Merge pull request #29596 from codyhoag/vsphere-restricted-ipi

OSDOCS-1168 vSphere IPI in restricted networks

Author: codyhoag

_topic_map.yml

@@ -306,6 +306,8 @@ Topics:
     File: installing-vsphere
   - Name: Installing a cluster on vSphere with user-provisioned infrastructure and network customizations
     File: installing-vsphere-network-customizations
+  - Name: Installing a cluster on vSphere in a restricted network
+    File: installing-restricted-networks-installer-provisioned-vsphere
   - Name: Installing a cluster on vSphere in a restricted network with user-provisioned infrastructure
     File: installing-restricted-networks-vsphere
   - Name: Uninstalling a cluster on vSphere that uses installer-provisioned infrastructure

installing/installing-preparing.adoc

@@ -149,7 +149,7 @@ endif::openshift-origin[]
 |xref:../installing/installing_openstack/installing-openstack-installer-restricted.adoc#installing-openstack-installer-restricted[X]
 |xref:../installing/installing_rhv/installing-rhv-restricted-network.adoc#installing-rhv-restricted-network[X]
 |
-|
+|xref:../installing/installing_vsphere/installing-restricted-networks-installer-provisioned-vsphere.adoc#installing-restricted-networks-installer-provisioned-vsphere[X]
 |
 |
 |

installing/installing_openstack/installing-openstack-installer-restricted.adoc

@@ -34,7 +34,7 @@ include::modules/installation-osp-bootstrap-machine.adoc[leveloffset=+2]
 include::modules/cluster-entitlements.adoc[leveloffset=+1]
 include::modules/installation-osp-enabling-swift.adoc[leveloffset=+1]
 include::modules/installation-osp-describing-cloud-parameters.adoc[leveloffset=+1]
-include::modules/installation-osp-creating-image-restricted.adoc[leveloffset=+1]
+include::modules/installation-creating-image-restricted.adoc[leveloffset=+1]
 include::modules/installation-initializing.adoc[leveloffset=+1]
 include::modules/installation-configuration-parameters.adoc[leveloffset=+2]
 include::modules/installation-osp-restricted-config-yaml.adoc[leveloffset=+2]

installing/installing_vsphere/installing-restricted-networks-installer-provisioned-vsphere.adoc

