Merge pull request #55223 from GroceryBoyJr/alibaba-412z

OSDOCS-3969c Alibaba VPC Installation

Author: skrthomas

_topic_maps/_topic_map.yml

@@ -142,6 +142,8 @@ Topics:
       File: installing-alibaba-customizations
     - Name: Installing a cluster on Alibaba Cloud with network customizations
       File: installing-alibaba-network-customizations
+    - Name: Installing a cluster on Alibaba Cloud into a shared VPC
+      File: installing-alibaba-vpc
     - Name: Uninstalling a cluster on Alibaba Cloud
       File: uninstall-cluster-alibaba
 - Name: Installing on AWS

installing/installing_alibaba/installing-alibaba-vpc.adoc

@@ -0,0 +1,72 @@
+:_content-type: ASSEMBLY
+[id="installing-alibaba-vpc"]
+= Installing a cluster on Alibaba Cloud into an existing VPC
+include::_attributes/common-attributes.adoc[]
+:context: installing-alibaba-vpc
+
+toc::[]
+
+In {product-title} version {product-version}, you can install a cluster into an existing Alibaba Virtual Private Cloud (VPC) on Alibaba Cloud Services. The installation program provisions the required infrastructure, which can then be customized. To customize the VPC installation, modify the parameters in the 'install-config.yaml' file before you install the cluster.
+
+[NOTE]
+====
+The scope of the {product-title} installation configurations is intentionally narrow. It is designed for simplicity and ensured success. You can complete many more {product-title} configuration tasks after an installation completes.
+====
+
+:FeatureName: Alibaba Cloud on {product-title}
+include::snippets/technology-preview.adoc[]
+
+[id="prerequisites_installing-alibaba-vpc"]
+== Prerequisites
+
+* You reviewed details about the xref:../../architecture/architecture-installation.adoc#architecture-installation[{product-title} installation and update] processes.
+* You read the documentation on xref:../../installing/installing-preparing.adoc#installing-preparing[selecting a cluster installation method and preparing it for users].
+* You xref:../../installing/installing_alibaba/preparing-to-install-on-alibaba.adoc#installation-alibaba-dns_preparing-to-install-on-alibaba[registered your domain].
+* If you use a firewall, you xref:../../installing/install_config/configuring-firewall.adoc#configuring-firewall[configured it to allow the sites] that your cluster requires access to.
+* If the cloud Resource Access Management (RAM) APIs are not accessible in your environment, or if you do not want to store an administrator-level credential secret in the `kube-system` namespace, you can xref:../../installing/installing_alibaba/manually-creating-alibaba-ram.adoc#manually-creating-alibaba-ram[manually create and maintain Resource Access Management (RAM) credentials].
+
+include::modules/installation-custom-alibaba-vpc.adoc[leveloffset=+1]
+
+include::modules/cluster-entitlements.adoc[leveloffset=+1]
+
+include::modules/ssh-agent-using.adoc[leveloffset=+1]
+
+include::modules/installation-obtaining-installer.adoc[leveloffset=+1]
+
+include::modules/installation-initializing.adoc[leveloffset=+2]
+
+include::modules/installation-configuration-parameters.adoc[leveloffset=+2]
+
+include::modules/installation-alibaba-config-yaml.adoc[leveloffset=+2]
+
+include::modules/manually-creating-alibaba-manifests.adoc[leveloffset=+2]
+
+include::modules/cco-ccoctl-configuring.adoc[leveloffset=+2]
+
+include::modules/cco-ccoctl-creating-at-once.adoc[leveloffset=+2]
+
+include::modules/installation-launching-installer.adoc[leveloffset=+1]
+
+include::modules/cli-installing-cli.adoc[leveloffset=+1]
+
+include::modules/cli-logging-in-kubeadmin.adoc[leveloffset=+1]
+
+include::modules/logging-in-by-using-the-web-console.adoc[leveloffset=+1]
+
+include::modules/cluster-telemetry.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+
+* See xref:../../support/remote_health_monitoring/about-remote-health-monitoring.adoc#about-remote-health-monitoring[About remote health monitoring] for more information about the Telemetry service.
+* See xref:../../web_console/web-console.adoc#web-console[Accessing the web console] for more details about accessing and understanding the {product-title} web console
+
+[id="next-steps_installing-alibaba-vpc"]
+== Next steps
+
+* xref:../../installing/validating-an-installation.adoc#validating-an-installation[Validating an installation].
+* xref:../../post_installation_configuration/cluster-tasks.adoc#available_cluster_customizations[Customize your cluster].
+* If necessary, you can xref:../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#opting-out-remote-health-reporting_opting-out-remote-health-reporting[opt out of remote health reporting].
+//Given that manual mode is required to install on Alibaba Cloud, I do not believe this xref is necessary.
+//* If necessary, you can xref:../../authentication/managing_cloud_provider_credentials/cco-mode-mint.adoc#manually-removing-cloud-creds_cco-mode-mint[remove cloud provider credentials].
+

modules/cco-ccoctl-creating-at-once.adoc

@@ -4,6 +4,7 @@
 // * authentication/managing_cloud_provider_credentials/cco-mode-gcp-workload-identity.adoc
 // * installing/installing_alibaba/manually-creating-alibaba-ram.adoc
 // * installing/installing_alibaba/installing-alibaba-network-customizations.adoc
+// * installing/installing_alibaba/installing-alibaba-vpc.adoc
 
 ifeval::["{context}" == "cco-mode-sts"]
 :aws-sts:
@@ -17,6 +18,9 @@ endif::[]
 ifeval::["{context}" == "installing-alibaba-customizations"]
 :alibabacloud-customizations:
 endif::[]
+ifeval::["{context}" == "installing-alibaba-vpc"]
+:alibabacloud-vpc:
+endif::[]
 
