You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In {product-title} version {product-version}, you can install a cluster to the following Amazon Web Services (AWS) China regions:
9
+
10
+
* `cn-north-1` (Beijing)
11
+
* `cn-northwest-1` (Ningxia)
12
+
13
+
== Prerequisites
14
+
15
+
* You have an Internet Content Provider (ICP) license.
16
+
* You reviewed details about the xref:../../architecture/architecture-installation.adoc#architecture-installation[{product-title} installation and update] processes.
17
+
* You read the documentation on xref:../../installing/installing-preparing.adoc#installing-preparing[selecting a cluster installation method and preparing it for users].
18
+
* You xref:../../installing/installing_aws/installing-aws-account.adoc#installing-aws-account[configured an AWS account] to host the cluster.
19
+
* If you use a firewall, you xref:../../installing/install_config/configuring-firewall.adoc#configuring-firewall[configured it to allow the sites] that your cluster requires access to.
20
+
* If the cloud identity and access management (IAM) APIs are not accessible in your environment, or if you do not want to store an administrator-level credential secret in the `kube-system` namespace, you can xref:../../installing/installing_aws/manually-creating-iam.adoc#manually-creating-iam-aws[manually create and maintain IAM credentials].
21
+
22
+
[IMPORTANT]
23
+
====
24
+
If you have an AWS profile stored on your computer, it must not use a temporary session token that you generated while using a multi-factor authentication device. The cluster continues to use your current AWS credentials to create AWS resources for the entire life of the cluster, so you must use long-lived credentials. To generate appropriate keys, see link:https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html[Managing Access Keys for IAM Users] in the AWS documentation. You can supply the keys when you run the installation program.
* See xref:../../web_console/web-console.adoc#web-console[Accessing the web console] for more details about accessing and understanding the {product-title} web console.
61
+
* See xref:../../support/remote_health_monitoring/about-remote-health-monitoring.adoc#about-remote-health-monitoring[About remote health monitoring] for more information about the Telemetry service.
62
+
63
+
== Next steps
64
+
65
+
* xref:../../installing/validating-an-installation.adoc#validating-an-installation[Validating an installation].
66
+
* xref:../../post_installation_configuration/cluster-tasks.adoc#available_cluster_customizations[Customize your cluster].
67
+
* If necessary, you can xref:../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#opting-out-remote-health-reporting_opting-out-remote-health-reporting[opt out of remote health reporting].
68
+
* If necessary, you can xref:../../authentication/managing_cloud_provider_credentials/cco-mode-mint.adoc#manually-removing-cloud-creds_cco-mode-mint[remove cloud provider credentials].
Copy file name to clipboardExpand all lines: installing/installing_aws/installing-aws-government-region.adoc
+4-2Lines changed: 4 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -24,6 +24,7 @@ If you have an AWS profile stored on your computer, it must not use a temporary
24
24
* If the cloud identity and access management (IAM) APIs are not accessible in your environment, or if you do not want to store an administrator-level credential secret in the `kube-system` namespace, you can xref:../../installing/installing_aws/manually-creating-iam.adoc#manually-creating-iam-aws[manually create and maintain IAM credentials].
If your cluster cannot have direct internet access, you can perform a restricted network installation on some types of infrastructure that you provision. During that process, you download the content that is required and use it to populate a mirror registry with the packages that you need to install a cluster and generate the installation program. With some installation types, the environment that you install your cluster in will not require internet access. Before you update the cluster, you update the content of the mirror registry.
134
+
If your cluster cannot have direct internet access, you can perform a restricted network installation on some types of infrastructure that you provision. During that process, you download the required content and use it to populate a mirror registry with the installation packages. With some installation types, the environment that you install your cluster in will not require internet access. Before you update the cluster, you update the content of the mirror registry.
Copy file name to clipboardExpand all lines: modules/installation-aws-about-government-region.adoc
-9Lines changed: 0 additions & 9 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -21,12 +21,3 @@ The following AWS GovCloud partitions are supported:
21
21
The following AWS Secret Region partition is supported:
22
22
23
23
* `us-iso-east-1`
24
-
25
-
The AWS government or secret region, and accompanying custom AMI, must be manually configured in the
26
-
`install-config.yaml` file since {op-system} AMIs are not provided by Red Hat
27
-
for those regions.
