From 2cd7896480df871abcc1b25b134d87072a7af416 Mon Sep 17 00:00:00 2001 From: Cody Hoag Date: Fri, 23 Apr 2021 10:26:08 -0400 Subject: [PATCH] Installing a cluster on AWS in a restricted network --- _topic_map.yml | 4 +- .../install_config/installation-types.adoc | 2 +- ...ling-restricted-networks-preparations.adoc | 2 +- ...ed-networks-aws-installer-provisioned.adoc | 71 +++++++++++++++++++ .../installing-restricted-networks-aws.adoc | 2 +- modules/cli-installing-cli.adoc | 1 + modules/cli-logging-in-kubeadmin.adoc | 1 + modules/cluster-entitlements.adoc | 14 ++++ ...installation-about-restricted-network.adoc | 7 ++ modules/installation-aws-config-yaml.adoc | 52 ++++++++++---- ...installation-configuration-parameters.adoc | 7 ++ modules/installation-configure-proxy.adoc | 1 + modules/installation-custom-aws-vpc.adoc | 4 +- modules/installation-initializing.adoc | 23 +++++- modules/installation-launching-installer.adoc | 9 +++ modules/ssh-agent-using.adoc | 1 + 16 files changed, 183 insertions(+), 18 deletions(-) create mode 100644 installing/installing_aws/installing-restricted-networks-aws-installer-provisioned.adoc diff --git a/_topic_map.yml b/_topic_map.yml index 28ad0d2692da..f0d84accf887 100644 --- a/_topic_map.yml +++ b/_topic_map.yml @@ -167,13 +167,15 @@ Topics: File: installing-aws-customizations - Name: Installing a cluster on AWS with network customizations File: installing-aws-network-customizations + - Name: Installing a cluster on AWS in a restricted network + File: installing-restricted-networks-aws-installer-provisioned - Name: Installing a cluster on AWS into an existing VPC File: installing-aws-vpc - Name: Installing a private cluster on AWS File: installing-aws-private - Name: Installing a cluster on AWS using CloudFormation templates File: installing-aws-user-infra - - Name: Installing a cluster on AWS in a restricted network + - Name: Installing a cluster on AWS in a restricted network with user-provisioned infrastructure File: installing-restricted-networks-aws - Name: Uninstalling a cluster on AWS File: uninstalling-cluster-aws diff --git a/installing/install_config/installation-types.adoc b/installing/install_config/installation-types.adoc index e99865978ca5..7c536212a3f6 100644 --- a/installing/install_config/installation-types.adoc +++ b/installing/install_config/installation-types.adoc @@ -52,7 +52,7 @@ endif::openshift-origin[] | |Restricted network -| +|xref:../../installing/installing_aws/installing-restricted-networks-aws-installer-provisioned.adoc#installing-restricted-networks-aws-installer-provisioned[X] | | |xref:../../installing/installing_openstack/installing-openstack-installer-restricted.adoc#installing-openstack-installer-restricted[X] diff --git a/installing/install_config/installing-restricted-networks-preparations.adoc b/installing/install_config/installing-restricted-networks-preparations.adoc index 49cc459bba16..7d8a86e4a84b 100644 --- a/installing/install_config/installing-restricted-networks-preparations.adoc +++ b/installing/install_config/installing-restricted-networks-preparations.adoc @@ -5,7 +5,7 @@ include::modules/common-attributes.adoc[] toc::[] -Before you install a cluster on infrastructure that you provision in a restricted network, you must mirror the required container images into that environment. Installations on a restricted network are supported on only infrastructure that you provision, not infrastructure that the installer provisions. You can also use this procedure in unrestricted networks to ensure your clusters only use container images that have satisfied your organizational controls on external content. +Before you install a cluster on infrastructure that you provision in a restricted network, you must mirror the required container images into that environment. You can also use this procedure in unrestricted networks to ensure your clusters only use container images that have satisfied