::openshift-rosa-hcp[]
|
|
* xref:../rosa_planning/rosa-sts-aws-prereqs.adoc#rosa-hcp-firewall-prerequisites_rosa-hcp-prereqs[AWS firewall prerequisites]
|
|
endif::openshift-rosa-hcp[]
|
|
|
|
include::modules/rosa-sts-aws-requirements-association-concept.adoc[leveloffset=+2]
|
|
include::modules/rosa-sts-aws-requirements-creating-association.adoc[leveloffset=+2]
|
|
|
|
ifdef::openshift-rosa,openshift-rosa-hcp[]
|
|
[role="_additional-resources"]
|
|
[id="additional-resources_creating-association_{context}"]
|
|
== Additional resources
|
|
* xref:../rosa_architecture/rosa-sts-about-iam-resources.adoc#rosa-sts-account-wide-roles-and-policies_rosa-sts-about-iam-resources[Account-wide IAM role and policy reference]
|
|
endif::openshift-rosa,openshift-rosa-hcp[]
|
|
|
|
include::modules/rosa-sts-aws-requirements-creating-multi-association.adoc[leveloffset=+2]
|
|
include::modules/rosa-requirements-deploying-in-opt-in-regions.adoc[leveloffset=+1]
|
|
include::modules/rosa-setting-the-aws-security-token-version.adoc[leveloffset=+2]
|
|
|
|
include::modules/rosa-sts-policy-iam.adoc[leveloffset=+1]
|
|
|
|
[role="_additional-resources"]
|
|
[id="additional-resources_policy-iam_{context}"]
|
|
== Additional resources
|
|
ifdef::openshift-rosa[]
|
|
* xref:../rosa_planning/rosa-sts-ocm-role.adoc#rosa-sts-ocm-role[OpenShift Cluster Manager IAM role resources]
|
|
endif::openshift-rosa[]
|
|
ifdef::openshift-rosa-hcp[]
|
|
* xref:../rosa_planning/rosa-hcp-prepare-iam-roles-resources.adoc#rosa-prepare-iam-resources-roles-ocm[Required IAM roles and resources]
|
|
endif::openshift-rosa-hcp[]
|
|
* xref:../rosa_architecture/rosa-sts-about-iam-resources.adoc#rosa-sts-account-wide-roles-and-policies_rosa-sts-about-iam-resources[Account-wide IAM role and policy reference]
|
|
* xref:../rosa_architecture/rosa-sts-about-iam-resources.adoc#rosa-sts-operator-roles_rosa-sts-about-iam-resources[Cluster-specific Operator IAM role reference]
|
|
|
|
include::modules/rosa-aws-provisioned.adoc[leveloffset=+1]
|
|
include::modules/rosa-security-groups-custom.adoc[leveloffset=+2]
|
|
include::modules/mos-network-prereqs-min-bandwidth.adoc[leveloffset=+1]
|
|
|
|
[id="osd-aws-privatelink-firewall-prerequisites"]
|
|
== AWS firewall prerequisites
|
|
|
|
If you are using a firewall to control egress traffic from your {product-title} cluster, you must configure your firewall to grant access to the certain domain and port combinations below. {product-title} requires this access to provide a fully managed OpenShift service. You must configure an Amazon S3 gateway endpoint in your AWS Virtual Private Cloud (VPC). This endpoint is required to complete requests from the cluster to the Amazon S3 service.
|
|
|
|
ifdef::openshift-rosa[]
|
|
include::modules/osd-aws-privatelink-firewall-prerequisites.adoc[leveloffset=+2]
|
|
endif::openshift-rosa[]
|
|
ifdef::openshift-rosa-hcp[]
|
|
include::modules/rosa-hcp-firewall-prerequisites.adoc[leveloffset=+2]
|
|
include::modules/rosa-hcp-vpc-subnet-tagging.adoc[leveloffset=+2]
|
|
endif::openshift-rosa-hcp[]
|
|
|
|
[role="_additional-resources"]
|
|
== Additional resources
|
|
* xref:../support/remote_health_monitoring/about-remote-health-monitoring.adoc#about-remote-health-monitoring[About remote health monitoring]
|
|
|
|
== Next steps
|
|
* xref:../rosa_planning/rosa-sts-required-aws-service-quotas.adoc#rosa-required-aws-service-quotas_rosa-sts-required-aws-service-quotas[Review the required AWS service quotas]
|
|
|
|
[role="_additional-resources"]
|
|
[id="additional-resources_aws-prerequisites_{context}"]
|
|
== Additional resources
|
|
ifdef::openshift-rosa[]
|
|
* xref:../rosa_architecture/rosa_policy_service_definition/rosa-policy-process-security.adoc#rosa-policy-sre-access_rosa-policy-process-security[SRE access to all {product-title} clusters]
|
|
* xref:../applications/deployments/rosa-config-custom-domains-applications.adoc#rosa-applications-config-custom-domains[Configuring custom domains for applications]
|
|
* xref:../rosa_architecture/rosa_policy_service_definition/rosa-service-definition.adoc#rosa-sdpolicy-instance-types_rosa-service-definition[Instance types]
|
|
endif::openshift-rosa[]
|
|
ifdef::openshift-rosa-hcp[]
|
|
* xref:../rosa_architecture/rosa_policy_service_definition/rosa-sre-access.adoc#rosa-sre-access[SRE and service account access]
|
|
//Omitted until Applications has been ported for HCP
|
|
//* xref ../applications/deployments/rosa-config-custom-domains-applications.adoc#rosa-applications-config-custom-domains[Configuring custom domains for applications]
|
|
* xref:../rosa_architecture/rosa_policy_service_definition/rosa-hcp-instance-types.adoc#rosa-hcp-instance-types[Instance types]
|
|
endif::openshift-rosa-hcp[] |