[OSDOCS-4880]: [feature] ALB on OSD/ROSA #62273
Conversation
openshift-ci
bot
added
do-not-merge/work-in-progress
|
🤖 Updated build preview is available at: Build log: https://circleci.com/gh/ocpdocs-previewbot/openshift-docs/26401 |
openshift-merge-robot
added
the
needs-rebase
openshift-merge-robot
removed
the
needs-rebase
openshift-ci
bot
added
size/XL
mletalie
force-pushed
the
OSDOCS-4880
branch
2 times, most recently
from
499ac95 to
91b6911
Compare
openshift-ci
bot
added
size/M
|
Hello @bchandra-ocp, Thanks. |
openshift-ci
bot
added
size/L
mletalie
force-pushed
the
OSDOCS-4880
branch
2 times, most recently
from
1749959 to
8c9ef4f
Compare
Red-Hat supported Operator? |
|
Need review for partial docs as highlighted in the attached image and can be found in the preview link. Please add comments in the 'Files Changed' section of this PR: https://github.com/openshift/openshift-docs/pull/62273/files Preview link: https://62273--docspreview.netlify.app/openshift-rosa/latest/networking/aws-load-balancer **Right now I am trying to get feedback to whether the information provided is factually correct/the reader will be able to follow the steps to accomplish the goal. Formatting/style will be addressed ASAP. Please ignore the section immediately following "For more information on adding tags to AWS resources (including VPCs and subnets), see Tag your Amazon EC2 resources." That is just a placeholder for me at this point. **
|
|
|
||
| [NOTE] | ||
| ==== | ||
| When installing for use in an AWS Local Zone, the Local Zone is enabled for the account and the ALB Operator is available within the Local Zone/region. |
There was a problem hiding this comment.
It is not "the ALB Operator is available within the ...".
It is "the Application Load Balancer (ALB) is an available feature within the Local Zone"
There was a problem hiding this comment.
It is not "the ALB Operator is available within the ...". It is "the Application Load Balancer (ALB) is an available feature within the Local Zone"
Ack. Changed.
|
|
||
| .Procedure | ||
|
|
||
| . Specify the cluster infrastructure ID and the cluster OpenID Connect (OIDC) DNS using the following commands: |
There was a problem hiding this comment.
Specify is an odd word for this. Here, customer is identifying these properties. Perhaps, we use 'Identify'?
There was a problem hiding this comment.
Specify is an odd word for this. Here, customer is identifying these properties. Perhaps, we use 'Identify'?
Ack. Changed. (sidenote: I was using "Specify" based on an existing doc in our doc set, but I think "Identify" is better. Will see how it holds up going through review process).
|
Hello @bchandra-ocp, |
| ---- | ||
| <1> Replace <aws-load-balancer-operator-role-arn>' with the AWS IAM role created in step 2a. | ||
| + | ||
| . Create the Red Hat-supported AWS Load Balancer (ALB) Operator: |
There was a problem hiding this comment.
BTW, user can install ALBO via Console>OperatorHub as well. see https://docs.openshift.com/container-platform/4.13/networking/aws_load_balancer_operator/install-aws-load-balancer-operator.html
There was a problem hiding this comment.
@lihongan,
Hmmmm....okay, I may have been confused on that issue... I thought for STS clusters we could not use the install option in the Operator Hub? Maybe I misinterpreted. @bchandra-ocp, Can you confirm that we can (or cannot) use the OperatorHub in this case (to install the ALBO on an STS cluster)?
There was a problem hiding this comment.
Just the prerequisite is different for non-STS and STS cluster. Fon non-STS cluster user should follow the prerequisite in above page and create credentialrequest, then the secret will be provisioned automatically.
For STS cluster user need to prepare the secret manually, and it is already mentioned here before this step so user can continue the installation from OperoatorHub.
There was a problem hiding this comment.
Just the prerequisite is different for non-STS and STS cluster. Fon non-STS cluster user should follow the prerequisite in above page and create credentialrequest, then the secret will be provisioned automatically. For STS cluster user need to prepare the secret manually, and it is already mentioned here before this step so user can continue the installation from OperoatorHub.
I am still confused about how the OperatorHub can be used for installing the ALBO based on this prerequisite:
If a user has "An existing Red Hat OpenShift Service on AWS cluster with BYO-VPC installed in STS mode", can they or can they not use the OperatorHub to install the ALBO. If they cannot, then should the OperatorHub be mentioned in this doc? I wouldn't think so. Please see this comment (which leads me to believe the OperatorHub does not apply to this doc). #62273 (comment).
| {product-title} (ROSA) | ||
| endif::openshift-rosa[] | ||
| cluster with bring-your-own-VPC (BYO-VPC) configuration across multiple availability zones (AZ) installed in STS mode. | ||
| * You have access to the cluster as a user with the `dedicated-admin` role. |
There was a problem hiding this comment.
