Merge pull request #58231 from xenolinux/update-cluster-wide-proxy-albo

Update configuring cluster-wide proxy section for ALBO

Author: jab-rh

modules/configuring-egress-proxy.adoc

@@ -6,7 +6,7 @@
 [id="nw-configuring-cluster-wide-proxy_{context}"]
 = Configuring the AWS Load Balancer Operator to trust the certificate authority of the cluster-wide proxy
 
-. Create the config map to contain the certificate authority (CA) bundle in the `aws-load-balancer-operator` namespace by running the following command:
+. Create the config map to contain the certificate authority (CA) bundle in the `aws-load-balancer-operator` namespace and inject a CA bundle that is trusted by {product-title} into a config map by running the following command:
 +
 [source,terminal]
 ----
@@ -24,23 +24,24 @@ $ oc -n aws-load-balancer-operator label cm trusted-ca config.openshift.io/injec
 +
 [source,terminal]
 ----
-$ oc -n aws-load-balancer-operator patch subscription aws-load-balancer-operator --type='merge' -p '{"spec":{"config":{"volumes":[{"name":"trusted-ca","configMap":{"name":"trusted-ca"}}],"volumeMounts":[{"name":"trusted-ca","mountPath":"/etc/pki/tls/certs/albo-tls-ca-bundle.crt","subPath":"ca-bundle.crt"}]}}}'
+$ oc -n aws-load-balancer-operator patch subscription aws-load-balancer-operator --type='merge' -p '{"spec":{"config":{"env":[{"name":"TRUSTED_CA_CONFIGMAP_NAME","value":"trusted-ca"}],"volumes":[{"name":"trusted-ca","configMap":{"name":"trusted-ca"}}],"volumeMounts":[{"name":"trusted-ca","mountPath":"/etc/pki/tls/certs/albo-tls-ca-bundle.crt","subPath":"ca-bundle.crt"}]}}}'
 ----
 
 . After the deployment of the AWS Load Balancer Operator is completed, verify that the CA bundle is added to the `aws-load-balancer-operator-controller-manager` deployment by running the following command:
 +
 [source,terminal]
 ----
-$ oc -n aws-load-balancer-operator exec deploy/aws-load-balancer-operator-controller-manager -c manager -- ls -l /etc/pki/tls/certs/albo-tls-ca-bundle.crt
+$ oc -n aws-load-balancer-operator exec deploy/aws-load-balancer-operator-controller-manager -c manager -- bash -c "ls -l /etc/pki/tls/certs/albo-tls-ca-bundle.crt; printenv TRUSTED_CA_CONFIGMAP_NAME"
 ----
 +
 .Example output
 [source,terminal]
 ----
 -rw-r--r--. 1 root 1000690000 5875 Jan 11 12:25 /etc/pki/tls/certs/albo-tls-ca-bundle.crt
+trusted-ca
 ----
 
-. Optional: Restart deployment of the AWS Load Balancer Operator every time the configmap changes by running the following command:
+. Optional: Restart deployment of the AWS Load Balancer Operator every time the config map changes by running the following command:
 +
 [source,terminal]
 ----

networking/aws_load_balancer_operator/configure-egress-proxy-aws-load-balancer-operator.adoc

@@ -1,10 +1,16 @@
 :_content-type: ASSEMBLY
 [id="nw-aws-load-balancer-operator-cluster-wide-proxy"]
 = Configuring cluster-wide proxy
+include::_attributes/common-attributes.adoc[]
 :context: aws-load-balancer-operator
 
 toc::[]
 
-You can configure the cluster-wide proxy in the AWS Load Balancer Operator. After configuring the cluster-wide proxy in the AWS Load Balancer Operator, Operator Lifecycle Manager (OLM) automatically updates all the deployments of the Operators with the environment variables such as `HTTP_PROXY`, `HTTPS_PROXY`, and `NO_PROXY`.
+You can configure the cluster-wide proxy in the AWS Load Balancer Operator. After configuring the cluster-wide proxy in the AWS Load Balancer Operator, Operator Lifecycle Manager (OLM) automatically updates all the deployments of the Operators with the environment variables such as `HTTP_PROXY`, `HTTPS_PROXY`, and `NO_PROXY`. These variables are populated to the managed controller by the AWS Load Balancer Operator.
 
-include::modules/configuring-egress-proxy.adoc[leveloffset=+1]
+include::modules/configuring-egress-proxy.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+== Additional resources
+
+* xref:../../networking/configuring-a-custom-pki.adoc#certificate-injection-using-operators_configuring-a-custom-pki[Certificate injection using Operators]