Merge pull request #32558 from xJustin/air-gapped-new

CCXDEV-4071 CCXDEV-4434 new chapter for restricted networks

Author: jeana-redhat

_topic_map.yml

@@ -429,6 +429,8 @@ Topics:
     File: opting-out-of-remote-health-reporting
   - Name: Using Insights to identify issues with your cluster
     File: using-insights-to-identify-issues-with-your-cluster
+  - Name: Using remote health reporting in a restricted network
+    File: remote-health-reporting-from-restricted-network
 - Name: Gathering data about your cluster
   File: gathering-cluster-data
   Distros: openshift-enterprise,openshift-origin

modules/insights-operator-enable-obfuscation.adoc

@@ -0,0 +1,35 @@
+// Module included in the following assemblies:
+//
+// * support/remote_health_monitoring/remote-health-reporting-from-restricted-network.adoc
+
+
+
+[id="insights-operator-enable-obfuscation_{context}"]
+= Enabling Insights Operator data obfuscation
+
+You can enable obfuscation to mask sensitive and identifiable IPv4 addresses and cluster base domains that the Insights Operator sends to link:https://cloud.redhat.com[cloud.redhat.com].
+
+[WARNING]
+====
+Although this feature is available, Red Hat recommends keeping obfuscation disabled for a more effective support experience.
+====
+
+Obfuscation assigns non-identifying values to cluster IPv4 addresses, and uses a translation table that is retained in memory to change IP addresses to their obfuscated versions throughout the Insights Operator archive before uploading the data to link:https://cloud.redhat.com[cloud.redhat.com].
+
+For cluster base domains, obfuscation changes the base domain to a hardcoded substring. For example, `cluster-api.openshift.example.com` becomes `cluster-api.<CLUSTER_BASE_DOMAIN>`.
+
+.Prerequisites
+
+* You are logged in to the {product-title} web console as `cluster-admin`.
+
+.Procedure
+
+. Navigate to *Workloads* -> *Secrets*.
+. Search for the *support* secret using the *Search by name* field. If it does not exist, click *Create* -> *Key/value secret* to create it.
+. Click the *Options* menu {kebab}, and then click *Edit Secret*.
+. Click *Add Key/Value*.
+. Create a key named `enableGlobalObfuscation` with a value of `true`, and click *Save*.
+. Navigate to *Workloads* -> *Pods*
+. Select the `openshift-insights` project.
+. Find the `insights-operator` pod.
+. To restart the `insights-operator` pod, click the *Options* menu {kebab}, and then click *Delete Pod*.

modules/insights-operator-manual-upload.adoc

@@ -0,0 +1,72 @@
+// Module included in the following assemblies:
+//
+// * support/remote_health_monitoring/remote-health-reporting-from-restricted-network.adoc
+
+
+
+[id="insights-operator-manual-upload_{context}"]
+= Uploading an Insights Operator archive
+
+You can manually upload an Insights Operator archive to link:https://cloud.redhat.com[cloud.redhat.com] to diagnose potential issues.
+
+.Prerequisites
+
+* You are logged in to {product-title} as `cluster-admin`.
+* You have a workstation with unrestricted internet access.
+* You have created a copy of the Insights Operator archive.
+
+.Procedure
+
+. Download the `dockerconfig.json` file:
++
+[source,terminal]
+----
+$ oc extract secret/pull-secret -n openshift-config --to=.
+----
+. Copy your `"cloud.openshift.com"` `"auth"` token from the `dockerconfig.json` file:
++
+[source,json,subs="+quotes"]
+----
+{    
+  "auths": {        
+    "cloud.openshift.com": {            
+      "auth": "_<your_token>_",
+      "email": "[email protected]"
+    }
+}
+----
+
+
+. Upload the archive to link:https://cloud.redhat.com[cloud.redhat.com]:
++
+[source,terminal,subs="+quotes"]
+----
+$ curl -v -H "User-Agent: insights-operator/one10time200gather184a34f6a168926d93c330 cluster/_<cluster_id>_" -H "Authorization: Bearer _<your_token>_" -F "upload=@_<path_to_archive>_; type=application/vnd.redhat.openshift.periodic+tar" https://cloud.redhat.com/api/ingress/v1/upload
+----
+where `_<cluster_id>_` is your cluster ID, `_<your_token>_` is the token from your pull secret, and `_<path_to_archive>_` is the path to the Insights Operator archive. 
++
+If the operation is successful, the command returns a `"request_id"` and `"account_number"`:
++
+.Example output
++
+[source,terminal]
+----
+* Connection #0 to host cloud.redhat.com left intact
+{"request_id":"393a7cf1093e434ea8dd4ab3eb28884c","upload":{"account_number":"6274079"}}%
+----
+
+.Verification steps
+
+. Log in to link:https://cloud.redhat.com/openshift[].
+
+. Click the *Clusters* menu in the left pane.
+
+. To display the details of the cluster, click the cluster name.
+
+. Open the *Insights Advisor* tab of the cluster.
++
+If the upload was successful, the tab displays one of the following:
++
+* *Your cluster passed all recommendations*, if Insights Advisor did not identify any issues.
+
+* A list of issues that Insights Advisor has detected, prioritized by risk (low, moderate, important, and critical).

