Merge pull request #75033 from dfitzmau/OSDOCS-7074

OSDOCS-7074: Documented external LB for managing api/ingress traffic

Author: adellape

installing/installing_bare_metal_ipi/ipi-install-installation-workflow.adoc

@@ -29,6 +29,12 @@ include::modules/ipi-install-extracting-the-openshift-installer.adoc[leveloffset
 
 include::modules/ipi-install-creating-an-rhcos-images-cache.adoc[leveloffset=+1]
 
+// Services for a user-managed load balancer
+include::modules/nw-osp-services-external-load-balancer.adoc[leveloffset=+1]
+
+// Configuring a user-managed load balancer
+include::modules/nw-osp-configuring-external-load-balancer.adoc[leveloffset=+2]
+
 include::modules/ipi-install-setting-cluster-node-hostnames-dhcp.adoc[leveloffset=+1]
 
 [id="ipi-install-configuration-files"]

installing/installing_bare_metal_ipi/ipi-install-post-installation-configuration.adoc

@@ -12,8 +12,8 @@ include::modules/ipi-install-configuring-ntp-for-disconnected-clusters.adoc[leve
 
 include::modules/nw-enabling-a-provisioning-network-after-installation.adoc[leveloffset=+1]
 
-// Configuring an external load balancer
+// Configuring a user-managed load balancer
 include::modules/nw-osp-services-external-load-balancer.adoc[leveloffset=+1]
 
-// Services for an external load balancer
+// Services for a user-managed load balancer
 include::modules/nw-osp-configuring-external-load-balancer.adoc[leveloffset=+2]

installing/installing_vsphere/ipi/installing-restricted-networks-installer-provisioned-vsphere.adoc

@@ -64,6 +64,13 @@ include::modules/installation-configure-proxy.adoc[leveloffset=+2]
 
 include::modules/configuring-vsphere-regions-zones.adoc[leveloffset=+2]
 
+// Services for a user-managed load balancer
+include::modules/nw-osp-services-external-load-balancer.adoc[leveloffset=+1]
+
+// Configuring a user-managed load balancer
+include::modules/nw-osp-configuring-external-load-balancer.adoc[leveloffset=+2]
+
+// Deploying the cluster
 include::modules/installation-launching-installer.adoc[leveloffset=+1]
 
 include::modules/cli-logging-in-kubeadmin.adoc[leveloffset=+1]
@@ -88,12 +95,6 @@ include::modules/cluster-telemetry.adoc[leveloffset=+1]
 
 * See xref:../../../support/remote_health_monitoring/about-remote-health-monitoring.adoc#about-remote-health-monitoring[About remote health monitoring] for more information about the Telemetry service
 
-// Services for an external load balancer
-include::modules/nw-osp-services-external-load-balancer.adoc[leveloffset=+1]
-
-// Configuring an external load balancer
-include::modules/nw-osp-configuring-external-load-balancer.adoc[leveloffset=+2]
-
 [id="next-steps_installing-restricted-networks-installer-provisioned-vsphere"]
 == Next steps
 

installing/installing_vsphere/ipi/installing-vsphere-installer-provisioned-customizations.adoc

@@ -56,6 +56,13 @@ include::modules/installation-configure-proxy.adoc[leveloffset=+2]
 
 include::modules/configuring-vsphere-regions-zones.adoc[leveloffset=+2]
 
+// Services for a user-managed load balancer
+include::modules/nw-osp-services-external-load-balancer.adoc[leveloffset=+1]
+
+// Configuring a user-managed load balancer
+include::modules/nw-osp-configuring-external-load-balancer.adoc[leveloffset=+2]
+
+// Deploying the cluster
 include::modules/installation-launching-installer.adoc[leveloffset=+1]
 
 include::modules/cli-logging-in-kubeadmin.adoc[leveloffset=+1]
@@ -81,12 +88,6 @@ include::modules/cluster-telemetry.adoc[leveloffset=+1]
 
 * See xref:../../../support/remote_health_monitoring/about-remote-health-monitoring.adoc#about-remote-health-monitoring[About remote health monitoring] for more information about the Telemetry service
 
