[OSDOCS-17885] Corrected Cloud Expert Tutorials for OSD for CQA jobs

_topic_maps/_topic_map_osd.yml

@@ -85,8 +85,6 @@ Name: Tutorials
 Dir: cloud_experts_osd_tutorials
 Distros: openshift-dedicated
 Topics:
-- Name: Tutorials overview
-  File: osd_index
 - Name: Updating component routes with custom domains and TLS certificates
   File: cloud-experts-osd-update-component-routes
 - Name: Limit egress with Google Cloud Next Generation Firewall

cloud_experts_osd_tutorials/cloud-experts-osd-create-new-limit-egress.adoc

@@ -1,16 +1,19 @@
 :_mod-docs-content-type: ASSEMBLY
 [id="cloud-experts-osd-limit-egress-ngfw"]
-= Tutorial: Limit egress with Google Cloud Next Generation Firewall
+= Tutorial: Limiting egress with Google Cloud Next Generation Firewall
 
 include::_attributes/attributes-openshift-dedicated.adoc[]
 :context: cloud-experts-osd-limit-egress-ngfw
 
 toc::[]
 
 [role="_abstract"]
-Use this guide to implement egress restrictions for {product-title} on {GCP} by using {GCP}'s Next Generation Firewall (NGFW). NGFW is a fully distributed firewall service that allows fully qualified domain name (FQDN) objects in firewall policy rules. This is necessary for many of the external endpoints that {product-title} relies on.
+Implement egress restrictions for {product-title} on {GCP} by using Next Generation Firewall (NGFW), which allows fully qualified domain name (FQDN)-based firewall rules required for {product-title} external endpoints.
 
-include::modules/cloud-experts-osd-limit-egress-ngfw-prereqs.adoc[leveloffset=+1]
+[IMPORTANT]
+====
+This content is authored by Red{nbsp}Hat experts but has not yet been tested on every supported configuration.
+====
 
 include::modules/cloud-experts-osd-limit-egress-ngfw-setup-environ.adoc[leveloffset=+1]
 
@@ -28,5 +31,4 @@ include::modules/cloud-experts-osd-limit-egress-ngfw-create-osd-gcp-cluster.adoc
 
 include::modules/cloud-experts-osd-limit-egress-ngfw-delete-osd-gcp-cluster.adoc[leveloffset=+1]
 
-include::modules/cloud-experts-osd-limit-egress-ngfw-clean-resources.adoc[leveloffset=+1]
-
+include::modules/cloud-experts-osd-limit-egress-ngfw-clean-resources.adoc[leveloffset=+1]

cloud_experts_osd_tutorials/cloud-experts-osd-update-component-routes.adoc

@@ -8,31 +8,31 @@ include::_attributes/attributes-openshift-dedicated.adoc[]
 toc::[]
 
 [role="_abstract"]
-This guide demonstrates how to modify the hostname and TLS certificate of the Web console, OAuth server, and Downloads component routes in {product-title} on {GCP} version 4.14 and above.{fn-supported-versions}
-
-The changes that we make to the component routes{fn-term-component-routes} in this guide are described in greater detail in the link:https://docs.openshift.com/container-platform/latest/authentication/configuring-internal-oauth.html#customizing-the-oauth-server-url_configuring-internal-oauth[Customing the internal OAuth server URL], link:https://docs.redhat.com/en/documentation/openshift_container_platform/latest/html/web_console/customizing-web-console#customizing-the-console-route_customizing-web-console[Customing the console route], and link:https://docs.redhat.com/en/documentation/openshift_container_platform/latest/html/web_console/customizing-web-console#customizing-the-download-route_customizing-web-console[Customing the download route] {product-title} documentation.
-
-[id="prerequisites_{context}"]
-== Prerequisites
-* OCM CLI (`ocm`) version 1.0.5 or higher
-* gcloud CLI (`gcloud`)
-* An {product-title} on {GCP} cluster version 4.14 or higher
-// +
-// [NOTE]
-// ====
-// ROSA with HCP is not supported at this time.
-// ====
-// +
-* {oc-first}
-* `jq` CLI
-* Access to the cluster as a user with the `cluster-admin` role.
-* OpenSSL (for generating the demonstration SSL/TLS certificates)
+Change the hostname and Transport Layer Security (TLS) certificate of the web console, OAuth server, and Downloads component routes to use custom domains that align with your organization's branding and security requirements.
+
+[IMPORTANT]
+====
+Red Hat experts authored this content, but it has not yet been tested on every supported configuration.
+====
 
