OSDOCS-11873-cursor

modules/albo-installation.adoc

@@ -113,6 +113,8 @@ spec:
 EOF
 ----
 
+Set `spec.channel` to the OLM channel that matches your {product-title} version. The value `stable-v1` is appropriate for many clusters. For the branch and channel that correspond to your version, see xref:understanding-aws-load-balancer-operator.adoc#albo-openshift-version-compatibility[OpenShift version compatibility].
+
 . Create an AWS IAM policy for the AWS Load Balancer Controller.
 +
 .. Download the appropriate IAM policy:

modules/albo-openshift-version-compatibility.adoc

@@ -0,0 +1,49 @@
+// Module included in the following assemblies:
+//
+// * modules/nw-aws-load-balancer-operator-considerations.adoc
+// * networking/networking_operators/aws_load_balancer_operator/preparing-sts-cluster-for-albo.adoc
+
+:_mod-docs-content-type: REFERENCE
+[id="albo-openshift-version-compatibility"]
+[discrete]
+== OpenShift version compatibility
+
+The following table lists {product-title} versions for which specific {aws-short} Load Balancer Operator releases are intended, including the corresponding Git branch and Operator Lifecycle Manager (OLM) channels.
+
+For the full support policy and the latest updates to this matrix, see link:https://github.com/openshift/aws-load-balancer-operator/blob/main/docs/versioning.md[Versioning and branching in the AWS Load Balancer Operator] in the upstream repository.
+
+.AWS Load Balancer Operator compatibility with {product-title}
+[cols="1,2,2",options="header"]
+|===
+|{product-title} version |{aws-short} Load Balancer Operator branch |{aws-short} Load Balancer Operator OLM channel
+
+|4.17
+|release-1.2
+|stable-v1.2, stable-v1
+
+|4.16
+|release-1.1
+|stable-v1.1, stable-v1
+
+|4.15
+|release-1.1
+|stable-v1.1, stable-v1
+
+|4.14
+|release-1.1
+|stable-v1.1, stable-v1
+
+|4.13
+|release-1.0
+|stable-v1.0, stable-v1
+
+|4.12
+|release-0.2
+|stable-v0.2, stable-v0
+
+|4.11
+|release-0.1
+|stable-v0.1, stable-v0
+|===
+
+Choose the OLM channel that matches your {product-title} version. The `stable-v1` channel follows the latest minor release in the v1 product line; you can instead subscribe to a specific minor channel (for example, `stable-v1.1`) to pin the Operator to that line.

modules/installing-aws-load-balancer-operator-cli.adoc

@@ -81,6 +81,8 @@ spec:
   sourceNamespace: openshift-marketplace
 ----
 +
+Set `spec.channel` to the OLM channel that matches your {product-title} version. The value `stable-v1` is appropriate for many clusters. For the branch and channel that correspond to your version, see xref:understanding-aws-load-balancer-operator.adoc#albo-openshift-version-compatibility[OpenShift version compatibility].
++
 .. Create the `Subscription` object by running the following command:
 +
 [source,terminal]

modules/installing-aws-load-balancer-operator.adoc

@@ -25,7 +25,7 @@ To deploy the AWS Load Balancer Operator, install the Operator by using the web
 
 . On the *Install Operator* page, select the following options:
 +
-.. For the *Update the channel* option, select *stable-v1*.
+.. For the *Update the channel* option, select the OLM channel that matches your {product-title} version. For many clusters, *stable-v1* is appropriate. For the operator branch and channel that correspond to your version, see xref:understanding-aws-load-balancer-operator.adoc#albo-openshift-version-compatibility[OpenShift version compatibility].
 +
 .. For the *Installation mode* option, select *All namespaces on the cluster (default)*.
 +

modules/nw-aws-load-balancer-operator-considerations.adoc

@@ -8,6 +8,8 @@
 [role="_abstract"]
 To ensure a successful deployment, review the limitations of the AWS Load Balancer Operator. Understanding these constraints helps avoid compatibility issues and ensures the Operator meets your architectural requirements before installation.
 
