-
Notifications
You must be signed in to change notification settings - Fork 1.8k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #64391 from bmcelvee/OSDOCS-7643
OSDOCS-7643: Privatelink endpoint creation
- Loading branch information
Showing
2 changed files
with
17 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,14 @@ | ||
| :_content-type: CONCEPT | ||
| [id="rosa-sre-access-privatelink-vpc.adoc_{context}"] | ||
| = SRE access through PrivateLink VPC endpoint service | ||
|
|
||
| PrivateLink VPC endpoint service is created as part of the ROSA cluster creation. | ||
|
|
||
| When you have a PrivateLink ROSA cluster, its Kubernetes API Server is exposed through a load balancer that can only be accessed from within the VPC by default. Red Hat site reliability engineering (SRE) can connect to this load balancer through a VPC Endpoint Service that has an associated VPC Endpoint in a Red Hat-owned AWS account. This endpoint service contains the name of the cluster, which is also in the ARN. | ||
|
|
||
| Under the *Allow principals* tab, a Red Hat-owned AWS account is listed. This specific user ensures that other entities cannot create VPC Endpoint connections to the PrivateLink cluster’s Kubernetes API Server. | ||
|
|
||
| When Red Hat SREs access the API, this fleet management plane can connect to the internal API through the VPC endpoint service. | ||
|
|
||
|
|
||
|
|
5 changes: 3 additions & 2 deletions
5
rosa_architecture/rosa_policy_service_definition/rosa-sre-access.adoc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,9 +1,10 @@ | ||
| //// | ||
| :_content-type: ASSEMBLY | ||
| include::_attributes/attributes-openshift-dedicated.adoc[] | ||
| :context: rosa-sre-access | ||
| [id="rosa-sre-access"] | ||
| = SRE and service account access | ||
|
|
||
| Red Hat site reliability engineering (SRE) access to ROSA clusters is outlined through identity and access management. | ||
|
|
||
| include::modules/rosa-policy-identity-access-management.adoc[leveloffset=+1] | ||
| //// | ||
| include::modules/rosa-sre-access-privatelink-vpc.adoc[leveloffset=+1] |