OSDOCS-14094: Applied changes to Preparing your Environment

Author: EricPonvelle

modules/mos-network-prereqs-min-bandwidth.adoc

@@ -7,6 +7,13 @@
 [id="mos-network-prereqs-min-bandwidth_{context}"]
 = Minimum bandwidth
 
-During cluster deployment, {product-title} requires a minimum bandwidth of 120{nbsp}Mbps between cluster infrastructure and the public internet or private network locations that provide deployment artifacts and resources. When network connectivity is slower than 120{nbsp}Mbps (for example, when connecting through a proxy) the cluster installation process times out and deployment fails.
+During cluster deployment, 
+ifdef::openshift-rosa[]
+{rosa-classic-short} 
+endif::openshift-rosa[]
+ifdef::openshift-rosa-hcp[]
+{rosa-short} 
+endif::openshift-rosa-hcp[]
+requires a minimum bandwidth of 120{nbsp}Mbps between cluster infrastructure and the public internet or private network locations that provide deployment artifacts and resources. When network connectivity is slower than 120{nbsp}Mbps (for example, when connecting through a proxy) the cluster installation process times out and deployment fails.
 
 After cluster deployment, network requirements are determined by your workload. However, a minimum bandwidth of 120{nbsp}Mbps helps to ensure timely cluster and operator upgrades.

modules/osd-aws-privatelink-firewall-prerequisites.adoc

@@ -7,7 +7,7 @@
 :_mod-docs-content-type: PROCEDURE
 ifdef::openshift-rosa[]
 [id="rosa-classic-firewall-prerequisites_{context}"]
-= Firewall prerequisites for ROSA (classic architecture) clusters using STS
+= Firewall prerequisites for {rosa-classic-short} clusters using STS
 endif::openshift-rosa[]
 ifdef::openshift-dedicated[]
 [id="osd-aws-privatelink-firewall-prerequisites_{context}"]

modules/rosa-aws-provisioned.adoc

@@ -6,7 +6,14 @@
 [id="rosa-aws-policy-provisioned_{context}"]
 = Provisioned AWS Infrastructure
 
-This is an overview of the provisioned {AWS} components on a deployed {product-title} (ROSA) cluster.
+This is an overview of the provisioned {AWS} components on a deployed 
+ifdef::openshift-rosa[]
+{rosa-classic-short} 
+endif::openshift-rosa[]
+ifdef::openshift-rosa-hcp[]
+{rosa-short} 
+endif::openshift-rosa-hcp[]
+cluster.
 
 [id="rosa-ec2-instances_{context}"]
 == EC2 instances
@@ -15,7 +22,12 @@ AWS EC2 instances are required to deploy
 ifndef::openshift-rosa-hcp[]
 the control plane and data plane functions for
 endif::openshift-rosa-hcp[]
-{product-title}.
+ifdef::openshift-rosa[]
+{rosa-classic-short}.
+endif::openshift-rosa[]
+ifdef::openshift-rosa-hcp[]
+{rosa-short}.
+endif::openshift-rosa-hcp[]
 
 ifndef::openshift-rosa-hcp[]
 Instance types can vary for control plane and infrastructure nodes, depending on the worker node count.
@@ -201,4 +213,11 @@ can add additional custom security groups during cluster creation. Custom securi
 
 * You must create the custom security groups in AWS before you create the cluster. For more information, see link:https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-security-groups.html[Amazon EC2 security groups for Linux instances].
 * You must associate the custom security groups with the VPC that the cluster will be installed into. Your custom security groups cannot be associated with another VPC.
-* You might need to request additional quota for your VPC if you are adding additional custom security groups. For information on AWS quota requirements for ROSA, see _Required AWS service quotas_ in _Prepare your environment_. For information on requesting an AWS quota increase, see link:https://docs.aws.amazon.com/servicequotas/latest/userguide/request-quota-increase.html[Requesting a quota increase].
+* You might need to request additional quota for your VPC if you are adding additional custom security groups. For information on AWS quota requirements for 
+ifdef::openshift-rosa[]
+{rosa-classic-short}, 
+endif::openshift-rosa[]
+ifdef::openshift-rosa-hcp[]
+{rosa-short}, 
+endif::openshift-rosa-hcp[]
+see _Required AWS service quotas_ in _Prepare your environment_. For information on requesting an AWS quota increase, see link:https://docs.aws.amazon.com/servicequotas/latest/userguide/request-quota-increase.html[Requesting a quota increase].