 :_content-type: PROCEDURE
 [id="cco-ccoctl-creating-at-once_{context}"]
@@ -34,12 +38,12 @@ ifdef::google-cloud-platform[]
 
 You can use the `ccoctl gcp create-all` command to automate the creation of GCP resources.
 endif::google-cloud-platform[]
-ifdef::alibabacloud-default,alibabacloud-customizations[]
+ifdef::alibabacloud-default,alibabacloud-customizations,alibabacloud-vpc[]
 [id="cco-ccoctl-creating-at-once_{context}"]
 = Creating credentials for {product-title} components with the ccoctl tool
 
 You can use the {product-title} Cloud Credential Operator (CCO) utility to automate the creation of Alibaba Cloud RAM users and policies for each in-cluster component.
-endif::alibabacloud-default,alibabacloud-customizations[]
+endif::alibabacloud-default,alibabacloud-customizations,alibabacloud-vpc[]
 
 [NOTE]
 ====
@@ -51,14 +55,23 @@ By default, `ccoctl` creates objects in the directory in which the commands are
 You must have:
 
 * Extracted and prepared the `ccoctl` binary.
-ifdef::alibabacloud-default,alibabacloud-customizations[]
+ifdef::alibabacloud-default,alibabacloud-customizations,alibabacloud-vpc[]
 * Created a RAM user with sufficient permission to create the {product-title} cluster.
 * Added the AccessKeyID (`access_key_id`) and AccessKeySecret (`access_key_secret`) of that RAM user into the link:https://www.alibabacloud.com/help/en/doc-detail/311667.htm#h2-sls-mfm-3p3[`~/.alibabacloud/credentials` file] on your local computer.
-endif::alibabacloud-default,alibabacloud-customizations[]
+endif::alibabacloud-default,alibabacloud-customizations,alibabacloud-vpc[]
 
 .Procedure
 
-. Extract the list of `CredentialsRequest` objects from the {product-title} release image:
+ifdef::alibabacloud-default,alibabacloud-customizations,alibabacloud-vpc[]
+. Set the `$RELEASE_IMAGE` variable by running the following command:
++
+[source,terminal] 
+----
+$ RELEASE_IMAGE=$(./openshift-install version | awk '/release image/ {print $3}')
+----
+endif::alibabacloud-default,alibabacloud-customizations,alibabacloud-vpc[]
+
+. Extract the list of `CredentialsRequest` objects from the {product-title} release image by running the following command:
 +
 [source,terminal]
 ifdef::aws-sts[]
@@ -79,15 +92,15 @@ $ oc adm release extract \
 quay.io/<path_to>/ocp-release:<version>
 ----
 endif::google-cloud-platform[]
-ifdef::alibabacloud-default,alibabacloud-customizations[]
+ifdef::alibabacloud-default,alibabacloud-customizations,alibabacloud-vpc[]
 ----
 $ oc adm release extract \
 --credentials-requests \
 --cloud=alibabacloud \
 --to=<path_to_directory_with_list_of_credentials_requests>/credrequests \ <1>
-quay.io/<path_to>/ocp-release:<version>
+$RELEASE_IMAGE
 ----
-endif::alibabacloud-default,alibabacloud-customizations[]
+endif::alibabacloud-default,alibabacloud-customizations,alibabacloud-vpc[]
 +
 <1> `credrequests` is the directory where the list of `CredentialsRequest` objects is stored. This command creates the directory if it does not exist.
 +
@@ -142,7 +155,7 @@ ifdef::google-cloud-platform[]
 <6> The Network Operator CR is required.
 <7> The Storage Operator CR is an optional component and might be disabled in your cluster.
 endif::google-cloud-platform[]
-ifdef::alibabacloud-default,alibabacloud-customizations[]
+ifdef::alibabacloud-default,alibabacloud-customizations,alibabacloud-vpc[]
 . If your cluster uses cluster capabilities to disable one or more optional components, delete the `CredentialsRequest` custom resources for any disabled components.
 +
 .Example `credrequests` directory contents for {product-title} 4.12 on Alibaba Cloud
@@ -159,7 +172,7 @@ ifdef::alibabacloud-default,alibabacloud-customizations[]
 <2> The Image Registry Operator CR is required.
 <3> The Ingress Operator CR is required.
 <4> The Storage Operator CR is an optional component and might be disabled in your cluster.
-endif::alibabacloud-default,alibabacloud-customizations[]
+endif::alibabacloud-default,alibabacloud-customizations,alibabacloud-vpc[]
 
 ifdef::aws-sts,google-cloud-platform[]
 . Use the `ccoctl` tool to process all `CredentialsRequest` objects in the `credrequests` directory:
@@ -211,7 +224,7 @@ If your cluster uses Technology Preview features that are enabled by the `TechPr
 ====
 endif::google-cloud-platform[]
 
-ifdef::alibabacloud-default,alibabacloud-customizations[]
+ifdef::alibabacloud-default,alibabacloud-customizations,alibabacloud-vpc[]
 . Use the `ccoctl` tool to process all `CredentialsRequest` objects in the `credrequests` directory:
 
 .. Run the following command to use the tool:
@@ -287,8 +300,8 @@ $ cp ./<path_to_ccoctl_output_dir>/manifests/*credentials.yaml ./<path_to_instal
 where:
 
 `<path_to_ccoctl_output_dir>`:: Specifies the directory created by the `ccoctl alibabacloud create-ram-users` command.
-`<path_to_installation>dir>`:: Specifies the directory in which the installation program creates files.
-endif::alibabacloud-default,alibabacloud-customizations[]
+`<path_to_installation_dir>`:: Specifies the directory in which the installation program creates files.
+endif::alibabacloud-default,alibabacloud-customizations,alibabacloud-vpc[]
 
 ifdef::aws-sts,google-cloud-platform[]
 .Verification
@@ -333,3 +346,6 @@ endif::[]
 ifeval::["{context}" == "installing-alibaba-customizations"]
 :!alibabacloud-customizations:
 endif::[]
+ifeval::["{context}" == "installing-alibaba-vpc"]
+:!alibabacloud-vpc:
+endif::[]

modules/cli-installing-cli.adoc

@@ -1,6 +1,7 @@
 // Module included in the following assemblies:
 //
-// installing/installing_alibaba/installing-alibaba-network-customizations.adoc
+// * installing/installing_alibaba/installing-alibaba-network-customizations.adoc
+// * installing/installing_alibaba/installing-alibaba-vpc.adoc
 // * cli_reference/openshift_cli/getting-started.adoc
 // * installing/installing_aws/installing-aws-user-infra.adoc
 // * installing/installing_aws/installing-aws-customizations.adoc

modules/cli-logging-in-kubeadmin.adoc

@@ -1,6 +1,7 @@
 // Module included in the following assemblies:
 //
-// installing/installing_alibaba/installing-alibaba-network-customizations.adoc
+// * installing/installing_alibaba/installing-alibaba-network-customizations.adoc
+// * installing/installing_alibaba/installing-alibaba-vpc.adoc
 // * installing/installing_aws/installing-aws-user-infra.adoc
 // * installing/installing_aws/installing-aws-customizations.adoc
 // * installing/installing_aws/installing-aws-default.adoc

modules/cluster-entitlements.adoc

@@ -1,6 +1,7 @@
 // Module included in the following assemblies:
 //
-// installing/installing_alibaba/installing-alibaba-network-customizations.adoc
+// * installing/installing_alibaba/installing-alibaba-network-customizations.adoc
+// * installing/installing_alibaba/installing-alibaba-vpc.adoc
 // * installing/installing_bare_metal/installing-bare-metal-network-customizations.adoc
 // * installing/installing_bare_metal/installing-bare-metal.adoc
 // * installing/installing_bare_metal/installing-restricted-networks-bare-metal.adoc

modules/cluster-telemetry.adoc

@@ -1,6 +1,7 @@
 // Module included in the following assemblies:
 //
-// installing/installing_alibaba/installing-alibaba-network-customizations.adoc
+// * installing/installing_alibaba/installing-alibaba-network-customizations.adoc
+// * installing/installing_alibaba/installing-alibaba-vpc.adoc
 // * installing/installing_bare_metal/installing-bare-metal-network-customizations.adoc
 // * installing/installing_bare_metal/installing-bare-metal.adoc
 // * installing/installing_bare_metal/installing-restricted-networks-bare-metal.adoc

modules/installation-alibaba-config-yaml.adoc

@@ -48,6 +48,10 @@ platform:
       systemDiskSize: 200
     region: ap-southeast-1 <4>
     resourceGroupID: rg-acfnw6j3hyai <5>
+    vpcID: vpc-0xifdjerdibmaqvtjob2b <8>
+    vswitchIDs: <8>
+    - vsw-0xi8ycgwc8wv5rhviwdq5
+    - vsw-0xiy6v3z2tedv009b4pz2
 publish: External
 pullSecret: '{"auths": {"cloud.openshift.com": {"auth": ... }' <6>
 sshKey: |
@@ -60,3 +64,4 @@ sshKey: |
 <5> Optional. Specify an existing resource group where the cluster should be installed.
 <6> Required. The installation program prompts you for the pull secret.
 <7> Optional. The installation program prompts you for the SSH key value that you use to access the machines in your cluster.
+<8> Optional. These are example vswitchID values.