 include::modules/cloud-experts-osd-update-component-routes-environment-setup.adoc[leveloffset=+1]
+
 include::modules/cloud-experts-osd-update-component-routes-find-current-component-routes.adoc[leveloffset=+1]
+
 include::modules/cloud-experts-osd-update-component-routes-create-tls-certificates.adoc[leveloffset=+1]
+
 include::modules/cloud-experts-osd-update-component-routes-add-certificates-as-secrets.adoc[leveloffset=+1]
+
 include::modules/cloud-experts-osd-update-component-routes-find-lb-hostname.adoc[leveloffset=+1]
-include::modules/cloud-experts-osd-update-component-routes-add-component-routes-to-dns.adoc[leveloffset=+1]
+
 include::modules/cloud-experts-osd-update-component-routes-tls-using-ocm-cli.adoc[leveloffset=+1]
-include::modules/cloud-experts-osd-update-component-routes-reset-component-routes-to-default.adoc[leveloffset=+1]
+
+include::modules/cloud-experts-osd-update-component-routes-reset-component-routes-to-default.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+[id="additional-resources_{context}"]
+== Additional resources
+
+* link:https://docs.redhat.com/en/documentation/openshift_container_platform/latest/html/authentication_and_authorization/configuring-internal-oauth#customizing-the-oauth-server-url_configuring-internal-oauth[Customizing the internal OAuth server URL]
+* link:https://docs.redhat.com/en/documentation/openshift_container_platform/latest/html/web_console/customizing-web-console#customizing-the-console-route_customizing-web-console[Customizing the console route]
+* link:https://docs.redhat.com/en/documentation/openshift_container_platform/latest/html/web_console/customizing-web-console#customizing-the-download-route_customizing-web-console[Customizing the download route]

modules/cloud-experts-osd-limit-egress-ngfw-clean-resources.adoc

@@ -3,40 +3,37 @@
 // * cloud_experts_osd_tutorials/cloud-experts-osd-limit-egress-ngfw.adoc
 
 :_mod-docs-content-type: PROCEDURE
-[id="cloud-experts-osd-limit-egress-ngfw-clean-resource_{context}"]
+[id="cloud-experts-osd-limit-egress-ngfw-clean-resources_{context}"]
 = Cleaning up resources
 
 [role="_abstract"]
-To prevent ongoing charges, after you delete your cluster you must manually delete the {GCP} networking infrastructure you created as part of this tutorial. Deleting the cluster will not automatically remove these underlying resources. You can clean up these resources using a combination of gcloud CLI commands and actions within the {GCP} console.
-
-Before you begin the process of cleaning up the resources you created for this tutorial, run the following commands and complete any prompts.
-
+Delete the {GCP} networking infrastructure after deleting your cluster to prevent ongoing charges. The cluster deletion does not automatically remove virtual private cloud (VPC) networks, subnets, firewall policies, or domain name system (DNS) zones.
 
 .Procedure
-. To authenticate your identity run the following command:
+. Authenticate by running the following command:
 +
 [source,terminal]
 ----
 $ gcloud init
 ----
 +
-. To log in to your {GCP} account, run the following command:
+. Log in to your {GCP} account by running the following command:
 +
 [source,terminal]
 ----
 $ gcloud auth application-default login
 ----
 +
-. To log in to the {cluster-manager} CLI tool, run the following command:
+. Log in to the {cluster-manager} CLI tool by running the following command:
 +
 [source,terminal]
 ----
 $ ocm login --use-auth-code
 ----
 +
-You are now ready to clean up the resources you created as part of this tutorial. To respect resource dependencies, delete them in the reverse order of their creation.
+You can now clean up the resources you created as part of this tutorial. To respect resource dependencies, delete them in the reverse order of their creation.
 
