You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: installing/installing_aws/installing-aws-government-region.adoc
+3-5Lines changed: 3 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,12 +1,12 @@
1
1
[id="installing-aws-government-region"]
2
-
= Installing a cluster on AWS into a government or secret region
2
+
= Installing a cluster on AWS into a government region
3
3
include::modules/common-attributes.adoc[]
4
4
:context: installing-aws-government-region
5
5
6
6
toc::[]
7
7
8
8
In {product-title} version {product-version}, you can install a cluster on
9
-
Amazon Web Services (AWS) into a government or secret region. To configure the
9
+
Amazon Web Services (AWS) into a government region. To configure the
10
10
region, modify parameters in the `install-config.yaml` file before you
11
11
install the cluster.
12
12
@@ -24,7 +24,7 @@ If you have an AWS profile stored on your computer, it must not use a temporary
24
24
* If the cloud identity and access management (IAM) APIs are not accessible in your environment, or if you do not want to store an administrator-level credential secret in the `kube-system` namespace, you can xref:../../installing/installing_aws/manually-creating-iam.adoc#manually-creating-iam-aws[manually create and maintain IAM credentials].
link:https://aws.amazon.com/govcloud-us[AWS GovCloud (US)] regions and the link:https://aws.amazon.com/federal/us-intelligence-community/[AWS Commercial Cloud Services (C2S) Secret Region]. These regions are specifically designed for US government agencies at the federal, state, and
10
-
local level, as well as contractors, educational institutions, and other US
11
-
customers that must run sensitive workloads in the cloud.
These regions do not have published {op-system-first} Amazon Machine Images (AMI) to select, so you
20
+
ifdef::aws-gov[]
21
+
{product-title} supports deploying a cluster to an link:https://aws.amazon.com/govcloud-us[AWS GovCloud (US)] region.
22
+
endif::aws-gov[]
23
+
24
+
ifdef::aws-secret[]
25
+
{product-title} supports deploying a cluster to an link:https://aws.amazon.com/federal/us-intelligence-community/[AWS Commercial Cloud Services (C2S) Secret Region].
26
+
endif::aws-secret[]
27
+
28
+
ifdef::aws-secret[]
29
+
The C2S Secret Region does not have a published {op-system-first} Amazon Machine Images (AMI) to select, so you
14
30
must upload a custom AMI that belongs to that region.
31
+
endif::aws-secret[]
15
32
33
+
ifdef::aws-gov[]
16
34
The following AWS GovCloud partitions are supported:
17
35
18
-
* `us-gov-west-1`
19
36
* `us-gov-east-1`
37
+
* `us-gov-west-1`
38
+
endif::aws-gov[]
20
39
40
+
ifdef::aws-secret[]
21
41
The following AWS Secret Region partition is supported:
@@ -41,20 +46,20 @@ You can customize the installation configuration file (`install-config.yaml`) to
41
46
your {product-title} cluster's platform or modify the values of the required
42
47
parameters.
43
48
44
-
ifndef::china,gov[]
49
+
ifndef::china,gov,secret[]
45
50
[IMPORTANT]
46
51
====
47
52
This sample YAML file is provided for reference only. You must obtain your
48
53
`install-config.yaml` file by using the installation program and modify it.
49
54
====
50
-
endif::china,gov[]
55
+
endif::china,gov,secret[]
51
56
52
-
ifdef::china,gov[]
57
+
ifdef::china,gov,secret[]
53
58
[IMPORTANT]
54
59
====
55
60
This sample YAML file is provided for reference only. Use it as a resource to enter parameter values into the installation configuration file that you created manually.
<1> Required. The installation program prompts you for this value.
259
-
endif::gov,china[]
260
-
ifdef::gov,china[]
274
+
endif::gov,secret,china[]
275
+
ifdef::gov,secret,china[]
261
276
<1> Required.
