OSDOCS-11830 Split Networking content for ROSA with HCP

Author: laubai

_topic_maps/_topic_map_rosa_hcp.yml

@@ -1014,6 +1014,87 @@ Topics:
 #  - Name: Advanced OADP features and functionalities
 #    File: oadp-advanced-topics
 ---
+Name: Networking
+Dir: networking
+Distros: openshift-rosa-hcp
+Topics:
+- Name: About networking
+  File: about-managed-networking
+- Name: Networking Operators
+  Dir: networking_operators
+  Distros: openshift-rosa-hcp
+  Topics:
+  - Name: AWS Load Balancer Operator
+    File: aws-load-balancer-operator
+  - Name: DNS Operator in Red Hat OpenShift Service on AWS
+    File: dns-operator
+  - Name: Ingress Operator in Red Hat OpenShift Service on AWS
+    File: ingress-operator
+  - Name: Ingress Node Firewall Operator in Red Hat OpenShift Service on AWS
+    File: ingress-node-firewall-operator
+- Name: Network verification
+  File: network-verification
+- Name: Configuring a cluster-wide proxy during installation
+  File: configuring-cluster-wide-proxy
+- Name: CIDR range definitions
+  File: cidr-range-definitions
+- Name: Network security
+  Dir: network_security
+  Distros: openshift-rosa-hcp
+  Topics:
+  - Name: Understanding network policy APIs
+    File: network-policy-apis
+  - Name: Cluster-scoped network policy
+    Dir: AdminNetworkPolicy
+    Distros: openshift-rosa-hcp
+    Topics:
+    - Name: About AdminNetworkPolicy
+      File: ovn-k-anp
+    - Name: About BaselineAdminNetworkPolicy
+      File: ovn-k-banp
+    - Name: Best practices cluster-wide network policy
+      File: ovn-k-anp-recommended-practices
+  - Name: Namespace-scoped network policy (NetworkPolicy)
+    Dir: network_policy
+    Distros: openshift-rosa-hcp
+    Topics:
+    - Name: About network policy
+      File: about-network-policy
+    - Name: Creating a network policy
+      File: creating-network-policy
+    - Name: Viewing a network policy
+      File: viewing-network-policy
+    - Name: Editing a network policy
+      File: editing-network-policy
+    - Name: Deleting a network policy
+      File: deleting-network-policy
+    - Name: Defining a default network policy for projects
+      File: default-network-policy
+    - Name: Configuring multitenant isolation with network policy
+      File: multitenant-network-policy
+  # Included for OSDOCS-13465
+  - Name: Audit logging for network security
+    File: logging-network-security
+    # OSDOCS-11830: Omitting egress firewall, ipsec encryption, zero egress
+- Name: Configuring the primary cluster network
+  Dir: ovn_kubernetes_network_provider
+  Distros: openshift-rosa-hcp
+  Topics:
+  - Name: About the OVN-Kubernetes network plugin
+    File: about-ovn-kubernetes
+# TODO OSDOCS-11830: The only instructional content in this section claims to be unsupported for HCP
+#   - Name: Configuring an egress IP address
+#     File: configuring-egress-ips-ovn
+# OpenShift SDN not supported for HCP
+- Name: Configuring Routes
+  Dir: routes
+  Distros: openshift-rosa-hcp
+  Topics:
+  - Name: Route configuration
+    File: route-configuration
+  - Name: Secured routes
+    File: secured-routes
+---
 Name: Nodes
 Dir: nodes
 Distros: openshift-rosa-hcp

cloud_experts_tutorials/cloud-experts-aws-load-balancer-operator.adoc

@@ -20,18 +20,10 @@ toc::[]
 
 include::snippets/mobb-support-statement.adoc[leveloffset=+1]
 
-ifndef::openshift-rosa-hcp[]
 [TIP]
 ====
 Load Balancers created by the AWS Load Balancer Operator cannot be used for xref:../networking/routes/route-configuration.adoc#route-configuration[OpenShift Routes], and should only be used for individual services or ingress resources that do not need the full layer 7 capabilities of an OpenShift Route.
 ====
-endif::openshift-rosa-hcp[]
-ifdef::openshift-rosa-hcp[]
-[TIP]
-====
-Load Balancers created by the AWS Load Balancer Operator cannot be used for link:https://docs.openshift.com/rosa/networking/routes/route-configuration.html[OpenShift Routes], and should only be used for individual services or ingress resources that do not need the full layer 7 capabilities of an OpenShift Route.
-====
-endif::openshift-rosa-hcp[]
 
 The link:https://kubernetes-sigs.github.io/aws-load-balancer-controller/[AWS Load Balancer Controller] manages AWS Elastic Load Balancers for a {product-title} (ROSA) cluster. The controller provisions link:https://docs.aws.amazon.com/elasticloadbalancing/latest/application/introduction.html[AWS Application Load Balancers (ALB)] when you create Kubernetes Ingress resources and link:https://docs.aws.amazon.com/elasticloadbalancing/latest/network/introduction.html[AWS Network Load Balancers (NLB)] when implementing Kubernetes Service resources with a type of LoadBalancer.
 
