Merge pull request #71263 from jeana-redhat/OSDOCS-9565-AWS-Outposts-MAPI

OSDOCS-9565: configuring AWS Outposts postinstallation

Author: jeana-redhat

_topic_maps/_topic_map.yml

@@ -633,6 +633,8 @@ Topics:
 - Name: Adding failure domains to an existing Nutanix cluster
   File: adding-nutanix-failure-domains
   Distros: openshift-origin,openshift-enterprise
+- Name: Extending an AWS VPC cluster into an AWS Outpost
+  File: configuring-aws-outposts
 ---
 Name: Updating clusters
 Dir: updating

installing/installing_aws/installing-aws-outposts.adoc

@@ -8,4 +8,6 @@ toc::[]
 
 In {product-title} version 4.14, you could install a cluster on Amazon Web Services (AWS) with compute nodes running in AWS Outposts as a Technology Preview. As of {product-title} version 4.15, this installation method is no longer supported.
 
-Instead, you can xref:../../installing/installing_aws/installing-aws-vpc.adoc#installing-aws-vpc[install a cluster on AWS into an existing VPC] and provision compute nodes on AWS Outposts as a postinstallation configuration task.
+Instead, you can xref:../../installing/installing_aws/installing-aws-vpc.adoc#installing-aws-vpc[install a cluster on AWS into an existing VPC] and provision compute nodes on AWS Outposts as a postinstallation configuration task.
+
+For more information, see xref:../../post_installation_configuration/configuring-aws-outposts.adoc#configuring-aws-outposts[Extending an AWS VPC cluster into an AWS Outpost]

installing/installing_aws/installing-aws-vpc.adoc

@@ -121,3 +121,4 @@ include::modules/cluster-telemetry.adoc[leveloffset=+1]
 * xref:../../post_installation_configuration/cluster-tasks.adoc#available_cluster_customizations[Customize your cluster].
 * If necessary, you can xref:../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#opting-out-remote-health-reporting_opting-out-remote-health-reporting[opt out of remote health reporting].
 * If necessary, you can xref:../../post_installation_configuration/cluster-tasks.adoc#manually-removing-cloud-creds_post-install-cluster-tasks[remove cloud provider credentials].
+* After installing a cluster on AWS into an existing VPC, you can xref:../../post_installation_configuration/configuring-aws-outposts.adoc#configuring-aws-outposts[extend the AWS VPC cluster into an AWS Outpost].

modules/aws-outposts-environment-info-aws.adoc

@@ -0,0 +1,60 @@
+// Module included in the following assemblies:
+//
+// * post_installation_configuration/configuring-aws-outposts.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="aws-outposts-environment-info-aws_{context}"]
+= Obtaining information from your AWS account
+
+You can use the AWS CLI (`aws`) to obtain information from your AWS account.
+
+[TIP]
+====
+You might find it convenient to store some or all of these values as environment variables by using the `export` command.
+====
+
+.Prerequisites
+
+* You have an AWS Outposts site with the required hardware setup complete.
+
+* Your Outpost is connected to your AWS account.
+
+* You have access to your AWS account by using the AWS CLI (`aws`) as a user with permissions to perform the required tasks.
+
+.Procedure
+
+. List the Outposts that are connected to your AWS account by running the following command:
++
+[source,terminal]
+----
+$ aws outposts list-outposts
+----
+
+. Retain the following values from the output of the `aws outposts list-outposts` command:
+
+** The Outpost ID.
+
+** The Amazon Resource Name (ARN) for the Outpost.
+
+** The Outpost availability zone.
++
+[NOTE]
+====
+The output of the `aws outposts list-outposts` command includes two values related to the availability zone: `AvailabilityZone` and `AvailabilityZoneId`. You use the `AvailablilityZone` value to configure a compute machine set that creates compute machines in your Outpost.
+====
+
+. Using the value of the Outpost ID, show the instance types that are available in your Outpost by running the following command. Retain the values of the available instance types.
++
+[source,terminal]
+----
+$ aws outposts get-outpost-instance-types \
+  --outpost-id <outpost_id_value>
+----
+
+. Using the value of the Outpost ARN, show the subnet ID for the Outpost by running the following command. Retain this value.
++
+[source,terminal]
+----
+$ aws ec2 describe-subnets \
+  --filters Name=outpost-arn,Values=<outpost_arn_value>
+----

