Merge pull request #87488 from mletalie/OSDOCS-13126

EricPonvelle · web-flow · commit 93c2ad087209 · 2025-01-27T10:20:12.000-05:00
[OSDOCS-13126][OSD-GCP] Clarify use of constraints/compute.restrictLoadBalancerCreationForTypes in "Required customer procedure"
diff --git a/modules/ccs-gcp-customer-procedure.adoc b/modules/ccs-gcp-customer-procedure.adoc
@@ -6,21 +6,30 @@
 
 = Required customer procedure
 
-The Customer Cloud Subscription (CCS) model allows Red Hat to deploy and manage {product-title} into a customer's Google Cloud Platform (GCP) project. Red Hat requires several prerequisites to provide these services.
+The Customer Cloud Subscription (CCS) model allows Red{nbsp}Hat to deploy and manage {product-title} into a customer's Google Cloud Platform (GCP) project. Red Hat requires several prerequisites to provide these services.
 [NOTE]
 ====
 The following requirements in this topic apply to {product-title} on {GCP} clusters created using both the service account and Workload Identity Federation authentication type. For additional requirements that apply to the service account authentication type only, see _Service account authentication type procedure_. For additional requirements that apply to the Workload Identity Federation authentication type only, see _Workload Identity Federation authentication type procedure_.
 ====
 
-[WARNING]
-====
-To use {product-title} in your GCP project, the following GCP organizational policy constraints cannot be in place:
+.Prerequisites
+
+Before using {product-title} in your GCP project, confirm that the following organizational policy constraints are configured correctly where applicable:
 
-* `constraints/iam.allowedPolicyMemberDomains` (This policy constraint is supported only if Red Hat's `DIRECTORY_CUSTOMER_IDs C02k0l5e8` and `C04j7mbwl` are included in the allow list. Use this policy constraint with caution).
+* `constraints/iam.allowedPolicyMemberDomains`
+** This policy constraint is supported only if Red{nbsp}Hat's Directory Customer ID's `C02k0l5e8` and `C04j7mbwl` are included in the allowlist.
 * `constraints/compute.restrictLoadBalancerCreationForTypes`
-* `constraints/compute.requireShieldedVm` (This policy constraint is supported only if the cluster is installed with "Enable Secure Boot support for Shielded VMs" selected during the initial cluster creation).
-* `constraints/compute.vmExternalIpAccess` (This policy constraint is supported when installing a private cluster with GCP Private Service Connect (PSC). For all other cases, this policy constraint is supported only after installation).
+** This policy constraint is supported only when creating a private cluster with GCP Private Service Connect (PSC). You must ensure that the `INTERNAL_TCP_UDP` load balancer type is included in the allowlist or excluded from the deny list.
++
+[IMPORTANT]
 ====
+Although the `EXTERNAL_NETWORK_TCP_UDP` load balancer type is not required when creating a private cluster with GCP Private Service Connect (PSC), disallowing it via this constraint will prevent the cluster from being able to create externally accessible load balancers.
+====
+
+* `constraints/compute.requireShieldedVm`
+** This policy constraint is supported only if the cluster is created with *Enable Secure Boot support for Shielded VMs* selected during the initial cluster creation.
+* `constraints/compute.vmExternalIpAccess`
+** This policy constraint is supported only when creating a private cluster with GCP Private Service Connect (PSC). For all other cluster types, this policy constraint is supported only after cluster creation.
 
 .Procedure
 
diff --git a/modules/creating-a-machine-pool-cli.adoc b/modules/creating-a-machine-pool-cli.adoc
@@ -54,7 +54,7 @@ Your Amazon EC2 Spot Instances might be interrupted at any time. Use Amazon EC2
 ====
 endif::openshift-rosa[]
 `--disk-size=<disk_size>`:: Optional: Specifies the worker node disk size. The value can be in GB, GiB, TB, or TiB. Replace `<disk_size>` with a numeric value and unit, for example `--disk-size=200GiB`.
-`--availability-zone=<availability_zone_name>`:: 
+`--availability-zone=<availability_zone_name>`::
 ifdef::openshift-rosa-hcp[]
 Optional: You can create a machine pool in an availability zone of your choice. Replace `<availability_zone_name>` with an availability zone name.
 endif::openshift-rosa-hcp[]
@@ -196,9 +196,9 @@ I: To view all machine pools, run 'rosa list machinepools -c mycluster'
 ----
 
 //ifdef::openshift-rosa-hcp[] Uncomment this out once HCP split occurs
-* To add a Windows Licence Included enabled machine pool to a {hcp-title} cluster, see link:https://access.redhat.com/articles/7096903[AWS Windows License Included for ROSA with HCP].
+* To add a Windows License Included enabled machine pool to a {hcp-title} cluster, see link:https://access.redhat.com/articles/7096903[AWS Windows License Included for ROSA with HCP].
 +
-Windows Licence Included enabled machine pools can only be created when the following criteria is met:
+Windows License Included enabled machine pools can only be created when the following criteria is met:
 
 ** The host cluster is a {hcp-title} cluster.
 ** The instance type is bare metal EC2.
@@ -277,15 +277,15 @@ Desired replicas:           3-6
 Current replicas:           3
 Instance type:              m5.xlarge
 Labels:                     app=db, tier=backend
-Taints:                                
+Taints:
 Availability zone:          us-east-2a
 Subnet:                     subnet-0cb56f5f41880c413
 Version:                    4.14.34
 Autorepair:                 Yes
-Tuning configs:                        
-Additional security group IDs: 
-Node drain grace period:              
-Message:           
+Tuning configs:
+Additional security group IDs:
+Node drain grace period:
+Message:
 ----
 endif::openshift-rosa-hcp[]
 
