Merge pull request #112605 from lahinson/osdocs-19903-hcp-azure-infra

[OSDOCS-19903]: Creating an infrastructure for HCP on Azure

Author: lahinson

hosted_control_planes/hcp-deploy/hcp-deploy-azure.adoc

@@ -32,18 +32,35 @@ include::modules/hcp-azure-oidc.adoc[leveloffset=+2]
 
 include::modules/hcp-azure-workload-id.adoc[leveloffset=+2]
 
-include::modules/hcp-azure-workload-id-delete.adoc[leveloffset=+2]
+include::modules/hcp-azure-infra.adoc[leveloffset=+2]
+
+[role="_additional-resources"]
+.Additional resources
 
-// include::modules/hcp-azure-infra-sep.adoc[leveloffset=+2]
+* xref:../../hosted_control_planes/hcp-deploy/hcp-deploy-azure.adoc#hcp-azure-workload-id_hcp-deploy-azure[Creating {azure-short} Workload Identities]
 
 //include::modules/hcp-azure-mgmt-cluster.adoc[leveloffset=+1]
 
 // include::modules/hcp-azure-create-hosted.adoc[leveloffset=+1]
 
-//include::modules/hcp-azure-create-private-hosted.adoc[leveloffset=+1]
+// include::modules/hcp-azure-private.adoc[leveloffset=+1]
+
+// include::modules/hcp-azure-private-iam.adoc[leveloffset=+2]
+
+// include::modules/hcp-azure-private-infra.adoc[leveloffset=+2]
 
-//include::modules/hcp-azure-autoscaling.adoc[leveloffset=+1]
+// include::modules/hcp-azure-private-hosted.adoc[leveloffset=+2]
+
+// include::modules/hcp-azure-autoscaling.adoc[leveloffset=+1]
 
 // include::modules/hcp-azure-hc-config-params.adoc[leveloffset=+1]
 
 // include::modules/hcp-azure-nodepool-config-params.adoc[leveloffset=+2]
+
+include::modules/hcp-azure-delete.adoc[leveloffset=+1]
+
+include::modules/hcp-azure-cluster-delete.adoc[leveloffset=+2]
+
+include::modules/hcp-azure-infra-delete.adoc[leveloffset=+2]
+
+include::modules/hcp-azure-workload-id-delete.adoc[leveloffset=+2]

modules/hcp-azure-cluster-delete.adoc

@@ -0,0 +1,27 @@
+//Module included in the following assemblies:
+// hosted_control_planes/hcp-deploy/hcp-deploy-azure.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="hcp-azure-cluster-delete_{context}"]
+= Deleting a hosted cluster on {azure-short}
+
+[role="_abstract"]
+If you are no longer using a hosted cluster on {azure-short}, you can delete it.
+
+.Procedure
+
+* To delete a hosted cluster, enter the following command:
++
+[source,terminal]
+----
+$ hcp destroy cluster azure \
+  --name $CLUSTER_NAME \
+  --azure-creds $AZURE_CREDS \
+  --dns-zone-rg-name $PERSISTENT_RG_NAME \
+  --preserve-resource-group
+----
++
+** `--name` specifies your hosted cluster name.
+** `--azure-creds` specifies an {azure-short} credentials file that has permission to create infrastructure resources, such as virtual networks, subnets, and load balancers.
+** `--dns-zone-rg-name` specifies the name of the resource group that contains your DNS zone.
+** `--preserve-resource-group` specifies that the infrastructure will be preserved. If you do not want to preserve the infrastructure, do not include this flag.

modules/hcp-azure-delete.adoc

@@ -0,0 +1,9 @@
+//Module included in the following assemblies:
+// hosted_control_planes/hcp-deploy/hcp-deploy-azure.adoc
+
+:_mod-docs-content-type: CONCEPT
+[id="hcp-azure-delete_{context}"]
+= Deleting an {azure-short} hosted cluster and its resources
+
+[role="_abstract"]
+If you no longer need a hosted cluster, you can remove it and its infrastructure. Any related Workload Identities and OIDC issuers that were created during setup can be reused for other clusters or deleted separately if you no longer need them.

