Merge pull request #50439 from jldohmann/OSDOCS-3887

jldohmann · web-flow · commit 3a1325e49bc4 · 2022-10-24T15:01:42.000-05:00
OSDOCS-3887: add ELB switching feature
diff --git a/modules/nw-aws-replacing-clb-with-nlb.adoc b/modules/nw-aws-replacing-clb-with-nlb.adoc
@@ -4,18 +4,22 @@
 
 :_content-type: PROCEDURE
 [id="nw-aws-replacing-clb-with-nlb_{context}"]
-= Replacing Ingress Controller Classic Load Balancer with Network Load Balancer 
+= Replacing Ingress Controller Classic Load Balancer with Network Load Balancer
 
-You can replace an Ingress Controller that is using a Classic Load Balancer (CLB) with one that uses a Network Load Balancer (NLB) on AWS. 
+You can replace an Ingress Controller that is using a Classic Load Balancer (CLB) with one that uses a Network Load Balancer (NLB) on AWS.
 
 [WARNING]
 ====
-This procedure causes an expected outage that can last several minutes due to new DNS records propagation, new load balancers provisioning, and other factors. IP addresses and canonical names of the Ingress Controller load balancer might change after applying this procedure. 
+This procedure might cause the following issues:
+
+* An outage that can last several minutes due to new DNS records propagation, new load balancers provisioning, and other factors. IP addresses and canonical names of the Ingress Controller load balancer might change after applying this procedure.
+
+* Leaked load balancer resources due to a change in the annotation of the service.
 ====
 
-.Procedure 
+.Procedure
 
-. Create a file with a new default Ingress Controller. The following example assumes that your default Ingress Controller has an `External` scope and no other customizations: 
+. Create a file with a new default Ingress Controller. The following example assumes that your default Ingress Controller has an `External` scope and no other customizations:
 +
 .Example `ingresscontroller.yml` file
 [source,yaml]
@@ -36,14 +40,19 @@ spec:
           type: NLB
     type: LoadBalancerService
 ----
-+ 
-If your default Ingress Controller has other customizations, ensure that you modify the file accordingly. 
++
+If your default Ingress Controller has other customizations, ensure that you modify the file accordingly.
++
+[TIP]
+====
+If your Ingress Controller has no other customizations and you are only updating the load balancer type, consider following the procedure detailed in "Switching the Ingress Controller from using a Classic Load Balancer to a Network Load Balancer".
+====
 
