diff --git a/_topic_maps/_topic_map.yml b/_topic_maps/_topic_map.yml index 1d4af5624706..088d90e66bc7 100644 --- a/_topic_maps/_topic_map.yml +++ b/_topic_maps/_topic_map.yml @@ -179,10 +179,12 @@ Topics: File: installing-aws-china - Name: Installing a cluster on AWS using CloudFormation templates File: installing-aws-user-infra - - Name: Installing a cluster on AWS with worker nodes on AWS Local Zones - File: installing-aws-localzone - Name: Installing a cluster on AWS in a restricted network with user-provisioned infrastructure File: installing-restricted-networks-aws + - Name: Installing a cluster on AWS with compute nodes on AWS Local Zones + File: installing-aws-localzone + - Name: Installing a cluster on AWS with compute nodes on AWS Wavelength Zones + File: installing-aws-wavelength-zone - Name: Installing a cluster on AWS with remote workers on AWS Outposts File: installing-aws-outposts-remote-workers - Name: Installing a three-node cluster on AWS @@ -617,8 +619,8 @@ Topics: - Name: Fedora CoreOS (FCOS) image layering File: coreos-layering Distros: openshift-origin -- Name: AWS Local Zone tasks - File: aws-compute-edge-tasks +- Name: AWS Local Zone or Wavelength Zone tasks + File: aws-compute-edge-zone-tasks Distros: openshift-enterprise - Name: Adding failure domains to an existing Nutanix cluster File: adding-nutanix-failure-domains diff --git a/installing/installing_aws/installing-aws-localzone.adoc b/installing/installing_aws/installing-aws-localzone.adoc index d8b548391d35..0dceb7b41b56 100644 --- a/installing/installing_aws/installing-aws-localzone.adoc +++ b/installing/installing_aws/installing-aws-localzone.adoc @@ -1,80 +1,55 @@ :_mod-docs-content-type: ASSEMBLY [id="installing-aws-localzone"] -= Installing a cluster on AWS with worker nodes on AWS Local Zones += Installing a cluster on AWS with compute nodes on AWS Local Zones include::_attributes/common-attributes.adoc[] :context: installing-aws-localzone +:zone-type: Local Zones toc::[] -You can quickly install an {product-title} cluster in Amazon Web Services (AWS) Local Zones by setting the zone names in the edge compute pool of the `install-config.yaml` file, or install a cluster in an existing VPC that lists Local Zone subnets. +You can quickly install an {product-title} cluster on Amazon Web Services (AWS) {zone-type} by setting the zone names in the edge compute pool of the `install-config.yaml` file, or install a cluster in an existing Amazon Virtual Private Cloud (VPC) with Local Zone subnets. -AWS Local Zones are a type of infrastructure that place Cloud Resources close to metropolitan regions. For more information, see the link:https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-local-zones[AWS Local Zones Documentation]. +AWS {zone-type} is an infrastructure that place Cloud Resources close to metropolitan regions. For more information, see the link:https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-local-zones[AWS Local Zones Documentation]. -[IMPORTANT] -==== -The steps for performing an installer-provisioned infrastructure installation are provided for example purposes only. Installing a cluster in an existing VPC requires that you have knowledge of the cloud provider and the installation process of {product-title}. You can use a CloudFormation template to assist you with completing these steps or to help model your own cluster installation. Instead of using the CloudFormation template to create resources, you can decide to use other methods for generating these resources. -==== +// Infrastructure prerequisites +include::modules/aws-zones-prerequisites.adoc[leveloffset=+1] -== Prerequisites +[id="installation-about-local-zone-edge-compute-pool_{context}"] +== About AWS Local Zones and edge compute pool -* You reviewed details about the xref:../../architecture/architecture-installation.adoc#architecture-installation[{product-title} installation and update] processes. -* You read the documentation on xref:../../installing/installing-preparing.adoc#installing-preparing[selecting a cluster installation method and preparing it for users]. -* You xref:../../installing/installing_aws/installing-aws-account.adoc#installing-aws-account[configured an AWS account] to host the cluster. -+ -[IMPORTANT] -==== -If you have an AWS profile stored on your computer, it must not use a temporary session token that you generated while using a multi-factor authentication device. The cluster continues to use your current AWS credentials to create AWS resources for the entire life of the cluster, so you must use key-based, long-term credentials. To generate appropriate keys, see link:https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html[Managing Access Keys for IAM Users] in the AWS documentation. You can supply the keys when you run the installation program. -==== -* You noted the region and supported link:https://aws.amazon.com/about-aws/global-infrastructure/localzones/locations[AWS Local Zones locations] to create the network resources in. -* You read the link:https://aws.amazon.com/about-aws/global-infrastructure/localzones/features/[Features] for each AWS Local Zones location. -* You downloaded the AWS CLI and installed it on your computer. See link:https://docs.aws.amazon.com/cli/latest/userguide/install-bundle.html[Install the AWS CLI Using the Bundled Installer (Linux, macOS, or UNIX)] in the AWS documentation. -* If you use a firewall, you xref:../../installing/install_config/configuring-firewall.adoc#configuring-firewall[configured it to allow the sites] that your cluster requires access to. -+ -[NOTE] -==== -Be sure to also review this site list if you are configuring a proxy. -==== -* Add permission for the user who creates the cluster to modify the Local Zone group with `ec2:ModifyAvailabilityZoneGroup`. For example: -+ -.An example of a permissive IAM policy to attach to a user or role -[source,yaml] ----- -{ - "Version": "2012-10-17", - "Statement": [ - { - "Action": [ - "ec2:ModifyAvailabilityZoneGroup" - ], - "Effect": "Allow", - "Resource": "*" - } - ] -} ----- - -// Cluster limitations in AWS Local Zones -include::modules/cluster-limitations-local-zone.adoc[leveloffset=+1] +Read the following sections to understand infrastructure behaviors and cluster limitations in an AWS {zone-type} environment. + +// Cluster limitations +include::modules/cluster-limitations-aws-zone.adoc[leveloffset=+2] + +// About edge compute pools +include::modules/edge-machine-pools-aws-local-zones.adoc[leveloffset=+2] [role="_additional-resources"] .Additional resources +* xref:../../networking/changing-cluster-network-mtu.adoc#mtu-value-selection_changing-cluster-network-mtu[MTU value selection] +* xref:../../networking/changing-cluster-network-mtu.adoc#nw-ovn-ipsec-enable_configuring-ipsec-ovn[Changing the MTU for the cluster network] +* xref:../../nodes/scheduling/nodes-scheduler-taints-tolerations.adoc#nodes-scheduler-taints-tolerations-about_nodes-scheduler-taints-tolerations[Understanding taints and tolerations] * xref:../../storage/understanding-persistent-storage.adoc#pvc-storage-class_understanding-persistent-storage[Storage classes] - * xref:../../networking/ingress-sharding.html#nw-ingress-sharding_ingress-sharding[Ingress Controller sharding] +[id="installation-prereqs-aws-local-zone_{context}"] +== Installation prerequisites + +Before you install a cluster in an AWS {zone-type} environment, you must configure your infrastructure so that it can adopt Local Zone capabilities. + +// Opting in to AWS Local Zones +include::modules/installation-aws-add-zone-locations.adoc[leveloffset=+2] + // Internet access for OpenShift Container Platform -include::modules/cluster-entitlements.adoc[leveloffset=+1] +include::modules/cluster-entitlements.adoc[leveloffset=+2] // Obtaining an AWS Marketplace image -include::modules/installation-aws-marketplace-subscribe.adoc[leveloffset=+1] +include::modules/installation-aws-marketplace-subscribe.adoc[leveloffset=+2] //Installing the OpenShift CLI by downloading the binary: Moved up to precede `ccoctl` steps, which require the use of `oc` -include::modules/cli-installing-cli.adoc[leveloffset=+1] - -== Preparing for the installation - -Before you extend nodes to local zones, you must prepare certain resources for the cluster installation environment. +include::modules/cli-installing-cli.adoc[leveloffset=+2] // Obtaining the installation program include::modules/installation-obtaining-installer.adoc[leveloffset=+2] @@ -82,8 +57,10 @@ include::modules/installation-obtaining-installer.adoc[leveloffset=+2] // Generating a key pair for cluster node SSH access include::modules/ssh-agent-using.adoc[leveloffset=+2] -// Creating the installation files for AWS -include::modules/installation-user-infra-generate.adoc[leveloffset=+2] +[id="prep-installation-aws-local-zone_{context}"] +== Preparing for the installation + +Before you extend nodes to {zone-type}, you must prepare certain resources for the cluster installation environment. // Minimum resource requirements for cluster installation include::modules/installation-minimum-resource-requirements.adoc[leveloffset=+2] @@ -94,80 +71,44 @@ include::modules/installation-aws-tested-machine-types.adoc[leveloffset=+2] [role="_additional-resources"] .Additional resources -* See link:https://aws.amazon.com/about-aws/global-infrastructure/localzones/features/[AWS Local Zones features] in the AWS documentation for more information about AWS Local Zones and the supported instances types and services. +* See link:https://aws.amazon.com/about-aws/global-infrastructure/localzones/features/[AWS Local Zones features] in the AWS documentation. // Creating the installation configuration file include::modules/installation-generate-aws-user-infra-install-config.adoc[leveloffset=+2] -// Suggest to standarize edge-pool's specific files with same prefixes, like: machine-edge-pool-[...] or compute-edge-pool-[...] (which is more compatible with install-config.yaml/compute) -// Edge compute pools and AWS Local Zones -include::modules/edge-machine-pools-aws-local-zones.adoc[leveloffset=+2] +// Examples of installation configuration files with edge compute pools +include::modules/installation-aws-edge-compute-pools-examples.adoc[leveloffset=+2] + +// Customizing Cluster Network MTU +include::modules/installation-aws-cluster-network-mtu.adoc[leveloffset=+2] [role="_additional-resources"] .Additional resources -* xref:../../networking/changing-cluster-network-mtu.adoc#mtu-value-selection_changing-cluster-network-mtu[Changing the MTU for the cluster network] -* xref:../../networking/changing-cluster-network-mtu.adoc#nw-ovn-ipsec-enable_configuring-ipsec-ovn[Enabling IPsec encryption] -* xref:../../nodes/scheduling/nodes-scheduler-taints-tolerations.adoc#nodes-scheduler-taints-tolerations-about_nodes-scheduler-taints-tolerations[Understanding taints and tolerations] - -//// -// Revisit the need for the link to this section based on testing outcome of 4.15 Wavelenght Zone testing work that also assesses Manual STS, Manual long-term, and Mint routes. -//Supertask: Configuring an AWS cluster to use short-term credentials -[id="installing-aws-with-short-term-creds_{context}"] -== Optional: Configuring an AWS cluster to use short-term credentials - -To install a cluster that is configured to use the AWS Security Token Service (STS), you must configure the CCO utility and create the required AWS resources for your cluster. - -[NOTE] -==== -To use the AWS STS, you must configure the Cloud Credential Operator (CCO) to run in manual mode. As part of the installation process, you set `credentialsMode` parameter to `Manual` after creating the `install-config.yaml` installation configuration file. -==== - -//Task part 1: Configuring the Cloud Credential Operator utility -include::modules/cco-ccoctl-configuring.adoc[leveloffset=+2] - -//Task part 2: Creating the required AWS resources -[id="sts-mode-create-aws-resources-ccoctl_{context}"] -=== Creating AWS resources with the Cloud Credential Operator utility - -You have the following options when creating AWS resources: - -* You can use the `ccoctl aws create-all` command to create the AWS resources automatically. This is the quickest way to create the resources. See xref:../../installing/installing_aws/installing-aws-localzone.adoc#cco-ccoctl-creating-at-once_installing-aws-localzone[Creating AWS resources with a single command]. - -* If you need to review the JSON files that the `ccoctl` tool creates before modifying AWS resources, or if the process the `ccoctl` tool uses to create AWS resources automatically does not meet the requirements of your organization, you can create the AWS resources individually. See xref:../../installing/installing_aws/installing-aws-localzone.adoc#cco-ccoctl-creating-individually_installing-aws-localzone[Creating AWS resources individually]. - -//Task part 2a: Creating the required AWS resources all at once -include::modules/cco-ccoctl-creating-at-once.adoc[leveloffset=+3] - -//Task part 2b: Creating the required AWS resources individually -include::modules/cco-ccoctl-creating-individually.adoc[leveloffset=+3] -//// - -// Opting in to AWS Local Zones -include::modules/installation-aws-add-local-zone-locations.adoc[leveloffset=+1] +* For more information about the maximum supported maximum transmission unit (MTU) value, see link:https://docs.aws.amazon.com/local-zones/latest/ug/how-local-zones-work.html#considerations[AWS resources supported in Local Zones] in the AWS documentation. // Cluster installation options for an AWS Local Zone environment