@@ -0,0 +1,70 @@
+[id="installing-restricted-networks-installer-provisioned-vsphere"]
+= Installing a cluster on vSphere in a restricted network
+include::modules/common-attributes.adoc[]
+:context: installing-restricted-networks-installer-provisioned-vsphere
+
+toc::[]
+
+In {product-title} {product-version}, you can install a cluster on VMware vSphere infrastructure in a restricted network by creating an internal mirror of the installation release content.
+
+[id="prerequisites_installing-restricted-networks-installer-provisioned-vsphere"]
+== Prerequisites
+
+* xref:../../installing/install_config/installing-restricted-networks-preparations.adoc#installing-restricted-networks-preparations[Create a registry on your mirror host] and obtain the `imageContentSources` data for your version of {product-title}.
++
+[IMPORTANT]
+====
+Because the installation media is on the mirror host, you can use that computer to complete all installation steps.
+====
+* Provision xref:../../storage/understanding-persistent-storage.adoc#understanding-persistent-storage[persistent storage] for your cluster. To deploy a private image registry, your storage must provide the ReadWriteMany access mode.
+* Review details about the xref:../../architecture/architecture-installation.adoc#architecture-installation[{product-title} installation and update] processes.
+* If you use a firewall and plan to use telemetry, you must xref:../../installing/install_config/configuring-firewall.adoc#configuring-firewall[configure the firewall to allow the sites] that your cluster requires access to.
++
+[NOTE]
+====
+If you are configuring a proxy, be sure to also review this site list.
+====
+
+include::modules/installation-about-restricted-network.adoc[leveloffset=+1]
+
+include::modules/cluster-entitlements.adoc[leveloffset=+1]
+
+include::modules/installation-vsphere-infrastructure.adoc[leveloffset=+1]
+
+include::modules/installation-vsphere-installer-infra-requirements.adoc[leveloffset=+1]
+
+include::modules/ssh-agent-using.adoc[leveloffset=+1]
+
+include::modules/installation-adding-vcenter-root-certificates.adoc[leveloffset=+1]
+
+include::modules/installation-creating-image-restricted.adoc[leveloffset=+1]
+
+include::modules/installation-initializing.adoc[leveloffset=+1]
+
+include::modules/installation-configuration-parameters.adoc[leveloffset=+2]
+
+include::modules/installation-installer-provisioned-vsphere-config-yaml.adoc[leveloffset=+2]
+
+include::modules/installation-launching-installer.adoc[leveloffset=+1]
+
+include::modules/cli-installing-cli.adoc[leveloffset=+1]
+
+include::modules/cli-logging-in-kubeadmin.adoc[leveloffset=+1]
+
+[id="installing-vsphere-restricted-networks-installer-provisioned-customizations-registry"]
+== Creating registry storage
+
+After you install the cluster, you must create storage for the Registry Operator.
+
+include::modules/registry-removed.adoc[leveloffset=+2]
+
+include::modules/installation-registry-storage-config.adoc[leveloffset=+2]
+
+include::modules/registry-configuring-storage-vsphere.adoc[leveloffset=+3]
+
+[id="next-steps_installing-restricted-networks-installer-provisioned-vsphere"]
+== Next steps
+
+* xref:../../installing/install_config/installing-customizing.adoc#installing-customizing[Customize your cluster].
+* If necessary, you can xref:../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#opting-out-remote-health-reporting_opting-out-remote-health-reporting[opt out of remote health reporting].
+* xref:../../registry/configuring_registry_storage/configuring-registry-storage-vsphere.adoc#configuring-registry-storage-vsphere[Set up your registry and configure registry storage].

modules/cli-installing-cli.adoc

@@ -29,6 +29,7 @@
 // * installing/installing_vsphere/installing-vsphere-installer-provisioned.adoc
 // * installing/installing_vsphere/installing-vsphere-installer-provisioned-customizations.adoc
 // * installing/installing_vsphere/installing-vsphere-installer-provisioned-network-customizations.adoc
+// * installing/installing_vsphere/installing-restricted-networks-installer-provisioned-vsphere.adoc
 // * installing/installing_ibm_z/installing-ibm-z.adoc
 // * openshift_images/samples-operator-alt-registry.adoc
 // * installing/installing_rhv/installing-rhv-customizations.adoc

modules/cli-logging-in-kubeadmin.adoc

@@ -38,6 +38,7 @@
 // * installing/installing_vsphere/installing-vsphere-installer-provisioned.adoc
 // * installing/installing_vsphere/installing-vsphere-installer-provisioned-customizations.adoc
 // * installing/installing_vsphere/installing-vsphere-installer-provisioned-network-customizations.adoc
+// * installing/installing_vsphere/installing-restricted-networks-installer-provisioned-vsphere.adoc
 // * installing/installing_ibm_z/installing-ibm-z.adoc
 // * installing/installing_rhv/installing-rhv-customizations.adoc
 // * installing/installing_rhv/installing-rhv-default.adoc

modules/cluster-entitlements.adoc

@@ -37,6 +37,7 @@
 // * installing/installing_vsphere/installing-vsphere-installer-provisioned.adoc
 // * installing/installing_vsphere/installing-vsphere-installer-provisioned-customizations.adoc
 // * installing/installing_vsphere/installing-vsphere-installer-provisioned-network-customizations.adoc
+// * installing/installing_vsphere/installing-restricted-networks-installer-provisioned-vsphere.adoc
 // * installing/installing_ibm_z/installing-ibm-z.adoc
 
 ifeval::["{context}" == "installing-restricted-networks-bare-metal"]
@@ -48,6 +49,9 @@ endif::[]
 ifeval::["{context}" == "installing-restricted-networks-vmc-user-infra"]
 :restricted:
 endif::[]
+ifeval::["{context}" == "installing-restricted-networks-installer-provisioned-vsphere"]
+:restricted:
+endif::[]
 