your organizational controls on external content. [IMPORTANT] ==== diff --git a/installing/installing_aws/installing-restricted-networks-aws-installer-provisioned.adoc b/installing/installing_aws/installing-restricted-networks-aws-installer-provisioned.adoc new file mode 100644 index 000000000000..21f58f533843 --- /dev/null +++ b/installing/installing_aws/installing-restricted-networks-aws-installer-provisioned.adoc @@ -0,0 +1,71 @@ +[id="installing-restricted-networks-aws-installer-provisioned"] += Installing a cluster on AWS in a restricted network +include::modules/common-attributes.adoc[] +:context: installing-restricted-networks-aws-installer-provisioned + +toc::[] + +In {product-title} version {product-version}, you can install a cluster on Amazon Web Services (AWS) in a restricted network by creating an internal mirror of the installation release content on an existing Amazon Virtual Private Cloud (VPC). + +[id="prerequisites_installing-restricted-networks-aws-installer-provisioned"] +== Prerequisites + +* You xref:../../installing/install_config/installing-restricted-networks-preparations.adoc#installing-restricted-networks-preparations[created a mirror registry on your mirror host] and obtained the `imageContentSources` data for your version of {product-title}. ++ +[IMPORTANT] +==== +Because the installation media is on the mirror host, you can use that computer to complete all installation steps. +==== +* You have an existing VPC in AWS. When installing to a restricted network using installer-provisioned infrastructure, you cannot use the installer-provisioned VPC. You must use a user-provisioned VPC that satisfies one of the following requirements: +** Contains the mirror registry. +** Has firewall rules or a peering connection to access the mirror registry hosted elsewhere. +* You reviewed details about the xref:../../architecture/architecture-installation.adoc#architecture-installation[{product-title} installation and update] processes. +* You xref:../../installing/installing_aws/installing-aws-account.adoc#installing-aws-account[configured an AWS account] to host the cluster. ++ +[IMPORTANT] +==== +If you have an AWS profile stored on your computer, it must not use a temporary session token that you generated while using a multi-factor authentication device. The cluster continues to use your current AWS credentials to create AWS resources for the entire life of the cluster, so you must use key-based, long-lived credentials. To generate appropriate keys, see link:https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html[Managing Access Keys for IAM Users] in the AWS documentation. You can supply the keys when you run the installation program. +==== +* You downloaded the AWS CLI and installed it on your computer. See +link:https://docs.aws.amazon.com/cli/latest/userguide/install-bundle.html[Install the AWS CLI Using the Bundled Installer (Linux, macOS, or Unix)] in the AWS documentation. +* If you use a firewall and plan to use the Telemetry service, you xref:../../installing/install_config/configuring-firewall.adoc#configuring-firewall[configured the firewall to allow the sites] that your cluster requires access to. ++ +[NOTE] +==== +If you are configuring a proxy, be sure to also review this site list. +==== +* If you do not allow the system to manage identity and access management (IAM), then a cluster administrator can xref:../../installing/installing_aws/manually-creating-iam.adoc#manually-creating-iam-aws[manually create and maintain IAM credentials]. Manual mode can also be used in environments where the cloud IAM APIs are not reachable. + +include::modules/installation-about-restricted-network.adoc[leveloffset=+1] + +include::modules/installation-custom-aws-vpc.adoc[leveloffset=+1] + +include::modules/cluster-entitlements.adoc[leveloffset=+1] + +.Additional resources + +* See