Merge pull request #60887 from bmcelvee/OSDOCS-4883-new

OSDOCS-4883: Document OSD/ROSA managed Ingress improvements

Author: bmcelvee

_attributes/attributes-openshift-dedicated.adoc

@@ -22,6 +22,8 @@
 :pipelines-title: Red Hat OpenShift Pipelines
 :logging-sd: Red Hat OpenShift Logging
 :ServerlessProductName: OpenShift Serverless
+:rh-openstack-first: Red Hat OpenStack Platform (RHOSP)
+:rh-openstack: RHOSP
 :rhoda: Red Hat OpenShift Database Access
 :rhoda-short: RHODA
 :rhods: Red Hat OpenShift Data Science

applications/deployments/osd-config-custom-domains-applications.adoc

@@ -6,7 +6,12 @@ include::_attributes/attributes-openshift-dedicated.adoc[]
 
 toc::[]
 
-You can configure a custom domain for your applications. Custom domains are specific wildcard domains that can be used with {product-title} applications.
+[NOTE]
+====
+Starting with {product-title} 4.14, the Custom Domain Operator is deprecated. To manage Ingress in {product-title} 4.14, use the Ingress Operator. The functionality is unchanged for {product-title} 4.13 and earlier versions.
+====
+
+You can configure a custom domain for your applications. Custom domains are specific wildcard domains that can be used with {product-title} applications. 
 
 include::modules/osd-applications-config-custom-domains.adoc[leveloffset=+1]
 include::modules/osd-applications-renew-custom-domains.adoc[leveloffset=+1]

modules/nw-ingress-controller-configuration-parameters.adoc

@@ -31,18 +31,31 @@ If empty, the default value is `ingress.config.openshift.io/cluster` `.spec.doma
 |`endpointPublishingStrategy`
 |`endpointPublishingStrategy` is used to publish the Ingress Controller endpoints to other networks, enable load balancer integrations, and provide access to other systems.
 
+ifndef::openshift-rosa,openshift-dedicated[]
 On GCP, AWS, and Azure you can configure the following `endpointPublishingStrategy` fields:
+endif::openshift-rosa,openshift-dedicated[]
+
+ifdef::openshift-rosa,openshift-dedicated[]
+You can configure the following `endpointPublishingStrategy` fields:
+endif::openshift-rosa,openshift-dedicated[]
 
 * `loadBalancer.scope`
 * `loadBalancer.allowedSourceRanges`
 
 If not set, the default value is based on `infrastructure.config.openshift.io/cluster` `.status.platform`:
 
+ifdef::openshift-rosa,openshift-dedicated[]
 * Amazon Web Services (AWS): `LoadBalancerService` (with External scope)
+endif::openshift-rosa,openshift-dedicated[]
+ifdef::openshift-dedicated[]
+* Google Cloud Platform (GCP): `LoadBalancerService` (with External scope)
+endif::openshift-dedicated[]
+ifndef::openshift-rosa,openshift-dedicated[]
 * Azure: `LoadBalancerService` (with External scope)
 * Google Cloud Platform (GCP): `LoadBalancerService` (with External scope)
 * Bare metal: `NodePortService`
 * Other: `HostNetwork`
+endif::openshift-rosa,openshift-dedicated[]
 +
 [NOTE]
 ====
@@ -74,13 +87,14 @@ On {rh-openstack-first}, the `LoadBalancerService` endpoint publishing strategy
 
 For more information, see the "Setting cloud provider options" section of the {rh-openstack} installation documentation.
 ====
-
+ifndef::openshift-rosa[]
 For most platforms, the `endpointPublishingStrategy` value can be updated. On GCP, you can configure the following `endpointPublishingStrategy` fields:
 
 * `loadBalancer.scope`
 * `loadbalancer.providerParameters.gcp.clientAccess`
 * `hostNetwork.protocol`
 * `nodePort.protocol`
+endif::openshift-rosa[]
 
 |`defaultCertificate`
 |The `defaultCertificate` value is a reference to a secret that contains the default certificate that is served by the Ingress Controller. When Routes do not specify their own certificate, `defaultCertificate` is used.

modules/nw-ingress-default-internal.adoc

@@ -8,11 +8,13 @@
 
 You can configure the `default` Ingress Controller for your cluster to be internal by deleting and recreating it.
 