@@ -54,11 +46,12 @@ AWS ALBs require a multi-AZ cluster, as well as three public subnets split acros
 
 ifndef::openshift-rosa-hcp[]
 * xref:../rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-quickly.adoc#rosa-sts-creating-a-cluster-quickly[A multi-AZ ROSA classic cluster]
+* BYO VPC cluster
+//Moved inside ifndef since this is always true for HCP clusters
 endif::openshift-rosa-hcp[]
 ifdef::openshift-rosa-hcp[]
-* link:https://docs.openshift.com/rosa-hcp/rosa_hcp/rosa-hcp-sts-creating-a-cluster-quickly.html[A multi-AZ ROSA cluster]
+* xref:../rosa_hcp/rosa-hcp-sts-creating-a-cluster-quickly.adoc#rosa-hcp-sts-creating-a-cluster-quickly[A multi-AZ {hcp-title} cluster]
 endif::openshift-rosa-hcp[]
-* BYO VPC cluster
 * AWS CLI
 * OC CLI
 
@@ -123,6 +116,7 @@ $ aws ec2 create-tags \
      --tags Key=kubernetes.io/role/internal-elb,Value='' \
      --region ${REGION}
 ----
+//subnets are tagged already after rosa create network
 
 [id="installation_{context}"]
 == Installation
@@ -355,6 +349,8 @@ $ curl "http://${INGRESS}"
 ----
 Hello OpenShift!
 ----
+//TODO OSDOCS-11830: Couldn't get either of these validation checks to work, Andy R indicated that the related error seems to be that user is not authorized to do operation elasticloadbalancing:AddTags because "no identity based policy allows elasticloadbalancing:AddTags" however the linked policy does seem to allow that as far as I can tell: https://raw.githubusercontent.com/rh-mobb/documentation/main/content/rosa/aws-load-balancer-operator/load-balancer-operator-policy.json
+// That said, I'm not sure we should be getting our example policy from the rh-mobb repo
 
 . Deploy an AWS NLB for your hello world application:
 +

microshift_configuring/microshift-nw-ipv6-config.adoc

@@ -19,7 +19,7 @@ include::modules/microshift-nw-ipv6-dual-stack-migrating-config.adoc[leveloffset
 include::modules/microshift-nw-ipv6-dual-stack-reset-ipfam.adoc[leveloffset=+1]
 
 //OCP module, edit with conditionals and care
-include::modules/nw-ovn-kuberentes-limitations.adoc[leveloffset=+1]
+include::modules/nw-ovn-kubernetes-limitations.adoc[leveloffset=+1]
 
 [id="additional-resources_microshift-ipv6-config_{context}"]
 [role="_additional-resources"]

modules/albo-deleting.adoc

@@ -2,30 +2,31 @@
 //
 :_mod-docs-content-type: PROCEDURE
 [id="aws-load-balancer-operator-deleting_{context}"]
-= Deleting the example AWS Load Balancer Operator installation
+= Removing the AWS Load Balancer Operator
 
-. Delete the hello world application namespace (and all the resources in the namespace):
+If you no longer need to use the AWS Load Balancer Operator, you can remove the Operator and delete any related roles and policies.
+
+.Procedure
+. Delete the Operator Subscription:
 +
 [source,terminal]
 ----
-$ oc delete project hello-world
+$ oc delete subscription aws-load-balancer-operator -n aws-load-balancer-operator
 ----
-+
-. Delete the AWS Load Balancer Operator and the AWS IAM roles:
-+
+
+. Detach and delete the relevant AWS IAM roles:
 [source,terminal]
 ----
-$ oc delete subscription aws-load-balancer-operator -n aws-load-balancer-operator
 $ aws iam detach-role-policy \
-  --role-name "${ROSA_CLUSTER_NAME}-alb-operator" \
-  --policy-arn $POLICY_ARN
+  --role-name "<cluster-id>-alb-operator" \
+  --policy-arn <operator-policy-arn>
 $ aws iam delete-role \
-  --role-name "${ROSA_CLUSTER_NAME}-alb-operator"
+  --role-name "<cluster-id>-alb-operator"
 ----
-+
+
 . Delete the AWS IAM policy:
 +
 [source,terminal]
 ----
-$ aws iam delete-policy --policy-arn $POLICY_ARN
+$ aws iam delete-policy --policy-arn <operator-policy-arn>
 ----