Skip to content

Commit ba46908

Browse files
authored
Merge pull request #70387 from xenolinux/ALBO-improv
OSDOCS#9377: AWS Load Balancer Operator: Content Improvement
2 parents 6cc71f8 + eab33d4 commit ba46908

19 files changed

+132
-124
lines changed

_topic_maps/_topic_map.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1356,11 +1356,11 @@ Topics:
13561356
File: understanding-aws-load-balancer-operator
13571357
- Name: Installing the AWS Load Balancer Operator
13581358
File: install-aws-load-balancer-operator
1359-
- Name: Installing the AWS Load Balancer Operator on a Security Token Service cluster
1359+
- Name: Installing the AWS Load Balancer Operator on a cluster using the AWS Security Token Service (STS)
13601360
File: installing-albo-sts-cluster
13611361
- Name: Creating an instance of the AWS Load Balancer Controller
13621362
File: create-instance-aws-load-balancer-controller
1363-
- Name: Serving Multiple Ingresses through a single AWS Load Balancer
1363+
- Name: Serving multiple ingress resources through a single AWS Load Balancer
13641364
File: multiple-ingress-through-single-alb
13651365
- Name: Adding TLS termination on the AWS Load Balancer
13661366
File: add-tls-termination

modules/adding-tls-termination.adoc

Lines changed: 8 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -14,8 +14,9 @@ You can route the traffic for the domain to pods of a service and add TLS termin
1414
1515
.Procedure
1616

17-
. Install the Operator and create an instance of the `aws-load-balancer-controller` resource:
17+
. Create a YAML file that defines the `AWSLoadBalancerController` resource:
1818
+
19+
.Example `add-tls-termination-albc.yaml` file
1920
[source,yaml]
2021
----
2122
apiVersion: networking.olm.openshift.io/v1
@@ -26,10 +27,11 @@ spec:
2627
subnetTagging: Auto
2728
ingressClass: tls-termination <1>
2829
----
29-
<1> Defines the name of an `ingressClass` resource reconciled by the AWS Load Balancer Controller. This `ingressClass` resource gets created if it is not present. You can add additional `ingressClass` values. The controller reconciles the `ingressClass` values if the `spec.controller` is set to `ingress.k8s.aws/alb`.
30+
<1> Defines the ingress class name. If the ingress class is not present in your cluster the AWS Load Balancer Controller creates one. The AWS Load Balancer Controller reconciles the additional ingress class values if `spec.controller` is set to `ingress.k8s.aws/alb`.
3031

31-
. Create an `Ingress` resource:
32+
. Create a YAML file that defines the `Ingress` resource:
3233
+
34+
.Example `add-tls-termination-ingress.yaml` file
3335
[source,yaml]
3436
----
3537
apiVersion: networking.k8s.io/v1
@@ -53,9 +55,9 @@ spec:
5355
port:
5456
number: 80
5557
----
56-
<1> Specifies the name of an ingress.
57-
<2> The controller provisions the load balancer for this `Ingress` resource in a public subnet so that the load balancer is reachable over the internet.
58-
<3> The Amazon Resource Name of the certificate that you attach to the load balancer.
58+
<1> Specifies the ingress name.
59+
<2> The controller provisions the load balancer for ingress in a public subnet to access the load balancer over the internet.
60+
<3> The Amazon Resource Name (ARN) of the certificate that you attach to the load balancer.
5961
<4> Defines the ingress class name.
6062
<5> Defines the domain for traffic routing.
6163
<6> Defines the service for traffic routing.

modules/configuring-egress-proxy.adoc

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -4,9 +4,9 @@
44

55
:_mod-docs-content-type: PROCEDURE
66
[id="nw-configuring-cluster-wide-proxy_{context}"]
7-
= Configuring the AWS Load Balancer Operator to trust the certificate authority of the cluster-wide proxy
7+
= Trusting the certificate authority of the cluster-wide proxy
88

9-
. Create the config map to contain the certificate authority (CA) bundle in the `aws-load-balancer-operator` namespace and inject a CA bundle that is trusted by {product-title} into a config map by running the following command:
9+
. Create the config map to contain the certificate authority (CA) bundle in the `aws-load-balancer-operator` namespace by running the following command:
1010
+
1111
[source,terminal]
1212
----
@@ -20,14 +20,14 @@ $ oc -n aws-load-balancer-operator create configmap trusted-ca
2020
$ oc -n aws-load-balancer-operator label cm trusted-ca config.openshift.io/inject-trusted-cabundle=true
2121
----
2222

