Merge pull request #110521 from openshift/revert-105583-cherry-pick-105581-to-enterprise-4.16

Revert "[enterprise-4.16] OSDOCS-16842-3: CQA for NOP-1 AWS Load Balancer Operator (ALBO)"

Author: JoeAldinger

modules/nw-aws-load-balancer-operator-considerations.adoc

@@ -1,17 +1,14 @@
 // Module included in the following assemblies:
 // * networking/aws_load_balancer_operator/understanding-aws-load-balancer-operator.adoc
 
-:_mod-docs-content-type: CONCEPT
+:_mod-docs-content-type: REFERENCE
 [id="nw-aws-load-balancer-operator-considerations_{context}"]
 = AWS Load Balancer Operator considerations
 
-[role="_abstract"]
-To ensure a successful deployment, review the limitations of the AWS Load Balancer Operator. Understanding these constraints helps avoid compatibility issues and ensures the Operator meets your architectural requirements before installation.
-
 Review the following limitations before installing and using the AWS Load Balancer Operator:
 
 * The IP traffic mode only works on AWS Elastic Kubernetes Service (EKS). The AWS Load Balancer Operator disables the IP traffic mode for the AWS Load Balancer Controller. As a result of disabling the IP traffic mode, the AWS Load Balancer Controller cannot use the pod readiness gate.
 
 * The AWS Load Balancer Operator adds command-line flags such as `--disable-ingress-class-annotation` and `--disable-ingress-group-name-annotation` to the AWS Load Balancer Controller. Therefore, the AWS Load Balancer Operator does not allow using the `kubernetes.io/ingress.class` and `alb.ingress.kubernetes.io/group.name` annotations in the `Ingress` resource.
 
-* The AWS Load Balancer Operator requires that the service type is `NodePort` and not `LoadBalancer` or `ClusterIP`.
+* You have configured the AWS Load Balancer Operator so that the SVC type is `NodePort` (not `LoadBalancer` or `ClusterIP`).

modules/nw-aws-load-balancer-operator.adoc

@@ -3,14 +3,11 @@
 
 :_mod-docs-content-type: PROCEDURE
 [id="nw-aws-load-balancer-operator_{context}"]
-= Deploying the AWS Load Balancer Operator
+= AWS Load Balancer Operator
 
-[role="_abstract"]
-After you deploy the The AWS Load Balancer Operator, the Operator automatically tags public subnets if the `kubernetes.io/role/elb` tag is missing. The Operator then identifies specific network resources in the underlying AWS cloud to ensure successful cluster integration.
+The AWS Load Balancer Operator can tag the public subnets if the `kubernetes.io/role/elb` tag is missing. Also, the AWS Load Balancer Operator detects the following information from the underlying AWS cloud:
 
-The AWS Load Balancer Operator detects the following information from the underlying AWS cloud:
-
-* The ID of the virtual private cloud (VPC) on which the cluster hosting the Operator is deployed.
+* The ID of the virtual private cloud (VPC) on which the cluster hosting the Operator is deployed in.
 
 * Public and private subnets of the discovered VPC.
 

modules/nw-aws-load-balancer-with-outposts.adoc

@@ -7,25 +7,27 @@
 [id="nw-aws-load-balancer-with-outposts_{context}"]
 = Using the AWS Load Balancer Operator in an AWS VPC cluster extended into an Outpost
 
-[role="_abstract"]
-To provision an AWS Application Load Balancer in an AWS VPC cluster extended into an Outpost, configure the AWS Load Balancer Operator. Note that the Operator cannot provision AWS Network Load Balancers because AWS Outposts does not support them.
+You can configure the AWS Load Balancer Operator to provision an AWS Application Load Balancer in an AWS VPC cluster extended into an Outpost.
+AWS Outposts does not support AWS Network Load Balancers.
+As a result, the AWS Load Balancer Operator cannot provision Network Load Balancers in an Outpost.
 
