Skip to content

OSDOCS-1769 Installing a cluster on AWS in a restricted network #31935

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
codyhoag merged 1 commit into from
May 11, 2021
Merged

OSDOCS-1769 Installing a cluster on AWS in a restricted network #31935

codyhoag merged 1 commit into from
May 11, 2021

Conversation

@codyhoag
Copy link
Contributor

@codyhoag codyhoag commented Apr 26, 2021
edited
Loading

@codyhoag codyhoag added this to the Next Release milestone Apr 26, 2021
@openshift-ci-robot openshift-ci-robot added the size/L Denotes a PR that changes 100-499 lines, ignoring generated files. label Apr 26, 2021
@netlify
Copy link

netlify bot commented Apr 26, 2021
edited
Loading

Deploy preview for osdocs ready!

Built with commit 388663b

https://deploy-preview-31935--osdocs.netlify.app

@codyhoag codyhoag force-pushed the aws-restricted-network branch from 5a89494 to 5edd5ba Compare April 26, 2021 18:46
@codyhoag
Copy link
Contributor Author

codyhoag commented Apr 26, 2021

@yunjiang29 PTAL. Thanks!

@yunjiang29
Copy link
Contributor

yunjiang29 commented May 7, 2021

Hello @codyhoag
per my understanding, since the restrict cluster need to access existing mirror registry server, so the pre-created VPC is required for installing restrict cluster, e.g. the bastion host/mirror registry/cluster are in the same VPC.

If VPC is created by installer, the cluster can not access mirror registry which is in another VPC, since they are in different VPC and there is no VPC peering connection between two different VPC.

So based on above info, the following parameters are required: platform.aws.subnets, imageContentSources and additionalTrustBundle, the sample install-config.yaml should also include platform.aws.subnets

Also please @staebler help to review, thanks.

@staebler
Copy link

staebler commented May 7, 2021

Hello @codyhoag
per my understanding, since the restrict cluster need to access existing mirror registry server, so the pre-created VPC is required for installing restrict cluster, e.g. the bastion host/mirror registry/cluster are in the same VPC.

If VPC is created by installer, the cluster can not access mirror registry which is in another VPC, since they are in different VPC and there is no VPC peering connection between two different VPC.

So based on above info, the following parameters are required: platform.aws.subnets, imageContentSources and additionalTrustBundle, the sample install-config.yaml should also include platform.aws.subnets

Also please @staebler help to review, thanks.

Yes, to install a restricted-network cluster, the user must provide a pre-created VPC.

@openshift-ci openshift-ci bot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label May 7, 2021
@codyhoag codyhoag force-pushed the aws-restricted-network branch from cdd7fad to a4af599 Compare May 7, 2021 20:40
@openshift-ci openshift-ci bot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label May 7, 2021
@codyhoag codyhoag force-pushed the aws-restricted-network branch from a4af599 to c29038c Compare May 7, 2021 20:44
@codyhoag
Copy link
Contributor Author

codyhoag commented May 7, 2021

@yunjiang29 I have updated this PR to include instructions for providing an existing VPC (included in second commit). Let me know if you have any additional feedback. Thanks!

staebler
staebler reviewed May 7, 2021
View reviewed changes
installing/installing_aws/installing-restricted-networks-aws-installer-provisioned.adoc Outdated
Copy link

@staebler staebler May 7, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this new text? Or is this the same text that we use elsewhere? This text implies that the user is not using manual creds mode, right?

Copy link
Contributor Author

@codyhoag codyhoag May 9, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@staebler This is a note we provide in all AWS install guides. It originated from doc bug BZ#1724684 a couple years ago. Is it still relevant?

Copy link
Contributor Author

@codyhoag codyhoag May 11, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We can circle back to this if we want to update it in another PR, since this affects all AWS install guides.

Copy link

@staebler staebler May 11, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, certainly, let's not try to address it in this PR.

@codyhoag
Copy link
Contributor Author

codyhoag commented May 9, 2021

@staebler I addressed your feedback (with one question). Let me know if any further clarifications are needed. Thanks!

@yunjiang29
Copy link
Contributor

yunjiang29 commented May 10, 2021

@codyhoag the numbers in sample install-config are not correct, e.g. baseDomain, metadata.name, platform.aws.regionhave the same number 1

@codyhoag
Copy link
Contributor Author

codyhoag commented May 10, 2021
edited
Loading

@codyhoag the numbers in sample install-config are not correct, e.g. baseDomain, metadata.name, platform.aws.region have the same number 1

@yunjiang29 that is intended. Those values are all prompted by the installation program, which is what 1 is meant to describe.

@yunjiang29
Copy link
Contributor

yunjiang29 commented May 11, 2021

@codyhoag get it, thanks. LGTM.