include::modules/aws-cluster-installation-options-aws-lzs.adoc[leveloffset=+1] .Next steps -Choose one of the following options to install an {product-title} cluster in an AWS Local Zones environment: +Choose one of the following options to install an {product-title} cluster in an AWS {zone-type} environment: -* xref:../../installing/installing_aws/installing-aws-localzone.adoc#installation-cluster-quickly-extend-workers_installing-aws-localzone[Installing a cluster quickly in AWS Local Zones] +* xref:../../installing/installing_aws/installing-aws-localzone.adoc#installation-cluster-quickly-extend-compute-nodes_installing-aws-localzone[Installing a cluster quickly in AWS Local Zones] * xref:../../installing/installing_aws/installing-aws-localzone.adoc#creating-aws-local-zone-environment-existing_installing-aws-localzone[Installing a cluster in an existing VPC with defined Local Zone subnets] // Installing a cluster quickly in AWS Local Zones -include::modules/installation-cluster-quickly-extend-workers.adoc[leveloffset=+1] +include::modules/installation-cluster-quickly-extend-compute-nodes.adoc[leveloffset=+1] // Modifying an installation configuration to use AWS Local Zones -include::modules/install-creating-install-config-aws-local-zones.adoc[leveloffset=+2] +include::modules/install-creating-install-config-aws-edge-zones.adoc[leveloffset=+2] [role="_additional-resources"] .Additional resources -* xref:../../installing/installing_aws/installing-aws-localzone.adoc#cluster-limitations-local-zone_installing-aws-localzone[Creating the installation configuration file] +* xref:../../installing/installing_aws/installing-aws-localzone.adoc#installation-generate-aws-user-infra-install-config_installing-aws-localzone[Creating the installation configuration file] -* xref:../../installing/installing_aws/installing-aws-localzone.adoc#cluster-limitations-local-zone_installing-aws-localzone[Cluster limitations in AWS Local Zones] +* xref:../../installing/installing_aws/installing-aws-localzone.adoc#cluster-limitations-aws-zone_installing-aws-localzone[Cluster limitations in AWS Local Zones] .Next steps * xref:../../installing/installing_aws/installing-aws-localzone.adoc#installation-launching-installer_installing-aws-localzone[Deploying the cluster] @@ -177,26 +118,32 @@ include::modules/install-creating-install-config-aws-local-zones.adoc[leveloffse You can install a cluster into an existing Amazon Virtual Private Cloud (VPC) on Amazon Web Services (AWS). The installation program provisions the rest of the required infrastructure, which you can further customize. To customize the installation, modify parameters in the `install-config.yaml` file before you install the cluster. -Installing a cluster on AWS into an existing VPC requires extending workers to the edge of the Cloud Infrastructure by using AWS Local Zones. - -Local Zone subnets extend regular workers' nodes to edge networks. Each edge worker nodes runs a user workload. After you create an Amazon Web Service (AWS) Local Zone environment, and you deploy your cluster, you can use edge worker nodes to create user workloads in Local Zone subnets. +Installing a cluster on AWS into an existing VPC requires extending compute nodes to the edge of the Cloud Infrastructure by using AWS {zone-type}. -You can use a provided CloudFormation template to create the VPC and public subnets. Additionally, you can modify a template to customize your infrastructure or use the information that they contain to create AWS objects according to your company's policies. +Local Zone subnets extend regular compute nodes to edge networks. Each edge compute nodes runs a user workload. After you create an Amazon Web Service (AWS) Local Zone environment, and you deploy your cluster, you can use edge compute nodes to create user workloads in Local Zone subnets. [NOTE] ==== If you want to create private subnets, you must either modify the provided CloudFormation template or create your own template. ==== +You can use a provided CloudFormation template to create network resources. Additionally, you can modify a template to customize your infrastructure or use the information that they contain to create AWS resources according to your company's policies. + +[IMPORTANT] +==== +The steps for performing an installer-provisioned infrastructure installation are provided for example purposes only. Installing a cluster in an existing VPC requires that you have knowledge of the cloud provider and the installation process of {product-title}. You can use a CloudFormation template to assist you with completing these steps or to help model your own cluster installation. Instead of using the CloudFormation template to create resources, you can decide to use other methods for generating these resources. +==== + // Creating a VPC in AWS include::modules/installation-creating-aws-vpc-localzone.adoc[leveloffset=+2] -// Creating a subnet in AWS Local Zones -include::modules/installation-creating-aws-subnet-localzone.adoc[leveloffset=+2] + // CloudFormation template for the VPC include::modules/installation-cloudformation-vpc-localzone.adoc[leveloffset=+2] -// AWS security groups -include::modules/installation-aws-security-groups.adoc[leveloffset=+2] -// CloududFormation template for the subnet that uses AWS Local Zones + +// Creating subnets in Local Zones +include::modules/installation-creating-aws-vpc-subnets-lz.adoc[leveloffset=+2] + +// CloudFormation template for the subnet that uses AWS Local Zones include::modules/installation-cloudformation-subnet-localzone.adoc[leveloffset=+2] [role="_additional-resources"] @@ -204,57 +151,45 @@ include::modules/installation-cloudformation-subnet-localzone.adoc[leveloffset=+ * You can view details about the CloudFormation stacks that you create by navigating to the link:https://console.aws.amazon.com/cloudformation/[AWS CloudFormation console]. -// Modifying an installation configuration file to use AWS Local Zones subnets -include::modules/install-creating-install-config-aws-local-zones-subnets.adoc[leveloffset=+2] +// Modifying an installation configuration file to use AWS Wavelength Zones subnets +include::modules/installing-aws-edge-zones-custom-vpc-config.adoc[leveloffset=+2] [role="_additional-resources"] .Additional resources -* See link:https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html[Configuration and credential file settings] in the AWS documentation for more information about AWS profile and credential configuration. - -//include::modules/installation-configure-proxy.adoc[leveloffset=+2] -//Put this back if QE validates it. - -// Verify removal due to automation. -// include::modules/installation-localzone-generate-k8s-manifest.adoc[leveloffset=+2] - -//// -// Revisit the need for the link to this section based on testing outcome of 4.15 Wavelenght Zone testing work that also assesses Manual STS, Manual long-term, and Mint routes. -[id="installing-aws-manual-modes_{context}"] -== Alternatives to storing administrator-level secrets in the kube-system project +* For more information about viewing the CloudFormation stacks that you created, see link:https://console.aws.amazon.com/cloudformation[AWS CloudFormation console]. +* For more information about AWS profile and credential configuration, see link:https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html[Configuration and credential file settings] in the AWS documentation. -By default, administrator secrets are stored in the `kube-system` project. If you configured the `credentialsMode` parameter in the `install-config.yaml` file to `Manual`, you must use one of the following alternatives: - -* If you configured the CCO utility (`ccoctl`) to implement short-term credentials for individual components, follow the procedure in xref:../../installing/installing_aws/installing-aws-localzone.adoc#cco-ccoctl-install-creating-manifests_installing-aws-localzone[Incorporating the Cloud Credential Operator utility manifests]. - -* If you will manage cloud credentials manually, follow the procedure in xref:../../installing/installing_aws/installing-aws-localzone.adoc#manually-create-iam_installing-aws-localzone[Manually creating long-term credentials]. +.Next steps +* xref:../../installing/installing_aws/installing-aws-localzone.adoc#installation-launching-installer_installing-aws-localzone[Deploying the cluster] -// Additional steps for the Cloud Credential Operator utility (`ccoctl`) -include::modules/cco-ccoctl-install-creating-manifests.adoc[leveloffset=+2] +// Optional: AWS security groups +include::modules/installation-aws-security-groups.adoc[leveloffset=+1] -//Manually creating IAM -include::modules/manually-create-identity-access-management.adoc[leveloffset=+2] -//// +// Optional: Assign public IP to edge compute nodes (optional) +include::modules/installing-with-edge-node-public.adoc[leveloffset=+1] // Deploying the cluster include::modules/installation-launching-installer.adoc[leveloffset=+1] -.Next steps -* xref:../../post_installation_configuration/cluster-tasks.adoc#installation-extend-edge-nodes-aws-local-zones_post-install-cluster-tasks[Creating user workloads in AWS Local Zones] +[id="verify-aws-local-zone-deployed-cluster-status_{context}"] +== Verifying the status of the deployed cluster + +Verify that your {product-title} successfully deployed on AWS {zone-type}. // Logging in to the cluster by using the CLI -include::modules/cli-logging-in-kubeadmin.adoc[leveloffset=+1] +include::modules/cli-logging-in-kubeadmin.adoc[leveloffset=+2] // Logging in to the cluster by using the web console -include::modules/logging-in-by-using-the-web-console.adoc[leveloffset=+1] +include::modules/logging-in-by-using-the-web-console.adoc[leveloffset=+2] [role="_additional-resources"] .Additional resources -* See xref:../../web_console/web-console.adoc#web-console[Accessing the web console] for more details about accessing and understanding the {product-title} web console. +* For more information about accessing and understanding the {product-title} web console, see xref:../../web_console/web-console.adoc#web-console[Accessing the web console] for more details about accessing and understanding the {product-title} web console. // Verifying nodes that were created with edge compute pool -include::modules/machine-edge-pool-review-nodes.adoc[leveloffset=+1] +include::modules/machine-edge-pool-review-nodes.adoc[leveloffset=+2] // Telemetry access for OpenShift Container Platform include::modules/cluster-telemetry.adoc[leveloffset=+1] @@ -262,16 +197,10 @@ include::modules/cluster-telemetry.adoc[leveloffset=+1] [role="_additional-resources"] .Additional resources -* See xref:../../support/remote_health_monitoring/about-remote-health-monitoring.adoc#about-remote-health-monitoring[About remote health monitoring] for more information about the Telemetry service. +* For more information about the Telemetry service, see xref:../../support/remote_health_monitoring/about-remote-health-monitoring.adoc#about-remote-health-monitoring[About remote health monitoring]. -[id="installing-aws-localzone-next-steps"] -== Next steps +.Next steps -* xref:../../post_installation_configuration/cluster-tasks.adoc#installation-extend-edge-nodes-aws-local-zones_post-install-cluster-tasks[Creating user workloads in AWS Local Zones]. +//* xref:../../post_installation_configuration/aws-compute-edge-zone-tasks#installation-extend-edge-nodes-aws-local-zones_aws-compute-edge-zone-tasks[Creating user workloads in AWS Local Zones or Wavelength Zones] * xref:../../installing/validating-an-installation.adoc#validating-an-installation[Validating an installation]. -* xref:../../post_installation_configuration/cluster-tasks.adoc#available_cluster_customizations[Customize your cluster]. -* If necessary, you can xref:../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#opting-out-remote-health-reporting_opting-out-remote-health-reporting[opt out of remote health reporting]. -//// -// Revisit the need for the link to this section based on testing outcome of 4.15 Wavelenght Zone testing work that also assesses Manual STS, Manual long-term, and Mint routes. -* If necessary, you can xref:../../post_installation_configuration/cluster-tasks.adoc#manually-removing-cloud-creds_post-install-cluster-tasks[remove cloud provider credentials]. -//// +* If necessary, you can xref:../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#opting-out-remote-health-reporting_opting-out-remote-health-reporting[opt out of remote health]. diff --git a/installing/installing_aws/installing-aws-wavelength-zone.adoc b/installing/installing_aws/installing-aws-wavelength-zone.adoc new file mode 100644 index 000000000000..d2048a2d6583 --- /dev/null +++ b/installing/installing_aws/installing-aws-wavelength-zone.adoc @@ -0,0 +1,210 @@ +:_mod-docs-content-type: ASSEMBLY +[id="installing-aws-wavelength-zone"] += Installing a cluster on AWS with compute nodes on AWS Wavelength Zones +include::_attributes/common-attributes.adoc[] +:context: installing-aws-wavelength-zone +:zone-type: Wavelength Zones + +toc::[] + +You can quickly install an {product-title} cluster on Amazon Web Services (AWS) {zone-type} by setting the zone names in the edge compute pool of the `install-config.yaml` file, or install a cluster in an existing Amazon Virtual Private Cloud (VPC) with Wavelength Zone subnets. + +AWS {zone-type} is an infrastructure that AWS configured for mobile edge computing (MEC) applications. + +A Wavelength Zone embeds AWS compute and storage services within the 5G network of a communication service provider (CSP). By placing