Bug 2096434

Summary: [DOCS] [disconnected] Need to configure OCP not to manage DNS on AWS UPI for disconnected installs
Product: OpenShift Container Platform Reporter: Rafael Fonseca <rdossant>
Component: DocumentationAssignee: Ben Scott <bscott>
Status: CLOSED NOTABUG QA Contact: Yunfei Jiang <yunjiang>
Severity: medium Docs Contact: Latha S <lmurthy>
Priority: medium    
Version: 4.11CC: mpytlak, yunjiang
Target Milestone: ---   
Target Release: 4.7.z   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-09-23 12:09:26 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Rafael Fonseca 2022-06-13 19:58:30 UTC 
Document URL: https://docs.openshift.com/container-platform/4.10/installing/installing_aws/installing-restricted-networks-aws.html#installation-requirements-user-infra_installing-restricted-networks-aws

Section Number and Name: "Installing a cluster on AWS in a restricted network with user-provisioned infrastructure"

Describe the issue: For disconnected clusters, OpenShift can be configured not to manage DNS, and the cluster administrator can configure DNS manually. Otherwise, the ingress operator will try to contact the STS endpoint "sts.amazon.com" directly as opposed to the configured VPC endpoint for the cluster. This could be an issue in cases when the cluster needs to be as air-gapped as possible.

Suggestions for improvement: https://github.com/openshift/installer/pull/5974/files

Additional information: