adding new info for HCP

adding suggestions from gdoc for HCP

fixing a warning

fixing peer review comments

Author: fmcdonal

modules/creating-a-machine-pool-ocm.adoc

@@ -51,7 +51,7 @@ endif::openshift-rosa,openshift-rosa-hcp[]
 
 . Add a *Machine pool name*.
 
-. Select a *Compute node instance type* from the drop-down menu. The instance type defines the vCPU and memory allocation for each compute node in the machine pool.
+. Select a *Compute node instance type* from the list. The instance type defines the vCPU and memory allocation for each compute node in the machine pool.
 +
 [NOTE]
 ====

modules/dedicated-aws-dc-existing.adoc

@@ -18,19 +18,20 @@
 
 . Log in to the {product-title} AWS Account Dashboard and select the correct region.
 . From the {product-title} AWS Account region, select *VPC* from the *Services* menu.
-. From *VPN Connections*, select *Virtual Private Gateways*.
-. Select *Create Virtual Private Gateway*.
-. Give the Virtual Private Gateway a suitable name.
+. From *Virtual private network (VPN)*, select *Virtual private gateways*.
+. Select *Create virtual private gateway*.
+. Give the virtual private gateway a suitable name in the *Details* field.
 . Click *Custom ASN* and enter the *Amazon side ASN* value gathered previously or use the Amazon Provided ASN.
-. Create the Virtual Private Gateway.
-. In the *Navigation* pane of the {product-title} AWS Account Dashboard, choose *Virtual private gateways* and select the virtual private gateway. Choose *View details*.
-. Choose *Direct Connect gateway associations* and click *Associate Direct Connect gateway*.
-. Under *Association account type*, for Account owner, choose *Another account*.
-. For *Direct Connect gateway owner*, enter the ID of the AWS account that owns the Direct Connect gateway.
+. Click *Create virtual private gateway*.
+. From the {product-title} AWS Account region, select *Direct Connect* from the *Services* menu.
+. Click *virtual private gateways* and select the virtual private gateway.
+. Click *View details*.
+. Click the *Direct Connect gateway associations* tab.
+. Click *Associate Direct Connect gateway*
+. Under *Association account type*, for Account owner, click *Another account*.
 . Under *Association settings*, for Direct Connect gateway ID, enter the ID of the Direct Connect gateway.
-. Under *Association settings*, for Virtual interface owner, enter the ID of the AWS account that owns the virtual interface for the association.
-. Optional: Add prefixes to Allowed prefixes, separating them using commas.
-. Choose *Associate Direct Connect gateway*.
-. After the Association Proposal has been sent, it will be waiting for your
-acceptance. The final steps you must perform are available in the
+. For *Direct Connect gateway owner*, enter the ID of the AWS account that owns the Direct Connect gateway.
+. Optional: Add prefixes to *Allowed prefixes*, separating them using commas or put them on separate lines.
+. Click *Associate Direct Connect gateway*.
+. After the Association Proposal has been sent, it will be waiting for your acceptance. The final steps you must perform are available in the
 link:https://docs.aws.amazon.com/directconnect/latest/UserGuide/multi-account-associate-vgw.html[AWS Documentation].

modules/dedicated-aws-dc-hvif.adoc

@@ -31,25 +31,21 @@ Connect Gateway is created.
 [id="dedicated-aws-dc-hvif-private"]
 == Creating a Private Direct Connect
 
-A Private Direct Connect is created if the Direct Connect Virtual Interface type
-is Private.
+A Private Direct Connect is created if the Direct Connect Virtual Interface type is Private.
 
 .Procedure
 
 . Log in to the {product-title} AWS Account Dashboard and select the correct region.
 . From the AWS region, select *VPC* from the *Services* menu.
-. Select *Virtual Private Gateways* from *VPN Connections*.
-. Click *Create Virtual Private Gateway*.
+. From *Virtual private network (VPN)*, select *Virtual private gateways*.
+. Click *Create virtual private gateway*.
 . Give the Virtual Private Gateway a suitable name.
-. Select *Custom ASN* and enter the *Amazon side ASN* value gathered previously.
-. Create the Virtual Private Gateway.
+. Select *Custom ASN* in the *Enter custom ASN* field enter the *Amazon side ASN* value gathered previously.
+. Click *Create virtual private gateway*.
 . Click the newly created Virtual Private Gateway and choose *Attach to VPC* from the *Actions* tab.
-. Select the *{product-title} Cluster VPC* from the list, and attach the Virtual Private Gateway to the VPC.
-. From the *Services* menu, click *Direct Connect*. Choose one of the Direct Connect Virtual Interfaces from the list.
-. Acknowledge the *I understand that Direct Connect port charges apply once I click Accept Connection* message, then choose *Accept Connection*.
-. Choose to *Accept* the Virtual Private Gateway Connection and select the Virtual Private Gateway that was created in the previous steps.
-. Select *Accept* to accept the connection.
-. Repeat the previous steps if there is more than one Virtual Interface.
+. Select the *{product-title} Cluster VPC* from the list, and click *Attach VPC*.
+
+Note: Editing the kubelet config will cause the nodes for your machine pool to be recreated. This ma???
 
 [id="dedicated-aws-dc-hvif-public"]
 == Creating a Public Direct Connect
@@ -61,16 +57,10 @@ is Public.
 
 . Log in to the {product-title} AWS Account Dashboard and select the correct region.
 . From the {product-title} AWS Account region, select *Direct Connect* from the *Services* menu.
-. Select *Direct Connect Gateways* and *Create Direct Connect Gateway*.
-. Give the Direct Connect Gateway a suitable name.
+. Select *Direct Connect gateways* and *Create Direct Connect gateway*.
+. Give the Direct Connect gateway a suitable name.
 . In the *Amazon side ASN*, enter the Amazon side ASN value gathered previously.
-. Create the Direct Connect Gateway.
-. Select *Direct Connect* from the *Services* menu.
-. Select one of the Direct Connect Virtual Interfaces from the list.
-. Acknowledge the *I understand that Direct Connect port charges apply once I click Accept Connection* message, then choose *Accept Connection*.
-. Choose to *Accept* the Direct Connect Gateway Connection and select the Direct Connect Gateway that was created in the previous steps.
-. Click *Accept* to accept the connection.
-. Repeat the previous steps if there is more than one Virtual Interface.
+. Click *Create the Direct Connect gateway*.
 
 [id="dedicated-aws-dc-hvif-verifying"]
 == Verifying the Virtual Interfaces

modules/dedicated-aws-vpc-configuring-routing-tables.adoc

@@ -16,7 +16,7 @@ to communicate across the peering connection.
 .Procedure
 
 . Log in to the AWS Web Console for the {product-title} AWS Account.
-. Navigate to the *VPC Service*, then *Route Tables*.
+. Navigate to the *VPC Service*, then *Route tables*.
 . Select the Route Table for the {product-title} Cluster VPC.
 +
 [NOTE]
@@ -36,7 +36,7 @@ Select the private one that has a number of explicitly associated subnets.
 .. Select the *Routes* tab, then *Edit*.
 .. Enter the {product-title} Cluster VPC CIDR block in the *Destination* text box.
 .. Enter the Peering Connection ID in the *Target* text box.
-.. Click *Save*.
+.. Click *Save changes*.
 
 The VPC peering connection is now complete. Follow the verification procedure to
 ensure connectivity across the peering connection is working.

modules/dedicated-aws-vpc-initiating-peering.adoc

@@ -33,12 +33,11 @@ button.
 . Verify the details of the account you are logged in to and the details of the
 account and VPC you are connecting to:
 .. *Peering connection name tag*: Set a descriptive name for the VPC Peering Connection.
-.. *VPC (Requester)*: Select the {product-title} Cluster VPC ID from the dropdown
-*list.
+.. *VPC (Requester)*: Select the {product-title} Cluster VPC ID from the list.
 .. *Account*: Select *Another account* and provide the Customer AWS Account number
 *(without dashes).
 .. *Region*: If the Customer VPC Region differs from the current region, select
-*Another Region* and select the customer VPC Region from the dropdown list.
+*Another Region* and select the customer VPC Region from the list.
 .. *VPC (Accepter)*: Set the Customer VPC ID.
 . Click *Create Peering Connection*.
 . Confirm that the request enters a *Pending* state. If it enters a *Failed*

modules/dedicated-aws-vpn-creating.adoc

@@ -6,8 +6,7 @@
 [id="dedicated-aws-vpn-creating"]
 = Creating a VPN connection
 
-You can configure an Amazon Web Services (AWS) {product-title} cluster to use a
-customer's on-site hardware VPN device using the following procedures.
+You can configure an Amazon Web Services (AWS) {product-title} cluster to use a customer's on-site hardware VPN device using the following procedures.
 
 .Prerequisites
 
@@ -18,44 +17,45 @@ to confirm whether your gateway device is supported by AWS.
 * Public, static IP address for the VPN gateway device.
 * BGP or static routing: if BGP, the ASN is required. If static routing, you must
 configure at least one static route.
-* Optional: IP and Port/Protocol of a reachable service to test the VPN connection.
+* *Optional*: IP and Port/Protocol of a reachable service to test the VPN connection.
 
 [id="dedicated-aws-vpn-creating-configuring"]
 == Configuring the VPN connection
 
 .Procedure
 
 . Log in to the {product-title} AWS Account Dashboard, and navigate to the VPC Dashboard.
-. Click on *Your VPCs* and identify the name and VPC ID for the VPC containing the {product-title} cluster.
-. From the VPC Dashboard, click *Customer Gateway*.
-. Click *Create Customer Gateway* and give it a meaningful name.
-. Select the routing method: *Dynamic* or *Static*.
-. If Dynamic, enter the BGP ASN in the field that appears.
-. Paste in the VPN gateway endpoint IP address.
-. Click *Create*.
+. Under *Virtual private cloud* click on *Your VPCs* and identify the name and VPC ID for the VPC containing the {product-title} cluster.
+. Under *Virtual private network (VPN)* click *Customer gateways*.
+. Click *Create customer gateway* and give it a meaningful name.
+. Enter the ASN of your customer gateway device in the *BGP ASN* field.
+. Enter the IP address for your customer gateway devices’s external interface in the *IP address* field.
+. Click *Create customer gateway*.
 . If you do not already have a Virtual Private Gateway attached to the intended VPC:
-.. From the VPC Dashboard, click on *Virtual Private Gateway*.
-.. Click *Create Virtual Private Gateway*, give it a meaningful name, and click *Create*.
-.. Leave the default Amazon default ASN.
-.. Select the newly created gateway, click *Attach to VPC*, and attach it to the cluster VPC you identified earlier.
+.. From the VPC Dashboard, click on *Virtual Private Gateways*.
+.. Click *Create virtual private gateway*, give it a meaningful name.
+.. Click *Create virtual private gateway*, leaving the *Amazon default ASN*.
+.. Select the newly created gateway.
+.. Select *Actions* from the list and click *Attach to VPC*.
+.. Select the newly created gateway under Available VPC's and click *Attach to VPC* to attach it to the cluster VPC you identified earlier.
 
 [id="dedicated-aws-vpn-creating-establishing"]
 == Establishing the VPN Connection
 
 .Procedure
 
-. From the VPC dashboard, click on *Site-to-Site VPN Connections*.
-. Click *Create VPN Connection*.
+. From the VPC dashboard, under Virtual private network (VPN) click on *Site-to-Site VPN connections*.
+. Click *Create VPN connection*.
 .. Give it a meaningful name tag.
-.. Select the virtual private gateway created previously.
-.. For Customer Gateway, select *Existing*.
-.. Select the customer gateway device by name.
-.. If the VPN will use BGP, select *Dynamic*, otherwise select *Static*. Enter
+.. Select the Virtual private gateway created previously.
+.. For Customer gateway, select *Existing*.
+.. Select the Customer gateway id by name.
+.. If the VPN will use BGP, select *Dynamic*, otherwise select *Static* and enter the
 Static IP CIDRs. If there are multiple CIDRs, add each CIDR as *Another Rule*.
-.. Click *Create*.
-.. Wait for VPN status to change to *Available*, approximately 5 to 10 minutes.
-. Select the VPN you just created and click *Download Configuration*.
-.. From the dropdown list, select the vendor, platform, and version of the customer
+.. Click *Create VPN connection*.
+.. Under *State* wait for the VPN status to change from *Pending* to *Available*, approximately 5 to 10 minutes.
+. Select the VPN you just created and click *Download configuration*.
+.. From the list, select the vendor, platform, and version of the customer
 gateway device, then click *Download*.
 .. The *Generic* vendor configuration is also available for retrieving information
 in a plain text format.
@@ -80,7 +80,7 @@ is enabled so that the necessary routes are added to the VPC's route table.
 