-// Services for an external load balancer
-include::modules/nw-osp-services-external-load-balancer.adoc[leveloffset=+1]
-
-// Configuring an external load balancer
-include::modules/nw-osp-configuring-external-load-balancer.adoc[leveloffset=+2]
-
 [id="next-steps_installing-vsphere-installer-provisioned-customizations"]
 == Next steps
 

installing/installing_vsphere/ipi/installing-vsphere-installer-provisioned-network-customizations.adoc

@@ -66,6 +66,13 @@ include::modules/nw-modifying-operator-install-config.adoc[leveloffset=+1]
 include::modules/nw-operator-cr.adoc[leveloffset=+1]
 // end network customization
 
+// Services for a user-managed load balancer
+include::modules/nw-osp-services-external-load-balancer.adoc[leveloffset=+1]
+
+// Configuring a user-managed load balancer
+include::modules/nw-osp-configuring-external-load-balancer.adoc[leveloffset=+2]
+
+// Deploying the cluster
 include::modules/installation-launching-installer.adoc[leveloffset=+1]
 
 include::modules/cli-logging-in-kubeadmin.adoc[leveloffset=+1]
@@ -91,12 +98,6 @@ include::modules/cluster-telemetry.adoc[leveloffset=+1]
 
 * See xref:../../../support/remote_health_monitoring/about-remote-health-monitoring.adoc#about-remote-health-monitoring[About remote health monitoring] for more information about the Telemetry service
 
-// Services for an external load balancer
-include::modules/nw-osp-services-external-load-balancer.adoc[leveloffset=+1]
-
-// Configuring an external load balancer
-include::modules/nw-osp-configuring-external-load-balancer.adoc[leveloffset=+2]
-
 include::modules/ipi-install-configure-network-components-to-run-on-the-control-plane.adoc[leveloffset=+1]
 
 [id="next-steps_installing-vsphere-installer-provisioned-network-customizations"]

modules/installation-launching-installer.adoc

@@ -311,7 +311,7 @@ ifdef::vsphere[]
 +
 [IMPORTANT]
 ====
-You do not need to specify API and Ingress static addresses for your installation program. If you choose this configuration, you must take additional actions to define network targets that accept an IP address from each referenced vSphere subnet. See the section "Configuring an external load balancer".
+You do not need to specify API and Ingress static addresses for your installation program. If you choose this configuration, you must take additional actions to define network targets that accept an IP address from each referenced vSphere subnet. See the section "Configuring a user-managed load balancer".
 ====
 endif::vsphere[]
 

modules/installation-load-balancing-user-infra.adoc

@@ -227,4 +227,4 @@ If you are using HAProxy as a load balancer, you can check that the `haproxy` pr
 
 ifeval::["{context}" == "installing-openstack-installer-custom"]
 :!user-managed-lb:
-endif::[]
+endif::[]

modules/installation-osp-balancing-external-loads.adoc

@@ -3,7 +3,7 @@
 // * installing/installing_openstack/installing-openstack-load-balancing.adoc
 
 [id="installation-osp-balancing-external-loads_{context}"]
-= Configuring an external load balancer
+= Configuring a user-managed load balancer
 
 Configure an external load balancer in {rh-openstack-first} to use your own load balancer, resolve external networking needs, or scale beyond what the default {product-title} load balancer can provide.
 

modules/nw-osp-configuring-external-load-balancer.adoc

@@ -1,45 +1,39 @@
 // Module included in the following assemblies:
 
-// * networking/load-balancing-openstack.adoc ( Load balancing on OpenStack)
-// * installing/installing_bare_metal_ipi/ipi-install-post-installation-configuration.adoc (Post-installation configuration)
-// * installing/installing-vsphere-installer-provisioned.adoc(Installing a cluster)
-// * installing/installing-vsphere-installer-provisioned-customizations.adoc (Installing a cluster on vSphere with customizations)
-// * installing/installing-vsphere-installer-provisioned-network-customizations.adoc (Installing a cluster on vSphere with network customizations)
-// * installing/installing-restricted-networks-installer-provisioned-vsphere.adoc (Installing a cluster on vSphere in a restricted network)
+// OpenStack
+// * networking/load-balancing-openstack.adoc
+// Bare metal
+// * installing/installing_bare_metal_ipi/ipi-install-installation-workflow.adoc
+// * installing/installing_bare_metal_ipi/ipi-install-post-installation-configuration.adoc
+// vSphere
+// * installing/installing-vsphere-installer-provisioned-customizations.adoc
+// * installing/installing-vsphere-installer-provisioned-network-customizations.adoc
+// * installing/installing-restricted-networks-installer-provisioned-vsphere.adoc
 
