shared VPC GPC

mletalie · mletalie · commit 5d261a8039f5 · 2023-10-24T15:35:52.000-04:00
diff --git a/logging/logging_alerts/custom-logging-alerts.adoc b/logging/logging_alerts/custom-logging-alerts.adoc
@@ -24,11 +24,11 @@ Application, audit, and infrastructure alerts are sent by default to the {produc
 include::modules/configuring-logging-loki-ruler.adoc[leveloffset=+1]
 include::modules/loki-rbac-permissions.adoc[leveloffset=+1]
 
-ifdef::openshift-enterprise[]
+ifndef::openshift-rosa,openshift-dedicated[]
 [role="_additional-resources"]
 .Additional resources
 * xref:../../authentication/using-rbac.adoc#using-rbac[Using RBAC to define and apply permissions]
-endif::[]
+endif::openshift-rosa,openshift-dedicated[]
 
 include::modules/logging-enabling-loki-alerts.adoc[leveloffset=+1]
 
diff --git a/modules/osd-create-cluster-ccs.adoc b/modules/osd-create-cluster-ccs.adoc
@@ -65,7 +65,7 @@ The project name must be 10 characters or less.
   ** IAM Security Admin
   ** Service Account Admin
   ** Service Account Key Admin
-  ** Service Account User  
+  ** Service Account User
   ** Organization Policy Viewer
   ** Service Management Administrator
   ** Service Usage Admin
@@ -204,14 +204,35 @@ The *Use a PrivateLink* option cannot be changed after a cluster is created.
 +
 .. If you are installing into an existing VPC and you want to enable an HTTP or HTTPS proxy for your cluster, select *Configure a cluster-wide proxy*.
 endif::osd-on-aws[]
+
 ifdef::osd-on-gcp[]
 . Optional: To install the cluster in an existing GCP Virtual Private Cloud (VPC):
 .. Select *Install into an existing VPC*.
 .. If you are installing into an existing VPC and you want to enable an HTTP or HTTPS proxy for your cluster, select *Configure a cluster-wide proxy*.
 endif::osd-on-gcp[]
-
++
 . Click *Next*.
 
+ifdef::osd-on-gcp[]
+. Optional: To install the cluster into a GCP shared VPC:
++
+[IMPORTANT]
+====
+
+To install a cluster into a shared VPC, you must use {product-title} version 4.13.15 or above. Additionally, the shared VPC administrator must enable a project as a host project in their Google Cloud console. For more information, see link:https://cloud.google.com/vpc/docs/provisioning-shared-vpc#set-up-shared-vpc[Enable a host project].
+====
+
+.. Select *Install into GCP shared VPC*.
+.. Specify the **Host project ID**. If the specified host project ID is incorrect, cluster creation will fail.
++
+
+[IMPORTANT]
+====
+Once you complete the steps within the cluster configuration wizard and click **Create Cluster**, the cluster will go into the "Installation Pending" state. At this point, you must contact the VPC administrator of the host project, who must grant the dynamically-generated service account the following permissions: **Computer Network Administrator**, **Compute Security Administrator**, and **DNS Administrator**. The administrator has 30 days to grant the listed permissions before the cluster creation fails.
+For information about shared GPC VPC permissions, see link:https://cloud.google.com/vpc/docs/provisioning-shared-vpc#migs-service-accounts[Provision shared VPC].
+====
+endif::osd-on-gcp[]
++
 . If you opted to install the cluster in an existing
 ifdef::osd-on-aws[]
 AWS
