OSDOCS-16862: CQA2.0 of CORE-3: Ingress Controllers and Load Balancin… #104156
Conversation
openshift-ci-robot
added
the
jira/valid-reference
|
@dfitzmau: This pull request references OSDOCS-16862 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.22.0" version, but no target version was set. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
openshift-ci
bot
added
the
size/L
|
🤖 Fri Dec 19 17:01:29 - Prow CI generated the docs preview: |
dfitzmau
force-pushed
the
OSDOCS-16862
branch
2 times, most recently
from
794762c to
e29a45e
Compare
|
@dfitzmau: This pull request references OSDOCS-16862 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.22.0" version, but no target version was set. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
@dfitzmau: This pull request references OSDOCS-16862 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.22.0" version, but no target version was set. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
dfitzmau
force-pushed
the
OSDOCS-16862
branch
11 times, most recently
from
ba9834e to
9f5031e
Compare
|
@dfitzmau: This pull request references OSDOCS-16862 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.22.0" version, but no target version was set. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
dfitzmau
force-pushed
the
OSDOCS-16862
branch
3 times, most recently
from
8ec4021 to
afdf9ff
Compare
openshift-ci
bot
added
size/XL
dfitzmau
force-pushed
the
OSDOCS-16862
branch
2 times, most recently
from
c3e68f0 to
81213dd
Compare
dfitzmau
force-pushed
the
OSDOCS-16862
branch
from
81213dd to
8f5c3a9
Compare
|
@dfitzmau: This pull request references OSDOCS-16862 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.22.0" version, but no target version was set. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
@dfitzmau: all tests passed! Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
dfitzmau
added
the
merge-review-needed
|
@dfitzmau: This pull request references OSDOCS-16862 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.22.0" version, but no target version was set. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
mburke5678
added
the
merge-review-in-progress
| .Prerequisites | ||
|
|
||
| * An existing AWS virtual private cloud (VPC). | ||
| * Pre-configured AWS subnets intended for use by the OpenShift cluster, with the following considerations: |
There was a problem hiding this comment.
| * Pre-configured AWS subnets intended for use by the OpenShift cluster, with the following considerations: | |
| * Pre-configured AWS subnets intended for use by the {product-title} cluster, with the following considerations: |
| `baseDomain`:: Your base domain. | ||
| `region`:: Your AWS region. | ||
| `vpc`:: The vpc object under `platform.aws` contains the subnets list. | ||
| `subnets`:: List of all subnet objects that OpenShift will use. Each object defines a subnet id and its roles. | ||
| `id`:: Replace with your AWS Subnet ID. | ||
| `type.IngressControllerLB`:: The `type: IngressControllerLB` role specifically designates this subnet for the default Ingress Controller's LoadBalancer. In private/internal cluster, the subnet with `IngressControllerLB` role must be private. | ||
| `type.ClusterNode`:: The `type: ClusterNode` role designates this subnet for control plane and compute nodes. These are typically private subnets. | ||
| `pullSecret`:: Your pull secret. | ||
| `sshKey`:: Your SSH key. |
There was a problem hiding this comment.
Doc guidelines: introduce the description list with "where:" and start each variable description with "Specifies."
| `baseDomain`:: Your base domain. | |
| `region`:: Your AWS region. | |
| `vpc`:: The vpc object under `platform.aws` contains the subnets list. | |
| `subnets`:: List of all subnet objects that OpenShift will use. Each object defines a subnet id and its roles. | |
| `id`:: Replace with your AWS Subnet ID. | |
| `type.IngressControllerLB`:: The `type: IngressControllerLB` role specifically designates this subnet for the default Ingress Controller's LoadBalancer. In private/internal cluster, the subnet with `IngressControllerLB` role must be private. | |
| `type.ClusterNode`:: The `type: ClusterNode` role designates this subnet for control plane and compute nodes. These are typically private subnets. | |
| `pullSecret`:: Your pull secret. | |
| `sshKey`:: Your SSH key. | |
| `baseDomain`:: Specifies your base domain. | |
| `region`:: Specifies your AWS region. | |
| `vpc`:: Specifies the vpc object under `platform.aws` contains the subnets list. | |
| `subnets`:: Specifies a list of all subnet objects that OpenShift will use. Each object defines a subnet id and its roles. | |
| `id`:: Specifies your AWS Subnet ID. | |
| `type.IngressControllerLB`:: Specifies this subnet for the default Ingress Controller's LoadBalancer. In private/internal cluster, the subnet with `IngressControllerLB` role must be private. | |
| `type.ClusterNode`:: Specifies the `type: ClusterNode` role designates this subnet for control plane and compute nodes. These are typically private subnets. | |
| `pullSecret`:: Specifies your pull secret. | |
| `sshKey`:: Specifies your SSH key. |
| where: | ||
| + | ||
| `<ingress_controller_name>`: Replace `<ingress_controller_name>` with a unique name for the Ingress Controller. | ||
| `<unique_ingress_domain>`:: Replace `<unique_ingress_domain>` with a domain name that is unique among all Ingress Controllers in the cluster. This variable must be a subdomain of the DNS name `<clustername>.<domain>`. | ||
| `scope`:: You can replace `External` with `Internal` to use an internal NLB. |
There was a problem hiding this comment.
