Merge pull request #49752 from Amrita42/CFE-520-526new

 ingress controller and dns mgt

Author: EricPonvelle

_topic_maps/_topic_map.yml

@@ -997,6 +997,9 @@ Topics:
 - Name: Understanding the Ingress Operator
   File: ingress-operator
   Distros: openshift-enterprise,openshift-origin
+- Name: Configuring the Ingress Controller for manual DNS management
+  File: ingress-controller-dnsmgt
+  Distros: openshift-enterprise,openshift-origin
 - Name: Configuring the Ingress Controller endpoint publishing strategy
   File: nw-ingress-controller-endpoint-publishing-strategies
   Distros: openshift-enterprise,openshift-origin

modules/creating-a-custom-ingress-controller.adoc

@@ -0,0 +1,48 @@
+// Module included in the following assemblies:
+//
+// *ingress-controller-dnsmgt.adoc
+
+:_content-type: PROCEDURE
+[id="creating-a-custom-ingress-controller_{context}"]
+= Creating a custom Ingress Controller with the `Unmanaged` DNS management policy
+
+As a cluster administrator, you can create a new custom Ingress Controller with the `Unmanaged` DNS management policy.
+
+.Prerequisites
+
+* Install the OpenShift CLI (`oc`).
+* Log in as a user with `cluster-admin` privileges.
+
+.Procedure
+
+. Create a custom resource (CR) file named `sample-ingress.yaml` containing the following:
+
++
+[source,yaml]
+----
+apiVersion: operator.openshift.io/v1
+kind: IngressController
+metadata:
+  namespace: openshift-ingress-operator
+  name: <name> <1>
+spec:
+  domain: <domain> <2>
+  endpointPublishingStrategy:
+    type: LoadBalancerService
+    loadBalancer:
+      scope: External <3>
+      dnsManagementPolicy: Unmanaged <4>
+----
+<1> Specify the `<name>` with a name for the `IngressController` object.
+<2> Specify the `domain` based on the DNS record that was created as a prerequisite.
+<3> Specify the `scope` as `External` to expose the load balancer externally.
+<4> `dnsManagementPolicy` indicates if the Ingress Controller is managing the lifecycle of the wildcard DNS record associated with the load balancer.
+The valid values are `Managed` and `Unmanaged`. The default value is `Managed`.
+
+
+. Save the file to apply the changes.
++
+[source,terminal]
+----
+oc apply -f <name>.yaml <1>
+----

modules/modifying-an-existing-ingress-controller.adoc

@@ -0,0 +1,28 @@
+// Module included in the following assemblies:
+//
+// *ingress-controller-dnsmgt.adoc
+
+:_content-type: PROCEDURE
+[id="modifying-an-existing-ingress-controller_{context}"]
+= Modifying an existing Ingress Controller
+
+As a cluster administrator, you can modify an existing Ingress Controller to manually manage the DNS record lifecycle.
+
+.Prerequisites
+
+* Install the OpenShift CLI (`oc`).
+* Log in as a user with `cluster-admin` privileges.
+
+.Procedure
+
+. Modify the chosen `IngressController` to set `dnsManagementPolicy`:
+
++
+[source,terminal]
+----
+SCOPE=$(oc -n openshift-ingress-operator get ingresscontroller <name> -o=jsonpath="{.status.endpointPublishingStrategy.loadBalancer.scope}")
+
+oc -n openshift-ingress-operator patch ingresscontrollers/<name> --type=merge --patch='{"spec":{"endpointPublishingStrategy":{"type":"LoadBalancerService","loadBalancer":{"dnsManagementPolicy":"Unmanaged", "scope":"${SCOPE}"}}}}'
+----
+
+. Optional: You can delete the associated DNS record in the cloud provider.

networking/ingress-controller-dnsmgt.adoc

@@ -0,0 +1,40 @@
+:_content-type: ASSEMBLY
+[id="ingress-controller-dnsmgt"]
+= Configuring an Ingress Controller for manual DNS Management
+include::_attributes/common-attributes.adoc[]
+:context: ingress-controller-dnsmgt
+
+toc::[]
+
+As a cluster administrator, when you create an Ingress Controller, the Operator manages the DNS records automatically. This has some limitations when the required DNS zone is different from the cluster DNS zone or when the DNS zone is hosted outside the cloud provider.
+
+As a cluster administrator, you can configure an Ingress Controller to stop automatic DNS management and start manual DNS management. Set `dnsManagementPolicy` to specify when it should be automatically or manually managed.
+
+When you change an Ingress Controller from `Managed` to `Unmanaged` DNS management policy, the Operator does not clean up the previous wildcard DNS record provisioned on the cloud.
+When you change an Ingress Controller from `Unmanaged` to `Managed` DNS management policy, the Operator attempts to create the DNS record on the cloud provider if it does not exist or updates the DNS record if it already exists.
+
+[IMPORTANT]
+====
+When you set `dnsManagementPolicy` to `unmanaged`, you have to manually manage the lifecycle of the wildcard DNS record on the cloud provider.
+====
+
+== `Managed` DNS management policy
+The `Managed` DNS management policy for Ingress Controllers ensures that the lifecycle of the wildcard DNS record on the cloud provider is automatically managed by the Operator.
+
+== `Unmanaged` DNS management policy
+The `Unmanaged` DNS management policy for Ingress Controllers ensures that the lifecycle of the wildcard DNS record on the cloud provider is not automatically managed, instead it becomes the responsibility of the cluster administrator.
+
+[NOTE]
+====
+On the AWS cloud platform, if the domain on the Ingress Controller does not match with `dnsConfig.Spec.BaseDomain` then the DNS management policy is automatically set to `Unmanaged`.
+====
+
+include::modules/creating-a-custom-ingress-controller.adoc[leveloffset=+1]
+
+include::modules/modifying-an-existing-ingress-controller.adoc[leveloffset=+1]
+
+
+[role="_additional-resources"]
+[id="configuring-ingress-controller-dns-management-additional-resources"]
+== Additional resources
+* xref:../networking/ingress-operator.adoc#nw-ingress-controller-configuration-parameters_configuring-ingress[Ingress Controller configuration parameters]