OSDOCS2164: Alibaba install

[mburke5678]

https://issues.redhat.com/browse/OSDOCS-2164

Carrying on work started in #40651

Previews:
Installing on Alibaba

• Preparing to install on Alibaba Cloud New topic
• Creating the required Alibaba Cloud resources new topic
• Creating the installation configuration file Modified to add Alibaba
• Creating the installation configuration file Modified to add Alibaba
• Generating the required installation manifests Modified to add Alibaba
• Sample customized install-config.yaml file for Alibaba Cloud New file, based on other platforms
• Additional configuration parameters Modified to add Alibaba

Authentication -> Managing cloud provider credentials -> Using manual mode Modified to add Alibaba

Selecting a cluster installation method:

• Do you want to install and manage an OpenShift Container Platform cluster yourself? Modified to add Alibaba
• Do you want to use existing components in your cluster? Modified to add Alibaba
• Table 1. Installer-provisioned infrastructure options Modified to add Alibaba

About the Cloud Credential Operator -> Modes -> Table 1: CCO mode support matrix Modified to add Alibaba

Installation -> Overview -> Supported platforms Modified to add Alibaba

[netlify]

✔️ Deploy Preview for osdocs ready!

🔨 Explore the source changes: 220fee8

🔍 Inspect the deploy log: https://app.netlify.com/sites/osdocs/deploys/62261d487c1848000760e70a

😎 Browse the preview: https://deploy-preview-41083--osdocs.netlify.app

[kwoodson]

I don't see this field here https://github.com/openshift/installer/blob/4fc9fa88c22221b6cede2456b1c33847943b75c9/pkg/types/alibabacloud/machinepool.go#L19

[mburke5678]

@kwoodson I got that from https://github.com/openshift/installer/blob/master/data/data/install.openshift.io_installconfigs.yaml#L1131

[jianli-wei]

@mburke5678 It seems no the field "description" from "openshift-install explain" outputs.

$ openshift-install explain installconfig.platform.alibabacloud.defaultMachinePlatform
KIND: InstallConfig
VERSION: v1

RESOURCE:
DefaultMachinePlatform is the default configuration used when installing on Alibaba Cloud for machine pools which do not define their own platform configuration.

FIELDS:
imageID
ImageID is the Image ID that should be used to create ECS instance. If set, the ImageID should belong to the same region as the cluster.

instanceType <string>
  InstanceType defines the ECS instance type. eg. ecs.g6.large

systemDiskCategory <string>
  Valid Values: "","cloud_efficiency","cloud_essd"
  SystemDiskCategory defines the category of the system disk.

systemDiskSize <integer>
  SystemDiskSize defines the size of the system disk in gibibytes (GiB).

zones <[]string>
  Zones is list of availability zones that can be used. eg. ["cn-hangzhou-i", "cn-hangzhou-h", "cn-hangzhou-j"]

$

[jianli-wei]

@mburke5678 I guess https://github.com/openshift/installer/blob/master/data/data/install.openshift.io_installconfigs.yaml#L108-L136 instead.

[mburke5678]

@jianli-wei @kwoodson I updated the list to match the parameters in the install.openshift.io_installconfigs.yaml as Jianli indicated.

[jeana-redhat]

Some first notes

[ahardin-rh]

To run the Alibaba installer, you must have these permissions per discussion with Gaurav Singh.

AliyunBSSFullAccess for full access or at least these permissions:

    {
        "Action": [
            "bss:CreateInstance",
            "bss:Query*",
            "bss:ModifyInstance"
        ],
        "Effect": "Allow",
        "Resource": [
            "*"
        ]
    }

[jeana-redhat]

A few comments based on my understanding. This is looking good though :D

[jianli-wei]

4.10 does support IPI installation on alibabacloud, using an existing VPC. And in such case, the VPC is expected to have NAT gateway (and EIP) configured beforehand.

FYI
openshift/installer@4be9a0b
openshift/installer@14246b3

$ openshift-install explain installconfig.platform.alibabacloud
KIND:     InstallConfig
VERSION:  v1

RESOURCE: <object>
  AlibabaCloud is the configuration used when installing on Alibaba Cloud.

FIELDS:
......
    vpcID <string>
      VpcID is the ID of an already existing VPC where the cluster should be installed. If empty, the installer will create a new VPC for the cluster.

    vswitchIDs <[]string>
      VSwitchIDs is the ID list of already existing VSwitches where cluster resources will be created. The existing VSwitches can only be used when also using existing VPC. If empty, the installer will create new VSwitches for the cluster.

$ 

[mburke5678]

@jianli-wei We weren't asked to document the Alibaba VPC installation, as far as I know. I am not sure we want to indicate support for the VPC install if we don't document it.

@mjpytlak WDYT? Should we add an X to the table to show support?

[mjpytlak]

@mburke5678 @jianli-wei Thanks for raising this item. Myself and @sjstout had discussed this back in November with @gauravsingh85 . While Alibaba can be configured for a VPC workflow, the documentation was not in scope for 4.10. Given that it is not documented, we cannot declare support it. We will be sizing/scoping the 4.11 doc effort over the next few weeks. I will be sure to raise this item at that time to determine when this doc can be delivered.

[jianli-wei]

Got it, thanks! @mburke5678 @mjpytlak

[jianli-wei]

@mburke5678 It seems I cannot get to the above commit. Anyway, suggest to update according to @kwoodson's suggestion, thanks!