-. Delete the firewall policy's association with the VPC by running the following command:
+. Delete the association of the firewall policy with the VPC by running the following command:
 +
 [source,terminal]
 ----
@@ -53,16 +50,16 @@ $ gcloud compute network-firewall-policies associations delete \
 $ gcloud compute network-firewall-policies delete ${prefix} --global
 ----
 +
-. A managed DNS zone in {GCP} cannot be deleted until all user-defined record sets are removed. Define variables to target the specific {GCP} project and the managed DNS zone being cleaned up by running the following command:
+. You cannot delete a managed DNS zone in {GCP} until you have removed all user-defined record sets. Define variables to target the specific {GCP} project and the managed DNS zone being cleaned up by running the following command:
 +
 [source,terminal]
 ----
 $ cat /tmp/delete_records.sh
-PROJECT_ID=<your-project-id>
-ZONE_NAME=<your-managed-zone-name>
+PROJECT_ID=<your_project_id>
+ZONE_NAME=<your_managed_zone_name>
 ----
 +
-. List the record sets that are included within the Private DNS zone by running the following command:
+. List the record sets within the Private DNS zone by running the following command:
 +
 [source,terminal]
 ----
@@ -74,7 +71,7 @@ $ gcloud \
     --format="value(name,type)" | while read name type;
 ----
 +
-. Delete the record sets that are included within that Private DNS Zone by running the following command:
+. Delete the record sets within that Private DNS zone by running the following command:
 +
 [source,terminal]
 ----
@@ -128,7 +125,7 @@ $ gcloud compute networks subnets delete ${prefix}-worker --region=${region}
 $ gcloud compute networks subnets delete ${prefix}-control-plane --region=${region}
 ----
 +
-. Delete the PSC subnet by running the following command:
+. Delete the Private Service Connect (PSC) subnet by running the following command:
 +
 [source,terminal]
 ----
@@ -141,3 +138,8 @@ $ gcloud compute networks subnets delete ${prefix}-psc --region=${region}
 ----
 $ gcloud compute networks delete ${prefix}-vpc
 ----
+
+[role="_additional-resources"]
+.Additional resources
+
+* link:https://cloud.google.com/sdk/gcloud/reference[`gcloud` command-line tool reference ({GCP})]

modules/cloud-experts-osd-limit-egress-ngfw-create-a-cloud-router.adoc

@@ -4,15 +4,14 @@
 
 :_mod-docs-content-type: PROCEDURE
 [id="cloud-experts-osd-limit-egress-ngfw-create-a-cloud-router_{context}"]
-= Creating a Cloud Router and a Cloud Network Address Translation gateway
+= Creating a Cloud Router and Cloud network address translation
 
 [role="_abstract"]
-The Network Address Translation (NAT) gateway enables internet connectivity for your private VMs by masquerading all their traffic under a single public IP address. As the designated exit point, it translates their internal IPs for any outbound requests, such as fetching updates. This process effectively grants them access to the internet without ever exposing their private addresses.
+Create a Cloud Router and Cloud network address translation (NAT). Private VMs can use the internet while their private IP addresses stay hidden.
 
 .Procedure
 . Reserve an IP address for Cloud NAT by running the following command:
 +
-
 [source,terminal]
 ----
 $ gcloud compute addresses create ${prefix}-${region}-cloudnatip \
@@ -36,4 +35,21 @@ $ gcloud compute routers nats create ${prefix}-cloudnat-${region} \
     --router=${prefix}-router --router-region ${region} \
     --nat-all-subnet-ip-ranges \
     --nat-external-ip-pool=${prefix}-${region}-cloudnatip
-----
+----
+
+.Verification
+
+* Check that the Cloud Router and NAT gateway exist by running the following command:
++
+[source,terminal]
+----
+$ gcloud compute routers describe ${prefix}-router --region=${region}
+----
++
+The output lists the router and the NAT gateway you created.
+
+[role="_additional-resources"]
+.Additional resources
+
+* link:https://cloud.google.com/nat/docs/overview[Cloud NAT overview ({GCP})]
+* link:https://cloud.google.com/network-connectivity/docs/router[Cloud Router overview ({GCP})]

modules/cloud-experts-osd-limit-egress-ngfw-create-firewall-rules.adoc

@@ -7,10 +7,10 @@
 = Creating the firewall rules
 
 [role="_abstract"]
-You need to create some firewall rules to allow your cluster to access the Web.
+Create firewall rules for egress to private IP ranges and to the {product-title} domains listed in this procedure. Egress to other external destinations does not match these rules and is not permitted.
 