28
-
29
-
[IMPORTANT]
30
-
====
31
-
If you are deploying to the C2S Secret Region, you must also define a custom CA certificate in the `additionalTrustBundle` field of the `install-config.yaml` file because the AWS API requires a custom CA trust bundle. To allow the installation program to access the AWS API, the CA certificates must also be defined on the machine that runs the installation program. You must add the CA bundle to the trust store on the machine, use the `AWS_CA_BUNDLE` environment variable, or define the CA bundle in the link:https://docs.aws.amazon.com/credref/latest/refdocs/setting-global-ca_bundle.html[`ca_bundle`] field of the AWS config file.
= Sample customized `install-config.yaml` file for AWS
34
39
35
-
You can customize the `install-config.yaml` file to specify more details about
40
+
You can customize the installation configuration file (`install-config.yaml`) to specify more details about
36
41
your {product-title} cluster's platform or modify the values of the required
37
42
parameters.
38
43
44
+
ifndef::china,gov[]
39
45
[IMPORTANT]
40
46
====
41
47
This sample YAML file is provided for reference only. You must obtain your
42
48
`install-config.yaml` file by using the installation program and modify it.
43
49
====
50
+
endif::china,gov[]
51
+
52
+
ifdef::china,gov[]
53
+
[IMPORTANT]
54
+
====
55
+
This sample YAML file is provided for reference only. Use it as a resource to enter parameter values into the installation configuration file that you created manually.
<1> Required. The installation program prompts you for this value.
225
-
endif::gov[]
226
-
ifdef::gov[]
259
+
endif::gov,china[]
260
+
ifdef::gov,china[]
227
261
<1> Required.
228
-
endif::gov[]
262
+
endif::gov,china[]
229
263
<2> Optional: Add this parameter to force the Cloud Credential Operator (CCO) to use the specified mode, instead of having the CCO dynamically try to determine the capabilities of the credentials. For details about CCO modes, see the _Cloud Credential Operator_ entry in the _Red Hat Operators reference_ content.
230
264
<3> If you do not provide these parameters and values, the installation program
You can deploy an {product-title} cluster to Amazon Web Services (AWS) regions
10
25
without native support for a {op-system-first} Amazon Machine Image (AMI) or the
11
26
AWS software development kit (SDK). If a
12
27
published AMI is not available for an AWS region, you can upload a custom AMI
13
-
prior to installing the cluster. This is required if you are deploying your
14
-
cluster to an AWS government or secret region. AWS government and secret regions are supported by the AWS SDK.
28
+
prior to installing the cluster.
15
29
16
30
If you are deploying to a region not supported by the AWS SDK
17
31
and you do not specify a custom AMI, the installation program
@@ -25,3 +39,32 @@ A region without native support for an {op-system} AMI is not available to
25
39
select from the terminal during cluster creation because it is not published.
26
40
However, you can install to this region by configuring the custom AMI in the
27
41
`install-config.yaml` file.
42
+
endif::aws-china,aws-gov[]
43
+
44
+
ifdef::aws-china,aws-gov[]
45
+
ifdef::aws-china[Red Hat does not publish a {op-system-first} Amazon Machine Image (AMI) for the AWS China regions.]
46
+
ifdef::aws-gov[Red Hat does not publish a {op-system-first} Amzaon Machine Image for the AWS government or secret regions.]
47
+
48
+
Before you can install the cluster, you must:
49
+
50
+
* Upload a custom {op-system} AMI.
51
+
* Manually create the installation configuration file (`install-config.yaml`).
52
+
* Specify the AWS region, and the accompanying custom AMI, in the installation configuration file.
53
+
54
+
You cannot use the {product-title} installation program to create the installation configuration file. The installer does not list an AWS region without native support for an {op-system} AMI.
55
+
56
+
ifdef::aws-gov[]
57
+
[IMPORTANT]
58
+
====
59
+
If you are deploying to the C2S Secret Region, you must also define a custom CA certificate in the `additionalTrustBundle` field of the `install-config.yaml` file because the AWS API requires a custom CA trust bundle. To allow the installation program to access the AWS API, the CA certificates must also be defined on the machine that runs the installation program. You must add the CA bundle to the trust store on the machine, use the `AWS_CA_BUNDLE` environment variable, or define the CA bundle in the link:https://docs.aws.amazon.com/credref/latest/refdocs/setting-global-ca_bundle.html[`ca_bundle`] field of the AWS config file.
0 commit comments