| where: | |
| + | |
| `<ingress_controller_name>`: Replace `<ingress_controller_name>` with a unique name for the Ingress Controller. | |
| `<unique_ingress_domain>`:: Replace `<unique_ingress_domain>` with a domain name that is unique among all Ingress Controllers in the cluster. This variable must be a subdomain of the DNS name `<clustername>.<domain>`. | |
| `scope`:: You can replace `External` with `Internal` to use an internal NLB. | |
| where: | |
| + | |
| `<ingress_controller_name>`: Specifies a unique name for the Ingress Controller. | |
| `<unique_ingress_domain>`:: Specifies a domain name that is unique among all Ingress Controllers in the cluster. This variable must be a subdomain of the DNS name `<clustername>.<domain>`. | |
| `scope`:: Specifies the type of NLB, either `External` to use an external NLB or `Internal` to use an internal NLB. |
| $ touch <installation_directory>/manifests/cluster-ingress-default-ingresscontroller.yaml | ||
| ---- | ||
| <1> For `<installation_directory>`, specify the directory name that contains the | ||
| `<installation_directory>`:: For `<installation_directory>`, specify the directory name that contains the |
There was a problem hiding this comment.
| `<installation_directory>`:: For `<installation_directory>`, specify the directory name that contains the | |
| `<installation_directory>`:: Specifies the directory name that contains the |
| [role="_abstract"] | ||
| You can set parameters in the `Network.config.openshift.io` custom resource (CR) to govern the use of an external IP address in {product-title}. These parameters are listed as follows: |
There was a problem hiding this comment.
I'm not sure that this second, introductory, sentence belongs in the abstract. I fear it will get caught up in the DITA short description and get separated from the bullet list that the sentence introduces. (But that is a guess on my part. I started a Slack chat asking about it, but nothing so far.)
| where: | ||
| + | ||
| `<name>`:: Replace the `<name>` placeholder with a name for the Ingress Controller. | ||
| `<domain>`:: Replace the `<domain>` placeholder with the DNS name serviced by the Ingress Controller. | ||
| `scope`:: The scope must be set to the value `External` and be Internet-facing in order to allocate EIPs. | ||
| `subnets:: Specify the IDs and names for your subnets. The total number of IDs and names must be equal to your allocated EIPs. | ||
| `eipAllocations`:: Specify the EIP addresses. |
There was a problem hiding this comment.
| where: | |
| + | |
| `<name>`:: Replace the `<name>` placeholder with a name for the Ingress Controller. | |
| `<domain>`:: Replace the `<domain>` placeholder with the DNS name serviced by the Ingress Controller. | |
| `scope`:: The scope must be set to the value `External` and be Internet-facing in order to allocate EIPs. | |
| `subnets:: Specify the IDs and names for your subnets. The total number of IDs and names must be equal to your allocated EIPs. | |
| `eipAllocations`:: Specify the EIP addresses. | |
| where: | |
| + | |
| `<name>`:: Specifies a name for the Ingress Controller. | |
| `<domain>`:: Specifies the DNS name serviced by the Ingress Controller. | |
| `scope`:: Specifies a scope for the EIPs. The scope must be set to the value `External` and be Internet-facing in order to allocate EIPs. | |
| `subnets:: Specifies the IDs and names for your subnets. The total number of IDs and names must be equal to your allocated EIPs. | |
| `eipAllocations`:: Specifies the EIP addresses. |
| where: | ||
| + | ||
| `name`:: Replace `<name>` with a name for the `IngressController`. | ||
| `domain`:: Replace `<domain>` with the DNS name serviced by the `IngressController`. | ||
| `classicLoadBalancer`:: You can also use the `networkLoadBalancer` field if using an NLB. | ||
| `ids`:: You can optionally specify a subnet by name using the `names` field instead of specifying the subnet by ID. | ||
| `<subnet>`:: Specify subnet IDs (or names if you using `names`). |
There was a problem hiding this comment.