23-
. Update the subscription of the AWS Load Balancer Operator to access the config map in the deployment of the AWS Load Balancer Operator by running the following command:
23+
. Update the AWS Load Balancer Operator subscription to access the config map in the AWS Load Balancer Operator deployment by running the following command:
2424
+
2525
[source,terminal]
2626
----
2727
$ oc -n aws-load-balancer-operator patch subscription aws-load-balancer-operator --type='merge' -p '{"spec":{"config":{"env":[{"name":"TRUSTED_CA_CONFIGMAP_NAME","value":"trusted-ca"}],"volumes":[{"name":"trusted-ca","configMap":{"name":"trusted-ca"}}],"volumeMounts":[{"name":"trusted-ca","mountPath":"/etc/pki/tls/certs/albo-tls-ca-bundle.crt","subPath":"ca-bundle.crt"}]}}}'
2828
----
2929

30-
. After the deployment of the AWS Load Balancer Operator is completed, verify that the CA bundle is added to the `aws-load-balancer-operator-controller-manager` deployment by running the following command:
30+
. After the AWS Load Balancer Operator is deployed, verify that the CA bundle is added to the `aws-load-balancer-operator-controller-manager` deployment by running the following command:
3131
+
3232
[source,terminal]
3333
----
@@ -46,4 +46,4 @@ trusted-ca
4646
[source,terminal]
4747
----
4848
$ oc -n aws-load-balancer-operator rollout restart deployment/aws-load-balancer-operator-controller-manager
49-
----
49+
----

modules/creating-instance-aws-load-balancer-controller.adoc

Lines changed: 28 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -4,9 +4,9 @@
44

55
:_mod-docs-content-type: PROCEDURE
66
[id="nw-creating-instance-aws-load-balancer-controller_{context}"]
7-
= Creating an instance of the AWS Load Balancer Controller using AWS Load Balancer Operator
7+
= Creating the AWS Load Balancer Controller
88

9-
You can install only a single instance of the `aws-load-balancer-controller` in a cluster. You can create the AWS Load Balancer Controller by using CLI. The AWS Load Balancer(ALB) Operator reconciles only the resource with the name `cluster`.
9+
You can install only a single instance of the `AWSLoadBalancerController` object in a cluster. You can create the AWS Load Balancer Controller by using CLI. The AWS Load Balancer Operator reconciles only the `cluster` named resource.
1010

1111
.Prerequisites
1212

@@ -15,8 +15,9 @@ You can install only a single instance of the `aws-load-balancer-controller` in
1515
1616
.Procedure
1717

18-
. Create an `aws-load-balancer-controller` resource YAML file, for example, `sample-aws-lb.yaml`, as follows:
18+
. Create a YAML file that defines the `AWSLoadBalancerController` object:
1919
+
20+
.Example `sample-aws-lb.yaml` file
2021
[source,yaml]
2122
----
2223
apiVersion: networking.olm.openshift.io/v1
@@ -34,24 +35,27 @@ spec:
3435
enabledAddons: <7>
3536
- AWSWAFv2 <8>
3637
----
37-
<1> Defines the `aws-load-balancer-controller` resource.
38-
<2> Defines the AWS Load Balancer Controller instance name. This instance name gets added as a suffix to all related resources.
39-
<3> Valid options are `Auto` and `Manual`. When the value is set to `Auto`, the Operator attempts to determine the subnets that belong to the cluster and tags them appropriately. The Operator cannot determine the role correctly if the internal subnet tags are not present on internal subnet. If you installed your cluster on user-provided infrastructure, you can manually tag the subnets with the appropriate role tags and set the subnet tagging policy to `Manual`.
40-
<4> Defines the tags used by the controller when it provisions AWS resources.
41-
<5> The default value for this field is `alb`. The Operator provisions an `IngressClass` resource with the same name if it does not exist.
42-
<6> Specifies the number of replicas of the controller.
43-
<7> Specifies add-ons for AWS load balancers, which get specified through annotations.
38+
<1> Defines the `AWSLoadBalancerController` object.
39+
<2> Defines the AWS Load Balancer Controller name. This instance name gets added as a suffix to all related resources.
40+
<3> Configures the subnet tagging method for the AWS Load Balancer Controller. The following values are valid:
41+
* `Auto`: The AWS Load Balancer Operator determines the subnets that belong to the cluster and tags them appropriately. The Operator cannot determine the role correctly if the internal subnet tags are not present on internal subnet.
42+
* `Manual`: You manually tag the subnets that belong to the cluster with the appropriate role tags. Use this option if you installed your cluster on user-provided infrastructure.
43+
<4> Defines the tags used by the AWS Load Balancer Controller when it provisions AWS resources.
44+
<5> Defines the ingress class name. The default value is `alb`.
45+
<6> Specifies the number of replicas of the AWS Load Balancer Controller.
46+
<7> Specifies annotations as an add-on for the AWS Load Balancer Controller.
4447
<8> Enables the `alb.ingress.kubernetes.io/wafv2-acl-arn` annotation.
4548

