Merge pull request #81797 from xenolinux/hcp-migrate-aws

OSDOCS#11004: Hosted control planes: Migrate AWS to OCP

Author: xenolinux

_topic_maps/_topic_map.yml

@@ -2490,7 +2490,7 @@ Topics:
     File: hcp-destroy-ibmz
   - Name: Destroying a hosted cluster on non-bare metal agent machines
     File: hcp-destroy-non-bm
-- Name: Manually importing a hosted control plane cluster
+- Name: Manually importing a hosted cluster
   File: hcp-import
 ---
 Name: Nodes

hosted_control_planes/hcp-deploy/hcp-deploy-aws.adoc

@@ -1,7 +1,75 @@
 :_mod-docs-content-type: ASSEMBLY
 [id="hcp-deploy-aws"]
 include::_attributes/common-attributes.adoc[]
-= Deploying {hcp} on AWS 
+= Deploying {hcp} on {aws-short}
 :context: hcp-deploy-aws
 
-toc::[]
+toc::[]
+
+A _hosted cluster_ is an {product-title} cluster with its API endpoint and control plane that are hosted on the management cluster. The hosted cluster includes the control plane and its corresponding data plane. To configure {hcp} on premises, you must install {mce} in a management cluster. By deploying the HyperShift Operator on an existing managed cluster by using the `hypershift-addon` managed cluster add-on, you can enable that cluster as a management cluster and start to create the hosted cluster. The `hypershift-addon` managed cluster add-on is enabled by default for the `local-cluster` managed cluster.
+
+You can use the {mce-short} console or the hosted control plane command-line interface (CLI), `hcp`, to create a hosted cluster. The hosted cluster is automatically imported as a managed cluster. However, you can xref:../../hosted_control_planes/hcp-import.adoc#hcp-import-disable_hcp-import[disable this automatic import feature into {mce-short}].
+
+include::modules/hcp-aws-prepare.adoc[leveloffset=+1]
+include::modules/hcp-aws-prereqs.adoc[leveloffset=+2]
+
+[role="_additional-resources"]
+.Additional resources
+
+* link:https://docs.redhat.com/en/documentation/red_hat_advanced_cluster_management_for_kubernetes/2.11/html/clusters/cluster_mce_overview#ansible-config-hosted-cluster[Configuring Ansible Automation Platform jobs to run on hosted clusters]
+
+* link:https://docs.redhat.com/en/documentation/red_hat_advanced_cluster_management_for_kubernetes/2.11/html/clusters/cluster_mce_overview#advanced-config-engine[Advanced configuration]
+
+* link:https://docs.redhat.com/en/documentation/red_hat_advanced_cluster_management_for_kubernetes/2.11/html/clusters/cluster_mce_overview#enable-cim[Enabling the central infrastructure management service]
+
+* xref:../../hosted_control_planes/hcp-prepare/hcp-enable-disable.adoc#hcp-enable-manual_hcp-enable-disable[Manually enabling the {hcp} feature]
+
+* xref:../../hosted_control_planes/hcp-prepare/hcp-enable-disable.adoc#hcp-disable_hcp-enable-disable[Disabling the {hcp} feature]
+
+* xref:../../networking/hardware_networks/configuring-sriov-operator.adoc#sriov-operator-hosted-control-planes_configuring-sriov-operator[Deploying the SR-IOV Operator for {hcp}]
+
+include::modules/hcp-aws-create-secret-s3.adoc[leveloffset=+1]
+
+include::modules/hcp-aws-create-public-zone.adoc[leveloffset=+1]
+
+include::modules/hcp-aws-create-role-sts-creds.adoc[leveloffset=+1]
+
+include::modules/hcp-aws-enable-ext-dns.adoc[leveloffset=+1]
+
+include::modules/hcp-aws-enable-ext-dns-prereq.adoc[leveloffset=+2]
+
+include::modules/hcp-aws-set-up-ext-dns.adoc[leveloffset=+2]
+
+include::modules/hcp-aws-create-dns-hosted-zone.adoc[leveloffset=+2]
+
+include::modules/hcp-aws-hc-ext-dns.adoc[leveloffset=+2]
+
+include::modules/hcp-aws-enable-private-link.adoc[leveloffset=+1]
+
+include::modules/hcp-aws-deploy-hc.adoc[leveloffset=+1]
+
+include::modules/hcp-access-pub-hc-aws.adoc[leveloffset=+2]
+
+include::modules/hcp-access-pub-hc-aws-cli.adoc[leveloffset=+2]
+
+include::modules/hc-create-aws-multi-zones.adoc[leveloffset=+1]
+
+include::modules/hcp-create-hc-multi-zone-aws-creds.adoc[leveloffset=+2]
+
+include::modules/hcp-enable-arm-amd.adoc[leveloffset=+1]
+include::modules/hcp-create-hc-arm64-aws.adoc[leveloffset=+2]
+include::modules/hcp-create-np-arm64-aws.adoc[leveloffset=+2]
+
+[role="_additional-resources"]
+.Additional resources
+
+* link:https://docs.redhat.com/en/documentation/red_hat_advanced_cluster_management_for_kubernetes/2.11/html/clusters/cluster_mce_overview#configure-hosted-disconnected-digest-image[Extracting the {product-title} release image digest]
+
+include::modules/hcp-create-private-hc-aws.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+
+//Identity and Access Management (IAM) permissions
+
+include::modules/hcp-access-priv-mgmt-aws.adoc[leveloffset=+2]

