installing-restricted-networks-gcp.adoc

Installing a cluster on GCP in a disconnected environment with user-provisioned infrastructure

In {product-title} version {product-version}, you can install a cluster on Google Cloud Platform (GCP) that uses infrastructure that you provide and an internal mirror of the installation release content.

Important

While you can install an {product-title} cluster by using mirrored installation release content, your cluster still requires internet access to use the GCP APIs.

The steps for performing a user-provided infrastructure install are outlined here. Several Deployment Manager templates are provided to assist in completing these steps or to help model your own. You are also free to create the required resources through other methods.

Important

The steps for performing a user-provisioned infrastructure installation are provided as an example only. Installing a cluster with infrastructure you provide requires knowledge of the cloud provider and the installation process of {product-title}. Several Deployment Manager templates are provided to assist in completing these steps or to help model your own. You are also free to create the required resources through other methods; the templates are just an example.

Prerequisites

• You reviewed details about the {product-title} installation and update processes.

• You read the documentation on selecting a cluster installation method and preparing it for users.

• You created a registry on your mirror host and obtained the imageContentSources data for your version of {product-title}.

  Important

  Because the installation media is on the mirror host, you can use that computer to complete all installation steps.

• If you use a firewall, you configured it to allow the sites that your cluster requires access to. While you might need to grant access to more sites, you must grant access to *.googleapis.com and accounts.google.com.

• If the cloud identity and access management (IAM) APIs are not accessible in your environment, or if you do not want to store an administrator-level credential secret in the kube-system namespace, you can manually create and maintain long-term credentials.

modules/installation-about-restricted-network.adoc

modules/cluster-entitlements.adoc

Configuring your GCP project

Before you can install {product-title}, you must configure a Google Cloud Platform (GCP) project to host it.

modules/installation-gcp-project.adoc modules/installation-gcp-enabling-api-services.adoc modules/installation-gcp-dns.adoc modules/installation-gcp-limits.adoc modules/installation-gcp-service-account.adoc modules/installation-gcp-permissions.adoc modules/minimum-required-permissions-upi-gcp.adoc

Additional resources

• Optimizing storage

modules/installation-gcp-regions.adoc modules/installation-gcp-install-cli.adoc

Requirements for a cluster with user-provisioned infrastructure

For a cluster that contains user-provisioned infrastructure, you must deploy all of the required machines.

This section describes the requirements for deploying {product-title} on user-provisioned infrastructure.

modules/installation-machine-requirements.adoc modules/installation-minimum-resource-requirements.adoc modules/installation-gcp-tested-machine-types.adoc modules/installation-using-gcp-custom-machine-types.adoc

modules/installation-user-infra-generate.adoc modules/installation-disk-partitioning-upi-templates.adoc modules/installation-initializing.adoc

Additional resources

• Installation configuration parameters for GCP

modules/installation-gcp-enabling-shielded-vms.adoc modules/installation-gcp-enabling-confidential-vms.adoc modules/installation-configure-proxy.adoc modules/installation-user-infra-generate-k8s-manifest-ignition.adoc

Additional resources

• Optional: Adding the ingress DNS records

Exporting common variables

modules/installation-extracting-infraid.adoc modules/installation-user-infra-exporting-common-variables.adoc

modules/installation-creating-gcp-vpc.adoc modules/installation-deployment-manager-vpc.adoc

modules/installation-network-user-infra.adoc

modules/installation-creating-gcp-lb.adoc modules/installation-deployment-manager-ext-lb.adoc modules/installation-deployment-manager-int-lb.adoc

modules/installation-creating-gcp-private-dns.adoc modules/installation-deployment-manager-private-dns.adoc

modules/installation-creating-gcp-firewall-rules-vpc.adoc modules/installation-deployment-manager-firewall-rules.adoc

modules/installation-creating-gcp-iam-shared-vpc.adoc modules/installation-deployment-manager-iam-shared-vpc.adoc

modules/installation-gcp-user-infra-rhcos.adoc

modules/installation-creating-gcp-bootstrap.adoc modules/installation-deployment-manager-bootstrap.adoc

modules/installation-creating-gcp-control-plane.adoc modules/installation-deployment-manager-control-plane.adoc

modules/installation-gcp-user-infra-wait-for-bootstrap.adoc

modules/installation-creating-gcp-worker.adoc modules/installation-deployment-manager-worker.adoc

modules/cli-logging-in-kubeadmin.adoc

modules/olm-restricted-networks-configuring-operatorhub.adoc

modules/installation-approve-csrs.adoc

modules/installation-gcp-user-infra-adding-ingress.adoc

modules/installation-gcp-user-infra-completing.adoc

modules/cluster-telemetry.adoc

Additional resources

• See About remote health monitoring for more information about the Telemetry service

Next steps

• Customize your cluster.

• Configure image streams for the Cluster Samples Operator and the must-gather tool.

• Learn how to Use Operator Lifecycle Manager in disconnected environments.

• If the mirror registry that you used to install your cluster has a trusted CA, add it to the cluster by configuring additional trust stores.

• If necessary, you can opt out of remote health reporting.

• If necessary, see Registering your disconnected cluster