 .Procedure
-. Create a blanket allow rule for private IP (RFC 1918) address space by running the following command:
+. Create a blanket allow rule for private IP (Request for Comments (RFC) 1918) address space by running the following command:
 +
 [source,terminal]
 ----
@@ -42,5 +42,12 @@ $ gcloud compute network-firewall-policies rules create 600 \
 +
 [IMPORTANT]
 ====
-If there is not a matching rule that allows the traffic, it will be blocked by the firewall. To allow access to other resources, such as internal networks or other external endpoints, create additional rules with a priority of less than 1000. For more information on how to create firewall rules, see  link:https://cloud.google.com/firewall/docs/use-network-firewall-policies[Use global network firewall policies and rules].
-====
+The firewall blocks any traffic if you did not create any matching rules. To allow access to other resources, such as internal networks or other external endpoints, create additional rules with a priority of less than 1000. For more information on how to create firewall rules, see the _Additional resources_ in this section.
+====
+
+[role="_additional-resources"]
+.Additional resources
+
+* link:https://cloud.google.com/firewall/docs/firewalls[VPC firewall rules overview ({GCP})]
+* link:https://docs.redhat.com/en/documentation/openshift_dedicated/4/html/planning_your_environment/gcp-ccs#osd-gcp-psc-firewall-prerequisites_gcp-ccs[Firewall prerequisites for {GCP}]
+* link:https://cloud.google.com/firewall/docs/use-network-firewall-policies[Use global network firewall policies and rules]

modules/cloud-experts-osd-limit-egress-ngfw-create-osd-gcp-cluster.adoc

@@ -4,7 +4,9 @@
 
 :_mod-docs-content-type: REFERENCE
 [id="cloud-experts-osd-limit-egress-ngfw-create-osd-gcp-cluster_{context}"]
-= Creating your cluster
+= Cluster creation
 
 [role="_abstract"]
-You are now ready to create your {product-title} on {GCP} cluster. For more information, see link:https://docs.redhat.com/en/documentation/openshift_dedicated/4/html/openshift_dedicated_clusters_on_google_cloud/osd-creating-a-cluster-on-gcp-with-workload-identity-federation[Creating a cluster on {GCP} with Workload Identity Federation authentication].
+Your {product-title} cluster on {GCP} uses the VPC, subnets, and firewall rules from this tutorial.
+
+For detailed instructions on creating a cluster, see link:https://docs.redhat.com/en/documentation/openshift_dedicated/4/html/openshift_dedicated_clusters_on_google_cloud/osd-creating-a-cluster-on-gcp-with-workload-identity-federation[Creating a cluster on {GCP}].

modules/cloud-experts-osd-limit-egress-ngfw-create-private-dns.adoc

@@ -3,11 +3,11 @@
 // * cloud_experts_osd_tutorials/cloud-experts-osd-limit-egress-ngfw.adoc
 
 :_mod-docs-content-type: PROCEDURE
-[id="cloud-experts-osd-limit-egress-ngfw-create-private-DNS_{context}"]
+[id="cloud-experts-osd-limit-egress-ngfw-create-private-dns_{context}"]
 = Creating private Domain Name System records for Private Google Access
 
 [role="_abstract"]
-The private Domain Name System (DNS) zone optimizes how your resources connect to Google APIs by ensuring traffic never travels over the public internet. It functions by intercepting DNS requests for Google services and resolving them to private IP addresses, forcing the connection onto Google's internal network for a faster, more secure data exchange.
+Create a private Domain Name System (DNS) zone to route Google application programming interface (API) traffic through the internal network of Google for faster and more secure connections.
 
