From b4623ecb5d2bd85563c440057bf192088c1e2c64 Mon Sep 17 00:00:00 2001 From: EricPonvelle Date: Wed, 20 Aug 2025 10:29:21 -0500 Subject: [PATCH] OSDOCS-15910: Pruning HCP Cluster Installation --- _topic_maps/_topic_map_rosa.yml | 25 ----------- _topic_maps/_topic_map_rosa_hcp.yml | 15 +------ .../cloud-experts-custom-dns-resolver.adoc | 7 ++- ...tivation-and-account-linking-tutorial.adoc | 7 ++- .../creating-cluster-with-aws-kms-key.adoc | 6 +-- .../rosa-additional-principals-create.adoc | 2 +- modules/rosa-additional-principals-edit.adoc | 2 +- .../rosa-additional-principals-overview.adoc | 6 +-- ...g-account-wide-iam-roles-and-policies.adoc | 36 ++-------------- ...leting-sts-iam-resources-account-wide.adoc | 43 ++----------------- ...ng-started-access-cluster-web-console.adoc | 6 +-- ...sa-getting-started-deleting-a-cluster.adoc | 32 +++++--------- modules/rosa-getting-started-enable-rosa.adoc | 13 ++---- ...osa-getting-started-environment-setup.adoc | 11 +---- ...etting-started-grant-admin-privileges.adoc | 6 +-- ...osa-getting-started-grant-user-access.adoc | 12 +++--- ...g-started-install-configure-cli-tools.adoc | 8 ++-- ...tting-started-revoke-admin-privileges.adoc | 4 +- ...sa-getting-started-revoke-user-access.adoc | 4 +- ...king-admin-privileges-and-user-access.adoc | 2 +- .../rosa-hcp-aws-private-create-cluster.adoc | 8 ++-- .../rosa-hcp-aws-private-security-groups.adoc | 12 ++---- modules/rosa-hcp-create-network.adoc | 6 +-- ...g-account-wide-sts-roles-and-policies.adoc | 17 +++++--- modules/rosa-hcp-deleting-cluster.adoc | 16 +++---- .../rosa-hcp-set-environment-variables.adoc | 2 +- ...-sts-accessing-a-break-glass-cred-cli.adoc | 12 +++--- ...p-sts-creating-a-break-glass-cred-cli.adoc | 6 +-- ...-creating-a-cluster-cli-no-cni-plugin.adoc | 14 +++--- .../rosa-hcp-sts-creating-a-cluster-cli.adoc | 22 +++------- ...reating-a-cluster-egress-lockdown-cli.adoc | 10 ++--- ...g-a-cluster-external-auth-cluster-cli.adoc | 4 +- ...-a-cluster-external-auth-provider-cli.adoc | 2 +- ...p-sts-revoking-a-break-glass-cred-cli.adoc | 4 +- modules/rosa-hcp-vpc-manual.adoc | 5 ++- modules/rosa-hcp-vpc-subnet-tagging.adoc | 5 ++- modules/rosa-hcp-vpc-terraform.adoc | 9 ++-- modules/rosa-operator-config.adoc | 4 +- modules/rosa-sts-byo-oidc.adoc | 37 +++++----------- .../rosa-sts-cluster-terraform-destroy.adoc | 7 +-- .../rosa-sts-cluster-terraform-execute.adoc | 5 ++- ...g-account-wide-sts-roles-and-policies.adoc | 13 ++---- .../rosa-sts-terraform-considerations.adoc | 4 +- modules/rosa-sts-terraform-prerequisites.adoc | 7 +-- modules/rosa-terraform-overview.adoc | 4 +- ...g-and-deleting-ocm-and-user-iam-roles.adoc | 24 +---------- rosa_architecture/rosa-oidc-overview.adoc | 4 +- ...rosa-hcp-aws-private-creating-cluster.adoc | 10 +---- ...hcp-creating-cluster-with-aws-kms-key.adoc | 13 +----- rosa_hcp/rosa-hcp-deleting-cluster.adoc | 11 +---- rosa_hcp/rosa-hcp-egress-zero-install.adoc | 9 ++-- rosa_hcp/rosa-hcp-quickstart-guide.adoc | 6 +-- rosa_hcp/rosa-hcp-shared-vpc-config.adoc | 8 ++-- ...a-hcp-sts-creating-a-cluster-ext-auth.adoc | 21 +++------ ...sa-hcp-sts-creating-a-cluster-quickly.adoc | 32 ++++++-------- ...-creating-a-cluster-quickly-terraform.adoc | 8 ++-- rosa_release_notes/rosa-release-notes.adoc | 6 +-- snippets/rosa-hcp-rn.adoc | 2 +- snippets/vpc-troubleshooting.adoc | 7 ++- 59 files changed, 221 insertions(+), 422 deletions(-) diff --git a/_topic_maps/_topic_map_rosa.yml b/_topic_maps/_topic_map_rosa.yml index 6a440f27e2cd..18143031e883 100644 --- a/_topic_maps/_topic_map_rosa.yml +++ b/_topic_maps/_topic_map_rosa.yml @@ -241,31 +241,6 @@ Topics: - Name: Setting up your environment File: rosa-sts-setting-up-environment --- -Name: Install ROSA with HCP clusters -Dir: rosa_hcp -Distros: openshift-rosa -Topics: -- Name: Creating ROSA with HCP clusters using the default options - File: rosa-hcp-sts-creating-a-cluster-quickly -- Name: Creating a ROSA cluster using Terraform - Dir: terraform - Distros: openshift-rosa - Topics: - - Name: Creating a default ROSA cluster using Terraform - File: rosa-hcp-creating-a-cluster-quickly-terraform -- Name: Creating ROSA with HCP clusters using a custom AWS KMS encryption key - File: rosa-hcp-creating-cluster-with-aws-kms-key -- Name: Creating a private cluster on ROSA with HCP - File: rosa-hcp-aws-private-creating-cluster -- Name: Creating ROSA with HCP clusters with egress zero - File: rosa-hcp-egress-zero-install -- Name: Creating a ROSA with HCP cluster that uses direct authentication with an external OIDC identity provider - File: rosa-hcp-sts-creating-a-cluster-ext-auth -- Name: Creating ROSA with HCP clusters without a CNI plugin - File: rosa-hcp-cluster-no-cni -- Name: Deleting a ROSA with HCP cluster - File: rosa-hcp-deleting-cluster ---- Name: Install ROSA Classic clusters Dir: rosa_install_access_delete_clusters Distros: openshift-rosa diff --git a/_topic_maps/_topic_map_rosa_hcp.yml b/_topic_maps/_topic_map_rosa_hcp.yml index c94db178eb49..ff4a078dd23a 100644 --- a/_topic_maps/_topic_map_rosa_hcp.yml +++ b/_topic_maps/_topic_map_rosa_hcp.yml @@ -145,17 +145,6 @@ Topics: # File: cloud-experts-dynamic-certificate-custom-domain - Name: Assigning consistent egress IP for external traffic File: cloud-experts-consistent-egress-ip -# --- -# Name: Getting started -# Dir: rosa_getting_started -# Distros: openshift-rosa-hcp -# Topics: -# - Name: ROSA quickstart guide -# File: rosa-quickstart-guide-ui -# - Name: Comprehensive guide to getting started with ROSA -# File: rosa-getting-started -# - Name: Understanding the ROSA with STS deployment workflow -# File: rosa-sts-getting-started-workflow --- Name: Prepare your environment Dir: rosa_planning @@ -178,7 +167,7 @@ Topics: - Name: Planning resource usage in your cluster File: rosa-planning-environment --- -Name: Install ROSA clusters +Name: Install clusters Dir: rosa_hcp Distros: openshift-rosa-hcp Topics: @@ -397,8 +386,6 @@ Topics: # File: troubleshooting-installations - Name: Review your cluster notifications File: mos-tshoot-cluster-notifications -# - Name: Troubleshooting ROSA installations -# File: rosa-troubleshooting-installations - Name: Troubleshooting Red Hat OpenShift Service on AWS installations File: rosa-troubleshooting-installations-hcp - Name: Troubleshooting networking diff --git a/cloud_experts_tutorials/cloud-experts-custom-dns-resolver.adoc b/cloud_experts_tutorials/cloud-experts-custom-dns-resolver.adoc index b47a5b9c0d5e..12a964e5d8c6 100644 --- a/cloud_experts_tutorials/cloud-experts-custom-dns-resolver.adoc +++ b/cloud_experts_tutorials/cloud-experts-custom-dns-resolver.adoc @@ -20,7 +20,12 @@ This tutorial uses the open-source BIND DNS server (`named`) to demonstrate the * ROSA CLI (`rosa`) * AWS CLI (`aws`) -* A xref:../rosa_hcp/rosa-hcp-sts-creating-a-cluster-quickly.adoc#rosa-hcp-vpc-manual_rosa-hcp-sts-creating-a-cluster-quickly[manually created AWS VPC] +ifdef::openshift-rosa[] +* A manually created AWS VPC +endif::openshift-rosa[] +ifdef::openshift-rosa-hcp[] +* A xref:../rosa_hcp/rosa-hcp-sts-creating-a-cluster-quickly.adoc#rosa-hcp-creating-vpc_rosa-hcp-sts-creating-a-cluster-quickly[manually created AWS VPC] +endif::openshift-rosa-hcp[] * A DHCP option set configured to point to a custom DNS server and set as the default for your VPC [id="cloud-experts-custom-dns-resolver-environment-setup"] diff --git a/cloud_experts_tutorials/cloud-experts-rosa-hcp-activation-and-account-linking-tutorial.adoc b/cloud_experts_tutorials/cloud-experts-rosa-hcp-activation-and-account-linking-tutorial.adoc index b61ecb7817bd..cc88682217d5 100644 --- a/cloud_experts_tutorials/cloud-experts-rosa-hcp-activation-and-account-linking-tutorial.adoc +++ b/cloud_experts_tutorials/cloud-experts-rosa-hcp-activation-and-account-linking-tutorial.adoc @@ -165,7 +165,12 @@ image::rosa-create-cli-billing-17.png[] .Additional resources +ifdef::openshift-rosa-hcp[] * The detailed cluster deployment steps are beyond the scope of this tutorial. See xref:../rosa_hcp/rosa-hcp-sts-creating-a-cluster-quickly.adoc#rosa-hcp-sts-creating-a-cluster-quickly[Creating {product-title} clusters using the default options] for more details about how to complete the {product-title} cluster deployment using the CLI. +endif::openshift-rosa-hcp[] +ifdef::openshift-rosa[] +* The