+include::modules/albo-openshift-version-compatibility.adoc[leveloffset=+1]
+
 Review the following limitations before installing and using the AWS Load Balancer Operator:
 
 * The IP traffic mode only works on AWS Elastic Kubernetes Service (EKS). The AWS Load Balancer Operator disables the IP traffic mode for the AWS Load Balancer Controller. As a result of disabling the IP traffic mode, the AWS Load Balancer Controller cannot use the pod readiness gate.

modules/specifying-role-arn-albo-sts.adoc

@@ -59,6 +59,8 @@ spec:
 EOF
 ----
 +
+Set `spec.channel` to the OLM channel that matches your {product-title} version. The value `stable-v1` is appropriate for many clusters. For the branch and channel that correspond to your version, see xref:understanding-aws-load-balancer-operator.adoc#albo-openshift-version-compatibility[OpenShift version compatibility].
++
 where:
 +
 `<albo_role_arn>`:: Specifies the ARN role to be used in the `CredentialsRequest` to provision the {aws-short} credentials for the {aws-short} Load Balancer Operator. An example for `<albo_role_arn>` is `arn:aws:iam::<aws_account_number>:role/albo-operator`.

modules/using-aws-cli-create-iam-role-alb-controller.adoc

@@ -11,7 +11,21 @@ To enable the {aws-short} Load Balancer Controller to interact with subnets and
 
 .Prerequisites
 
-* You must have access to the {aws-short} command-line interface (`aws`).
+* You must have access to the {aws-short} Command Line Interface (`aws`).
+* You installed the {oc-first}.
+* You know the infrastructure ID of your cluster. To show this ID, run the following command in your CLI:
++
+[source,terminal]
+----
+$ oc get infrastructure cluster -o=jsonpath="{.status.infrastructureName}"
+----
+* You know the OpenID Connect (OIDC) DNS information for your cluster. To show this information, enter the following command in your CLI:
++
+[source,terminal]
+----
+$ oc get authentication.config cluster -o=jsonpath="{.spec.serviceAccountIssuer}"
+----
+* You logged into the {aws-short} management console, navigated to *IAM* -> *Access management* -> *Identity providers*, and located the OIDC Amazon Resource Name (ARN) information. An OIDC ARN example is `arn:aws:iam::777777777777:oidc-provider/<oidc_dns_url>`.
 
 .Procedure
 
@@ -31,7 +45,7 @@ $ cat <<EOF > albo-controller-trust-policy.json
             "Action": "sts:AssumeRoleWithWebIdentity",
             "Condition": {
                 "StringEquals": {
-                    "<cluster_oidc_endpoint>:sub": "system:serviceaccount:aws-load-balancer-operator:aws-load-balancer-operator-controller-manager"
+                    "<cluster_oidc_endpoint>:sub": "system:serviceaccount:aws-load-balancer-operator:aws-load-balancer-controller-cluster"
                 }
             }
         }
@@ -43,7 +57,7 @@ EOF
 where:
 +
 `<oidc_arn>`:: Specifies the Amazon Resource Name (ARN) of the OIDC identity provider, such as `arn:aws:iam::777777777777:oidc-provider/rh-oidc.s3.us-east-1.amazonaws.com/28292va7ad7mr9r4he1fb09b14t59t4f`.
-`serviceaccount`:: Specifies the service account for the {aws-short} Load Balancer Controller. An example of `<cluster_oidc_endpoint>` is `rh-oidc.s3.us-east-1.amazonaws.com/28292va7ad7mr9r4he1fb09b14t59t4f`.
+`serviceaccount`:: Specifies the service account for the {aws-short} Load Balancer Controller, `aws-load-balancer-controller-cluster`. An example of `<cluster_oidc_endpoint>` is `rh-oidc.s3.us-east-1.amazonaws.com/28292va7ad7mr9r4he1fb09b14t59t4f`.
 