hosted_control_planes/hcp-deploy/hcp-deploy-bm.adoc

@@ -17,7 +17,7 @@ The {hcp} feature is enabled by default.
 
 The {mce-short} supports only the default `local-cluster`, which is a hub cluster that is managed, and the hub cluster as the management cluster. If you have Red{nbsp}Hat Advanced Cluster Management installed, you can use the managed hub cluster, also known as the `local-cluster`, as the management cluster.
 
-A _hosted cluster_ is an {product-title} cluster with its API endpoint and control plane that are hosted on the management cluster. The hosted cluster includes the control plane and its corresponding data plane. You can use the {mce-short} console or the hosted control plane command line interface, `hcp`, to create a hosted cluster. 
+A _hosted cluster_ is an {product-title} cluster with its API endpoint and control plane that are hosted on the management cluster. The hosted cluster includes the control plane and its corresponding data plane. You can use the {mce-short} console or the hosted control plane command line interface, `hcp`, to create a hosted cluster.
 
 The hosted cluster is automatically imported as a managed cluster. If you want to disable this automatic import feature, see _Disabling the automatic import of hosted clusters into {mce-short}_.
 
@@ -53,7 +53,7 @@ include::modules/hcp-bm-hc.adoc[leveloffset=+1]
 [role="_additional-resources"]
 .Additional resources
 
-* xref:../../hosted_control_planes/hcp-import.adoc[Manually importing a hosted control plane cluster]
+* xref:../../hosted_control_planes/hcp-import.adoc[Manually importing a hosted cluster]
 
 include::modules/hcp-bm-hc-console.adoc[leveloffset=+2]
 
@@ -73,4 +73,4 @@ include::modules/hcp-bm-hc-mirror.adoc[leveloffset=+2]
 
 * To extract the {product-title} release image digest, see link:https://docs.redhat.com/en/documentation/red_hat_advanced_cluster_management_for_kubernetes/2.11/html/clusters/cluster_mce_overview#configure-hosted-disconnected-digest-image[Extracting the {product-title} release image digest].
 
-include::modules/hcp-bm-verify.adoc[leveloffset=+1]
+include::modules/hcp-bm-verify.adoc[leveloffset=+1]

hosted_control_planes/hcp-deploy/hcp-deploy-non-bm.adoc

@@ -55,7 +55,7 @@ include::modules/hcp-non-bm-hc.adoc[leveloffset=+1]
 [role="_additional-resources"]
 .Additional resources
 