46-
. Create a `aws-load-balancer-controller` resource by running the following command:
49+
. Create the `AWSLoadBalancerController` object by running the following command:
4750
+
4851
[source,terminal]
4952
----
5053
$ oc create -f sample-aws-lb.yaml
5154
----
5255

53-
. After the AWS Load Balancer Controller is running, create a `deployment` resource:
56+
. Create a YAML file that defines the `Deployment` resource:
5457
+
58+
.Example `sample-aws-lb.yaml` file
5559
[source,yaml]
5660
----
5761
apiVersion: apps/v1
@@ -85,8 +89,9 @@ spec:
8589
<2> Specifies the deployment name.
8690
<3> Specifies the number of replicas of the deployment.
8791

88-
. Create a `service` resource:
92+
. Create a YAML file that defines the `Service` resource:
8993
+
94+
.Example `service-albo.yaml` file:
9095
[source,yaml]
9196
----
9297
apiVersion: v1
@@ -104,16 +109,17 @@ spec:
104109
app: echoserver
105110
----
106111
<1> Defines the service resource.
107-
<2> Specifies the name of the service.
112+
<2> Specifies the service name.
108113

109-
. Deploy an ALB-backed `Ingress` resource:
114+
. Create a YAML file that defines the `Ingress` resource:
110115
+
116+
.Example `ingress-albo.yaml` file:
111117
[source,yaml]
112118
----
113119
apiVersion: networking.k8s.io/v1
114-
kind: Ingress <1>
120+
kind: Ingress
115121
metadata:
116-
name: <echoserver> <2>
122+
name: <name> <1>
117123
namespace: echoserver
118124
annotations:
119125
alb.ingress.kubernetes.io/scheme: internet-facing
@@ -127,24 +133,23 @@ spec:
127133
pathType: Exact
128134
backend:
129135
service:
130-
name: <echoserver> <3>
136+
name: <echoserver> <2>
131137
port:
132138
number: 80
133139
----
134-
<1> Defines the ingress resource.
135-
<2> Specifies the name of the ingress resource.
136-
<3> Specifies the name of the service resource.
140+
<1> Specify a name for the `Ingress` resource.
141+
<2> Specifies the service name.
137142

138143
.Verification
139144

140-
* Verify the status of the `Ingress` resource to show the host of the provisioned AWS Load Balancer (ALB) by running the following command:
145+
* Save the status of the `Ingress` resource in the `HOST` variable by running the following command:
141146
+
142147
[source,terminal]
143148
----
144149
$ HOST=$(oc get ingress -n echoserver echoserver --template='{{(index .status.loadBalancer.ingress 0).hostname}}')
145150
----
146151
147-
* Verify the status of the provisioned AWS Load Balancer (ALB) host by running the following command:
152+
* Verify the status of the `Ingress` resource by running the following command:
148153
+
149154
[source,terminal]
150155
----

modules/creating-multiple-ingress-through-single-alb.adoc

Lines changed: 21 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -4,9 +4,9 @@
44

55
:_mod-docs-content-type: PROCEDURE
66
[id="nw-creating-multiple-ingress-through-single-alb_{context}"]
7-
= Creating multiple ingresses through a single AWS Load Balancer
7+
= Creating multiple ingress resources through a single AWS Load Balancer
88

9-
You can route the traffic to multiple Ingresses through a single AWS Load Balancer (ALB) by using the CLI.
9+
You can route the traffic to multiple ingress resources through a single AWS Load Balancer by using the CLI.
1010