modules/hcp-azure-infra-delete.adoc

@@ -0,0 +1,51 @@
+//Module included in the following assemblies:
+// hosted_control_planes/hcp-deploy/hcp-deploy-azure.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="hcp-azure-infra-delete_{context}"]
+= Deleting {azure-short} infrastructure
+
+[role="_abstract"]
+If you have {azure-short} infrastructure without a hosted cluster, you can remove the infrastructure if you are not using it.
+
+For example, this scenario can happen if you created the infrastructure standalone but never created a hosted cluster. Or, you might have manually deleted the hosted cluster or management cluster, but the infrastructure resources still exist.
+
+You can delete the entire infrastructure, or delete cluster-specific resources but preserve the main resource group. Preserving the main resource group is helpful when you have other resources in the same resource group that you want to keep.
+
+If you have a hosted cluster and want to delete infrastructure while you delete the hosted cluster, follow the steps in "Deleting a hosted cluster on {azure-short}", but omit the `--preserve-resource-group` flag.
+
+.Procedure
+
+* To delete the infrastructure, enter one of the following commands:
++
+** To delete the infrastructure, including the resource group, enter the following command:
++
+[source,terminal]
+----
+$ hcp destroy infra azure \
+  --name <my_cluster_name> \
+  --infra-id <infra_id> \
+  --azure-creds <azure_credentials_file>
+----
++
+*** `--name` specifies your hosted cluster name.
+*** `--infra-id` specifies a unique name that identifies your infrastructure. This value is used to name and tag {azure-short} resources. Typically, it is the name of your cluster with a suffix appended to it.
+*** `--azure-creds` specifies an {azure-short} credentials file that has permission to create infrastructure resources, such as virtual networks, subnets, and load balancers.
++
+** To preserve the resource group but delete only cluster-specific resources, enter the following command:
++
+[source,terminal]
+----
+$ hcp destroy infra azure \
+  --name <my_cluster_name> \
+  --infra-id <infra_id> \
+  --azure-creds <azure_credentials_file> \
+  --preserve-resource-group
+----
++
+*** `--name` specifies your hosted cluster name.
+*** `--infra-id` specifies a unique name that identifies your infrastructure. This value is used to name and tag {azure-short} resources. Typically, it is the name of your cluster with a suffix appended to it.
+*** `--azure-creds` specifies an {azure-short} credentials file that has permission to create infrastructure resources, such as virtual networks, subnets, and load balancers.
+*** `--preserve-resource-group` specifies that you want to preserve the resource group.
+
+

modules/hcp-azure-infra-sep.adoc

@@ -0,0 +1,92 @@
+//Module included in the following assemblies:
+// hosted_control_planes/hcp-deploy/hcp-deploy-azure.adoc
+
+:_mod-docs-content-type: PROCEDURE
+[id="hcp-azure-infra_{context}"]
+= Creating {azure-short} infrastructure
+
+[role="_abstract"]
+Create an {azure-short} infrastructure separately so that when you create a hosted cluster on {azure-short}, you can use pre-existing infrastructure.
+
+.Prerequisites
+
+* You have an {azure-short} credentials file with the following format:
++
+[source,json]
+----
+{
+  "subscriptionId": "<my_subscription_id>",
+  "tenantId": "<my_tenant_id>",
+  "clientId": "<my_client_id>",
+  "clientSecret": "<my_client_secret>"
+}
+----
+
+* You have an existing public DNS zone in your {azure-short} subscription for your base domain.
+
+* You created Workload Identities. For more information, see "Creating {azure-short} Workload Identities".
+
+.Procedure
+
+* To create the infrastructure with a new virtual network, subnet, and network security group, enter the following command:
++
+[source,terminal]
+----
+$ hcp create infra azure \
+  --name <my_cluster_name> \
+  --infra-id <infra_id> \
+  --azure-creds <azure_credentials_file> \
+  --base-domain <base_domain> \
+  --location <location> \
+  --workload-identities-file <workload_identities_file> \
+  --assign-identity-roles \
+  --dns-zone-rg-name <dns_zone_rg> \
+  --output-file <output_infra_file>
+----
++
+where:
++
+** `--name` specifies the name of the hosted cluster you intend to create.
+** `--infra-id` specifies a unique name that identifies your infrastructure. This value is used to name and tag {azure-short} resources. Typically, it is the name of your cluster with a suffix appended to it.
+** `--azure-creds` specifies an {azure-short} credentials file that has permission to create infrastructure resources, such as virtual networks, subnets, and load balancers.
+** `--base-domain` specifies the base domain for the ingress of your hosted cluster. The base domain must correspond to an existing public DNS zone in your {azure-short} subscription.
+** `--location` specifies the {azure-short} region where you want to create the infrastructure, such as `eastus` or `westus2`.
+** `--workload-identities-file` specifies the path to the JSON file that contains the Workload Identity configuration.
+** `--assign-identity-roles` specifies that automatic RBAC role assignment is enabled for Workload Identities.
+** `--dns-zone-rg-name` specifies the name of the resource group that contains your public DNS zone.
+** `--output-file` specifies the file where the details of the infrastructure are stored in YAML format.
+
+* To create the infrastructure with an existing virtual network, subnet, and network security group, enter the following command:
++
+[source,terminal]
+----
+$ hcp create infra azure \
+  --name <my_cluster_name> \
+  --infra-id <infra_id> \
+  --azure-creds <azure_credentials_file> \
+  --base-domain <base_domain> \
+  --location <location> \
+  --workload-identities-file <workload_identities_file> \
+  --vnet-id /subscriptions/<subscription_id>/resourceGroups/<resource_group>/providers/Microsoft.Network/virtualNetworks/<vnet_name> \
+  --subnet-id /subscriptions/<subscription_id>/resourceGroups/<resource_group>/providers/Microsoft.Network/virtualNetworks/<vnet_name>/subnets/<subnet_name> \
+  --network-security-group-id /subscriptions/<subscription_id>/resourceGroups/<resource_group>/providers/Microsoft.Network/networkSecurityGroups/<network_security_group_name> \
+  --assign-identity-roles \
+  --dns-zone-rg-name <dns_zone_rg> \
+  --output-file <output_infra_file>
+----
++
+where:
++
+** `--name` specifies the name of the hosted cluster you intend to create.
+** `--infra-id` specifies a unique name that identifies your infrastructure. This value is used to name and tag {azure-short} resources. Typically, it is the name of your cluster with a suffix appended to it.
+** `--azure-creds` specifies an {azure-short} credentials file that has permission to create infrastructure resources, such as virtual networks, subnets, and load balancers.
+** `--base-domain` specifies the base domain for the ingress of your hosted cluster. The base domain must correspond to an existing public DNS zone in your {azure-short} subscription.
+** `--location` specifies the {azure-short} region where you want to create the infrastructure, such as `eastus` or `westus2`.
+** `--workload-identities-file` specifies the path to the JSON file that contains the Workload Identity configuration.
+** `--vnet-id` specifies your existing virtual network ID, which includes your subscription ID and your virtual network name.
+** `--subnet-id` specifies the ARM resource ID of your subnet, which includes your subscription ID, virtual network name, and subnet name.
+** `--network-security-group-id` specifies your existing network security group ID, which includes your subscription ID and your network security group name.
+** `--assign-identity-roles` specifies that automatic RBAC role assignment is enabled for Workload Identities.
+** `--dns-zone-rg-name` specifies the name of the resource group that contains your public DNS zone.
+** `--output-file` specifies the file where the details of the infrastructure are stored in YAML format.
+

modules/hcp-azure-infra.adoc

@@ -2,7 +2,7 @@
 // hosted_control_planes/hcp-deploy/hcp-deploy-azure.adoc
 
 :_mod-docs-content-type: PROCEDURE
-[id="hcp-azure-workload-delete_{context}"]
+[id="hcp-azure-workload-id-delete_{context}"]
 = Deleting {azure-short} Workload Identities
 
 [role="_abstract"]
@@ -30,14 +30,11 @@ $ hcp destroy iam azure \
     --cloud <my_cloud_environment>
 ----
 +
-where:
-+
-`<azure_credentials_file>`:: Specifies the {azure-short} credentials file with permission to create managed identities and federated credentials.
-`<workload_identities_file>`:: Specifies the path to the Workload Identities JSON file, such as `my-cluster-name-iam-output.json`.
-`<resource_group>`:: Specifies the name of the resource group where you created identities.
-`<my_cluster_name>`:: Specifies the name of your hosted cluster.
-`<infra_id>`:: Specifies the unique identifier for naming {azure-short} resources. Typically, this identifier is the cluster name with a suffix.
-`<dns_zone_rg>`:: Specifies the DNS zone resource group. 
-+
-Optionally, you can also specify the `--cloud` flag to set the {azure-short} cloud environment. The default value is `AzurePublicCloud`.
+** `<azure_credentials_file>` specifies the {azure-short} credentials file with permission to create managed identities and federated credentials.
+** `<workload_identities_file>` specifies the path to the Workload Identities JSON file, such as `my-cluster-name-iam-output.json`.
+** `<resource_group>` specifies the name of the resource group where you created identities.
+** `<my_cluster_name>` specifies the name of your hosted cluster.
+** `<infra_id>` specifies the unique identifier for naming {azure-short} resources. Typically, this identifier is the cluster name with a suffix.
+** `<dns_zone_rg>` specifies the DNS zone resource group. 
+** `<my_cloud_environment>` specifies the {azure-short} cloud environment. Setting the `--cloud` flag is optional. The default value is `AzurePublicCloud`.