Merge pull request #63336 from xenolinux/azure-restricted-nw-upi

 OSDOCS#6792: Azure: Document installing OpenShift in a disconnected environment (UPI)

Author: stevsmit

_topic_maps/_topic_map.yml

@@ -213,6 +213,8 @@ Topics:
     File: installing-azure-private
   - Name: Installing a cluster on Azure into a government region
     File: installing-azure-government-region
+  - Name: Installing a cluster on Azure in a restricted network with user-provisioned infrastructure
+    File: installing-restricted-networks-azure-user-provisioned  
   - Name: Installing a cluster on Azure using ARM templates
     File: installing-azure-user-infra
   - Name: Installing a cluster on Azure in a restricted network

installing/installing_azure/installing-restricted-networks-azure-user-provisioned.adoc

@@ -0,0 +1,149 @@
+:_content-type: ASSEMBLY
+[id="installing-restricted-networks-azure-user-provisioned"]
+= Installing a cluster on Azure in a restricted network with user-provisioned infrastructure
+include::_attributes/common-attributes.adoc[]
+:context: installing-restricted-networks-azure-user-provisioned
+
+toc::[]
+
+In {product-title} version {product-version}, you can install a cluster on Microsoft Azure by using infrastructure that you provide.
+
+Several link:https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/overview[Azure Resource Manager] (ARM) templates are provided to assist in completing these steps or to help model your own.
+
+[IMPORTANT]
+====
+The steps for performing a user-provisioned infrastructure installation are provided as an example only. Installing a cluster with infrastructure you provide requires knowledge of the cloud provider and the installation process of {product-title}. Several ARM templates are provided to assist in completing these steps or to help model your own. You are also free to create the required resources through other methods.
+====
+
+.Prerequisites
+
+* You reviewed details about the xref:../../architecture/architecture-installation.adoc#architecture-installation[{product-title} installation and update] processes.
+* You read the documentation on xref:../../installing/installing-preparing.adoc#installing-preparing[selecting a cluster installation method and preparing it for users].
+* You xref:../../installing/installing_azure/installing-azure-account.adoc#installing-azure-account[configured an Azure account] to host the cluster and determined the tested and validated region to deploy the cluster to.
+* You xref:../../installing/disconnected_install/installing-mirroring-installation-images.adoc#installation-about-mirror-registry_installing-mirroring-installation-images[mirrored the images for a disconnected installation] to your registry and obtained the `imageContentSources` data for your version of {product-title}.
++
+[IMPORTANT]
+====
+Because the installation media is on the mirror host, you must use that computer to complete all installation steps.
+====
+* If you use a firewall, you xref:../../installing/install_config/configuring-firewall.adoc#configuring-firewall[configured it to allow the sites] that your cluster requires access to.
+* If the cloud identity and access management (IAM) APIs are not accessible in your environment, or if you do not want to store an administrator-level credential secret in the `kube-system` namespace, you have xref:../../installing/installing_azure/manually-creating-iam-azure.adoc#manually-creating-iam-azure[manually created and maintain IAM credentials].
+* If you use customer-managed encryption keys, you xref:../../installing/installing_azure/enabling-user-managed-encryption-azure.adoc#enabling-user-managed-encryption-azure[prepared your Azure environment for encryption].
+
+include::modules/installation-about-restricted-network.adoc[leveloffset=+1]
+
+include::modules/cluster-entitlements.adoc[leveloffset=+2]
+
+[id="installation-azure-restricted-user-infra-config-project"]
+== Configuring your Azure project
+
+Before you can install {product-title}, you must configure an Azure project to host it.
+
+[IMPORTANT]
+====
+All Azure resources that are available through public endpoints are subject to resource name restrictions, and you cannot create resources that use certain terms. For a list of terms that Azure restricts, see link:https://docs.microsoft.com/en-us/azure/azure-resource-manager/resource-manager-reserved-resource-name[Resolve reserved resource name errors] in the Azure documentation.
+====
+
+include::modules/installation-azure-limits.adoc[leveloffset=+2]
+
