openshift/openshift-docs
1
0
Fork 0
mirror of https://github.com/openshift/openshift-docs.git synced 2026-02-05 12:46:18 +01:00
Code Issues Releases Activity
Files
63049049e00e03d7f23de7e69bb6c261ae557be3
openshift-docs/installing/installing_aws/ipi/installing-aws-china.adoc
Ben Scott 63049049e0 OSDOCS#10082 Reworking AWS topic map/TOC
2024-04-17 15:25:43 +00:00

127 lines
7.6 KiB
Plaintext
Raw Blame History

:_mod-docs-content-type: ASSEMBLY
[id="installing-aws-china-region"]
= Installing a cluster on AWS China
include::_attributes/common-attributes.adoc[]
:context: installing-aws-china-region
toc::[]
In {product-title} version {product-version}, you can install a cluster to the following Amazon Web Services (AWS) China regions:
* `cn-north-1` (Beijing)
* `cn-northwest-1` (Ningxia)
== Prerequisites
* You have an Internet Content Provider (ICP) license.
* You reviewed details about the xref:../../../architecture/architecture-installation.adoc#architecture-installation[{product-title} installation and update] processes.
* You read the documentation on xref:../../../installing/installing-preparing.adoc#installing-preparing[selecting a cluster installation method and preparing it for users].
* You xref:../../../installing/installing_aws/installing-aws-account.adoc#installing-aws-account[configured an AWS account] to host the cluster.
* If you use a firewall, you xref:../../../installing/install_config/configuring-firewall.adoc#configuring-firewall[configured it to allow the sites] that your cluster requires access to.
[IMPORTANT]
====
If you have an AWS profile stored on your computer, it must not use a temporary session token that you generated while using a multi-factor authentication device. The cluster continues to use your current AWS credentials to create AWS resources for the entire life of the cluster, so you must use long-term credentials. To generate appropriate keys, see link:https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html[Managing Access Keys for IAM Users] in the AWS documentation. You can supply the keys when you run the installation program.
====
include::modules/installation-aws-regions-with-no-ami.adoc[leveloffset=+1]
include::modules/cluster-entitlements.adoc[leveloffset=+1]
include::modules/private-clusters-default.adoc[leveloffset=+1]
include::modules/private-clusters-about-aws.adoc[leveloffset=+2]
include::modules/installation-custom-aws-vpc.adoc[leveloffset=+1]
include::modules/installation-aws-security-groups.adoc[leveloffset=+2]
include::modules/ssh-agent-using.adoc[leveloffset=+1]
include::modules/installation-aws-upload-custom-rhcos-ami.adoc[leveloffset=+1]
include::modules/installation-obtaining-installer.adoc[leveloffset=+1]
include::modules/installation-initializing-manual.adoc[leveloffset=+1]
[role="_additional-resources"]
.Additional resources
* xref:../../../installing/installing_aws/installation-config-parameters-aws.adoc#installation-config-parameters-aws[Installation configuration parameters for AWS]
include::modules/installation-aws-config-yaml.adoc[leveloffset=+2]
include::modules/installation-minimum-resource-requirements.adoc[leveloffset=+2]
[role="_additional-resources"]
.Additional resources
* xref:../../../scalability_and_performance/optimization/optimizing-storage.adoc#optimizing-storage[Optimizing storage]
include::modules/installation-aws-tested-machine-types.adoc[leveloffset=+2]
include::modules/installation-aws-arm-tested-machine-types.adoc[leveloffset=+2]
include::modules/installation-configure-proxy.adoc[leveloffset=+2]
include::modules/installation-applying-aws-security-groups.adoc[leveloffset=+2]
//Installing the OpenShift CLI by downloading the binary: Moved up to precede `ccoctl` steps, which require the use of `oc`
include::modules/cli-installing-cli.adoc[leveloffset=+1]
[id="installing-aws-manual-modes_{context}"]
== Alternatives to storing administrator-level secrets in the kube-system project
By default, administrator secrets are stored in the `kube-system` project. If you configured the `credentialsMode` parameter in the `install-config.yaml` file to `Manual`, you must use one of the following alternatives:
* To manage long-term cloud credentials manually, follow the procedure in xref:../../../installing/installing_aws/ipi/installing-aws-china.adoc#manually-create-iam_installing-aws-china-region[Manually creating long-term credentials].
