Merge pull request #38226 from codyhoag/csr-management-mod

Modularize CSR management text

Author: codyhoag

installing/installing_aws/installing-aws-user-infra.adoc

@@ -36,6 +36,7 @@ Be sure to also review this site list if you are configuring a proxy.
 include::modules/cluster-entitlements.adoc[leveloffset=+1]
 
 include::modules/installation-aws-user-infra-requirements.adoc[leveloffset=+1]
+include::modules/csr-management.adoc[leveloffset=+2]
 
 include::modules/installation-supported-aws-machine-types.adoc[leveloffset=+2]
 

installing/installing_aws/installing-restricted-networks-aws.adoc

@@ -55,6 +55,7 @@ include::modules/installation-about-restricted-network.adoc[leveloffset=+1]
 include::modules/cluster-entitlements.adoc[leveloffset=+1]
 
 include::modules/installation-aws-user-infra-requirements.adoc[leveloffset=+1]
+include::modules/csr-management.adoc[leveloffset=+2]
 
 include::modules/installation-supported-aws-machine-types.adoc[leveloffset=+2]
 

installing/installing_azure/installing-azure-user-infra.adoc

@@ -47,10 +47,7 @@ You can view Azure's DNS solution by visiting this xref:installation-azure-creat
 
 include::modules/installation-azure-increasing-limits.adoc[leveloffset=+2]
 
-[id="csr-management-azure_{context}"]
-=== Certificate signing requests management
-
-Because your cluster has limited access to automatic machine management when you use infrastructure that you provision, you must provide a mechanism for approving cluster certificate signing requests (CSRs) after installation. The `kube-controller-manager` only approves the kubelet client CSRs. The `machine-approver` cannot guarantee the validity of a serving certificate that is requested by using kubelet credentials because it cannot confirm that the correct machine issued the request. You must determine and implement a method of verifying the validity of the kubelet serving certificate requests and approving them.
+include::modules/csr-management.adoc[leveloffset=+2]
 
 include::modules/installation-azure-permissions.adoc[leveloffset=+2]
 include::modules/installation-azure-service-principal.adoc[leveloffset=+2]

installing/installing_azure_stack_hub/installing-azure-stack-hub-user-infra.adoc

@@ -50,10 +50,7 @@ include::modules/installation-azure-stack-hub-network-config.adoc[leveloffset=+2
 
 You can view Azure's DNS solution by visiting this xref:installation-azure-create-dns-zones_{context}[example for creating DNS zones].
 
-[id="csr-management-azure-stack-hub_{context}"]
-=== Certificate signing requests management
-
-Because your cluster has limited access to automatic machine management when you use infrastructure that you provision, you must provide a mechanism for approving cluster certificate signing requests (CSRs) after installation. The `kube-controller-manager` only approves the kubelet client CSRs. The `machine-approver` cannot guarantee the validity of a serving certificate that is requested by using kubelet credentials because it cannot confirm that the correct machine issued the request. You must determine and implement a method of verifying the validity of the kubelet serving certificate requests and approving them.
+include::modules/csr-management.adoc[leveloffset=+2]
 
 include::modules/installation-azure-stack-hub-permissions.adoc[leveloffset=+2]
 include::modules/installation-azure-service-principal.adoc[leveloffset=+2]

installing/installing_bare_metal/installing-bare-metal-network-customizations.adoc

@@ -27,6 +27,7 @@ include::modules/cluster-entitlements.adoc[leveloffset=+1]
 * See xref:../../installing/installing_bare_metal/installing-restricted-networks-bare-metal.adoc#installing-restricted-networks-bare-metal[Installing a user-provisioned bare metal cluster on a restricted network] for more information about performing a restricted network installation on bare metal infrastructure that you provision.
 
 include::modules/installation-requirements-user-infra.adoc[leveloffset=+1]
+include::modules/csr-management.adoc[leveloffset=+2]
 
 .Additional resources
 

installing/installing_bare_metal/installing-bare-metal.adoc

@@ -35,6 +35,7 @@ include::modules/cluster-entitlements.adoc[leveloffset=+1]
 * See xref:../../installing/installing_bare_metal/installing-restricted-networks-bare-metal.adoc#installing-restricted-networks-bare-metal[Installing a user-provisioned bare metal cluster on a restricted network] for more information about performing a restricted network installation on bare metal infrastructure that you provision.
 
 include::modules/installation-requirements-user-infra.adoc[leveloffset=+1]
+include::modules/csr-management.adoc[leveloffset=+2]
 
 .Additional resources
 

installing/installing_bare_metal/installing-restricted-networks-bare-metal.adoc

@@ -40,6 +40,7 @@ include::modules/installation-about-restricted-network.adoc[leveloffset=+1]
 include::modules/cluster-entitlements.adoc[leveloffset=+1]
 
 include::modules/installation-requirements-user-infra.adoc[leveloffset=+1]
+include::modules/csr-management.adoc[leveloffset=+2]
 
 .Additional resources
 

installing/installing_gcp/installing-gcp-user-infra-vpc.adoc

@@ -31,18 +31,7 @@ The steps for performing a user-provisioned infrastructure installation are prov
 Be sure to also review this site list if you are configuring a proxy.
 ====
 
-[id="csr-management-gcp-vpc"]
-== Certificate signing requests management
-
-Because your cluster has limited access to automatic machine management when you
-use infrastructure that you provision, you must provide a mechanism for approving
-cluster certificate signing requests (CSRs) after installation. The
-`kube-controller-manager` only approves the kubelet client CSRs. The
-`machine-approver` cannot guarantee the validity of a serving certificate
-that is requested by using kubelet credentials because it cannot confirm that
-the correct machine issued the request. You must determine and implement a
-method of verifying the validity of the kubelet serving certificate requests
-and approving them.
+include::modules/csr-management.adoc[leveloffset=+1]
 
 include::modules/cluster-entitlements.adoc[leveloffset=+1]
 

installing/installing_gcp/installing-gcp-user-infra.adoc

@@ -26,10 +26,7 @@ The steps for performing a user-provisioned infrastructure installation are prov
 Be sure to also review this site list if you are configuring a proxy.
 ====
 
-[id="csr-management-gcp_{context}"]
-== Certificate signing requests management
-
-Because your cluster has limited access to automatic machine management when you use infrastructure that you provision, you must provide a mechanism for approving cluster certificate signing requests (CSRs) after installation. The `kube-controller-manager` only approves the kubelet client CSRs. The `machine-approver` cannot guarantee the validity of a serving certificate that is requested by using kubelet credentials because it cannot confirm that the correct machine issued the request. You must determine and implement a method of verifying the validity of the kubelet serving certificate requests and approving them.
+include::modules/csr-management.adoc[leveloffset=+1]
 
 include::modules/cluster-entitlements.adoc[leveloffset=+1]
 

installing/installing_ibm_power/installing-ibm-power.adoc

@@ -31,6 +31,7 @@ Be sure to also review this site list if you are configuring a proxy.
 include::modules/cluster-entitlements.adoc[leveloffset=+1]
 
 include::modules/installation-requirements-user-infra.adoc[leveloffset=+1]
+include::modules/csr-management.adoc[leveloffset=+2]
 
 include::modules/installation-network-user-infra.adoc[leveloffset=+2]