Should there be a non-ROSA step to have cluster-admin access?
There was a problem hiding this comment.
I was told by SRE that we should not include cluster-admin access in the doc.
| ifdef::openshift-rosa[] | ||
| ROSA | ||
| endif::openshift-rosa[] | ||
| cluster as a user with the `dedicated-admin` role and create a new project using the following command: |
There was a problem hiding this comment.
Non-ROSA step to use cluster-admin access?
There was a problem hiding this comment.
Ah...I see why you are asking this (I think). Originally, this feature was for ROSA and OSD....was told late in the game that it does not work for OSD...only for ROSA. IF that will change at some point, not sure.
| $ OPERATOR_ROLE_ARN=$(aws iam get-role --role-name albo-operator --output json | jq -r '.Role.Arn') | ||
| $ echo $OPERATOR_ROLE_ARN | ||
| ---- | ||
| For more information on creating AWS IAM roles, see link:https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create.html[Creating IAM roles]. |
There was a problem hiding this comment.
| For more information on creating AWS IAM roles, see link:https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create.html[Creating IAM roles]. | |
| + | |
| For more information on creating AWS IAM roles, see link:https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create.html[Creating IAM roles]. |
| $ curl -o albo-operator-permission-policy.json https://raw.githubusercontent.com/alebedev87/aws-load-balancer-operator/aws-cli-commands-for-sts/hack/operator-permission-policy.json | ||
| aws iam put-role-policy --role-name albo-operator --policy-name perms-policy-albo-operator --policy-document file://albo-operator-permission-policy.json | ||
| ---- | ||
| For more information on adding AWS IAM permissions to AWS IAM roles, see link:https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_manage-attach-detach.html[Adding and removing IAM identity permissions]. |
There was a problem hiding this comment.
| For more information on adding AWS IAM permissions to AWS IAM roles, see link:https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_manage-attach-detach.html[Adding and removing IAM identity permissions]. | |
| + | |
| For more information on adding AWS IAM permissions to AWS IAM roles, see link:https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_manage-attach-detach.html[Adding and removing IAM identity permissions]. |
| EOF | ||
| ---- | ||
| + | ||
|
|
| ---- | ||
| + | ||
|
|
||
| For more information regarding formatting credentials files, see link:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.13/html/authentication_and_authorization/managing-cloud-provider-credentials#cco-mode-sts[Using manual mode with Amazon Web Services Security Token Service]. |
There was a problem hiding this comment.
| For more information regarding formatting credentials files, see link:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.13/html/authentication_and_authorization/managing-cloud-provider-credentials#cco-mode-sts[Using manual mode with Amazon Web Services Security Token Service]. | |
| For more information about formatting credentials files, see link:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.13/html/authentication_and_authorization/managing-cloud-provider-credentials#cco-mode-sts[Using manual mode with Amazon Web Services Security Token Service]. |
| For more information regarding formatting credentials files, see link:https://access.redhat.com/documentation/en-us/openshift_container_platform/4.13/html/authentication_and_authorization/managing-cloud-provider-credentials#cco-mode-sts[Using manual mode with Amazon Web Services Security Token Service]. | ||
|
|
||
|
|
||
| .. Create the operator's credentials secret with the generated AWS credentials: |
There was a problem hiding this comment.
| .. Create the operator's credentials secret with the generated AWS credentials: | |
| + | |
| .. Create the operator's credentials secret with the generated AWS credentials: |
|
|
||
|
|
| ---- | ||
| $ oc -n aws-load-balancer-operator create secret generic aws-load-balancer-controller-cluster --from-file=credentials=albo-controller-aws-credentials.cfg | ||
| ---- | ||
| + |
mburke5678
removed
merge-review-in-progress
mletalie
force-pushed
the
OSDOCS-4880
branch
2 times, most recently
from
dcdba60 to
7b7c7d1
Compare
openshift-ci
bot
added
the
merge-review-needed
modified: modules/aws-load-balancer-operator-install.adoc
mletalie
force-pushed
the
OSDOCS-4880
branch
from
0c6beec to
aa745af
Compare
jldohmann
added
merge-review-in-progress
|
/cherrypick enterprise-4.14 |
|
/cherrypick enterprise-4.13 |
jldohmann
removed
merge-review-in-progress
|
@jldohmann: new pull request created: #65534 In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
@jldohmann: new pull request created: #65535 In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
https://github.com/openshift/openshift-docs/blob/main/contributing_to_docs/create_or_edit_content.adoc#submit-PR --->
Version(s):
4.13+
Issue:
https://issues.redhat.com/browse/OSDOCS-4880
Link to docs preview:
https://62273--docspreview.netlify.app/openshift-rosa/latest/networking/aws-load-balancer-operator
QE review:
Additional information: