URL: https://docs.openshift.com/container-platform/4.5/installing/installing_gcp/installing-restricted-networks-gcp.html Describe the issue: Currently, user (I) will not be able to install a restricted-network cluster following the user-doc due to a few key pieces of information missing. Suggestions for improvement: #1 Add steps to include local registry information in install-config After step 2 of https://docs.openshift.com/container-platform/4.5/installing/installing_gcp/installing-restricted-networks-gcp.html#installation-initializing_installing-restricted-networks-gcp <Add> Reminder: Copy the information you get after creating local registry to install-config.yaml. Like this: baseDomain: <your domain> imageContentSources: - mirrors: - bastion.example.com:5000/ocp4/openshift4 source: quay.io/openshift-release-dev/ocp-release - mirrors: - bastion.example.com:5000/ocp4/openshift4 source: quay.io/openshift-release-dev/ocp-v4.0-art-dev compute: .... Add the disconnected registry node's certificate to the `install-config.yaml` file. The certificate should follow the `"additionalTrustBundle: |"` line and be properly indented, usually by two spaces. Like: publish: External additionalTrustBundle: | -----BEGIN CERTIFICATE----- <content of your registry's certificate> -----END CERTIFICATE----- pullSecret: ... Please note the spaces at beginning of each line. <End of edit> Additional information:
[1] already has: Record the entire imageContentSources section from the output of the previous command. The information about your mirrors is unique to your mirrored repository, and you must add the imageContentSources section to the install-config.yaml file during installation. You're just asking that for from-mirror installs the docs remind you about that when they get around to talking about the install-config.yaml? We have similar discussion of additionalTrustBundle in [2], but that seems to be only included in the metal flow at the moment. [1]: https://docs.openshift.com/container-platform/4.5/installing/install_config/installing-restricted-networks-preparations.html#installation-mirror-repository_installing-restricted-networks-preparations [2]: https://github.com/openshift/openshift-docs/blame/89dc8c29d4fd41a7deb2f348b176c6a2d21e78cc/modules/ipi-install-creating-a-disconnected-registry.adoc#L4
Thanks for reviewing my write up. #1 Yes, I am asking for a reminder to include the local registry output to be added to the page that contains the actual installation steps. #2 Thanks. The url is valuable. I took the line "Add the disconnected registry node's certificate to the `install-config.yaml` file. The certificate should follow the `"additionalTrustBundle: |"` line and be properly indented, usually by two spaces." from your url and put it in the body of the ticket. Thanks again.
PR's here: https://github.com/openshift/openshift-docs/pull/34976 Will you PTAL?
reviewed the pr Closing as verified.
This change is live, eg: https://docs.openshift.com/container-platform/4.7/installing/installing_vsphere/installing-restricted-networks-installer-provisioned-vsphere.html#installation-initializing_installing-restricted-networks-installer-provisioned-vsphere