xref:../../support/remote_health_monitoring/about-remote-health-monitoring.adoc#about-remote-health-monitoring[About remote health monitoring] for more information about the Telemetry service + +include::modules/ssh-agent-using.adoc[leveloffset=+1] + +include::modules/installation-initializing.adoc[leveloffset=+1] + +include::modules/installation-configuration-parameters.adoc[leveloffset=+2] + +include::modules/installation-aws-config-yaml.adoc[leveloffset=+2] + +include::modules/installation-configure-proxy.adoc[leveloffset=+2] + +include::modules/installation-launching-installer.adoc[leveloffset=+1] + +include::modules/cli-installing-cli.adoc[leveloffset=+1] + +include::modules/cli-logging-in-kubeadmin.adoc[leveloffset=+1] + +[id="next-steps_installing-restricted-networks-aws-installer-provisioned"] +== Next steps + +* xref:../../post_installation_configuration/cluster-tasks.adoc#available_cluster_customizations[Customize your cluster]. +* Learn how to xref:../../operators/admin/olm-restricted-networks.adoc#olm-understanding-operator-catalog-images_olm-restricted-networks[use Operator Lifecycle Manager (OLM) on restricted networks]. +* If the mirror registry that you used to install your cluster has a trusted CA, add it to the cluster by xref:../../openshift_images/image-configuration.adoc#images-configuration-cas_image-configuration[configuring additional trust stores]. +* If necessary, you can xref:../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#opting-out-remote-health-reporting_opting-out-remote-health-reporting[opt out of remote health reporting]. diff --git a/installing/installing_aws/installing-restricted-networks-aws.adoc b/installing/installing_aws/installing-restricted-networks-aws.adoc index acf631698213..9a50b0c1d38f 100644 --- a/installing/installing_aws/installing-restricted-networks-aws.adoc +++ b/installing/installing_aws/installing-restricted-networks-aws.adoc @@ -1,5 +1,5 @@ [id="installing-restricted-networks-aws"] -= Installing a cluster on AWS that uses mirrored installation content += Installing a cluster on AWS in a restricted network with user-provisioned infrastructure include::modules/common-attributes.adoc[] :context: installing-restricted-networks-aws diff --git a/modules/cli-installing-cli.adoc b/modules/cli-installing-cli.adoc index f8154aeb9dec..ab032ab0b788 100644 --- a/modules/cli-installing-cli.adoc +++ b/modules/cli-installing-cli.adoc @@ -7,6 +7,7 @@ // * installing/installing_aws/installing-aws-network-customizations.adoc // * installing/installing_aws/installing-aws-private.adoc // * installing/installing_aws/installing-aws-vpc.adoc +// * installing/installing_aws/installing-restricted-networks-aws-installer-provisioned.adoc // * installing/installing_azure/installing-azure-customizations.adoc // * installing/installing_azure/installing-azure-default.adoc // * installing/installing_azure/installing-azure-private.adoc diff --git a/modules/cli-logging-in-kubeadmin.adoc b/modules/cli-logging-in-kubeadmin.adoc index 92815cfb9c89..f03f421be84f 100644 --- a/modules/cli-logging-in-kubeadmin.adoc +++ b/modules/cli-logging-in-kubeadmin.adoc @@ -6,6 +6,7 @@ // * installing/installing_aws/installing-aws-network-customizations.adoc // * installing/installing_aws/installing-aws-private.adoc // * installing/installing_aws/installing-aws-vpc.adoc +// * installing/installing_aws/installing-restricted-networks-aws-installer-provisioned.adoc // * installing/installing_azure/installing-azure-customizations.adoc // * installing/installing_azure/installing-azure-default.adoc // * installing/installing_azure/installing-azure-private.adoc diff --git a/modules/cluster-entitlements.adoc b/modules/cluster-entitlements.adoc index 7cc35b0a364a..936978e20820 100644 --- a/modules/cluster-entitlements.adoc +++ b/modules/cluster-entitlements.adoc @@ -7,6 +7,7 @@ // * installing/installing_aws/installing-aws-network-customizations.adoc // * installing/installing_aws/installing-aws-private.adoc // * installing/installing_aws/installing-aws-vpc.adoc +// * installing/installing_aws/installing-restricted-networks-aws-installer-provisioned.adoc // * installing/installing_azure/installing-azure-customizations.adoc // * installing/installing_azure/installing-azure-default.adoc // * installing/installing_azure/installing-azure-private.adoc @@ -39,6 +40,13 @@ endif::[] ifeval::["{context}" == "installing-restricted-networks-installer-provisioned-vsphere"] :restricted: endif::[] +ifeval::["{context}" == "installing-restricted-networks-aws-installer-provisioned"] +:restricted: +endif::[] +ifeval::["{context}" == "installing-restricted-networks-aws"] +:restricted: +endif::[] + [id="cluster-entitlements_{context}"] ifndef::openshift-origin[] @@ -80,3 +88,9 @@ endif::[] ifeval::["{context}" == "installing-restricted-networks-installer-provisioned-vsphere"] :!restricted: endif::[] +ifeval::["{context}" == "installing-restricted-networks-aws-installer-provisioned"] +:!restricted: +endif::[] +ifeval::["{context}" == "installing-restricted-networks-aws"] +:!restricted: +endif::[] diff --git a/modules/installation-about-restricted-network.adoc b/modules/installation-about-restricted-network.adoc index a96d182727ab..938c52fff8fc 100644 --- a/modules/installation-about-restricted-network.adoc +++ b/modules/installation-about-restricted-network.adoc @@ -1,6 +1,7 @@ // Module included in the following assemblies: // // * installing/installing_aws/installing-restricted-networks-aws.adoc +// * installing/installing_aws/installing-restricted-networks-aws-installer-provisioned.adoc // * installing/installing_bare_metal/installing-restricted-networks-bare-metal.adoc // * installing/installing_vsphere/installing-restricted-networks-vsphere.adoc // * installing/installing_ibm_z/installing-restricted-networks-ibm-z.adoc @@ -20,6 +21,9 @@ endif::[] ifeval::["{context}" == "installing-restricted-networks-installer-provisioned-vsphere"] :ipi: endif::[] +ifeval::["{context}" == "installing-restricted-networks-aws-installer-provisioned"] +:ipi: +endif::[] [id="installation-about-restricted-networks_{context}"] = About installations in restricted networks @@ -74,3 +78,6 @@ endif::[] ifeval::["{context}" == "installing-restricted-networks-installer-provisioned-vsphere"] :!ipi: endif::[] +ifeval::["{context}" == "installing-restricted-networks-aws-installer-provisioned"] +:!ipi: +endif::[] diff --git a/modules/installation-aws-config-yaml.adoc b/modules/installation-aws-config-yaml.adoc index 64df7116c252..ddb6103a2d8d 100644 --- a/modules/installation-aws-config-yaml.adoc +++ b/modules/installation-aws-config-yaml.adoc @@ -4,6 +4,7 @@ // * installing/installing_aws/installing-aws-network-customizations.adoc // * installing/installing_aws/installing-aws-private.adoc // * installing/installing_aws/installing-aws-vpc.adoc +// * installing/installing_aws/installing-restricted-networks-aws-installer-provisioned.adoc ifeval::["{context}" == "installing-aws-network-customizations"] :with-networking: @@ -18,7 +19,9 @@ ifeval::["{context}" == "installing-aws-private"] :vpc: :private: endif::[] - +ifeval::["{context}" == "installing-restricted-networks-aws-installer-provisioned"] +:restricted: +endif::[] [id="installation-aws-config-yaml_{context}"] = Sample customized `install-config.yaml` file for AWS @@ -91,14 +94,11 @@ platform: userTags: adminContact: jdoe costCenter: 7536 -ifdef::vpc[] +ifdef::vpc,restricted[] subnets: <6> - subnet-1 - subnet-2 - subnet-3 -endif::vpc[] -pullSecret: '{"auths": ...}' <1> -ifdef::vpc[] ifndef::openshift-origin[] fips: false <7> sshKey: ssh-ed25519 AAAA... <8> @@ -106,8 +106,8 @@ endif::openshift-origin[] ifdef::openshift-origin[] sshKey: ssh-ed25519 AAAA... <7> endif::openshift-origin[] -endif::vpc[] -ifndef::vpc[] +endif::vpc,restricted[] +ifndef::vpc,restricted[] ifndef::openshift-origin[] fips: false <6> sshKey: ssh-ed25519 AAAA... <7> @@ -115,7 +115,7 @@ endif::openshift-origin[] ifdef::openshift-origin[] sshKey: ssh-ed25519 AAAA... <6> endif::openshift-origin[] -endif::vpc[] +endif::vpc,restricted[] ifdef::private[] ifndef::openshift-origin[] publish: Internal <9> @@ -124,6 +124,23 @@ ifdef::openshift-origin[] publish: Internal <8> endif::openshift-origin[] endif::private[] +ifndef::restricted[] +pullSecret: '{"auths": ...