You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Load Balancers created by the AWS Load Balancer Operator cannot be used for xref:../networking/routes/route-configuration.adoc#route-configuration[OpenShift Routes], and should only be used for individual services or ingress resources that do not need the full layer 7 capabilities of an OpenShift Route.
27
26
====
28
-
endif::openshift-rosa-hcp[]
29
-
ifdef::openshift-rosa-hcp[]
30
-
[TIP]
31
-
====
32
-
Load Balancers created by the AWS Load Balancer Operator cannot be used for link:https://docs.openshift.com/rosa/networking/routes/route-configuration.html[OpenShift Routes], and should only be used for individual services or ingress resources that do not need the full layer 7 capabilities of an OpenShift Route.
33
-
====
34
-
endif::openshift-rosa-hcp[]
35
27
36
28
The link:https://kubernetes-sigs.github.io/aws-load-balancer-controller/[AWS Load Balancer Controller] manages AWS Elastic Load Balancers for a {product-title} (ROSA) cluster. The controller provisions link:https://docs.aws.amazon.com/elasticloadbalancing/latest/application/introduction.html[AWS Application Load Balancers (ALB)] when you create Kubernetes Ingress resources and link:https://docs.aws.amazon.com/elasticloadbalancing/latest/network/introduction.html[AWS Network Load Balancers (NLB)] when implementing Kubernetes Service resources with a type of LoadBalancer.
37
29
@@ -54,11 +46,12 @@ AWS ALBs require a multi-AZ cluster, as well as three public subnets split acros
54
46
55
47
ifndef::openshift-rosa-hcp[]
56
48
* xref:../rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-quickly.adoc#rosa-sts-creating-a-cluster-quickly[A multi-AZ ROSA classic cluster]
49
+
* BYO VPC cluster
50
+
//Moved inside ifndef since this is always true for HCP clusters
57
51
endif::openshift-rosa-hcp[]
58
52
ifdef::openshift-rosa-hcp[]
59
-
* link:https://docs.openshift.com/rosa-hcp/rosa_hcp/rosa-hcp-sts-creating-a-cluster-quickly.html[A multi-AZ ROSA cluster]
//subnets are tagged already after rosa create network
126
120
127
121
[id="installation_{context}"]
128
122
== Installation
@@ -355,6 +349,8 @@ $ curl "http://${INGRESS}"
355
349
----
356
350
Hello OpenShift!
357
351
----
352
+
//TODO OSDOCS-11830: Couldn't get either of these validation checks to work, Andy R indicated that the related error seems to be that user is not authorized to do operation elasticloadbalancing:AddTags because "no identity based policy allows elasticloadbalancing:AddTags" however the linked policy does seem to allow that as far as I can tell: https://raw.githubusercontent.com/rh-mobb/documentation/main/content/rosa/aws-load-balancer-operator/load-balancer-operator-policy.json
353
+
// That said, I'm not sure we should be getting our example policy from the rh-mobb repo
358
354
359
355
. Deploy an AWS NLB for your hello world application:
Copy file name to clipboardExpand all lines: modules/cluster-wide-proxy-preqs.adoc
+1-1Lines changed: 1 addition & 1 deletion
Original file line number
Diff line number
Diff line change
@@ -21,7 +21,7 @@ ifdef::openshift-dedicated[]
21
21
* You have an existing Virtual Private Cloud (VPC) for your cluster.
22
22
* You are using the Customer Cloud Subscription (CCS) model for your cluster.
23
23
endif::openshift-dedicated[]
24
-
* The proxy can access the VPC for the cluster and the private subnets of the VPC. The proxy is also accessible from the VPC for the cluster and from the private subnets of the VPC.
24
+
* The proxy can access the VPC for the cluster and the private subnets of the VPC. The proxy must also be accessible from the VPC for the cluster and from the private subnets of the VPC.
25
25
* You have added the following endpoints to your VPC endpoint:
Copy file name to clipboardExpand all lines: modules/running-network-verification-manually-ocm.adoc
+1Lines changed: 1 addition & 0 deletions
Original file line number
Diff line number
Diff line change
@@ -33,6 +33,7 @@ ROSA
33
33
endif::openshift-rosa[]
34
34
cluster.
35
35
* You are the cluster owner or you have the cluster editor role.
36
+
//TODO OSDOCS-11830 I am both of these things and I can't see anything related to this in OCM; is this only available after a specific version? upgrading test cluster to see if this appears for later cluster versions
Copy file name to clipboardExpand all lines: networking/about-managed-networking.adoc
+11-23Lines changed: 11 additions & 23 deletions
Original file line number
Diff line number
Diff line change
@@ -10,42 +10,30 @@ toc::[]
10
10
11
11
The following are some of the most commonly used {openshift-networking} features available on your cluster:
12
12
13
-
* Cluster Network Operator for network plugin management
14
-
+
13
+
* Cluster Network Operator for network plugin management.
