Merge pull request #57063 from dfitzmau/OSDOCS-4812

OSDOCS-4812: Deploying a sample application in an AWS Local Zone environment

Author: kelbrown20

installing/installing_aws/installing-aws-localzone.adoc

@@ -8,6 +8,8 @@ toc::[]
 
 In {product-title} version {product-version}, you can install a cluster on Amazon Web Services (AWS) into an existing VPC, extending workers to the edge of the Cloud Infrastructure using AWS Local Zones.
 
+After you create an Amazon Web Service (AWS) Local Zone environment, and you deploy your cluster, you can use edge worker nodes to create user workloads in Local Zone subnets.
+
 AWS Local Zones are a type of infrastructure that place Cloud Resources close to the metropolitan regions. For more information, see the link:https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-local-zones[AWS Local Zones Documentation].
 
 {product-title} can be installed in existing VPCs with Local Zone subnets. The Local Zone subnets can be used to extend the regular workers' nodes to the edge networks. The edge worker nodes are dedicated to running user workloads.
@@ -99,6 +101,9 @@ include::modules/installation-localzone-generate-k8s-manifest.adoc[leveloffset=+
 
 include::modules/installation-launching-installer.adoc[leveloffset=+1]
 
+.Next steps
+* xref:../../post_installation_configuration/cluster-tasks.adoc#installation-extend-edge-nodes-aws-local-zones_post-install-cluster-tasks[Creating user workloads in AWS Local Zones]
+
 include::modules/cli-installing-cli.adoc[leveloffset=+1]
 
 include::modules/cli-logging-in-kubeadmin.adoc[leveloffset=+1]

modules/installation-extend-edge-nodes-aws-local-zones.adoc

@@ -0,0 +1,123 @@
+// Module included in the following assemblies:
+//
+// * post_installation_configuration/cluster-tasks.adoc
+
+ifeval::["{context}" == "installing-aws-localzone"]
+:localzone:
+endif::[]
+
+:_content-type: PROCEDURE
+[id="installation-extend-edge-nodes-aws-local-zones_{context}"]
+= Creating user workloads in AWS Local Zones
+After you create an Amazon Web Service (AWS) Local Zone environment, and you deploy your cluster, you can use edge worker nodes to create user workloads in Local Zone subnets. 
+
+After the `openshift-installer` creates the cluster, the installation program automatically specifies a taint effect of `NoSchedule` to each edge worker node. This means that a scheduler does not add a new pod, or deployment, to a node if the pod does not match the specified tolerations for a taint. You can modify the taint for better control over how each node creates a workload in each Local Zone subnet.
+
+The `openshift-installer` creates the compute machine set manifests file with `node-role.kubernetes.io/edge` and `node-role.kubernetes.io/worker` labels applied to each edge worker node that is located in a Local Zone subnet.
+
+.Prerequisites
+
+* You have access to the OpenShift CLI (`oc`).
+* You deployed your cluster in a Virtual Private Cloud (VPC) with defined Local Zone subnets.
+* You ensured that the compute machine set for the edge workers on Local Zone subnets specifies the taints for `node-role.kubernetes.io/edge`.
+
+.Procedure
+
+. Create a `deployment` resource YAML file for an example application to be deployed in the edge worker node that operates in a Local Zone subnet. Ensure that you specify the correct tolerations that match the taints for the edge worker node.
++
+.Example of a configured `deployment` resource for an edge worker node that operates in a Local Zone subnet
+[source,yaml]
+----
+kind: Namespace
+apiVersion: v1
+metadata:
+  name: <local_zone_application_namespace>
+---
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: <pvc_name>
+  namespace: <local_zone_application_namespace>
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 10Gi
+  storageClassName: gp2-csi <1>
+  volumeMode: Filesystem
+---
+apiVersion: apps/v1
+kind: Deployment <2>
+metadata:
+  name: <local_zone_application> <3>
+  namespace: <local_zone_application_namespace> <4>
+spec:
+  selector: 
+    matchLabels:
+      app: <local_zone_application>
+  replicas: 1
+  template:
+    metadata:
+      labels: 
+        app: <local_zone_application>
+        zone-group: ${ZONE_GROUP_NAME} <5>
+    spec:
+      securityContext:
+        seccompProfile:
+          type: RuntimeDefault
+      nodeSelector: <6>
+        machine.openshift.io/zone-group: ${ZONE_GROUP_NAME}
+      tolerations: <7>
+      - key: "node-role.kubernetes.io/edge"
+        operator: "Equal"
+        value: ""
+        effect: "NoSchedule"
+      containers:
+        - image: openshift/origin-node
+          command:
+           - "/bin/socat"
+          args:
+            - TCP4-LISTEN:8080,reuseaddr,fork
+            - EXEC:'/bin/bash -c \"printf \\\"HTTP/1.0 200 OK\r\n\r\n\\\"; sed -e \\\"/^\r/q\\\"\"'
+          imagePullPolicy: Always
+          name: echoserver
+          ports:
+            - containerPort: 8080
+          volumeMounts:
+            - mountPath: "/mnt/storage"
+              name: data
+      volumes:
+      - name: data 
+        persistentVolumeClaim:
+          claimName: <pvc_name>
+----
+<1> `storageClassName`: For the Local Zone configuration, you must specify `gp2-csi`.
+<2> `kind`: Defines the `deployment` resource.
+<3> `name`: Specifies the name of your Local Zone application. For example, `local-zone-demo-app-nyc-1`.
+<4> `namespace:` Defines the namespace for the AWS Local Zone where you want to run the user workload. For example: `local-zone-app-nyc-1a`.
+<5> `zone-group`: Defines the group to where a zone belongs. For example, `us-east-1-iah-1`.
+<6> `nodeSelector`: Targets edge worker nodes that match the specified labels. 
+<7> `tolerations`: Sets the values that match with the `taints` defined on the `MachineSet` manifest for the Local Zone node.
+
+. Create a `service` resource YAML file for the node. This resource exposes a pod from a targeted edge worker node to services that run inside your Local Zone network.
++
+.Example of a configured `service` resource for an edge worker node that operates in a Local Zone subnet
+[source,yaml]
+----
+apiVersion: v1
+kind: Service <1>
+metadata:
+  name:  <local_zone_application>
+  namespace: <local_zone_application_namespace>
+spec:
+  ports:
+    - port: 80
+      targetPort: 8080
+      protocol: TCP
+  type: NodePort
+  selector: <2>
+    app: <local_zone_application>
+----
+<1> `kind`: Defines the `service` resource.
+<2> `selector:` Specifies the label type applied to managed pods.