 You can create an AWS Application Load Balancer either in the cloud subnet or in the Outpost subnet.
-
-An Application Load Balancer in the cloud can attach to cloud-based compute nodes. An Application Load Balancer in the Outpost can attach to edge compute nodes.
-
+An Application Load Balancer in the cloud can attach to cloud-based compute nodes and an Application Load Balancer in the Outpost can attach to edge compute nodes.
 You must annotate Ingress resources with the Outpost subnet or the VPC subnet, but not both.
 
 .Prerequisites
 
 * You have extended an AWS VPC cluster into an Outpost.
+
 * You have installed the {oc-first}.
+
 * You have installed the AWS Load Balancer Operator and created the AWS Load Balancer Controller.
 
 .Procedure
 
 * Configure the `Ingress` resource to use a specified subnet:
 +
+--
 .Example `Ingress` resource configuration
 [source,yaml]
 ----
@@ -34,7 +36,7 @@ kind: Ingress
 metadata:
   name: <application_name>
   annotations:
-    alb.ingress.kubernetes.io/subnets: <subnet_id>
+    alb.ingress.kubernetes.io/subnets: <subnet_id> # <1>
 spec:
   ingressClassName: alb
   rules:
@@ -48,8 +50,7 @@ spec:
                 port:
                   number: 80
 ----
-+
-where:
-+
-`<subnet_id>`:: Specifies the subnet to use. To use the Application Load Balancer in an Outpost, specify the Outpost subnet ID. To use the Application Load Balancer in the cloud, you must specify at least two subnets in different availability zones.
-
+<1> Specifies the subnet to use.
+* To use the Application Load Balancer in an Outpost, specify the Outpost subnet ID.
+* To use the Application Load Balancer in the cloud, you must specify at least two subnets in different availability zones.
+--

modules/specifying-role-arn-albo-sts.adoc

@@ -6,8 +6,7 @@
 [id="specifying-role-arn-albo-sts_{context}"]
 = Configuring the ARN role for the AWS Load Balancer Operator
 
-[role="_abstract"]
-To authorize the {aws-short} Load Balancer Operator, configure the Amazon Resource Name (ARN) role as an environment variable by using the CLI. This ensures the Operator has the necessary permissions to manage resources within the cluster.
+You can configure the Amazon Resource Name (ARN) role for the {aws-short} Load Balancer Operator as an environment variable. You can configure the ARN role by using the CLI.
 
 .Prerequisites
 
@@ -55,13 +54,10 @@ spec:
   config:
     env:
     - name: ROLEARN
-      value: "<albo_role_arn>"
+      value: "<albo_role_arn>" <1>
 EOF
 ----
-+
-where:
-+
-`<albo_role_arn>`:: Specifies the ARN role to be used in the `CredentialsRequest` to provision the {aws-short} credentials for the {aws-short} Load Balancer Operator. An example for `<albo_role_arn>` is `arn:aws:iam::<aws_account_number>:role/albo-operator`.
+<1> Specifies the ARN role to be used in the `CredentialsRequest` to provision the {aws-short} credentials for the {aws-short} Load Balancer Operator. An example for `<albo_role_arn>` is `arn:aws:iam::<aws_account_number>:role/albo-operator`.
 +
 [NOTE]
 ====

modules/the-iam-role-albo-controller.adoc

@@ -6,8 +6,7 @@
 [id="using-aws-cli-create-iam-role-alb-controller_{context}"]
 = Creating an AWS IAM role for the controller by using the AWS CLI
 
-[role="_abstract"]
-To enable the {aws-short} Load Balancer Controller to interact with subnets and Virtual Private Clouds (VPCs), create an IAM role by using the {aws-short} CLI. This ensures the controller has the specific permissions required to manage network resources within the cluster.
+You can use the {aws-short} command-line interface to create an {aws-short} IAM role for the {aws-short} Load Balancer Controller. An {aws-short} IAM role is used to interact with subnets and Virtual Private Clouds (VPCs).
 
 .Prerequisites
 
@@ -26,24 +25,21 @@ $ cat <<EOF > albo-controller-trust-policy.json
         {
             "Effect": "Allow",
             "Principal": {
-                "Federated": "<oidc_arn>"
+                "Federated": "<oidc_arn>" <1>
             },
             "Action": "sts:AssumeRoleWithWebIdentity",
             "Condition": {
                 "StringEquals": {
-                    "<cluster_oidc_endpoint>:sub": "system:serviceaccount:aws-load-balancer-operator:aws-load-balancer-operator-controller-manager"
+                    "<cluster_oidc_endpoint>:sub": "system:serviceaccount:aws-load-balancer-operator:aws-load-balancer-operator-controller-manager" <2>
                 }
             }
         }
     ]
 }
 EOF
 ----
-+
-where:
-+
-`<oidc_arn>`:: Specifies the Amazon Resource Name (ARN) of the OIDC identity provider, such as `arn:aws:iam::777777777777:oidc-provider/rh-oidc.s3.us-east-1.amazonaws.com/28292va7ad7mr9r4he1fb09b14t59t4f`.
-`serviceaccount`:: Specifies the service account for the {aws-short} Load Balancer Controller. An example of `<cluster_oidc_endpoint>` is `rh-oidc.s3.us-east-1.amazonaws.com/28292va7ad7mr9r4he1fb09b14t59t4f`.
+<1> Specifies the Amazon Resource Name (ARN) of the OIDC identity provider, such as `arn:aws:iam::777777777777:oidc-provider/rh-oidc.s3.us-east-1.amazonaws.com/28292va7ad7mr9r4he1fb09b14t59t4f`.
+<2> Specifies the service account for the {aws-short} Load Balancer Controller. An example of `<cluster_oidc_endpoint>` is `rh-oidc.s3.us-east-1.amazonaws.com/28292va7ad7mr9r4he1fb09b14t59t4f`.
 
 . Create an {aws-short} IAM role with the generated trust policy by running the following command:
 +
@@ -61,10 +57,7 @@ STATEMENT	sts:AssumeRoleWithWebIdentity	Allow
 STRINGEQUALS	system:serviceaccount:aws-load-balancer-operator:aws-load-balancer-operator-controller-manager
 PRINCIPAL	arn:aws:iam:<aws_account_number>:oidc-provider/<cluster_oidc_endpoint>
 ----
-+
-where:
-+
-`<aws_account_number>`:: Specifies the ARN for an {aws-short} IAM role for the {aws-short} Load Balancer Controller, such as `arn:aws:iam::777777777777:role/albo-controller`.
+<1> Note the ARN of an {aws-short} IAM role for the {aws-short} Load Balancer Controller, such as `arn:aws:iam::777777777777:role/albo-controller`.
 
 . Download the permission policy for the {aws-short} Load Balancer Controller by running the following command:
 +
@@ -86,17 +79,13 @@ $ aws iam put-role-policy --role-name albo-controller --policy-name perms-policy
 [source,yaml]
 ----
 apiVersion: networking.olm.openshift.io/v1
-kind: AWSLoadBalancerController
+kind: AWSLoadBalancerController <1>
 metadata:
-  name: cluster
+  name: cluster <2>
 spec:
   credentialsRequestConfig:
-    stsIAMRoleARN: <albc_role_arn>
+    stsIAMRoleARN: <albc_role_arn> <3>
 ----
-+
-where:
-+
-`kind`:: Specifies the `AWSLoadBalancerController` object.
-`metatdata.name`:: Specifies the {aws-short} Load Balancer Controller name. All related resources use this instance name as a suffix.
-`stsIAMRoleARN`:: Specifies the ARN role for the {aws-short} Load Balancer Controller. The `CredentialsRequest` object uses this ARN role to provision the {aws-short} credentials. An example of `<albc_role_arn>` is `arn:aws:iam::777777777777:role/albo-controller`.
-
+<1> Defines the `AWSLoadBalancerController` object.
+<2> Defines the {aws-short} Load Balancer Controller name. All related resources use this instance name as a suffix.
+<3> Specifies the ARN role for the {aws-short} Load Balancer Controller. The `CredentialsRequest` object uses this ARN role to provision the {aws-short} credentials. An example of `<albc_role_arn>` is `arn:aws:iam::777777777777:role/albo-controller`.