detailed cluster deployment steps are beyond the scope of this tutorial. +endif::openshift-rosa[] == Selecting the AWS billing account for {product-title} during cluster deployment using the web console @@ -215,4 +220,4 @@ The following steps past the billing AWS account selection are beyond the scope .Additional resources * For information on using the CLI to create a cluster, see xref:../rosa_hcp/rosa-hcp-sts-creating-a-cluster-quickly.adoc#rosa-hcp-sts-creating-a-cluster-cli_rosa-hcp-sts-creating-a-cluster-quickly[Creating a {product-title} cluster using the CLI]. -* See link:https://cloud.redhat.com/learning/learn:getting-started-red-hat-openshift-service-aws-rosa/resource/resources:how-deploy-cluster-red-hat-openshift-service-aws-using-console-ui[this learning path] for more details on how to complete cluster deployment using the web console. +* See link:https://cloud.redhat.com/learning/learn:getting-started-red-hat-openshift-service-aws-rosa/resource/resources:how-deploy-cluster-red-hat-openshift-service-aws-using-console-ui[this learning path] for more details on how to complete cluster deployment using the web console. \ No newline at end of file diff --git a/modules/creating-cluster-with-aws-kms-key.adoc b/modules/creating-cluster-with-aws-kms-key.adoc index f1271a3829fd..be12882d9fac 100644 --- a/modules/creating-cluster-with-aws-kms-key.adoc +++ b/modules/creating-cluster-with-aws-kms-key.adoc @@ -4,13 +4,13 @@ :_mod-docs-content-type: PROCEDURE [id="creating-cluster-with-aws-kms-key"] -= Creating a ROSA cluster using a custom AWS KMS key += Creating a {product-title} cluster using a custom AWS KMS key -You can create a {product-title} (ROSA) cluster with a customer-provided KMS key that is used to encrypt either node root volumes, the etcd database, or both. A different KMS key ARN can be provided for each option. +You can create a {product-title} cluster with a customer-provided KMS key that is used to encrypt either node root volumes, the etcd database, or both. A different KMS key ARN can be provided for each option. [NOTE] ==== -{hcp-title} does not automatically configure the `default` storage class to encrypt persistent volumes with the customer-provided KMS key. This is something that can be configured in-cluster after installation. +{product-title} does not automatically configure the `default` storage class to encrypt persistent volumes with the customer-provided KMS key. This is something that can be configured in-cluster after installation. ==== diff --git a/modules/rosa-additional-principals-create.adoc b/modules/rosa-additional-principals-create.adoc index 0cf5d37a2032..927c23e092fc 100644 --- a/modules/rosa-additional-principals-create.adoc +++ b/modules/rosa-additional-principals-create.adoc @@ -5,7 +5,7 @@ :_mod-docs-content-type: PROCEDURE [id="rosa-additional-principals-create_{context}"] -= Adding additional principals while creating your {hcp-title} cluster += Adding additional principals while creating your {product-title} cluster Use the `--additional-allowed-principals` argument to permit access through other roles. diff --git a/modules/rosa-additional-principals-edit.adoc b/modules/rosa-additional-principals-edit.adoc index 12d7740b6b84..9c26490835d6 100644 --- a/modules/rosa-additional-principals-edit.adoc +++ b/modules/rosa-additional-principals-edit.adoc @@ -5,7 +5,7 @@ :_mod-docs-content-type: PROCEDURE [id="rosa-additional-principals-edit_{context}"] -= Adding additional principals to your existing {hcp-title} cluster += Adding additional principals to your existing {product-title} cluster You can add additional principals to your cluster by using the command-line interface (CLI). diff --git a/modules/rosa-additional-principals-overview.adoc b/modules/rosa-additional-principals-overview.adoc index cad86527b643..fc97e754242d 100644 --- a/modules/rosa-additional-principals-overview.adoc +++ b/modules/rosa-additional-principals-overview.adoc @@ -4,11 +4,11 @@ :_mod-docs-content-type: CONCEPT [id="rosa-additional-principals-overview_{context}"] -= Additional principals on your {hcp-title} cluster += Additional principals on your {product-title} cluster You can allow AWS Identity and Access Management (IAM) roles as additional principals to connect to your cluster's private API server endpoint. -You can access your {hcp-title} cluster's API Server endpoint from either the public internet or the interface endpoint that was created within the VPC private subnets. By default, you can privately access your {hcp-title} API Server by using the `-kube-system-kube-controller-manager` Operator role. To be able to access ROSA with HCP API server from another account directly without using the primary account where cluster is installed, you must include cross-account IAM roles as additional principals. This feature allows you to simplify your network architecture and reduce data transfer costs by avoiding peering or attaching cross-account VPCs to cluster's VPC. +You can access your {product-title} cluster's API Server endpoint from either the public internet or the interface endpoint that was created within the VPC private subnets. By default, you can privately access your {product-title} API Server by using the `-kube-system-kube-controller-manager` Operator role. To be able to access {product-title} API server from another account directly without using the primary account where cluster is installed, you must include cross-account IAM roles as additional principals. This feature allows you to simplify your network architecture and reduce data transfer costs by avoiding peering or attaching cross-account VPCs to cluster's VPC. image::AWS_cross_account_access.png[Overview of AWS cross account access] @@ -16,5 +16,5 @@ In this diagram, the cluster creating account is designated as Account A. This a [NOTE] ==== -After you have configured additional allowed principals, you must create the interface VPC endpoint in the VPC from where you want to access the cross-account {hcp-title} API server. Then, create a private hosted zone in Route53 to route calls made to cross-account {hcp-title} API server to pass through the created VPC endpoint. +After you have configured additional allowed principals, you must create the interface VPC endpoint in the VPC from where you want to access the cross-account {product-title} API server. Then, create a private hosted zone in Route53 to route calls made to cross-account {product-title} API server to pass through the created VPC endpoint. ==== \ No newline at end of file diff --git a/modules/rosa-deleting-account-wide-iam-roles-and-policies.adoc b/modules/rosa-deleting-account-wide-iam-roles-and-policies.adoc index 9c32074b40dd..916b59194385 100644 --- a/modules/rosa-deleting-account-wide-iam-roles-and-policies.adoc +++ b/modules/rosa-deleting-account-wide-iam-roles-and-policies.adoc @@ -15,32 +15,11 @@ endif::[] [id="rosa-deleting-account-wide-iam-roles-and-policies_{context}"] = Deleting the account-wide IAM roles and policies -This section provides steps to delete the account-wide IAM roles and policies that you created for -ifdef::sts[] -{rosa-classic-short} with STS -endif::sts[] -ifdef::hcp[] -{rosa-short} -endif::hcp[] -deployments, along with the account-wide Operator policies. You can delete the account-wide AWS Identity and Access Management (IAM) roles and policies only after deleting all of the -ifdef::sts[] -{rosa-classic-short} with AWS Security Token Services (STS) -endif::sts[] -ifdef::hcp[] -{rosa-short} -endif::hcp[] -clusters that depend on them. +This section provides steps to delete the account-wide IAM roles and policies that you created for {product-title} deployments, along with the account-wide Operator policies. You can delete the account-wide AWS Identity and Access Management (IAM) roles and policies only after deleting all of the {product-title} clusters that depend on them. [IMPORTANT] ==== -The account-wide IAM roles and policies might be used by other -ifdef::sts[] -{rosa-classic-short} -endif::sts[] -ifdef::hcp[] -{rosa-short} -endif::hcp[] -clusters in the same AWS account. Only remove the roles if they are not required by other clusters. +The account-wide IAM roles and policies might be used by other {product-title} clusters in the same AWS account. Only remove the roles