openshift
diff --git a/‎machine_management/control_plane_machine_management/cpmso-configuration.adoc
Lines changed: 10 additions & 11 deletions b/‎machine_management/control_plane_machine_management/cpmso-configuration.adoc
Lines changed: 10 additions & 11 deletions
diff --git a/‎modules/cpmso-yaml-failure-domain-aws.adoc
Lines changed: 30 additions & 19 deletions b/‎modules/cpmso-yaml-failure-domain-aws.adoc
Lines changed: 30 additions & 19 deletions
diff --git a/‎modules/cpmso-yaml-failure-domain-azure.adoc
Lines changed: 23 additions & 7 deletions b/‎modules/cpmso-yaml-failure-domain-azure.adoc
Lines changed: 23 additions & 7 deletions
diff --git a/‎modules/cpmso-yaml-failure-domain-gcp.adoc
Lines changed: 18 additions & 7 deletions b/‎modules/cpmso-yaml-failure-domain-gcp.adoc
Lines changed: 18 additions & 7 deletions
diff --git a/‎modules/cpmso-yaml-failure-domain-openstack.adoc
Lines changed: 24 additions & 13 deletions b/‎modules/cpmso-yaml-failure-domain-openstack.adoc
Lines changed: 24 additions & 13 deletions
diff --git a/‎modules/cpmso-yaml-failure-domain-vsphere.adoc
Lines changed: 5 additions & 5 deletions b/‎modules/cpmso-yaml-failure-domain-vsphere.adoc
Lines changed: 5 additions & 5 deletions
diff --git a/‎modules/cpmso-yaml-provider-spec-aws.adoc
Lines changed: 66 additions & 42 deletions b/‎modules/cpmso-yaml-provider-spec-aws.adoc
Lines changed: 66 additions & 42 deletions
@@ -43,13 +43,13 @@ Some sections of the control plane machine set CR are provider-specific. The fol
 //Sample AWS provider specification
 include::modules/cpmso-yaml-provider-spec-aws.adoc[leveloffset=+2]
 
-//Sample AWS failure domain configuration
-include::modules/cpmso-yaml-failure-domain-aws.adoc[leveloffset=+2]
-
 [role="_additional-resources"]
 .Additional resources
 * xref:../../machine_management/control_plane_machine_management/cpmso-using.adoc#cpmso-supported-features-aws_cpmso-using[Enabling Amazon Web Services features for control plane machines]
 
+//Sample AWS failure domain configuration
+include::modules/cpmso-yaml-failure-domain-aws.adoc[leveloffset=+2]
+
 [id="cpmso-sample-yaml-gcp_{context}"]
 == Sample YAML for configuring Google Cloud Platform clusters
 
@@ -58,14 +58,13 @@ Some sections of the control plane machine set CR are provider-specific. The fol
 //Sample GCP provider specification
 include::modules/cpmso-yaml-provider-spec-gcp.adoc[leveloffset=+2]
 
-//Sample GCP failure domain configuration
-include::modules/cpmso-yaml-failure-domain-gcp.adoc[leveloffset=+2]
-////
-//To be added in a later PR
 [role="_additional-resources"]
 .Additional resources
 * xref:../../machine_management/control_plane_machine_management/cpmso-using.adoc#cpmso-supported-features-gcp_cpmso-using[Enabling Google Cloud Platform features for control plane machines]
-////
+
+//Sample GCP failure domain configuration
+include::modules/cpmso-yaml-failure-domain-gcp.adoc[leveloffset=+2]
+
 [id="cpmso-sample-yaml-azure_{context}"]
 == Sample YAML for configuring Microsoft Azure clusters
 
@@ -74,13 +73,13 @@ Some sections of the control plane machine set CR are provider-specific. The fol
 //Sample Azure provider specification
 include::modules/cpmso-yaml-provider-spec-azure.adoc[leveloffset=+2]
 
-//Sample Azure failure domain configuration
-include::modules/cpmso-yaml-failure-domain-azure.adoc[leveloffset=+2]
-
 [role="_additional-resources"]
 .Additional resources
 * xref:../../machine_management/control_plane_machine_management/cpmso-using.adoc#cpmso-supported-features-azure_cpmso-using[Enabling Microsoft Azure features for control plane machines]
 
+//Sample Azure failure domain configuration
+include::modules/cpmso-yaml-failure-domain-azure.adoc[leveloffset=+2]
+
 [id="cpmso-sample-yaml-nutanix_{context}"]
 == Sample YAML for configuring Nutanix clusters
 
