Merge pull request #92583 from brendan-daly-red-hat/OSDOCS-13735

OSDOCS-13735#adding DNS module

Author: bscott-rh

installing/installing_gcp/installing-gcp-customizations.adoc

@@ -29,7 +29,7 @@ include::modules/installation-initializing.adoc[leveloffset=+1]
 
 [role="_additional-resources"]
 .Additional resources
-* xref:../../installing/installing_gcp/installation-config-parameters-gcp.adoc#installation-config-parameters-gcp[Installation configuration parameters for GCP]
+* xref:../../installing/installing_gcp/installation-config-parameters-gcp.adoc#installation-config-parameters-gcp[Installation configuration parameters for {gcp-first}]
 
 include::modules/installation-minimum-resource-requirements.adoc[leveloffset=+2]
 
@@ -48,6 +48,12 @@ include::modules/installation-gcp-enabling-shielded-vms.adoc[leveloffset=+2]
 
 include::modules/installation-gcp-enabling-confidential-vms.adoc[leveloffset=+2]
 
+include::modules/installation-gcp-managing-dns-solution.adoc[leveloffset=+2]
+
+[role="_additional-resources"]
+.Additional resources
+* xref:../../installing/installing_gcp/installation-config-parameters-gcp.adoc#installation-configuration-parameters-additional-gcp_installation-config-parameters-gcp[Additional {gcp-first} configuration parameters]
+
 include::modules/installation-gcp-config-yaml.adoc[leveloffset=+2]
 
 [role="_additional-resources"]
@@ -99,6 +105,12 @@ include::modules/installation-gcp-marketplace.adoc[leveloffset=+1]
 
 include::modules/installation-launching-installer.adoc[leveloffset=+1]
 
+include::modules/installation-gcp-provisioning-dns-records.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+* xref:../../installing/installing_gcp/installation-config-parameters-gcp.adoc#installation-configuration-parameters-additional-gcp_installation-config-parameters-gcp[Additional {gcp-first} configuration parameters]
+
 include::modules/cli-logging-in-kubeadmin.adoc[leveloffset=+1]
 
 [role="_additional-resources"]

installing/installing_gcp/installing-gcp-network-customizations.adoc

@@ -54,6 +54,12 @@ include::modules/installation-gcp-enabling-shielded-vms.adoc[leveloffset=+2]
 
 include::modules/installation-gcp-enabling-confidential-vms.adoc[leveloffset=+2]
 
+include::modules/installation-gcp-managing-dns-solution.adoc[leveloffset=+2]
+
+[role="_additional-resources"]
+.Additional resources
+* xref:../../installing/installing_gcp/installation-config-parameters-gcp.adoc#installation-config-parameters-gcp[Installation configuration parameters for {gcp-first}]
+
 include::modules/installation-gcp-config-yaml.adoc[leveloffset=+2]
 
 [role="_additional-resources"]
@@ -100,6 +106,12 @@ include::modules/nw-operator-cr.adoc[leveloffset=+1]
 
 include::modules/installation-launching-installer.adoc[leveloffset=+1]
 
+include::modules/installation-gcp-provisioning-dns-records.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+* xref:../../installing/installing_gcp/installation-config-parameters-gcp.adoc#installation-configuration-parameters-additional-gcp_installation-config-parameters-gcp[Additional {gcp-first} configuration parameters]
+
 include::modules/cli-logging-in-kubeadmin.adoc[leveloffset=+1]
 
 [role="_additional-resources"]

installing/installing_gcp/installing-gcp-private.adoc

@@ -51,6 +51,12 @@ include::modules/installation-gcp-enabling-shielded-vms.adoc[leveloffset=+2]
 
 include::modules/installation-gcp-enabling-confidential-vms.adoc[leveloffset=+2]
 
+include::modules/installation-gcp-managing-dns-solution.adoc[leveloffset=+2]
+
+[role="_additional-resources"]
+.Additional resources
+* xref:../../installing/installing_gcp/installation-config-parameters-gcp.adoc#installation-config-parameters-gcp[Installation configuration parameters for {gcp-first}]
+
 include::modules/installation-gcp-config-yaml.adoc[leveloffset=+2]
 
 [role="_additional-resources"]
@@ -94,6 +100,12 @@ include::modules/cco-ccoctl-install-creating-manifests.adoc[leveloffset=+3]
 
 include::modules/installation-launching-installer.adoc[leveloffset=+1]
 
+include::modules/installation-gcp-provisioning-dns-records.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+* xref:../../installing/installing_gcp/installation-config-parameters-gcp.adoc#installation-configuration-parameters-additional-gcp_installation-config-parameters-gcp[Additional {gcp-first} configuration parameters]
+
 include::modules/cli-logging-in-kubeadmin.adoc[leveloffset=+1]
 