| where: | |
| + | |
| `name`:: Replace `<name>` with a name for the `IngressController`. | |
| `domain`:: Replace `<domain>` with the DNS name serviced by the `IngressController`. | |
| `classicLoadBalancer`:: You can also use the `networkLoadBalancer` field if using an NLB. | |
| `ids`:: You can optionally specify a subnet by name using the `names` field instead of specifying the subnet by ID. | |
| `<subnet>`:: Specify subnet IDs (or names if you using `names`). | |
| where: | |
| + | |
| `name`:: Specifies a name for the `IngressController`. | |
| `domain`:: Specifies the DNS name serviced by the `IngressController`. | |
| `classicLoadBalancer`:: Specifies the type of load balancer, either `classicLoadBalancer` if using a CLB or `networkLoadBalancer` field if using an NLB. | |
| `ids`:: Specifies a subnet by name using the `names` field instead of specifying the subnet by ID. This field is optional. | |
| `<subnet>`:: Specifies the subnet IDs (or names if you using `names`). |
| [role="_abstract"] | ||
| You can update an `IngressController` with manually specified load balancer subnets in {product-title} to avoid any disruptions, to maintain the stability of your services, and to ensure that your network configuration aligns with your specific requirements. The example in the procedure shows you how to select and apply new subnets, verify the configuration changes, and confirm successful load balancer provisioning. |
There was a problem hiding this comment.
Again, do we need to split out the The example in the procedure from the abstract??
| where: | ||
| + | ||
| `<name>`:: Replace `<name>` with a name for the `IngressController`. | ||
| `<domain>`:: Replace `<domain>` with the DNS name serviced by the `IngressController`. | ||
| `type`:: Specify updated subnet IDs (or names if you using `names`). | ||
| `classicLoadBalancer`:: You can also use the `networkLoadBalancer` field if using an NLB. | ||
| `ids`:: You can optionally specify a subnet by name using the `names` field instead of specifying the subnet by ID. | ||
| `<updated_subnet>`:: Update subnet IDs (or names if you are using `names`). |
There was a problem hiding this comment.
| where: | |
| + | |
| `<name>`:: Replace `<name>` with a name for the `IngressController`. | |
| `<domain>`:: Replace `<domain>` with the DNS name serviced by the `IngressController`. | |
| `type`:: Specify updated subnet IDs (or names if you using `names`). | |
| `classicLoadBalancer`:: You can also use the `networkLoadBalancer` field if using an NLB. | |
| `ids`:: You can optionally specify a subnet by name using the `names` field instead of specifying the subnet by ID. | |
| `<updated_subnet>`:: Update subnet IDs (or names if you are using `names`). | |
| where: | |
| + | |
| `<name>`:: Specifies a name for the `IngressController`. | |
| `<domain>`:: Specifies the DNS name serviced by the `IngressController`. | |
| `type`:: Specifies the updated subnet IDs (or names if you using `names`). | |
| `classicLoadBalancer`:: You can also use the `networkLoadBalancer` field if using an NLB. | |
| `ids`:: Specifies the subnet by name using the `names` field instead of specifying the subnet by ID. This parameter is optional. | |
| `<updated_subnet>`:: Specifies the updated subnet IDs (or names if you are using `names`). |
| where: | ||
| + | ||
| `type`:: Both the label key and its corresponding label value must match the ones specified in the Ingress Controller. In this example, the Ingress Controller has the label key and value `type: sharded`. | ||
| `subdomain`:: The route gets exposed by using the value of the `subdomain` field. When you specify the `subdomain` field, you must leave the hostname unset. If you specify both the `host` and `subdomain` fields, then the route uses the value of the `host` field, and ignore the `subdomain` field. |
There was a problem hiding this comment.