@codyhoag codyhoag force-pushed the aws-restricted-network branch from 834470a to 0d8254f Compare May 11, 2021 13:20
@codyhoag codyhoag added the peer-review-needed Signifies that the peer review team needs to review this PR label May 11, 2021
staebler
staebler approved these changes May 11, 2021
View reviewed changes
Copy link

@staebler staebler left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

kalexand-rh
kalexand-rh reviewed May 11, 2021
View reviewed changes
Copy link
Contributor

@kalexand-rh kalexand-rh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have two small tweaks, but this otherwise LGTM!

@kalexand-rh kalexand-rh added peer-review-done Signifies that the peer review team has reviewed this PR and removed peer-review-needed Signifies that the peer review team needs to review this PR labels May 11, 2021
@codyhoag codyhoag force-pushed the aws-restricted-network branch from 0d8254f to 388663b Compare May 11, 2021 15:18
@codyhoag codyhoag merged commit 30b657e into openshift:master May 11, 2021
@codyhoag
Copy link
Contributor Author

codyhoag commented May 11, 2021

/cherrypick enterprise-4.8

@codyhoag
Copy link
Contributor Author

codyhoag commented May 11, 2021

/cherrypick enterprise-4.7

@codyhoag
Copy link
Contributor Author

codyhoag commented May 11, 2021

/cherrypick enterprise-4.6

@codyhoag
Copy link
Contributor Author

codyhoag commented May 11, 2021

/cherrypick enterprise-4.5

@openshift-cherrypick-robot
Copy link

openshift-cherrypick-robot commented May 11, 2021

@codyhoag: #31935 failed to apply on top of branch "enterprise-4.7":

Applying: Installing a cluster on AWS in a restricted network
.git/rebase-apply/patch:493: trailing whitespace.
subnets: 
warning: 1 line adds whitespace errors.
Using index info to reconstruct a base tree...
M	_topic_map.yml
M	modules/installation-about-restricted-network.adoc
M	modules/installation-aws-config-yaml.adoc
M	modules/installation-configuration-parameters.adoc
M	modules/installation-custom-aws-vpc.adoc
M	modules/installation-initializing.adoc
M	modules/installation-launching-installer.adoc
Falling back to patching base and 3-way merge...
Auto-merging modules/installation-launching-installer.adoc
Auto-merging modules/installation-initializing.adoc
Auto-merging modules/installation-custom-aws-vpc.adoc
Auto-merging modules/installation-configuration-parameters.adoc
Auto-merging modules/installation-aws-config-yaml.adoc
CONFLICT (content): Merge conflict in modules/installation-aws-config-yaml.adoc
Auto-merging modules/installation-about-restricted-network.adoc
Auto-merging _topic_map.yml
error: Failed to merge in the changes.
hint: Use 'git am --show-current-patch=diff' to see the failed patch
Patch failed at 0001 Installing a cluster on AWS in a restricted network
When you have resolved this problem, run "git am --continue".
If you prefer to skip this patch, run "git am --skip" instead.
To restore the original branch and stop patching, run "git am --abort".
Details

In response to this:

/cherrypick enterprise-4.7

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-cherrypick-robot openshift-cherrypick-robot mentioned this pull request May 11, 2021
Merged
@openshift-cherrypick-robot
Copy link

openshift-cherrypick-robot commented May 11, 2021

@codyhoag: new pull request created: #32443

Details

In response to this:

/cherrypick enterprise-4.8

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-cherrypick-robot
Copy link

openshift-cherrypick-robot commented May 11, 2021

@codyhoag: #31935 failed to apply on top of branch "enterprise-4.6":