 [id="cluster-entitlements_{context}"]
 ifndef::openshift-origin[]
@@ -89,3 +93,6 @@ endif::[]
 ifeval::["{context}" == "installing-restricted-networks-vmc-user-infra"]
 :!restricted:
 endif::[]
+ifeval::["{context}" == "installing-restricted-networks-installer-provisioned-vsphere"]
+:!restricted:
+endif::[]

modules/installation-about-restricted-network.adoc

@@ -4,6 +4,7 @@
 // * installing/installing_bare_metal/installing-restricted-networks-bare-metal.adoc
 // * installing/installing_vmc/installing-restricted-networks-vmc-user-infra.adoc
 // * installing/installing_vsphere/installing-restricted-networks-vsphere.adoc
+// * installing/installing_vsphere/installing-restricted-networks-installer-provisioned-vsphere.adoc
 // * installing/installing_openstack/installing-openstack-installer-restricted.adoc
 // * installing/installing_ibm_z/installing-restricted-networks-ibm-z.adoc
 // * installing/installing_ibm_power/installing-restricted-networks-ibm-power.adoc
@@ -16,10 +17,13 @@ ifeval::["{context}" == "installing-restricted-networks-ibm-power"]
 :ibm-power:
 endif::[]
 ifeval::["{context}" == "installing-openstack-installer-restricted"]
-:osp:
+:ipi:
 endif::[]
 ifeval::["{context}" == "installing-rhv-restricted-network"]
-:rhv:
+:ipi:
+endif::[]
+ifeval::["{context}" == "installing-restricted-networks-installer-provisioned-vsphere"]
+:ipi:
 endif::[]
 
 [id="installation-about-restricted-networks_{context}"]
@@ -44,12 +48,12 @@ installation media. You can create this registry on a mirror host, which can
 access both the Internet and your closed network, or by using other methods
 that meet your restrictions.
 
-ifndef::osp,rhv[]
+ifndef::ipi[]
 [IMPORTANT]
 ====
 Because of the complexity of the configuration for user-provisioned installations, consider completing a standard user-provisioned infrastructure installation before you attempt a restricted network installation using user-provisioned infrastructure. Completing this test installation might make it easier to isolate and troubleshoot any issues that might arise during your installation in a restricted network.
 ====
-endif::osp,rhv[]
+endif::ipi[]
 
 [id="installation-restricted-network-limits_{context}"]
 == Additional limits
@@ -70,8 +74,11 @@ ifeval::["{context}" == "installing-restricted-networks-ibm-power"]
 :!ibm-power:
 endif::[]
 ifeval::["{context}" == "installing-openstack-installer-restricted"]
-:!osp:
+:!ipi:
 endif::[]
 ifeval::["{context}" == "installing-rhv-restricted-network"]
-:!rhv:
+:!ipi:
+endif::[]
+ifeval::["{context}" == "installing-restricted-networks-installer-provisioned-vsphere"]
+:!ipi:
 endif::[]

modules/installation-adding-vcenter-root-certificates.adoc

@@ -6,6 +6,7 @@
 // * installing/installing_vsphere/installing-vsphere-installer-provisioned.adoc
 // * installing/installing_vsphere/installing-vsphere-installer-provisioned-customizations.adoc
 // * installing/installing_vsphere/installing-vsphere-installer-provisioned-network-customizations.adoc
+// * installing/installing_vsphere/installing-restricted-networks-installer-provisioned-vsphere.adoc
 