* To implement short-term credentials that are managed outside the cluster for individual components, follow the procedures in xref:../../../installing/installing_aws/ipi/installing-aws-china.adoc#installing-aws-with-short-term-creds_installing-aws-china-region[Configuring an AWS cluster to use short-term credentials].
//Manually creating long-term credentials
include::modules/manually-create-identity-access-management.adoc[leveloffset=+2]
//Supertask: Configuring an AWS cluster to use short-term credentials
[id="installing-aws-with-short-term-creds_{context}"]
=== Configuring an AWS cluster to use short-term credentials
To install a cluster that is configured to use the AWS Security Token Service (STS), you must configure the CCO utility and create the required AWS resources for your cluster.
//Task part 1: Configuring the Cloud Credential Operator utility
include::modules/cco-ccoctl-configuring.adoc[leveloffset=+3]
//Task part 2: Creating the required AWS resources
[id="sts-mode-create-aws-resources-ccoctl_{context}"]
==== Creating AWS resources with the Cloud Credential Operator utility
You have the following options when creating AWS resources:
* You can use the `ccoctl aws create-all` command to create the AWS resources automatically. This is the quickest way to create the resources. See xref:../../../installing/installing_aws/ipi/installing-aws-china.adoc#cco-ccoctl-creating-at-once_installing-aws-china-region[Creating AWS resources with a single command].
* If you need to review the JSON files that the `ccoctl` tool creates before modifying AWS resources, or if the process the `ccoctl` tool uses to create AWS resources automatically does not meet the requirements of your organization, you can create the AWS resources individually. See xref:../../../installing/installing_aws/ipi/installing-aws-china.adoc#cco-ccoctl-creating-individually_installing-aws-china-region[Creating AWS resources individually].
//Task part 2a: Creating the required AWS resources all at once
include::modules/cco-ccoctl-creating-at-once.adoc[leveloffset=+4]
//Task part 2b: Creating the required AWS resources individually
include::modules/cco-ccoctl-creating-individually.adoc[leveloffset=+4]
//Task part 3: Incorporating the Cloud Credential Operator utility manifests
include::modules/cco-ccoctl-install-creating-manifests.adoc[leveloffset=+3]
include::modules/installation-launching-installer.adoc[leveloffset=+1]
include::modules/cli-logging-in-kubeadmin.adoc[leveloffset=+1]
include::modules/logging-in-by-using-the-web-console.adoc[leveloffset=+1]
include::modules/cluster-telemetry.adoc[leveloffset=+1]
[role="_additional-resources"]
.Additional resources
* See xref:../../../web_console/web-console.adoc#web-console[Accessing the web console] for more details about accessing and understanding the {product-title} web console.
* See xref:../../../support/remote_health_monitoring/about-remote-health-monitoring.adoc#about-remote-health-monitoring[About remote health monitoring] for more information about the Telemetry service.
== Next steps
* xref:../../../installing/validating-an-installation.adoc#validating-an-installation[Validating an installation].
* xref:../../../post_installation_configuration/cluster-tasks.adoc#available_cluster_customizations[Customize your cluster].
* If necessary, you can xref:../../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#opting-out-remote-health-reporting_opting-out-remote-health-reporting[opt out of remote health reporting].
* If necessary, you can xref:../../../post_installation_configuration/cluster-tasks.adoc#manually-removing-cloud-creds_post-install-cluster-tasks[remove cloud provider credentials].
View Git Blame Copy Permalink