-ifeval::["{context}" == "installing-vsphere-installer-provisioned"]
-:vsphere:
-endif::[]
-ifeval::["{context}" == "installing-vsphere-installer-provisioned-customizations"]
-:vsphere:
-endif::[]
-ifeval::["{context}" == "installing-vsphere-installer-provisioned-network-customizations"]
-:vsphere:
-endif::[]
-ifeval::["{context}" == installing-restricted-networks-installer-provisioned-vsphere]
-:vsphere:
+ifeval::["{context}" == "ipi-install-installation-workflow"]
+:bare-metal:
 endif::[]
 
 :_mod-docs-content-type: PROCEDURE
 [id="nw-osp-configuring-external-load-balancer_{context}"]
-= Configuring an external load balancer
+= Configuring a user-managed load balancer
 
 You can configure an {product-title} cluster
 ifeval::["{context}" == "load-balancing-openstack"]
 on {rh-openstack-first}
 endif::[]
-to use an external load balancer in place of the default load balancer.
+to use a user-managed load balancer in place of the default load balancer.
 
 [IMPORTANT]
 ====
-Before you configure an external load balancer, ensure that you read the "Services for an external load balancer" section.
+Before you configure a user-managed load balancer, ensure that you read the "Services for a user-managed load balancer" section.
 ====
 
-Read the following prerequisites that apply to the service that you want to configure for your external load balancer.
+Read the following prerequisites that apply to the service that you want to configure for your user-managed load balancer.
 
 [NOTE]
 ====
-MetalLB, that runs on a cluster, functions as an external load balancer.
+MetalLB, which runs on a cluster, functions as a user-managed load balancer.
 ====
 
 .OpenShift API prerequisites
@@ -64,7 +58,7 @@ MetalLB, that runs on a cluster, functions as an external load balancer.
 
 You can configure most load balancers by setting health check URLs that determine if a service is available or unavailable. {product-title} provides these health checks for the OpenShift API, Machine Configuration API, and Ingress Controller backend services.
 
-The following examples demonstrate health check specifications for the previously listed backend services:
+The following examples show health check specifications for the previously listed backend services:
 
 .Example of a Kubernetes API health check specification
 
@@ -157,7 +151,7 @@ listen my-cluster-apps-80
 # ...
 ----
 
-. Use the `curl` CLI command to verify that the external load balancer and its resources are operational:
+. Use the `curl` CLI command to verify that the user-managed load balancer and its resources are operational:
 +
 .. Verify that the cluster machine configuration API is accessible to the Kubernetes API server resource, by running the following command and observing the response:
 +
@@ -239,7 +233,7 @@ set-cookie: 1e2670d92730b515ce3a1bb65da45062=1bf5e9573c9a2760c964ed1659cc1673; p
 cache-control: private
 ----
 
-. Configure the DNS records for your cluster to target the front-end IP addresses of the external load balancer. You must update records to your DNS server for the cluster API and applications over the load balancer.
+. Configure the DNS records for your cluster to target the front-end IP addresses of the user-managed load balancer. You must update records to your DNS server for the cluster API and applications over the load balancer.
 +
 .Examples of modified DNS records
 +
@@ -260,7 +254,30 @@ A record pointing to Load Balancer Front End
 DNS propagation might take some time for each DNS record to become available. Ensure that each DNS record propagates before validating each record.
 ====
 
