CFE-371: Docs work for ALB Operator

Author: xenolinux

_topic_maps/_topic_map.yml

@@ -1015,6 +1015,18 @@ Topics:
     File: default-network-policy
   - Name: Configuring multitenant network policy
     File: multitenant-network-policy
+- Name: AWS Load Balancer Operator
+  Dir: aws_load_balancer_operator
+  Distros: openshift-enterprise,openshift-origin
+  Topics:
+  - Name: Installing the AWS Load Balancer Operator
+    File: install-aws-load-balancer-operator
+  - Name: Creating an instance of the AWS Load Balancer Controller
+    File: create-instance-aws-load-balancer-controller
+  - Name: Serving Multiple Ingresses through a single AWS Load Balancer
+    File: multiple-ingress-through-single-alb
+  - Name: Adding TLS termination on the AWS Load Balancer
+    File: add-tls-termination
 - Name: Multiple networks
   Dir: multiple_networks
   Distros: openshift-enterprise,openshift-origin

modules/adding-tls-termination.adoc

@@ -0,0 +1,64 @@
+// Module included in the following assemblies:
+//
+// * networking/aws_load_balancer_operator/add-tls-termination.adoc
+
+:_content-type: PROCEDURE
+[id="nw-adding-tls-termination_{context}"]
+= Adding TLS termination on the AWS Load Balancer
+
+You can route the traffic for the domain to pods of a service and add TLS termination on the AWS Load Balancer.
+
+.Prerequisites
+
+* You have an access to the OpenShift CLI (`oc`).
+
+.Procedure
+
+. Install the Operator and create an instance of the `aws-load-balancer-controller` resource:
++
+[source,yaml]
+----
+apiVersion: networking.k8s.io/v1
+kind: AWSLoadBalancerController
+group: networking.olm.openshift.io/v1alpha1 <1>
+metadata:
+  name: cluster <2>
+spec:
+  subnetTagging: auto
+  ingressClass: tls-termination <3>
+----
+<1> Defines the API group of the `aws-load-balancer-controller` resource.
+<2> Defines the `aws-load-balancer-controller` instance.
+<3> Defines the name of an `ingressClass` resource reconciled by the AWS Load Balancer Controller. This `ingressClass` resource gets created if it is not present. You can add additional `ingressClass` values. The controller reconciles the `ingressClass` values if the `spec.controller` is set to `ingress.k8s.aws/alb`.
+
+. Create an `Ingress` resource:
++
+[source,yaml]
+----
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: <example> <1>
+  annotations:
+    alb.ingress.kubernetes.io/scheme: internet-facing <2>
+    alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-west-2:xxxxx <3>
+spec:
+  ingressClassName: tls-termination <4>
+  rules:
+  - host: <example.com> <5>
+    http:
+        paths:
+          - path: /
+            pathType: Exact
+            backend:
+              service:
+                name: <example-service> <6>
+                port:
+                  number: 80
+----
+<1> Specifies the name of an ingress.
+<2> The controller provisions the load balancer for this `Ingress` resource in a public subnet so that the load balancer is reachable over the internet.
+<3> The Amazon Resource Name of the certificate that you attach to the load balancer.
+<4> Defines the ingress class name.
+<5> Defines the domain for traffic routing.
+<6> Defines the service for traffic routing.