}' <1> +endif::restricted[] +ifdef::restricted[] +pullSecret: '{"auths":{"": {"auth": "","email": "you@example.com"}}}' <9> +additionalTrustBundle: | <10> + -----BEGIN CERTIFICATE----- + + -----END CERTIFICATE----- +imageContentSources: <11> +- mirrors: + - //release + source: quay.io/openshift-release-dev/ocp-release +- mirrors: + - //release + source: registry.svc.ci.openshift.org/ocp/release +endif::restricted[] ---- <1> Required. The installation program prompts you for this value. <2> If you do not provide these parameters and values, the installation program @@ -151,7 +168,7 @@ disable simultaneous multithreading. ==== <5> To configure faster storage for etcd, especially for larger clusters, set the storage type as `io1` and set `iops` to `2000`. -ifdef::vpc[] +ifdef::vpc,restricted[] <6> If you provide your own VPC, specify subnets for each availability zone that your cluster uses. ifndef::openshift-origin[] <7> Whether to enable or disable FIPS mode. By default, FIPS mode is not enabled. If FIPS mode is enabled, the {op-system-first} machines that {product-title} runs on bypass the default Kubernetes cryptography suite and use the cryptography modules that are provided with {op-system} instead. @@ -162,8 +179,8 @@ ifdef::openshift-origin[] <7> You can optionally provide the `sshKey` value that you use to access the machines in your cluster. endif::openshift-origin[] -endif::vpc[] -ifndef::vpc[] +endif::vpc,restricted[] +ifndef::vpc,restricted[] ifndef::openshift-origin[] <6> Whether to enable or disable FIPS mode. By default, FIPS mode is not enabled. If FIPS mode is enabled, the {op-system-first} machines that {product-title} runs on bypass the default Kubernetes cryptography suite and use the cryptography modules that are provided with {op-system} instead. <7> You can optionally provide the `sshKey` value that you use to access the @@ -173,7 +190,7 @@ ifndef::openshift-origin[] <6> You can optionally provide the `sshKey` value that you use to access the machines in your cluster. endif::openshift-origin[] -endif::vpc[] +endif::vpc,restricted[] + [NOTE] ==== @@ -187,6 +204,14 @@ ifdef::openshift-origin[] <8> How to publish the user-facing endpoints of your cluster. Set `publish` to `Internal` to deploy a private cluster, which cannot be accessed from the Internet. The default value is `External`. endif::openshift-origin[] endif::private[] +ifdef::restricted[] +<9> For ``, specify the registry domain name, and optionally the +port, that your mirror registry uses to serve content. For example +`registry.example.com` or `registry.example.com:5000`. For ``, +specify the base64-encoded user name and password for your mirror registry. +<10> Provide the contents of the certificate file that you used for your mirror registry. +<11> Provide the `imageContentSources` section from the output of the command to mirror the repository. +endif::restricted[] ifeval::["{context}" == "installing-aws-network-customizations"] :!with-networking: @@ -201,3 +226,6 @@ ifeval::["{context}" == "installing-aws-private"] :!vpc: :!private: endif::[] +ifeval::["{context}" == "installing-restricted-networks-aws-installer-provisioned"] +:!restricted: +endif::[] diff --git a/modules/installation-configuration-parameters.adoc b/modules/installation-configuration-parameters.adoc index bc1687afe18d..e63ff207a9d1 100644 --- a/modules/installation-configuration-parameters.adoc +++ b/modules/installation-configuration-parameters.adoc @@ -4,6 +4,7 @@ // * installing/installing_aws/installing-aws-network-customizations.adoc // * installing/installing_aws/installing-aws-private.adoc // * installing/installing_aws/installing-aws-vpc.adoc +// * installing/installing_aws/installing-restricted-networks-aws-installer-provisioned.adoc // * installing/installing_azure/installing-azure-customizations.adoc // * installing/installing_azure/installing-azure-network-customizations.adoc // * installing/installing_azure/installing-azure-private.adoc @@ -33,6 +34,9 @@ endif::[] ifeval::["{context}" == "installing-aws-vpc"] :aws: endif::[] +ifeval::["{context}" == "installing-restricted-networks-aws-installer-provisioned"] +:aws: +endif::[] ifeval::["{context}" == "installing-azure-customizations"] :azure: endif::[] @@ -710,6 +714,9 @@ endif::[] ifeval::["{context}" == "installing-aws-vpc"] :!aws: endif::[] +ifeval::["{context}" == "installing-restricted-networks-aws-installer-provisioned"] +:!aws: +endif::[] ifeval::["{context}" == "installing-azure-customizations"] :!azure: endif::[] diff --git a/modules/installation-configure-proxy.adoc b/modules/installation-configure-proxy.adoc index 5405ea71ca70..678b03fc17a3 100644 --- a/modules/installation-configure-proxy.adoc +++ b/modules/installation-configure-proxy.adoc @@ -1,6 +1,7 @@ // Module included in the following assemblies: // // * installing/installing_aws/installing-aws-user-infra.adoc +// * installing/installing_aws/installing-restricted-networks-aws-installer-provisioned.adoc // * installing/installing_azure/installing-azure-private.adoc // * installing/installing_azure/installing-azure-user-infra.adoc // * installing/installing_gcp/installing-gcp-user-infra.adoc diff --git a/modules/installation-custom-aws-vpc.adoc b/modules/installation-custom-aws-vpc.adoc index 950ac4652f77..d63fb570398e 100644 --- a/modules/installation-custom-aws-vpc.adoc +++ b/modules/installation-custom-aws-vpc.adoc @@ -31,7 +31,9 @@ Your VPC must meet the following characteristics: * The VPC must not use the `kubernetes.io/cluster/.*: owned` tag. * You must enable the `enableDnsSupport` and `enableDnsHostnames` attributes in your VPC so that the cluster can use the Route 53 zones that are attached to the VPC to resolve cluster’s internal DNS records. See link:https://docs.aws.amazon.com/vpc/latest/userguide/vpc-dns.html#vpc-dns-support[DNS Support in Your VPC] in the AWS documentation. -If you use a cluster with public access, you must create a public and a private subnet for each availability zone that your cluster uses. The installation program modifies your subnets to add the `kubernetes.io/cluster/.*: shared` tag, so your subnets must have at least one free tag slot available for it. Review the current link:https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html#tag-restrictions[Tag Restrictions] in the AWS documentation to ensure that the installation program can add a tag to each subnet that you specify. +If you use a cluster with public access, you must create a public and a private subnet for each availability zone that your cluster uses. + +The installation program modifies your subnets to add the `kubernetes.io/cluster/.*: shared` tag, so your subnets must have at least one free tag slot available for it. Review the current link:https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html#tag-restrictions[Tag Restrictions] in the AWS documentation to ensure that the installation program can add a tag to each subnet that you specify. If you are working in a disconnected environment, you are unable to reach the public IP addresses for EC2 and ELB endpoints. To resolve this, you must create diff --git a/modules/installation-initializing.adoc b/modules/installation-initializing.adoc index 46bface5b63a..9b0688677bb7 100644 --- a/modules/installation-initializing.adoc +++ b/modules/installation-initializing.adoc @@ -4,6 +4,7 @@ // * installing/installing_aws/installing-aws-network-customizations.adoc // * installing/installing_aws/installing-aws-private.adoc // * installing/installing_aws/installing-aws-vpc.adoc +// * installing/installing_aws/installing-restricted-networks-aws-installer-provisioned.adoc // * installing/installing_azure/installing-azure-customizations.adoc // * installing/installing_azure/installing-azure-network-customizations // * installing/installing_azure/installing-azure-private.adoc @@ -37,6 +38,10 @@ endif::[] ifeval::["{context}" == "installing-aws-vpc"] :aws: endif::[] +ifeval::["{context}" == "installing-restricted-networks-aws-installer-provisioned"] +:aws: +:restricted: +endif::[] ifeval::["{context}" == "installing-azure-customizations"] :azure: endif::[] @@ -143,7 +148,9 @@ ifdef::restricted[] For a restricted network installation, these files are on your bastion host. * Have the `imageContentSources` values that were generated during mirror registry creation. * Obtain the contents of the certificate for your mirror registry. +ifndef::aws[] * Retrieve a {op-system-first} image and upload it to an accessible location. +endif::aws[] endif::restricted[] .Procedure @@ -391,7 +398,17 @@ additionalTrustBundle: | ---- + The value must be the contents of the certificate file that you used for your mirror registry, which can be an existing, trusted certificate authority or the self-signed certificate that you generated for the mirror registry. - +ifdef::aws+restricted[] +.. Define the subnets for the VPC to install the cluster in: ++ +[source,yaml] +---- +subnets: +- subnet-1 +- subnet-2 +- subnet-3 +---- +endif::aws+restricted[] .. Add the image content resources, which look like this excerpt: + [source,yaml] @@ -431,6 +448,10 @@ endif::[] ifeval::["{context}" == "installing-aws-vpc"] :!aws: endif::[] +ifeval::["{context}" == "installing-restricted-networks-aws-installer-provisioned"] +:!aws: +:!restricted: +endif::[] ifeval::["{context}" == "installing-azure-customizations"] :!azure: endif::[] diff --git a/modules/installation-launching-installer.adoc b/modules/installation-launching-installer.adoc index ee413d0ed914..977d06774fc0 100644 --- a/modules/installation-launching-installer.adoc +++ b/modules/installation-launching-installer.adoc @@ -5,6 +5,7 @@ // * installing/installing_aws/installing-aws-network-customizations.adoc // * installing/installing_aws/installing-aws-private.adoc // * installing/installing_aws/installing-aws-vpc.adoc +// * installing/installing_aws/installing-restricted-networks-aws-installer-provisioned.adoc // * installing/installing_azure/installing-azure-customizations.adoc // * installing/installing_azure/installing-azure-default.adoc // * installing/installing_azure/installing-azure-private.adoc @@ -36,6 +37,10 @@ ifeval::["{context}" == "installing-aws-vpc"] :custom-config: :aws: endif::[] +ifeval::["{context}" == "installing-restricted-networks-aws-installer-provisioned"] +:custom-config: +:aws: +endif::[] ifeval::["{context}" == "installing-aws-default"] :no-config: :aws: @@ -373,6 +378,10 @@ ifeval::["{context}" == "installing-aws-vpc"] :!custom-config: :!aws: endif::[] +ifeval::["{context}" == "installing-restricted-networks-aws-installer-provisioned"] +:!custom-config: +:!aws: +endif::[] ifeval::["{context}" == "installing-aws-default"] :!no-config: :!aws: diff --git a/modules/ssh-agent-using.adoc b/modules/ssh-agent-using.adoc index 4872a9d6f88b..3f21b988a028 100644 --- a/modules/ssh-agent-using.adoc +++ b/modules/ssh-agent-using.adoc @@ -6,6 +6,7 @@ // * installing/installing_aws/installing-aws-network-customizations.adoc // * installing/installing_aws/installing-aws-private.adoc // * installing/installing_aws/installing-aws-vpc.adoc +// * installing/installing_aws/installing-restricted-networks-aws-installer-provisioned.adoc // * installing/installing_azure/installing-azure-customizations.adoc // * installing/installing_azure/installing-azure-default.adoc // * installing/installing_azure/installing-azure-private.adoc