+ifndef::openshift-rosa,openshift-dedicated[]
 [WARNING]
 ====
 If your cloud provider is Microsoft Azure, you must have at least one public load balancer that points to your nodes.
 If you do not, all of your nodes will lose egress connectivity to the internet.
 ====
+endif::openshift-rosa,openshift-dedicated[]
 
 [IMPORTANT]
 ====

modules/nw-ingress-setting-internal-lb.adoc

@@ -9,11 +9,13 @@
 When creating an Ingress Controller on cloud platforms, the Ingress Controller is published by a public cloud load balancer by default.
 As an administrator, you can create an Ingress Controller that uses an internal cloud load balancer.
 
+ifndef::openshift-rosa,openshift-dedicated[]
 [WARNING]
 ====
 If your cloud provider is Microsoft Azure, you must have at least one public load balancer that points to your nodes.
 If you do not, all of your nodes will lose egress connectivity to the internet.
 ====
+endif::openshift-rosa,openshift-dedicated[]
 
 [IMPORTANT]
 ====

modules/rosa-edit-objects.adoc

@@ -85,11 +85,32 @@ $ rosa edit ingress --cluster=<cluster_name> | <cluster_id> [arguments]
 |--cluster
 |Required: The name or ID (string) of the cluster to which the ingress will be added.
 
+|--cluster-routes-hostname  
+|Components route hostname for OAuth, console, and download.
+
+|--cluster-routes-tls-secret-ref 
+|Components route TLS secret reference for OAuth, console, and download.
+
+|--excluded-namespaces 
+|Excluded namespaces for ingress. Format is a comma-separated list `value1, value2...`. If no values are specified, all namespaces will be exposed.
+
 |--label-match
 |The label match (string) for ingress. The format must be a comma-delimited list of key=value pairs. If no label is specified, all routes are exposed on both routers.
 
+|--lb-type  
+|Type of Load Balancer. Options are `classic`, `nlb`.
+
+|--namespace-ownership-policy
+|Namespace Ownership Policy for ingress. Options are `Strict` and `InterNamespaceAllowed`. Default is `Strict`.
+
 |--private
 |Restricts the application route to direct, private connectivity.
+
+|--route-selector
+|Route Selector for ingress. Format is a comma-separated list of key=value. If no label is specified, all routes will be exposed on both routers. For legacy ingress support these are inclusion labels, otherwise they are treated as exclusion label.
+
+|--wildcard-policy 
+|Wildcard Policy for ingress. Options are `WildcardsDisallowed` and `WildcardsAllowed`. Default is `WildcardsDisallowed`.
 |===
 
 .Optional arguments inherited from parent commands
@@ -113,6 +134,7 @@ $ rosa edit ingress --cluster=<cluster_name> | <cluster_id> [arguments]
 .Examples
 
 Make an additional ingress with the ID `a1b2` as a private connection on a cluster named `mycluster`.
+
 [source,terminal]
 ----
 $ rosa edit ingress --private --cluster=mycluster a1b2
@@ -132,6 +154,13 @@ Update the default ingress using the sub-domain identifier `apps` on a cluster n
 $ rosa edit ingress --private=false --cluster=mycluster apps
 ----
 
+Update the load balancer type of the `apps2` ingress.
+
+[source,terminal]
+----
+$ rosa edit ingress --lb-type=nlb --cluster=mycluster apps2
+----
+
 [id="rosa-edit-machinepool_{context}"]
 == edit machinepool