OSDOCS2164: Alibaba install

_attributes/common-attributes.adoc

@@ -60,3 +60,5 @@ endif::[]
 :pipelines-ver: pipelines-1.6
 //odo
 :odo-title: odo
+//alibaba cloud
+:alibaba: Alibaba Cloud

_topic_maps/_topic_map.yml

@@ -117,6 +117,20 @@ Topics:
     File: installing-mirroring-installation-images
   - Name: Mirroring images for a disconnected installation using the oc-mirror plug-in
     File: installing-mirroring-disconnected
+- Name: Installing on Alibaba
+  Dir: installing_alibaba
+  Distros: openshift-origin,openshift-enterprise
+  Topics:
+    - Name: Preparing to install on Alibaba Cloud
+      File: preparing-to-install-on-alibaba
+    - Name: Creating the required Alibaba Cloud resources
+      File: manually-creating-alibaba-ram
+    - Name: Installing a cluster quickly on Alibaba Cloud
+      File: installing-alibaba-default
+    - Name: Installing a cluster on Alibaba Cloud with customizations
+      File: installing-alibaba-customizations
+    - Name: Uninstalling a cluster on Alibaba Cloud
+      File: uninstall-cluster-alibaba
 - Name: Installing on AWS
   Dir: installing_aws
   Distros: openshift-origin,openshift-enterprise

authentication/managing_cloud_provider_credentials/about-cloud-credential-operator.adoc

@@ -33,6 +33,11 @@ Mint mode is the default and recommended best practice setting for the CCO to us
 |====
 |Cloud provider |Mint |Passthrough |Manual
 
+|{alibaba}
+|
+|
+|X
+
 |Amazon Web Services (AWS)
 |X
 |X

authentication/managing_cloud_provider_credentials/cco-mode-manual.adoc

@@ -6,13 +6,13 @@ include::_attributes/common-attributes.adoc[]
 
 toc::[]
 
-Manual mode is supported for Amazon Web Services (AWS), Microsoft Azure, IBM Cloud, and Google Cloud Platform (GCP).
+Manual mode is supported for Alibaba Cloud, Amazon Web Services (AWS), Microsoft Azure, IBM Cloud, and Google Cloud Platform (GCP).
 
 In manual mode, a user manages cloud credentials instead of the Cloud Credential Operator (CCO). To use this mode, you must examine the `CredentialsRequest` CRs in the release image for the version of {product-title} that you are running or installing, create corresponding credentials in the underlying cloud provider, and create Kubernetes Secrets in the correct namespaces to satisfy all `CredentialsRequest` CRs for the cluster's cloud provider.
 
 Using manual mode allows each cluster component to have only the permissions it requires, without storing an administrator-level credential in the cluster. This mode also does not require connectivity to the AWS public IAM endpoint. However, you must manually reconcile permissions with new release images for every upgrade.
 
-For information about configuring your cloud provider to use manual mode, see _Manually creating IAM_ for xref:../../installing/installing_aws/manually-creating-iam.adoc#manually-creating-iam-aws[AWS], xref:../../installing/installing_azure/manually-creating-iam-azure.adoc#manually-creating-iam-azure[Azure], xref:../../installing/installing_ibm_cloud_public/configuring-iam-ibm-cloud.adoc#configuring-iam-ibm-cloud[IBM Cloud], or xref:../../installing/installing_gcp/manually-creating-iam-gcp.adoc#manually-creating-iam-gcp[GCP].
+For information about configuring your cloud provider to use manual mode, see _Manually creating RAM resources_ for xref:../../installing/installing_alibaba/installing-alibaba-default.adoc#installation-initializing_installing-alibaba-default[Alibaba Cloud], xref:../../installing/installing_aws/manually-creating-iam.adoc#manually-creating-iam-aws[AWS], xref:../../installing/installing_azure/manually-creating-iam-azure.adoc#manually-creating-iam-azure[Azure], xref:../../installing/installing_ibm_cloud_public/configuring-iam-ibm-cloud.adoc#configuring-iam-ibm-cloud[IBM Cloud], or xref:../../installing/installing_gcp/manually-creating-iam-gcp.adoc#manually-creating-iam-gcp[GCP].
 
 [id="manual-mode-sts-blurb"]
 == Manual mode with AWS STS
@@ -25,6 +25,7 @@ include::modules/manually-maintained-credentials-upgrade.adoc[leveloffset=+1]
 [id="additional-resources_cco-mode-manual"]
 == Additional resources
 
+* xref:../../installing/installing_alibaba/manually-creating-alibaba-ram.adoc#manually-creating-alibaba-ram[Manually creating RAM resources for Alibaba Cloud]
 * xref:../../installing/installing_aws/manually-creating-iam.adoc#manually-creating-iam-aws[Manually creating IAM for AWS]
 * xref:../../installing/installing_azure/manually-creating-iam-azure.adoc#manually-creating-iam-azure[Manually creating IAM for Azure]
 * xref:../../installing/installing_gcp/manually-creating-iam-gcp.adoc#manually-creating-iam-gcp[Manually creating IAM for GCP]

installing/installing-preparing.adoc

@@ -17,6 +17,7 @@ Before you install an {product-title} cluster, you need to select the best insta
 
 If you want to install and manage {product-title} yourself, you can install it on the following platforms:
 
+* Alibaba Cloud
 * Amazon Web Services (AWS) on x86_64 instances
 * Amazon Web Services (AWS) on arm64 instances
 * Microsoft Azure
@@ -49,9 +50,9 @@ Because you need to provision machines as part of the {product-title} cluster in
 
 Because the operating system is integral to {product-title}, it is easier to let the installation program for {product-title} stand up all of the infrastructure. These are called _installer provisioned infrastructure_ installations. In this type of installation, you can provide some existing infrastructure to the cluster, but the installation program deploys all of the machines that your cluster initially needs.
 
-You can deploy an installer-provisioned infrastructure cluster without specifying any customizations to the cluster or its underlying machines to xref:../installing/installing_aws/installing-aws-default.adoc#installing-aws-default[AWS], xref:../installing/installing_azure/installing-azure-default.adoc#installing-azure-default[Azure], xref:../installing/installing_azure_stack_hub/installing-azure-stack-hub-default.adoc#installing-azure-stack-hub-default[Azure Stack Hub], xref:../installing/installing_gcp/installing-gcp-default.adoc#installing-gcp-default[GCP], or xref:../installing/installing_vmc/installing-vmc.adoc#installing-vmc[VMC on AWS]. These installation methods are the fastest way to deploy a production-capable {product-title} cluster.
+You can deploy an installer-provisioned infrastructure cluster without specifying any customizations to the cluster or its underlying machines to xref:../installing/installing_alibaba/installing-alibaba-default.adoc#installing-alibaba-default[Alibaba Cloud], xref:../installing/installing_aws/installing-aws-default.adoc#installing-aws-default[AWS], xref:../installing/installing_azure/installing-azure-default.adoc#installing-azure-default[Azure], xref:../installing/installing_azure_stack_hub/installing-azure-stack-hub-default.adoc#installing-azure-stack-hub-default[Azure Stack Hub], xref:../installing/installing_gcp/installing-gcp-default.adoc#installing-gcp-default[GCP], or xref:../installing/installing_vmc/installing-vmc.adoc#installing-vmc[VMC on AWS]. These installation methods are the fastest way to deploy a production-capable {product-title} cluster.
 
-If you need to perform basic configuration for your installer-provisioned infrastructure cluster, such as the instance type for the cluster machines, you can customize an installation for xref:../installing/installing_aws/installing-aws-customizations.adoc#installing-aws-customizations[AWS], xref:../installing/installing_azure/installing-azure-customizations.adoc#installing-azure-customizations[Azure], xref:../installing/installing_gcp/installing-gcp-customizations.adoc#installing-gcp-customizations[GCP], or xref:../installing/installing_vmc/installing-vmc-customizations.adoc#installing-vmc-customizations[VMC on AWS].
+If you need to perform basic configuration for your installer-provisioned infrastructure cluster, such as the instance type for the cluster machines, you can customize an installation for xref:../installing/installing_alibaba/installing-alibaba-customizations.adoc#installing-alibaba-customizations[Alibaba Cloud], xref:../installing/installing_aws/installing-aws-customizations.adoc#installing-aws-customizations[AWS], xref:../installing/installing_azure/installing-azure-customizations.adoc#installing-azure-customizations[Azure], xref:../installing/installing_gcp/installing-gcp-customizations.adoc#installing-gcp-customizations[GCP], or xref:../installing/installing_vmc/installing-vmc-customizations.adoc#installing-vmc-customizations[VMC on AWS].
 
