Merge pull request #65877 from dfitzmau/OSDOCS-5851-newer

Author: adellape

_topic_maps/_topic_map.yml

@@ -585,6 +585,9 @@ Topics:
 - Name: Fedora CoreOS (FCOS) image layering
   File: coreos-layering
   Distros: openshift-origin
+- Name: AWS Local Zone tasks
+  File: aws-compute-edge-tasks
+  Distros: openshift-enterprise
 ---
 Name: Updating clusters
 Dir: updating

modules/edge-machine-pools-aws-local-zones.adoc

@@ -1,5 +1,10 @@
 // Module included in the following assemblies:
 // * installing/installing_aws/installing-aws-localzone.adoc
+// * post_installation_configuration/aws-compute-edge-tasks.adoc
+
+ifeval::["{context}" == "aws-compute-edge-tasks"]
+:edge:
+endif::[]
 
 :_content-type: CONCEPT
 [id="edge-machine-pools-aws-local-zones_{context}"]
@@ -14,7 +19,7 @@ When deploying a cluster that uses Local Zones, consider the following points:
 
 [IMPORTANT]
 ====
-Generally, the Maximum Transmission Unit (MTU) between an Amazon EC2 instance in a Local Zone and an Amazon EC2 instance in the Region is 1300. For more information, see link:https://docs.aws.amazon.com/local-zones/latest/ug/how-local-zones-work.html[How Local Zones work] in the AWS documentation. 
+Generally, the maximum transmission unit (MTU) between an Amazon EC2 instance in a Local Zone and an Amazon EC2 instance in the Region is 1300. For more information, see link:https://docs.aws.amazon.com/local-zones/latest/ug/how-local-zones-work.html[How Local Zones work] in the AWS documentation.
 The cluster network MTU must be always less than the EC2 MTU to account for the overhead. The specific overhead is determined by the network plugin, for example:
 
 - OVN-Kubernetes: `100 bytes`
@@ -39,6 +44,7 @@ By default, the system creates the edge compute pool manifests only if users add
 
 By default, the machine sets for the edge compute pool defines the taint of `NoSchedule` to prevent regular workloads from spreading on Local Zone instances. Users can only run user workloads if they define tolerations in the pod specification.
 
+ifndef::edge[]
 The following examples show `install-config.yaml` files that use the edge machine pool.
 
 .Configuration that uses an edge pool with a custom instance type
@@ -106,3 +112,8 @@ pullSecret: '{"auths": ...}'
 sshKey: ssh-ed25519 AAAA...
 ----
 <1> Specify the name of the security group as it appears in the Amazon EC2 console, including the `sg` prefix.
+endif::edge[]
+
+ifeval::["{context}" == "aws-compute-edge-tasks"]
+:!edge:
+endif::[]

modules/installation-aws-add-local-zone-locations.adoc

@@ -1,6 +1,7 @@
 // Module included in the following assemblies:
 //
 // * installing/installing_aws/installing-aws-localzone.adoc
+// * post_installation_configuration/aws-compute-edge-tasks.adoc
 
 :_content-type: PROCEDURE
 [id="installation-aws-add-local-zone-locations_{context}"]
@@ -12,6 +13,23 @@ If you plan to create the subnets in AWS Local Zones, you must opt in to each zo
 
 * You have installed the AWS CLI.
 * You have determined an AWS Region for where you want to deploy your {product-title} cluster.
+* You have attached a permissive IAM policy to a user or role account that opts in to the zone group. Consider the following configuration as an example IAM policy:
++
+[source,yaml]
+----
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Action": [
+        "ec2:ModifyAvailabilityZoneGroup"
+      ],
+      "Effect": "Allow",
+      "Resource": "*"
+    }
+  ]
+}
+----
 
 .Procedure
 
@@ -36,6 +54,7 @@ Depending on the AWS Region, the list of available zones can be long. The comman
 [source,terminal]
 ----
 $ aws ec2 modify-availability-zone-group \
-    --group-name "<value_of_GroupName>" \
+    --group-name "<value_of_GroupName>" \// <1>
     --opt-in-status opted-in
 ----
+<1> For `<value_of_GroupName>`, specify the name of the group of the Local Zone where you want to create subnets. For example, specify `us-east-1-nyc-1` to use the zone `us-east-1-nyc-1a` (US East New York).

modules/installation-cloudformation-subnet-localzone.adoc

@@ -1,6 +1,7 @@
 // Module included in the following assemblies:
 //
 // * installing/installing_aws/installing-aws-localzone.adoc
+// * post_installation_configuration/aws-compute-edge-tasks.adoc
 
 :_content-type: REFERENCE
 [id="installation-cloudformation-subnet-localzone_{context}"]

modules/installation-creating-aws-subnet-localzone.adoc

@@ -1,6 +1,7 @@
 // Module included in the following assemblies:
 //
 // * installing/installing_aws/installing-aws-localzone.adoc
+// * post_installation_configuration/aws-compute-edge-tasks.adoc
 