 [id="installation-adding-vcenter-root-certificates_{context}"]
 = Adding vCenter root CA certificates to your system trust

modules/installation-configuration-parameters.adoc

@@ -23,6 +23,7 @@
 // * installing/installing_vmc/installing-vmc-network-customizations.adoc
 // * installing/installing_vsphere/installing-vsphere-installer-provisioned-customizations.adoc
 // * installing/installing_vsphere/installing-vsphere-installer-provisioned-network-customizations.adoc
+// * installing/installing_vsphere/installing-restricted-networks-installer-provisioned-vsphere.adoc
 
 ifeval::["{context}" == "installing-aws-customizations"]
 :aws:
@@ -104,7 +105,9 @@ ifeval::["{context}" == "installing-openstack-installer-restricted"]
 :osp:
 :osp-custom:
 endif::[]
-
+ifeval::["{context}" == "installing-restricted-networks-installer-provisioned-vsphere"]
+:vsphere:
+endif::[]
 
 [id="installation-configuration-parameters_{context}"]
 = Installation configuration parameters
@@ -767,31 +770,31 @@ ifdef::vsphere,vmc[]
 the roles and privileges that are required for
 link:https://vmware.github.io/vsphere-storage-for-kubernetes/documentation/vcp-roles.html[static or dynamic persistent volume provisioning]
 in vSphere.
-|String.
+|String
 
 |`platform.vsphere.password`
 |The password for the vCenter user name.
-|String.
+|String
 
 |`platform.vsphere.datacenter`
 |The name of the datacenter to use in the vCenter instance.
-|String.
+|String
 
 |`platform.vsphere.defaultDatastore`
 |The name of the default datastore to use for provisioning volumes.
-|String.
+|String
 
 |`platform.vsphere.folder`
 |_Optional_. The absolute path of an existing folder where the installation program creates the virtual machines. If you do not provide this value, the installation program creates a folder that is named with the infrastructure ID in the datacenter virtual machine folder.
 |String, for example, `/<datacenter_name>/vm/<folder_name>/<subfolder_name>`.
 
 |`platform.vsphere.network`
 |The network in the vCenter instance that contains the virtual IP addresses and DNS records that you configured.
-|String.
+|String
 
 |`platform.vsphere.cluster`
 |The vCenter cluster to install the {product-title} cluster in.
-|String.
+|String
 
 |`platform.vsphere.apiVIP`
 |The virtual IP (VIP) address that you configured for control plane API access.
@@ -807,21 +810,25 @@ in vSphere.
 |====
 |Parameter|Description|Values
 
+|`platform.vsphere.clusterOSImage`
+|The location from which the installer downloads the {op-system} image. You must set this parameter to perform an installation in a restricted network.
+|An HTTP or HTTPS URL, optionally with a SHA-256 checksum. For example, `\https://mirror.openshift.com/images/rhcos-<version>-vmware.<architecture>.ova`.
+
 |`platform.vsphere.osDisk.diskSizeGB`
 |The size of the disk in gigabytes.
-|Integer.
+|Integer
 
 |`platform.vsphere.cpus`
 |The total number of virtual processor cores to assign a virtual machine.
-|Integer.
+|Integer
 
 |`platform.vsphere.coresPerSocket`
 |The number of cores per socket in a virtual machine. The number of virtual CPUs (vCPUs) on the virtual machine is `platform.vsphere.cpus`/`platform.vsphere.coresPerSocket`. The default value is `1`
-|Integer.
+|Integer
 
 |`platform.vsphere.memoryMB`
 |The size of a virtual machine's memory in megabytes.
-|Integer.
+|Integer
 |====
 
 endif::vsphere,vmc[]
@@ -906,3 +913,6 @@ ifeval::["{context}" == "installing-openstack-installer-restricted"]
 :!osp:
 :!osp-custom:
 endif::[]
+ifeval::["{context}" == "installing-restricted-networks-installer-provisioned-vsphere"]
+:!vsphere:
+endif::[]