14
+
15
+
ifdef::openshift-rosa-hcp[]
16
+
* Primary cluster network provided by xref:../networking/ovn_kubernetes_network_provider/about-ovn-kubernetes.adoc#about-ovn-kubernetes[OVN-Kubernetes], the default Container Network Interface (CNI) plugin.
17
+
endif::openshift-rosa-hcp[]
18
+
19
+
ifndef::openshift-rosa-hcp[]
15
20
* Primary cluster network provided by either of the following Container Network Interface (CNI) plugins:
16
21
+
17
22
** xref:../networking/ovn_kubernetes_network_provider/about-ovn-kubernetes.adoc#about-ovn-kubernetes[OVN-Kubernetes network plugin], which is the default CNI plugin.
18
23
**{OCP-short} SDN network plugin, which was deprecated in {OCP-short} 4.16 and removed in {OCP-short} 4.17.
19
24
20
-
ifdef::openshift-rosa[]
21
-
25
+
ifdef::openshift-rosa,openshift-dedicated[]
22
26
[IMPORTANT]
23
27
====
24
-
Before upgrading {rosa-classic} clusters that are configured with the OpenShift SDN network plugin to version 4.17, you must migrate to the OVN-Kubernetes network plugin. For more information, see _Migrating from the OpenShift SDN network plugin to the OVN-Kubernetes network plugin_ in the _Additional resources_ section.
28
+
Before upgrading {rosa-classic} clusters that are configured with the OpenShift SDN network plugin to version 4.17, you must migrate to the OVN-Kubernetes network plugin. For more information, see _Migrating from the OpenShift SDN network plugin to the OVN-Kubernetes network plugin_.
25
29
====
26
-
endif::openshift-rosa[]
27
-
28
-
ifdef::openshift-dedicated[]
29
-
30
-
[IMPORTANT]
31
-
====
32
-
Before upgrading {product-title} clusters that are configured with the OpenShift SDN network plugin to version 4.17, you must migrate to the OVN-Kubernetes network plugin. For more information, see _Migrating from the OpenShift SDN network plugin to the OVN-Kubernetes network plugin_ in the _Additional resources_ section.
33
-
====
34
-
endif::openshift-dedicated[]
35
-
36
30
37
31
[discrete]
38
32
[role="_additional-resources"]
39
33
[id="additional-resources_{context}"]
40
34
== Additional resources
41
-
42
35
* link:https://access.redhat.com/articles/7065170[{OCP-short} SDN CNI removal in OCP 4.17]
36
+
endif::openshift-rosa,openshift-dedicated[]
43
37
ifdef::openshift-rosa[]
44
38
* xref:../networking/ovn_kubernetes_network_provider/migrate-from-openshift-sdn.adoc#migrate-from-openshift-sdn[Migrating from the OpenShift SDN network plugin to the OVN-Kubernetes network plugin]
45
-
endif::openshift-rosa[]
46
-
47
-
ifdef::openshift-dedicated[]
48
-
49
-
* xref:../networking/ovn_kubernetes_network_provider/migrate-from-openshift-sdn-osd.adoc#migrate-from-openshift-sdn-osd[Migrating from the OpenShift SDN network plugin to the OVN-Kubernetes network plugin]
When specifying subnet CIDR ranges, ensure that the subnet CIDR range is within the defined Machine CIDR. You must verify that the subnet CIDR ranges allow for enough IP addresses for all intended workloads depending on which platform the cluster is hosted.
OVN-Kubernetes, the default network provider in {product-title} 4.14 and later versions, internally uses the following IP address subnet ranges:
35
35
@@ -39,18 +39,19 @@ OVN-Kubernetes, the default network provider in {product-title} 4.14 and later v
39
39
* `V6TransitSwitchSubnet`: `fd97::/64`
40
40
* `defaultV4MasqueradeSubnet`: `169.254.0.0/17`
41
41
* `defaultV6MasqueradeSubnet`: `fd69::/112`
42
+
// TODO OSDOCS-11830 validate for HCP clusters
42
43
43
44
[IMPORTANT]
44
45
====
45
46
The previous list includes join, transit, and masquerade IPv4 and IPv6 address subnets. If your cluster uses OVN-Kubernetes, do not include any of these IP address subnet ranges in any other CIDR definitions in your cluster or infrastructure.