application servers in a Wavelength Zone, the application traffic from your 5G devices can stay in the 5G network. The application traffic of the device reaches the target server directly, making latency a non-issue. + +[role="_additional-resources"] +.Additional resources + +* See link:https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-regions-availability-zones.html#concepts-wavelength-zones[Wavelength Zones] in the AWS documentation. + +// Infrastructure prerequisites +include::modules/aws-zones-prerequisites.adoc[leveloffset=+1] + +[id="about-aws-wavelength-zone-edge-compute-pool_{context}"] +== About AWS Wavelength Zones and edge compute pool + +Read the following sections to understand infrastructure behaviors and cluster limitations in an AWS {zone-type} environment. + +// Cluster limitations +include::modules/cluster-limitations-aws-zone.adoc[leveloffset=+2] + +// About edge compute pools +include::modules/edge-machine-pools-aws-local-zones.adoc[leveloffset=+2] + +[role="_additional-resources"] +.Additional resources + +* xref:../../networking/changing-cluster-network-mtu.adoc#mtu-value-selection_changing-cluster-network-mtu[MTU value selection] +* xref:../../networking/changing-cluster-network-mtu.adoc#nw-ovn-ipsec-enable_configuring-ipsec-ovn[Changing the MTU for the cluster network] +* xref:../../nodes/scheduling/nodes-scheduler-taints-tolerations.adoc#nodes-scheduler-taints-tolerations-about_nodes-scheduler-taints-tolerations[Understanding taints and tolerations] +* xref:../../storage/understanding-persistent-storage.adoc#pvc-storage-class_understanding-persistent-storage[Storage classes] +* xref:../../networking/ingress-sharding.html#nw-ingress-sharding_ingress-sharding[Ingress Controller sharding] + +[id="installation-prereqs-aws-wavelength-zone_{context}"] +== Installation prerequisites + +Before you install a cluster in an AWS {zone-type} environment, you must configure your infrastructure so that it can adopt Wavelength Zone capabilities. + +// Opting in to AWS Zones +include::modules/installation-aws-add-zone-locations.adoc[leveloffset=+2] + +// Internet access for OpenShift Container Platform +include::modules/cluster-entitlements.adoc[leveloffset=+2] + +// Obtaining an AWS Marketplace image +include::modules/installation-aws-marketplace-subscribe.adoc[leveloffset=+2] + +//Installing the OpenShift CLI by downloading the binary +include::modules/cli-installing-cli.adoc[leveloffset=+2] + +// Obtaining the installation program +include::modules/installation-obtaining-installer.adoc[leveloffset=+2] + +// Generating a key pair for cluster node SSH access +include::modules/ssh-agent-using.adoc[leveloffset=+2] + +[id="prep-installation-aws-wavelength-zone_{context}"] +== Preparing for the installation + +Before you extend nodes to {zone-type}, you must prepare certain resources for the cluster installation environment. + +// Minimum resource requirements for cluster installation +include::modules/installation-minimum-resource-requirements.adoc[leveloffset=+2] + +// Tested instance types for AWS +include::modules/installation-aws-tested-machine-types.adoc[leveloffset=+2] + +[role="_additional-resources"] +.Additional resources + +* See link:https://aws.amazon.com/wavelength/features/[AWS Wavelength features] in the AWS documentation. + +// Creating the installation files for AWS +//include::modules/installation-user-infra-generate.adoc[leveloffset=+2] - Check with Marco if it is needed. + +// Creating the installation configuration file +include::modules/installation-generate-aws-user-infra-install-config.adoc[leveloffset=+2] + +// Examples of installation configuration files with edge compute pools +include::modules/installation-aws-edge-compute-pools-examples.adoc[leveloffset=+2] + +// Cluster installation options for an AWS Wavelength Zone environment +include::modules/aws-cluster-installation-options-aws-lzs.adoc[leveloffset=+1] + +.Next steps + +Choose one of the following options to install an {product-title} cluster in an AWS {zone-type} environment: + +* xref:../../installing/installing_aws/installing-aws-wavelength-zone.adoc#installation-cluster-quickly-extend-compute-nodes_installing-aws-wavelength-zone[Installing a cluster quickly in AWS Wavelength Zones] +* xref:../../installing/installing_aws/installing-aws-wavelength-zone.adoc#install-creating-install-config-aws-edge-zones_installing-aws-wavelength-zone[Modifying an installation configuration file to use AWS Wavelength Zones] + +// Installing a cluster quickly in AWS Wavelength Zones +include::modules/installation-cluster-quickly-extend-compute-nodes.adoc[leveloffset=+1] + +// Modifying an installation configuration to use AWS Wavelength Zones +include::modules/install-creating-install-config-aws-edge-zones.adoc[leveloffset=+2] + +[role="_additional-resources"] +.Additional resources + +* xref:../../installing/installing_aws/installing-aws-wavelength-zone.adoc#installation-generate-aws-user-infra-install-config_installing-aws-wavelength-zone[Creating the installation configuration file] + +* xref:../../installing/installing_aws/installing-aws-wavelength-zone.adoc#cluster-limitations-aws-zone_installing-aws-wavelength-zone[Cluster limitations in AWS {zone-type}] + +.Next steps +* xref:../../installing/installing_aws/installing-aws-wavelength-zone.adoc#installation-launching-installer_installing-aws-wavelength-zone[Deploying the cluster] + +[id="creating-aws-wavelength-zone-environment-existing_{context}"] +== Installing a cluster in an existing VPC that has Wavelength Zone subnets + +You can install a cluster into an existing Amazon Virtual Private Cloud (VPC) on Amazon Web Services (AWS). The installation program provisions the rest of the required infrastructure, which you can further customize. To customize the installation, modify parameters in the `install-config.yaml` file before you install the cluster. + +Installing a cluster on AWS into an existing VPC requires extending compute nodes to the edge of the Cloud Infrastructure by using AWS {zone-type}. + +You can use a provided CloudFormation template to create network resources. Additionally, you can modify a template to customize your infrastructure or use the information that they contain to create AWS resources according to your company's policies. + +[IMPORTANT] +==== +The steps for performing an installer-provisioned infrastructure installation are provided for example purposes only. Installing a cluster in an existing VPC requires that you have knowledge of the cloud provider and the installation process of {product-title}. You can use a CloudFormation template to assist you with completing these steps or to help model your own cluster installation. Instead of using the CloudFormation template to create resources, you can decide to use other methods for generating these resources. +==== + +// Creating a VPC in AWS +include::modules/installation-creating-aws-vpc-localzone.adoc[leveloffset=+2] + +// CloudFormation template for the VPC +include::modules/installation-cloudformation-vpc-localzone.adoc[leveloffset=+2] + +// Creating a VPC Carrier Gateway +include::modules/installation-creating-aws-vpc-carrier-gw.adoc[leveloffset=+2] + +[role="_additional-resources"] +.Additional resources + +* See link:https://aws.amazon.com/s3/[Amazon S3] in the AWS documentation. + +// CloudFormation template for the VPC Carrier Gateway +include::modules/installation-cloudformation-vpc-carrier-gw.adoc[leveloffset=+2] + +// Creating subnets in Wavelength Zones +include::modules/installation-creating-aws-vpc-subnets-wz.adoc[leveloffset=+2] + +// CloudFormation template for the subnet that uses AWS Wavelength Zones +include::modules/installation-cloudformation-subnet-localzone.adoc[leveloffset=+2] + +// Modifying an installation configuration file to use AWS Wavelength Zones subnets +include::modules/installing-aws-edge-zones-custom-vpc-config.adoc[leveloffset=+2] + +[role="_additional-resources"] +.Additional resources + +* For more information about viewing the CloudFormation stacks that you created, see link:https://console.aws.amazon.com/cloudformation[AWS CloudFormation console]. +* For more information about AWS profile and credential configuration, see link:https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html[Configuration and credential file settings] in the AWS documentation. + +.Next steps +* xref:../../installing/installing_aws/installing-aws-wavelength-zone.adoc#installation-launching-installer_installing-aws-wavelength-zone[Deploying the cluster] + +// Assign public IP to edge compute nodes (optional) +include::modules/installing-with-edge-node-public.adoc[leveloffset=+1] + +//TODO: Put this back if QE validates it: ASK MARCO +//include::modules/installation-configure-proxy.adoc[leveloffset=+2] + +//TODO: Verify removal due to automation. ASK MARCO +//include::modules/installation-localzone-generate-k8s-manifest.adoc[leveloffset=+2] + +// Deploying the cluster +include::modules/installation-launching-installer.adoc[leveloffset=+1] + +[id="verify-aws-wavelength-zone-deployed-cluster-status_{context}"] +== Verifying the status of the deployed cluster + +Verify that your {product-title} successfully deployed on AWS {zone-type}. + +// Logging in to the cluster by using the CLI +include::modules/cli-logging-in-kubeadmin.adoc[leveloffset=+2] + +// Logging in to the cluster by using the web console +include::modules/logging-in-by-using-the-web-console.adoc[leveloffset=+2] + +[role="_additional-resources"] +.Additional resources + +* For more information about accessing and understanding the {product-title} web console, see xref:../../web_console/web-console.adoc#web-console[Accessing the web console] for more details about accessing and understanding the {product-title} web console. + +// Verifying nodes that were created with edge compute pool +include::modules/machine-edge-pool-review-nodes.adoc[leveloffset=+2] + +// Telemetry access for OpenShift Container Platform +include::modules/cluster-telemetry.adoc[leveloffset=+1] + +[role="_additional-resources"] +.Additional resources + +* For more information about the Telemetry service, see xref:../../support/remote_health_monitoring/about-remote-health-monitoring.adoc#about-remote-health-monitoring[About remote health monitoring]. + +.Next steps + +//* xref:../../post_installation_configuration/aws-compute-edge-zone-tasks#installation-extend-edge-nodes-aws-local-zones_aws-compute-edge-zone-tasks[Creating user workloads in AWS Local Zones or Wavelength Zones] +* xref:../../installing/validating-an-installation.adoc#validating-an-installation[Validating an installation]. +* If necessary, you can xref:../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#opting-out-remote-health-reporting_opting-out-remote-health-reporting[opt out of remote health]. diff --git a/modules/aws-cluster-installation-options-aws-lzs.adoc b/modules/aws-cluster-installation-options-aws-lzs.adoc index b4a44ea4ebc1..3ebfeb897eff 100644 --- a/modules/aws-cluster-installation-options-aws-lzs.adoc +++ b/modules/aws-cluster-installation-options-aws-lzs.adoc @@ -1,13 +1,32 @@ // Module included in the following assemblies: // -// * installing/installing_aws/installing-aws-localzone.adoc +// * installing/installing-aws-localzone.adoc (Installing a cluster on AWS with compute nodes on AWS Local Zones) +// * installing/installing-aws-wavelength.adoc (Installing a cluster on AWS with compute nodes on AWS Wavelength Zones) + +ifeval::["{context}" == "installing-aws-localzone"] +:local-zone: +endif::[] +ifeval::["{context}" == "installing-aws-wavelength-zone"] +:wavelength-zone: +endif::[] :_mod-docs-content-type: CONCEPT [id="aws-cluster-installation-options-aws-lzs_{context}"] +ifdef::local-zone[] = Cluster installation options for an AWS Local Zones environment +endif::local-zone[] +ifdef::wavelength-zone[] += Cluster installation options for an AWS Wavelength Zones environment +endif::wavelength-zone[] -To install an {product-title} cluster in an AWS Local Zones environment on AWS infrastructure, choose one of the following installation options: +Choose one of the following installation options to install an {product-title} cluster on AWS with edge compute nodes defined in {zone-type}: -* Installing a cluster to quickly extend workers to edge compute pools, where the installation program automatically creates resources for the {product-title} cluster. +* Fully automated option: Installing a cluster to quickly extend compute nodes to edge compute pools, where the installation program automatically creates infrastructure resources for the {product-title} cluster. +* Existing VPC option: Installing a cluster on AWS into an existing VPC, where you supply {zone-type} subnets to the `install-config.yaml` file. -* Installing a cluster on AWS into an existing VPC, where you must add Local Zone subnets to the `install-config.yaml` file. +ifeval::["{context}" == "installing-aws-localzone"] +:!local-zone: +endif::[] +ifeval::["{context}" == "installing-aws-wavelength-zone"] +:!wavelength-zone: +endif::[] diff --git a/modules/aws-zones-prerequisites.adoc b/modules/aws-zones-prerequisites.adoc new file mode 100644 index 000000000000..b14324b3ab5a --- /dev/null +++ b/modules/aws-zones-prerequisites.adoc @@ -0,0 +1,88 @@ +// Module included in the following assemblies: +// +// * installing/installing-aws-localzone.adoc (Installing a cluster on AWS with worker nodes on AWS Local Zones) +// * installing/installing-aws-wavelength-zone.adoc (Installing a cluster on AWS with worker nodes on AWS Wavelength Zones) + +ifeval::["{context}" == "installing-aws-localzone"] +:local-zone: +endif::[] +ifeval::["{context}" == "installing-aws-wavelength-zone"] +:wavelength-zone: +endif::[] + +:_mod-docs-content-type: CONCEPT +[id="aws-zones-prerequisites_{context}"] += Infrastructure prerequisites + +* You reviewed details about xref:../../architecture/architecture-installation.adoc#architecture-installation[{product-title} installation and update] processes. +* You are familiar with xref:../../installing/installing-preparing.adoc#installing-preparing[Selecting a cluster installation method and preparing it for users]. +* You xref:../../installing/installing_aws/installing-aws-account.adoc#installing-aws-account[configured an AWS account] to host the cluster. ++ +[WARNING] +==== +If you have an AWS profile stored on your computer, it must not use a temporary session token that you generated while using a multi-factor authentication device. The cluster continues to use your current AWS credentials to create AWS resources for the entire life of the cluster, so you must use key-based, long-term credentials. To generate appropriate keys, see link:https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html[Managing Access Keys for IAM Users] in the AWS documentation. You can supply the keys when you run the installation program. +==== +* You downloaded the AWS CLI and installed it on your computer. See link:https://docs.aws.amazon.com/cli/latest/userguide/install-bundle.html[Install the AWS CLI Using the Bundled Installer (Linux, macOS, or UNIX)] in the AWS documentation. +* If you use a firewall, you xref:../../installing/install_config/configuring-firewall.adoc#configuring-firewall[configured it to allow the sites] that your cluster must access. +ifdef::local-zone[] +* You noted the region and supported link:https://aws.amazon.com/about-aws/global-infrastructure/localzones/locations[AWS Local Zones locations] to create the network resources in. +* You read the link:https://aws.amazon.com/about-aws/global-infrastructure/localzones/features/[AWS Local Zones features] in the AWS documentation. +* You added permissions for creating network resources that support AWS Local Zones to the Identity and Access Management (IAM) user or role. The following example enables a zone group that can provide a user or role access for creating network network resources that support AWS {zone-type}. ++ +.Example of an additional IAM policy with the `ec2:ModifyAvailabilityZoneGroup` permission attached to an IAM user or role. ++ +[source,yaml] +---- +{ + "Version": "2012-10-17", + "Statement": [ + { + "Action": [ + "ec2:ModifyAvailabilityZoneGroup" + ], + "Effect": "Allow", + "Resource": "*" + } + ] +} +---- +endif::local-zone[] +ifdef::wavelength-zone[] +* You noted the region and supported link:https://aws.amazon.com/wavelength/locations[AWS Wavelength Zone locations] to create the network resources in. +* You read link:https://aws.amazon.com/about-aws/global-infrastructure/localzones/features/[AWS Wavelength features] in the AWS documentation. +* You read the link:https://docs.aws.amazon.com/wavelength/latest/developerguide/wavelength-quotas.html[Quotas and considerations for Wavelength Zones] in the AWS documentation. +* You added permissions for creating network resources that support AWS Wavelength Zones to the Identity and Access Management (IAM) user or role. For example: ++ +.Example of an additional IAM policy that attached `ec2:ModifyAvailabilityZoneGroup`, `ec2:CreateCarrierGateway`, and `ec2:DeleteCarrierGateway` permissions to a user or role ++ +[source,yaml] +---- +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Action": [ + "ec2:DeleteCarrierGateway", + "ec2:CreateCarrierGateway" + ], + "Resource": "*" + }, + { + "Action": [ + "ec2:ModifyAvailabilityZoneGroup" + ], + "Effect": "Allow", + "Resource": "*" + } + ] +} +---- +endif::wavelength-zone[] + +ifeval::["{context}" == "installing-aws-localzone"] +:!local-zone: +endif::[] +ifeval::["{context}" == "installing-aws-wavelength-zone"] +:!wavelength-zone: +endif::[] diff --git a/modules/capi-machine-set-creating.adoc b/modules/capi-machine-set-creating.adoc index fc2e9b1d937c..432c9dad2870 100644 --- a/modules/capi-machine-set-creating.adoc +++ b/modules/capi-machine-set-creating.adoc @@ -172,7 +172,7 @@ When the new compute machine set is available, the `REPLICAS` and `AVAILABLE` va .Verification -* To verify that the compute machine set is creating machines according to your desired configuration, you can review the lists of machines and nodes in the cluster. +* To verify that the compute machine set is creating machines according to your required configuration, review the lists of machines and nodes in the cluster by using the following steps: ** To view the list of Cluster API machines, run the following command: + diff --git a/modules/cco-ccoctl-configuring.adoc b/modules/cco-ccoctl-configuring.adoc index d495b191034c..727a6b8d1253 100644 --- a/modules/cco-ccoctl-configuring.adoc +++ b/modules/cco-ccoctl-configuring.adoc @@ -16,7 +16,6 @@ // * installing/installing_aws/installing-aws-government-region.adoc // * installing/installing_aws/installing-aws-secret-region.adoc // * installing/installing_aws/installing-aws-china.adoc -// * installing/installing_aws/installing-aws-localzone.adoc // * installing/installing_aws/installing-aws-outposts-remote-workers.adoc // // GCP assemblies: @@ -77,9 +76,6 @@ endif::[] ifeval::["{context}" == "installing-aws-china-region"] :aws-sts: endif::[] -ifeval::["{context}" == "installing-aws-localzone"] -:aws-sts: -endif::[] ifeval::["{context}" == "installing-aws-outposts-remote-workers"] :aws-sts: endif::[] @@ -430,9 +426,6 @@ endif::[] ifeval::["{context}" == "installing-aws-china-region"] :!aws-sts: endif::[] -ifeval::["{context}" == "installing-aws-localzone"] -:!aws-sts: -endif::[] ifeval::["{context}" == "installing-aws-outposts-remote-workers"] :!aws-sts: endif::[] diff --git a/modules/cco-ccoctl-creating-at-once.adoc b/modules/cco-ccoctl-creating-at-once.adoc index 495473377fe2..b5cd66763d4f 100644 --- a/modules/cco-ccoctl-creating-at-once.adoc +++ b/modules/cco-ccoctl-creating-at-once.adoc @@ -14,7 +14,6 @@ // * installing/installing_aws/installing-aws-government-region.adoc // * installing/installing_aws/installing-aws-secret-region.adoc // * installing/installing_aws/installing-aws-china.adoc -// * installing/installing_aws/installing-aws-localzone.adoc // * installing/installing_aws/installing-aws-outposts-remote-workers.adoc // // GCP assemblies: @@ -69,9 +68,6 @@ endif::[] ifeval::["{context}" == "installing-aws-china-region"] :aws-sts: endif::[] -ifeval::["{context}" == "installing-aws-localzone"] -:aws-sts: -endif::[] ifeval::["{context}" == "installing-aws-outposts-remote-workers"] :aws-sts: endif::[] @@ -443,9 +439,6 @@ endif::[] ifeval::["{context}" == "installing-aws-china-region"] :!aws-sts: endif::[] -ifeval::["{context}" == "installing-aws-localzone"] -:!aws-sts: -endif::[] ifeval::["{context}" == "installing-aws-outposts-remote-workers"] :!aws-sts: endif::[] diff --git a/modules/cco-ccoctl-creating-individually.adoc b/modules/cco-ccoctl-creating-individually.adoc index fe7bec70252a..5c0e7078e077 100644 --- a/modules/cco-ccoctl-creating-individually.adoc +++ b/modules/cco-ccoctl-creating-individually.adoc @@ -9,7 +9,6 @@ // * installing/installing_aws/installing-aws-government-region.adoc // * installing/installing_aws/installing-aws-secret-region.adoc // * installing/installing_aws/installing-aws-china.adoc -// * installing/installing_aws/installing-aws-localzone.adoc // * installing/installing_aws/installing-aws-outposts-remote-workers.adoc :_mod-docs-content-type: PROCEDURE diff --git a/modules/cco-ccoctl-install-creating-manifests.adoc b/modules/cco-ccoctl-install-creating-manifests.adoc index 19a2b9f15e45..d6539085adff 100644 --- a/modules/cco-ccoctl-install-creating-manifests.adoc +++ b/modules/cco-ccoctl-install-creating-manifests.adoc @@ -9,7 +9,6 @@ // * installing/installing_aws/installing-aws-government-region.adoc // * installing/installing_aws/installing-aws-secret-region.adoc // * installing/installing_aws/installing-aws-china.adoc -// * installing/installing_aws/installing-aws-localzone.adoc // * installing/installing_aws/installing-aws-outposts-remote-workers.adoc // // GCP assemblies: diff --git a/modules/cli-installing-cli.adoc b/modules/cli-installing-cli.adoc index 52f3e20ff24e..99427ac57e37 100644 --- a/modules/cli-installing-cli.adoc +++ b/modules/cli-installing-cli.adoc @@ -12,6 +12,8 @@ // * installing/installing_aws/installing-aws-network-customizations.adoc // * installing/installing_aws/installing-aws-private.adoc // * installing/installing_aws/installing-aws-vpc.adoc +// * installing/installing_aws/installing-aws-localzone.adoc +// * installing/installaing_aws/installing-aws-wavelength-zone.adoc // * installing/installing_aws/installing-restricted-networks-aws-installer-provisioned.adoc // * installing/installing_aws/installing-aws-outposts-remote-workers.adocs // * installing/installing_azure/installing-azure-customizations.adoc diff --git a/modules/cli-logging-in-kubeadmin.adoc b/modules/cli-logging-in-kubeadmin.adoc index a4cf1c097692..dbbd52bb17f5 100644 --- a/modules/cli-logging-in-kubeadmin.adoc +++ b/modules/cli-logging-in-kubeadmin.adoc @@ -11,6 +11,8 @@ // * installing/installing_aws/installing-aws-network-customizations.adoc // * installing/installing_aws/installing-aws-private.adoc // * installing/installing_aws/installing-aws-vpc.adoc +// * installing/installing-aws-localzone.adoc +// * installing/installing-aws-wavelength-zone.adoc // * installing/installing_aws/installing-restricted-networks-aws-installer-provisioned.adoc // * installing/installing_aws/installing-aws-outposts-remote-workers.adoc // * installing/installing_azure/installing-azure-customizations.adoc diff --git a/modules/cluster-entitlements.adoc b/modules/cluster-entitlements.adoc index c64ec5815d31..f65b82856040 100644 --- a/modules/cluster-entitlements.adoc +++ b/modules/cluster-entitlements.adoc @@ -45,6 +45,8 @@ // * installing/installing_aws/installing-aws-secret-region.adoc // * installing/installing_aws/installing-aws-china-region.adoc // * installing/installing_aws/installing-aws-outposts-remote-workers.adoc +// * installing/installing_aws/installing-aws-localzone.adoc +// * installing/installing-aws-wavelength-zone // * installing/installing_openstack/installing-openstack-installer-restricted.adoc // * installing/installing_openstack/installing-openstack-user.adoc // * installing/installing_openstack/installing-openstack-user-sr-iov.adoc diff --git a/modules/cluster-limitations-aws-zone.adoc b/modules/cluster-limitations-aws-zone.adoc new file mode 100644 index 000000000000..e9a677cf9a0a --- /dev/null +++ b/modules/cluster-limitations-aws-zone.adoc @@ -0,0 +1,56 @@ +// Module included in the following assemblies: +// +// * installing/installing-aws-localzone.adoc (Installing a cluster on AWS with worker nodes on AWS Local Zones) +// * installing/installing-aws-wavelength-zone.adoc (Installing a cluster on AWS with worker nodes on AWS Wavelength Zones) + +ifeval::["{context}" == "installing-aws-localzone"] +:local-zone: +endif::[] +ifeval::["{context}" == "installing-aws-wavelength-zone"] +:wavelength-zone: +endif::[] + +:_mod-docs-content-type: CONCEPT +[id="cluster-limitations-aws-zone_{context}"] +ifdef::local-zone[] += Cluster limitations in AWS Local Zones + +Some limitations exist when you try to deploy a cluster with a default installation configuration in an Amazon Web Services (AWS) Local Zone. +endif::local-zone[] +ifdef::wavelength-zone[] += Cluster limitations in AWS Wavelength Zones + +Some limitations exist when you try to deploy a cluster with a default installation configuration in an Amazon Web Services (AWS) Wavelength Zone. +endif::wavelength-zone[] + +[IMPORTANT] +==== +The following list details limitations when deploying a cluster in a pre-configured AWS zone: + +- The maximum transmission unit (MTU) between an Amazon EC2 instance in a zone and an Amazon EC2 instance in the Region is `1300`. This causes the cluster-wide network MTU to change according to the network plugin that is used with the deployment. +- Network resources such as Network Load Balancer (NLB), Classic Load Balancer, and Network Address Translation (NAT) Gateways are not globally supported. +- For an {product-title} cluster on AWS, the AWS Elastic Block Storage (EBS) `gp3` type volume is the default for node volumes and the default for the storage class. This volume type is not globally available on zone locations. By default, the nodes running in zones are deployed with the `gp2` EBS volume. The `gp2-csi` `StorageClass` parameter must be set when creating workloads on zone nodes. +==== + +ifdef::local-zone[] +If you want the installation program to automatically create Local Zone subnets for your {product-title} cluster, specific configuration limitations apply with this method. +endif::local-zone[] + +ifdef::wavelength-zone[] +If you want the installation program to automatically create Wavelength Zone subnets for your {product-title} cluster, specific configuration limitations apply with this method. The following note details some of these limitations. For other limitations, ensure that you read the "Quotas and considerations for Wavelength Zones" document that Red Hat provides in the "Infrastructure prerequisites" section. +endif::wavelength-zone[] + +[IMPORTANT] +==== +The following configuration limitation applies when you set the installation