-* xref:../../hosted_control_planes/hcp-import.adoc#hcp-import-manual_hcp-import[Manually importing a hosted control plane cluster]
+* xref:../../hosted_control_planes/hcp-import.adoc#hcp-import-manual_hcp-import[Manually importing a hosted cluster]
 
 include::modules/hcp-non-bm-hc-console.adoc[leveloffset=+2]
 

hosted_control_planes/hcp-import.adoc

@@ -1,7 +1,7 @@
 :_mod-docs-content-type: ASSEMBLY
 [id="hcp-import"]
 include::_attributes/common-attributes.adoc[]
-= Manually importing a hosted control plane cluster
+= Manually importing a hosted cluster
 :context: hcp-import
 
 toc::[]
@@ -11,4 +11,3 @@ Hosted clusters are automatically imported into {mce-short} after the hosted con
 include::modules/hcp-import-manual.adoc[leveloffset=+1]
 include::modules/hcp-import-manual-aws.adoc[leveloffset=+1]
 include::modules/hcp-import-disable.adoc[leveloffset=+1]
-

hosted_control_planes/hcp-prepare/hcp-enable-disable.adoc

@@ -14,7 +14,7 @@ include::modules/hcp-enable-manual-addon.adoc[leveloffset=+2]
 [id="hcp-disable_{context}"]
 == Disabling the {hcp} feature
 
-You can uninstall the HyperShift Operator and disable the hosted control plane. When you disable the hosted control plane cluster feature, you must destroy the hosted cluster and the managed cluster resource on {mce-short}, as described in the _Managing hosted control plane clusters_ topics.
+You can uninstall the HyperShift Operator and disable the {hcp} feature. When you disable the {hcp} feature, you must destroy the hosted cluster and the managed cluster resource on {mce-short}, as described in the _Managing hosted clusters_ topics.
 
 include::modules/hcp-uninstall-operator.adoc[leveloffset=+2]
-include::modules/hcp-disable-feature.adoc[leveloffset=+2]
+include::modules/hcp-disable-feature.adoc[leveloffset=+2]

modules/hc-create-aws-multi-zones.adoc

@@ -0,0 +1,49 @@
+// Module included in the following assemblies:
+//
+// * hosted_control_planes/hcp-deploy/hcp-deploy-aws.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="hc-create-aws-multiple-zones_{context}"]
+= Creating a hosted cluster in multiple zones on {aws-short}
+
+You can create a hosted cluster in multiple zones on {aws-first} by using the `hcp` command-line interface (CLI).
+
+.Prerequisites
+
+* You created an {aws-short} Identity and Access Management (IAM) role and {aws-short} Security Token Service (STS) credentials.
+
+.Procedure
+
+* Create a hosted cluster in multiple zones on {aws-short} by running the following command:
++
+[source,terminal]
+----
+$ hcp create cluster aws \
+  --name <hosted_cluster_name> \// <1>
+  --node-pool-replicas=<node_pool_replica_count> \// <2>
+  --base-domain <basedomain> \// <3>
+  --pull-secret <path_to_pull_secret> \// <4>
+  --role-arn <arn_role> \// <5>
+  --region <region> \// <6>
+  --zones <zones> \// <7>
+  --sts-creds <path_to_sts_credential_file> <8>
+----
+<1> Specify the name of your hosted cluster, for instance, `example`.
+<2> Specify the node pool replica count, for example, `2`.
+<3> Specify your base domain, for example, `example.com`.
+<4> Specify the path to your pull secret, for example, `/user/name/pullsecret`.
+<5> Specify the Amazon Resource Name (ARN), for example, `arn:aws:iam::820196288204:role/myrole`.
+<6> Specify the {aws-short} region name, for example, `us-east-1`.
+<7> Specify availability zones within your {aws-short} region, for example, `us-east-1a`, and `us-east-1b`.
+<8> Specify the path to your {aws-short} STS credentials file, for example, `/home/user/sts-creds/sts-creds.json`.
+
+For each specified zone, the following infrastructure is created:
+
+* Public subnet
+* Private subnet
+* NAT gateway
+* Private route table
+
+A public route table is shared across public subnets.
+
+One `NodePool` resource is created for each zone. The node pool name is suffixed by the zone name. The private subnet for zone is set in `spec.platform.aws.subnet.id`.