modules/creating-instance-aws-load-balancer-controller.adoc

@@ -0,0 +1,150 @@
+// Module included in the following assemblies:
+//
+// * networking/aws_load_balancer_operator/create-instance-aws-load-balancer-controller.adoc
+
+:_content-type: PROCEDURE
+[id="nw-creating-instance-aws-load-balancer-controller_{context}"]
+= Creating an instance of the AWS Load Balancer Controller using AWS Load Balancer Operator
+
+You can install only a single instance of the `aws-load-balancer-controller` in a cluster. You can create the AWS Load Balancer Controller by using CLI. The AWS Load Balancer(ALB) Operator reconciles only the resource with the name `cluster`.
+
+.Prerequisites
+
+* You have created the `echoserver` namespace.
+* You have access to the OpenShift CLI (`oc`).
+
+.Procedure
+
+. Create an `aws-load-balancer-controller` resource YAML file, for example, `sample-aws-lb.yaml`, as follows:
++
+[source,yaml]
+----
+apiVersion: networking.olm.openshift.io/v1alpha1
+kind: AWSLoadBalancerController <1>
+metadata:
+  name: cluster <2>
+spec:
+  subnetTagging: Auto <3>
+  additionalResourceTags: <4>
+    example.org/cost-center: 5113232
+    example.org/security-scope: staging
+  ingressClass: cloud <5>
+  config:
+    replicas: 2 <6>
+  enabledAddons: <7>
+    - AWSWAFv2 <8>
+----
+<1> Defines the `aws-load-balancer-controller` resource.
+<2> Defines the AWS Load Balancer Controller instance name. This instance name gets added as a suffix to all related resources.
+<3> Valid options are `Auto` and `Manual`. When the value is set to `Auto`, the Operator attempts to determine the subnets that belong to the cluster and tags them appropriately. The Operator cannot determine the role correctly if the internal subnet tags are not present on internal subnet. If you installed your cluster on user-provided infrastructure, you can manually tag the subnets with the appropriate role tags and set the subnet tagging policy to `Manual`.
+<4> Defines the tags used by the controller when it provisions AWS resources.
+<5> The default value for this field is `alb`. The Operator provisions an `IngressClass` resource with the same name if it does not exist.
+<6> Specifies the number of replicas of the controller.
+<7> Specifies add-ons for AWS load balancers, which get specified through annotations.
+<8> Enables the `alb.ingress.kubernetes.io/wafv2-acl-arn` annotation.
+
+. Create a `aws-load-balancer-controller` resource by running the following command:
++
+[source,terminal]
+----
+$ oc create -f sample-aws-lb.yaml
+----
+
+. After the AWS Load Balancer Controller is running, create a `deployment` resource:
++
+[source,yaml]
+----
+apiVersion: apps/v1
+kind: Deployment <1>
+metadata:
+  name: <echoserver> <2>
+  namespace: echoserver
+spec:
+  selector:
+    matchLabels:
+      app: echoserver
+  replicas: 3 <3>
+  template:
+    metadata:
+      labels:
+        app: echoserver
+    spec:
+      containers:
+        - image: openshift/origin-node
+          args:
+            - TCP4-LISTEN:8080,reuseaddr,fork
+            - EXEC:'/bin/bash -c \"printf \\\"HTTP/1.0 200 OK\r\n\r\n\\\"; sed -e \\\"/^\r/q\\\"\"'
+          imagePullPolicy: Always
+          name: echoserver
+          ports:
+            - containerPort: 8080
+----
+<1> Defines the deployment resource.
+<2> Specifies the deployment name.
+<3> Specifies the number of replicas of the deployment.
+
+. Create a `service` resource:
++
+[source,yaml]
+----
+apiVersion: v1
+kind: Service <1>
+metadata:
+  name: <echoserver> <2>
+  namespace: echoserver
+spec:
+  ports:
+    - port: 80
+      targetPort: 8080
+      protocol: TCP
+  type: NodePort
+  selector:
+    app: echoserver
+----
+<1> Defines the service resource.
+<2> Specifies the name of the service.
+
+. Deploy an ALB-backed `Ingress` resource:
++
+[source,yaml]
+----
+apiVersion: networking.k8s.io/v1
+kind: Ingress <1>
+metadata:
+  name: <echoserver> <2>
+  namespace: echoserver
+  annotations:
+    alb.ingress.kubernetes.io/scheme: internet-facing
+    alb.ingress.kubernetes.io/target-type: instance
+spec:
+  ingressClassName: alb
+  rules:
+    - http:
+        paths:
+          - path: /
+            pathType: Exact
+            backend:
+              service:
+                name: <echoserver> <3>
+                port:
+                  number: 80
+----
+<1> Defines the ingress resource.
+<2> Specifies the name of the ingress resource.
+<3> Specifies the name of the service resource.
+
+.Verification
+
+* Verify the status of the `Ingress` resource to show the host of the provisioned AWS Load Balancer (ALB) by running the following command:
++
+[source,terminal]
+----
+$ HOST=$(kubectl get ingress -n echoserver echoserver -o json | jq -r '.status.loadBalancer.ingress[0].hostname')
+----
+
+* Verify the status of the provisioned AWS Load Balancer (ALB) host by running the following command:
++
+[source,terminal]
+----
+$ curl $HOST
+----