program to automatically create subnets for your {product-title} cluster: + +- When the installation program creates private subnets in AWS {zone-type}, the program associates each subnet with the route table of its parent zone. This operation ensures that each private subnet can route egress traffic to the internet by way of NAT Gateways in an AWS Region. +- If the parent-zone route table does not exist during cluster installation, the installation program associates any private subnet with the first available private route table in the Amazon Virtual Private Cloud (VPC). This approach is valid only for AWS {zone-type} subnets in an {product-title} cluster. +==== + +ifeval::["{context}" == "installing-aws-localzone"] +:!local-zone: +endif::[] +ifeval::["{context}" == "installing-aws-wavelength-zone"] +:!wavelength-zone: +endif::[] diff --git a/modules/cluster-limitations-local-zone.adoc b/modules/cluster-limitations-local-zone.adoc deleted file mode 100644 index 5ffaf02e8be2..000000000000 --- a/modules/cluster-limitations-local-zone.adoc +++ /dev/null @@ -1,28 +0,0 @@ -// Module included in the following assemblies: -// -// * installing/installing-aws-localzone.adoc - -:_mod-docs-content-type: CONCEPT - -[id="cluster-limitations-local-zone_{context}"] -= Cluster limitations in AWS Local Zones - -Some limitations exist when you attempt to deploy a cluster with a default installation configuration in Amazon Web Services (AWS) Local Zones. - -[IMPORTANT] -==== -The following list details limitations when deploying a cluster in AWS Local Zones: - -- The Maximum Transmission Unit (MTU) between an Amazon EC2 instance in a Local Zone and an Amazon EC2 instance in the Region is `1300`. This causes the cluster-wide network MTU to change according to the network plugin that is used on the deployment. -- Network resources such as Network Load Balancer (NLB), Classic Load Balancer, and Network Address Translation (NAT) Gateways are not globally supported in AWS Local Zones. -- For an {product-title} cluster on AWS, the AWS Elastic Block Storage (EBS) `gp3` type volume is the default for node volumes and the default for the storage class. This volume type is not globally available on Local Zone locations. By default, the nodes running in Local Zones are deployed with the `gp2` EBS volume. The `gp2-csi` `StorageClass` must be set when creating workloads on Local Zone nodes. -==== - -If you want the installation program to automatically create Local Zone subnets for your {product-title} cluster, specific configuration limitations apply with this method. - -[IMPORTANT] -==== -The following configuration limitation applies when you set the installation program to automatically create subnets for your {product-title} cluster: - -- The private subnets for an AWS Local Zone associate with the route table of the parent zone, so that each private subnet can route egress traffic to the internet. If this route table does not exist during cluster installation, the private subnet associates with the first available private route table in the Virtual Private Cloud (VPC). This approach is valid only for AWS Local Zones subnets in an {product-title} cluster. -==== diff --git a/modules/cluster-telemetry.adoc b/modules/cluster-telemetry.adoc index fe208ae3cbdf..af569170ac1e 100644 --- a/modules/cluster-telemetry.adoc +++ b/modules/cluster-telemetry.adoc @@ -37,6 +37,8 @@ // * installing/installing_aws/installing-aws-government-region.adoc // * installing/installing_aws/installing-aws-china.adoc // * installing/installing_aws/installing-aws-outposts-remote-workers.adoc +// * installing/installing-aws-localzone.adoc +// * installing/installing-aws-wavelength-zone.adoc // * installing/installing_openstack/installing-openstack-installer-restricted.adoc // * installing/installing_openstack/installing-openstack-user.adoc // * installing/installing_openstack/installing-openstack-user-sr-iov.adoc diff --git a/modules/edge-machine-pools-aws-local-zones.adoc b/modules/edge-machine-pools-aws-local-zones.adoc index f11ac1c78fe9..6d7e5097bf24 100644 --- a/modules/edge-machine-pools-aws-local-zones.adoc +++ b/modules/edge-machine-pools-aws-local-zones.adoc @@ -1,119 +1,77 @@ // Module included in the following assemblies: -// * installing/installing_aws/installing-aws-localzone.adoc -// * post_installation_configuration/aws-compute-edge-tasks.adoc +// * installing/installing_aws/installing-aws-localzone.adoc (Installing a cluster on AWS with compute nodes on AWS Local Zones) +// * installing/installing_aws/installing-aws-wavelength.adoc (Installing a cluster on AWS with compute nodes on AWS Wavelength Zones) +// * post_installation_configuration/aws-compute-edge-zone-tasks.adoc -ifeval::["{context}" == "aws-compute-edge-tasks"] -:edge: +ifeval::["{context}" == "installing-aws-localzone"] +:local-zone: +endif::[] +ifeval::["{context}" == "installing-aws-wavelength-zone"] +:wavelength-zone: +endif::[] +ifeval::["{context}" == "aws-compute-edge-zone-tasks"] +:post-aws-zones: endif::[] :_mod-docs-content-type: CONCEPT [id="edge-machine-pools-aws-local-zones_{context}"] -= Edge compute pools and AWS Local Zones += About edge compute pools -Edge worker nodes are tainted worker nodes that run in AWS Local Zones locations. +Edge compute nodes are tainted compute nodes that run in AWS {zone-type} locations. -When deploying a cluster that uses Local Zones, consider the following points: +When deploying a cluster that uses {zone-type}, consider the following points: -* Amazon EC2 instances in the Local Zones are more expensive than Amazon EC2 instances in the Availability Zones. -* Latency between applications and end users is lower in Local Zones, and latency might vary by location. A latency impact exists for some workloads if, for example, ingress traffic is mixed between Local Zones and Availability Zones. +* Amazon EC2 instances in the {zone-type} are more expensive than Amazon EC2 instances in the Availability Zones. +* The latency is lower between the applications running in AWS {zone-type} and the end user. A latency impact exists for some workloads if, for example, ingress traffic is mixed between {zone-type} and Availability Zones. [IMPORTANT] ==== -Generally, the maximum transmission unit (MTU) between an Amazon EC2 instance in a Local Zone and an Amazon EC2 instance in the Region is 1300. For more information, see link:https://docs.aws.amazon.com/local-zones/latest/ug/how-local-zones-work.html[How Local Zones work] in the AWS documentation. -The cluster network MTU must be always less than the EC2 MTU to account for the overhead. The specific overhead is determined by the network plugin, for example: +Generally, the maximum transmission unit (MTU) between an Amazon EC2 instance in a {zone-type} and an Amazon EC2 instance in the Region is 1300. The cluster network MTU must be always less than the EC2 MTU to account for the overhead. The specific overhead is determined by the network plugin. For example: OVN-Kubernetes has an overhead of `100 bytes`. + +The network plugin can provide additional features, such as IPsec, that also affect the MTU sizing. + +ifdef::local-zone[] +For more information, see link:https://docs.aws.amazon.com/local-zones/latest/ug/how-local-zones-work.html[How Local Zones work] in the AWS documentation. +endif::local-zone[] +ifdef::wavelength-zone[] +For more information, see link:https://docs.aws.amazon.com/wavelength/latest/developerguide/how-wavelengths-work.html[How AWS Wavelength work] in the AWS documentation. +endif::wavelength-zone[] +ifdef::post-aws-zones[] +You can access the following resources to learn more about a respective zone type: -- OVN-Kubernetes: `100 bytes` -- OpenShift SDN: `50 bytes` +* See link:https://docs.aws.amazon.com/local-zones/latest/ug/how-local-zones-work.html[How Local Zones work] in the AWS documentation. -The network plugin can provide additional features, like IPsec, that also must be decreased the MTU. For additional information, see the documentation. +* See link:https://docs.aws.amazon.com/wavelength/latest/developerguide/how-wavelengths-work.html[How AWS Wavelength work] in the AWS documentation. +endif::post-aws-zones[] ==== -{product-title} 4.12 introduced a new compute pool, _edge_, that is designed for use in remote zones. The edge compute pool configuration is common between AWS Local Zones locations. Because of the type and size limitations of resources like EC2 and EBS on Local Zone resources, the default instance type can vary from the traditional worker pool. +{product-title} 4.12 introduced a new compute pool, _edge_, that is designed for use in remote zones. The edge compute pool configuration is common between AWS {zone-type} locations. Because of the type and size limitations of resources like EC2 and EBS on {zone-type} resources, the default instance type can vary from the traditional compute pool. -The default Elastic Block Store (EBS) for Local Zone locations is `gp2`, which differs from the regular worker pool. The instance type used for each Local Zone on edge compute pool also might differ from worker pools, depending on the instance offerings on the zone. +The default Elastic Block Store (EBS) for {zone-type} locations is `gp2`, which differs from the non-edge compute pool. The instance type used for each {zone-type} on an edge compute pool also might differ from other compute pools, depending on the instance offerings on the zone. -The edge compute pool creates new labels that developers can use to deploy applications onto AWS Local Zones nodes. The new labels are: +The edge compute pool creates new labels that developers can use to deploy applications onto AWS {zone-type} nodes. The new labels are: * `node-role.kubernetes.io/edge=''` +ifdef::local-zone[] * `machine.openshift.io/zone-type=local-zone` +endif::local-zone[] +ifdef::wavelength-zone[] +* `machine.openshift.io/zone-type=wavelength-zone` +endif::wavelength-zone[] +ifdef::post-aws-zones[] +* Local Zones only: `machine.openshift.io/zone-type=local-zone` +* Wavelength Zones only: `machine.openshift.io/zone-type=wavelength-zone` +endif::post-aws-zones[] * `machine.openshift.io/zone-group=$ZONE_GROUP_NAME` -//// -By default, the system creates the edge compute pool manifests only if users add AWS Local Zones subnet IDs to the list `platform.aws.subnets`. -//// - -By default, the machine sets for the edge compute pool defines the taint of `NoSchedule` to prevent regular workloads from spreading on Local Zone instances. Users can only run user workloads if they define tolerations in the pod specification. - -ifndef::edge[] -The following examples show `install-config.yaml` files that use the edge machine pool. - -.Configuration that uses an edge pool with a custom instance type -[source,yaml] ----- -apiVersion: v1 -baseDomain: devcluster.openshift.com -metadata: - name: ipi-localzone -compute: -- name: edge - platform: - aws: - type: m5.4xlarge -platform: - aws: - region: us-west-2 -pullSecret: '{"auths": ...}' -sshKey: ssh-ed25519 AAAA... ----- - -Instance types differ between locations. To verify availability in the Local Zone in which the cluster runs, see the AWS documentation. - -.Configuration that uses an edge pool with a custom EBS type -[source,yaml] ----- -apiVersion: v1 -baseDomain: devcluster.openshift.com -metadata: - name: ipi-localzone -compute: -- name: edge - platform: - aws: - rootVolume: - type: gp3 - size: 120 -platform: - aws: - region: us-west-2 -pullSecret: '{"auths": ...}' -sshKey: ssh-ed25519 AAAA... ----- - -EBS types differ between locations. Check the AWS documentation to verify availability in the Local Zone in which the cluster runs. - -.Configuration that uses an edge pool with custom security groups -[source,yaml] ----- -apiVersion: v1 -baseDomain: devcluster.openshift.com -metadata: - name: ipi-localzone -compute: -- name: edge - platform: - aws: - additionalSecurityGroupIDs: - - sg-1 <1> - - sg-2 -platform: - aws: - region: us-west-2 -pullSecret: '{"auths": ...