diff --git a/_topic_maps/_topic_map.yml b/_topic_maps/_topic_map.yml index 2f9b133f3bf1..1add12e58fe6 100644 --- a/_topic_maps/_topic_map.yml +++ b/_topic_maps/_topic_map.yml @@ -45,11 +45,13 @@ Topics: File: rhcl-release-notes --- Name: Installing Connectivity Link -Dir: install-guide +Dir: install-rhcl Distros: rhcl Topics: - Name: Installing Connectivity Link File: install-guide +- Name: Installing Connectivity Link in a disconnected environment + File: rhcl-install-disconnected --- Name: Installing the MCP gateway Dir: mcp_gateway_install diff --git a/install-guide/_attributes b/install-rhcl/_attributes similarity index 100% rename from install-guide/_attributes rename to install-rhcl/_attributes diff --git a/install-guide/images b/install-rhcl/images similarity index 100% rename from install-guide/images rename to install-rhcl/images diff --git a/install-guide/install-guide.adoc b/install-rhcl/install-guide.adoc similarity index 100% rename from install-guide/install-guide.adoc rename to install-rhcl/install-guide.adoc diff --git a/install-guide/modules b/install-rhcl/modules similarity index 100% rename from install-guide/modules rename to install-rhcl/modules diff --git a/install-rhcl/rhcl-install-disconnected.adoc b/install-rhcl/rhcl-install-disconnected.adoc new file mode 100644 index 000000000000..46e1872cf6b0 --- /dev/null +++ b/install-rhcl/rhcl-install-disconnected.adoc @@ -0,0 +1,32 @@ +:_mod-docs-content-type: ASSEMBLY +include::_attributes/attributes.adoc[] +[id="rhcl-install-disconnected"] += Installing {prodname} in a disconnected environment +:context: rhcl-install-disconnected + +toc::[] + +[role="_abstract"] +You can install {prodname} on an {ocp} cluster in a disconnected environment by mirroring the required operator catalog and installing the {prodname} operator from your local mirror registry. + +.Prerequisites + +* A disconnected {ocp} cluster version 4.14 or later +* Access to the cluster as a user with the `cluster-admin` role +* Configured mirror registry accessible from the cluster +* For general Operator Lifecycle Manager configuration in disconnected environments, see link:https://docs.redhat.com/en/documentation/openshift_container_platform/4.21/html/operators/administrator-tasks#olm-restricted-networks[Using Operator Lifecycle Manager in disconnected environments] + +include::modules/con-rhcl-install-disconnected.adoc[leveloffset=+1] + +include::modules/proc-rhcl-disconnected-mirror-catalog.adoc[leveloffset=+1] + +include::modules/proc-rhcl-disconnected-install-operators.adoc[leveloffset=+1] + +include::modules/proc-rhcl-disconnected-create-kuadrant.adoc[leveloffset=+1] + +[role="_additional-resources"] +== Additional resources + +* link:https://docs.redhat.com/en/documentation/openshift_container_platform/4.21/html/operators/administrator-tasks#olm-restricted-networks[Using Operator Lifecycle Manager in disconnected environments] +* link:https://docs.redhat.com/en/documentation/openshift_container_platform/4.21/html/disconnected_environments/installing-mirroring-installation-images[Mirroring images for a disconnected installation] +* link:https://docs.redhat.com[Red Hat Connectivity Link documentation] diff --git a/install-guide/snippets b/install-rhcl/snippets similarity index 100% rename from install-guide/snippets rename to install-rhcl/snippets diff --git a/modules/con-rhcl-install-disconnected.adoc b/modules/con-rhcl-install-disconnected.adoc new file mode 100644 index 000000000000..507fa673f48f --- /dev/null +++ b/modules/con-rhcl-install-disconnected.adoc @@ -0,0 +1,25 @@ +// Module included in the following assemblies: +// +// *install-guide/disconnected-install.adoc + +:_mod-docs-content-type: CONCEPT +[id="con-rhcl-install-disconnected_{context}"] += About installing {prodname} in disconnected environments + +[role="_abstract"] +{prodname} provides policy-driven traffic management for {ocp} clusters using Gateway API. In a disconnected environment, you must mirror the {prodname} operator catalog and its container images to your local registry before installation. + +The installation process involves the following steps: + +. Mirror the Red Hat operator catalog containing the {prodname} operator package to your local registry +. Configure the cluster to use the mirrored catalog +. Install the {prodname} operator using Operator Lifecycle Manager (OLM) +. Create a `Kuadrant` custom resource to deploy the {prodname} components + +The {prodname} operator automatically installs the following dependency operators: + +* Authorino Operator - Authentication and authorization +* Limitador Operator - Rate limiting +* DNS Operator - DNS management + +All required images are included when you mirror the `rhcl-operator` package from the Red Hat catalog. diff --git a/modules/proc-rhcl-disconnected-create-kuadrant.adoc b/modules/proc-rhcl-disconnected-create-kuadrant.adoc new file mode 100644 index 000000000000..7e845227ff0f --- /dev/null +++ b/modules/proc-rhcl-disconnected-create-kuadrant.adoc @@ -0,0 +1,73 @@ +// Module included in the following assemblies: +// +// *install-guide/disconnected-install.adoc + +:_mod-docs-content-type: PROCEDURE +[id="proc-rhcl-disconnected-create-kuadrant_{context}"] += Creating a Kuadrant custom resource + +[role="_abstract"] +After installing the {prodname} operator, create a `Kuadrant` custom resource to deploy the {prodname} components. + +.Prerequisites + +* You have installed the {prodname} operator +* The {prodname} operator is running in the `kuadrant-system` namespace + +.Procedure + +. Create a `Kuadrant` custom resource: ++ +[source,yaml] +---- +apiVersion: kuadrant.io/v1beta1 +kind: Kuadrant +metadata: + name: kuadrant + namespace: kuadrant-system +spec: {} +---- + +. Apply the `Kuadrant` custom resource: ++ +[source,terminal] +---- +$ oc apply -f kuadrant.yaml +---- + +.Verification + +. Verify the `Kuadrant` resource is ready: ++ +[source,terminal] +---- +$ oc get kuadrant kuadrant -n kuadrant-system +---- ++ +.Example output +[source,terminal] +---- +NAME STATUS AGE +kuadrant Ready 2m +---- + +. Verify all component operator pods are running: ++ +[source,terminal] +---- +$ oc get pods -n kuadrant-system +---- ++ +.Example output +[source,terminal] +---- +NAME READY STATUS RESTARTS AGE +authorino-operator-controller-manager- 2/2 Running 0 5m +dns-operator-controller-manager- 2/2 Running 0 5m +kuadrant-operator-controller-manager- 2/2 Running 0 7m +limitador-operator-controller-manager- 2/2 Running 0 5m +---- + +.Next steps + +* Configure Gateway API resources to use {prodname} policies. See link:https://docs.redhat.com[{prodname} documentation] for examples. diff --git a/modules/proc-rhcl-disconnected-install-operators.adoc b/modules/proc-rhcl-disconnected-install-operators.adoc new file mode 100644 index 000000000000..1726a09b8208 --- /dev/null +++ b/modules/proc-rhcl-disconnected-install-operators.adoc @@ -0,0 +1,110 @@ +// Module included in the following assemblies: +// +// *install-guide/disconnected-install.adoc + +:_mod-docs-content-type: PROCEDURE +[id="proc-rhcl-disconnected-install-operators_{context}"] += Installing the {prodname} operator + +[role="_abstract"] +After mirroring the catalog, you can install the {prodname} operator using Operator Lifecycle Manager (OLM). + +.Prerequisites + +* You have mirrored the {prodname} operator catalog to your local registry +* You have applied the catalog source to your cluster + +.Procedure + +. Create a namespace for {prodname}: ++ +[source,terminal] +---- +$ oc create namespace kuadrant-system +---- + +. Create an `OperatorGroup` for the {prodname} operator: ++ +[source,yaml] +---- +apiVersion: operators.coreos.com/v1 +kind: OperatorGroup +metadata: + name: kuadrant-operator-group + namespace: kuadrant-system +spec: {} +---- + +. Apply the `OperatorGroup`: ++ +[source,terminal] +---- +$ oc apply -f operatorgroup.yaml +---- + +. Create a `Subscription` for the {prodname} operator: ++ +[source,yaml] +---- +apiVersion: operators.coreos.com/v1alpha1 +kind: Subscription +metadata: + name: rhcl-operator + namespace: kuadrant-system +spec: + channel: stable <1> + name: rhcl-operator + source: <2> + sourceNamespace: openshift-marketplace +---- ++ +<1> Specify `stable` as the channel. +<2> Specify the name of the `CatalogSource` object created by `oc-mirror`. You can find the catalog source name by running `oc get catalogsource -n openshift-marketplace`. ++ +[NOTE] +==== +OLM automatically installs the Authorino, Limitador, and DNS operators based on the dependencies declared in the {prodname} operator bundle. +==== + +. Apply the `Subscription`: ++ +[source,terminal] +---- +$ oc apply -f subscription.yaml +---- + +.Verification + +. Verify the {prodname} operator installed successfully: ++ +[source,terminal] +---- +$ oc get csv -n kuadrant-system +---- ++ +.Example output +[source,terminal] +---- +NAME DISPLAY VERSION REPLACES PHASE +authorino-operator.vX.Y.Z Authorino Operator X.Y.Z Succeeded +dns-operator.vX.Y.Z DNS Operator X.Y.Z Succeeded +kuadrant-operator.vX.Y.Z Kuadrant Operator X.Y.Z Succeeded +limitador-operator.vX.Y.Z Limitador Operator X.Y.Z Succeeded +---- + +. Verify the operator pod is running: ++ +[source,terminal] +---- +$ oc get pods -n kuadrant-system +---- ++ +.Example output +[source,terminal] +---- +NAME READY STATUS RESTARTS AGE +authorino-operator-controller-manager- 2/2 Running 0 3m +dns-operator-controller-manager- 2/2 Running 0 3m +kuadrant-operator-controller-manager- 2/2 Running 0 5m +limitador-operator-controller-manager- 2/2 Running 0 3m +---- diff --git a/modules/proc-rhcl-disconnected-mirror-catalog.adoc b/modules/proc-rhcl-disconnected-mirror-catalog.adoc new file mode 100644 index 000000000000..58aeb7d00c00 --- /dev/null +++ b/modules/proc-rhcl-disconnected-mirror-catalog.adoc @@ -0,0 +1,112 @@ +// Module included in the following assemblies: +// +// *install-guide/disconnected-install.adoc + +:_mod-docs-content-type: PROCEDURE +[id="proc-rhcl-disconnected-mirror-catalog_{context}"] += Mirroring the {prodname} operator catalog + +[role="_abstract"] +You can mirror the Red Hat operator catalog containing the {prodname} operator to your disconnected environment using the `oc-mirror` plugin. + +.Prerequisites + +* You have installed the `oc-mirror` CLI plugin +* You have access to `registry.redhat.io` on an internet-connected workstation +* You have credentials for your mirror registry configured in `${HOME}/.docker/config.json` + +.Procedure + +. On your internet-connected workstation, create an `ImageSetConfiguration` file named `rhcl-imageset-config.yaml`: ++ +[source,yaml,subs="attributes+"] +---- +apiVersion: mirror.openshift.io/v2alpha1 +kind: ImageSetConfiguration +mirror: + operators: + - catalog: registry.redhat.io/redhat/redhat-operator-index:v{product-version} <1> + packages: + - name: rhcl-operator <2> + additionalImages: + - name: registry.redhat.io/rhcl-1/coredns-rhel9:vX.Y.Z <3> +---- ++ +<1> Specify the Red Hat operator catalog version matching your {ocp} cluster version. +<2> The {prodname} operator package. Dependency operators (Authorino, Limitador, DNS) are included automatically. +<3> Optional. The CoreDNS image if you plan to use the DNS Operator CoreDNS deployment feature. Replace `vX.Y.Z` with the version matching the {prodname} operator release. + +. Mirror the catalog to a local directory: ++ +[source,terminal] +---- +$ oc mirror --v2 --config rhcl-imageset-config.yaml file://./rhcl-mirror +---- ++ +This command downloads the catalog and operator images to the `rhcl-mirror` directory. + +. Transfer the `rhcl-mirror` directory to your disconnected environment using removable media. + +. On a host in the disconnected environment with access to your mirror registry, push the images to the registry: ++ +[source,terminal,subs="+quotes"] +---- +$ oc mirror --v2 --config rhcl-imageset-config.yaml \ + --from file://./rhcl-mirror \ + docker://__:__ +---- ++ +Replace `__` and `__` with your mirror registry details. + +. Apply the `ImageDigestMirrorSet` or `ImageTagMirrorSet` to configure the cluster to use the mirrored images: ++ +[source,terminal] +---- +$ oc apply -f results-*/cluster-resources/idms-oc-mirror.yaml +$ oc apply -f results-*/cluster-resources/itms-oc-mirror.yaml +---- + +. Wait for the `MachineConfigPool` to update: ++ +[source,terminal] +---- +$ oc wait mcp --all --for=condition=Updated --timeout=30m +---- ++ +.Example output +[source,text] +---- +machineconfigpool.machineconfiguration.openshift.io/master condition met +machineconfigpool.machineconfiguration.openshift.io/worker condition met +---- ++ +[NOTE] +==== +This step restarts the kubelet on all nodes to apply the new registry configuration. +==== + +. Apply the `CatalogSource` manifest: ++ +[source,terminal] +---- +$ oc apply -f results-*/cluster-resources/catalogSource-*.yaml +---- + +. Verify the catalog source is ready: ++ +[source,terminal] +---- +$ oc wait catalogsource -n openshift-marketplace \ + --all --for=condition=Ready --timeout=5m +---- ++ +.Example output +[source,text] +---- +catalogsource.operators.coreos.com/rhcl-operator-catalog- condition met +---- + +[role="_additional-resources"] +.Additional resources + +* link:https://docs.redhat.com/en/documentation/openshift_container_platform/4.21/html/disconnected_environments/about-installing-oc-mirror-v2#oc-mirror-workflows-fully-disconnected-v2_about-installing-oc-mirror-v2[Mirroring an image set in a fully disconnected environment] diff --git a/modules/ref-relnotes-new-features.adoc b/modules/ref-relnotes-new-features.adoc index 0a50ddf59093..4ad25f8a8421 100644 --- a/modules/ref-relnotes-new-features.adoc +++ b/modules/ref-relnotes-new-features.adoc @@ -9,6 +9,12 @@ [role="_abstract"] You can use the new features and enhancements that are available with {product-title} {version}. +Disconnected installation documentation added:: + +The {prodname} documentation now includes procedures for installing in a disconnected environment. You can apply cloud-like traffic management within your private, secure network. + +//For more information, see xref:../install-rhcl/rhcl-install-disconnected.adoc#rhcl-install-disconnected[Installing Connectivity Link in a disconnected environment] + MCP gateway: MCP prompt federation is now available:: {mcpg} adds support for federating MCP prompts through the `Gateway` object as a Generally Available feature. MCP prompt federation makes it much easier to supply your large language models (LLMs) with the exact context and steering instructions they need, no matter which server originally hosted the template.