 For installer-provisioned infrastructure installations, you can use an existing xref:../installing/installing_aws/installing-aws-vpc.adoc#installing-aws-vpc[VPC in AWS], xref:../installing/installing_azure/installing-azure-vnet.adoc#installing-azure-vnet[vNet in Azure], or xref:../installing/installing_gcp/installing-gcp-vpc.adoc#installing-gcp-vpc[VPC in GCP]. You can also reuse part of your networking infrastructure so that your cluster in xref:../installing/installing_aws/installing-aws-network-customizations.adoc#installing-aws-network-customizations[AWS], xref:../installing/installing_azure/installing-azure-network-customizations.adoc#installing-azure-network-customizations[Azure], xref:../installing/installing_gcp/installing-gcp-network-customizations.adoc#installing-gcp-network-customizations[GCP], or xref:../installing/installing_vmc/installing-vmc-network-customizations.adoc#installing-vmc-network-customizations[VMC on AWS] can coexist with existing IP address allocations in your environment and integrate with existing MTU and VXLAN configurations. If you have existing accounts and credentials on these clouds, you can re-use them, but you might need to modify the accounts to have the required permissions to install {product-title} clusters on them.
 
@@ -121,13 +122,14 @@ Not all installation options are supported for all platforms, as shown in the fo
 .Installer-provisioned infrastructure options
 |===
 ifndef::openshift-origin[]
-||AWS (x86_64) |AWS (arm64) |Azure |Azure Stack Hub |GCP |{rh-openstack} |{rh-openstack} on SR-IOV |RHV |Bare metal |vSphere |VMC |IBM Cloud |IBM Z |IBM Power
+||Alibaba |AWS (x86_64) |AWS (arm64) |Azure |Azure Stack Hub |GCP |{rh-openstack} |{rh-openstack} on SR-IOV |RHV |Bare metal |vSphere |VMC |IBM Cloud |IBM Z |IBM Power
 endif::openshift-origin[]
 ifdef::openshift-origin[]
-||AWS |Azure |GCP |{rh-openstack} |{rh-openstack} on SR-IOV |oVirt |Bare metal |vSphere |VMC |IBM Cloud |IBM Z |IBM Power
+||Alibaba||AWS |Azure |GCP |{rh-openstack} |{rh-openstack} on SR-IOV |oVirt |Bare metal |vSphere |VMC |IBM Cloud |IBM Z |IBM Power
 endif::openshift-origin[]
 
 |Default
+|xref:../installing/installing_alibaba/installing-alibaba-default.adoc#installing-alibaba-default[X]
 |xref:../installing/installing_aws/installing-aws-default.adoc#installing-aws-default[X]
 |xref:../installing/installing_aws/installing-aws-default.adoc#installing-aws-default[X]
 |xref:../installing/installing_azure/installing-azure-default.adoc#installing-azure-default[X]
@@ -144,6 +146,7 @@ endif::openshift-origin[]
 |
 
 |Custom
+|xref:../installing/installing_alibaba/installing-alibaba-customizations.adoc#installing-alibaba-customizations[X]
 |xref:../installing/installing_aws/installing-aws-customizations.adoc#installing-aws-customizations[X]
 |xref:../installing/installing_aws/installing-aws-customizations.adoc#installing-aws-customizations[X]
 |xref:../installing/installing_azure/installing-azure-customizations.adoc#installing-azure-customizations[X]
@@ -160,6 +163,7 @@ endif::openshift-origin[]
 |
 
 |Network customization
+|
 |xref:../installing/installing_aws/installing-aws-network-customizations.adoc#installing-aws-network-customizations[X]
 |xref:../installing/installing_aws/installing-aws-network-customizations.adoc#installing-aws-network-customizations[X]
 |xref:../installing/installing_azure/installing-azure-network-customizations.adoc#installing-azure-network-customizations[X]
@@ -176,6 +180,7 @@ endif::openshift-origin[]
 |
 
 |Restricted network
+|
 |xref:../installing/installing_aws/installing-restricted-networks-aws-installer-provisioned.adoc#installing-restricted-networks-aws-installer-provisioned[X]
 |
 |
@@ -192,6 +197,7 @@ endif::openshift-origin[]
 |
 
 |Private clusters
+|
 |xref:../installing/installing_aws/installing-aws-private.adoc#installing-aws-private[X]
 |xref:../installing/installing_aws/installing-aws-private.adoc#installing-aws-private[X]
 |xref:../installing/installing_azure/installing-azure-private.adoc#installing-azure-private[X]
@@ -208,6 +214,7 @@ endif::openshift-origin[]
 |
 
 |Existing virtual private networks
+|
 |xref:../installing/installing_aws/installing-aws-vpc.adoc#installing-aws-vpc[X]
 |xref:../installing/installing_aws/installing-aws-vpc.adoc#installing-aws-vpc[X]
 |xref:../installing/installing_azure/installing-azure-vnet.adoc#installing-azure-vnet[X]
@@ -224,6 +231,7 @@ endif::openshift-origin[]
 |
 
