PSC UI

Author: mletalie

modules/osd-create-cluster-ccs.adoc

@@ -220,12 +220,20 @@ endif::osd-on-aws[]
 . Optional: Expand *Edit node labels* to add labels to your nodes. Click *Add label* to add more node labels and select *Next*.
 
 . On the *Network configuration* page, select *Public* or *Private* to use either public or private API endpoints and application routes for your cluster.
+ifdef::osd-on-gcp[]
+If you select *Private*, *Use Private Service Connect* is selected by default. Private Service Connect (PSC) is Google Cloud’s security-enhanced networking feature. You can disable PSC by clicking the *Use Private Service Connect* checkbox.
++
+[NOTE]
+====
+Red Hat recommends using Private Service Connect when deploying a private {product-title} cluster on Google Cloud. Private Service Connect ensures there is a secured, private connectivity between Red Hat infrastructure, Site Reliability Engineering (SRE) and private {product-title} clusters.
+====
+endif::osd-on-gcp[]
 +
 [IMPORTANT]
 ====
 If you are using private API endpoints, you cannot access your cluster until you update the network settings in your cloud provider account.
 ====
-
++
 ifdef::osd-on-aws[]
 . Optional: To install the cluster in an existing AWS Virtual Private Cloud (VPC):
 .. Select *Install into an existing VPC*.
@@ -242,7 +250,28 @@ endif::osd-on-aws[]
 ifdef::osd-on-gcp[]
 . Optional: To install the cluster in an existing GCP Virtual Private Cloud (VPC):
 .. Select *Install into an existing VPC*.
++
+[IMPORTANT]
+====
+Private Service Connect is supported only with *Install into an existing VPC*.
+====
++
 .. If you are installing into an existing VPC and you want to enable an HTTP or HTTPS proxy for your cluster, select *Configure a cluster-wide proxy*.
++
+[IMPORTANT]
+====
+In order to configure a cluster-wide proxy for your cluster, you must first create the Cloud network address translation (NAT) and a Cloud router. See the _Additional resources_ section for more information.
+====
++
+. Accept the default application ingress settings, or to create your own custom settings, select *Custom Settings*.
+
+.. Optional: Provide route selector.
+.. Optional: Provide excluded namespaces.
+.. Select a namespace ownership policy.
+.. Select a wildcard policy.
++
+For more information about custom application ingress settings, click on the information icon provided for each setting.
+
 endif::osd-on-gcp[]
 +
 . Click *Next*.
@@ -253,7 +282,7 @@ ifdef::osd-on-gcp[]
 [IMPORTANT]
 ====
 
-To install a cluster into a Shared VPC, you must use {product-title} version 4.13.15 or above. Additionally, the VPC owner of the host project must enable a project as a host project in their Google Cloud console. For more information, see link:https://cloud.google.com/vpc/docs/provisioning-shared-vpc#set-up-shared-vpc[Enable a host project].
+To install a cluster into a Shared VPC, you must use {product-title} version 4.13.15 or later. Additionally, the VPC owner of the host project must enable a project as a host project in their Google Cloud console. For more information, see link:https://cloud.google.com/vpc/docs/provisioning-shared-vpc#set-up-shared-vpc[Enable a host project].
 ====
 
 .. Select *Install into GCP Shared VPC*.

modules/osd-create-cluster-gcp-account.adoc

@@ -90,22 +90,46 @@ After your cluster is created, you can change the number of compute nodes, but y
 
 . Click *Next*.
 
-. In the *Cluster privacy* dialog, select *Public* or *Private* to use either public or private API endpoints and application routes for your cluster.
+. In the *Cluster privacy* dialog, select *Public* or *Private* to use either public or private API endpoints and application routes for your cluster. If you select *Private*, *Use Private Service Connect* is selected by default. Private Service Connect (PSC) is Google Cloud’s security-enhanced networking feature. You can disable PSC by clicking the *Use Private Service Connect* checkbox.
++
+[NOTE]
+====
+Red Hat recommends using Private Service Connect when deploying a private {product-title} cluster on Google Cloud. Private Service Connect ensures there is a secured, private connectivity between Red Hat infrastructure, Site Reliability Engineering (SRE) and private {product-title} clusters.
+====
+//Once PSC docs are live add link from note above.
 +
 . Optional: To install the cluster in an existing GCP Virtual Private Cloud (VPC):
 .. Select *Install into an existing VPC*.
++
+[IMPORTANT]
+====
+Private Service Connect is supported only with *Install into an existing VPC*.
+====
++
 .. If you are installing into an existing VPC and you want to enable an HTTP or HTTPS proxy for your cluster, select *Configure a cluster-wide proxy*.
++
+[IMPORTANT]
+====
+In order to configure a cluster-wide proxy for your cluster, you must first create the Cloud network address translation (NAT) and a Cloud router. See the _Additional resources_ section for more information.
+====
++
+. Accept the default application ingress settings, or to create your own custom settings, select *Custom Settings*.
 