 .Procedure
 . Create a private DNS zone for the googleapis.com domain by running the following command:
@@ -56,3 +56,20 @@ $ gcloud dns record-sets transaction add 199.36.153.4 199.36.153.5 199.36.153.6
 $ gcloud dns record-sets transaction execute \
     --zone=$prefix-googleapis
 ----
+
+.Verification
+
+* Verify the private DNS zone and records were created by running the following command:
++
+[source,terminal]
+----
+$ gcloud dns record-sets list --zone=${prefix}-googleapis
+----
++
+The output shows the DNS zone with CNAME and A records for googleapis.com.
+
+[role="_additional-resources"]
+.Additional resources
+
+* link:https://cloud.google.com/vpc/docs/configure-private-google-access[Configure Private Google Access ({GCP})]
+* link:https://cloud.google.com/dns/docs/zones[DNS zones overview ({GCP})]

modules/cloud-experts-osd-limit-egress-ngfw-create-subnets.adoc

@@ -7,7 +7,7 @@
 = Creating the VPC and subnets
 
 [role="_abstract"]
-Before you can deploy a {GCP} NGFW, you must first create the Virtual Private Cloud (VPC) and subnets that you will use for {product-title}:
+Create the Virtual Private Cloud (VPC) and subnets required for deploying {GCP} Next Generation Firewall (NGFW) with {product-title}.
 
 .Procedure
 . Create the VPC by running the following command:
@@ -39,7 +39,7 @@ $ gcloud compute networks subnets create ${prefix}-control-plane \
     --enable-private-ip-google-access
 ----
 +
-. Create the PSC subnets by running the following command:
+. Create the Private Service Connect (PSC) subnets by running the following command:
 +
 [source,terminal]
 ----
@@ -52,4 +52,21 @@ $ gcloud compute networks subnets create ${prefix}-psc \
 
 ----
 +
-These examples use the subnet ranges of 10.0.2.0/23 for the worker subnet, 10.0.0.0/25 for the control plane subnet, and 10.0.0.128/29 for the PSC subnet. Modify the parameters to meet your needs. Ensure the parameter values are contained within the machine CIDR you set earlier in this tutorial.
+These examples use the subnet ranges of 10.0.2.0/23 for the worker subnet, 10.0.0.0/25 for the control plane subnet, and 10.0.0.128/29 for the PSC subnet. Modify the parameters to meet your needs. Ensure the parameter values are contained within the machine CIDR you set earlier in this tutorial.
+
+.Verification
+
+* Verify the VPC and subnets were created by running the following command:
++
+[source,terminal]
+----
+$ gcloud compute networks subnets list --network=${prefix}-vpc
+----
++
+The output shows the three subnets you created with their internet protocol (IP) ranges and regions.
+
+[role="_additional-resources"]
+.Additional resources
+
+* link:https://cloud.google.com/vpc/docs/create-modify-vpc-networks[Create and manage VPC networks ({GCP})]
+* link:https://cloud.google.com/vpc/docs/subnets[Subnets overview ({GCP})]

modules/cloud-experts-osd-limit-egress-ngfw-delete-osd-gcp-cluster.adoc

@@ -4,7 +4,9 @@
 
 :_mod-docs-content-type: REFERENCE
 [id="cloud-experts-osd-limit-egress-ngfw-delete-osd-gcp-cluster_{context}"]
-= Deleting your cluster
+= Cluster deletion
 
 [role="_abstract"]
-To delete your cluster, see link:https://docs.redhat.com/en/documentation/openshift_dedicated/4/html/openshift_dedicated_clusters_on_google_cloud/osd-deleting-a-cluster[Deleting an OpenShift Dedicated cluster on {GCP}].
+When you delete your cluster on {GCP}, also clean up the network setup from this guide to prevent ongoing charges.
+
+For detailed instructions on deleting a cluster, see link:https://docs.redhat.com/en/documentation/openshift_dedicated/4/html/openshift_dedicated_clusters_on_google_cloud/osd-deleting-a-cluster[Deleting an OpenShift Dedicated cluster on {GCP}].