Bug 1860721

Summary: [DOC] Update doc related to installing cluster in disconnected network
Product: OpenShift Container Platform Reporter: To Hung Sze <tsze>
Component: DocumentationAssignee: Kathryn Alexander <kalexand>
Status: CLOSED CURRENTRELEASE QA Contact: To Hung Sze <tsze>
Severity: high Docs Contact:
Priority: unspecified    
Version: 4.5CC: aos-bugs, kalexand, wking
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-09-08 20:37:57 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description To Hung Sze 2020-07-26 22:02:54 UTC 
URL: 
https://docs.openshift.com/container-platform/4.5/installing/installing_gcp/installing-restricted-networks-gcp.html

Describe the issue: 
Currently, user (I) will not be able to install a restricted-network cluster following the user-doc due to a few key pieces of information missing.

Suggestions for improvement: 
#1 Add steps to include local registry information in install-config

After step 2 of https://docs.openshift.com/container-platform/4.5/installing/installing_gcp/installing-restricted-networks-gcp.html#installation-initializing_installing-restricted-networks-gcp

<Add>
Reminder: Copy the information you get after creating local registry to install-config.yaml.
Like this:
baseDomain: <your domain>
imageContentSources:
- mirrors:
  - bastion.example.com:5000/ocp4/openshift4
  source: quay.io/openshift-release-dev/ocp-release
- mirrors:
  - bastion.example.com:5000/ocp4/openshift4
  source: quay.io/openshift-release-dev/ocp-v4.0-art-dev
compute:
....

Add the disconnected registry node's certificate to the `install-config.yaml` file. The certificate should follow the `"additionalTrustBundle: |"` line and be properly indented, usually by two spaces.
Like:
publish: External
additionalTrustBundle: |
  -----BEGIN CERTIFICATE-----
  <content of your registry's certificate>
  -----END CERTIFICATE-----
pullSecret:
...

Please note the spaces at beginning of each line.

<End of edit>

Additional information:
Comment 1 W. Trevor King 2020-07-28 18:06:11 UTC 
[1] already has:

  Record the entire imageContentSources section from the output of the previous command. The information about your mirrors is unique to your mirrored repository, and you must add the imageContentSources section to the install-config.yaml file during installation.

You're just asking that for from-mirror installs the docs remind you about that when they get around to talking about the install-config.yaml?

We have similar discussion of additionalTrustBundle in [2], but that seems to be only included in the metal flow at the moment.

[1]: https://docs.openshift.com/container-platform/4.5/installing/install_config/installing-restricted-networks-preparations.html#installation-mirror-repository_installing-restricted-networks-preparations
[2]: https://github.com/openshift/openshift-docs/blame/89dc8c29d4fd41a7deb2f348b176c6a2d21e78cc/modules/ipi-install-creating-a-disconnected-registry.adoc#L4
Comment 2 To Hung Sze 2020-07-28 19:11:36 UTC 
Thanks for reviewing my write up.

#1 Yes, I am asking for a reminder to include the local registry output to be added to the page that contains the actual installation steps.

#2 Thanks. The url is valuable.
I took the line "Add the disconnected registry node's certificate to the `install-config.yaml` file. The certificate should follow the `"additionalTrustBundle: |"` line and be properly indented, usually by two spaces." from your url and put it in the body of the ticket.

Thanks again.
Comment 3 Kathryn Alexander 2021-07-28 20:05:12 UTC 
PR's here: https://github.com/openshift/openshift-docs/pull/34976

Will you PTAL?
Comment 4 To Hung Sze 2021-08-19 16:05:14 UTC 
reviewed the pr

Closing as verified.
Comment 8 Kathryn Alexander 2022-09-08 20:37:57 UTC 
This change is live, eg: https://docs.openshift.com/container-platform/4.7/installing/installing_vsphere/installing-restricted-networks-installer-provisioned-vsphere.html#installation-initializing_installing-restricted-networks-installer-provisioned-vsphere