vSphere docs: add IPI documentation

Brings vSphere IPI docs up to par with other platforms.

docs/user/vsphere/OWNERS

@@ -0,0 +1,7 @@
+# See the OWNERS docs: https://git.k8s.io/community/contributors/guide/owners.md
+# This file just uses aliases defined in OWNERS_ALIASES.
+
+approvers:
+  - vsphere-approvers
+reviewers:
+  - vsphere-reviewers

docs/user/vsphere/README.md

@@ -0,0 +1,18 @@
+# vSphere OpenShift Installation Guide
+
+This document is a guide for installing OpenShift to a vSphere vCenter using `openshift-install create cluster`. Also available is a separate [guide for user-provisioned infrastructure](install_upi.md).  
+
+Follow along with the steps and links below to prepare your vCenter and provision an OpenShift cluster:
+
+1. [Virtual IPs and DNS](vips-dns.md)
+1. [Requirements](requirements.md)
+1. [Privileges](privileges.md)
+1. [Cluster Installation](install.md)
+
+## Reporting Issues
+
+Please see the [Issue Tracker][issues] for current known issues.
+Please report a new issue if you do not find an issue related to any trouble
+you're having.
+
+[issues]: https://github.com/openshift/installer/issues?utf8=%E2%9C%93&q=is%3Aissue+is%3Aopen+vsphere

docs/user/vsphere/install.md

@@ -0,0 +1,105 @@
+# Cluster Installation
+
+At this point, you are ready to perform the OpenShift installation. You have two choices for installing your cluster on
+vSphere, Installer-Provided Infrastructure (IPI) or User-Provided Infrastructure (UPI). See below for an example of an
+IPI install.
+
+To see a guided example of a UPI install, see [Install: User-Provided Infrastructure](install_upi.md)
+
+## Example: Installer-Provided Infrastructure (IPI)
+
+The steps for performing an IPI-based install are outlined [here][cloud-install]. Following this guide you may begin at
+the Download step.
+
+### Trust vCenter API
+The installer requires access to the vCenter API. The vCenter's root CA certificates must be added to the system trust before connecting to the API. The certs can be downloaded from the vCenter's homepage:
+
+![vSphere 7 certs screenshot](images/certs.png)
+
+In general, the certs are located at `<vCenter>/certs/download.zip`. Once downloaded and unzipped, the certs folder contains certs for Linux, MacOS, and Windows:
+
+```console
+$ tree certs
+certs
+├── lin
+│   ├── 108f4d17.0
+│   ├── 108f4d17.r1
+│   ├── 7e757f6a.0
+│   ├── 8e4f8471.0
+│   └── 8e4f8471.r0
+├── mac
+│   ├── 108f4d17.0
+│   ├── 108f4d17.r1
+│   ├── 7e757f6a.0
+│   ├── 8e4f8471.0
+│   └── 8e4f8471.r0
+└── win
+    ├── 108f4d17.0.crt
+    ├── 108f4d17.r1.crl
+    ├── 7e757f6a.0.crt
+    ├── 8e4f8471.0.crt
+    └── 8e4f8471.r0.crl
+
+3 directories, 15 files
+```
+
+Add the certs appropriate for your OS to your system trust. For Fedora:
+
+```console
+sudo cp certs/lin/* /etc/pki/ca-trust/source/anchors
+sudo update-ca-trust extract
+```
+### Create Configuration
+
+```console
+$ openshift-install create install-config
+? SSH Public Key /home/user_id/.ssh/id_rsa.pub
+? Platform vsphere
+? vCenter vcsa.vmware.devcluster.openshift.com
+? Username user@e2e.local
+? Password [? for help] ********************
+INFO Connecting to vCenter vcsa.vmware.devcluster.openshift.com 
+? Datacenter example-datacenter
+? Cluster example-cluster  
+? Default Datastore example-datastore
+? Network example-network
+? Virtual IP Address for API 123.123.12.1
+? Virtual IP Address for Ingress 123.123.12.2
+? Base Domain example.com
+? Cluster Name mycluster
+? Pull Secret [? for help] **********************************************************
+```
+
+### Create Cluster
+
+```console
+$ openshift-install create cluster
+INFO Consuming Install Config from target directory
+INFO Creating infrastructure resources...
+INFO Waiting up to 30m0s for the Kubernetes API at https://api.mycluster.example.com:6443...
+INFO API v1.18.2 up
+INFO Waiting up to 30m0s for bootstrapping to complete...
+INFO Destroying the bootstrap resources...
+INFO Waiting up to 30m0s for the cluster at https://api.mycluster.example.com:6443 to initialize...
+INFO Waiting up to 10m0s for the openshift-console route to be created...
+INFO Install complete!
+INFO To access the cluster as the system:admin user when using 'oc', run 'export KUBECONFIG=/home/user/auth/kubeconfig'
+INFO Access the OpenShift web-console here: https://console-openshift-console.apps.mycluster.example.com
+INFO Login to the console with user: kubeadmin, password: 5char-5char-5char-5char
+```
+
+### Running Cluster
+
+There will be six running VM instances and a template in the Folder used for installation.
+
+
+The nodes within the Virtual Network utilize internal DNS to access the API. External/Internet
+access to the cluster uses an Haproxy load balancer for the provided virtual IPs. 
+
+The OpenShift console is available via the kubeadmin login provided by the installer.
+
+![OpenShift web console](images/install_console.png)
+
+[cloud-install]: https://cloud.openshift.com/clusters/install
+
+[cloud-install]: https://cloud.openshift.com/clusters/install