 
@@ -13,25 +13,36 @@ When configuring AWS failure domains in the control plane machine set, you must
 .Sample AWS failure domain values
 [source,yaml]
 ----
-failureDomains:
-  aws:
-  - placement:
-      availabilityZone: <aws_zone_a> <1>
-    subnet: <2>
-      filters:
-      - name: tag:Name
-        values:
-        - <cluster_id>-private-<aws_zone_a> <3>
-      type: Filters <4>
-  - placement:
-      availabilityZone: <aws_zone_b> <5>
-    subnet:
-      filters:
-      - name: tag:Name
-        values:
-        - <cluster_id>-private-<aws_zone_b> <6>
-      type: Filters
-  platform: AWS <7>
+apiVersion: machine.openshift.io/v1
+kind: ControlPlaneMachineSet
+metadata:
+  name: cluster
+  namespace: openshift-machine-api
+spec:
+# ...
+  template:
+# ...
+    machines_v1beta1_machine_openshift_io:
+      failureDomains:
+        aws:
+        - placement:
+            availabilityZone: <aws_zone_a> <1>
+          subnet: <2>
+            filters:
+            - name: tag:Name
+              values:
+              - <cluster_id>-private-<aws_zone_a> <3>
+            type: Filters <4>
+        - placement:
+            availabilityZone: <aws_zone_b> <5>
+          subnet:
+            filters:
+            - name: tag:Name
+              values:
+              - <cluster_id>-private-<aws_zone_b> <6>
+            type: Filters
+        platform: AWS <7>
+# ...
 ----
 <1> Specifies an AWS availability zone for the first failure domain.
 <2> Specifies a subnet configuration. In this example, the subnet type is `Filters`, so there is a `filters` stanza.
 
@@ -8,17 +8,33 @@
 
 The control plane machine set concept of a failure domain is analogous to existing Azure concept of an link:https://learn.microsoft.com/en-us/azure/azure-web-pubsub/concept-availability-zones[_Azure availability zone_]. The `ControlPlaneMachineSet` CR spreads control plane machines across multiple failure domains when possible.
 
-When configuring Azure failure domains in the control plane machine set, you must specify the availability zone name.
+When configuring Azure failure domains in the control plane machine set, you must specify the availability zone name. An Azure cluster uses a single subnet that spans multiple zones.
 
 .Sample Azure failure domain values
 [source,yaml]
 ----
-failureDomains:
-  azure: <1>
-  - zone: "1"
-  - zone: "2"
-  - zone: "3"
-  platform: Azure <2>
+apiVersion: machine.openshift.io/v1
+kind: ControlPlaneMachineSet
+metadata:
+  name: cluster
+  namespace: openshift-machine-api
+spec:
+# ...
+  template:
+# ...
+    machines_v1beta1_machine_openshift_io:
+      failureDomains:
+        azure:
+        - zone: "1" # <1>
+        - zone: "2"
+        - zone: "3"
+        platform: Azure # <2>
+# ...
 ----
 <1> Each instance of `zone` specifies an Azure availability zone for a failure domain.
++
+[NOTE]
+====
+If the cluster is configured to use a single zone for all failure domains, the `zone` parameter is configured in the provider specification instead of in the failure domain configuration.
+====
 <2> Specifies the cloud provider platform name. Do not change this value.
@@ -13,13 +13,24 @@ When configuring GCP failure domains in the control plane machine set, you must
 .Sample GCP failure domain values
 [source,yaml]
 ----
-failureDomains:
-  gcp:
-  - zone: <gcp_zone_a> <1>
-  - zone: <gcp_zone_b> <2>
-  - zone: <gcp_zone_c>
-  - zone: <gcp_zone_d>
-  platform: GCP <3>
+apiVersion: machine.openshift.io/v1
+kind: ControlPlaneMachineSet
+metadata:
+  name: cluster
+  namespace: openshift-machine-api
+spec:
+# ...
+  template:
+# ...
+    machines_v1beta1_machine_openshift_io:
+      failureDomains:
+        gcp:
+        - zone: <gcp_zone_a> <1>
+        - zone: <gcp_zone_b> <2>
+        - zone: <gcp_zone_c>
+        - zone: <gcp_zone_d>
+        platform: GCP <3>
+# ...
 ----
 <1> Specifies a GCP zone for the first failure domain.
 <2> Specifies an additional failure domain. Further failure domains are added the same way.
 