Applying: Installing a cluster on AWS in a restricted network
.git/rebase-apply/patch:493: trailing whitespace.
subnets: 
warning: 1 line adds whitespace errors.
Using index info to reconstruct a base tree...
M	_topic_map.yml
M	installing/install_config/installing-restricted-networks-preparations.adoc
A	installing/installing-preparing.adoc
M	modules/cli-installing-cli.adoc
M	modules/cluster-entitlements.adoc
M	modules/installation-about-restricted-network.adoc
M	modules/installation-aws-config-yaml.adoc
M	modules/installation-configuration-parameters.adoc
M	modules/installation-configure-proxy.adoc
M	modules/installation-custom-aws-vpc.adoc
M	modules/installation-initializing.adoc
M	modules/installation-launching-installer.adoc
M	modules/ssh-agent-using.adoc
Falling back to patching base and 3-way merge...
Auto-merging modules/ssh-agent-using.adoc
Auto-merging modules/installation-launching-installer.adoc
Auto-merging modules/installation-initializing.adoc
Auto-merging modules/installation-custom-aws-vpc.adoc
Auto-merging modules/installation-configure-proxy.adoc
Auto-merging modules/installation-configuration-parameters.adoc
Auto-merging modules/installation-aws-config-yaml.adoc
CONFLICT (content): Merge conflict in modules/installation-aws-config-yaml.adoc
Auto-merging modules/installation-about-restricted-network.adoc
Auto-merging modules/cluster-entitlements.adoc
Auto-merging modules/cli-installing-cli.adoc
CONFLICT (modify/delete): installing/installing-preparing.adoc deleted in HEAD and modified in Installing a cluster on AWS in a restricted network. Version Installing a cluster on AWS in a restricted network of installing/installing-preparing.adoc left in tree.
Auto-merging installing/install_config/installing-restricted-networks-preparations.adoc
Auto-merging _topic_map.yml
error: Failed to merge in the changes.
hint: Use 'git am --show-current-patch=diff' to see the failed patch
Patch failed at 0001 Installing a cluster on AWS in a restricted network
When you have resolved this problem, run "git am --continue".
If you prefer to skip this patch, run "git am --skip" instead.
To restore the original branch and stop patching, run "git am --abort".
Details

In response to this:

/cherrypick enterprise-4.6

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@openshift-cherrypick-robot
Copy link

openshift-cherrypick-robot commented May 11, 2021

@codyhoag: #31935 failed to apply on top of branch "enterprise-4.5":

Applying: Installing a cluster on AWS in a restricted network
.git/rebase-apply/patch:493: trailing whitespace.
subnets: 
warning: 1 line adds whitespace errors.
Using index info to reconstruct a base tree...
M	_topic_map.yml
M	installing/install_config/installing-restricted-networks-preparations.adoc
A	installing/installing-preparing.adoc
M	modules/cli-installing-cli.adoc
M	modules/cli-logging-in-kubeadmin.adoc
M	modules/cluster-entitlements.adoc
M	modules/installation-about-restricted-network.adoc
M	modules/installation-aws-config-yaml.adoc
M	modules/installation-configuration-parameters.adoc
M	modules/installation-configure-proxy.adoc
M	modules/installation-custom-aws-vpc.adoc
M	modules/installation-initializing.adoc
M	modules/installation-launching-installer.adoc
M	modules/ssh-agent-using.adoc
Falling back to patching base and 3-way merge...
Auto-merging modules/ssh-agent-using.adoc
Auto-merging modules/installation-launching-installer.adoc
Auto-merging modules/installation-initializing.adoc
Auto-merging modules/installation-custom-aws-vpc.adoc
Auto-merging modules/installation-configure-proxy.adoc
CONFLICT (content): Merge conflict in modules/installation-configure-proxy.adoc
Auto-merging modules/installation-configuration-parameters.adoc
Auto-merging modules/installation-aws-config-yaml.adoc
CONFLICT (content): Merge conflict in modules/installation-aws-config-yaml.adoc
Auto-merging modules/installation-about-restricted-network.adoc
CONFLICT (content): Merge conflict in modules/installation-about-restricted-network.adoc
Auto-merging modules/cluster-entitlements.adoc
Auto-merging modules/cli-logging-in-kubeadmin.adoc
Auto-merging modules/cli-installing-cli.adoc
CONFLICT (modify/delete): installing/installing-preparing.adoc deleted in HEAD and modified in Installing a cluster on AWS in a restricted network. Version Installing a cluster on AWS in a restricted network of installing/installing-preparing.adoc left in tree.
Auto-merging installing/install_config/installing-restricted-networks-preparations.adoc
Auto-merging _topic_map.yml
error: Failed to merge in the changes.
hint: Use 'git am --show-current-patch=diff' to see the failed patch
Patch failed at 0001 Installing a cluster on AWS in a restricted network
When you have resolved this problem, run "git am --continue".
If you prefer to skip this patch, run "git am --skip" instead.
To restore the original branch and stop patching, run "git am --abort".
Details

In response to this:

/cherrypick enterprise-4.5

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

This was referenced May 11, 2021
Merged
Merged
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kalexand-rh kalexand-rh kalexand-rh left review comments

+1 more reviewer

@staebler staebler staebler approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

branch/enterprise-4.5 branch/enterprise-4.6 branch/enterprise-4.7 branch/enterprise-4.8 peer-review-done Signifies that the peer review team has reviewed this PR size/L Denotes a PR that changes 100-499 lines, ignoring generated files.

Projects

None yet

Milestone

Next Release

Development

Successfully merging this pull request may close these issues.

6 participants

@codyhoag @yunjiang29 @staebler @openshift-cherrypick-robot @kalexand-rh @openshift-ci-robot