 :_content-type: PROCEDURE
 [id="installation-creating-aws-subnet-localzone_{context}"]

modules/installation-extend-edge-nodes-aws-local-zones.adoc

@@ -1,6 +1,6 @@
 // Module included in the following assemblies:
 //
-// * post_installation_configuration/cluster-tasks.adoc
+// * post_installation_configuration/aws-compute-edge-tasks.adoc
 
 ifeval::["{context}" == "installing-aws-localzone"]
 :localzone:

modules/machine-edge-pool-review-nodes.adoc

@@ -1,5 +1,6 @@
 // Module included in the following assemblies
 // * installing/installing_aws/installing-aws-localzone.adoc
+// * post_installation_configuration/aws-compute-edge-tasks.adoc
 
 :_content-type: PROCEDURE
 [id="machine-edge-pool-review-nodes_{context}"]

modules/machineset-creating.adoc

@@ -7,11 +7,13 @@
 // * machine_management/creating_machinesets/creating-machineset-gcp.adoc
 // * machine_management/creating_machinesets/creating-machineset-osp.adoc
 // * machine_management/creating_machinesets/creating-machineset-vsphere.adoc
-// * post_installation_configuration/cluster-tasks.adoc
 // * windows_containers/creating_windows_machinesets/creating-windows-machineset-aws.adoc
 // * windows_containers/creating_windows_machinesets/creating-windows-machineset-azure.adoc
 // * windows_containers/creating_windows_machinesets/creating-windows-machineset-vsphere.adoc
 // * windows_containers/creating_windows_machinesets/creating-windows-machineset-gcp.adoc
+// * post_installation_configuration/cluster-tasks.adoc
+// * post_installation_configuration/installation-creating-aws-subnet-localzone.adoc
+// * post_installation_configuration/aws-compute-edge-tasks.adoc
 
 ifeval::["{context}" == "creating-windows-machineset-aws"]
 :win:
@@ -28,6 +30,9 @@ endif::[]
 ifeval::["{context}" == "creating-machineset-vsphere"]
 :vsphere:
 endif::[]
+ifeval::["{context}" == "aws-compute-edge-tasks"]
+:localzone:
+endif::[]
 
 :_content-type: PROCEDURE
 [id="machineset-creating_{context}"]
@@ -198,17 +203,22 @@ $ oc get machineset -n openshift-machine-api
 .Example output
 [source,terminal]
 ----
+ifdef::win,localzone[]
+NAME                                       DESIRED   CURRENT   READY   AVAILABLE   AGE
 ifdef::win[]
-NAME                                      DESIRED   CURRENT   READY   AVAILABLE   AGE
-agl030519-vplxk-windows-worker-us-east-1a    1         1         1       1        11m
-agl030519-vplxk-worker-us-east-1a            1         1         1       1        55m
-agl030519-vplxk-worker-us-east-1b            1         1         1       1        55m
-agl030519-vplxk-worker-us-east-1c            1         1         1       1        55m
-agl030519-vplxk-worker-us-east-1d            0         0                          55m
-agl030519-vplxk-worker-us-east-1e            0         0                          55m
-agl030519-vplxk-worker-us-east-1f            0         0                          55m
+agl030519-vplxk-windows-worker-us-east-1a  1         1         1       1           11m
 endif::win[]
-ifndef::win[]
+ifdef::localzone[]
+agl030519-vplxk-edge-us-east-1-nyc-1a      1         1         1       1           11m
+endif::localzone[]
+agl030519-vplxk-worker-us-east-1a          1         1         1       1           55m
+agl030519-vplxk-worker-us-east-1b          1         1         1       1           55m
+agl030519-vplxk-worker-us-east-1c          1         1         1       1           55m
+agl030519-vplxk-worker-us-east-1d          0         0                             55m
+agl030519-vplxk-worker-us-east-1e          0         0                             55m
+agl030519-vplxk-worker-us-east-1f          0         0                             55m
+endif::win,localzone[]
+ifndef::win,localzone[]
 NAME                                DESIRED   CURRENT   READY   AVAILABLE   AGE
 agl030519-vplxk-infra-us-east-1a    1         1         1       1           11m
 agl030519-vplxk-worker-us-east-1a   1         1         1       1           55m
@@ -217,11 +227,30 @@ agl030519-vplxk-worker-us-east-1c   1         1         1       1           55m
 agl030519-vplxk-worker-us-east-1d   0         0                             55m
 agl030519-vplxk-worker-us-east-1e   0         0                             55m
 agl030519-vplxk-worker-us-east-1f   0         0                             55m
-endif::win[]
+endif::win,localzone[]
 ----
 +
 When the new compute machine set is available, the `DESIRED` and `CURRENT` values match. If the compute machine set is not available, wait a few minutes and run the command again.
 
+ifdef::localzone[]
+* Optional: To check nodes that were created by the edge machine, run the following command:
++
+[source,terminal]
+----
+$ oc get nodes -l node-role.kubernetes.io/edge
+----
++
+.Example output
+[source,terminal]
+----
+NAME                           STATUS   ROLES         AGE    VERSION
+ip-10-0-207-188.ec2.internal   Ready    edge,worker   172m   v1.25.2+d2e245f
+----
+endif::localzone[]
+
+ifeval::["{context}" == "aws-compute-edge-tasks"]
+:!localzone:
+endif::[]
 ifeval::["{context}" == "creating-machineset-vsphere"]
 :!vsphere:
 endif::[]