 .Procedure
 
-. From the VPC Dashboard, click on *Route Tables*.
+. From the VPC Dashboard, under Virtual private cloud, click on *Route tables*.
 . Select the private Route table associated with the VPC that contains your
 {product-title} cluster.
 +
@@ -90,10 +90,9 @@ On some clusters, there may be more than one route table for a particular VPC.
 Select the private one that has a number of explicitly associated subnets.
 ====
 . Click on the *Route Propagation* tab.
-. In the table that appears, you should see the virtual private gateway you
-created previously. Check the value in the *Propagate column*.
-.. If Propagate is set to *No*, click *Edit route propagation*, check the Propagate
-checkbox next to the virtual private gateway's name and click *Save*.
+. In the table that appears, you should see the Virtual Private Gateway you
+created previously. Check the value in the *Propagate* column.
+.. If *Propagation* is set to *No*, click *Edit route propagation*, check the *Enable* checkbox in Propagation and click *Save*.
 
 After you configure your VPN tunnel and AWS detects it as *Up*, your static or
 BGP routes are automatically added to the route table.

modules/dedicated-aws-vpn-verifying.adoc

@@ -16,13 +16,13 @@ working.
 
 .Procedure
 
-. *Verify the tunnel is up in AWS.*
+. *Verify the tunnel is up in AWS*.
 
-.. From the VPC Dashboard, click on *VPN Connections*.
-.. Select the VPN connection you created previously and click the *Tunnel Details* tab.
-.. You should be able to see that at least one of the VPN tunnels is *Up*.
+.. From the VPC Dashboard, under *Virtual private network (VPN)*, click on *Site-to-Site VPN connections*.
+.. Select the VPN connection you created previously and click the *Tunnel details* tab.
+.. You should see that at least one of the VPN tunnels is in an *Up* status.
 
-. *Verify the connection.*
+. *Verify the connection*.
 +
 To test network connectivity to an endpoint device, `nc` (or `netcat`) is a
 helpful troubleshooting tool. It is included in the default image and provides

modules/machine-pools-hcp.adoc

@@ -10,9 +10,9 @@ In {hcp-title} clusters, the hosted control plane spans three availability zones
 
 Each machine pool in an {hcp-title} cluster upgrades independently. Because the machine pools upgrade independently, they must remain within 2 minor (Y-stream) versions of the hosted control plane. For example, if your hosted control plane is 4.16.z, your machine pools must be at least 4.14.z.
 
-The following image depicts how machine pools work within ROSA and {hcp-title} clusters:
+The following image depicts how machine pools work within ROSA and {product-title} clusters:
 
-image::hcp-rosa-machine-pools.png[Machine pools on ROSA classic and {hcp-title} clusters]
+image::hcp-rosa-machine-pools.png[Machine pools on ROSA classic and {product-title} clusters]
 
 [NOTE]
 ====

modules/nodes-cluster-resource-configure-oom.adoc

@@ -24,7 +24,7 @@ follows:
 +
 [source,terminal]
 ----
-# oc rsh test
+# oc rsh <pod name>
 ----
 
 . Run the following command to see the current OOM kill count in `/sys/fs/cgroup/memory/memory.oom_control`:
@@ -53,21 +53,6 @@ $ sed -e '' </dev/zero
 Killed
 ----
 
-. Run the following command to view the exit status of the `sed` command:
-+
-[source,terminal]
-----
-$ echo $?
-----
-+
-.Example output
-[source,terminal]
-----
-137
-----
-+
-The `137` code indicates the container process exited with code 137, indicating it received a SIGKILL signal.
-
 . Run the following command to see that the OOM kill counter in `/sys/fs/cgroup/memory/memory.oom_control` incremented:
 +
 [source,terminal]
@@ -86,7 +71,7 @@ exits, whether immediately or not, it will have phase *Failed* and reason
 *OOMKilled*. An OOM-killed pod might be restarted depending on the value of
 `restartPolicy`. If not restarted, controllers such as the replication controller will notice the pod's failed status and create a new pod to replace the old one.
 +
-Use the follwing command to get the pod status:
+Use the following command to get the pod status:
 +
 [source,terminal]
 ----

modules/nodes-cluster-resource-configure-request-limit.adoc

@@ -6,8 +6,7 @@
 [id="nodes-cluster-resource-configure-request-limit_{context}"]
 = Finding the memory request and limit from within a pod
 
-An application wishing to dynamically discover its memory request and limit from
-within a pod should use the Downward API.
+An application wishing to dynamically discover its memory request and limit from within a pod should use the Downward API.
 
 .Procedure
 
@@ -23,7 +22,7 @@ metadata:
   name: test
 spec:
   securityContext:
-    runAsNonRoot: true
+    runAsNonRoot: false
     seccompProfile:
       type: RuntimeDefault
   containers: