Merge pull request #65487 from michaelryanmcneill/fix/OSDOCS-7728

bmcelvee · web-flow · commit c4516112566d · 2023-09-29T10:44:43.000-04:00
OSDOCS-7728: Addressing a few small items identified during secondary review
diff --git a/cloud_experts_tutorials/cloud-experts-aws-load-balancer-operator.adoc b/cloud_experts_tutorials/cloud-experts-aws-load-balancer-operator.adoc
@@ -20,39 +20,37 @@ toc::[]
 
 include::snippets/mobb-support-statement.adoc[leveloffset=+1]
 
-
 [TIP]
 ====
-Load Balancers created by the AWS Load Balancer (ALB) Operator cannot be used for xref:../networking/routes/route-configuration.adoc#route-configuration[{product-title} Routes], and should only be used for individual services or Ingress that does not need the full layer 7 capabilties of a ROSA route.
+Load Balancers created by the AWS Load Balancer Operator cannot be used for xref:../networking/routes/route-configuration.adoc#route-configuration[OpenShift Routes], and should only be used for individual services or ingress resources that do not need the full layer 7 capabilities of an OpenShift Route.
 ====
 
-link:https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.4/[AWS Load Balancer (ALB)Controller] is a Kubernetes controller that manages Elastic Load Balancing v2 (ELBv2) for a Kubernetes cluster.
-
-* It satisfies Kubernetes link:https://kubernetes.io/docs/concepts/services-networking/ingress/[Ingress and service resources] by provisioning link:https://docs.aws.amazon.com/elasticloadbalancing/latest/application/introduction.html[Application Load Balancers (ALB)] and
-https://docs.aws.amazon.com/elasticloadbalancing/latest/network/introduction.html[Network Load Balancers (NLB)].
+The link:https://kubernetes-sigs.github.io/aws-load-balancer-controller/[AWS Load Balancer Controller] manages AWS Elastic Load Balancers for a {product-title} (ROSA) cluster. The controller provisions link:https://docs.aws.amazon.com/elasticloadbalancing/latest/application/introduction.html[AWS Application Load Balancers (ALB)] when you create Kubernetes Ingress resources and link:https://docs.aws.amazon.com/elasticloadbalancing/latest/network/introduction.html[AWS Network Load Balancers (NLB)] when implementing Kubernetes Service resources with a type of LoadBalancer.
 
-Compared with default AWS In Tree Provider, this controller is actively developed with advanced annotations for both ALB and NLB. Some advanced use cases are:
+Compared with the default AWS in-tree load balancer provider, this controller is developed with advanced annotations for both ALBs and NLBs. Some advanced use cases are:
 
-* Using native Kubernetes Ingress with ALB
-* Integrate ALB with web application firewall (WAF)
-* Specify NLB source IP ranges
-* Specify NLB internal IP address
+* Using native Kubernetes Ingress objects with ALBs
+* Integrate ALBs with the AWS Web Application Firewall (WAF) service
+* Specify custom NLB source IP ranges
+* Specify custom NLB internal IP addresses
 
-link:https://github.com/openshift/aws-load-balancer-operator[ALB Operator] is used to used to install, manage and configure an instance of `aws-load-balancer-controller` in a OpenShift cluster.
+The link:https://github.com/openshift/aws-load-balancer-operator[AWS Load Balancer Operator] is used to used to install, manage and configure an instance of `aws-load-balancer-controller` in a ROSA cluster.
 
-.Prerequisites
+[id="prerequisites_{context}"]
+== Prerequisites
 
 [NOTE]
 ====
-ALB requires a multi-AZ cluster, three public subnets split across three AZs in the same VPC as the cluster, and is not suitable for most PrivateLink clusters.
+AWS ALBs require a multi-AZ cluster, as well as three public subnets split across three AZs in the same VPC as the cluster. This makes ALBs unsuitable for many PrivateLink clusters. AWS NLBs do not have this restriction. 
 ====
 
 * xref:../rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-quickly.adoc#rosa-sts-creating-a-cluster-quickly[A multi-AZ ROSA classic cluster] 
 * BYO VPC cluster
 * AWS CLI
 * OC CLI
 