modules/hcp-access-hc-aws-hcpcli.adoc

@@ -0,0 +1,25 @@
+// Module included in the following assemblies:
+//
+// * hosted-control-planes/hcp-deploy/hcp-deploy-aws.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="hcp-access-hc-aws-hcpcli_{context}"]
+= Accessing a hosted cluster on {aws-short} by using the hcp CLI
+
+You can access the hosted cluster by using the `hcp` command-line interface (CLI) to generate the `kubeconfig` file.
+
+.Procedure
+
+. Generate the `kubeconfig` file by entering the following command:
++
+[source,terminal]
+----
+$ hcp create kubeconfig --namespace <hosted_cluster_namespace> --name <hosted_cluster_name> > <hosted_cluster_name>.kubeconfig
+----
+
+. After you save the `kubeconfig` file, you can access the hosted cluster by entering the following command:
++
+[source,terminal]
+----
+$ oc --kubeconfig <hosted_cluster_name>.kubeconfig get nodes
+----

modules/hcp-access-hc-aws.adoc

@@ -0,0 +1,25 @@
+// Module included in the following assemblies:
+//
+// * hosted-control-planes/hcp-deploy/hcp-deploy-aws.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="hcp-create-private-hc-aws_{context}"]
+= Accessing a hosted cluster on {aws-short}
+
+You can access the hosted cluster by getting the `kubeconfig` file and the `kubeadmin` credentials directly from resources.
+
+You must be familiar with the access secrets for hosted clusters. The hosted cluster namespace contains hosted cluster resources, and the hosted control plane namespace is where the hosted control plane runs. The secret name formats are as follows:
+
+* `kubeconfig` secret: `<hosted-cluster-namespace>-<name>-admin-kubeconfig`. For example, `clusters-hypershift-demo-admin-kubeconfig`.
+* `kubeadmin` password secret: `<hosted-cluster-namespace>-<name>-kubeadmin-password`. For example, `clusters-hypershift-demo-kubeadmin-password`.
+
+.Procedure
+
+* The `kubeconfig` secret contains a Base64-encoded `kubeconfig` field, which you can decode and save into a file to use with the following command:
++
+[source,terminal]
+----
+$ oc --kubeconfig <hosted_cluster_name>.kubeconfig get nodes
+----
++
+The `kubeadmin` password secret is also Base64-encoded. You can decode it and use the password to log in to the API server or console of the hosted cluster.

modules/hcp-access-priv-mgmt-aws.adoc

@@ -0,0 +1,53 @@
+// Module included in the following assemblies:
+//
+// * hosted-control-planes/hcp-deploy/hcp-deploy-aws.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="hcp-access-private-hc-aws_{context}"]
+= Accessing a private management cluster on {aws-short}
+
+You can access your private management cluster by using the command-line interface (CLI).
+
+.Procedure
+
+. Find the private IPs of nodes by entering the following command:
++
+[source,terminal]
+----
+$ aws ec2 describe-instances --filter="Name=tag:kubernetes.io/cluster/<infra_id>,Values=owned" | jq '.Reservations[] | .Instances[] | select(.PublicDnsName=="") | .PrivateIpAddress'
+----
+
+. Create a `kubeconfig` file for the hosted cluster that you can copy to a node by entering the following command:
++
+[source,terminal]
+----
+$ hcp create kubeconfig > <hosted_cluster_kubeconfig>
+----
+
+. To SSH into one of the nodes through the bastion, enter the following command:
++
+[source,terminal]
+----
+$ ssh -o ProxyCommand="ssh ec2-user@<bastion_ip> -W %h:%p" core@<node_ip>
+----
+
+. From the SSH shell, copy the `kubeconfig` file contents to a file on the node by entering the following command:
++
+[source,terminal]
+----
+$ mv <path_to_kubeconfig_file> <new_file_name>
+----
+
+. Export the `kubeconfig` file by entering the following command:
++
+[source,terminal]
+----
+$ export KUBECONFIG=<path_to_kubeconfig_file>
+----
+
+. Observe the hosted cluster status by entering the following command:
++
+[source,terminal]
+----
+$ oc get clusteroperators clusterversion
+----