modules/aws-outposts-environment-info-oc.adoc

@@ -0,0 +1,66 @@
+// Module included in the following assemblies:
+//
+// * post_installation_configuration/configuring-aws-outposts.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="aws-outposts-environment-info-oc_{context}"]
+= Obtaining information from your {product-title} cluster
+
+You can use the {oc-first} to obtain information from your {product-title} cluster.
+
+[TIP]
+====
+You might find it convenient to store some or all of these values as environment variables by using the `export` command.
+====
+
+.Prerequisites
+
+* You have installed an {product-title} cluster into a custom VPC on AWS.
+
+* You have access to the cluster using an account with `cluster-admin` permissions.
+
+* You have installed the {oc-first}.
+
+.Procedure
+
+. List the infrastructure ID for the cluster by running the following command. Retain this value.
++
+[source,terminal]
+----
+$ oc get -o jsonpath='{.status.infrastructureName}{"\n"}' infrastructures.config.openshift.io cluster
+----
+
+. Obtain details about the compute machine sets that the installation program created by running the following commands:
+
+.. List the compute machine sets on your cluster:
++
+[source,terminal]
+----
+$ oc get machinesets.machine.openshift.io -n openshift-machine-api
+----
++
+.Example output
+[source,text]
+----
+NAME                           DESIRED   CURRENT   READY   AVAILABLE   AGE
+<compute_machine_set_name_1>   1         1         1       1           55m
+<compute_machine_set_name_2>   1         1         1       1           55m
+----
+
+.. Display the Amazon Machine Image (AMI) ID for one of the listed compute machine sets. Retain this value.
++
+[source,terminal]
+----
+$ oc get machinesets.machine.openshift.io <compute_machine_set_name_1> \
+  -n openshift-machine-api \
+  -o jsonpath='{.spec.template.spec.providerSpec.value.ami.id}'
+----
+
+.. Display the subnet ID for the AWS VPC cluster. Retain this value.
++
+[source,terminal]
+----
+$ oc get machinesets.machine.openshift.io <compute_machine_set_name_1> \
+  -n openshift-machine-api \
+  -o jsonpath='{.spec.template.spec.providerSpec.value.subnet.id}'
+----

modules/aws-outposts-load-balancer-clb.adoc

@@ -0,0 +1,123 @@
+// Module included in the following assemblies:
+//
+// * post_installation_configuration/configuring-aws-outposts.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="aws-outposts-load-balancer-clb_{context}"]
+= Using AWS Classic Load Balancers in an AWS VPC cluster extended into an Outpost
+
+AWS Outposts racks cannot run AWS Classic Load Balancers, but Classic Load Balancers in the AWS VPC cluster can target edge compute nodes in the Outpost if edge and cloud-based subnets are in the same availability zone.
+As a result, Classic Load Balancers on the VPC cluster might schedule pods on either of these node types.
+
+Scheduling the workloads on edge compute nodes is supported, but can introduce latency.
+If you want to prevent a Classic Load Balancer in the VPC cluster from targeting Outpost edge compute nodes, you can apply labels to the cloud-based compute nodes and configure the Classic Load Balancer to only schedule on nodes with the applied labels.
+
+[NOTE]
+====
+If you do not need to prevent a Classic Load Balancer in the VPC cluster from targeting Outpost edge compute nodes, you do not need to complete these steps.
+====
+
+.Prerequisites
+
+* You have extended an AWS VPC cluster into an Outpost.
+
+* You have access to the cluster using an account with `cluster-admin` permissions.
+
+* You have installed the {oc-first}.
+
+* You have created a user workload in the Outpost with tolerations that match the taints for your edge compute machines.
+
+.Procedure
+
+. Optional: Verify that the edge compute nodes have the `location=outposts` label by running the following command and verifying that the output includes only the edge compute nodes in your Outpost:
++
+[source,terminal]
+----
+$ oc get nodes -l location=outposts
+----
+
+. Label the cloud-based compute nodes in the VPC cluster with a key-value pair by running the following command:
++
+[source,terminal]
+----
+$ for NODE in $(oc get node -l node-role.kubernetes.io/worker --no-headers | grep -v outposts | awk '{print$1}'); do oc label node $NODE <key_name>=<value>; done
+----
++
+where `<key_name>=<value>` is the label you want to use to distinguish cloud-based compute nodes.
++
+.Example output
+[source,text]
+----
+node1.example.com labeled
+node2.example.com labeled
+node3.example.com labeled
+----
+
+. Optional: Verify that the cloud-based compute nodes have the specified label by running the following command and confirming that the output includes all cloud-based compute nodes in your VPC cluster:
++
+[source,terminal]
+----
+$ oc get nodes -l <key_name>=<value>
+----
++
+.Example output
+[source,terminal]
+----
+NAME                   STATUS    ROLES     AGE       VERSION
+node1.example.com      Ready     worker    7h        v1.28.5
+node2.example.com      Ready     worker    7h        v1.28.5
+node3.example.com      Ready     worker    7h        v1.28.5
+----
+
+. Configure the Classic Load Balancer service by adding the cloud-based subnet information to the `annotations` field of the `Service` manifest:
++
+.Example service configuration
+[source,yaml]
+----
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: <application_name>
+  name: <application_name>
+  namespace: <application_namespace>
+  annotations:
+    service.beta.kubernetes.io/aws-load-balancer-subnets: <aws_subnet> # <1>
+    service.beta.kubernetes.io/aws-load-balancer-target-node-labels: <key_name>=<value> # <2>
+spec:
+  ports:
+  - name: http
+    port: 80
+    protocol: TCP
+    targetPort: 8080
+  selector:
+    app: <application_name>
+  type: LoadBalancer
+----
+<1> Specify the subnet ID for the AWS VPC cluster.
+<2> Specify the key-value pair that matches the pair in the node label.
+
+. Create the `Service` CR by running the following command:
++
+[source,terminal]
+----
+$ oc create -f <file_name>.yaml
+----
+
+.Verification
+
+. Verify the status of the `service` resource to show the host of the provisioned Classic Load Balancer by running the following command:
++
+[source,terminal]
+----
+$ HOST=$(oc get service <application_name> -n <application_namespace> --template='{{(index .status.loadBalancer.ingress 0).hostname}}')
+----
+
+. Verify the status of the provisioned Classic Load Balancer host by running the following command:
++
+[source,terminal]
+----
+$ curl $HOST
+----
+
+. In the AWS console, verify that only the labeled instances appear as the targeted instances for the load balancer.