modules/the-iam-role-albo-operator.adoc

@@ -6,8 +6,7 @@
 [id="using-aws-cli-create-iam-role-alb-operator_{context}"]
 = Creating an AWS IAM role by using the AWS CLI
 
-[role="_abstract"]
-To enable the {aws-short} Load Balancer Operator to interact with subnets and VPCs, create an {aws-short} IAM role by using the {aws-short} CLI. This enables the Operator to access and manage the necessary network resources within the cluster.
+You can use the {aws-short} Command Line Interface to create an IAM role for the {aws-short} Load Balancer Operator. The IAM role is used to interact with subnets and Virtual Private Clouds (VPCs).
 
 .Prerequisites
 
@@ -26,24 +25,21 @@ $ cat <<EOF > albo-operator-trust-policy.json
         {
             "Effect": "Allow",
             "Principal": {
-                "Federated": "<oidc_arn>"
+                "Federated": "<oidc_arn>" <1>
             },
             "Action": "sts:AssumeRoleWithWebIdentity",
             "Condition": {
                 "StringEquals": {
-                    "<cluster_oidc_endpoint>:sub": "system:serviceaccount:aws-load-balancer-operator:aws-load-balancer-operator-controller-manager"
+                    "<cluster_oidc_endpoint>:sub": "system:serviceaccount:aws-load-balancer-operator:aws-load-balancer-operator-controller-manager" <2>
                 }
             }
         }
     ]
 }
 EOF
 ----
-+
-where:
-+
-`<oidc_arn>`:: Specifies the Amazon Resource Name (ARN) of the OIDC identity provider, such as `arn:aws:iam::777777777777:oidc-provider/rh-oidc.s3.us-east-1.amazonaws.com/28292va7ad7mr9r4he1fb09b14t59t4f`.
-`serviceaccount`:: Specifies the service account for the {aws-short} Load Balancer Controller. An example of `<cluster_oidc_endpoint>` is `rh-oidc.s3.us-east-1.amazonaws.com/28292va7ad7mr9r4he1fb09b14t59t4f`.
+<1> Specifies the Amazon Resource Name (ARN) of the OIDC identity provider, such as `arn:aws:iam::777777777777:oidc-provider/rh-oidc.s3.us-east-1.amazonaws.com/28292va7ad7mr9r4he1fb09b14t59t4f`.
+<2> Specifies the service account for the {aws-short} Load Balancer Controller. An example of `<cluster_oidc_endpoint>` is `rh-oidc.s3.us-east-1.amazonaws.com/28292va7ad7mr9r4he1fb09b14t59t4f`.
 
 . Create the IAM role with the generated trust policy by running the following command:
 +
@@ -61,10 +57,7 @@ STATEMENT	sts:AssumeRoleWithWebIdentity	Allow
 STRINGEQUALS	system:serviceaccount:aws-load-balancer-operator:aws-load-balancer-controller-manager
 PRINCIPAL	arn:aws:iam:<aws_account_number>:oidc-provider/<cluster_oidc_endpoint>
 ----
-+
-where:
-+
-`<aws_account_number>`:: Specifies the ARN of the created {aws-short} IAM role for the {aws-short} Load Balancer Operator, such as `arn:aws:iam::777777777777:role/albo-operator`.
+<1> Note the ARN of the created {aws-short} IAM role that was created for the {aws-short} Load Balancer Operator, such as `arn:aws:iam::777777777777:role/albo-operator`.
 
 . Download the permission policy for the {aws-short} Load Balancer Operator by running the following command:
 +

modules/using-aws-cli-create-iam-role-alb-controller.adoc

@@ -7,7 +7,7 @@
 = Creating an AWS IAM role for the controller by using the Cloud Credential Operator utility
 
 [role="_abstract"]
-To enable the {aws-short} Load Balancer Controller to interact with subnets and VPCs, create an IAM role by using the Cloud Credential Operator utility (`ccoctl`). This utility ensures the controller has the specific permissions required to manage network resources within the cluster.
+You can use the Cloud Credential Operator utility (`ccoctl`) to create an {aws-short} IAM role for the {aws-short} Load Balancer Controller. An {aws-short} IAM role is used to interact with subnets and Virtual Private Clouds (VPCs).
 