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../../scalability_and_performance/optimization/optimizing-storage.adoc#optimizing-storage[Optimizing storage]
+
+include::modules/installation-azure-network-config.adoc[leveloffset=+2]
+
+You can view Azure's DNS solution by visiting this xref:installation-azure-create-dns-zones_{context}[example for creating DNS zones].
+
+include::modules/installation-azure-increasing-limits.adoc[leveloffset=+2]
+
+include::modules/csr-management.adoc[leveloffset=+2]
+
+include::modules/installation-azure-permissions.adoc[leveloffset=+2]
+
+include::modules/minimum-required-permissions-upi-azure.adoc[leveloffset=+2]
+
+include::modules/installation-azure-service-principal.adoc[leveloffset=+2]
+
+[role="_additional-resources"]
+.Additional resources
+
+* For more information about CCO modes, see xref:../../authentication/managing_cloud_provider_credentials/about-cloud-credential-operator.adoc#about-cloud-credential-operator-modes[About the Cloud Credential Operator].
+
+include::modules/installation-azure-regions.adoc[leveloffset=+2]
+
+[id="installation-requirements-azure-user-infra_{context}"]
+== Requirements for a cluster with user-provisioned infrastructure
+
+For a cluster that contains user-provisioned infrastructure, you must deploy all
+of the required machines.
+
+This section describes the requirements for deploying {product-title} on user-provisioned infrastructure.
+
+include::modules/installation-machine-requirements.adoc[leveloffset=+2]
+
+include::modules/installation-minimum-resource-requirements.adoc[leveloffset=+2]
+
+include::modules/installation-azure-tested-machine-types.adoc[leveloffset=+2]
+
+include::modules/installation-azure-arm-tested-machine-types.adoc[leveloffset=+2]
+
+include::modules/installation-azure-marketplace-subscribe.adoc[leveloffset=+1]
+
+include::modules/installation-obtaining-installer.adoc[leveloffset=+2]
+
+include::modules/ssh-agent-using.adoc[leveloffset=+2]
+
+include::modules/installation-user-infra-generate.adoc[leveloffset=+1]
+include::modules/installation-disk-partitioning-upi-templates.adoc[leveloffset=+2]
+include::modules/installation-initializing.adoc[leveloffset=+2]
+include::modules/installation-configure-proxy.adoc[leveloffset=+2]
+include::modules/installation-user-infra-exporting-common-variables-arm-templates.adoc[leveloffset=+2]
+include::modules/installation-user-infra-generate-k8s-manifest-ignition.adoc[leveloffset=+2]
+
+include::modules/installation-azure-create-resource-group-and-identity.adoc[leveloffset=+1]
+
+include::modules/installation-azure-user-infra-uploading-rhcos.adoc[leveloffset=+1]
+
+include::modules/installation-azure-create-dns-zones.adoc[leveloffset=+1]
+
+You can learn more about xref:installation-azure-network-config_{context}[configuring a public DNS zone in Azure] by visiting that section.
+
+include::modules/installation-creating-azure-vnet.adoc[leveloffset=+1]
+include::modules/installation-arm-vnet.adoc[leveloffset=+2]
+
+include::modules/installation-azure-user-infra-deploying-rhcos.adoc[leveloffset=+1]
+include::modules/installation-arm-image-storage.adoc[leveloffset=+2]
+
+include::modules/installation-network-user-infra.adoc[leveloffset=+1]
+
+include::modules/installation-creating-azure-dns.adoc[leveloffset=+1]
+include::modules/installation-arm-dns.adoc[leveloffset=+2]
+
+include::modules/installation-creating-azure-bootstrap.adoc[leveloffset=+1]
+include::modules/installation-arm-bootstrap.adoc[leveloffset=+2]
+
+include::modules/installation-creating-azure-control-plane.adoc[leveloffset=+1]
+include::modules/installation-arm-control-plane.adoc[leveloffset=+2]
+
+include::modules/installation-azure-user-infra-wait-for-bootstrap.adoc[leveloffset=+1]
+
+include::modules/installation-creating-azure-worker.adoc[leveloffset=+1]
+include::modules/installation-arm-worker.adoc[leveloffset=+2]
+
+include::modules/cli-installing-cli.adoc[leveloffset=+1]
+
+include::modules/cli-logging-in-kubeadmin.adoc[leveloffset=+1]
+
+include::modules/installation-approve-csrs.adoc[leveloffset=+1]
+
+include::modules/installation-azure-create-ingress-dns-records.adoc[leveloffset=+1]
+
+include::modules/installation-azure-user-infra-completing.adoc[leveloffset=+1]
+
+include::modules/cluster-telemetry.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+
+* See xref:../../support/remote_health_monitoring/about-remote-health-monitoring.adoc#about-remote-health-monitoring[About remote health monitoring] for more information about the Telemetry service