-.Environment
+[id="environment_{context}"]
+=== Environment
 
 * Prepare the environment variables:
 +
@@ -68,14 +66,15 @@ $ mkdir -p ${SCRATCH}
 $ echo "Cluster: ${ROSA_CLUSTER_NAME}, Region: ${REGION}, OIDC Endpoint: ${OIDC_ENDPOINT}, AWS Account ID: ${AWS_ACCOUNT_ID}"
 ----
 
-== AWS VPC and subnets
+[id="aws-vpc-subnets_{context}"]
+=== AWS VPC and subnets
 
 [NOTE]
 ====
-This section only applies to BYO VPC clusters, if you let ROSA create your VPCs you can skip to the following Installation section. You can skip this section if you already installed xref:../rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-quickly.adoc#rosa-sts-creating-a-cluster-quickly[a Multi-AZ ROSA Classic cluster]. 
+This section only applies to clusters that were deployed into existing VPCs. If you did not deploy your cluster into an existing VPC, skip this section and proceed to the installation section below.
 ====
 
-. Set Variables describing your VPC and Subnets:
+. Set the below variables to the proper values for your ROSA deployment:
 +
 [source,terminal]
 ----
@@ -85,14 +84,14 @@ $ export PRIVATE_SUBNET_IDS=<private-subnets>
 $ export CLUSTER_NAME=$(oc get infrastructure cluster -o=jsonpath="{.status.infrastructureName}")
 ----
 +
-. Tag VPC with the cluster name: 
+. Add a tag to your cluster's VPC with the cluster name: 
 +
 [source,terminal]
 ----
 $ aws ec2 create-tags --resources ${VPC_ID} --tags Key=kubernetes.io/cluster/${CLUSTER_NAME},Value=owned --region ${REGION}
 ----
 +
-. Add tags to Public Subnets: 
+. Add a tag to your public subnets:
 +
 [source,terminal]
 ----   
@@ -102,7 +101,7 @@ $ aws ec2 create-tags \
      --region ${REGION}
 ----
 +
-. Add tags to Private Subnets: 
+. Add a tag to your private subnets:
 +
 [source,terminal]
 ----
@@ -112,13 +111,14 @@ $ aws ec2 create-tags \
      --region ${REGION}
 ----
 
+[id="installation_{context}"]
 == Installation
 
-. Create Policy for the ALB Controller: 
+. Create an AWS IAM policy for the AWS Load Balancer Controller: 
 + 
 [NOTE]
 ====
-Policy is from link:https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.4.4/docs/install/iam_policy.json[ALB controller policy] plus subnet create tags permission. This is required by the Operator.
+The policy is sourced from link:https://raw.githubusercontent.com/kubernetes-sigs/aws-load-balancer-controller/v2.4.4/docs/install/iam_policy.json[the upstream AWS Load Balancer Controller policy] plus permission to create tags on subnets. This is required by the operator to function.
 ==== 
 +
 [source,terminal]
@@ -138,7 +138,7 @@ fi
 $ echo $POLICY_ARN
 ----
 +
-. Create trust policy for ALB Operator: 
+. Create an AWS IAM trust policy for AWS Load Balancer Operator: 
 +
 [source,terminal]
 ----   
@@ -163,7 +163,7 @@ $ cat <<EOF > "${SCRATCH}/trust-policy.json"
 EOF
 ----
 +
-. Create Role for ALB Operator: 
+. Create an AWS IAM role for the AWS Load Balancer Operator: 
 +
 [source,terminal]
 ----
@@ -176,7 +176,7 @@ $ aws iam attach-role-policy --role-name "${ROSA_CLUSTER_NAME}-alb-operator" \
      --policy-arn $POLICY_ARN
 ----
 +
-. Create secret for ALB Operator:
+. Create a secret for the AWS Load Balancer Operator to assume our newly created AWS IAM role:
 +
 [source,terminal]
 ----
@@ -194,7 +194,7 @@ stringData:
 EOF
 ----
 +
-. Install Red Hat ALB Operator:
+. Install the Red Hat AWS Load Balancer Operator:
 +
 [source,terminal]
 ----
@@ -222,7 +222,7 @@ spec:
 EOF
 ----
 +
-. Install Red Hat ALB Controller:
+. Deploy an instance of the AWS Load Balancer Controller using the operator:
 +
 [NOTE]
 ====
@@ -242,7 +242,7 @@ spec:
 EOF
 ----   
 +
-. Check the Operator and controller pods are both running:
+. Check the that the operator and controller pods are both running:
 +
 [source,terminal]
 ----
@@ -258,7 +258,8 @@ aws-load-balancer-controller-cluster-6ddf658785-pdp5d            1/1     Running
 aws-load-balancer-operator-controller-manager-577d9ffcb9-w6zqn   2/2     Running   0          2m4s
 ----
 
