openshift/openshift-docs
1
0
Fork 0
mirror of https://github.com/openshift/openshift-docs.git synced 2026-02-05 12:46:18 +01:00
Code Issues Releases Activity
Files
ffe454b6c2ed61e6dbf802244d6244321e171fb9
openshift-docs/rosa_planning/rosa-sts-aws-prereqs.adoc
EricPonvelle 26f69f8b4e OSDOCS-11789 ROSA HCP/Classic split: Prepare your environment 
- Including changes from OSDOCS-11640 by cherry-picking in 16db23b
- Rebased against main following merge of rosa_hcp_migration branch
- Corrected missing 500 node max support limit
- Applied peer and merge review feedback

Squashed:
1 - Intial commit for the ROSA with HCP branch
2 - Adding the Upgrading HCP cherrypick
3 - Adding the Security HCP cherrypick
4 - Upgrading ROSA with HCP updates
5 - Updated the HCP migration to include the ROSA Tutorals and Learning sections
6 - Updated the HCP migration to add the rest of the books from the password protected preview
7 - Repaired the links in Introduction to ROSA book

8 - classic to hcp migration topic maps update
commented in the end of section in topic map
applied QE suggestions from gdoc
applied more QE suggestions from gdoc
applied conditions for new hcp distro to assemblies and modules
fixed typo on line 13 of configuring registry operator
replaced namespace as suggested by QE
removed operator pod list
removed space in rosa topic maps
removed spacing in line 39 of checking status of pods
2025-02-13 17:52:31 -05:00

149 lines
8.1 KiB
Plaintext
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
:_mod-docs-content-type: ASSEMBLY
include::_attributes/attributes-openshift-dedicated.adoc[]
//title and ID conditions so this can be shared between Classic and HCP docs while it remains accurate for both
ifndef::openshift-rosa-hcp[]
:context: rosa-sts-aws-prereqs
[id="rosa-sts-aws-prereqs"]
= Detailed requirements for deploying ROSA using STS
endif::openshift-rosa-hcp[]
ifdef::openshift-rosa-hcp[]
:context: rosa-hcp-prereqs
[id="rosa-hcp-prereqs"]
= Detailed requirements for deploying {hcp-title}
endif::openshift-rosa-hcp[]
toc::[]
{product-title} (ROSA) provides a model that allows Red{nbsp}Hat to deploy clusters into a customers existing Amazon Web Service (AWS) account.
ifndef::openshift-rosa-hcp[]
include::snippets/rosa-sts.adoc[leveloffset=+0]
endif::openshift-rosa-hcp[]
Ensure that the following prerequisites are met before installing your cluster.
ifndef::openshift-rosa-hcp[]
[id="rosa-sts-customer-requirements_{context}"]
== Customer requirements when using STS for deployment
The following prerequisites must be complete before you deploy a {product-title} (ROSA) cluster that uses the AWS Security Token Service (STS).
endif::openshift-rosa-hcp[]
ifdef::openshift-rosa-hcp[]
[id="rosa-hcp-customer-requirements_{context}"]
== Customer requirements for all {hcp-title} clusters
The following prerequisites must be complete before you deploy a {hcp-title} cluster.
endif::openshift-rosa-hcp[]
include::modules/rosa-sts-aws-requirements-account.adoc[leveloffset=+2]
//Adding conditions around these in case the Additional resources don't get ported to HCP or have different file names / locations; keeping all included for now
ifndef::openshift-rosa-hcp[]
[role="_additional-resources"]
[id="additional-resources_aws-account-requirements_{context}"]
.Additional resources
* xref:../support/troubleshooting/rosa-troubleshooting-deployments.adoc#rosa-troubleshooting-elb-service-role_rosa-troubleshooting-cluster-deployments[Creating the Elastic Load Balancing (ELB) service-linked role]
endif::openshift-rosa-hcp[]
//TODO OSDOCS-11789: Nothing in the following module is actually a requirement, it's purely informative/recommended and needs to be re-validated by SRE/Support
include::modules/rosa-sts-aws-requirements-support-req.adoc[leveloffset=+2]
//TODO OSDOCS-11789: Need to have this re-validated by SRE/Support
include::modules/rosa-sts-aws-requirements-security-req.adoc[leveloffset=+2]
//Adding conditions around these in case the Additional resources don't get ported to HCP or have different file names / locations; keeping all included for now
[role="_additional-resources"]
[id="additional-resources_aws-security-requirements_{context}"]
.Additional resources
ifndef::openshift-rosa-hcp[]
* xref:../rosa_planning/rosa-sts-aws-prereqs.adoc#osd-aws-privatelink-firewall-prerequisites_rosa-sts-aws-prereqs[AWS firewall prerequisites]
endif::openshift-rosa-hcp[]
ifdef::openshift-rosa-hcp[]
* xref:../rosa_planning/rosa-sts-aws-prereqs.adoc#rosa-hcp-firewall-prerequisites_rosa-hcp-prereqs[AWS firewall prerequisites]
endif::openshift-rosa-hcp[]
[id="rosa-ocm-requirements_{context}"]
== Requirements for using {cluster-manager}
The following configuration details are required only if you use {cluster-manager-url} to manage your clusters. If you use the CLI tools exclusively, then you can disregard these requirements.
//TODO OSDOCS-11789: when are ocm-role and user-role actually created? Pretty sure this happens as part of the cluster install process, so doesn't need to be done ahead of time??
include::modules/rosa-sts-aws-requirements-association-concept.adoc[leveloffset=+2]
include::modules/rosa-sts-aws-requirements-creating-association.adoc[leveloffset=+2]
ifdef::openshift-rosa,openshift-rosa-hcp[]
[discrete]
[role="_additional-resources"]
[id="additional-resources_creating-association_{context}"]
== Additional resources
* See xref:../rosa_architecture/rosa-sts-about-iam-resources.adoc#rosa-sts-account-wide-roles-and-policies_rosa-sts-about-iam-resources[Account-wide IAM role and policy reference] for a list of IAM roles needed for cluster creation.
endif::openshift-rosa,openshift-rosa-hcp[]
include::modules/rosa-sts-aws-requirements-creating-multi-association.adoc[leveloffset=+2]
include::modules/rosa-requirements-deploying-in-opt-in-regions.adoc[leveloffset=+1]
include::modules/rosa-setting-the-aws-security-token-version.adoc[leveloffset=+2]
[id="rosa-sts-policy-iam_{context}"]
== Red{nbsp}Hat managed IAM references for AWS
ifndef::openshift-rosa-hcp[]
When you use STS as your cluster credential method,
endif::openshift-rosa-hcp[]
Red{nbsp}Hat is not responsible for creating and managing Amazon Web Services (AWS) IAM policies, IAM users, or IAM roles. For information on creating these roles and policies, see the following sections on IAM roles.
* To use the `ocm` CLI, you must have an `ocm-role` and `user-role` resource.
ifndef::openshift-rosa-hcp[]
See xref:../rosa_planning/rosa-sts-ocm-role.adoc#rosa-sts-ocm-role[OpenShift Cluster Manager IAM role resources].
endif::openshift-rosa-hcp[]
ifdef::openshift-rosa-hcp[]
See xref:../rosa_planning/rosa-hcp-prepare-iam-roles-resources.adoc#rosa-prepare-iam-resources-roles-ocm[Required IAM roles and resources].
endif::openshift-rosa-hcp[]
* If you have a single cluster, see xref:../rosa_architecture/rosa-sts-about-iam-resources.adoc#rosa-sts-account-wide-roles-and-policies_rosa-sts-about-iam-resources[Account-wide IAM role and policy reference].
* For each cluster, you must have the necessary operator roles. See xref:../rosa_architecture/rosa-sts-about-iam-resources.adoc#rosa-sts-operator-roles_rosa-sts-about-iam-resources[Cluster-specific Operator IAM role reference].
include::modules/rosa-aws-provisioned.adoc[leveloffset=+1]
[id="rosa-network-prereqs_{context}"]
== Networking prerequisites
include::modules/mos-network-prereqs-min-bandwidth.adoc[leveloffset=+2]
// Keeping existing ID to prevent link breakage
ifdef::openshift-rosa[]
[id="osd-aws-privatelink-firewall-prerequisites_rosa-sts-aws-prereqs"]
=== AWS firewall prerequisites
If you are using a firewall to control egress traffic from your {product-title}, you must configure your firewall to grant access to the certain domain and port combinations below. {product-title} requires this access to provide a fully managed OpenShift service.
include::modules/osd-aws-privatelink-firewall-prerequisites.adoc[leveloffset=+3]
endif::openshift-rosa[]
ifdef::openshift-rosa-hcp[]
include::modules/rosa-hcp-firewall-prerequisites.adoc[leveloffset=+2]
endif::openshift-rosa-hcp[]
ifdef::openshift-rosa[]
[role="_additional-resources"]
.Additional resources
* xref:../support/remote_health_monitoring/about-remote-health-monitoring.adoc#about-remote-health-monitoring[About remote health monitoring]
endif::openshift-rosa[]
== Next steps
* xref:../rosa_planning/rosa-sts-required-aws-service-quotas.adoc#rosa-required-aws-service-quotas_rosa-sts-required-aws-service-quotas[Review the required AWS service quotas]
[role="_additional-resources"]
[id="additional-resources_aws-prerequisites_{context}"]
== Additional resources
ifdef::openshift-rosa[]
* xref:../rosa_architecture/rosa_policy_service_definition/rosa-policy-process-security.adoc#rosa-policy-sre-access_rosa-policy-process-security[SRE access to all Red{nbsp}Hat OpenShift Service on AWS clusters]
* xref:../applications/deployments/rosa-config-custom-domains-applications.adoc#rosa-applications-config-custom-domains[Configuring custom domains for applications]
* xref:../rosa_architecture/rosa_policy_service_definition/rosa-service-definition.adoc#rosa-sdpolicy-instance-types_rosa-service-definition[Instance types]
endif::openshift-rosa[]
ifdef::openshift-rosa-hcp[]
* xref:../rosa_architecture/rosa_policy_service_definition/rosa-sre-access.adoc#rosa-sre-access[SRE and service account access]
//Omitted until Applications has been ported for HCP
//* xref ../applications/deployments/rosa-config-custom-domains-applications.adoc#rosa-applications-config-custom-domains[Configuring custom domains for applications]
* xref:../rosa_architecture/rosa_policy_service_definition/rosa-hcp-instance-types.adoc#rosa-hcp-instance-types[Instance types]
endif::openshift-rosa-hcp[]
View Git Blame Copy Permalink