In {product-title} version {product-version}, you can install a cluster on Amazon Web Services (AWS) using infrastructure that you provide and an internal mirror of the installation release content.
|
Important
|
While you can install an {product-title} cluster by using mirrored installation release content, your cluster still requires internet access to use the AWS APIs. |
One way to create this infrastructure is to use the provided CloudFormation templates. You can modify the templates to customize your infrastructure or use the information that they contain to create AWS objects according to your company’s policies.
|
Important
|
The steps for performing a user-provisioned infrastructure installation are provided as an example only. Installing a cluster with infrastructure you provide requires knowledge of the cloud provider and the installation process of {product-title}. Several CloudFormation templates are provided to assist in completing these steps or to help model your own. You are also free to create the required resources through other methods; the templates are just an example. |
-
You reviewed details about the {product-title} installation and update processes.
-
You read the documentation on selecting a cluster installation method and preparing it for users.
-
You created a mirror registry on your mirror host and obtained the
imageContentSourcesdata for your version of {product-title}.ImportantBecause the installation media is on the mirror host, you can use that computer to complete all installation steps.
-
You configured an AWS account to host the cluster.
ImportantIf you have an AWS profile stored on your computer, it must not use a temporary session token that you generated while using a multi-factor authentication device. The cluster continues to use your current AWS credentials to create AWS resources for the entire life of the cluster, so you must use key-based, long-term credentials. To generate appropriate keys, see Managing Access Keys for IAM Users in the AWS documentation. You can supply the keys when you run the installation program.
-
You downloaded the AWS CLI and installed it on your computer. See Install the AWS CLI Using the Bundled Installer (Linux, macOS, or UNIX) in the AWS documentation.
-
If you use a firewall and plan to use the Telemetry service, you configured the firewall to allow the sites that your cluster requires access to.
NoteBe sure to also review this site list if you are configuring a proxy.
-
If the cloud identity and access management (IAM) APIs are not accessible in your environment, or if you do not want to store an administrator-level credential secret in the
kube-systemnamespace, you can manually create and maintain long-term credentials.
-
See Configuration and credential file settings in the AWS documentation for more information about AWS profile and credential configuration.
-
See Listing public hosted zones in the AWS documentation for more information about listing public hosted zones.
-
See {op-system} AMIs for the AWS infrastructure for details about the {op-system-first} AMIs for the AWS zones.
-
See Monitoring installation progress for details about monitoring the installation, bootstrap, and control plane logs as an {product-title} installation progresses.
-
See Gathering bootstrap node diagnostic data for information about troubleshooting issues related to the bootstrap process.
-
See Accessing the web console for more details about accessing and understanding the {product-title} web console.
-
See About remote health monitoring for more information about the Telemetry service
-
See Working with stacks in the AWS documentation for more information about AWS CloudFormation stacks.
-
Configure image streams for the Cluster Samples Operator and the
must-gathertool. -
Learn how to use Operator Lifecycle Manager in disconnected environments.
-
If the mirror registry that you used to install your cluster has a trusted CA, add it to the cluster by configuring additional trust stores.
-
If necessary, you can opt out of remote health reporting.
-
If necessary, see Registering your disconnected cluster
-
If necessary, you can remove cloud provider credentials.