modules/rosa-hcp-creating-account-wide-sts-roles-and-policies.adoc

@@ -11,16 +11,16 @@ endif::[]
 [id="rosa-sts-creating-account-wide-sts-roles-and-policies_{context}"]
 = Creating the account-wide STS roles and policies
 
-Before you create your {hcp-title-first} cluster, you must create the required account-wide roles and policies.
+Before you create your {rosa-short} cluster, you must create the required account-wide roles and policies.
 
 [NOTE]
 ====
-Specific AWS-managed policies for {hcp-title} must be attached to each role. Customer-managed policies must not be used with these required account roles. For more information regarding AWS-managed policies for {hcp-title} clusters, see link:https://docs.aws.amazon.com/ROSA/latest/userguide/security-iam-awsmanpol-account-policies.html[AWS managed policies for ROSA].
+Specific AWS-managed policies for {rosa-short} must be attached to each role. Customer-managed policies must not be used with these required account roles. For more information regarding AWS-managed policies for {rosa-short} clusters, see link:https://docs.aws.amazon.com/ROSA/latest/userguide/security-iam-awsmanpol-account-policies.html[AWS managed policies for ROSA].
 ====
 
 .Prerequisites
 
-* You have completed the AWS prerequisites for {hcp-title}.
+* You have completed the AWS prerequisites for {rosa-short}.
 * You have available AWS service quotas.
 * You have enabled the ROSA service in the AWS Console.
 * You have installed and configured the latest ROSA CLI (`rosa`) on your installation host.

modules/rosa-hcp-firewall-prerequisites.adoc

@@ -6,9 +6,9 @@
 //TODO OSDOCS-11789: Why is this a procedure and not a reference?
 
 [id="rosa-hcp-firewall-prerequisites_{context}"]
-= Firewall prerequisites for {hcp-title}
+= Firewall prerequisites for {rosa-short}
 
-* If you are using a firewall to control egress traffic from {hcp-title-first}, your Virtual Private Cloud (VPC) must be able to complete requests from the cluster to the Amazon S3 service, for example, via an Amazon S3 gateway.
+* If you are using a firewall to control egress traffic from {rosa-short}, your Virtual Private Cloud (VPC) must be able to complete requests from the cluster to the Amazon S3 service, for example, via an Amazon S3 gateway.
 
 * You must also configure your firewall to grant access to the following domain and port combinations.
 //TODO OSDOCS-11789: From your deploy machine? From your cluster?

modules/rosa-operator-config.adoc

@@ -1,18 +1,23 @@
 
 // Module included in the following assemblies:
 //
+// * rosa_hcp/rosa-hcp-cluster-no-cni.adoc
+// * rosa_hcp/rosa-hcp-creating-cluster-with-aws-kms-key.adoc
+// * rosa_hcp/rosa-hcp-quickstart-guide.adoc
 // * rosa_hcp/rosa-hcp-sts-creating-a-cluster-quickly.adoc
+// * rosa_hcp/rosa-hcp-egress-zero-install.adoc
+// * rosa_planning/rosa-hcp-prepare-iam-roles-resources.adoc
 
 :_content-type: PROCEDURE
 [id="rosa-operator-config_{context}"]
 = Creating Operator roles and policies
 
-When you deploy a {hcp-title} cluster, you must create the Operator IAM roles that are required for {hcp-title-first} deployments. The cluster Operators use the Operator roles and policies to obtain the temporary permissions required to carry out cluster operations, such as managing back-end storage and external access to a cluster.
+When you deploy a {rosa-short} cluster, you must create the Operator IAM roles. The cluster Operators use the Operator roles and policies to obtain the temporary permissions required to carry out cluster operations, such as managing back-end storage and external access to a cluster.
 
 .Prerequisites
 
-* You have completed the AWS prerequisites for {hcp-title}.
-* You have installed and configured the latest {product-title} ROSA CLI (`rosa`), on your installation host.
+* You have completed the AWS prerequisites for {rosa-short}.
+* You have installed and configured the latest ROSA CLI (`rosa`), on your installation host.
 * You created the account-wide AWS roles.
 