1111
.Prerequisites
1212

@@ -27,17 +27,17 @@ spec:
2727
name: single-lb <3>
2828
----
2929
<1> Defines the API group and version of the `IngressClassParams` resource.
30-
<2> Specifies the name of the `IngressClassParams` resource.
31-
<3> Specifies the name of the `IngressGroup`. All Ingresses of this class belong to this `IngressGroup`.
30+
<2> Specifies the `IngressClassParams` resource name.
31+
<3> Specifies the `IngressGroup` resource name. All of the `Ingress` resources of this class belong to this `IngressGroup`.
3232

33-
. Create an `IngressClassParams` resource by running the following command:
33+
. Create the `IngressClassParams` resource by running the following command:
3434
+
3535
[source,terminal]
3636
----
3737
$ oc create -f sample-single-lb-params.yaml
3838
----
3939

40-
. Create an `IngressClass` resource YAML file, for example, `sample-single-lb-class.yaml`, as follows:
40+
. Create the `IngressClass` resource YAML file, for example, `sample-single-lb-class.yaml`, as follows:
4141
+
4242
[source,yaml]
4343
----
@@ -53,20 +53,20 @@ spec:
5353
name: single-lb-params <6>
5454
----
5555
<1> Defines the API group and version of the `IngressClass` resource.
56-
<2> Specifies the name of the `IngressClass`.
57-
<3> Defines the controller name. `ingress.k8s.aws/alb` denotes that all Ingresses of this class should be managed by the `aws-load-balancer-controller`.
56+
<2> Specifies the ingress class name.
57+
<3> Defines the controller name. The `ingress.k8s.aws/alb` value denotes that all ingress resources of this class should be managed by the AWS Load Balancer Controller.
5858
<4> Defines the API group of the `IngressClassParams` resource.
5959
<5> Defines the resource type of the `IngressClassParams` resource.
60-
<6> Defines the name of the `IngressClassParams` resource.
60+
<6> Defines the `IngressClassParams` resource name.
6161

62-
. Create an `IngressClass` resource by running the following command:
62+
. Create the `IngressClass` resource by running the following command:
6363
+
6464
[source,terminal]
6565
----
6666
$ oc create -f sample-single-lb-class.yaml
6767
----
6868

69-
. Create an `AWSLoadBalancerController` resource YAML file, for example, `sample-single-lb.yaml`, as follows:
69+
. Create the `AWSLoadBalancerController` resource YAML file, for example, `sample-single-lb.yaml`, as follows:
7070
+
7171
[source,yaml]
7272
----
@@ -80,14 +80,14 @@ spec:
8080
----
8181
<1> Defines the name of the `IngressClass` resource.
8282

83-
. Create an `AWSLoadBalancerController` resource by running the following command:
83+
. Create the `AWSLoadBalancerController` resource by running the following command:
8484
+
8585
[source,terminal]
8686
----
8787
$ oc create -f sample-single-lb.yaml
8888
----
8989

90-
. Create an `Ingress` resource YAML file, for example, `sample-multiple-ingress.yaml`, as follows:
90+
. Create the `Ingress` resource YAML file, for example, `sample-multiple-ingress.yaml`, as follows:
9191
+
9292
[source,yaml]
9393
----
@@ -157,17 +157,17 @@ spec:
157157
port:
158158
number: 80
159159
----
160-
<1> Specifies the name of an ingress.
161-
<2> Indicates the load balancer to provision in the public subnet and makes it accessible over the internet.
162-
<3> Specifies the order in which the rules from the Ingresses are matched when the request is received at the load balancer.
163-
<4> Indicates the load balancer will target OpenShift nodes to reach the service.
164-
<5> Specifies the Ingress Class that belongs to this ingress.
165-
<6> Defines the name of a domain used for request routing.
160+
<1> Specifies the ingress name.
161+
<2> Indicates the load balancer to provision in the public subnet to access the internet.
162+
<3> Specifies the order in which the rules from the multiple ingress resources are matched when the request is received at the load balancer.
163+
<4> Indicates that the load balancer will target {product-title} nodes to reach the service.
164+
<5> Specifies the ingress class that belongs to this ingress.
165+
<6> Defines a domain name used for request routing.
166166
<7> Defines the path that must route to the service.
167-
<8> Defines the name of the service that serves the endpoint configured in the ingress.
167+
<8> Defines the service name that serves the endpoint configured in the `Ingress` resource.
168168
<9> Defines the port on the service that serves the endpoint.
169169