modules/installation-localzone-generate-k8s-manifest.adoc

@@ -3,7 +3,7 @@
 // * installing/installing_aws/installing-aws-localzone.adoc
 
 :_content-type: PROCEDURE
-[id="installation-localzone-generate-k8s-manifest{context}"]
+[id="installation-localzone-generate-k8s-manifest_{context}"]
 = Creating the Kubernetes manifest files
 
 Because you must modify some cluster definition files and manually start the cluster machines, you must generate the Kubernetes manifest files that the cluster needs to configure the machines.

post_installation_configuration/cluster-tasks.adoc

@@ -544,6 +544,21 @@ include::modules/machineset-delete-policy.adoc[leveloffset=+2]
 
 include::modules/nodes-scheduler-node-selectors-cluster.adoc[leveloffset=+2]
 
+include::modules/installation-extend-edge-nodes-aws-local-zones.adoc[leveloffset=+2]
+
+.Next steps
+
+* Optional: Use the AWS Load Balancer (ALB) Operator to expose a pod from a targeted edge worker node to services that run inside a Local Zone subnet from a public network. See xref:../networking/aws_load_balancer_operator/install-aws-load-balancer-operator.adoc#nw-installing-aws-load-balancer-operator_aws-load-balancer-operator[Installing the AWS Load Balancer Operator].
+
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../installing/installing_aws/installing-aws-localzone.html[Installing a cluster using AWS Local Zones]
+
+* xref:../nodes/scheduling/nodes-scheduler-taints-tolerations.adoc[Understanding taints and tolerations]
+
+* xref:../logging/config/cluster-logging-tolerations.adoc[Using tolerations to control OpenShift Logging pod placement]
+
 [id="post-worker-latency-profiles"]
 == Improving cluster stability in high latency environments using worker latency profiles