 .Procedure
@@ -36,11 +41,11 @@ $ rosa create operator-roles --hosted-cp
 +
 --
 <1> You must supply a prefix when creating these Operator roles. Failing to do so produces an error. See the Additional resources of this section for information on the Operator prefix.
-<2> This value is the OIDC configuration ID that you created for your {hcp-title} cluster.
+<2> This value is the OIDC configuration ID that you created for your {rosa-short} cluster.
 <3> This value is the installer role ARN that you created when you created the ROSA account roles.
 --
 +
-You must include the `--hosted-cp` parameter to create the correct roles for {hcp-title} clusters. This command returns the following information.
+You must include the `--hosted-cp` parameter to create the correct roles for {rosa-short} clusters. This command returns the following information.
 +
 .Example output
 +
@@ -69,10 +74,10 @@ I: To create a cluster with these roles, run the following command:
 +
 --
 <1> This field is prepopulated with the prefix that you set in the initial creation command.
-<2> This field requires you to select an OIDC configuration that you created for your {hcp-title} cluster.
+<2> This field requires you to select an OIDC configuration that you created for your {rosa-short} cluster.
 --
 +
-The Operator roles are now created and ready to use for creating your {hcp-title} cluster.
+The Operator roles are now created and ready to use for creating your {rosa-short} cluster.
 
 .Verification
 

modules/rosa-planning-environment-application-reqs.adoc

@@ -4,7 +4,14 @@
 [id="planning-environment-application-requirements_{context}"]
 = Planning your environment based on application requirements
 
-This document describes how to plan your {product-title} environment based on your application requirements.
+This document describes how to plan your 
+ifdef::openshift-rosa[]
+{rosa-classic-short}
+endif::openshift-rosa[]
+ifdef::openshift-rosa-hcp[]
+{rosa-short}
+endif::openshift-rosa-hcp[]
+environment based on your application requirements.
 
 Consider an example application environment:
 

modules/rosa-prereq-roles-overview.adoc

@@ -1,12 +1,28 @@
 // Module included in the following assemblies:
-// * rosa_planning/rosa-hcp-prepare-iam-resources.adoc
+// * rosa_planning/rosa-sts-ocm-role.adoc
+// * rosa_planning/rosa-hcp-prepare-iam-roles-resources.adoc
+
 :_mod-docs-content-type: MODULE
 [id="rosa-prereq-roles-overview"]
 = Overview of required roles
 
-To create and manage your {product-title} cluster, you must create several account-wide and cluster-wide roles. If you intend to use {cluster-manager} to create or manage your cluster, you need some additional roles.
+To create and manage your 
+ifdef::openshift-rosa[]
+{rosa-classic-short}
+endif::openshift-rosa[]
+ifdef::openshift-rosa-hcp[]
+{rosa-short}
+endif::openshift-rosa-hcp[]
+cluster, you must create several account-wide and cluster-wide roles. If you intend to use {cluster-manager} to create or manage your cluster, you need some additional roles.
 
-To create and manage clusters:: Several account-wide roles are required to create and manage ROSA clusters. These roles only need to be created once per AWS account, and do not need to be created fresh for each cluster. One or more AWS managed policies are attached to each role to grant that role the required capabilities. You can specify your own prefix, or use the default prefix (`ManagedOpenShift`).
+To create and manage clusters:: Several account-wide roles are required to create and manage 
+ifdef::openshift-rosa[]
+{rosa-classic-short}
+endif::openshift-rosa[]
+ifdef::openshift-rosa-hcp[]
+{rosa-short}
+endif::openshift-rosa-hcp[]
+clusters. These roles only need to be created once per AWS account, and do not need to be created fresh for each cluster. One or more AWS managed policies are attached to each role to grant that role the required capabilities. You can specify your own prefix, or use the default prefix (`ManagedOpenShift`).
 +
 [NOTE]
 ====
@@ -52,7 +68,7 @@ Role creation does not request your AWS access or secret keys. AWS Security Toke
 To use Operator-managed cluster capabilities:: Some cluster capabilities, including several capabilities provided by default, are managed using Operators. Cluster-specific Operator roles (`operator-roles` in the ROSA CLI) are required to use these capabilities. These roles are used to obtain the temporary permissions required to carry out cluster operations such as managing back-end storage, ingress, and registry. Obtaining these permissions requires the configuration of an OpenID Connect (OIDC) provider, which connects to AWS Security Token Service (STS) to authenticate Operator access to AWS resources.
 ifndef::openshift-rosa-hcp[]
 +
-The following Operator roles are required for {product-title} clusters:
+The following Operator roles are required for {rosa-classic-short} clusters:
 
