diff --git a/installing/installing_aws/installing-aws-customizations.adoc b/installing/installing_aws/installing-aws-customizations.adoc index 9e15934e5e5f..e8c620c379c9 100644 --- a/installing/installing_aws/installing-aws-customizations.adoc +++ b/installing/installing_aws/installing-aws-customizations.adoc @@ -44,7 +44,8 @@ include::modules/installation-configuration-parameters.adoc[leveloffset=+2] include::modules/installation-aws-config-yaml.adoc[leveloffset=+2] -include::modules/installation-configure-proxy.adoc[leveloffset=+2] +// Removing; Proxy not supported for AWS IPI for 4.2 +// include::modules/installation-configure-proxy.adoc[leveloffset=+2] include::modules/installation-launching-installer.adoc[leveloffset=+1] diff --git a/installing/installing_azure/installing-azure-customizations.adoc b/installing/installing_azure/installing-azure-customizations.adoc index 7714bc5a01a4..3dbccfdfcd0d 100644 --- a/installing/installing_azure/installing-azure-customizations.adoc +++ b/installing/installing_azure/installing-azure-customizations.adoc @@ -31,7 +31,8 @@ include::modules/installation-configuration-parameters.adoc[leveloffset=+2] include::modules/installation-azure-config-yaml.adoc[leveloffset=+2] -include::modules/installation-configure-proxy.adoc[leveloffset=+2] +// Removing; Proxy not supported for Azure IPI for 4.2 +// include::modules/installation-configure-proxy.adoc[leveloffset=+2] include::modules/installation-launching-installer.adoc[leveloffset=+1] diff --git a/installing/installing_gcp/installing-gcp-customizations.adoc b/installing/installing_gcp/installing-gcp-customizations.adoc index 43d61c91caab..b5e41c131c19 100644 --- a/installing/installing_gcp/installing-gcp-customizations.adoc +++ b/installing/installing_gcp/installing-gcp-customizations.adoc @@ -32,7 +32,8 @@ include::modules/installation-configuration-parameters.adoc[leveloffset=+2] include::modules/installation-gcp-config-yaml.adoc[leveloffset=+2] -include::modules/installation-configure-proxy.adoc[leveloffset=+2] +// Removing; Proxy not supported for GCP IPI for 4.2 +// include::modules/installation-configure-proxy.adoc[leveloffset=+2] include::modules/installation-launching-installer.adoc[leveloffset=+1] diff --git a/networking/enable-cluster-wide-proxy.adoc b/networking/enable-cluster-wide-proxy.adoc index 188356c042ea..9ce6d9b5a23d 100644 --- a/networking/enable-cluster-wide-proxy.adoc +++ b/networking/enable-cluster-wide-proxy.adoc @@ -5,12 +5,9 @@ include::modules/common-attributes.adoc[] toc::[] -Production environments can deny direct access to the Internet and instead have -an HTTP or HTTPS proxy available. You can configure {product-title} to use a -proxy by -xref:../networking/enable-cluster-wide-proxy.adoc#nw-proxy-configure-object_config-cluster-wide-proxy[modifying the Proxy object for existing clusters] -or by configuring the proxy settings in the `install-config.yaml` file for new -clusters. +Production environments can deny direct access to the Internet and instead have an HTTP or HTTPS proxy available. You can configure {product-title} to use a proxy by xref:../networking/enable-cluster-wide-proxy.adoc#nw-proxy-configure-object_config-cluster-wide-proxy[modifying the Proxy object for existing clusters] or by configuring the proxy settings in the `install-config.yaml` file for new clusters. + +IMPORTANT: The cluster-wide proxy is only supported if you used a user-provisioned infrastructure installation for a supported provider. include::modules/nw-proxy-configure-object.adoc[leveloffset=+1] diff --git a/release_notes/ocp-4-2-release-notes.adoc b/release_notes/ocp-4-2-release-notes.adoc index e2e3fda5a8df..af4abfb94b20 100644 --- a/release_notes/ocp-4-2-release-notes.adoc +++ b/release_notes/ocp-4-2-release-notes.adoc @@ -104,10 +104,12 @@ for details. ==== Cluster-wide egress proxy {product-title} {product-version} introduces support for installing and updating -an OpenShift cluster through a corporate proxy server. Proxy information -(httpProxy, httpsProxy, and noProxy) can be defined in `install-config`, which +an {product-title} cluster through a corporate proxy server on user-provisioned infrastructure. Proxy information +(httpProxy, httpsProxy, and noProxy) can be defined in the `install-config.yaml` file, which is used during the installation process and can also be managed -post-installation via the cluster proxy object. +post-installation via the `cluster` Proxy object. + +IMPORTANT: The cluster-wide proxy is only supported if you used a user-provisioned infrastructure installation for a supported provider. Also, there is now support for providing your own CA bundles allowing the corporate proxy to MITM HTTPS. @@ -128,7 +130,7 @@ experiences: Full stack automation (IPI) and pre-existing infrastructure (UPI). With full stack automation, the installer controls all areas of the installation including infrastructure provisioning with an opinionated best practices -deployment of {product-title}. With re-existing infrastructure deployments, +deployment of {product-title}. With pre-existing infrastructure deployments, administrators are responsible for creating and managing their own infrastructure allowing greater customization and operational flexibility. @@ -302,7 +304,7 @@ across the cluster. ==== Whitelisting of sysctls configuration System administrators can whitelist sysctl on a per-node basis. All safe sysctls -are enabled by default; all unsafe sysctls are disabled by default.See +are enabled by default; all unsafe sysctls are disabled by default. See xref:../nodes/containers/nodes-containers-sysctls.adoc#nodes-containers-sysctls[Using sysctls in containers] for more information. @@ -720,11 +722,11 @@ memory is handled by the cluster itself. *Image Registry* * TLS keys were not added to registry routes. This is because TLS keys were stored -in `Secret.StringData` and the Operator was unable to se the real data in the +in `Secret.StringData` and the Operator was unable to see the real data in the secret. Now, Secret.Data is used instead and the Operator can see the values. (link:https://bugzilla.redhat.com/show_bug.cgi?id=1719965[*BZ#1719965*]) -* The drain process would take up to 600 seconds to evist the image-registry pod. +* The drain process would take up to 600 seconds to evict the image-registry pod. This was because the image registry was running from sh and signals were not propagated to the image registry, and unable to receive SIGTERM. Now, the registry process uses exec and the registry is the pid 1 process and able to @@ -1212,7 +1214,7 @@ indicate that the feature is removed from the release or deprecated. |GA |GA -|External provisoner for AWS EFS +|External provisioner for AWS EFS |TP |TP |TP