}' -sshKey: ssh-ed25519 AAAA... ----- -<1> Specify the name of the security group as it appears in the Amazon EC2 console, including the `sg` prefix. -endif::edge[] - -ifeval::["{context}" == "aws-compute-edge-tasks"] -:!edge: +By default, the machine sets for the edge compute pool define the taint of `NoSchedule` to prevent other workloads from spreading on {zone-type} instances. Users can only run user workloads if they define tolerations in the pod specification. + +ifeval::["{context}" == "installing-aws-localzone"] +:!local-zone: +endif::[] +ifeval::["{context}" == "installing-aws-wavelength-zone"] +:!wavelength-zone: +endif::[] +ifeval::["{context}" == "aws-compute-edge-zone-tasks"] +:!post-aws-zones: endif::[] diff --git a/modules/install-creating-install-config-aws-edge-zones.adoc b/modules/install-creating-install-config-aws-edge-zones.adoc new file mode 100644 index 000000000000..a9bdce54ebe9 --- /dev/null +++ b/modules/install-creating-install-config-aws-edge-zones.adoc @@ -0,0 +1,126 @@ +// Module included in the following assemblies: +// * installing/installing-aws-localzone.adoc (Installing a cluster on AWS with worker nodes on AWS Local Zones) +// * installing/installing-aws-wavelength-zone.adoc (Installing a cluster on AWS with worker nodes on AWS Wavelength Zones) + +ifeval::["{context}" == "installing-aws-localzone"] +:local-zone: +endif::[] +ifeval::["{context}" == "installing-aws-wavelength-zone"] +:wavelength-zone: +endif::[] + +:_mod-docs-content-type: PROCEDURE +[id="install-creating-install-config-aws-edge-zones_{context}"] +ifdef::local-zone[] += Modifying an installation configuration file to use AWS Local Zones +endif::local-zone[] +ifdef::wavelength-zone[] += Modifying an installation configuration file to use AWS Wavelength Zones +endif::wavelength-zone[] + +Modify an `install-config.yaml` file to include AWS {zone-type}. + +.Prerequisites + +* You have configured an AWS account. +* You added your AWS keys and AWS Region to your local AWS profile by running `aws configure`. +* You are familiar with the configuration limitations that apply when you specify the installation program to automatically create subnets for your {product-title} cluster. +* You opted in to the {zone-type} group for each zone. +* You created an `install-config.yaml` file by using the procedure "Creating the installation configuration file". + +.Procedure + +. Modify the `install-config.yaml` file by specifying {zone-type} names in the `platform.aws.zones` property of the edge compute pool. +ifdef::local-zone[] ++ +[source,yaml] +---- +# ... +platform: + aws: + region: <1> +compute: +- name: edge + platform: + aws: + zones: <2> + - +#... +---- +endif::local-zone[] +ifdef::wavelength-zone[] ++ +[source,yaml] +---- +# ... +platform: + aws: + region: <1> +compute: +- name: edge + platform: + aws: + zones: <2> + - +#... +---- +endif::wavelength-zone[] +<1> The AWS Region name. +<2> The list of {zone-type} names that you use must exist in the same AWS Region specified in the `platform.aws.region` field. ++ +.Example of a configuration to install a cluster in the `us-west-2` AWS Region that extends edge nodes to {zone-type} in `Los Angeles` and `Las Vegas` locations ++ +ifdef::local-zone[] +[source,yaml] +---- +apiVersion: v1 +baseDomain: example.com +metadata: + name: cluster-name +platform: + aws: + region: us-west-2 +compute: +- name: edge + platform: + aws: + zones: + - us-west-2-lax-1a + - us-west-2-lax-1b + - us-west-2-las-1a +pullSecret: '{"auths": ...}' +sshKey: 'ssh-ed25519 AAAA...' +#... +---- +endif::local-zone[] +ifdef::wavelength-zone[] +[source,yaml] +---- +apiVersion: v1 +baseDomain: example.com +metadata: + name: cluster-name +platform: + aws: + region: us-west-2 +compute: +- name: edge + platform: + aws: + zones: + - us-west-2-wl1-lax-wlz-1 + - us-west-2-wl1-las-wlz-1 +pullSecret: '{"auths": ...}' +sshKey: 'ssh-ed25519 AAAA...' +#... +---- +endif::wavelength-zone[] + +. Deploy your cluster. + +ifeval::["{context}" == "installing-aws-localzone"] +:!local-zone: +endif::[] +ifeval::["{context}" == "installing-aws-wavelength-zone"] +:!wavelength-zone: +endif::[] diff --git a/modules/install-creating-install-config-aws-local-zones.adoc b/modules/install-creating-install-config-aws-local-zones.adoc deleted file mode 100644 index 7a1befbef4f0..000000000000 --- a/modules/install-creating-install-config-aws-local-zones.adoc +++ /dev/null @@ -1,63 +0,0 @@ -// Module included in the following assemblies: -// * installing/installing_aws/installing-aws-localzone.adoc - -:_mod-docs-content-type: PROCEDURE -[id="install-creating-install-config-aws-local-zones_{context}"] -= Modifying an installation configuration file to use AWS Local Zones - -Modify an `install-config.yaml` file to include AWS Local Zones. - -.Prerequisites - -* You have configured an AWS account. -* You added your AWS keys and region to your local AWS profile by running `aws configure`. -* You have read the configuration limitations that apply when you specify the installation program to automatically create subnets for your {product-title} cluster. See the section named "Cluster limitations in AWS Local Zones". -* You opted in to the Local Zone group for each zone. -* You created an `install-config.yaml` file by using the procedure "Creating the installation configuration file". - -.Procedure - -. Modify the `install-config.yaml` file by specifying Local Zone names in the `platform.aws.zones` property of the edge compute pool. For example: -+ -[source,yaml] ----- -... -platform: - aws: - region: <1> -compute: -- name: edge - platform: - aws: - zones: <2> - - -#... ----- -<1> The AWS Region name. -<2> The list of Local Zone names that must belong in the same AWS Region. -+ -.Example of a configuration to install a cluster in the `us-west-2` AWS Region that extends edge nodes to Local Zones in `Los Angeles` and `Las Vegas` locations. -+ -[source,yaml] ----- -apiVersion: v1 -baseDomain: example.com -metadata: - name: cluster-name -platform: - aws: - region: us-west-2 -compute: -- name: edge - platform: - aws: - zones: - - us-west-2-lax-1a - - us-west-2-lax-1b - - us-west-2-las-1a -pullSecret: '{"auths": ...}' -sshKey: 'ssh-ed25519 AAAA...' -#... ----- - -. Deploy your cluster. diff --git a/modules/installation-aws-add-local-zone-locations.adoc b/modules/installation-aws-add-local-zone-locations.adoc deleted file mode 100644 index 545ecb5463dd..000000000000 --- a/modules/installation-aws-add-local-zone-locations.adoc +++ /dev/null @@ -1,60 +0,0 @@ -// Module included in the following assemblies: -// -// * installing/installing_aws/installing-aws-localzone.adoc -// * post_installation_configuration/aws-compute-edge-tasks.adoc - -:_mod-docs-content-type: PROCEDURE -[id="installation-aws-add-local-zone-locations_{context}"] -= Opting in to AWS Local Zones - -If you plan to create the subnets in AWS Local Zones, you must opt in to each zone group separately. - -.Prerequisites - -* You have installed the AWS CLI. -* You have determined an AWS Region for where you want to deploy your {product-title} cluster. -* You have attached a permissive IAM policy to a user or role account that opts in to the zone group. Consider the following configuration as an example IAM policy: -+ -[source,yaml] ----- -{ - "Version": "2012-10-17", - "Statement": [ - { - "Action": [ - "ec2:ModifyAvailabilityZoneGroup" - ], - "Effect": "Allow", - "Resource": "*" - } - ] -} ----- - -.Procedure - -. List the zones that are available in your AWS Region by running the following command: -+ -[source,terminal] ----- -$ aws --region "" ec2 describe-availability-zones \ - --query 'AvailabilityZones[].[{ZoneName: ZoneName, GroupName: GroupName, Status: OptInStatus}]' \ - --filters Name=zone-type,Values=local-zone \ - --all-availability-zones ----- -+ -Depending on the AWS Region, the list of available zones can be long. The command returns the following fields: -+ -`ZoneName`:: The name of the Local Zone. -`GroupName`:: The group that comprises the zone. To opt in to the region, save the name. -`Status`:: The status of the Local Zone group. If the status is `not-opted-in`, you must opt in the `GroupName` by running the commands that follow. - -. Opt in to the zone group on your AWS account by running the following command: -+ -[source,terminal] ----- -$ aws ec2 modify-availability-zone-group \ - --group-name "" \// <1> - --opt-in-status opted-in ----- -<1> For ``, specify the name of the group of the Local Zone where you want to create subnets. For example, specify `us-east-1-nyc-1` to use the zone `us-east-1-nyc-1a` (US East New York). diff --git a/modules/installation-aws-add-zone-locations.adoc b/modules/installation-aws-add-zone-locations.adoc new file mode 100644 index 000000000000..64510c774abe --- /dev/null +++ b/modules/installation-aws-add-zone-locations.adoc @@ -0,0 +1,93 @@ +// Module included in the following assemblies: +// +// * installing/installing-aws-localzone.adoc (Installing a cluster on AWS with worker nodes on AWS Local Zones) +// * installing/installing-aws-wavelength-zone.adoc (Installing a cluster on AWS with worker nodes on AWS Wavelength Zones) +// * post_installation_configuration/aws-compute-edge-zone-tasks.adoc + +ifeval::["{context}" == "installing-aws-localzone"] +:local-zone: +endif::[] +ifeval::["{context}" == "installing-aws-wavelength-zone"] +:wavelength-zone: +endif::[] +ifeval::["{context}" == "aws-compute-edge-zone-tasks"] +:post-aws-zones: +endif::[] + +:_mod-docs-content-type: PROCEDURE +[id="installation-aws-add-zone-locations_{context}"] +ifdef::local-zone[] += Opting in to an AWS {zone-type} +endif::local-zone[] +ifdef::wavelength-zone[] += Opting in to an AWS {zone-type} +endif::wavelength-zone[] +ifdef::post-aws-zones[] += Opting in to AWS Local Zones or Wavelength Zones +endif::post-aws-zones[] + +If you plan to create subnets in AWS {zone-type}, you must opt in to each zone group separately. + +.Prerequisites + +* You have installed the AWS CLI. +* You have determined an AWS Region for where you want to deploy your {product-title} cluster. +* You have attached a permissive IAM policy to a user or role account that opts in to the zone group. + +.Procedure + +. List the zones that are available in your AWS Region by running the following command: +ifdef::local-zone,post-aws-zones[] ++ +.Example command for listing available AWS Local Zones in an AWS Region +[source,terminal] +---- +$ aws --region "" ec2 describe-availability-zones \ + --query 'AvailabilityZones[].[{ZoneName: ZoneName, GroupName: GroupName, Status: OptInStatus}]' \ + --filters Name=zone-type,Values=local-zone \ + --all-availability-zones +---- +endif::local-zone,post-aws-zones[] +ifdef::wavelength-zone,post-aws-zones[] ++ +.Example command for listing available AWS Wavelength Zones in an AWS Region +[source,terminal] +---- +$ aws --region "" ec2 describe-availability-zones \ + --query 'AvailabilityZones[].[{ZoneName: ZoneName, GroupName: GroupName, Status: OptInStatus}]' \ + --filters Name=zone-type,Values=wavelength-zone \ + --all-availability-zones +---- +endif::wavelength-zone,post-aws-zones[] ++ +Depending on the AWS Region, the list of available zones might be long. The command returns the following fields: ++ +`ZoneName`:: The name of the {zone-type}. +`GroupName`:: The group that comprises the zone. To opt in to the Region, save the name. +`Status`:: The status of the {zone-type} group. If the status is `not-opted-in`, you must opt in the `GroupName` as described in the next step. + +. Opt in to the zone group on your AWS account by running the following command: ++ +[source,terminal] +---- +$ aws ec2 modify-availability-zone-group \ + --group-name "" \// <1> + --opt-in-status opted-in +---- +<1> Replace `` with the name of the group of the {zone-type} where you want to create subnets. +ifdef::local-zone[] +For example, specify `us-east-1-nyc-1` to use the zone `us-east-1-nyc-1a` (US East New York). +endif::local-zone[] +ifdef::wavelength-zone[] +As an example for Wavelength Zones, specify `us-east-1-wl1` to use the zone `us-east-1-wl1-nyc-wlz-1` (US East New York). +endif::wavelength-zone[] + +ifeval::["{context}" == "installing-aws-localzone"] +:!local-zone: +endif::[] +ifeval::["{context}" == "installing-aws-wavelength-zone"] +:!wavelength-zone: +endif::[] +ifeval::["{context}" == "aws-compute-edge-zone-tasks"] +:!post-aws-zones: +endif::[] diff --git a/modules/installation-aws-cluster-network-mtu.adoc b/modules/installation-aws-cluster-network-mtu.adoc new file mode 100644 index 000000000000..cbbee8c39d31 --- /dev/null +++ b/modules/installation-aws-cluster-network-mtu.adoc @@ -0,0 +1,71 @@ +// Module included in the following assemblies: +// +// * installing/installing-aws-localzone.adoc (Installing a cluster on AWS with compute nodes on AWS Local Zones) +// * installing/installing-aws-wavelength-zone.adoc (Installing a cluster on AWS with compute nodes on AWS Wavelength Zones) + +ifeval::["{context}" == "installing-aws-localzone"] +:local-zone: +endif::[] +ifeval::["{context}" == "installing-aws-wavelength-zone"] +:wavelength-zone: +endif::[] + +:_mod-docs-content-type: CONCEPT +[id="installation-aws-cluster-network-mtu_{context}"] += Customizing the cluster network MTU + +Before you deploy a cluster on AWS, you can customize the cluster network maximum transmission unit (MTU) for your cluster network to meet the needs of your infrastructure. + +By default, when you install a cluster with supported {zone-type} capabilities, the MTU value for the cluster network is automatically adjusted to the lowest value that the network plugin accepts. + +[IMPORTANT] +==== +Setting an unsupported MTU value for EC2 instances that operate in the {zone-type} infrastructure can cause issues for your {product-title} cluster. +==== + +ifdef::local-zone[] +If the Local Zone supports higher MTU values in between EC2 instances in the Local Zone and the AWS Region, you can manually configure the higher value to increase the network performance of the cluster network. +endif::local-zone[] + +ifdef::wavelength-zone[] +If the Wavelength Zone supports higher MTU values in between EC2 instances running in the Wavelength Zone and the AWS Region, you must manually configure the higher value to increase the network performance of the cluster network. +endif::wavelength-zone[] + +You can customize the MTU for a cluster by specifying the `networking.clusterNetworkMTU` parameter in the `install-config.yaml` configuration file. + +[IMPORTANT] +==== +All subnets in {zone-type} must support the higher MTU value, so that each node in that zone can successfully communicate with services in the AWS Region and deploy your workloads. +==== + +ifdef::local-zone[] +.Example of overwriting the default MTU value +[source,yaml] +---- +apiVersion: v1 +baseDomain: devcluster.openshift.com +metadata: + name: edge-zone +networking: + clusterNetworkMTU: 8901 +compute: +- name: edge + platform: + aws: + zones: + - us-west-2-lax-1a + - us-west-2-lax-1b +platform: + aws: + region: us-west-2 +pullSecret: '{"auths": ...}' +sshKey: ssh-ed25519 AAAA... +---- +endif::local-zone[] + +ifeval::["{context}" == "installing-aws-localzone"] +:!local-zone: +endif::[] +ifeval::["{context}" == "installing-aws-wavelength-zone"] +:!wavelength-zone: +endif::[] diff --git a/modules/installation-aws-edge-compute-pools-examples.adoc b/modules/installation-aws-edge-compute-pools-examples.adoc new file mode 100644 index 000000000000..8efe8f92bccf --- /dev/null +++ b/modules/installation-aws-edge-compute-pools-examples.adoc @@ -0,0 +1,95 @@ +// Module included in the following assemblies: +// * installing/installing-aws-localzone.adoc (Installing a cluster on AWS with worker nodes on AWS Local Zones) +// * installing/installing-aws-wavelength-zone.adoc (Installing a cluster on AWS with worker nodes on AWS Wavelength Zones) + +ifeval::["{context}" == "installing-aws-localzone"] +:local-zone: +endif::[] +ifeval::["{context}" == "installing-aws-wavelength-zone"] +:wavelength-zone: +endif::[] + +:_mod-docs-content-type: CONCEPT +[id="installation-aws-edge-compute-pools-examples_{context}"] += Examples of installation configuration files with edge compute pools + +The following examples show `install-config.yaml` files that contain an edge machine pool configuration. + +.Configuration that uses an edge pool with a custom instance type +[source,yaml] +---- +apiVersion: v1 +baseDomain: devcluster.openshift.com +metadata: + name: ipi-edgezone +compute: +- name: edge + platform: + aws: + type: r5.2xlarge +platform: + aws: + region: us-west-2 +pullSecret: '{"auths": ...}' +sshKey: ssh-ed25519 AAAA... +---- + +Instance types differ between locations. To verify availability in the {zone-type} in which the cluster runs, see the AWS documentation. + +ifdef::local-zone[] +.Configuration that uses an edge pool with a custom Amazon Elastic Block Store (EBS) type +[source,yaml] +---- +apiVersion: v1 +baseDomain: devcluster.openshift.com +metadata: + name: ipi-edgezone +compute: +- name: edge + platform: + aws: + zones: + - us-west-2-lax-1a + - us-west-2-lax-1b + - us-west-2-phx-2a + rootVolume: + type: gp3 + size: 120 +platform: + aws: + region: us-west-2 +pullSecret: '{"auths": ...}' +sshKey: ssh-ed25519 AAAA... +---- + +Elastic Block Storage (EBS) types differ between locations. Check the AWS documentation to verify availability in the {zone-type} in which the cluster runs. +endif::local-zone[] + +.Configuration that uses an edge pool with custom security groups +[source,yaml] +---- +apiVersion: v1 +baseDomain: devcluster.openshift.com +metadata: + name: ipi-edgezone +compute: +- name: edge + platform: + aws: + additionalSecurityGroupIDs: + - sg-1 <1> + - sg-2 +platform: + aws: + region: us-west-2 +pullSecret: '{"auths": ...}' +sshKey: ssh-ed25519 AAAA... +---- +<1> Specify the name of the security group as it is displayed on the Amazon EC2 console. Ensure that you include the `sg` prefix. + +ifeval::["{context}" == "installing-aws-localzone"] +:!local-zone: +endif::[] +ifeval::["{context}" == "installing-aws-wavelength-zone"] +:!wavelength-zone: +endif::[] diff --git a/modules/installation-aws-editing-manifests.adoc b/modules/installation-aws-editing-manifests.adoc index a7c008e4db35..df12bf67dd36 100644 --- a/modules/installation-aws-editing-manifests.adoc +++ b/modules/installation-aws-editing-manifests.adoc @@ -2,6 +2,10 @@ // // * installing/installing_aws/installing-aws-outposts-remote-workers.adoc +ifeval::["{context}" == "aws-compute-edge-zone-tasks"] +:post-aws-zones: +endif::[] + :_mod-docs-content-type: PROCEDURE [id="installation-aws-creating-manifests_{context}"] = Generating manifest files @@ -93,23 +97,7 @@ Find the subnet ID and replace it with the ID of the private subnet created in t * Specify MTU value for the Network Provider + Outpost service links support a maximum packet size of 1300 bytes. It's required to modify the MTU of the Network Provider to follow this requirement. -Create a new file under manifests directory, named cluster-network-03-config.yml -+ -If OpenShift SDN network provider is used, set the MTU value to 1250 -+ -[source,yaml] ----- -apiVersion: operator.openshift.io/v1 -kind: Network -metadata: - name: cluster -spec: - defaultNetwork: - openshiftSDNConfig: - mtu: 1250 ----- -+ -If OVN-Kubernetes network provider is used, set the MTU value to 1200 +Create a new file under the manifests directory and name the file `cluster-network-03-config.yml`. For the OVN-Kubernetes network provider, set the MTU value to 1200. + [source,yaml] ---- @@ -122,3 +110,7 @@ spec: ovnKubernetesConfig: mtu: 1200 ---- + +ifeval::["{context}" == "aws-compute-edge-zone-tasks"] +:!post-aws-zones: +endif::[] diff --git a/modules/installation-aws-marketplace-subscribe.adoc b/modules/installation-aws-marketplace-subscribe.adoc index 14b7b1eee751..24d78cd2caad 100644 --- a/modules/installation-aws-marketplace-subscribe.adoc +++ b/modules/installation-aws-marketplace-subscribe.adoc @@ -3,6 +3,8 @@ // * installing/installing_aws/installing-aws-customizations.adoc // * installing/installing_aws/installing-aws-government-region.adoc // * installing/installing_aws/installing-aws-user-infra.adoc +// * installing/installing_aws/installing-aws-localzone.adoc +// * installing/installaing_aws/installing-aws-wavelength-zone.adoc ifeval::["{context}" == "installing-aws-customizations"] :ipi: @@ -13,6 +15,9 @@ endif::[] ifeval::["{context}" == "installing-aws-localzone"] :ipi: endif::[] +ifeval::["{context}" == "installing-aws-wavelength-zone"] +:ipi: +endif::[] ifeval::["{context}" == "installing-aws-user-infra"] :upi: endif::[] @@ -20,7 +25,7 @@ endif::[] :_mod-docs-content-type: PROCEDURE [id="installation-aws-marketplace-subscribe_{context}"] = Obtaining an AWS Marketplace image -If you are deploying an {product-title} cluster using an AWS Marketplace image, you must first subscribe through AWS. Subscribing to the offer provides you with the AMI ID that the installation program uses to deploy worker nodes. +If you are deploying an {product-title} cluster using an AWS Marketplace image, you must first subscribe through AWS. Subscribing to the offer provides you with the AMI ID that the installation program uses to deploy compute nodes. .Prerequisites @@ -30,14 +35,14 @@ If you are deploying an {product-title} cluster using an AWS Marketplace image, . Complete the {product-title} subscription from the link:https://aws.amazon.com/marketplace/fulfillment?productId=59ead7de-2540-4653-a8b0-fa7926d5c845[AWS Marketplace]. ifdef::ipi[] -. Record the AMI ID for your specific region. As part of the installation process, you must update the `install-config.yaml` file with this value before deploying the cluster. +. Record the AMI ID for your specific AWS Region. As part of the installation process, you must update the `install-config.yaml` file with this value before deploying the cluster. endif::ipi[] ifdef::upi[] -. Record the AMI ID for your specific region. If you use the CloudFormation template to deploy your worker nodes, you must update the `worker0.type.properties.ImageID` parameter with this value. +. Record the AMI ID for your specific AWS Region. If you use the CloudFormation template to deploy your compute nodes, you must update the `worker0.type.properties.ImageID` parameter with the AMI ID value. endif::upi[] - ++ ifdef::ipi[] -.Sample `install-config.yaml` file with AWS Marketplace worker nodes +.Sample `install-config.yaml` file with AWS Marketplace compute nodes [source,yaml] ---- @@ -60,7 +65,7 @@ sshKey: ssh-ed25519 AAAA... pullSecret: '{"auths": ...}' ---- <1> The AMI ID from your AWS Marketplace subscription. -<2> Your AMI ID is associated with a specific AWS region. When creating the installation configuration file, ensure that you select the same AWS region that you specified when configuring your subscription. +<2> Your AMI ID is associated with a specific AWS Region. When creating the installation configuration file, ensure that you select the same AWS Region that you specified when configuring your subscription. endif::ipi[] ifeval::["{context}" == "installing-aws-customizations"] @@ -72,6 +77,9 @@ endif::[] ifeval::["{context}" == "installing-aws-localzone"] :!ipi: endif::[] +ifeval::["{context}" == "installing-aws-wavelength-zone"] +:!ipi: +endif::[] ifeval::["{context}" == "installing-aws-user-infra"] :!upi: endif::[] diff --git a/modules/installation-aws-security-groups.adoc b/modules/installation-aws-security-groups.adoc index 64dd4b86c2f4..d54c6d75651c 100644 --- a/modules/installation-aws-security-groups.adoc +++ b/modules/installation-aws-security-groups.adoc @@ -14,7 +14,7 @@ endif::[] :_mod-docs-content-type: CONCEPT [id="installation-aws-security-groups_{context}"] -= AWS security groups += Optional: AWS security groups By default, the installation program creates and attaches security groups to control plane and compute machines. The rules associated with the default security groups cannot be modified. diff --git a/modules/installation-aws-tested-machine-types.adoc b/modules/installation-aws-tested-machine-types.adoc index 3720f7385cb1..ac7b6e7671ff 100644 --- a/modules/installation-aws-tested-machine-types.adoc +++ b/modules/installation-aws-tested-machine-types.adoc @@ -9,10 +9,15 @@ // installing/installing_aws/installing-aws-user-infra.adoc // installing/installing_aws/installing-aws-vpc.adoc // installing/installing_aws/installing-restricted-networks-aws.adoc -// installing-aws-localzone +// * installing/installing_aws/installing-aws-localzone.adoc +// * installing/installaing_aws/installing-aws-wavelength-zone.adoc + ifeval::["{context}" == "installing-aws-localzone"] -:localzone: +:local-zone: +endif::[] +ifeval::["{context}" == "installing-aws-wavelength-zone"] +:wavelength-zone: endif::[] ifeval::["{context}" == "installing-aws-secret-region"] :secretregion: @@ -22,26 +27,29 @@ endif::[] = Tested instance types for AWS The following Amazon Web Services (AWS) instance types have been tested with -ifndef::localzone[] +ifndef::local-zone,wavelength-zone[] {product-title}. -endif::localzone[] -ifdef::localzone[] +endif::local-zone,wavelength-zone[] +ifdef::local-zone[] {product-title} for use with AWS Local Zones. -endif::localzone[] +endif::local-zone[] +ifdef::wavelength-zone[] +{product-title} for use with AWS Wavelength Zones. +endif::wavelength-zone[] [NOTE] ==== -Use the machine types included in the following charts for your AWS instances. If you use an instance type that is not listed in the chart, ensure that the instance size you use matches the minimum resource requirements that are listed in "Minimum resource requirements for cluster installation". +Use the machine types included in the following charts for your AWS instances. If you use an instance type that is not listed in the chart, ensure that the instance size you use matches the minimum resource requirements that are listed in the section named "Minimum resource requirements for cluster installation". ==== -ifndef::localzone,secretregion[] +ifndef::local-zone,wavelength-zone,secretregion[] .Machine types based on 64-bit x86 architecture [%collapsible] ==== include::https://raw.githubusercontent.com/openshift/installer/master/docs/user/aws/tested_instance_types_x86_64.md[] ==== -endif::localzone,secretregion[] -ifdef::localzone[] +endif::local-zone,wavelength-zone,secretregion[] +ifdef::local-zone[] .Machine types based on 64-bit x86 architecture for AWS Local Zones [%collapsible] ==== @@ -52,7 +60,15 @@ ifdef::localzone[] * `r5.*` * `t3.*` ==== -endif::localzone[] +endif::local-zone[] +ifdef::wavelength-zone[] +.Machine types based on 64-bit x86 architecture for AWS Wavelength Zones +[%collapsible] +==== +* `r5.*` +* `t3.*` +==== +endif::wavelength-zone[] ifdef::secretregion[] .Machine types based on 64-bit x86 architecture for secret regions [%collapsible] @@ -69,7 +85,10 @@ ifdef::secretregion[] endif::secretregion[] ifeval::["{context}" == "installing-aws-localzone"] -:!localzone: +:!local-zone: +endif::[] +ifeval::["{context}" == "installing-aws-wavelength-zone"] +:!wavelength-zone: endif::[] ifeval::["{context}" == "installing-aws-secret-region"] :!secretregion: diff --git a/modules/installation-cloudformation-subnet-localzone.adoc b/modules/installation-cloudformation-subnet-localzone.adoc index 689f52e682f9..0855839f2094 100644 --- a/modules/installation-cloudformation-subnet-localzone.adoc +++ b/modules/installation-cloudformation-subnet-localzone.adoc @@ -1,42 +1,61 @@ // Module included in the following assemblies: // -// * installing/installing_aws/installing-aws-localzone.adoc -// * post_installation_configuration/aws-compute-edge-tasks.adoc +// * installing/installing-aws-localzone.adoc (Installing a cluster on AWS with worker nodes on AWS Local Zones) +// * installing/installing-aws-wavelength-zone.adoc (Installing a cluster on AWS with compute nodes on AWS Wavelength Zones) +// * post_installation_configuration/aws-compute-edge-zone-tasks.adoc (AWS zone tasks) :_mod-docs-content-type: REFERENCE [id="installation-cloudformation-subnet-localzone_{context}"] -= CloudFormation template for the subnet that uses AWS Local Zones += CloudFormation template for the VPC Subnet -You can use the following CloudFormation template to deploy the subnet that -you need for your {product-title} cluster that uses AWS Local Zones. +You can use the following CloudFormation template to deploy the private and public subnets in a zone on {zone-type} infrastructure. -.CloudFormation template for the subnet +.CloudFormation template for VPC subnets [%collapsible] ==== -[source,yaml] +[source,yaml,subs="attributes+"] ---- -# CloudFormation template used to create Local Zone subnets and dependencies AWSTemplateFormatVersion: 2010-09-09 -Description: Template for create Public Local Zone subnets +Description: Template for Best Practice Subnets (Public and Private) Parameters: VpcId: - Description: VPC Id + Description: VPC ID that comprises all the target subnets Type: String - ZoneName: - Description: Local Zone Name (Example us-east-1-nyc-1a) + AllowedPattern: ^(?:(?:vpc)(?:-[a-zA-Z0-9]+)?