* For more information about configuring join subnets or transit subnets, see xref:../networking/ovn_kubernetes_network_provider/configure-ovn-kubernetes-subnets.adoc#configure-ovn-kubernetes-subnets[Configuring OVN-Kubernetes internal IP address subnets].
This range must encompass all CIDR address ranges for your virtual private cloud (VPC) subnets. Subnets must be contiguous. A minimum IP address range of 128 addresses, using the subnet prefix `/25`, is supported for single availability zone deployments. A minimum address range of 256 addresses, using the subnet prefix `/24`, is supported for deployments that use multiple availability zones.
//TODO OSDOCS-11830 does this mean that machine CIDR can onky be in /25 and /24?
68
70
69
71
The default is `10.0.0.0/16`. This range must not conflict with any connected networks.
70
72
71
-
ifdef::openshift-rosa[]
73
+
ifdef::openshift-rosa,openshift-rosa-hcp[]
72
74
[NOTE]
73
75
====
74
76
When using {hcp-title}, the static IP address `172.20.0.1` is reserved for the internal Kubernetes API address. The machine, pod, and service CIDRs ranges must not conflict with this IP address.
The range must be large enough to accommodate your workload. The address block must not overlap with any external service accessed from within the cluster. The default is `172.30.0.0/16`.
93
96
94
97
[id="pod-cidr-description"]
@@ -98,9 +101,9 @@ In the pod CIDR field, you must specify the IP address range for pods.
98
101
ifdef::openshift-enterprise[]
99
102
The pod CIDR is the same as the `clusterNetwork` CIDR and the cluster CIDR.
The range must be large enough to accommodate your workload. The address block must not overlap with any external service accessed from within the cluster. The default is `10.128.0.0/14`.
105
108
ifdef::openshift-enterprise[]
106
109
You can expand the range after cluster installation.
@@ -115,9 +118,9 @@ endif::openshift-enterprise[]
115
118
== Host Prefix
116
119
In the Host Prefix field, you must specify the subnet prefix length assigned to pods scheduled to individual machines. The host prefix determines the pod IP address pool for each machine.
For example, if the host prefix is set to `/23`, each machine is assigned a `/23` subnet from the pod CIDR address range. The default is `/23`, allowing 512 cluster nodes, and 512 pods per node (both of which are beyond our maximum supported).
For example, if the host prefix is set to `/23`, each machine is assigned a `/23` subnet from the pod CIDR address range. The default is `/23`, allowing 510 cluster nodes, and 510 pod IP addresses per node.
* xref:../rosa_planning/rosa-sts-aws-prereqs.adoc#rosa-hcp-prereqs[Prerequisites for {hcp-title}]
40
+
endif::openshift-rosa-hcp[]
35
41
ifdef::openshift-rosa[]
36
42
* For the installation prerequisites for ROSA clusters that use the AWS Security Token Service (STS), see xref:../rosa_planning/rosa-sts-aws-prereqs.adoc#rosa-sts-aws-prerequisites[AWS prerequisites for ROSA with STS].
37
43
* For the installation prerequisites for ROSA clusters that do not use STS, see xref:../rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-aws-prereqs.adoc#prerequisites[AWS prerequisites for ROSA].
@@ -50,16 +56,20 @@ You can configure an HTTP or HTTPS proxy when you install an {product-title} wit
// TODO OSDOCS-11830 confirm that these steps are identical for HCP clusters
54
61
You can configure an HTTP or HTTPS proxy when you install a {product-title} (ROSA) cluster into an existing Virtual Private Cloud (VPC). You can configure the proxy during installation by using {cluster-manager-first} or the ROSA CLI (`rosa`).
* xref:../rosa_hcp/rosa-hcp-sts-creating-a-cluster-quickly.adoc#rosa-hcp-sts-creating-a-cluster-quickly[Creating a {hcp-title} cluster]
72
+
endif::openshift-rosa-hcp[]
63
73
ifdef::openshift-rosa[]
64
74
* xref:../rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-with-customizations.adoc#rosa-sts-creating-cluster-customizations-ocm_rosa-sts-creating-a-cluster-with-customizations[Creating a cluster with customizations by using OpenShift Cluster Manager]
65
75
* xref:../rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-with-customizations.adoc#rosa-sts-creating-cluster-customizations-cli_rosa-sts-creating-a-cluster-with-customizations[Creating a cluster with customizations using the CLI]
@@ -77,7 +87,7 @@ You can configure an HTTP or HTTPS proxy after you install an {product-title} wi
You can configure an HTTP or HTTPS proxy after you install a {product-title} (ROSA) cluster into an existing Virtual Private Cloud (VPC). You can configure the proxy after installation by using {cluster-manager-first} or the ROSA CLI (`rosa`).
0 commit comments