 [role="_additional-resources"]

installing/installing_gcp/installing-gcp-shared-vpc.adoc

@@ -40,6 +40,12 @@ include::modules/installation-gcp-enabling-shielded-vms.adoc[leveloffset=+2]
 
 include::modules/installation-gcp-enabling-confidential-vms.adoc[leveloffset=+2]
 
+include::modules/installation-gcp-managing-dns-solution.adoc[leveloffset=+2]
+
+[role="_additional-resources"]
+.Additional resources
+* xref:../../installing/installing_gcp/installation-config-parameters-gcp.adoc#installation-config-parameters-gcp[Installation configuration parameters for {gcp-first}]
+
 include::modules/installation-gcp-shared-vpc-config.adoc[leveloffset=+2]
 
 include::modules/installation-configure-proxy.adoc[leveloffset=+2]
@@ -76,6 +82,12 @@ include::modules/cco-ccoctl-install-creating-manifests.adoc[leveloffset=+3]
 
 include::modules/installation-launching-installer.adoc[leveloffset=+1]
 
+include::modules/installation-gcp-provisioning-dns-records.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+* xref:../../installing/installing_gcp/installation-config-parameters-gcp.adoc#installation-configuration-parameters-additional-gcp_installation-config-parameters-gcp[Additional {gcp-first} configuration parameters]
+
 include::modules/cli-logging-in-kubeadmin.adoc[leveloffset=+1]
 
 [role="_additional-resources"]

installing/installing_gcp/installing-gcp-vpc.adoc

@@ -47,6 +47,12 @@ include::modules/installation-gcp-enabling-shielded-vms.adoc[leveloffset=+2]
 
 include::modules/installation-gcp-enabling-confidential-vms.adoc[leveloffset=+2]
 
+include::modules/installation-gcp-managing-dns-solution.adoc[leveloffset=+2]
+
+[role="_additional-resources"]
+.Additional resources
+* xref:../../installing/installing_gcp/installation-config-parameters-gcp.adoc#installation-config-parameters-gcp[Installation configuration parameters for {gcp-first}]
+
 include::modules/installation-gcp-config-yaml.adoc[leveloffset=+2]
 
 [role="_additional-resources"]
@@ -90,6 +96,12 @@ include::modules/cco-ccoctl-install-creating-manifests.adoc[leveloffset=+3]
 
 include::modules/installation-launching-installer.adoc[leveloffset=+1]
 
+include::modules/installation-gcp-provisioning-dns-records.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+* xref:../../installing/installing_gcp/installation-config-parameters-gcp.adoc#installation-configuration-parameters-additional-gcp_installation-config-parameters-gcp[Additional {gcp-first} configuration parameters]
+
 include::modules/cli-logging-in-kubeadmin.adoc[leveloffset=+1]
 
 [role="_additional-resources"]

installing/installing_gcp/installing-restricted-networks-gcp-installer-provisioned.adoc

@@ -59,6 +59,12 @@ include::modules/installation-gcp-enabling-shielded-vms.adoc[leveloffset=+2]
 
 include::modules/installation-gcp-enabling-confidential-vms.adoc[leveloffset=+2]
 
+include::modules/installation-gcp-managing-dns-solution.adoc[leveloffset=+2]
+
+[role="_additional-resources"]
+.Additional resources
+* xref:../../installing/installing_gcp/installation-config-parameters-gcp.adoc#installation-config-parameters-gcp[Installation configuration parameters for {gcp-first}]
+
 include::modules/installation-gcp-config-yaml.adoc[leveloffset=+2]
 
 include::modules/nw-gcp-installing-global-access-configuration.adoc[leveloffset=+2]
@@ -97,6 +103,12 @@ include::modules/cco-ccoctl-install-creating-manifests.adoc[leveloffset=+3]
 
 include::modules/installation-launching-installer.adoc[leveloffset=+1]
 
+include::modules/installation-gcp-provisioning-dns-records.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+* xref:../../installing/installing_gcp/installation-config-parameters-gcp.adoc#installation-configuration-parameters-additional-gcp_installation-config-parameters-gcp[Additional {gcp-first} configuration parameters]
+
 include::modules/cli-logging-in-kubeadmin.adoc[leveloffset=+1]
 
 include::modules/olm-restricted-networks-configuring-operatorhub.adoc[leveloffset=+1]

modules/installation-configuration-parameters.adoc

@@ -2389,6 +2389,13 @@ Additional GCP configuration parameters are described in the following table:
 |The name of the GCP project where the installation program installs the cluster.
 |String.
 