modules/creating-multiple-ingress-through-single-alb.adoc

@@ -0,0 +1,143 @@
+// Module included in the following assemblies:
+//
+// * networking/aws_load_balancer_operator/multiple-ingress-through-single-alb.adoc
+
+:_content-type: PROCEDURE
+[id="nw-creating-multiple-ingress-through-single-alb_{context}"]
+= Creating multiple ingresses through a single AWS Load Balancer
+
+You can route the traffic to multiple Ingresses through a single AWS Load Balancer (ALB) by using the CLI.
+
+.Prerequisites
+
+* You have an access to the OpenShift CLI (`oc`).
+
+.Procedure
+
+. Create an `IngressClassParams` resource YAML file, for example, `sample-single-lb-params.yaml`, as follows:
++
+[source,yaml]
+----
+apiVersion: elbv2.k8s.aws/v1beta1 <1>
+kind: IngressClassParams
+metadata:
+  name: <single-lb-params> <2>
+spec:
+  group:
+    name: single-lb <3>
+----
+<1> Defines the API group and version of the `IngressClassParams` resource.
+<2> Specifies the name of the `IngressClassParams` resource.
+<3> Specifies the name of the `IngressGroup`. All Ingresses of this class belong to this `IngressGroup`.
+
+. Create an `IngressClassParams` resource by running the following command:
++
+[source,terminal]
+----
+$ oc create -f sample-single-lb-params.yaml
+----
+
+. Create an `IngressClass` resource YAML file, for example, `sample-single-lb.yaml`, as follows:
++
+[source,yaml]
+----
+apiVersion: networking.k8s.io/v1 <1>
+kind: IngressClass
+metadata:
+  name: <single-lb> <2>
+spec:
+  controller: ingress.k8s.aws/alb <3>
+  parameters:
+    apiGroup: elbv2.k8s.aws <4>
+    kind: IngressClassParams <5>
+    name: single-lb <6>
+----
+<1> Defines the API group and the version of the `IngressClass` resource.
+<2> Specifies the name of the `IngressClass`.
+<3> Defines the controller name, common for all `IngressClasses`. The `aws-load-balancer-controller` reconciles the controller.
+<4> Defines the API group of the `IngressClassParams` resource.
+<5> Defines the resource type of the `IngressClassParams` resource.
+<6> Defines the name of the `IngressClassParams` resource.
+
+. Create an `IngressClass` resource by running the following command:
++
+[source,terminal]
+----
+$ oc create -f sample-single-lb.yaml
+----
+
+. Create an `Ingress` resource YAML file, for example, `sample-multiple-ingress.yaml`, as follows:
++
+[source,yaml]
+----
+apiVersion: networking.k8s.io/v1 <1>
+kind: Ingress
+metadata:
+  name: <example-1> <1>
+  annotations:
+    alb.ingress.kubernetes.io/scheme: internet-facing <2>
+    alb.ingress.kubernetes.io/group.order: "1" <3>
+spec:
+  ingressClass: alb <4>
+  rules:
+  - host: example.com <5>
+    http:
+        paths:
+        - path: /blog <6>
+          backend:
+            service:
+              name: <example-1> <7>
+              port:
+                number: 80 <8>
+kind: Ingress
+metadata:
+  name: <example-2>
+  annotations:
+    alb.ingress.kubernetes.io/scheme: internet-facing
+    alb.ingress.kubernetes.io/group.order: "2"
+spec:
+  ingressClass: alb
+  rules:
+  - host: example.com
+    http:
+        paths:
+        - path: /store
+          backend:
+            service:
+              name: <example-2>
+              port:
+                number: 80
+kind: Ingress
+  metadata:
+  name: <example-3>
+  annotations:
+    alb.ingress.kubernetes.io/scheme: internet-facing
+    alb.ingress.kubernetes.io/group.order: "3"
+spec:
+  ingressClass: alb
+  rules:
+  - host: example.com
+    http:
+        paths:
+        - path: /
+          backend:
+            service:
+              name: <example-3>
+              port:
+                number: 80
+----
+<1> Specifies the name of an ingress.
+<2> Indicates the load balancer to provision in the public subnet and makes it accessible over the internet.
+<3> Specifies the order in which the rules from the Ingresses are matched when the request is received at the load balancer.
+<4> Specifies the Ingress Class that belongs to this ingress.
+<5> Defines the name of a domain used for request routing.
+<6> Defines the path that must route to the service.
+<7> Defines the name of the service that serves the endpoint configured in the ingress.
+<8> Defines the port on the service that serves the endpoint.
+
+. Create the `Ingress` resources by running the following command:
++
+[source,terminal]
+----
+$ oc create -f sample-multiple-ingress.yaml
+----