 . Create an {aws-short} IAM role with the generated trust policy by running the following command:
 +
@@ -58,7 +72,7 @@ $ aws iam create-role --role-name albo-controller --assume-role-policy-document
 ROLE	arn:aws:iam::<aws_account_number>:role/albo-controller	2023-08-02T12:13:22Z <1>
 ASSUMEROLEPOLICYDOCUMENT	2012-10-17
 STATEMENT	sts:AssumeRoleWithWebIdentity	Allow
-STRINGEQUALS	system:serviceaccount:aws-load-balancer-operator:aws-load-balancer-operator-controller-manager
+STRINGEQUALS	system:serviceaccount:aws-load-balancer-operator:aws-load-balancer-controller-cluster
 PRINCIPAL	arn:aws:iam:<aws_account_number>:oidc-provider/<cluster_oidc_endpoint>
 ----
 +

modules/using-aws-cli-create-iam-role-alb-operator.adoc

@@ -12,6 +12,20 @@ To enable the {aws-short} Load Balancer Operator to interact with subnets and VP
 .Prerequisites
 
 * You must have access to the {aws-short} Command Line Interface (`aws`).
+* You installed the {oc-first}.
+* You know the infrastructure ID of your cluster. To show this ID, run the following command in your CLI:
++
+[source,terminal]
+----
+$ oc get infrastructure cluster -o=jsonpath="{.status.infrastructureName}"
+----
+* You know the OpenID Connect (OIDC) DNS information for your cluster. To show this information, enter the following command in your CLI:
++
+[source,terminal]
+----
+$ oc get authentication.config cluster -o=jsonpath="{.spec.serviceAccountIssuer}"
+----
+* You logged into the {aws-short} management console, navigated to *IAM* -> *Access management* -> *Identity providers*, and located the OIDC Amazon Resource Name (ARN) information. An OIDC ARN example is `arn:aws:iam::777777777777:oidc-provider/<oidc_dns_url>`.
 
 .Procedure
 
@@ -43,7 +57,7 @@ EOF
 where:
 +
 `<oidc_arn>`:: Specifies the Amazon Resource Name (ARN) of the OIDC identity provider, such as `arn:aws:iam::777777777777:oidc-provider/rh-oidc.s3.us-east-1.amazonaws.com/28292va7ad7mr9r4he1fb09b14t59t4f`.
-`serviceaccount`:: Specifies the service account for the {aws-short} Load Balancer Controller. An example of `<cluster_oidc_endpoint>` is `rh-oidc.s3.us-east-1.amazonaws.com/28292va7ad7mr9r4he1fb09b14t59t4f`.
+`serviceaccount`:: Specifies the service account for the {aws-short} Load Balancer Operator. An example of `<cluster_oidc_endpoint>` is `rh-oidc.s3.us-east-1.amazonaws.com/28292va7ad7mr9r4he1fb09b14t59t4f`.
 
 . Create the IAM role with the generated trust policy by running the following command:
 +
@@ -58,7 +72,7 @@ $ aws iam create-role --role-name albo-operator --assume-role-policy-document fi
 ROLE	arn:aws:iam::<aws_account_number>:role/albo-operator	2023-08-02T12:13:22Z <1>
 ASSUMEROLEPOLICYDOCUMENT	2012-10-17
 STATEMENT	sts:AssumeRoleWithWebIdentity	Allow
-STRINGEQUALS	system:serviceaccount:aws-load-balancer-operator:aws-load-balancer-controller-manager
+STRINGEQUALS	system:serviceaccount:aws-load-balancer-operator:aws-load-balancer-operator-controller-manager
 PRINCIPAL	arn:aws:iam:<aws_account_number>:oidc-provider/<cluster_oidc_endpoint>
 ----
 +
@@ -73,7 +87,7 @@ where:
 $ curl -o albo-operator-permission-policy.json https://raw.githubusercontent.com/openshift/aws-load-balancer-operator/main/hack/operator-permission-policy.json
 ----
 
-. Attach the permission policy for the {aws-short} Load Balancer Controller to the IAM role by running the following command:
+. Attach the permission policy for the {aws-short} Load Balancer Operator to the IAM role by running the following command:
 +
 [source,terminal]
 ----

networking/networking_operators/aws_load_balancer_operator/preparing-sts-cluster-for-albo.adoc

@@ -11,6 +11,8 @@ To install the {aws-first} Load Balancer Operator on a cluster that uses the {st
 
 The {aws-short} Load Balancer Operator waits until the required secrets are created and available.
 
+include::modules/albo-openshift-version-compatibility.adoc[]
+
 Before you start any {sts-first} procedures, ensure that you meet the following prerequisites:
 
 * You installed the {oc-first}.