| where: | |
| + | |
| `type`:: Both the label key and its corresponding label value must match the ones specified in the Ingress Controller. In this example, the Ingress Controller has the label key and value `type: sharded`. | |
| `subdomain`:: The route gets exposed by using the value of the `subdomain` field. When you specify the `subdomain` field, you must leave the hostname unset. If you specify both the `host` and `subdomain` fields, then the route uses the value of the `host` field, and ignore the `subdomain` field. | |
| where: | |
| + | |
| `type`:: Specifies both the label key and its corresponding label value must match the ones specified in the Ingress Controller. In this example, the Ingress Controller has the label key and value `type: sharded`. | |
| `subdomain`:: Specifies the route gets exposed by using the value of the `subdomain` field. When you specify the `subdomain` field, you must leave the hostname unset. If you specify both the `host` and `subdomain` fields, then the route uses the value of the `host` field, and ignore the `subdomain` field. |
| where: | ||
| + | ||
| `host`:: The hostname the Ingress Controller, or router, uses to expose the route. The value of the `host` field is automatically determined by the Ingress Controller, and uses its domain. In this example, the domain of the Ingress Controller is `<apps-sharded.basedomain.example.net>`. | ||
| `<apps-sharded.basedomain.example.net>`:: The hostname of the Ingress Controller. If the hostname is not set, the route can use a subdomain instead. When you specify a subdomain, you automatically use the domain of the Ingress Controller that exposes the route. When a route is exposed by multiple Ingress Controllers, the route is hosted at multiple URLs. | ||
| `routerName`:: The name of the Ingress Controller. In this example, the Ingress Controller has the name `sharded`. |
There was a problem hiding this comment.
| where: | |
| + | |
| `host`:: The hostname the Ingress Controller, or router, uses to expose the route. The value of the `host` field is automatically determined by the Ingress Controller, and uses its domain. In this example, the domain of the Ingress Controller is `<apps-sharded.basedomain.example.net>`. | |
| `<apps-sharded.basedomain.example.net>`:: The hostname of the Ingress Controller. If the hostname is not set, the route can use a subdomain instead. When you specify a subdomain, you automatically use the domain of the Ingress Controller that exposes the route. When a route is exposed by multiple Ingress Controllers, the route is hosted at multiple URLs. | |
| `routerName`:: The name of the Ingress Controller. In this example, the Ingress Controller has the name `sharded`. | |
| where: | |
| + | |
| `host`:: Specifies the hostname that the Ingress Controller, or router, uses to expose the route. The value of the `host` field is automatically determined by the Ingress Controller, and uses its domain. In this example, the domain of the Ingress Controller is `<apps-sharded.basedomain.example.net>`. | |
| `<apps-sharded.basedomain.example.net>`:: Specifies the hostname of the Ingress Controller. If the hostname is not set, the route can use a subdomain instead. When you specify a subdomain, you automatically use the domain of the Ingress Controller that exposes the route. When a route is exposed by multiple Ingress Controllers, the route is hosted at multiple URLs. | |
| `routerName`:: Specifies the name of the Ingress Controller. In this example, the Ingress Controller has the name `sharded`. |
| ==== | ||
|
|
||
| .Procedure | ||
| THe procedure demonstrates patching the `Ingress` objects with a completed `ingressClassName` field to ensure proper routing and functionality. |
There was a problem hiding this comment.
| THe procedure demonstrates patching the `Ingress` objects with a completed `ingressClassName` field to ensure proper routing and functionality. | |
| The procedure demonstrates patching the `Ingress` objects with a completed `ingressClassName` field to ensure proper routing and functionality. |
|
|
||
| As a cluster administrator, you can select an IP address block that is external to the cluster that can send traffic to services in the cluster. | ||
| [role="_abstract"] | ||
| As a cluster administrator, you can select an IP address block that is external to the cluster that can send traffic to services in the cluster. This functionality is generally most useful for clusters installed on bare-metal hardware. |
There was a problem hiding this comment.
Nit for clarity:
| As a cluster administrator, you can select an IP address block that is external to the cluster that can send traffic to services in the cluster. This functionality is generally most useful for clusters installed on bare-metal hardware. | |
| As a cluster administrator, you can select an IP address block that is external to the cluster and can send traffic to services in the cluster. This functionality is generally most useful for clusters installed on bare-metal hardware. |
| ==== | ||
| Before you can configure an Ingress Controller NLB on a new AWS cluster, you must complete the xref:../../../installing/installing_aws/ipi/installing-aws-customizations.adoc#installation-initializing_installing-aws-customizations[Creating the installation configuration file] procedure. | ||
| ==== | ||
| [role="_additional-resources"] |
There was a problem hiding this comment.
Do we want to save this note? Seems important......
Before you can configure an Ingress Controller NLB on a new AWS cluster, you must complete the installation configuration file procedure. For more information, see "Creating the installation configuration file."
|
|
||
| .Prerequisites | ||
| When defining entries for control plane load balancers in the `subnets` list, ensure that you adhere to the following pattern: | ||
| + |
There was a problem hiding this comment.
Don't need the + here.
| + |
mburke5678
removed
merge-review-in-progress
4 participants
Version(s):
4.16+
Issue:
OSDOCS-16862
Link to docs preview:
Continue next PR from networking/ingress_load_balancing/configuring_ingress_cluster_traffic/configuring-ingress-cluster-traffic-load-balancer.adoc