 ** `openshift-cluster-csi-drivers-ebs-cloud-credentials`
 ** `openshift-cloud-network-config-controller-cloud-credentials`
@@ -65,7 +81,7 @@ The following Operator roles are required for {product-title} clusters:
 endif::openshift-rosa-hcp[]
 ifdef::openshift-rosa-hcp[]
 +
-For {hcp-title} clusters, you must create the following Operator roles and attach the indicated AWS Managed policies:
+For {rosa-short} clusters, you must create the following Operator roles and attach the indicated AWS Managed policies:
 +
 .Required Operator roles and AWS Managed policies for {hcp-title}
 [options="header"]
@@ -101,7 +117,6 @@ For {hcp-title} clusters, you must create the following Operator roles and attac
 endif::openshift-rosa-hcp[]
 When you create Operator roles using the `rosa create operator-role` command, the roles created are named using the pattern `<cluster_name>-<hash>-<role_name>`, for example, `test-abc1-kube-system-control-plane-operator`. When your cluster name is longer than 15 characters, the role name is truncated.
 
-
 To use {cluster-manager}:: The web user interface, {cluster-manager}, requires you to create additional roles in your AWS account to create a trust relationship between that AWS account and the {cluster-manager}.
 +
 This trust relationship is achieved through the creation and association of the `ocm-role` AWS IAM role. This role has a trust policy with the AWS installer that links your Red{nbsp}Hat account to your AWS account. In addition, you also need a `user-role` AWS IAM role for each web UI user, which serves to identify these users. This `user-role` AWS IAM role has no permissions.

modules/rosa-required-aws-service-quotas.adoc

@@ -6,7 +6,14 @@
 [id="rosa-required-aws-service-quotas_{context}"]
 = Required AWS service quotas
 
-The table below describes the AWS service quotas and levels required to create and run one {product-title} cluster. Although most default values are suitable for most workloads, you might need to request additional quota for the following cases:
+The table below describes the AWS service quotas and levels required to create and run one 
+ifdef::openshift-rosa[]
+{rosa-classic-short}
+endif::openshift-rosa[]
+ifdef::openshift-rosa-hcp[]
+{rosa-short}
+endif::openshift-rosa-hcp[]
+cluster. Although most default values are suitable for most workloads, you might need to request additional quota for the following cases:
 
 * ROSA clusters require a minimum AWS EC2 service quota of
 ifndef::openshift-rosa-hcp[]

modules/rosa-requirements-deploying-in-opt-in-regions.adoc

@@ -5,7 +5,14 @@
 [id="rosa-requirements-deploying-in-opt-in-regions_{context}"]
 = Requirements for deploying a cluster in an opt-in region
 
-An AWS opt-in region is a region that is not enabled in your AWS account by default. If you want to deploy a {product-title} (ROSA) cluster that uses the AWS Security Token Service (STS) in an opt-in region, you must meet the following requirements:
+An AWS opt-in region is a region that is not enabled in your AWS account by default. If you want to deploy a 
+ifdef::openshift-rosa[]
+{rosa-classic-short} 
+endif::openshift-rosa[]
+ifdef::openshift-rosa-hcp[]
+{rosa-short} 
+endif::openshift-rosa-hcp[]
+cluster that uses the AWS Security Token Service (STS) in an opt-in region, you must meet the following requirements:
 
 * The region must be enabled in your AWS account. For more information about enabling opt-in regions, see link:https://docs.aws.amazon.com/general/latest/gr/rande-manage.html[Managing AWS Regions] in the AWS documentation.
 * The security token version in your AWS account must be set to version 2. You cannot use version 1 security tokens for opt-in regions.