+.. Optional: Provide route selector.
+.. Optional: Provide excluded namespaces.
+.. Select a namespace ownership policy.
+.. Select a wildcard policy.
 +
+For more information about custom application ingress settings, click on the information icon provided for each setting.
+
 . Click *Next*.
-+
 
 . Optional: To install the cluster into a GCP Shared VPC:
 +
 [IMPORTANT]
 ====
 
-To install a cluster into a Shared VPC, you must use {product-title} version 4.13.15 or above. Additionally, the VPC owner of the host project must enable a project as a host project in their Google Cloud console. For more information, see link:https://cloud.google.com/vpc/docs/provisioning-shared-vpc#set-up-shared-vpc[Enable a host project].
+To install a cluster into a Shared VPC, you must use {product-title} version 4.13.15 or later. Additionally, the VPC owner of the host project must enable a project as a host project in their Google Cloud console. For more information, see link:https://cloud.google.com/vpc/docs/provisioning-shared-vpc#set-up-shared-vpc[Enable a host project].
 ====
 
 .. Select *Install into GCP Shared VPC*.
@@ -119,8 +143,6 @@ For information about Shared VPC permissions, see link:https://cloud.google.com/
 ====
 +
 . If you opted to install the cluster in an existing GCP VPC, provide your *Virtual Private Cloud (VPC) subnet settings* and select *Next*.
-You must have created the Cloud network address translation (NAT) and a Cloud router. See the "Additional resources" section for information about Cloud NATs and Google VPCs.
-
 +
 [NOTE]
 ====

modules/osd-create-cluster-rhm-gcp-account.adoc

@@ -90,22 +90,45 @@ After your cluster is created, you can change the number of compute nodes, but y
 
 . Click *Next*.
 
-. In the *Cluster privacy* dialog, select *Public* or *Private* to use either public or private API endpoints and application routes for your cluster.
+. In the *Cluster privacy* dialog, select *Public* or *Private* to use either public or private API endpoints and application routes for your cluster. If you select *Private*, *Use Private Service Connect* is selected by default. Private Service Connect (PSC) is Google Cloud’s security-enhanced networking feature. You can disable PSC by clicking the *Use Private Service Connect* checkbox.
++
+[NOTE]
+====
+Red Hat recommends using Private Service Connect when deploying a private {product-title} cluster on Google Cloud. Private Service Connect ensures there is a secured, private connectivity between Red Hat infrastructure, Site Reliability Engineering (SRE) and private {product-title} clusters.
+====
+//Once PSC docs are live add link from note above.
 +
 . Optional: To install the cluster in an existing GCP Virtual Private Cloud (VPC):
 .. Select *Install into an existing VPC*.
++
+[IMPORTANT]
+====
+Private Service Connect is supported only with *Install into an existing VPC*.
+====
++
 .. If you are installing into an existing VPC and you want to enable an HTTP or HTTPS proxy for your cluster, select *Configure a cluster-wide proxy*.
++
+[IMPORTANT]
+====
+In order to configure a cluster-wide proxy for your cluster, you must first create the Cloud network address translation (NAT) and a Cloud router. See the _Additional resources_ section for more information.
+====
++
+. Accept the default application ingress settings, or to create your own custom settings, select *Custom Settings*.
 
+.. Optional: Provide route selector.
+.. Optional: Provide excluded namespaces.
+.. Select a namespace ownership policy.
+.. Select a wildcard policy.
 +
+For more information about custom application ingress settings, click on the information icon provided for each setting.
+
 . Click *Next*.
-+
 
-. Optional: To install the cluster into a GCP Shared VPC:
+. Optional: To install the cluster into a GCP shared VPC:
 +
 [IMPORTANT]
 ====
-
-To install a cluster into a Shared VPC, you must use {product-title} version 4.13.15 or above. Additionally, the VPC owner of the host project must enable a project as a host project in their Google Cloud console. For more information, see link:https://cloud.google.com/vpc/docs/provisioning-shared-vpc#set-up-shared-vpc[Enable a host project].
+To install a cluster into a GCP shared VPC, you must use {product-title} version 4.13.15 or later. Additionally, the VPC owner of the host project must enable a project as a host project in their Google Cloud console. For more information, see link:https://cloud.google.com/vpc/docs/provisioning-shared-vpc#set-up-shared-vpc[Enable a host project].
 ====
 
 .. Select *Install into GCP Shared VPC*.
@@ -118,17 +141,18 @@ The VPC owner of the host project has 30 days to grant the listed permissions be
 For information about Shared VPC permissions, see link:https://cloud.google.com/vpc/docs/provisioning-shared-vpc#migs-service-accounts[Provision Shared VPC].
 ====
 +
-. If you opted to install the cluster in an existing GCP VPC, provide your *Virtual Private Cloud (VPC) subnet settings* and select *Next*.
-You must have created the Cloud network address translation (NAT) and a Cloud router. See the "Additional resources" section for information about Cloud NATs and Google VPCs.
+. If you opted to install the cluster into an existing VPC, provide your *Virtual Private Cloud (VPC) subnet settings* and select *Next*.
 +
+
 [NOTE]
 ====
-If you are installing a cluster into a Shared VPC, the VPC name and subnets are shared from the host project.
+If you are installing a cluster into a GCP Shared VPC, the VPC name and subnets are shared from the host project.
 ====
 +
+
 . Click *Next*.
 . If you opted to configure a cluster-wide proxy, provide your proxy configuration details on the *Cluster-wide proxy* page:
-+
+
 .. Enter a value in at least one of the following fields:
 ** Specify a valid *HTTP proxy URL*.
 ** Specify a valid *HTTPS proxy URL*.