if they are not required by other clusters. ==== .Prerequisites @@ -101,7 +80,7 @@ $ rosa delete account-roles --prefix --delete-hosted-shared-vpc-policie + [IMPORTANT] ==== -The account-wide IAM roles might be used by other ROSA clusters in the same AWS account. Only remove the roles if they are not required by other clusters. +The account-wide IAM roles might be used by other {product-title} clusters in the same AWS account. Only remove the roles if they are not required by other clusters. ==== + ifdef::hcp[] @@ -132,12 +111,5 @@ If you did not specify a custom prefix when you created the account-wide roles, + [IMPORTANT] ==== -The account-wide and Operator IAM policies might be used by other -ifdef::sts[] -{rosa-classic-short} -endif::sts[] -ifdef::hcp[] -{rosa-short} -endif::hcp[] -clusters in the same AWS account. Only remove the roles if they are not required by other clusters. +The account-wide and Operator IAM policies might be used by other {product-title} clusters in the same AWS account. Only remove the roles if they are not required by other clusters. ==== diff --git a/modules/rosa-deleting-sts-iam-resources-account-wide.adoc b/modules/rosa-deleting-sts-iam-resources-account-wide.adoc index 5b090d201d62..b3e417a271ee 100644 --- a/modules/rosa-deleting-sts-iam-resources-account-wide.adoc +++ b/modules/rosa-deleting-sts-iam-resources-account-wide.adoc @@ -11,48 +11,13 @@ endif::[] [id="rosa-deleting-sts-resources-account-wide_{context}"] = Deleting the account-wide IAM resources -After you have deleted all -ifndef::hcp[] -{product-title} (ROSA) with AWS Security Token Services (STS) -endif::hcp[] -ifdef::hcp[] -{rosa-short} -endif::hcp[] -clusters that depend on the account-wide AWS Identity and Access Management (IAM) resources, you can delete the account-wide resources. +After you have deleted all {product-title} clusters that depend on the account-wide AWS Identity and Access Management (IAM) resources, you can delete the account-wide resources. -If you no longer need to install a -ifndef::hcp[] -{rosa-classic-short} with STS -endif::hcp[] -ifdef::hcp[] -{rosa-short} -endif::hcp[] -cluster by using {cluster-manager-first}, you can also delete the {cluster-manager} and user IAM roles. +If you no longer need to install a {product-title} cluster by using {cluster-manager-first}, you can also delete the {cluster-manager} and user IAM roles. [IMPORTANT] ==== -The account-wide IAM roles and policies might be used by other -ifndef::hcp[] -{rosa-classic-short} -endif::hcp[] -ifdef::hcp[] -{rosa-short} -endif::hcp[] -clusters in the same AWS account. Only remove the resources if they are not required by other clusters. +The account-wide IAM roles and policies might be used by other {product-title} clusters in the same AWS account. Only remove the resources if they are not required by other clusters. -The {cluster-manager} and user IAM roles are required if you want to install, manage, and delete other -ifndef::hcp[] -{rosa-classic-short} -endif::hcp[] -ifdef::hcp[] -{rosa-short} -endif::hcp[] -clusters in the same AWS account by using {cluster-manager}. Only remove the roles if you no longer need to install -ifndef::hcp[] -{rosa-classic-short} -endif::hcp[] -ifdef::hcp[] -{rosa-short} -endif::hcp[] -clusters in your account by using {cluster-manager}. For more information about repairing your cluster if these roles are removed before deletion, see "Repairing a cluster that cannot be deleted" in _Troubleshooting cluster deployments_. +The {cluster-manager} and user IAM roles are required if you want to install, manage, and delete other {product-title} clusters in the same AWS account by using {cluster-manager}. Only remove the roles if you no longer need to install {product-title} clusters in your account by using {cluster-manager}. For more information about repairing your cluster if these roles are removed before deletion, see "Repairing a cluster that cannot be deleted" in _Troubleshooting cluster deployments_. ==== \ No newline at end of file diff --git a/modules/rosa-getting-started-access-cluster-web-console.adoc b/modules/rosa-getting-started-access-cluster-web-console.adoc index d46830bf4063..80adfcf53a6c 100644 --- a/modules/rosa-getting-started-access-cluster-web-console.adoc +++ b/modules/rosa-getting-started-access-cluster-web-console.adoc @@ -14,15 +14,15 @@ ifeval::["{context}" == "rosa-quickstart"] :quickstart: endif::[] -After you have created a cluster administrator user or added a user to your configured identity provider, you can log into your {product-title} (ROSA) cluster through the web console. +After you have created a cluster administrator user or added a user to your configured identity provider, you can log into your {product-title} cluster through the web console. ifdef::getting-started[] .Prerequisites * You have an AWS account. -* You installed and configured the latest {product-title} (ROSA) CLI, `rosa`, on your workstation. +* You installed and configured the latest ROSA CLI, `rosa`, on your workstation. * You logged in to your Red{nbsp}Hat account using the ROSA CLI (`rosa`). -* You created a ROSA cluster. +* You created a {product-title} cluster. * You have created a cluster administrator user or added your user account to the configured identity provider. endif::[] diff --git a/modules/rosa-getting-started-deleting-a-cluster.adoc b/modules/rosa-getting-started-deleting-a-cluster.adoc index c68fa4e7546a..85687bf2ba24 100644 --- a/modules/rosa-getting-started-deleting-a-cluster.adoc +++ b/modules/rosa-getting-started-deleting-a-cluster.adoc @@ -13,38 +13,26 @@ endif::[] :_mod-docs-content-type: PROCEDURE [id="rosa-getting-started-deleting-a-cluster_{context}"] -ifdef::openshift-rosa[] -= Deleting a {rosa-classic-short} cluster and the AWS IAM STS resources -endif::openshift-rosa[] -ifdef::openshift-rosa-hcp[] -= Deleting a {rosa-short} cluster and the AWS IAM STS resources -endif::openshift-rosa-hcp[] += Deleting a {product-title} cluster and the AWS IAM STS resources ifdef::openshift-rosa-hcp[] -You can delete a {rosa-short} cluster by using the ROSA CLI, `rosa`. You can also use the ROSA CLI to delete the AWS Identity and Access Management (IAM) account-wide roles, the cluster-specific Operator roles, and the OpenID Connect (OIDC) provider. To delete the account-wide and Operator policies, you can use the AWS IAM Console or the AWS CLI. +You can delete a {product-title} cluster by using the ROSA CLI, `rosa`. You can also use the {rosa-cli} to delete the AWS Identity and Access Management (IAM) account-wide roles, the cluster-specific Operator roles, and the OpenID Connect (OIDC) provider. To delete the account-wide and Operator policies, you can use the AWS IAM Console or the AWS CLI. endif::openshift-rosa-hcp[] ifdef::openshift-rosa[] -You can delete a {rosa-classic-short} cluster that uses the AWS Security Token Service (STS) by using the ROSA CLI, `rosa`. You can also use the ROSA CLI to delete the AWS Identity and Access Management (IAM) account-wide roles, the cluster-specific Operator roles, and the OpenID Connect (OIDC) provider. To delete the account-wide inline and Operator policies, you can use the AWS IAM Console or the AWS CLI. +You can delete a {product-title} cluster that uses the AWS Security Token Service (STS) by using the {rosa-cli}. You can also use the ROSA CLI to delete the AWS Identity and Access Management (IAM) account-wide roles, the cluster-specific Operator roles, and the OpenID Connect (OIDC) provider. To delete the account-wide inline and Operator policies, you can use the AWS IAM Console or the AWS CLI. endif::openshift-rosa[] [IMPORTANT] ==== -Account-wide IAM roles and policies might be used by other -ifdef::openshift-rosa[] -{rosa-classic-short} -endif::openshift-rosa[] -ifdef::openshift-rosa-hcp[] -{rosa-short} -endif::openshift-rosa-hcp[] -clusters in the same AWS account. You must only remove the resources if they are not required by other clusters. +Account-wide IAM roles and policies might be used by other {product-title} clusters in the same AWS account. You must only remove the resources if they are not required by other clusters. ==== ifdef::getting-started[] .Prerequisites -* You installed and configured the latest ROSA CLI, `rosa`, on your workstation. -* You logged in to