[jianli-wei]

The above fields belong to ".platform.alibabacloud.defaultMachinePlatform" instead, please see below:

$ openshift-install explain installconfig.platform.alibabacloud
KIND:     InstallConfig
VERSION:  v1

RESOURCE: <object>
  AlibabaCloud is the configuration used when installing on Alibaba Cloud.

FIELDS:
    defaultMachinePlatform <object>
      DefaultMachinePlatform is the default configuration used when installing on Alibaba Cloud for machine pools which do not define their own platform configuration.

    privateZoneID <string>
      PrivateZoneID is the ID of an existing private zone into which to add DNS records for the cluster's internal API. An existing private zone can only be used when also using existing VPC. The private zone must be associated with the VPC containing the subnets. Leave the private zone unset to have the installer create the private zone on your behalf.

    region <string> -required-
      Region specifies the Alibaba Cloud region where the cluster will be created.

    resourceGroupID <string>
      ResourceGroupID is the ID of an already existing resource group where the cluster should be installed. If empty, the installer will create a new resource group for the cluster.

    tags <object>
      Tags additional keys and values that the installer will add as tags to all resources that it creates. Resources created by the cluster itself may not include these tags.

    vpcID <string>
      VpcID is the ID of an already existing VPC where the cluster should be installed. If empty, the installer will create a new VPC for the cluster.

    vswitchIDs <[]string>
      VSwitchIDs is the ID list of already existing VSwitches where cluster resources will be created. The existing VSwitches can only be used when also using existing VPC. If empty, the installer will create new VSwitches for the cluster.

$ openshift-install explain installconfig.platform.alibabacloud.defaultMachinePlatform
KIND:     InstallConfig
VERSION:  v1

RESOURCE: <object>
  DefaultMachinePlatform is the default configuration used when installing on Alibaba Cloud for machine pools which do not define their own platform configuration.

FIELDS:
    imageID <string>
      ImageID is the Image ID that should be used to create ECS instance. If set, the ImageID should belong to the same region as the cluster.

    instanceType <string>
      InstanceType defines the ECS instance type. eg. ecs.g6.large

    systemDiskCategory <string>
      Valid Values: "","cloud_efficiency","cloud_essd"
      SystemDiskCategory defines the category of the system disk.

    systemDiskSize <integer>
      SystemDiskSize defines the size of the system disk in gibibytes (GiB).

    zones <[]string>
      Zones is list of availability zones that can be used. eg. ["cn-hangzhou-i", "cn-hangzhou-h", "cn-hangzhou-j"]

$ 

[jianli-wei]

@mburke5678 Except the fields under platform.alibabacloud.defaultMachinePlatform, I would suggest to also list the fields under platform.alibabacloud, in the table "Additional Alibaba Cloud configuration parameters". WDYT?

[jianli-wei]

@mburke5678 WDYT

[jianli-wei]

"modify an existing user" instead?

[jianli-wei]

I think "Creating the required RAM user" belongs to prerequisites, and what's needed here is "manually creating alibaba ram" instead.

[mburke5678]

@jianli-wei You are asking me to move the "manually creating alibaba ram". I'm not clear on which step this is. Is this where the user runs the ccoctl alibabacloud create-ram-users --name <name> --region=<alibaba-region> --credentials-requests-dir=<path_to_directory_with_list_of_credentials_requests>/credrequests --output-dir=<path_to_ccoctl_output_dir> command?

[jianli-wei]

@mburke5678 The existing section "Creating credentials for OpenShift Container Platform components with the ccoctl tool" can be taken as "Manually creating alibaba RAM users", which is better mentioned for the 2nd point ("Copy the generated credential files to the target manifests directory") of the section "Generating the required installation manifests". Alternatively, move the 2nd point to the end of the section "Creating credentials for OpenShift Container Platform components with the ccoctl tool".

For example,

the section "Generating the required installation manifests"
Procedure

1. Generate the manifests...

the section "Creating credentials for OpenShift Container Platform components with the ccoctl tool"
Prerequisites
...
Procedure

1. Extract the list of CredentialsRequest...
2. Use the ccoctl tool...
3. Copy the generated credential files to the target manifests directory...

[jianli-wei]

@mburke5678 Except the fields under platform.alibabacloud.defaultMachinePlatform, I would suggest to also list the fields under platform.alibabacloud, in the table "Additional Alibaba Cloud configuration parameters". WDYT?

[mburke5678]

@jianli-wei Here we go!

In Creating the installation configuration file:
Create the install-config.yaml file.
Set the credentialsMode parameter to Manual.

In Generating the required installation manifests
Generate the manifests

In Creating credentials for OpenShift Container Platform components with the ccoctl tool
Extract the list of CredentialsRequest objects
Use the ccoctl tool
Copy the generated credential files

We single-source the installation docs and re-use them throughout all of the different platforms. I first thought to combine Generating the required installation manifests and Creating credentials for OpenShift Container Platform components with the ccoctl tool into one file. But decided to honor that structure.

[jianli-wei]

LGTM, thanks!

[mburke5678]

/cherrypick enterprise-4.10

[openshift-cherrypick-robot]

@mburke5678: new pull request created: #42891

In response to this:

/cherrypick enterprise-4.10

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.