modules/insights-operator-one-time-gather.adoc

@@ -0,0 +1,87 @@
+// Module included in the following assemblies:
+//
+// * support/remote_health_monitoring/remote-health-reporting-from-restricted-network.adoc
+
+
+
+[id="insights-operator-one-time-gather_{context}"]
+= Running an Insights Operator gather operation 
+
+You must run a gather operation to create an Insights Operator archive.
+
+.Prerequisites
+
+* You are logged in to {product-title} as `cluster-admin`.
+
+.Procedure
+
+. Create a file named `gather-job.yaml` using this template:
++
+[source,yaml]
+----
+include::https://raw.githubusercontent.com/openshift/insights-operator/release-4.8/docs/gather-job.yaml[]
+----
+. Copy your `insights-operator` image version:
++
+[source,terminal]
+----
+$ oc get -n openshift-insights deployment insights-operator -o yaml
+----
+. Paste your image version in `gather-job.yaml`:
++
+[source,yaml,subs="+quotes"]
+----
+initContainers:
+      - name: insights-operator
+        image: _<your_insights_operator_image_version>_
+        terminationMessagePolicy: FallbackToLogsOnError
+        volumeMounts:
+----
+. Create the gather job:
++
+[source,terminal]
+----
+$ oc apply -n openshift-insights -f gather-job.yaml
+----
+. Find the name of the job pod:
++
+[source,terminal]
+----
+$ oc describe -n openshift-insights job/insights-operator-job
+----
++
+.Example output
+[source,terminal,subs="+quotes"]
+----
+Events:
+  Type    Reason            Age    From            Message
+  ----    ------            ----   ----            -------
+  Normal  SuccessfulCreate  7m18s  job-controller  Created pod: insights-operator-job-_<your_job>_ 
+----
+where `insights-operator-job-_<your_job>_` is the name of the pod. 
+
+. Verify that the operation has finished:
++
+[source,terminal,subs="+quotes"]
+----
+$ oc logs -n openshift-insights insights-operator-job-_<your_job>_ insights-operator
+----
++
+.Example output
+[source,terminal]
+----
+I0407 11:55:38.192084       1 diskrecorder.go:34] Wrote 108 records to disk in 33ms  
+----
+. Save the created archive:
++
+[source,terminal,subs="+quotes"]
+----
+$ oc cp openshift-insights/insights-operator-job-_<your_job>_:/var/lib/insights-operator ./insights-data
+----
+. Clean up the job:
++
+[source,terminal]
+----
+$ oc delete -n openshift-insights job insights-operator-job
+----
+

support/remote_health_monitoring/remote-health-reporting-from-restricted-network.adoc

@@ -0,0 +1,23 @@
+[id="remote-health-reporting-from-restricted-network"]
+= Using remote health reporting in a restricted network
+include::modules/common-attributes.adoc[]
+:context: remote-health-reporting-from-restricted-network
+
+toc::[]
+
+You can manually gather and upload Insights Operator archives to diagnose issues from a restricted network. 
+
+To use the Insights Operator in a restricted network, you must:
+
+* Create a copy of your Insights Operator archive.
+* Upload the Insights Operator archive to link:https://cloud.redhat.com[cloud.redhat.com].
+
+Additionally, you can choose to xref:../../support/remote_health_monitoring/remote-health-reporting-from-restricted-network.adoc#insights-operator-enable-obfuscation_remote-health-reporting-from-restricted-network[obfuscate] the Insights Operator data before upload. 
+
+
+include::modules/insights-operator-one-time-gather.adoc[leveloffset=+1]
+
+include::modules/insights-operator-manual-upload.adoc[leveloffset=+1]
+
+include::modules/insights-operator-enable-obfuscation.adoc[leveloffset=+1]
+