your Red{nbsp}Hat account using the ROSA CLI (`rosa`). -* You created a {rosa-classic} cluster. +* You installed and configured the latest {rosa-cli} on your workstation. +* You logged in to your Red{nbsp}Hat account using the {rosa-cli}. +* You created a {product-title} cluster. endif::[] .Procedure @@ -86,7 +74,7 @@ $ rosa delete operator-roles -c --mode auto <1> + [IMPORTANT] ==== -Account-wide IAM roles and policies might be used by other ROSA clusters in the same AWS account. You must only remove the resources if they are not required by other clusters. +Account-wide IAM roles and policies might be used by other {product-title} clusters in the same AWS account. You must only remove the resources if they are not required by other clusters. ==== + [source,terminal] @@ -96,10 +84,10 @@ $ rosa delete account-roles --prefix --mode auto <1> <1> You must include the `--` argument. Replace `` with the prefix of the account-wide roles to delete. If you did not specify a custom prefix when you created the account-wide roles, specify the default prefix, depending on how they were created, `HCP-ROSA` or `ManagedOpenShift`. ifdef::openshift-rosa-hcp[] -. Delete the account-wide and Operator IAM policies that you created for {rosa-short} deployments: +. Delete the account-wide and Operator IAM policies that you created for {product-title} deployments: endif::openshift-rosa-hcp[] ifdef::openshift-rosa[] -. Delete the account-wide and Operator IAM policies that you created for {rosa-classic-short} deployments that use STS: +. Delete the account-wide and Operator IAM policies that you created for {product-title} deployments that use STS: endif::openshift-rosa[] + .. Log in to the link:https://console.aws.amazon.com/iamv2/home#/home[AWS IAM Console]. diff --git a/modules/rosa-getting-started-enable-rosa.adoc b/modules/rosa-getting-started-enable-rosa.adoc index f6cfe68dddbd..607349699b8c 100644 --- a/modules/rosa-getting-started-enable-rosa.adoc +++ b/modules/rosa-getting-started-enable-rosa.adoc @@ -5,16 +5,9 @@ :_mod-docs-content-type: PROCEDURE [id="rosa-getting-started-verifying-rosa-prerequisites_{context}"] -= Verifying ROSA prerequisites - -Use the steps in this procedure to enable -ifdef::openshift-rosa[] -{rosa-classic-short} -endif::openshift-rosa[] -ifdef::openshift-rosa-hcp[] -{rosa-short} -endif::openshift-rosa-hcp[] -in your AWS account. += Verifying {product-title} prerequisites + +Use the steps in this procedure to enable {product-title} in your AWS account. .Prerequisites diff --git a/modules/rosa-getting-started-environment-setup.adoc b/modules/rosa-getting-started-environment-setup.adoc index 2f9c5117bb74..512433c3cca3 100644 --- a/modules/rosa-getting-started-environment-setup.adoc +++ b/modules/rosa-getting-started-environment-setup.adoc @@ -7,16 +7,9 @@ [id="rosa-getting-started-environment-setup_{context}"] = Setting up the environment -Before you create a -ifdef::openshift-rosa[] -{rosa-classic-short} -endif::openshift-rosa[] -ifdef::openshift-rosa-hcp[] -{rosa-short} -endif::openshift-rosa-hcp[] -cluster, you must set up your environment by completing the following tasks: +Before you create a {product-title} cluster, you must set up your environment by completing the following tasks: -* Verify ROSA prerequisites against your AWS and Red{nbsp}Hat accounts. +* Verify {product-title} prerequisites against your AWS and Red{nbsp}Hat accounts. * Install and configure the required command-line interface (CLI) tools. * Verify the configuration of the CLI tools. diff --git a/modules/rosa-getting-started-grant-admin-privileges.adoc b/modules/rosa-getting-started-grant-admin-privileges.adoc index d15cffa8b6b6..8235c781e097 100644 --- a/modules/rosa-getting-started-grant-admin-privileges.adoc +++ b/modules/rosa-getting-started-grant-admin-privileges.adoc @@ -14,15 +14,15 @@ ifeval::["{context}" == "rosa-quickstart"] :quickstart: endif::[] -After you have added a user to your configured identity provider, you can grant the user `cluster-admin` or `dedicated-admin` privileges for your {product-title} (ROSA) cluster. +After you have added a user to your configured identity provider, you can grant the user `cluster-admin` or `dedicated-admin` privileges for your {product-title} cluster. ifdef::getting-started[] .Prerequisites * You have an AWS account. -* You installed and configured the latest {product-title} (ROSA) CLI, `rosa`, on your workstation. +* You installed and configured the latest ROSA CLI, `rosa`, on your workstation. * You logged in to your Red{nbsp}Hat account using the ROSA CLI (`rosa`). -* You created a ROSA cluster. +* You created a {product-title} cluster. * You have configured a GitHub identity provider for your cluster and added identity provider users. endif::[] diff --git a/modules/rosa-getting-started-grant-user-access.adoc b/modules/rosa-getting-started-grant-user-access.adoc index a7fb78e0cd8d..ef9e6c3c9690 100644 --- a/modules/rosa-getting-started-grant-user-access.adoc +++ b/modules/rosa-getting-started-grant-user-access.adoc @@ -14,17 +14,17 @@ ifeval::["{context}" == "rosa-quickstart"] :quickstart: endif::[] -You can grant a user access to your {product-title} (ROSA) cluster by adding them to your configured identity provider. +You can grant a user access to your {product-title} cluster by adding them to your configured identity provider. -You can configure different types of identity providers for your ROSA cluster. The following example procedure adds a user to a GitHub organization that is configured for identity provision to the cluster. +You can configure different types of identity providers for your {product-title} cluster. The following example procedure adds a user to a GitHub organization that is configured for identity provision to the cluster. ifdef::getting-started[] .Prerequisites * You have an AWS account. -* You installed and configured the latest {product-title} (ROSA) CLI, `rosa`, on your workstation. -* You logged in to your Red{nbsp}Hat account using the ROSA CLI (`rosa`). -* You created a ROSA cluster. +* You installed and configured the latest {rosa-cli} on your workstation. +* You logged in to your Red{nbsp}Hat account using the {rosa-cli}. +* You created a {product-title} cluster. * You have a GitHub user account. * You have configured a GitHub identity provider for your cluster. endif::[] @@ -33,7 +33,7 @@ endif::[] . Navigate to link:https://github.com[github.com] and log in to your GitHub account. -. Invite users that require access to the ROSA cluster to your GitHub organization. Follow the steps in link:https://docs.github.com/en/organizations/managing-membership-in-your-organization/inviting-users-to-join-your-organization[Inviting users to join your organization] in the GitHub documentation. +. Invite users that require access to the {product-title} cluster to your GitHub organization. Follow the steps in link:https://docs.github.com/en/organizations/managing-membership-in-your-organization/inviting-users-to-join-your-organization[Inviting users to join your organization] in the GitHub documentation. ifeval::["{context}" == "rosa-getting-started"] :getting-started: diff --git a/modules/rosa-getting-started-install-configure-cli-tools.adoc b/modules/rosa-getting-started-install-configure-cli-tools.adoc index 20c53f09f04b..c45ad8519459 100644 --- a/modules/rosa-getting-started-install-configure-cli-tools.adoc +++ b/modules/rosa-getting-started-install-configure-cli-tools.adoc @@ -42,7 +42,7 @@ $ aws sts get-caller-identity --output text arn:aws:iam:::user/ ---- + -. Install and configure the latest ROSA CLI (`rosa`). +. Install and configure the latest {rosa-cli}. .. Navigate to link:https://console.redhat.com/openshift/downloads[*Downloads*]. .. Find *Red Hat OpenShift Service on AWS command line interface (`rosa`)* in the list of tools and click *Download*. + @@ -59,7 +59,7 @@ $ tar xvf rosa-linux.tar.gz ---- $ sudo mv rosa /usr/local/bin/rosa ---- -.. Verify that the ROSA CLI is installed correctly by querying the `rosa` version: +.. Verify that the {rosa-cli} is installed correctly by querying the `rosa` version: + [source,terminal] ---- @@ -91,7 +91,7 @@ Your ROSA CLI is up to date. // For steps to configure `rosa` tab completion for different shell types, see the help menu by running `rosa completion --help`. // ==== // endif::[] -. Log in to the ROSA CLI using an offline access token. +. Log in to the {rosa-cli} using an offline access token. .. Run the login command: + [source,terminal] @@ -141,7 +141,7 @@ OCM Organization Name: Your organization OCM Organization External ID: ---- . Install and configure the latest OpenShift CLI (`oc`). -.. Use the ROSA CLI to download the `oc` CLI. +.. Use the {rosa-cli} to download the `oc` CLI. + The following command downloads the latest version of the CLI to the current working directory: + diff --git a/modules/rosa-getting-started-revoke-admin-privileges.adoc b/modules/rosa-getting-started-revoke-admin-privileges.adoc index 9b04e7771af1..18c291bfc104 100644 --- a/modules/rosa-getting-started-revoke-admin-privileges.adoc +++ b/modules/rosa-getting-started-revoke-admin-privileges.adoc @@ -19,9 +19,9 @@ Follow the steps in this section to revoke `cluster-admin` or `dedicated-admin` ifdef::getting-started[] .Prerequisites -* You installed and configured the latest {product-title} (ROSA) CLI, `rosa`, on your workstation. +* You installed and configured the latest ROSA CLI, `rosa`, on your workstation. * You logged in to your Red{nbsp}Hat account using the ROSA CLI (`rosa`). -* You created a ROSA cluster. +* You created a {product-title} cluster. * You have configured a GitHub identity provider for your cluster and added an identity provider user. * You granted `cluster-admin` or `dedicated-admin` privileges to a user. endif::[] diff --git a/modules/rosa-getting-started-revoke-user-access.adoc b/modules/rosa-getting-started-revoke-user-access.adoc index a0a6beaa5b80..467e5e15696e 100644 --- a/modules/rosa-getting-started-revoke-user-access.adoc +++ b/modules/rosa-getting-started-revoke-user-access.adoc @@ -16,12 +16,12 @@ endif::[] You can revoke cluster access for an identity provider user by removing them from your configured identity provider. -You can configure different types of identity providers for your ROSA cluster. The following example procedure revokes cluster access for a member of a GitHub organization that is configured for identity provision to the cluster. +You can configure different types of identity providers for your {product-title} cluster. The following example procedure revokes cluster access for a member of a GitHub organization that is configured for identity provision to the cluster. ifdef::getting-started[] .Prerequisites -* You have a ROSA cluster. +* You have a {product-title} cluster. * You have a GitHub user account. * You have configured a GitHub identity provider for your cluster and added an identity provider user. endif::[] diff --git a/modules/rosa-getting-started-revoking-admin-privileges-and-user-access.adoc b/modules/rosa-getting-started-revoking-admin-privileges-and-user-access.adoc index 47bb61f52f6f..4b9da1edc775 100644 --- a/modules/rosa-getting-started-revoking-admin-privileges-and-user-access.adoc +++ b/modules/rosa-getting-started-revoking-admin-privileges-and-user-access.adoc @@ -6,7 +6,7 @@ [id="rosa-getting-started-revoking-admin-privileges-and-user-access_{context}"] = Revoking administrator privileges and user access -You can revoke `cluster-admin` or `dedicated-admin` privileges from a user by using the {product-title} (ROSA) CLI, `rosa`. +You can revoke `cluster-admin` or `dedicated-admin` privileges from a user by using the ROSA CLI, `rosa`. To revoke cluster access from a user, you must remove the user from your configured identity provider. diff --git a/modules/rosa-hcp-aws-private-create-cluster.adoc b/modules/rosa-hcp-aws-private-create-cluster.adoc index f444a65d3d99..33b76d6554d8 100644 --- a/modules/rosa-hcp-aws-private-create-cluster.adoc +++ b/modules/rosa-hcp-aws-private-create-cluster.adoc @@ -3,14 +3,14 @@ // * rosa_hcp/rosa-hcp-aws-private-creating-cluster.adoc :_mod-docs-content-type: PROCEDURE [id="rosa-hcp-aws-private-create-cluster_{context}"] -= Creating a private {hcp-title} cluster using the ROSA CLI += Creating a private {product-title} cluster using the ROSA CLI -You can create a private cluster with multiple availability zones (Multi-AZ) on {hcp-title} using the ROSA command-line interface (CLI), `rosa`. +You can create a private cluster with multiple availability zones (Multi-AZ) on {product-title} using the ROSA command-line interface (CLI), `rosa`. .Prerequisites * You have available AWS service quotas. -* You have enabled the ROSA service in the AWS Console. +* You have enabled the {product-title} in the AWS Console. * You have installed and configured the latest version of the ROSA CLI on your installation host. .Procedure @@ -60,7 +60,7 @@ I: Created OIDC provider with ARN 'arn:aws:iam::46545644412:oidc-provider/oidc.o $ rosa create operator-roles --hosted-cp --prefix --oidc-config-id --installer-role-arn arn:aws:iam::$:role/$-HCP-ROSA-Installer-Role ---- -. Create a private {hcp-title} cluster by running the following command: +. Create a private {product-title} cluster by running the following command: + [source,terminal] ---- diff --git a/modules/rosa-hcp-aws-private-security-groups.adoc b/modules/rosa-hcp-aws-private-security-groups.adoc index 902a44362ccb..c322a341c9be 100644 --- a/modules/rosa-hcp-aws-private-security-groups.adoc +++ b/modules/rosa-hcp-aws-private-security-groups.adoc @@ -6,17 +6,11 @@ :_mod-docs-content-type: PROCEDURE = Adding additional AWS security groups to the AWS PrivateLink endpoint -ifdef::openshift-rosa[] -With {hcp-title} clusters, the AWS PrivateLink endpoint exposed in the customer's Virtual Private Cloud (VPC) has a security group that limits access to requests that originate from within the cluster's Machine CIDR range. You must create and attach another security group to the PrivateLink endpoint to grant API access to entities outside of the VPC through VPC peering, transit gateways, or other network connectivity. -endif::openshift-rosa[] - -ifdef::openshift-rosa-hcp[] -With {hcp-title} clusters, the AWS PrivateLink endpoint exposed in the host's Virtual Private Cloud (VPC) has a security group that limits access to requests that originate from within the cluster's Machine CIDR range. You must create and attach another security group to the PrivateLink endpoint to grant API access to entities outside of the VPC through VPC peering, transit gateways, or other network connectivity. -endif::openshift-rosa-hcp[] +With {product-title} clusters, the AWS PrivateLink endpoint exposed in the host's Virtual Private Cloud (VPC) has a security group that limits access to requests that originate from within the cluster's Machine CIDR range. You must create and attach another security group to the PrivateLink endpoint to grant API access to entities outside of the VPC through VPC peering, transit gateways, or other network connectivity. [IMPORTANT] ==== -Adding additional AWS security groups to the AWS PrivateLink endpoint is only supported on {hcp-title} version 4.17.2 and later. +Adding additional AWS security groups to the AWS PrivateLink endpoint is only supported on {product-title} version 4.17.2 and later. ==== .Prerequisites @@ -81,4 +75,4 @@ $ aws ec2 authorize-security-group-ingress --group-id $SG_ID --ip-permissions Fr $ aws ec2 modify-vpc-endpoint --vpc-endpoint-id $VPCE_ID --add-security-group-ids $SG_ID ---- -You can now access the API of your {hcp-title} private cluster from the specified CIDR block. +You can now access the API of your {product-title} private cluster from the specified CIDR block. diff --git a/modules/rosa-hcp-create-network.adoc b/modules/rosa-hcp-create-network.adoc index cd7b5c6afa58..861690db55ea 100644 --- a/modules/rosa-hcp-create-network.adoc +++ b/modules/rosa-hcp-create-network.adoc @@ -12,7 +12,7 @@ endif::[] [id="rosa-hcp-create-network_{context}"] = Creating an AWS VPC using the ROSA CLI -The `rosa create network` command is available in v.1.2.48 or later of the ROSA command-line interface (CLI). The command uses AWS CloudFormation to create a VPC and associated networking components necessary to install a {rosa-short} cluster. CloudFormation is a native AWS infrastructure-as-code tool and is compatible with the AWS CLI. +The `rosa create network` command is available in v.1.2.48 or later of the {rosa-cli}. The command uses AWS CloudFormation to create a VPC and