 |Government regions
+|
 |xref:../installing/installing_aws/installing-aws-government-region.adoc#installing-aws-government-region[X]
 |
 |xref:../installing/installing_azure/installing-azure-government-region.adoc#installing-azure-government-region[X]
@@ -240,6 +248,7 @@ endif::openshift-origin[]
 |
 
 |China regions
+|
 |xref:../installing/installing_aws/installing-aws-china.adoc#installing-aws-china-region[X]
 |
 |

installing/installing_alibaba/installing-alibaba-customizations.adoc

@@ -0,0 +1,70 @@
+:_content-type: ASSEMBLY
+[id="installing-alibaba-customizations"]
+= Installing a cluster on Alibaba Cloud with customizations
+include::_attributes/common-attributes.adoc[]
+:context: installing-alibaba-customizations
+
+toc::[]
+
+In {product-title} version {product-version}, you can install a customized cluster on infrastructure that the installation program provisions on Alibaba Cloud. To customize the installation, you modify parameters in the `install-config.yaml` file before you install the cluster.
+
+[NOTE]
+====
+The scope of the {product-title} installation configurations is intentionally narrow. It is designed for simplicity and ensured success. You can complete many more {product-title} configuration tasks after an installation completes.
+====
+
+:FeatureName: Alibaba Cloud on {product-title}
+include::snippets/technology-preview.adoc[]
+
+[id="prerequisites_installing-alibaba-customizations"]
+== Prerequisites
+
+* You reviewed details about the xref:../../architecture/architecture-installation.adoc#architecture-installation[{product-title} installation and update] processes.
+* You read the documentation on xref:../../installing/installing-preparing.adoc#installing-preparing[selecting a cluster installation method and preparing it for users].
+* You xref:../../installing/installing_alibaba/preparing-to-install-on-alibaba.html#installation-alibaba-dns_preparing-to-install-on-alibaba[registered your domain].
+* If you use a firewall, you xref:../../installing/install_config/configuring-firewall.adoc#configuring-firewall[configured it to allow the sites] that your cluster requires access to.
+* If the cloud Resource Access Management (RAM) APIs are not accessible in your environment, or if you do not want to store an administrator-level credential secret in the `kube-system` namespace, you can xref:../../installing/installing_alibaba/manually-creating-alibaba-ram.adoc#manually-creating-alibaba-ram[manually create and maintain Resource Access Management (RAM) credentials].
+
+include::modules/cluster-entitlements.adoc[leveloffset=+1]
+
+include::modules/ssh-agent-using.adoc[leveloffset=+1]
+
+include::modules/installation-obtaining-installer.adoc[leveloffset=+1]
+
+include::modules/installation-initializing.adoc[leveloffset=+2]
+
+include::modules/manually-creating-alibaba-manifests.adoc[leveloffset=+2]
+
+include::modules/cco-ccoctl-creating-at-once.adoc[leveloffset=+2]
+
+include::modules/installation-configuration-parameters.adoc[leveloffset=+2]
+
+include::modules/installation-alibaba-config-yaml.adoc[leveloffset=+2]
+
+include::modules/installation-configure-proxy.adoc[leveloffset=+2]
+
+include::modules/installation-launching-installer.adoc[leveloffset=+1]
+
+include::modules/cli-installing-cli.adoc[leveloffset=+1]
+
+include::modules/cli-logging-in-kubeadmin.adoc[leveloffset=+1]
+
+include::modules/logging-in-by-using-the-web-console.adoc[leveloffset=+1]
+
+include::modules/cluster-telemetry.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+
+* See xref:../../support/remote_health_monitoring/about-remote-health-monitoring.adoc#about-remote-health-monitoring[About remote health monitoring] for more information about the Telemetry service.
+* See xref:../../web_console/web-console.adoc#web-console[Accessing the web console] for more details about accessing and understanding the {product-title} web console
+* See xref:../../web_console/web-console.adoc#web-console[Accessing the web console] for more details about accessing and understanding the {product-title} web console.
+
+[id="next-steps_installing-alibaba-customizations"]
+== Next steps
+
+* xref:../../installing/validating-an-installation.adoc#validating-an-installation[Validating an installation].
+* xref:../../post_installation_configuration/cluster-tasks.adoc#available_cluster_customizations[Customize your cluster].
+* If necessary, you can xref:../../support/remote_health_monitoring/opting-out-of-remote-health-reporting.adoc#opting-out-remote-health-reporting_opting-out-remote-health-reporting[opt out of remote health reporting].
+//Given that manual mode is required to install on Alibaba Cloud, I do not believe this xref is necessary.
+//* If necessary, you can xref:../../authentication/managing_cloud_provider_credentials/cco-mode-mint.adoc#manually-removing-cloud-creds_cco-mode-mint[remove cloud provider credentials].