262
-
endif::gov,china[]
263
-
<2> Optional: Add this parameter to force the Cloud Credential Operator (CCO) to use the specified mode, instead of having the CCO dynamically try to determine the capabilities of the credentials. For details about CCO modes, see the _Cloud Credential Operator_ entry in the _Platform Operators reference_ content.
277
+
endif::gov,secret,china[]
278
+
<2> Optional: Add this parameter to force the Cloud Credential Operator (CCO) to use the specified mode, instead of having the CCO dynamically try to determine the capabilities of the credentials. For details about CCO modes, see the _Cloud Credential Operator_ entry in the _Red Hat Operators reference_ content.
264
279
<3> If you do not provide these parameters and values, the installation program
265
280
provides the default value.
266
281
<4> The `controlPlane` section is a single mapping, but the compute section is a
@@ -343,14 +358,14 @@ ifdef::openshift-origin[]
343
358
<12> How to publish the user-facing endpoints of your cluster. Set `publish` to `Internal` to deploy a private cluster, which cannot be accessed from the internet. The default value is `External`.
344
359
endif::openshift-origin[]
345
360
endif::private[]
346
-
ifdef::gov[]
361
+
ifdef::secret[]
347
362
ifndef::openshift-origin[]
348
363
<14> The custom CA certificate. This is required when deploying to the AWS C2S Secret Region because the AWS API requires a custom CA trust bundle.
349
364
endif::openshift-origin[]
350
365
ifdef::openshift-origin[]
351
366
<13> The custom CA certificate. This is required when deploying to the AWS C2S Secret Region because the AWS API requires a custom CA trust bundle.
352
367
endif::openshift-origin[]
353
-
endif::gov[]
368
+
endif::secret[]
354
369
ifdef::restricted[]
355
370
ifndef::openshift-origin[]
356
371
<13> For `<local_registry>`, specify the registry domain name, and optionally the
You can deploy an {product-title} cluster to Amazon Web Services (AWS) regions
25
28
without native support for a {op-system-first} Amazon Machine Image (AMI) or the
26
29
AWS software development kit (SDK). If a
@@ -39,11 +42,11 @@ A region without native support for an {op-system} AMI is not available to
39
42
select from the terminal during cluster creation because it is not published.
40
43
However, you can install to this region by configuring the custom AMI in the
41
44
`install-config.yaml` file.
42
-
endif::aws-china,aws-gov[]
45
+
endif::aws-china,aws-secret[]
43
46
44
-
ifdef::aws-china,aws-gov[]
47
+
ifdef::aws-china,aws-secret[]
45
48
ifdef::aws-china[Red Hat does not publish a {op-system-first} Amazon Machine Image (AMI) for the AWS China regions.]
46
-
ifdef::aws-gov[Red Hat does not publish a {op-system-first} Amzaon Machine Image for the AWS government or secret regions.]
49
+
ifdef::aws-secret[Red Hat does not publish a {op-system-first} Amzaon Machine Image for the AWS secret region.]
47
50
48
51
Before you can install the cluster, you must:
49
52
@@ -53,18 +56,21 @@ Before you can install the cluster, you must:
53
56
54
57
You cannot use the {product-title} installation program to create the installation configuration file. The installer does not list an AWS region without native support for an {op-system} AMI.
55
58
56
-
ifdef::aws-gov[]
59
+
ifdef::aws-secret[]
57
60
[IMPORTANT]
58
61
====
59
62
If you are deploying to the C2S Secret Region, you must also define a custom CA certificate in the `additionalTrustBundle` field of the `install-config.yaml` file because the AWS API requires a custom CA trust bundle. To allow the installation program to access the AWS API, the CA certificates must also be defined on the machine that runs the installation program. You must add the CA bundle to the trust store on the machine, use the `AWS_CA_BUNDLE` environment variable, or define the CA bundle in the link:https://docs.aws.amazon.com/credref/latest/refdocs/setting-global-ca_bundle.html[`ca_bundle`] field of the AWS config file.
0 commit comments