associated networking components necessary to install a {product-title} cluster. CloudFormation is a native AWS infrastructure-as-code tool and is compatible with the AWS CLI. If you do not specify a template, CloudFormation uses a default template that creates resources with the following parameters: @@ -37,7 +37,7 @@ You can create and customize CloudFormation templates to use with the `rosa crea * You have configured your AWS account * You have configured your Red Hat accounts -* You have installed the ROSA CLI and configured it to the latest version +* You have installed the {rosa-cli} and configured it to the latest version .Procedure @@ -371,7 +371,7 @@ ifdef::rosa-egress-lockdown[] [id="rosa-hcp-vpc-subnet-tagging-rosa-network_{context}"] == Tagging your subnets -Before you can use your VPC to create a {hcp-title} cluster, you must tag your VPC subnets. Automated service preflight checks verify that these resources are tagged correctly. The following table shows how to tag your resources: +Before you can use your VPC to create a {product-title} cluster, you must tag your VPC subnets. Automated service preflight checks verify that these resources are tagged correctly. The following table shows how to tag your resources: [cols="3a,8a,8a", options="header"] |=== diff --git a/modules/rosa-hcp-creating-account-wide-sts-roles-and-policies.adoc b/modules/rosa-hcp-creating-account-wide-sts-roles-and-policies.adoc index c0f724781d50..1a237615a75e 100644 --- a/modules/rosa-hcp-creating-account-wide-sts-roles-and-policies.adoc +++ b/modules/rosa-hcp-creating-account-wide-sts-roles-and-policies.adoc @@ -1,7 +1,10 @@ // Module included in the following assemblies: -// * rosa_planning/rosa-hcp-prepare-iam-resources.adoc +// +// * rosa_hcp/rosa-hcp-egress-zero-install.adoc +// * rosa_hcp/rosa-hcp-cluster-no-cni.adoc +// * rosa_hcp/rosa-hcp-creating-cluster-with-aws-kms-key.adoc // * rosa_hcp/rosa-hcp-sts-creating-a-cluster-quickly.adoc - +// * rosa_planning/rosa-hcp-prepare-iam-roles-resources.adoc ifeval::["{context}" == "rosa-hcp-egress-zero-install"] :egress-lockdown: @@ -11,18 +14,18 @@ endif::[] [id="rosa-sts-creating-account-wide-sts-roles-and-policies_{context}"] = Creating the account-wide STS roles and policies -Before you create your {rosa-short} cluster, you must create the required account-wide roles and policies. +Before you create your {product-title} cluster, you must create the required account-wide roles and policies. [NOTE] ==== -Specific AWS-managed policies for {rosa-short} must be attached to each role. Customer-managed policies must not be used with these required account roles. For more information regarding AWS-managed policies for {rosa-short} clusters, see link:https://docs.aws.amazon.com/ROSA/latest/userguide/security-iam-awsmanpol-account-policies.html[AWS managed policies for ROSA]. +Specific AWS-managed policies for {product-title} must be attached to each role. Customer-managed policies must not be used with these required account roles. For more information regarding AWS-managed policies for {product-title} clusters, see link:https://docs.aws.amazon.com/ROSA/latest/userguide/security-iam-awsmanpol-account-policies.html[AWS managed policies for ROSA]. ==== .Prerequisites -* You have completed the AWS prerequisites for {rosa-short}. +* You have completed the AWS prerequisites for {product-title}. * You have available AWS service quotas. -* You have enabled the ROSA service in the AWS Console. +* You have enabled the {product-title} in the AWS Console. * You have installed and configured the latest ROSA CLI (`rosa`) on your installation host. * You have logged in to your Red{nbsp}Hat account by using the ROSA CLI. @@ -68,7 +71,7 @@ $ echo $ACCOUNT_ROLES_PREFIX ManagedOpenShift ---- -For more information regarding AWS managed IAM policies for ROSA, see link:https://docs.aws.amazon.com/ROSA/latest/userguide/security-iam-awsmanpol.html[AWS managed IAM policies for ROSA]. +For more information regarding AWS managed IAM policies for {product-title}, see link:https://docs.aws.amazon.com/ROSA/latest/userguide/security-iam-awsmanpol.html[AWS managed IAM policies for ROSA]. ifeval::["{context}" == "rosa-hcp-egress-zero-install"] :!egress-lockdown: diff --git a/modules/rosa-hcp-deleting-cluster.adoc b/modules/rosa-hcp-deleting-cluster.adoc index 27b6cb9c815e..2f26e34d3a95 100644 --- a/modules/rosa-hcp-deleting-cluster.adoc +++ b/modules/rosa-hcp-deleting-cluster.adoc @@ -4,11 +4,11 @@ :_mod-docs-content-type: PROCEDURE [id="rosa-hcp-deleting-cluster_{context}"] -= Deleting a {hcp-title} cluster and the cluster-specific IAM resources += Deleting a {product-title} cluster and the cluster-specific IAM resources -You can delete a {rosa-short} cluster by using the ROSA command-line interface (CLI) (`rosa`) or {cluster-manager-first}. +You can delete a {product-title} cluster by using the {rosa-cli} or {cluster-manager-first}. -After deleting the cluster, you can clean up the cluster-specific Identity and Access Management (IAM) resources in your AWS account by using the ROSA CLI. The cluster-specific resources include the Operator roles and the OpenID Connect (OIDC) provider. +After deleting the cluster, you can clean up the cluster-specific Identity and Access Management (IAM) resources in your AWS account by using the {rosa-cli}. The cluster-specific resources include the Operator roles and the OpenID Connect (OIDC) provider. [NOTE] ==== @@ -19,8 +19,8 @@ If add-ons are installed, the cluster deletion takes longer because add-ons are .Prerequisites -* You have installed a {rosa-short} cluster. -* You have installed and configured the latest ROSA CLI (`rosa`) on your installation host. +* You have installed a {product-title} cluster. +* You have installed and configured the latest {rosa-cli} on your installation host. .Procedure @@ -92,15 +92,15 @@ External Authentication: Disabled + [IMPORTANT] ==== -After the cluster is deleted, you need the cluster ID to delete the cluster-specific STS resources using the ROSA CLI. +After the cluster is deleted, you need the cluster ID to delete the cluster-specific STS resources using the {rosa-cli}. ==== -. Delete the cluster by using either the {cluster-manager} or the ROSA CLI (`rosa`): +. Delete the cluster by using either the {cluster-manager} or the {rosa-cli}: ** To delete the cluster by using the {cluster-manager}: .. Navigate to the {cluster-manager-url}. .. Click the Options menu {kebab} next to your cluster and select *Delete cluster*. .. Type the name of your cluster into the prompt and click *Delete*. -** To delete the cluster using the ROSA CLI: +** To delete the cluster using the {rosa-cli}: .. Run the following command, replacing `` with the name or ID of your cluster: + [source,terminal] diff --git a/modules/rosa-hcp-set-environment-variables.adoc b/modules/rosa-hcp-set-environment-variables.adoc index 012ca8a8193f..d9bf7cb26b11 100644 --- a/modules/rosa-hcp-set-environment-variables.adoc +++ b/modules/rosa-hcp-set-environment-variables.adoc @@ -29,7 +29,7 @@ $ echo ---- + ifdef::rosa-egress-lockdown-install[] -.Suggested variables for disconnected {product-title} (ROSA) clusters +.Suggested variables for disconnected {product-title} clusters [cols="3",options="header"] |=== |Variable name diff --git a/modules/rosa-hcp-sts-accessing-a-break-glass-cred-cli.adoc b/modules/rosa-hcp-sts-accessing-a-break-glass-cred-cli.adoc index 55113dbecc18..8d74d45e1ffa 100644 --- a/modules/rosa-hcp-sts-accessing-a-break-glass-cred-cli.adoc +++ b/modules/rosa-hcp-sts-accessing-a-break-glass-cred-cli.adoc @@ -5,15 +5,15 @@ :_mod-docs-content-type: PROCEDURE [id="rosa-hcp-sts-accessing-a-break-glass-cred-cli_{context}"] -= Accessing a {hcp-title} cluster by using a break glass credential += Accessing a {product-title} cluster by using a break glass credential -Use the new `kubeconfig` from the break glass credential to gain temporary admin access to a {hcp-title} cluster. +Use the new `kubeconfig` from the break glass credential to gain temporary admin access to a {product-title} cluster. .Prerequisites -* You have access to a {hcp-title} cluster with external authentication enabled. For more information, see _Creating a {hcp-title} cluster that uses direct authentication with an external OIDC identity provider_. +* You