Skip to content

[enterprise-4.10] GH#40104 Hide AWS-specific configs for installer proxy information #40263

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
codyhoag merged 1 commit into from
Jan 5, 2022
Merged

[enterprise-4.10] GH#40104 Hide AWS-specific configs for installer proxy information #40263

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
73 changes: 62 additions & 11 deletions modules/installation-configure-proxy.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
// Module included in the following assemblies:
//
// * installing/installing_aws/installing_aws-customizations.adoc
// * installing/installing_aws/installing_aws-network-customizations.adoc
// * installing/installing_aws/installing_aws-private.adoc
// * installing/installing_aws/installing_aws-vpc.adoc
// * installing/installing_aws/installing_aws-china.adoc
// * installing/installing_aws/installing-aws-customizations.adoc
// * installing/installing_aws/installing-aws-network-customizations.adoc
// * installing/installing_aws/installing-aws-private.adoc
// * installing/installing_aws/installing-aws-vpc.adoc
// * installing/installing_aws/installing-aws-china.adoc
// * installing/installing_aws/installing-aws-user-infra.adoc
// * installing/installing_aws/installing-aws-government-region.adoc
// * installing/installing_aws/installing-restricted-networks-aws-installer-provisioned.adoc
Expand Down Expand Up @@ -53,8 +53,33 @@
// * installing/installing-rhv-restricted-network.adoc

ifeval::["{context}" == "installing-aws-china-region"]
:aws:
:aws-china:
endif::[]
ifeval::["{context}" == "installing-aws-customizations"]
:aws:
endif::[]
ifeval::["{context}" == "installing-aws-network-customizations"]
:aws:
endif::[]
ifeval::["{context}" == "installing-aws-private"]
:aws:
endif::[]
ifeval::["{context}" == "installing-aws-vpc"]
:aws:
endif::[]
ifeval::["{context}" == "installing-aws-user-infra"]
:aws:
endif::[]
ifeval::["{context}" == "installing-aws-government-region"]
:aws:
endif::[]
ifeval::["{context}" == "installing-restricted-networks-aws-installer-provisioned"]
:aws:
endif::[]
ifeval::["{context}" == "installing-restricted-networks-aws"]
:aws:
endif::[]
ifeval::["{context}" == "installing-bare-metal"]
:bare-metal:
endif::[]
Expand Down Expand Up @@ -152,12 +177,13 @@ The `Proxy` object `status.noProxy` field is populated with the values of the `n

For installations on Amazon Web Services (AWS), Google Cloud Platform (GCP), Microsoft Azure, and {rh-openstack-first}, the `Proxy` object `status.noProxy` field is also populated with the instance metadata endpoint (`169.254.169.254`).
====
ifndef::aws-china[]
* If your cluster is on AWS, you added the `ec2.<region>.amazonaws.com`, `elasticloadbalancing.<region>.amazonaws.com`, and `s3.<region>.amazonaws.com` endpoints to your VPC endpoint. These endpoints are required to complete requests from the nodes to the AWS EC2 API. Because the proxy works on the container level, not the node level, you must route these requests to the AWS EC2 API through the AWS private network. Adding the public IP address of the EC2 API to your allowlist in your proxy server is not sufficient.
endif::aws-china[]
ifdef::aws-china[]
* You have added the `ec2.<region>.amazonaws.com.cn`, `elasticloadbalancing.<region>.amazonaws.com`, and `s3.<region>.amazonaws.com` endpoints to your VPC endpoint. These endpoints are required to complete requests from the nodes to the AWS EC2 API. Because the proxy works on the container level, not the node level, you must route these requests to the AWS EC2 API through the AWS private network. Adding the public IP address of the EC2 API to your allowlist in your proxy server is not sufficient.
endif::aws-china[]

ifdef::aws[]
* You have added the
ifdef::aws-china[`ec2.<region>.amazonaws.com.cn`, ]
ifndef::aws-china[`ec2.<region>.amazonaws.com`, ]
`elasticloadbalancing.<region>.amazonaws.com`, and `s3.<region>.amazonaws.com` endpoints to your VPC endpoint. These endpoints are required to complete requests from the nodes to the AWS EC2 API. Because the proxy works on the container level, not the node level, you must route these requests to the AWS EC2 API through the AWS private network. Adding the public IP address of the EC2 API to your allowlist in your proxy server is not sufficient.
endif::aws[]
// TODO: xref installation-aws-user-infra-requirements.adoc#installation-aws-user-infra-other-infrastructure_{context} as a relative link

.Procedure
Expand Down Expand Up @@ -213,8 +239,33 @@ proxies can be created.
====

ifeval::["{context}" == "installing-aws-china-region"]
:!aws:
:!aws-china:
endif::[]
ifeval::["{context}" == "installing-aws-customizations"]
:!aws:
endif::[]
ifeval::["{context}" == "installing-aws-network-customizations"]
:!aws:
endif::[]
ifeval::["{context}" == "installing-aws-private"]
:!aws:
endif::[]
ifeval::["{context}" == "installing-aws-vpc"]
:!aws:
endif::[]
ifeval::["{context}" == "installing-aws-user-infra"]
:!aws:
endif::[]
ifeval::["{context}" == "installing-aws-government-region"]
:!aws:
endif::[]
ifeval::["{context}" == "installing-restricted-networks-aws-installer-provisioned"]
:!aws:
endif::[]
ifeval::["{context}" == "installing-restricted-networks-aws"]
:!aws:
endif::[]
ifeval::["{context}" == "installing-bare-metal"]
:!bare-metal:
endif::[]
Expand Down