170-
. Create the `Ingress` resources by running the following command:
170+
. Create the `Ingress` resource by running the following command:
171171
+
172172
[source,terminal]
173173
----

modules/nw-aws-load-balancer-logs.adoc

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -5,11 +5,11 @@
55
[id="nw-aws-load-balancer-operator-logs_{context}"]
66
= AWS Load Balancer Operator logs
77

8-
Use the `oc logs` command to view the AWS Load Balancer Operator logs.
8+
You can view the AWS Load Balancer Operator logs by using the `oc logs` command.
99

1010
.Procedure
1111

12-
* View the logs of the AWS Load Balancer Operator:
12+
* View the logs of the AWS Load Balancer Operator by running the following command:
1313
+
1414
[source,terminal]
1515
----

modules/nw-aws-load-balancer-operator-considerations.adoc

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -5,8 +5,8 @@
55
[id="nw-aws-load-balancer-operator-considerations_{context}"]
66
= AWS Load Balancer Operator considerations
77

8-
Review the following limitations before installing and using the AWS Load Balancer Operator.
8+
Review the following limitations before installing and using the AWS Load Balancer Operator:
99

1010
* The IP traffic mode only works on AWS Elastic Kubernetes Service (EKS). The AWS Load Balancer Operator disables the IP traffic mode for the AWS Load Balancer Controller. As a result of disabling the IP traffic mode, the AWS Load Balancer Controller cannot use the pod readiness gate.
1111
12-
* The AWS Load Balancer Operator adds command-line flags such as `--disable-ingress-class-annotation` and `--disable-ingress-group-name-annotation` to the AWS Load Balancer Controller. Therefore, the AWS Load Balancer Operator does not allow using the `kubernetes.io/ingress.class` and `alb.ingress.kubernetes.io/group.name` annotations in the `Ingress` resource.
12+
* The AWS Load Balancer Operator adds command-line flags such as `--disable-ingress-class-annotation` and `--disable-ingress-group-name-annotation` to the AWS Load Balancer Controller. Therefore, the AWS Load Balancer Operator does not allow using the `kubernetes.io/ingress.class` and `alb.ingress.kubernetes.io/group.name` annotations in the `Ingress` resource.

modules/nw-aws-load-balancer-operator.adoc

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@
55
[id="nw-aws-load-balancer-operator_{context}"]
66
= AWS Load Balancer Operator
77

8-
The AWS Load Balancer Operator can tag the public subnets if the `kubernetes.io/role/elb` tag is missing. Also, the AWS Load Balancer Operator detects the following from the underlying AWS cloud:
8+
The AWS Load Balancer Operator can tag the public subnets if the `kubernetes.io/role/elb` tag is missing. Also, the AWS Load Balancer Operator detects the following information from the underlying AWS cloud:
99

1010
* The ID of the virtual private cloud (VPC) on which the cluster hosting the Operator is deployed in.
1111
@@ -15,7 +15,7 @@ The AWS Load Balancer Operator supports the Kubernetes service resource of type
1515

1616
.Procedure
1717

18-
. You can deploy the AWS Load Balancer Operator on demand from the OperatorHub, by creating a `Subscription` object:
18+
. You can deploy the AWS Load Balancer Operator on demand from OperatorHub, by creating a `Subscription` object by running the following command:
1919
+
2020
[source,terminal]
2121
----
@@ -28,7 +28,7 @@ $ oc -n aws-load-balancer-operator get sub aws-load-balancer-operator --template
2828
install-zlfbt
2929
----
3030

31-
. Check the status of an install plan. The status of an install plan must be `Complete`:
31+
. Check if the status of an install plan is `Complete` by running the following command:
3232
+
3333
[source,terminal]
3434
----
@@ -41,7 +41,7 @@ $ oc -n aws-load-balancer-operator get ip <install_plan_name> --template='{{.sta
4141
Complete
4242
----
4343

44-
. Use the `oc get` command to view the `Deployment` status:
44+
. View the status of the `aws-load-balancer-operator-controller-manager` deployment by running the following command:
4545
+
4646
[source,terminal]
4747
----

0 commit comments

Comments
 (0)