have access to a {product-title} cluster with external authentication enabled. For more information, see _Creating a {product-title} cluster that uses direct authentication with an external OIDC identity provider_. * You have installed the `oc` and the `kubectl` CLIs. -* You have configured the new `kubeconfig`. For more information, see _Creating a break glass credential for a {hcp-title} cluster_. +* You have configured the new `kubeconfig`. For more information, see _Creating a break glass credential for a {product-title} cluster_. .Procedure @@ -53,7 +53,7 @@ ATTRIBUTE VALUE Username system:customer-break-glass:test-user Groups [system:masters system:authenticated] ---- -. Apply the `ClusterRoleBinding` for the groups defined in the external OIDC provider. The `ClusterRoleBinding` maps the `rosa-hcp-admins` group that is created in Microsoft Entra ID to a group in the {hcp-title} cluster. +. Apply the `ClusterRoleBinding` for the groups defined in the external OIDC provider. The `ClusterRoleBinding` maps the `rosa-hcp-admins` group that is created in Microsoft Entra ID to a group in the {product-title} cluster. + [source,terminal] ---- @@ -82,5 +82,5 @@ clusterrolebinding.rbac.authorization.k8s.io/rosa-hcp-admins created + [NOTE] ==== -After the `ClusterRoleBinding` has been applied, the {hcp-title} cluster is configured, and the `rosa` CLI and the {hybrid-console-url} are authenticated through the external OpenID Connect (OIDC) provider. You can now start assigning roles and deploying applications on the cluster. +After the `ClusterRoleBinding` has been applied, the {product-title} cluster is configured, and the `rosa` CLI and the {hybrid-console-url} are authenticated through the external OpenID Connect (OIDC) provider. You can now start assigning roles and deploying applications on the cluster. ==== \ No newline at end of file diff --git a/modules/rosa-hcp-sts-creating-a-break-glass-cred-cli.adoc b/modules/rosa-hcp-sts-creating-a-break-glass-cred-cli.adoc index 3d8dbbd424f0..da6d77b2a8b8 100644 --- a/modules/rosa-hcp-sts-creating-a-break-glass-cred-cli.adoc +++ b/modules/rosa-hcp-sts-creating-a-break-glass-cred-cli.adoc @@ -5,13 +5,13 @@ :_mod-docs-content-type: PROCEDURE [id="rosa-hcp-sts-creating-a-break-glass-cred-cli_{context}"] -= Creating a break glass credential for a {hcp-title} cluster += Creating a break glass credential for a {product-title} cluster -As a {hcp-title} cluster owner, you can use the break glass credential to create temporary administrative client credentials to access your clusters that are configured with custom OpenID Connect (OIDC) token issuers. Creating a break glass credential generates a new cluster-admin `kubeconfig` file. The `kubeconfig` file contains information about the cluster that the CLI uses to connect a client to the correct cluster and API server. You can use the newly generated `kubeconfig` file to allow access to the {hcp-title} cluster. +As a {product-title} cluster owner, you can use the break glass credential to create temporary administrative client credentials to access your clusters that are configured with custom OpenID Connect (OIDC) token issuers. Creating a break glass credential generates a new cluster-admin `kubeconfig` file. The `kubeconfig` file contains information about the cluster that the CLI uses to connect a client to the correct cluster and API server. You can use the newly generated `kubeconfig` file to allow access to the {product-title} cluster. .Prerequisites -* You have created a {hcp-title} cluster with external authentication enabled. For more information, see _Creating a {hcp-title} with HCP cluster that uses external authentication providers_. +* You have created a {product-title} cluster with external authentication enabled. For more information, see _Creating a {product-title} with HCP cluster that uses external authentication providers_. * You have created an external authentication provider. For more information, see _Creating an external authentication provider_. * You have an account with `cluster admin` permissions. diff --git a/modules/rosa-hcp-sts-creating-a-cluster-cli-no-cni-plugin.adoc b/modules/rosa-hcp-sts-creating-a-cluster-cli-no-cni-plugin.adoc index d56b1a9e5055..fd72bb83b713 100644 --- a/modules/rosa-hcp-sts-creating-a-cluster-cli-no-cni-plugin.adoc +++ b/modules/rosa-hcp-sts-creating-a-cluster-cli-no-cni-plugin.adoc @@ -6,25 +6,25 @@ [id="rosa-hcp-sts-creating-a-cluster-cli_{context}-no-cni"] = Creating the cluster -When using the {rosa-short} command-line interface (CLI), `rosa`, to create a cluster, you can add an optional flag `--no-cni` to create a cluster without a CNI plugin. +When using the ROSA command-line interface (CLI), `rosa`, to create a cluster, you can add an optional flag `--no-cni` to create a cluster without a CNI plugin. .Prerequisites -* You have completed the AWS prerequisites for {rosa-short}. +* You have completed the AWS prerequisites for {product-title}. * You have available AWS service quotas. -* You have enabled the ROSA service in the AWS Console. +* You have enabled the {product-title} in the AWS Console. * You have installed and configured the latest ROSA CLI (`rosa`) on your installation host. Run `rosa version` to see your currently installed version of the ROSA CLI. If a newer version is available, the CLI provides a link to download this upgrade. -* You have logged in to your Red Hat account by using the ROSA CLI. +* You have logged in to your Red{nbsp}Hat account by using the ROSA CLI. * You have created an OIDC configuration. * You have verified that the AWS Elastic Load Balancing (ELB) service role exists in your AWS account. .Procedure -. You can create your {rosa-short} cluster with one of the following commands. +. You can create your {product-title} cluster with one of the following commands. + [NOTE] ==== -When creating a {rosa-short} cluster, the default machine Classless Inter-Domain Routing (CIDR) is `10.0.0.0/16`. If this does not correspond to the CIDR range for your VPC subnets, add `--machine-cidr ` to the following commands. +When creating a {product-title} cluster, the default machine Classless Inter-Domain Routing (CIDR) is `10.0.0.0/16`. If this does not correspond to the CIDR range for your VPC subnets, add `--machine-cidr ` to the following commands. ==== + ** Create a cluster with a single, initial machine pool, publicly available API, publicly available Ingress, and no CNI plugin by running the following command: @@ -85,4 +85,4 @@ $ rosa logs install --cluster= --watch <1> [id="rosa-hcp-no-cni-expected-behavior_{context}"] == Expected behavior for clusters without a CNI plugin -Although {rosa-short} cluster installation is complete, the cluster cannot operate without a CNI plugin. Because the nodes are not ready, the workloads cannot deploy. For example, the {product-title} cluster web console is not available, so you must use the {oc-first} to log in to the cluster. Additionally, other OpenShift components such as the HAProxy-based Ingress Controller, image registry, and prometheus-based monitoring stack are not running. This is expected behavior until you install a CNI provider. \ No newline at end of file +Although {product-title} cluster installation is complete, the cluster cannot operate without a CNI plugin. Because the nodes are not ready, the workloads cannot deploy. For example, the {product-title} cluster web console is not available, so you must use the {oc-first} to log in to the cluster. Additionally, other OpenShift components such as the HAProxy-based Ingress Controller, image registry, and prometheus-based monitoring stack are not running. This is expected behavior until you install a CNI provider. \ No newline at end of file diff --git a/modules/rosa-hcp-sts-creating-a-cluster-cli.adoc b/modules/rosa-hcp-sts-creating-a-cluster-cli.adoc index bc86077b8ece..c56be84a4433 100644 --- a/modules/rosa-hcp-sts-creating-a-cluster-cli.adoc +++ b/modules/rosa-hcp-sts-creating-a-cluster-cli.adoc @@ -5,15 +5,15 @@ :_mod-docs-content-type: PROCEDURE [id="rosa-hcp-sts-creating-a-cluster-cli_{context}"] -= Creating a {rosa-short} cluster using the CLI += Creating a {product-title} cluster using the CLI When using the ROSA CLI, `rosa`, to create a cluster, you can select the default options