-== Validate the deployment with a hello world application
+[id="validating-the-deployment_{context}"]
+== Validating the deployment
 
 . Create a new project: 
 +
@@ -274,7 +275,7 @@ $ oc new-project hello-world
 $ oc new-app -n hello-world --image=docker.io/openshift/hello-openshift
 ----
 +
-. Configure a NodePort service for the ALB to connect to: 
+. Configure a NodePort service for the AWS ALB to connect to: 
 +
 [source,terminal]
 ----
@@ -295,10 +296,11 @@ spec:
 EOF
 ----
 +
-. Deploy an ALB using the Operator: 
+. Deploy an AWS ALB using the AWS Load Balancer Operator: 
 +
 [source,terminal]
 ----
+$ cat << EOF | oc apply -f -
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
@@ -321,11 +323,11 @@ spec:
 EOF
 ----
 +
-. Curl the ALB Ingress endpoint to verify the hello world application is accessible: 
+. Curl the AWS ALB Ingress endpoint to verify the hello world application is accessible: 
 +
 [NOTE]
 ====
-ALB provisioning takes a few minutes. If you receive an error that says `curl: (6) Could not resolve host:`, please wait and try again.  
+AWS ALB provisioning takes a few minutes. If you receive an error that says `curl: (6) Could not resolve host`, please wait and try again.  
 ====
 +
 [source,termnial]
@@ -341,7 +343,7 @@ $ curl "http://${INGRESS}"
 Hello OpenShift!
 ----
 
-. Next, deploy an NLB for your hello world application:
+. Deploy an AWS NLB for your hello world application:
 +
 [source,terminal]
 ----
@@ -366,11 +368,11 @@ spec:
 EOF
 ----
 +
-. Test the NLB endpoint:
+. Test the AWS NLB endpoint:
 +
 [NOTE]
 ====
-NLB provisioning takes a few minutes. If you receive an error that says `curl: (6) Could not resolve host:`, please wait and try again.  
+NLB provisioning takes a few minutes. If you receive an error that says `curl: (6) Could not resolve host`, please wait and try again.  
 ====
 +
 [source,terminal]
@@ -386,16 +388,17 @@ $ curl "http://${NLB}"
 Hello OpenShift!
 ----
 
-== Clean up
+[id="cleaning-up_{context}"]
+== Cleaning up
 
 . Delete the hello world application namespace (and all the resources in the namespace):
 +
 [source,terminal]
 ----
-$ oc delete ns hello-world
+$ oc delete project hello-world
 ----
 +
-. Delete the Operator and the AWS roles:
+. Delete the AWS Load Balancer Operator and the AWS IAM roles:
 +
 [source,terminal]
 ----
@@ -407,28 +410,7 @@ $ aws iam delete-role \
   --role-name "${ROSA_CLUSTER_NAME}-alb-operator"
 ----
 +
-. You can delete the policy:
-+
-[source,terminal]
-----
-$ aws iam delete-policy --policy-arn $POLICY_ARN
-----
-
-== Clean up
-
-. Delete the Operator and the AWS roles:
-+
-[source,terminal]
-----
-$ oc delete subscription aws-load-balancer-operator -n aws-load-balancer-operator
-   aws iam detach-role-policy \
-     --role-name "${ROSA_CLUSTER_NAME}-alb-operator" \
-     --policy-arn $POLICY_ARN
-   aws iam delete-role \
-     --role-name "${ROSA_CLUSTER_NAME}-alb-operator"
-----
-+
-. You can delete the policy:
+. Delete the AWS IAM policy:
 +
 [source,terminal]
 ----