-. Use the `curl` CLI command to verify that the external load balancer and DNS record configuration are operational:
+ifdef::bare-metal[]
+. For your {product-title} cluster to use the user-managed load balancer, you must specify the following configuration in your cluster's `install-config.yaml` file:
++
+[source,yaml]
+----
+# ...
+platform:
+  baremetal:
+    loadBalancer:
+      type: UserManaged <1>
+      apiVIPs:
+      - <api_ip> <2>
+      ingressVIPs:
+      - <ingress_ip> <3>
+# ...
+----
+<1> Set `UserManaged` for the `type` parameter to specify a user-managed load balancer for your cluster. The parameter defaults to `OpenShiftManagedDefault`, which denotes the default internal load balancer. For services defined in an `openshift-kni-infra` namespace, a user-managed load balancer can deploy the `coredns` service to pods in your cluster but ignores `keepalived` and `haproxy` services.
+<2> Required parameter when you specify a user-managed load balancer. Specify the user-managed load balancer's public IP address, so that the Kubernetes API can communicate with the user-managed load balancer.
+<3> Required parameter when you specify a user-managed load balancer. Specify the user-managed load balancer's public IP address, so that the user-managed load balancer can manage ingress traffic for your cluster.
+endif::bare-metal[]
+
+.Verification
+
+. Use the `curl` CLI command to verify that the user-managed load balancer and DNS record configuration are operational:
 +
 .. Verify that you can access the cluster API, by running the following command and observing the output:
 +
@@ -352,15 +369,6 @@ set-cookie: 1e2670d92730b515ce3a1bb65da45062=1bf5e9573c9a2760c964ed1659cc1673; p
 cache-control: private
 ----
 
-ifeval::["{context}" == "installing-vsphere-installer-provisioned"]
-:!vsphere:
-endif::[]
-ifeval::["{context}" == "installing-vsphere-installer-provisioned-customizations"]
-:!vsphere:
-endif::[]
-ifeval::["{context}" == "installing-vsphere-installer-provisioned-network-customizations"]
-:!vsphere:
-endif::[]
-ifeval::["{context}" == installing-restricted-networks-installer-provisioned-vsphere]
-:!vsphere:
+ifeval::["{context}" == "ipi-install-installation-workflow"]
+:!bare-metal:
 endif::[]

modules/nw-osp-services-external-load-balancer.adoc

@@ -1,49 +1,39 @@
 // Module included in the following assemblies:
 
-// * networking/load-balancing-openstack.adoc ( Load balancing on OpenStack)
-// * installing/installing_bare_metal_ipi/ipi-install-post-installation-configuration.adoc (Post-installation configuration)
-// * installing/installing-vsphere-installer-provisioned.adoc(Installing a cluster)
-// * installing/installing-vsphere-installer-provisioned-customizations.adoc (Installing a cluster on vSphere with customizations)
-// * installing/installing-vsphere-installer-provisioned-network-customizations.adoc (Installing a cluster on vSphere with network customizations)
-// * installing/installing-restricted-networks-installer-provisioned-vsphere.adoc (Installing a cluster on vSphere in a restricted network)
-
-ifeval::["{context}" == "installing-vsphere-installer-provisioned"]
-:vsphere:
-endif::[]
-ifeval::["{context}" == "installing-vsphere-installer-provisioned-customizations"]
-:vsphere:
-endif::[]
-ifeval::["{context}" == "installing-vsphere-installer-provisioned-network-customizations"]
-:vsphere:
-endif::[]
-ifeval::["{context}" == installing-restricted-networks-installer-provisioned-vsphere]
-:vsphere:
-endif::[]
+// OpenStack
+// * networking/load-balancing-openstack.adoc
+// Bare metal
+// * installing/installing_bare_metal_ipi/ipi-install-installation-workflow.adoc
+// * installing/installing_bare_metal_ipi/ipi-install-post-installation-configuration.adoc
+// vSphere
+// * installing/installing-vsphere-installer-provisioned-customizations.adoc
+// * installing/installing-vsphere-installer-provisioned-network-customizations.adoc
+// * installing/installing-restricted-networks-installer-provisioned-vsphere.adoc
 
 :_mod-docs-content-type: CONCEPT
 [id="nw-osp-services-external-load-balancer_{context}"]
-= Services for an external load balancer
+= Services for a user-managed load balancer
 
 You can configure an {product-title} cluster
 ifeval::["{context}" == "load-balancing-openstack"]
 on {rh-openstack-first}
 endif::[]
-to use an external load balancer in place of the default load balancer.
+to use a user-managed load balancer in place of the default load balancer.
 