docs/user/vsphere/privileges.md

@@ -0,0 +1,50 @@
+# Required Privileges
+In order to install an OpenShift cluster to a vCenter, the user provided to the installer needs privileges to read and create the necessary resources. The easiest way to achieve this level of permission and ensure success is to install with a user who has administrative privileges.
+
+If the provided user has admin privileges, no action is required and you can skip to the next step. Otherwise, the rest of this document can be used as a resource to create a user with more fine-grained privileges.
+
+## Privileges
+In order to create an OpenShift cluster, a user needs permissions for the following categories: _Datastore_, _Folder_, _Host_, _vSphere Tagging_, _Network_, _Resource_, _Profile-driven storage_, _vApp_, and _Virtual machine_.
+
+Here is an example summary of privileges that could be used to install a cluster:
+
+- __Datastore__
+  - _Allocate space_
+- __Folder__
+  - _Create folder_
+  - _Delete folder_
+- __vSphere Tagging__
+  - All privileges
+- __Network__
+  - _Assign network_
+- __Resource__
+  - _Assign virtual machine to resource pool_
+- __Profile-driven storage__
+  - All privileges
+- __vApp__
+  - All privileges
+- __Virtual machine__
+  - All privileges
+
+It may be possible to further refine the categories where _All privileges_ have been granted.
+
+## Walkthrough: Creating and Assigning Global Roles
+The following is a visual walkthrough of creating and assigning global roles in the vSphere 6 web client. Roles can be similarly created for specific clusters. For more information, refer to the [vSphere docs][vsphere-docs].
+
+### Creating a new role
+Roles can be created and edited in __Administration > Access Control > Roles__.
+
+When creating a new role, first assign permissions (using the list above for guidance):
+![Select privileges](images/select-privileges.png)
+
+Once you save your role, the new privileges will be visible:
+![View privileges](images/view-privileges.png)
+
+### Assigning a role
+Roles can be assigned in __Administration > Access Control > Global Permissions__.
+The newly created role can be assigned to a group or directly to a user.
+
+To assign the newly created role, click the `+` for Add Permission:
+![Assign role](images/assign-role.png)
+
+[vsphere-docs]: https://docs.vmware.com/en/VMware-vSphere/7.0/com.vmware.vsphere.security.doc/GUID-5372F580-5C23-4E9C-8A4E-EF1B4DD9033E.html

docs/user/vsphere/requirements.md

@@ -0,0 +1,23 @@
+# Resource Requirements
+
+A standard installation creates the following resources:
+
+- 1 Folder
+- 1 Tag Category
+- 1 Tag
+- Virtual machines:
+  - 1 template
+  - 1 temporary bootstrap node
+  - 3 control-plane nodes
+  - 3 compute machines
+
+## Requirements
+
+### Storage
+With the above resources, a standard installation requires a minimum of 800 GB of storage.
+
+### DHCP
+Installation requires DHCP for the network. 
+
+## Limits
+Available resources vary between clusters. The number of possible clusters within a vCenter will be primarily limited by storage space, plus any limitations upon the number of the resources limited above. Day Zero resources not provisioned by the installer, such as IP addresses and networks, should also be considered when planning.

docs/user/vsphere/vips-dns.md

@@ -0,0 +1,21 @@
+# IP Adresses
+
+An installer-provisioned vSphere installation requires two static IP addresses:
+
+* **API** - used to access the cluster API.
+* **Ingress** - used for cluster ingress traffic.
+
+A virtual IP address for each of these should be specified in the [install configuration](install.md#create-configuration).
+
+# DNS Records
+
+DNS records must be created for the two IP addresses in whichever DNS server is appropriate for the environment.
+The records should have the following values:
+
+| Name                                  | Value       |
+| -                                     |  -          |
+| `api.<cluster-name>.<base-domain>`    | API VIP     |
+| `*.apps.<cluster-name>.<base-domain>` | Ingress VIP |
+
+Note that `cluster-name` and `base-domain` are variables custom to an installation and
+must correspond to the values specified in the [install configuration](install.md#create-configuration).