diff --git a/installing/installing_aws/installing-aws-customizations.adoc b/installing/installing_aws/installing-aws-customizations.adoc index ea4ebc192aa3..bf4ae24fd4fb 100644 --- a/installing/installing_aws/installing-aws-customizations.adoc +++ b/installing/installing_aws/installing-aws-customizations.adoc @@ -44,7 +44,8 @@ include::modules/installation-configuration-parameters.adoc[leveloffset=+2] include::modules/installation-aws-config-yaml.adoc[leveloffset=+2] -include::modules/installation-configure-proxy.adoc[leveloffset=+2] +// Removing; Proxy not supported for AWS IPI for 4.2 +// include::modules/installation-configure-proxy.adoc[leveloffset=+2] include::modules/installation-launching-installer.adoc[leveloffset=+1] diff --git a/installing/installing_azure/installing-azure-customizations.adoc b/installing/installing_azure/installing-azure-customizations.adoc index 6f275ddaf535..5e580d5b508d 100644 --- a/installing/installing_azure/installing-azure-customizations.adoc +++ b/installing/installing_azure/installing-azure-customizations.adoc @@ -31,7 +31,8 @@ include::modules/installation-configuration-parameters.adoc[leveloffset=+2] include::modules/installation-azure-config-yaml.adoc[leveloffset=+2] -include::modules/installation-configure-proxy.adoc[leveloffset=+2] +// Removing; Proxy not supported for Azure IPI for 4.2 +// include::modules/installation-configure-proxy.adoc[leveloffset=+2] include::modules/installation-launching-installer.adoc[leveloffset=+1] diff --git a/installing/installing_gcp/installing-gcp-customizations.adoc b/installing/installing_gcp/installing-gcp-customizations.adoc index 5af44da73e15..c2f644be72fa 100644 --- a/installing/installing_gcp/installing-gcp-customizations.adoc +++ b/installing/installing_gcp/installing-gcp-customizations.adoc @@ -32,7 +32,8 @@ include::modules/installation-configuration-parameters.adoc[leveloffset=+2] include::modules/installation-gcp-config-yaml.adoc[leveloffset=+2] -include::modules/installation-configure-proxy.adoc[leveloffset=+2] +// Removing; Proxy not supported for GCP IPI for 4.2 +// include::modules/installation-configure-proxy.adoc[leveloffset=+2] include::modules/installation-launching-installer.adoc[leveloffset=+1] diff --git a/networking/enable-cluster-wide-proxy.adoc b/networking/enable-cluster-wide-proxy.adoc index 188356c042ea..9ce6d9b5a23d 100644 --- a/networking/enable-cluster-wide-proxy.adoc +++ b/networking/enable-cluster-wide-proxy.adoc @@ -5,12 +5,9 @@ include::modules/common-attributes.adoc[] toc::[] -Production environments can deny direct access to the Internet and instead have -an HTTP or HTTPS proxy available. You can configure {product-title} to use a -proxy by -xref:../networking/enable-cluster-wide-proxy.adoc#nw-proxy-configure-object_config-cluster-wide-proxy[modifying the Proxy object for existing clusters] -or by configuring the proxy settings in the `install-config.yaml` file for new -clusters. +Production environments can deny direct access to the Internet and instead have an HTTP or HTTPS proxy available. You can configure {product-title} to use a proxy by xref:../networking/enable-cluster-wide-proxy.adoc#nw-proxy-configure-object_config-cluster-wide-proxy[modifying the Proxy object for existing clusters] or by configuring the proxy settings in the `install-config.yaml` file for new clusters. + +IMPORTANT: The cluster-wide proxy is only supported if you used a user-provisioned infrastructure installation for a supported provider. include::modules/nw-proxy-configure-object.adoc[leveloffset=+1] diff --git a/release_notes/ocp-4-2-release-notes.adoc b/release_notes/ocp-4-2-release-notes.adoc index 83b3113373d6..fffc289423d9 100644 --- a/release_notes/ocp-4-2-release-notes.adoc +++ b/release_notes/ocp-4-2-release-notes.adoc @@ -104,10 +104,12 @@ for details. ==== Cluster-wide egress proxy {product-title} {product-version} introduces support for installing and updating -an OpenShift cluster through a corporate proxy server. Proxy information -(httpProxy, httpsProxy, and noProxy) can be defined in `install-config`, which +an {product-title} cluster through a corporate proxy server on user-provisioned infrastructure. Proxy information +(httpProxy, httpsProxy, and noProxy) can be defined in the `install-config.yaml` file, which is used during the installation process and can also be managed -post-installation via the cluster proxy object. +post-installation via the `cluster` Proxy object. + +IMPORTANT: The cluster-wide proxy is only supported if you used a user-provisioned infrastructure installation for a supported provider. Also, there is now support for providing your own CA bundles allowing the corporate proxy to MITM HTTPS. @@ -128,7 +130,7 @@ experiences: Full stack automation (IPI) and pre-existing infrastructure (UPI). With full stack automation, the installer controls all areas of the installation including infrastructure provisioning with an opinionated best practices -deployment of {product-title}. With re-existing infrastructure deployments, +deployment of {product-title}. With pre-existing infrastructure deployments, administrators are responsible for creating and managing their own infrastructure allowing greater customization and operational flexibility. @@ -302,7 +304,7 @@ across the cluster. ==== Whitelisting of sysctls configuration System administrators can whitelist sysctl on a per-node basis. All safe sysctls -are enabled by default; all unsafe sysctls are disabled by default.See +are enabled by default; all unsafe sysctls are disabled by default. See xref:../nodes/containers/nodes-containers-sysctls.adoc#nodes-containers-sysctls[Using sysctls in containers] for more information. @@ -720,11 +722,11 @@ memory is handled by the cluster itself. *Image Registry* * TLS keys were not added to registry routes. This is because TLS keys were stored -in `Secret.StringData` and the Operator was unable to se the real data in the +in `Secret.StringData` and the Operator was unable to see the real data in the secret. Now, Secret.Data is used instead and the Operator can see the values. (link:https://bugzilla.redhat.com/show_bug.cgi?id=1719965[*BZ#1719965*]) -* The drain process would take up to 600 seconds to evist the image-registry pod. +* The drain process would take up to 600 seconds to evict the image-registry pod. This was because the image registry was running from sh and signals were not propagated to the image registry, and unable to receive SIGTERM. Now, the registry process uses exec and the registry is the pid 1 process and able to @@ -1212,7 +1214,7 @@ indicate that the feature is removed from the release or deprecated. |GA |GA -|External provisoner for AWS EFS +|External provisioner for AWS EFS |TP |TP |TP