@@ -6,23 +6,34 @@
 [id="cpmso-yaml-failure-domain-openstack_{context}"]
 = Sample {rh-openstack} failure domain configuration
 // TODO: Replace that link.
-The control plane machine set concept of a failure domain is analogous to existing {rh-openstack-first} concept of an link:https://docs.openstack.org/nova/latest/admin/availability-zones.html[availability zone]. The `ControlPlaneMachineSet` CR spreads control plane machines across multiple failure domains when possible.
+The control plane machine set concept of a failure domain is analogous to the existing {rh-openstack-first} concept of an link:https://docs.openstack.org/nova/latest/admin/availability-zones.html[availability zone]. The `ControlPlaneMachineSet` CR spreads control plane machines across multiple failure domains when possible.
 
 The following example demonstrates the use of multiple Nova availability zones as well as Cinder availability zones.
 
 .Sample OpenStack failure domain values
 [source,yaml]
 ----
-failureDomains:
-  platform: OpenStack
-  openstack:
-  - availabilityZone: nova-az0
-    rootVolume:
-      availabilityZone: cinder-az0
-  - availabilityZone: nova-az1
-    rootVolume:
-      availabilityZone: cinder-az1
-  - availabilityZone: nova-az2
-    rootVolume:
-      availabilityZone: cinder-az2
+apiVersion: machine.openshift.io/v1
+kind: ControlPlaneMachineSet
+metadata:
+  name: cluster
+  namespace: openshift-machine-api
+spec:
+# ...
+  template:
+# ...
+    machines_v1beta1_machine_openshift_io:
+      failureDomains:
+        platform: OpenStack
+        openstack:
+        - availabilityZone: nova-az0
+          rootVolume:
+            availabilityZone: cinder-az0
+        - availabilityZone: nova-az1
+          rootVolume:
+            availabilityZone: cinder-az1
+        - availabilityZone: nova-az2
+          rootVolume:
+            availabilityZone: cinder-az2
+# ...
 ----
@@ -6,7 +6,7 @@
 [id="cpmso-yaml-failure-domain-vsphere_{context}"]
 = Sample VMware vSphere failure domain configuration
 
-On VMware vSphere infrastructure, the cluster-wide infrastructure Custom Resource Definition (CRD), `infrastructures.config.openshift.io`, defines failure domains for your cluster. The `providerSpec` in the `ControlPlaneMachineSet` custom resource (CR) specifies names for failure domains. A failure domain is an infrastructure resource that comprises a control plane machine set, a vCenter datacenter, vCenter datastore, and a network. 
+On VMware vSphere infrastructure, the cluster-wide infrastructure Custom Resource Definition (CRD), `infrastructures.config.openshift.io`, defines failure domains for your cluster. The `providerSpec` in the `ControlPlaneMachineSet` custom resource (CR) specifies names for failure domains. A failure domain is an infrastructure resource that comprises a control plane machine set, a vCenter datacenter, vCenter datastore, and a network.
 
 By using a failure domain resource, you can use a control plane machine set to deploy control plane machines on hardware that is separate from the primary VMware vSphere infrastructure. A control plane machine set also balances control plane machines across defined failure domains to provide fault tolerance capabilities to your infrastructure.
 
@@ -18,7 +18,7 @@ If you modify the `ProviderSpec` configuration in the `ControlPlaneMachineSet` C
 :FeatureName: Defining a failure domain for a control plane machine set
 include::snippets/technology-preview.adoc[]
 
-.Example ProviderSpec configuration with specified failure domain names
+.Sample vSphere failure domain values
 [source,yaml]
 ----
 apiVersion: machine.openshift.io/v1
@@ -29,14 +29,14 @@ metadata:
 spec:
 # ...
   template:
-    machineType: machines_v1beta1_machine_openshift_io
+# ...
     machines_v1beta1_machine_openshift_io:
       failureDomains: <1>
         platform: VSphere
         vsphere: <2>
         - name: <failure_domain_name1>
-        - name: <failure_domain_name2> 
-# ...    
+        - name: <failure_domain_name2>
+# ...
 ----
 <1> A failure domain defines the vCenter location for {product-title} cluster nodes.
 <2> Defines failure domains by name for the control plane machine set.
 