+|platform:
+  gcp:
+    userProvisionedDNS:
+|Enables user-provisioned DNS instead of the default cluster-provisioned DNS solution. If you use this feature, you must provide your own DNS solution that includes records for `api.<cluster_name>.<base_domain>.` and `*.apps.<cluster_name>.<base_domain>.`.
+|`Enabled` or `Disabled`. The default value is `Disabled`.
+`userProvisionedDNS` is a Technology Preview feature.
+
 |platform:
   gcp:
     region:

modules/installation-gcp-managing-dns-solution.adoc

@@ -0,0 +1,35 @@
+
+:_mod-docs-content-type: PROCEDURE
+[id="installation-gcp-enabling-user-managed-DNS_{context}"]
+= Enabling a user-managed DNS
+
+You can install a cluster with a domain name server (DNS) solution that you manage instead of the default cluster-provisioned DNS solution. As a result, you can manage the API and Ingress DNS records in your own system rather than adding the records to the DNS of the cloud. For example, your organization's security policies might not allow the use of public DNS services such as Google Cloud DNS. In such scenarios, you can use your own DNS service to bypass the public DNS service and manage your own DNS for the IP addresses of the API and Ingress services.
+
+If you enable user-managed DNS during installation, the installation program provisions DNS records for the API and Ingress services only within the cluster. To ensure access from outside the cluster, you must provision the DNS records in an external DNS service of your choice for the API and Ingress services after installation.
+
+:FeatureName: User-provisioned DNS
+include::snippets/technology-preview.adoc[leveloffset=+1]
+
+.Prerequisites
+
+* You installed the `jq` package.
+
+.Procedure
+* Before you deploy your cluster, use a text editor to open the `install-config.yaml` file  and add the following stanza:
+** To enable user-managed DNS:
++
+[source,yaml]
+----
+featureSet: CustomNoUpgrade
+featureGates: ["GCPClusterHostedDNS=true"]
+
+# ...
+
+platform:
+  gcp:
+    userProvisionedDNS: Enabled <1>
+----
+<1> Enable DNS management.
+
+
+For information about provisioning your DNS records for the API server and the Ingress services, see "Provisioning your own DNS records".

modules/installation-gcp-provisioning-dns-records.adoc

@@ -0,0 +1,41 @@
+
+:_mod-docs-content-type: PROCEDURE
+[id="installation-gcp-provisioning-own-dns-records_{context}"]
+= Provisioning your own DNS records
+
+Before you use this feature, you must add the `userProvisionedDNS` parameter to the `install-config.yaml` file and enable the parameter. For more information, see "Enabling a user-managed DNS".
+
+Use the IP address of the API server to provision your own DNS record with the `api.<cluster_name>.<base_domain>.` hostname by using your cluster name and base cluster domain. Use the IP address of the Ingress service to provision your own DNS record with the `*.apps.<cluster_name>.<base_domain>.` hostname by using your cluster name and base cluster domain.
+
+
+:FeatureName: User-provisioned DNS
+include::snippets/technology-preview.adoc[leveloffset=+1]
+
+.Prerequisites
+
+* You installed the `gcloud` CLI tool.
+
+.Procedure
+
+. To find the IP address of the API server and then provision the corresponding DNS record, use the `gcloud` CLI to run the following command:
++
+[source,terminal]
+----
+$ gcloud compute forwarding-rules describe --global "${infra_id}-apiserver" --format json | jq -r .IPAddress
+----
+. Use the IP address to provision your own DNS record with the `api.<cluster_name>.<base_domain>.` hostname by using your cluster name and base cluster domain.
+
+. Use the `gcloud` CLI to find the IP address of the Ingress service and then provision the corresponding DNS record.
+.. To find the forwarding rule for the Ingress service, run the following command:
++
+[source,terminal]
+----
+$ ingress_forwarding_rule=$(gcloud compute target-pools list --format=json --filter="instances[]~${infra_id}" | jq -r .[].name)
+----
+.. To use the forwarding rule value to find the IP address of the Ingress service, run the following command:
++
+[source,terminal]
+----
+$ ingress_ip_address=$(gcloud compute forwarding-rules describe --region "${region}" "${ingress_forwarding_rule}" --format json | jq -r .IPAddress)
+----
+. Use the IP address to provision your own DNS record with the `*.apps.<cluster_name>.<base_domain>.` hostname by using your cluster name and base cluster domain.

post_installation_configuration/cluster-tasks.adoc

@@ -100,7 +100,6 @@ to control which example image streams and templates are installed on the cluste
 
 |===
 
-
 [id="additional-configuration-resources_{context}"]
 === Additional configuration resources
 
@@ -128,7 +127,6 @@ documentation for details on how and when you can create additional resource ins
 
 |===
 
-
 [id="informational-resources_{context}"]
 === Informational Resources