\b|(?:[0-9]{1,3}\.){3}[0-9]{1,3})$ + ConstraintDescription: VPC ID must be with valid name, starting with vpc-.*. + ClusterName: + Description: ClusterName or PrefixName prepends to the Name tag for each subnet Type: String - SubnetName: - Description: Local Zone Name (Example cluster-public-us-east-1-nyc-1a) + AllowedPattern: ".+" + ConstraintDescription: ClusterName parameter must be specified + ZoneName: + Description: ZoneName that will be used to create the subnets, such as us-west-2-lax-1a Type: String + AllowedPattern: ".+" + ConstraintDescription: ZoneName parameter must be specified PublicRouteTableId: - Description: Public Route Table ID to associate the Local Zone subnet + Description: The PublicRouteTableID that associates with the public subnet Type: String + AllowedPattern: ".+" + ConstraintDescription: PublicRouteTableId parameter must be specified PublicSubnetCidr: AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-4]))$ - ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-24. + ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-24 + Default: 10.0.128.0/20 + Description: CIDR block for public subnet + Type: String + + PrivateRouteTableId: + Description: PublicRouteTableID that associates to the {zone-type} subnet + Type: String + AllowedPattern: ".+" + ConstraintDescription: PublicRouteTableId parameter must be specified + PrivateSubnetCidr: + AllowedPattern: ^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\/(1[6-9]|2[0-4]))$ + ConstraintDescription: CIDR block parameter must be in the form x.x.x.x/16-24 Default: 10.0.128.0/20 - Description: CIDR block for Public Subnet + Description: CIDR block for the public subnet Type: String Resources: @@ -48,9 +67,7 @@ Resources: AvailabilityZone: !Ref ZoneName Tags: - Key: Name - Value: !Ref SubnetName - - Key: kubernetes.io/cluster/unmanaged - Value: "true" + Value: !Join ['-', [!Ref ClusterName, "public", !Ref ZoneName]] PublicSubnetRouteTableAssociation: Type: "AWS::EC2::SubnetRouteTableAssociation" @@ -58,10 +75,31 @@ Resources: SubnetId: !Ref PublicSubnet RouteTableId: !Ref PublicRouteTableId + PrivateSubnet: + Type: "AWS::EC2::Subnet" + Properties: + VpcId: !Ref VpcId + CidrBlock: !Ref PrivateSubnetCidr + AvailabilityZone: !Ref ZoneName + Tags: + - Key: Name + Value: !Join ['-', [!Ref ClusterName, "private", !Ref ZoneName]] + + PrivateSubnetRouteTableAssociation: + Type: "AWS::EC2::SubnetRouteTableAssociation" + Properties: + SubnetId: !Ref PrivateSubnet + RouteTableId: !Ref PrivateRouteTableId + Outputs: - PublicSubnetIds: - Description: Subnet IDs of the public subnets. + PublicSubnetId: + Description: Subnet ID for the public subnets Value: !Join ["", [!Ref PublicSubnet]] + + PrivateSubnetId: + Description: Subnet ID for the private subnets + Value: + !Join ["", [!Ref PrivateSubnet]] ---- ==== diff --git a/modules/installation-cloudformation-vpc-carrier-gw.adoc b/modules/installation-cloudformation-vpc-carrier-gw.adoc new file mode 100644 index 000000000000..709970e12e0d --- /dev/null +++ b/modules/installation-cloudformation-vpc-carrier-gw.adoc @@ -0,0 +1,102 @@ +// Module included in the following assemblies: +// +// * installing/installing-aws-wavelength-zone.adoc (Installing a cluster on AWS with worker nodes on AWS Wavelength Zones) +// * post_installation_configuration/aws-compute-edge-zone-tasks.adoc (AWS zone tasks) + +ifeval::["{context}" == "installing-aws-wavelength-zone"] +:wavelength-zone: +endif::[] +ifeval::["{context}" == "aws-compute-edge-zone-tasks"] +:post-aws-zones: +endif::[] + +:_mod-docs-content-type: REFERENCE +[id="installation-cloudformation-vpc-carrier-gw_{context}"] +ifdef::wavelength-zone[] += CloudFormation template for the VPC Carrier Gateway +endif::wavelength-zone[] +ifdef::post-aws-zones[] += Wavelength Zones only: CloudFormation template for the VPC Carrier Gateway +endif::post-aws-zones[] + +You can use the following CloudFormation template to deploy the Carrier Gateway on AWS Wavelength infrastructure. + +.CloudFormation template for VPC Carrier Gateway +[%collapsible] +==== +[source,yaml,subs="attributes+"] +---- +AWSTemplateFormatVersion: 2010-09-09 +Description: Template for Creating Wavelength Zone Gateway (Carrier Gateway). + +Parameters: + VpcId: + Description: VPC ID to associate the Carrier Gateway. + Type: String + AllowedPattern: ^(?:(?:vpc)(?:-[a-zA-Z0-9]+)?\b|(?:[0-9]{1,3}\.){3}[0-9]{1,3})$ + ConstraintDescription: VPC ID must be with valid name, starting with vpc-.*. + ClusterName: + Description: Cluster Name or Prefix name to prepend the tag Name for each subnet. + Type: String + AllowedPattern: ".+" + ConstraintDescription: ClusterName parameter must be specified. + +Resources: + CarrierGateway: + Type: "AWS::EC2::CarrierGateway" + Properties: + VpcId: !Ref VpcId + Tags: + - Key: Name + Value: !Join ['-', [!Ref ClusterName, "cagw"]] + + PublicRouteTable: + Type: "AWS::EC2::RouteTable" + Properties: + VpcId: !Ref VpcId + Tags: + - Key: Name + Value: !Join ['-', [!Ref ClusterName, "public-carrier"]] + + PublicRoute: + Type: "AWS::EC2::Route" + DependsOn: CarrierGateway + Properties: + RouteTableId: !Ref PublicRouteTable + DestinationCidrBlock: 0.0.0.0/0 + CarrierGatewayId: !Ref CarrierGateway + + S3Endpoint: + Type: AWS::EC2::VPCEndpoint + Properties: + PolicyDocument: + Version: 2012-10-17 + Statement: + - Effect: Allow + Principal: '*' + Action: + - '*' + Resource: + - '*' + RouteTableIds: + - !Ref PublicRouteTable + ServiceName: !Join + - '' + - - com.amazonaws. + - !Ref 'AWS::Region' + - .s3 + VpcId: !Ref VpcId + +Outputs: + PublicRouteTableId: + Description: Public Route table ID + Value: !Ref PublicRouteTable +---- +==== + +ifeval::["{context}" == "installing-aws-wavelength-zone"] +:!wavelength-zone: +endif::[] +ifeval::["{context}" == "aws-compute-edge-zone-tasks"] +:!post-aws-zones: +endif::[] \ No newline at end of file diff --git a/modules/installation-cloudformation-vpc-localzone.adoc b/modules/installation-cloudformation-vpc-localzone.adoc index eb5f3f6e9138..97cc93331d00 100644 --- a/modules/installation-cloudformation-vpc-localzone.adoc +++ b/modules/installation-cloudformation-vpc-localzone.adoc @@ -1,13 +1,13 @@ // Module included in the following assemblies: // -// * installing/installing_aws/installing-aws-localzone.adoc +// * installing/installing-aws-localzone.adoc (Installing a cluster on AWS with compute nodes on AWS Local Zones) +// * installing/installing-aws-wavelength-zone.adoc (Installing a cluster on AWS with compute nodes on AWS Wavelength Zones) :_mod-docs-content-type: REFERENCE [id="installation-cloudformation-vpc-localzone_{context}"] = CloudFormation template for the VPC -You can use the following CloudFormation template to deploy the VPC that -you need for your {product-title} cluster. +You can use the following CloudFormation template to deploy the VPC that you need for your {product-title} cluster. .CloudFormation template for the VPC [%collapsible] @@ -305,5 +305,25 @@ Outputs: PublicRouteTableId: Description: Public Route table ID Value: !Ref PublicRouteTable + PrivateRouteTableIds: + Description: Private Route table IDs + Value: + !Join [ + ",", + [ + !Join ["=", [ + !Select [0, "Fn::GetAZs": !Ref "AWS::Region"], + !Ref PrivateRouteTable + ]], + !If [DoAz2, + !Join ["=", [!Select [1, "Fn::GetAZs": !Ref "AWS::Region"], !Ref PrivateRouteTable2]], + !Ref "AWS::NoValue" + ], + !If [DoAz3, + !Join ["=", [!Select [2, "Fn::GetAZs": !Ref "AWS::Region"], !Ref PrivateRouteTable3]], + !Ref "AWS::NoValue" + ] + ] + ] ---- ==== diff --git a/modules/installation-cluster-quickly-extend-compute-nodes.adoc b/modules/installation-cluster-quickly-extend-compute-nodes.adoc new file mode 100644 index 000000000000..6d680b74b436 --- /dev/null +++ b/modules/installation-cluster-quickly-extend-compute-nodes.adoc @@ -0,0 +1,29 @@ +// Module included in the following assemblies: +// +// * installing/installing-aws-localzone.adoc (Installing a cluster on AWS with compute nodes on AWS Local Zones) +// * installing/installing-aws-wavelength-zone.adoc (Installing a cluster on AWS with compute nodes on AWS Wavelength Zones) + +ifeval::["{context}" == "installing-aws-localzone"] +:local-zone: +endif::[] +ifeval::["{context}" == "installing-aws-wavelength-zone"] +:wavelength-zone: +endif::[] + +:_mod-docs-content-type: CONCEPT +[id="installation-cluster-quickly-extend-compute-nodes_{context}"] +ifdef::local-zone[] += Install a cluster quickly in AWS Local Zones +endif::local-zone[] +ifdef::wavelength-zone[] += Install a cluster quickly in AWS Wavelength Zones +endif::wavelength-zone[] + +For {product-title} {product-version}, you can quickly install a cluster on Amazon Web Services (AWS) to extend compute nodes to {zone-type} locations. By using this installation route, the installation program automatically creates network resources and {zone-type} subnets for each zone that you defined in your configuration file. To customize the installation, you must modify parameters in the `install-config.yaml` file before you deploy the cluster. + +ifeval::["{context}" == "installing-aws-localzone"] +:!local-zone: +endif::[] +ifeval::["{context}" == "installing-aws-wavelength-zone"] +:!wavelength-zone: +endif::[] diff --git a/modules/installation-cluster-quickly-extend-workers.adoc b/modules/installation-cluster-quickly-extend-workers.adoc deleted file mode 100644 index 373329b614ba..000000000000 --- a/modules/installation-cluster-quickly-extend-workers.adoc +++ /dev/null @@ -1,10 +0,0 @@ -// Module included in the following assemblies: -// -// * installing/installing-aws-localzone.adoc - -:_mod-docs-content-type: CONCEPT - -[id="installation-cluster-quickly-extend-workers_{context}"] -= Install a cluster quickly in AWS Local Zones - -For {product-title} {product-version}, you can quickly install a cluster on Amazon Web Services (AWS) to extend compute nodes to Local Zone locations. By using this installation route, the installation program automatically creates network resources and Local Zone subnets for each Local Zone that you defined in your configuration file. To customize the installation, you must modify parameters in the `install-config.yaml` file before you deploy the cluster. diff --git a/modules/installation-creating-aws-subnet-localzone.adoc b/modules/installation-creating-aws-subnet-localzone.adoc deleted file mode 100644 index 4ff5b6cea368..000000000000 --- a/modules/installation-creating-aws-subnet-localzone.adoc +++ /dev/null @@ -1,108 +0,0 @@ -// Module included in the following assemblies: -// -// * installing/installing_aws/installing-aws-localzone.adoc -// * post_installation_configuration/aws-compute-edge-tasks.adoc - -:_mod-docs-content-type: PROCEDURE -[id="installation-creating-aws-subnet-localzone_{context}"] -= Creating a subnet in AWS Local Zones - -You must create a subnet in AWS Local Zones before you configure a worker machineset for your {product-title} cluster. - -You must repeat the following process for each Local Zone you want to deploy worker nodes to. - -You can use the provided CloudFormation template and a custom parameter file to create a stack of AWS resources that represent the subnet. - -[NOTE] -==== -If you do not use the provided CloudFormation template to create your AWS -infrastructure, you must review the provided information and manually create -the infrastructure. If your cluster does not initialize correctly, you might -have to contact Red Hat support with your installation logs. -==== - -.Prerequisites - -* You configured an AWS account. -* You added your AWS keys and region to your local AWS profile by running `aws configure`. -* You opted in to the Local Zone group. - -.Procedure - -. Create a JSON file that contains the parameter values that the template -requires: -+ -[source,json] ----- -[ - { - "ParameterKey": "VpcId", - "ParameterValue": "" <1> - }, - { - "ParameterKey": "PublicRouteTableId", - "ParameterValue": "" <2> - }, - { - "ParameterKey": "ZoneName", - "ParameterValue": "" <3> - }, - { - "ParameterKey": "SubnetName", - "ParameterValue": "" - }, - { - "ParameterKey": "PublicSubnetCidr", - "ParameterValue": "10.0.192.0/20" <4> - } -] ----- -<1> Specify the VPC ID, which is the value `VpcID` in the output of the CloudFormation template. -for the VPC. -<2> Specify the Route Table ID, which is the value of the `PublicRouteTableId` in the CloudFormation stack -for the VPC. -<3> Specify the AWS Local Zone name, which is the value of the `ZoneName` field in the `AvailabilityZones` object that you retrieve in the section "Opting in to AWS Local Zones". -<4> Specify a CIDR block that is used to create the Local Zone subnet. This block must be part of the VPC CIDR block `VpcCidr`. - -. Copy the template from the *CloudFormation template for the subnet* -section of this topic and save it as a YAML file on your computer. This template -describes the VPC that your cluster requires. - -. Launch the CloudFormation template to create a stack of AWS resources that represent the VPC by running the following command: -+ -[IMPORTANT] -==== -You must enter the command on a single line. -==== -+ -[source,terminal] ----- -$ aws cloudformation create-stack --stack-name \ <1> - --template-body file://