Merge pull request #16822 from openshift-cherrypick-robot/cherry-pick-16696-to-enterprise-4.2

[enterprise-4.2] osdocs-627 disconnected install

Author: kalexand-rh

_topic_map.yml

@@ -115,13 +115,19 @@ Topics:
     File: installing-gcp-customizations
   - Name: Uninstalling a cluster on GCP
     File: uninstalling-cluster-gcp
-#- Name: Installing in a disconnected environment
-#  Dir: installing_disconnected
-#  Topics:
+- Name: Installing in restricted networks
+  Dir: installing_restricted_networks
+  Topics:
 #  - Name: Preparing for a disconnected installation
-#    File: installing-disconnected-preparations
-#  - Name: Installing in a disconnected environment
-#    File: installing-disconnected
+#    File: installing-restricted-networks-preparations
+  - Name: Restricted network AWS installation
+    File: installing-restricted-networks-aws
+  - Name: Restricted network bare metal installation
+    File: installing-restricted-networks-bare-metal
+#  - Name: Restricted network  GCP installation
+#    File: installing-restricted-networks-GCP
+  - Name: Restricted network vSphere installation
+    File: installing-restricted-networks-vsphere
 - Name: Installing on bare metal
   Dir: installing_bare_metal
   Topics:

installing/install_config/configuring-custom-ca.adoc

@@ -5,7 +5,7 @@ include::modules/common-attributes.adoc[]
 
 toc::[]
 
-If you install {product-title} with a proxy or in a disconnected environment,
+If you install {product-title} with a proxy or in a restricted network,
 you might need to configure a custom certificate authority (CA).
 
 //include::modules/configuring-firewall.adoc[leveloffset=+1]

installing/installing_disconnected/installing-disconnected.adoc

@@ -1,12 +1,12 @@
-[id="installing-disconnected-preparations"]
+[id="installing-restricted-networks-preparations"]
 = Preparing to install a disconnected cluster
 include::modules/common-attributes.adoc[]
-:context: installing-disconnected-preparations
+:context: installing-restricted-networks-preparations
 
 toc::[]
 
 Before you install a cluster on infrastructure that you provision in a
-disconnected environment, you must prepare the environment.
+restricted network, you must prepare the environment.
 
 //include::modules/cluster-entitlements.adoc[leveloffset=+1]
 

installing/installing_disconnected/installing-disconnected-preparations.adoc renamed to installing/installing_restricted_networks/installing-disconnected-preparations.adoc

@@ -0,0 +1,134 @@
+[id="installing-restricted-networks-aws"]
+= Installing a cluster on AWS that uses mirrored installation content
+include::modules/common-attributes.adoc[]
+:context: installing-restricted-networks-aws
+
+toc::[]
+
+In {product-title} version {product-version}, you can install a
+cluster on Amazon Web Services (AWS) using infrastructure that you provide and
+an internal mirror of the installation release content.
+
+[IMPORTANT]
+====
+While you can install a {product-title} cluster by using mirrored installation
+release content, your cluster still requires internet access to use the AWS APIs.
+====
+
+One way to create this infrastructure is to use the provided
+CloudFormation templates. You can modify the templates to customize your
+infrastructure or use the information that they contain to create AWS objects
+according to your company's policies.
+
+.Prerequisites
+
+//* xref:../../installing/installing_restricted_networks/installing-restricted-networks-preparations.adoc[Create a mirror registry on your bastion host]
+// and obtain the `imageContentSources` data for your version of {product-title}.
+////
+[IMPORTANT]
+====
+Because the installation media is on the bastion host, use that computer
+to complete all installation steps.
+////
+* Review details about the
+xref:../../architecture/architecture-installation.adoc#architecture-installation[{product-title} installation and update]
+processes.
+* xref:../../installing/installing_aws/installing-aws-account.adoc#installing-aws-account[Configure an AWS account]
+to host the cluster.
++
+[IMPORTANT]
+====
+If you have an AWS profile stored on your computer, it must not use a temporary
+session token that you generated while using a multi-factor authentication
+device. The cluster continues to use your current AWS credentials to
+create AWS resources for the entire life of the cluster, so you must
+use key-based, long-lived credentials. To generate appropriate keys, see
+link:https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html[Managing Access Keys for IAM Users]
+in the AWS documentation. You can supply the keys when you run the installation
+program.
+====
+* Download the AWS CLI and install it on your computer. See
+link:https://docs.aws.amazon.com/cli/latest/userguide/install-bundle.html[Install the AWS CLI Using the Bundled Installer (Linux, macOS, or Unix)]
+in the AWS documentation.
+* If you use a firewall and plan to use telemetry, you must
+xref:../../installing/install_config/configuring-firewall.adoc#configuring-firewall[configure it to access Red Hat Insights].
+
+include::modules/installation-about-restricted-network.adoc[leveloffset=+1]
+
+include::modules/cluster-entitlements.adoc[leveloffset=+1]
+
+include::modules/installation-aws-user-infra-requirements.adoc[leveloffset=+1]
+
+include::modules/installation-aws-permissions.adoc[leveloffset=+2]
+
+//You extract the installation program from the mirrored content.
+
+include::modules/ssh-agent-using.adoc[leveloffset=+1]
+
+include::modules/installation-generate-aws-user-infra.adoc[leveloffset=+1]
+
+// After the proxy change merges, I need to put it in and emphasize that you
+// must configure a proxy for the AWS mirrored content story.
+
+include::modules/installation-extracting-infraid.adoc[leveloffset=+1]
+
+include::modules/installation-creating-aws-vpc.adoc[leveloffset=+1]
+
+include::modules/installation-cloudformation-vpc.adoc[leveloffset=+2]
+
+include::modules/installation-creating-aws-dns.adoc[leveloffset=+1]
+
+include::modules/installation-cloudformation-dns.adoc[leveloffset=+2]
+
+include::modules/installation-creating-aws-security.adoc[leveloffset=+1]
+
+include::modules/installation-cloudformation-security.adoc[leveloffset=+2]
+
+include::modules/installation-aws-user-infra-rhcos-ami.adoc[leveloffset=+1]
+
+include::modules/installation-creating-aws-bootstrap.adoc[leveloffset=+1]
+
+include::modules/installation-cloudformation-bootstrap.adoc[leveloffset=+2]
+
+include::modules/installation-creating-aws-control-plane.adoc[leveloffset=+1]
+
+include::modules/installation-cloudformation-control-plane.adoc[leveloffset=+2]
+
+include::modules/installation-aws-user-infra-bootstrap.adoc[leveloffset=+1]
+
+////
+[id="installing-workers-aws-user-infra"]
+== Creating worker nodes
+
+You can either manually create worker nodes or use a MachineSet to create worker
+nodes after the cluster deploys. If you use a MachineSet to create and maintain
+the workers, you can allow the cluster to manage them. This allows you to easily
+scale, manage, and upgrade your workers.
+////
+
+
+include::modules/installation-creating-aws-worker.adoc[leveloffset=+2]
+
+include::modules/installation-cloudformation-worker.adoc[leveloffset=+3]
+
+//You install the CLI on the bastion host.
+
+include::modules/cli-logging-in-kubeadmin.adoc[leveloffset=+1]
+
+include::modules/installation-approve-csrs.adoc[leveloffset=+1]
+
+include::modules/installation-operators-config.adoc[leveloffset=+1]
+
+include::modules/installation-registry-storage-config.adoc[leveloffset=+2]
+
+include::modules/registry-configuring-storage-aws-user-infra.adoc[leveloffset=+3]
+
+include::modules/installation-registry-storage-non-production.adoc[leveloffset=+3]
+
+include::modules/installation-aws-user-infra-installation.adoc[leveloffset=+1]
+
+.Next steps
+
+* xref:../../installing/install_config/customizations.adoc#customizations[Customize your cluster].
+* If necessary, you can
+xref:../../telemetry/opting-out-of-telemetry.adoc#opting-out-of-telemetry[opt out of telemetry].

installing/installing_restricted_networks/installing-restricted-networks-aws.adoc

@@ -0,0 +1,95 @@
+[id="installing-restricted-networks-bare-metal"]
+= Installing a cluster on bare metal in a restricted network
+include::modules/common-attributes.adoc[]
+:context: installing-restricted-networks-bare-metal
+
+toc::[]
+
+In {product-title} version {product-version}, you can install a cluster on
+bare metal infrastructure that you provision in a restricted network.
+
+[IMPORTANT]
+====
+While you might be able to follow this procedure to deploy a cluster on
+virtualized or cloud environments, you must be aware of additional
+considerations for non-bare metal platforms. Review the information in the
+link:https://access.redhat.com/articles/4207611[guidelines for deploying {product-title} on non-tested platforms]
+before you attempt to install an {product-title} cluster in such an environment.
+====
+
+.Prerequisites
+
+//* xref:../../installing/installing_restricted_networks/installing-restricted-networks-preparations.adoc[Create a mirror registry on your bastion host]
+// and obtain the `imageContentSources` data for your version of {product-title}.
+////
+[IMPORTANT]
+====
+Because the installation media is on the bastion host, use that computer
+to complete all installation steps.
+////
+* Provision
+xref:../../storage/understanding-persistent-storage.adoc#understanding-persistent-storage[persistent storage]
+for your cluster. To deploy a private image registry, your storage must provide
+ReadWriteMany access modes.
+* Review details about the
+xref:../../architecture/architecture-installation.adoc#architecture-installation[{product-title} installation and update]
+processes.
+* If you use a firewall and plan to use telemetry, you must
+xref:../../installing/install_config/configuring-firewall.adoc#configuring-firewall[configure it to access Red Hat Insights].
+
+include::modules/installation-about-restricted-network.adoc[leveloffset=+1]
+
+include::modules/cluster-entitlements.adoc[leveloffset=+1]
+
+include::modules/installation-requirements-user-infra.adoc[leveloffset=+1]
+
+include::modules/installation-infrastructure-user-infra.adoc[leveloffset=+1]
+
+include::modules/installation-network-user-infra.adoc[leveloffset=+2]
+
+include::modules/installation-dns-user-infra.adoc[leveloffset=+2]
+
+include::modules/ssh-agent-using.adoc[leveloffset=+1]
+
+//You extract the installation program from the mirrored content.
+
+//You install the CLI on the bastion host.
+
+include::modules/installation-initializing-manual.adoc[leveloffset=+1]
+
+include::modules/installation-bare-metal-config-yaml.adoc[leveloffset=+2]
+
+include::modules/installation-generate-ignition-configs.adoc[leveloffset=+1]
+
+[id="creating-machines-bare-metal-restricted-network"]
+== Creating {op-system-first} machines
+
+Before you install a cluster on bare metal infrastructure that you provision,
+you must create {op-system} machines for it to use. Follow either the steps
+to use an ISO image or network PXE booting to create the machines.
+
+include::modules/installation-user-infra-machines-iso.adoc[leveloffset=+2]
+
+include::modules/installation-user-infra-machines-pxe.adoc[leveloffset=+2]
+
+include::modules/installation-installing-bare-metal.adoc[leveloffset=+1]
+
+include::modules/cli-logging-in-kubeadmin.adoc[leveloffset=+1]
+
+include::modules/installation-approve-csrs.adoc[leveloffset=+1]
+
+include::modules/installation-operators-config.adoc[leveloffset=+1]
+
+include::modules/installation-registry-storage-config.adoc[leveloffset=+2]
+
+include::modules/registry-configuring-storage-baremetal.adoc[leveloffset=+3]
+
+include::modules/installation-registry-storage-non-production.adoc[leveloffset=+3]
+
+include::modules/installation-complete-user-infra.adoc[leveloffset=+1]
+
+.Next steps
+
+* xref:../../installing/install_config/customizations.adoc#customizations[Customize your cluster].
+* If necessary, you can
+xref:../../telemetry/opting-out-of-telemetry.adoc#opting-out-of-telemetry[opt out of telemetry].