@@ -18,44 +18,56 @@ $ oc get -o jsonpath='{.status.infrastructureName}{"\n"}' infrastructure cluster
 .Sample AWS `providerSpec` values
 [source,yaml]
 ----
-providerSpec:
-  value:
-    ami:
-      id: ami-<ami_id_string> <1>
-    apiVersion: machine.openshift.io/v1beta1
-    blockDevices:
-    - ebs: <2>
-        encrypted: true
-        iops: 0
-        kmsKey:
-          arn: ""
-        volumeSize: 120
-        volumeType: gp3
-    credentialsSecret:
-      name: aws-cloud-credentials <3>
-    deviceIndex: 0
-    iamInstanceProfile:
-      id: <cluster_id>-master-profile <4>
-    instanceType: m6i.xlarge <5>
-    kind: AWSMachineProviderConfig <6>
-    loadBalancers: <7>
-    - name: <cluster_id>-int
-      type: network
-    - name: <cluster_id>-ext
-      type: network
-    metadata:
-      creationTimestamp: null
-    metadataServiceOptions: {}
-    placement: <8>
-      region: <region> <9>
-    securityGroups:
-    - filters:
-      - name: tag:Name
-        values:
-        - <cluster_id>-master-sg <10>
-    subnet: {} <11>
-    userDataSecret:
-      name: master-user-data <12>
+apiVersion: machine.openshift.io/v1
+kind: ControlPlaneMachineSet
+metadata:
+  name: cluster
+  namespace: openshift-machine-api
+spec:
+# ...
+  template:
+# ...
+      spec:
+        providerSpec:
+          value:
+            ami:
+              id: ami-<ami_id_string> <1>
+            apiVersion: machine.openshift.io/v1beta1
+            blockDevices:
+            - ebs: <2>
+                encrypted: true
+                iops: 0
+                kmsKey:
+                  arn: ""
+                volumeSize: 120
+                volumeType: gp3
+            credentialsSecret:
+              name: aws-cloud-credentials <3>
+            deviceIndex: 0
+            iamInstanceProfile:
+              id: <cluster_id>-master-profile <4>
+            instanceType: m6i.xlarge <5>
+            kind: AWSMachineProviderConfig <6>
+            loadBalancers: <7>
+            - name: <cluster_id>-int
+              type: network
+            - name: <cluster_id>-ext
+              type: network
+            metadata:
+              creationTimestamp: null
+            metadataServiceOptions: {}
+            placement: <8>
+              region: <region> <9>
+              availabilityZone: "" <10>
+              tenancy: <11>
+            securityGroups:
+            - filters:
+              - name: tag:Name
+                values:
+                - <cluster_id>-master-sg <12>
+            subnet: {} <13>
+            userDataSecret:
+              name: master-user-data <14>
 ----
 <1> Specifies the {op-system-first} Amazon Machine Images (AMI) ID for the cluster. The AMI must belong to the same region as the cluster. If you want to use an AWS Marketplace image, you must complete the {product-title} subscription from the link:https://aws.amazon.com/marketplace/fulfillment?productId=59ead7de-2540-4653-a8b0-fa7926d5c845[AWS Marketplace] to obtain an AMI ID for your region.
 <2> Specifies the configuration of an encrypted EBS volume.
@@ -64,8 +76,20 @@ providerSpec:
 <5> Specifies the AWS instance type for the control plane.
 <6> Specifies the cloud provider platform type. Do not change this value.
 <7> Specifies the internal (`int`) and external (`ext`) load balancers for the cluster.
-<8> This parameter is configured in the failure domain, and is shown with an empty value here. If a value specified for this parameter differs from the value in the failure domain, the Operator overwrites it with the value in the failure domain.
+<8> Specifies where to create the control plane instance in AWS.
 <9> Specifies the AWS region for the cluster.
-<10> Specifies the control plane machines security group.
-<11> This parameter is configured in the failure domain, and is shown with an empty value here. If a value specified for this parameter differs from the value in the failure domain, the Operator overwrites it with the value in the failure domain.
-<12> Specifies the control plane user data secret. Do not change this value.
+<10> This parameter is configured in the failure domain and is shown with an empty value here. If a value specified for this parameter differs from the value in the failure domain, the Control Plane Machine Set Operator overwrites it with the value in the failure domain.
+<11> Specifies the AWS Dedicated Instance configuration for the control plane. For more information, see AWS documentation about link:https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/dedicated-instance.html[Dedicated Instances]. The following values are valid:
+* `default`: The Dedicated Instance runs on shared hardware.
+* `dedicated`: The Dedicated Instance runs on single-tenant hardware.
+* `host`: The Dedicated Instance runs on a Dedicated Host, which is an isolated server with configurations that you can control.
+<12> Specifies the control plane machines security group.
+<13> This parameter is configured in the failure domain and is shown with an empty value here. If a value specified for this parameter differs from the value in the failure domain, the Control Plane Machine Set Operator overwrites it with the value in the failure domain.
++
+[NOTE]
+====
+If the failure domain configuration does not specify a value, the value in the provider specification is used.
+Configuring a subnet in the failure domain overwrites the subnet value in the provider specification.
+====
+//TODO: clarify with dev about this one in 4.16+
+<14> Specifies the control plane user data secret. Do not change this value.