 [IMPORTANT]
 ====
-Configuring an external load balancer depends on your vendor's load balancer.
+Configuring a user-managed load balancer depends on your vendor's load balancer.
 
 The information and examples in this section are for guideline purposes only. Consult the vendor documentation for more specific information about the vendor's load balancer.
 ====
 
-Red Hat supports the following services for an external load balancer:
+Red Hat supports the following services for a user-managed load balancer:
 
 * Ingress Controller
 * OpenShift API
 * OpenShift MachineConfig API
 
-You can choose whether you want to configure one or all of these services for an external load balancer. Configuring only the Ingress Controller service is a common configuration option. To better understand each service, view the following diagrams:
+You can choose whether you want to configure one or all of these services for a user-managed load balancer. Configuring only the Ingress Controller service is a common configuration option. To better understand each service, view the following diagrams:
 
 .Example network workflow that shows an Ingress Controller operating in an {product-title} environment
 image::external-load-balancer-default.png[An image that shows an example network workflow of an Ingress Controller operating in an {product-title} environment.]
@@ -54,7 +44,7 @@ image::external-load-balancer-openshift-api.png[An image that shows an example n
 .Example network workflow that shows an OpenShift MachineConfig API operating in an {product-title} environment
 image::external-load-balancer-machine-config-api.png[An image that shows an example network workflow of an OpenShift MachineConfig API operating in an {product-title} environment.]
 
-The following configuration options are supported for external load balancers:
+The following configuration options are supported for user-managed load balancers:
 
 * Use a node selector to map the Ingress Controller to a specific set of nodes. You must assign a static IP address to each node in this set, or configure each node to receive the same IP address from the Dynamic Host Configuration Protocol (DHCP). Infrastructure nodes commonly receive this type of configuration.
 
@@ -65,25 +55,12 @@ The following configuration options are supported for external load balancers:
 You can list all IP addresses that exist in a network by checking the machine config pool's resources.
 ====
 
-Before you configure an external load balancer for your {product-title} cluster, consider the following information:
+Before you configure a user-managed load balancer for your {product-title} cluster, consider the following information:
 
 * For a front-end IP address, you can use the same IP address for the front-end IP address, the Ingress Controller's load balancer, and API load balancer. Check the vendor's documentation for this capability.
 
-* For a back-end IP address, ensure that an IP address for an {product-title} control plane node does not change during the lifetime of the external load balancer. You can achieve this by completing one of the following actions:
+* For a back-end IP address, ensure that an IP address for an {product-title} control plane node does not change during the lifetime of the user-managed load balancer. You can achieve this by completing one of the following actions:
 ** Assign a static IP address to each control plane node.
 ** Configure each node to receive the same IP address from the DHCP every time the node requests a DHCP lease. Depending on the vendor, the DHCP lease might be in the form of an IP reservation or a static DHCP assignment.
 
-* Manually define each node that runs the Ingress Controller in the external load balancer for the Ingress Controller back-end service. For example, if the Ingress Controller moves to an undefined node, a connection outage can occur.
-
-ifeval::["{context}" == "installing-vsphere-installer-provisioned"]
-:!vsphere:
-endif::[]
-ifeval::["{context}" == "installing-vsphere-installer-provisioned-customizations"]
-:!vsphere:
-endif::[]
-ifeval::["{context}" == "installing-vsphere-installer-provisioned-network-customizations"]
-:!vsphere:
-endif::[]
-ifeval::["{context}" == installing-restricted-networks-installer-provisioned-vsphere]
-:!vsphere:
-endif::[]
+* Manually define each node that runs the Ingress Controller in the user-managed load balancer for the Ingress Controller back-end service. For example, if the Ingress Controller moves to an undefined node, a connection outage can occur.