-. Force replace the Ingress Controller YAML file: 
+. Force replace the Ingress Controller YAML file:
 +
 [source,terminal]
 ----
 $ oc replace --force --wait -f ingresscontroller.yml
 ----
 +
-Wait until the Ingress Controller is replaced. Expect serveral of minutes of outages. 
+Wait until the Ingress Controller is replaced. Expect several of minutes of outages.
diff --git a/modules/nw-aws-switching-clb-with-nlb.adoc b/modules/nw-aws-switching-clb-with-nlb.adoc
@@ -0,0 +1,63 @@
+// Module included in the following assemblies:
+//
+// * networking/configuring_ingress_cluster_traffic/configuring-ingress-cluster-traffic-aws.adoc
+
+:_content-type: PROCEDURE
+[id="nw-aws-switching-clb-with-nlb_{context}"]
+= Switching the Ingress Controller from using a Classic Load Balancer to a Network Load Balancer
+
+You can switch the Ingress Controller that is using a Classic Load Balancer (CLB) to one that uses a Network Load Balancer (NLB) on AWS.
+
+Switching between these load balancers will not delete the `IngressController` object.
+
+[WARNING]
+====
+This procedure might cause the following issues:
+
+* An outage that can last several minutes due to new DNS records propagation, new load balancers provisioning, and other factors. IP addresses and canonical names of the Ingress Controller load balancer might change after applying this procedure.
+
+* Leaked load balancer resources due to a change in the annotation of the service.
+====
+
+.Procedure
+
+. Modify the existing Ingress Controller that you want to switch to using an NLB. This example assumes that your default Ingress Controller has an `External` scope and no other customizations:
++
+.Example `ingresscontroller.yaml` file
+[source,yaml]
+----
+apiVersion: operator.openshift.io/v1
+kind: IngressController
+metadata:
+  creationTimestamp: null
+  name: default
+  namespace: openshift-ingress-operator
+spec:
+  endpointPublishingStrategy:
+    loadBalancer:
+      scope: External
+      providerParameters:
+        type: AWS
+        aws:
+          type: NLB
+    type: LoadBalancerService
+----
++
+[NOTE]
+====
+If you do not specify a value for the `spec.endpointPublishingStrategy.loadBalancer.providerParameters.aws.type` field, the Ingress Controller uses the `spec.loadBalancer.platform.aws.type` value from the cluster `Ingress` configuration that was set during installation.
+====
++
+[TIP]
+====
+If your Ingress Controller has other customizations that you want to update, such as changing the domain, consider force replacing the Ingress Controller definition file instead.
+====
+
+. Apply the changes to the Ingress Controller YAML file by running the command:
++
+[source,terminal]
+----
+$ oc apply -f ingresscontroller.yaml
+----
++
+Expect several minutes of outages while the Ingress Controller updates.
diff --git a/modules/nw-aws-switching-nlb-with-clb.adoc b/modules/nw-aws-switching-nlb-with-clb.adoc
@@ -0,0 +1,59 @@
+// Module included in the following assemblies:
+//
+// * networking/configuring_ingress_cluster_traffic/configuring-ingress-cluster-traffic-aws.adoc
+
+:_content-type: PROCEDURE
+[id="nw-aws-switching-nlb-with-clb_{context}"]
+= Switching the Ingress Controller from using a Network Load Balancer to a Classic Load Balancer
+
+You can switch the Ingress Controller that is using a Network Load Balancer (NLB) to one that uses a Classic Load Balancer (CLB) on AWS.
+
+Switching between these load balancers will not delete the `IngressController` object.
+
+[WARNING]
+====
+This procedure might cause an outage that can last several minutes due to new DNS records propagation, new load balancers provisioning, and other factors. IP addresses and canonical names of the Ingress Controller load balancer might change after applying this procedure.
+====
+
+.Procedure
+
+. Modify the existing Ingress Controller that you want to switch to using a CLB. This example assumes that your default Ingress Controller has an `External` scope and no other customizations:
++
+.Example `ingresscontroller.yaml` file
+[source,yaml]
+----
+apiVersion: operator.openshift.io/v1
+kind: IngressController
+metadata:
+  creationTimestamp: null
+  name: default
+  namespace: openshift-ingress-operator
+spec:
+  endpointPublishingStrategy:
+    loadBalancer:
+      scope: External
+      providerParameters:
+        type: AWS
+        aws:
+          type: Classic
+    type: LoadBalancerService
+----
++
+[NOTE]
+====
+If you do not specify a value for the `spec.endpointPublishingStrategy.loadBalancer.providerParameters.aws.type` field, the Ingress Controller uses the `spec.loadBalancer.platform.aws.type` value from the cluster `Ingress` configuration that was set during installation.
+====
++
+[TIP]
+====
+If your Ingress Controller has other customizations that you want to update, such as changing the domain, consider force replacing the Ingress Controller definition file instead.
+====
+
+. Apply the changes to the Ingress Controller YAML file by running the command:
++
+[source,terminal]
+----
+$ oc apply -f ingresscontroller.yaml
+----
++
+Expect several minutes of outages while the Ingress Controller updates.
diff --git a/networking/configuring_ingress_cluster_traffic/configuring-ingress-cluster-traffic-aws.adoc b/networking/configuring_ingress_cluster_traffic/configuring-ingress-cluster-traffic-aws.adoc
@@ -8,6 +8,13 @@ toc::[]
 
 {product-title} provides methods for communicating from outside the cluster with services running in the cluster. This method uses load balancers on AWS, specifically a Network Load Balancer (NLB) or a Classic Load Balancer (CLB). Both types of load balancers can forward the client's IP address to the node, but a CLB requires proxy protocol support, which {product-title} automatically enables.
 
+There are two ways to configure an Ingress Controller to use an NLB:
+
+. By force replacing the Ingress Controller that is currently using a CLB. This deletes the `IngressController` object and an outage will occur while the new DNS records propagate and the NLB is being provisioned.
+. By editing an existing Ingress Controller that uses a CLB to use an NLB. This changes the load balancer without having to delete and recreate the `IngressController` object.
+
+Both methods can be used to switch from an NLB to a CLB.
+
 You can configure these load balancers on a new or existing AWS cluster.
 
 include::modules/nw-configuring-elb-timeouts-aws-classic.adoc[leveloffset=+1]
@@ -18,6 +25,10 @@ include::modules/nw-configuring-clb-timeouts.adoc[leveloffset=+2]
 
 include::modules/nw-configuring-ingress-cluster-traffic-aws-networking-load-balancer.adoc[leveloffset=+1]
 
+include::modules/nw-aws-switching-clb-with-nlb.adoc[leveloffset=+2]
+
+include::modules/nw-aws-switching-nlb-with-clb.adoc[leveloffset=+2]
+
 include::modules/nw-aws-replacing-clb-with-nlb.adoc[leveloffset=+2]
 
 include::modules/nw-aws-nlb-existing-cluster.adoc[leveloffset=+2]