modules/cli-installing-cli.adoc

@@ -50,6 +50,7 @@
 // * installing/installing_ibm_powervs/installing-restricted-networks-ibm-power-vs.adoc
 // * installing/installing_ibm_powervs/installing-ibm-powervs-vpc.adoc
 // * installing/installing-restricted-networks-azure-installer-provisioned.adoc
+// * installing/installing_azure/installing-restricted-networks-azure-user-provisioned.adoc
 // AMQ docs link to this; do not change anchor
 
 ifeval::["{context}" == "mirroring-ocp-image-repository"]

modules/cli-logging-in-kubeadmin.adoc

@@ -51,6 +51,8 @@
 // * installing/installing_vsphere/installing-restricted-networks-installer-provisioned-vsphere.adoc
 // * installing/installing_ibm_z/installing-ibm-z.adoc
 // * installing/installing-restricted-networks-azure-installer-provisioned.adoc
+// * installing/installing_azure/installing-restricted-networks-azure-user-provisioned.adoc
+
 
 :_content-type: PROCEDURE
 [id="cli-logging-in-kubeadmin_{context}"]

modules/cluster-telemetry.adoc

@@ -67,6 +67,7 @@
 // * installing/installing-nutanix-installer-provisioned.adoc
 // * installing/installing-restricted-networks-nutanix-installer-provisioned.adoc
 // * installing/installing-restricted-networks-azure-installer-provisioned.adoc
+// * installing/installing_azure/installing-restricted-networks-azure-user-provisioned.adoc
 
 :_content-type: CONCEPT
 [id="cluster-telemetry_{context}"]

modules/csr-management.adoc

@@ -23,6 +23,7 @@
 // machine_management/adding-rhel-compute.adoc
 // machine_management/more-rhel-compute.adoc
 // post_installation_configuration/node-tasks.adoc
+// installing/installing_azure/installing-restricted-networks-azure-user-provisioned.adoc
 
 :_content-type: CONCEPT
 [id="csr-management_{context}"]

modules/installation-approve-csrs.adoc

@@ -22,6 +22,7 @@
 // * installing/installing_ibm_z/installing-ibm-z-kvm.adoc
 // * installing/installing_ibm_z/installing-ibm-power.adoc
 // * installing/installing_ibm_z/installing-restricted-networks-ibm-power.adoc
+// * installing/installing_azure/installing-restricted-networks-azure-user-provisioned.adoc
 
 
 ifeval::["{context}" == "installing-ibm-z"]

modules/installation-arm-bootstrap.adoc

@@ -2,6 +2,7 @@
 //
 // * installing/installing_azure/installing-azure-user-infra.adoc
 // * installing/installing_azure_stack_hub/installing-azure-stack-hub-user-infra.adoc
+// * installing/installing_azure/installing-restricted-networks-azure-user-provisioned.adoc
 
 ifeval::["{context}" == "installing-azure-stack-hub-user-infra"]
 :ash:

modules/installation-arm-control-plane.adoc

@@ -2,6 +2,7 @@
 //
 // * installing/installing_azure/installing-azure-user-infra.adoc
 // * installing/installing_azure_stack_hub/installing-azure-stack-hub-user-infra.adoc
+// * installing/installing_azure/installing-restricted-networks-azure-user-provisioned.adoc
 
 ifeval::["{context}" == "installing-azure-stack-hub-user-infra"]
 :ash:

modules/installation-arm-dns.adoc

@@ -2,6 +2,7 @@
 //
 // * installing/installing_azure/installing-azure-user-infra.adoc
 // * installing/installing_azure_stack_hub/installing-azure-stack-hub-user-infra.adoc
+// * installing/installing_azure/installing-restricted-networks-azure-user-provisioned.adoc
 
 ifeval::["{context}" == "installing-azure-stack-hub-user-infra"]
 :ash: