Skip to content

[enterprise-4.14] [OSDOCS-6942]:OSD on GCP can be installed into Shared VPC (XPN) #67537

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Nov 7, 2023
Merged

[enterprise-4.14] [OSDOCS-6942]:OSD on GCP can be installed into Shared VPC (XPN) #67537

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions modules/deleting-cluster.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,3 +19,8 @@ You can delete your {product-title} cluster in {cluster-manager-first}.
. Select *Delete cluster* from the *Actions* drop-down menu.

. Type the name of the cluster highlighted in bold, then click *Delete*. Cluster deletion occurs automatically.
+
[NOTE]
====
If you delete a cluster that was installed into a GCP shared VPC, inform the Shared VPC Admin of the host project to remove the IAM policy roles granted to the service account that was referenced during cluster creation.
====
41 changes: 38 additions & 3 deletions modules/osd-create-cluster-ccs.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -204,30 +204,58 @@ The *Use a PrivateLink* option cannot be changed after a cluster is created.
+
.. If you are installing into an existing VPC and you want to enable an HTTP or HTTPS proxy for your cluster, select *Configure a cluster-wide proxy*.
endif::osd-on-aws[]

ifdef::osd-on-gcp[]
. Optional: To install the cluster in an existing GCP Virtual Private Cloud (VPC):
.. Select *Install into an existing VPC*.
.. If you are installing into an existing VPC and you want to enable an HTTP or HTTPS proxy for your cluster, select *Configure a cluster-wide proxy*.
endif::osd-on-gcp[]

+
. Click *Next*.

ifdef::osd-on-gcp[]
. Optional: To install the cluster into a GCP shared VPC:
+
[IMPORTANT]
====

To install a cluster into a shared VPC, you must use {product-title} version 4.13.15 or above. Additionally, the shared VPC administrator must enable a project as a host project in their Google Cloud console. For more information, see link:https://cloud.google.com/vpc/docs/provisioning-shared-vpc#set-up-shared-vpc[Enable a host project].
====

.. Select *Install into GCP shared VPC*.
.. Specify the **Host project ID**. If the specified host project ID is incorrect, cluster creation fails.
+
[IMPORTANT]
====
Once you complete the steps within the cluster configuration wizard and click **Create Cluster**, the cluster will go into the "Installation Waiting" state. At this point, you must contact the Shared VPC Admin of the host project, who must assign the dynamically-generated service account the following roles: **Computer Network Administrator**, **Compute Security Administrator**, and **DNS Administrator**.
The Shared VPC Admin of the host project has 30 days to grant the listed permissions before the cluster creation fails.
For information about GCP shared VPC permissions, see link:https://cloud.google.com/vpc/docs/provisioning-shared-vpc#migs-service-accounts[Provision Shared VPC].
====
endif::osd-on-gcp[]
+
. If you opted to install the cluster in an existing
ifdef::osd-on-aws[]
AWS
endif::osd-on-aws[]
ifdef::osd-on-gcp[]
GCP
endif::osd-on-gcp[]
VPC, provide your *Virtual Private Cloud (VPC) subnet settings* and select *Next*. You must have created the Cloud network address translation (NAT) and a Cloud router. See the additional resources for information about Cloud NATs and Google VPCs.
VPC, provide your *Virtual Private Cloud (VPC) subnet settings* and select *Next*.
You must have created the Cloud network address translation (NAT) and a Cloud router. See the additional resources for information about Cloud NATs and Google VPCs.
ifdef::osd-on-aws[]
+
[NOTE]
====
You must ensure that your VPC is configured with a public and a private subnet for each availability zone that you want the cluster installed into. If you opted to use PrivateLink, only private subnets are required.
====
endif::osd-on-aws[]

ifdef::osd-on-gcp[]
+
[NOTE]
====
If you are installing a cluster into a GCP shared VPC, the VPC name and subnets are shared from the host project.
====
endif::osd-on-gcp[]
. If you opted to configure a cluster-wide proxy, provide your proxy configuration details on the *Cluster-wide proxy* page:
+
--
Expand Down Expand Up @@ -284,6 +312,13 @@ In the event of critical security concerns that significantly impact the securit
====

. Review the summary of your selections and click *Create cluster* to start the cluster installation. The installation takes approximately 30-40 minutes to complete.
+
ifdef::osd-on-gcp[]
[NOTE]
====
If you delete a cluster that was installed into a GCP shared VPC, inform the Shared VPC Admin of the host project to remove the IAM policy roles granted to the service account that was referenced during cluster creation.
====
endif::osd-on-gcp[]

.Verification

Expand Down