 .Prerequisites
 
@@ -36,14 +36,14 @@ $ ccoctl aws create-iam-roles \
 .Example output
 [source,terminal]
 ----
-2023/09/12 11:38:57 Role arn:aws:iam::777777777777:role/<name>-aws-load-balancer-operator-aws-load-balancer-controller created
+2023/09/12 11:38:57 Role arn:aws:iam::777777777777:role/<name>-aws-load-balancer-operator-aws-load-balancer-controller created <1>
 2023/09/12 11:38:57 Saved credentials configuration to: /home/user/<credentials_requests_dir>/manifests/aws-load-balancer-operator-aws-load-balancer-controller-credentials.yaml
 2023/09/12 11:38:58 Updated Role policy for Role <name>-aws-load-balancer-operator-aws-load-balancer-controller created
 ----
 +
 where:
-+ 
-`<name>`:: Specifies the Amazon Resource Name (ARN) for an {aws-short} IAM role that was created for the {aws-short} Load Balancer Controller, such as `arn:aws:iam::777777777777:role/<name>-aws-load-balancer-operator-aws-load-balancer-controller`.
++
+`<`name>`:: Specifies the Amazon Resource Name (ARN) for an {aws-short} IAM role that was created for the {aws-short} Load Balancer Controller, such as `arn:aws:iam::777777777777:role/<name>-aws-load-balancer-operator-aws-load-balancer-controller`.
 +
 [NOTE]
 ====

modules/using-aws-cli-create-iam-role-alb-operator.adoc

@@ -6,8 +6,7 @@
 [id="using-ccoctl-create-iam-role-alb-operator_{context}"]
 = Creating an AWS IAM role by using the Cloud Credential Operator utility
 
-[role="_abstract"]
-To enable the {aws-short} Load Balancer Operator to interact with subnets and VPCs, create an {aws-short} IAM role by using the Cloud Credential Operator utility (`ccoctl`). By doing this task, you can generate the necessary credentials for the operator to function correctly within the cluster environment.
+You can use the Cloud Credential Operator utility (`ccoctl`) to create an {aws-short} IAM role for the {aws-short} Load Balancer Operator. An {aws-short} IAM role interacts with subnets and Virtual Private Clouds (VPCs).
 
 .Prerequisites
 
@@ -36,14 +35,11 @@ $ ccoctl aws create-iam-roles \
 .Example output
 [source,terminal]
 ----
-2023/09/12 11:38:57 Role arn:aws:iam::777777777777:role/<name>-aws-load-balancer-operator-aws-load-balancer-operator created
+2023/09/12 11:38:57 Role arn:aws:iam::777777777777:role/<name>-aws-load-balancer-operator-aws-load-balancer-operator created <1>
 2023/09/12 11:38:57 Saved credentials configuration to: /home/user/<credentials_requests_dir>/manifests/aws-load-balancer-operator-aws-load-balancer-operator-credentials.yaml
 2023/09/12 11:38:58 Updated Role policy for Role <name>-aws-load-balancer-operator-aws-load-balancer-operator created
 ----
-+
-where:
-+
-`<name>`:: Specifies the Amazon Resource Name (ARN) for an {aws-short} IAM role that was created for the {aws-short} Load Balancer Operator, such as `arn:aws:iam::777777777777:role/<name>-aws-load-balancer-operator-aws-load-balancer-operator`.
+<1> Note the Amazon Resource Name (ARN) of an {aws-short} IAM role that was created for the {aws-short} Load Balancer Operator, such as `arn:aws:iam::777777777777:role/<name>-aws-load-balancer-operator-aws-load-balancer-operator`.
 +
 [NOTE]
 ====