to create the cluster quickly. .Prerequisites -* You have completed the AWS prerequisites for {rosa-short}. +* You have completed the AWS prerequisites for {product-title}. * You have available AWS service quotas. -* You have enabled the ROSA service in the AWS Console. +* You have enabled the {product-title} in the AWS Console. * You have installed and configured the latest ROSA CLI (`rosa`) on your installation host. Run `rosa version` to see your currently installed version of the ROSA CLI. If a newer version is available, the CLI provides a link to download this upgrade. * You have logged in to your Red{nbsp}Hat account by using the ROSA CLI. * You have created an OIDC configuration. @@ -21,19 +21,11 @@ When using the ROSA CLI, `rosa`, to create a cluster, you can select the default .Procedure -//. Create environmental variables for your region and cluster name. -//+ -//[source,terminal] -//---- -//CLUSTER_NAME="" -//REGION="" -//---- - -. Use one of the following commands to create your {rosa-short} cluster: +. Use one of the following commands to create your {product-title} cluster: + [NOTE] ==== -When creating a {rosa-short} cluster, the default machine Classless Inter-Domain Routing (CIDR) is `10.0.0.0/16`. If this does not correspond to the CIDR range for your VPC subnets, add `--machine-cidr ` to the following commands. To learn more about the default CIDR ranges for {rosa-short}, see CIDR range definitions. +When creating a {product-title} cluster, the default machine Classless Inter-Domain Routing (CIDR) is `10.0.0.0/16`. If this does not correspond to the CIDR range for your VPC subnets, add `--machine-cidr ` to the following commands. To learn more about the default CIDR ranges for {product-title}, see CIDR range definitions. ==== + * If you did not set environmental variables, run the following command: @@ -50,7 +42,7 @@ $ rosa create cluster --cluster-name= \ <1> + -- <1> Specify the name of your cluster. If your cluster name is longer than 15 characters, it will contain an autogenerated domain prefix as a subdomain for your provisioned cluster on openshiftapps.com. To customize the subdomain, use the `--domain-prefix` flag. The domain prefix cannot be longer than 15 characters, must be unique, and cannot be changed after cluster creation. -<2> Optional: The `--private` argument is used to create private {rosa-short} clusters. If you use this argument, ensure that you only use your private subnet ID for `--subnet-ids`. +<2> Optional: The `--private` argument is used to create private {product-title} clusters. If you use this argument, ensure that you only use your private subnet ID for `--subnet-ids`. <3> By default, the cluster-specific Operator role names are prefixed with the cluster name and a random 4-digit hash. You can optionally specify a custom prefix to replace `-` in the role names. The prefix is applied when you create the cluster-specific Operator IAM roles. For information about the prefix, see _About custom Operator IAM role prefixes_. + [NOTE] @@ -98,7 +90,7 @@ The following `State` field changes are listed in the output as the cluster inst If the installation fails or the `State` field does not change to `ready` after more than 10 minutes, check the installation troubleshooting documentation for details. For more information, see _Troubleshooting installations_. For steps to contact Red{nbsp}Hat Support for assistance, see _Getting support for Red{nbsp}Hat OpenShift Service on AWS_. ==== + -. Track the progress of the cluster creation by watching the {rosa-short} installation program logs. To check the logs, run the following command: +. Track the progress of the cluster creation by watching the {product-title} installation program logs. To check the logs, run the following command: + [source,terminal] ---- diff --git a/modules/rosa-hcp-sts-creating-a-cluster-egress-lockdown-cli.adoc b/modules/rosa-hcp-sts-creating-a-cluster-egress-lockdown-cli.adoc index 56e3559dc034..fa714e1ef649 100644 --- a/modules/rosa-hcp-sts-creating-a-cluster-egress-lockdown-cli.adoc +++ b/modules/rosa-hcp-sts-creating-a-cluster-egress-lockdown-cli.adoc @@ -10,9 +10,9 @@ When using the ROSA CLI, `rosa`, to create a cluster, you can select the default .Prerequisites -* You have completed the AWS prerequisites for {rosa-short}. +* You have completed the AWS prerequisites for {product-title}. * You have available AWS service quotas. -* You have enabled the ROSA service in the AWS Console. +* You have enabled the {product-title} in the AWS Console. * You have installed and configured the latest ROSA CLI (`rosa`) on your installation host. Run `rosa version` to see your currently installed version of the ROSA CLI. If a newer version is available, the CLI provides a link to download this upgrade. * You have logged in to your Red{nbsp}Hat account by using the ROSA CLI. * You have created an OIDC configuration. @@ -20,11 +20,11 @@ When using the ROSA CLI, `rosa`, to create a cluster, you can select the default .Procedure -. Use one of the following commands to create your {rosa-short} cluster: +. Use one of the following commands to create your {product-title} cluster: + [NOTE] ==== -When creating a {hcp-title} cluster, the default machine Classless Inter-Domain Routing (CIDR) is `10.0.0.0/16`. If this does not correspond to the CIDR range for your VPC subnets, add `--machine-cidr ` to the following commands. To learn more about the default CIDR ranges for {product-title}, see the CIDR range definitions. +When creating a {product-title} cluster, the default machine Classless Inter-Domain Routing (CIDR) is `10.0.0.0/16`. If this does not correspond to the CIDR range for your VPC subnets, add `--machine-cidr ` to the following commands. To learn more about the default CIDR ranges for {product-title}, see the CIDR range definitions. ==== + * If you did not set environment variables, run the following command: @@ -84,7 +84,7 @@ The following `State` field changes are listed in the output as cluster installa If the installation fails or the `State` field does not change to `ready` after more than 10 minutes, check the installation troubleshooting documentation for details. For more information, see _Troubleshooting installations_. For steps to contact Red{nbsp}Hat Support for assistance, see _Getting support for Red{nbsp}Hat OpenShift Service on AWS_. ==== + -. Track the cluster creation progress by watching the {rosa-short} installation program logs. To check the logs, run the following command: +. Track the cluster creation progress by watching the {product-title} installation program logs. To check the logs, run the following command: + [source,terminal] ---- diff --git a/modules/rosa-hcp-sts-creating-a-cluster-external-auth-cluster-cli.adoc b/modules/rosa-hcp-sts-creating-a-cluster-external-auth-cluster-cli.adoc index 0ff2b3a88d97..a9e0b1412560 100644 --- a/modules/rosa-hcp-sts-creating-a-cluster-external-auth-cluster-cli.adoc +++ b/modules/rosa-hcp-sts-creating-a-cluster-external-auth-cluster-cli.adoc @@ -4,7 +4,7 @@ :_mod-docs-content-type: PROCEDURE [id="rosa-hcp-sts-creating-a-cluster-external-auth-cluster-cli_{context}"] -= Creating a {hcp-title} cluster that uses direct authentication with an external OIDC identity provider += Creating a {product-title} cluster that uses direct authentication with an external OIDC identity provider :source-highlighter: pygments :pygments-style: emacs :icons: font @@ -13,7 +13,7 @@ Use the `--external-auth-providers-enabled` flag in the ROSA CLI to create a clu [NOTE] ==== -When creating a {hcp-title} cluster, the default machine Classless Inter-Domain Routing (CIDR) is `10.0.0.0/16`. If this does not correspond to the CIDR range for your VPC subnets, add `--machine-cidr ` to the following commands. +When creating a {product-title} cluster, the default machine Classless Inter-Domain Routing (CIDR) is `10.0.0.0/16`. If this does not correspond to the CIDR range for your VPC subnets, add `--machine-cidr ` to the following commands. ==== .Procedure diff --git a/modules/rosa-hcp-sts-creating-a-cluster-external-auth-provider-cli.adoc b/modules/rosa-hcp-sts-creating-a-cluster-external-auth-provider-cli.adoc index 47bca547dd9d..5aeae6fb08fe 100644 --- a/modules/rosa-hcp-sts-creating-a-cluster-external-auth-provider-cli.adoc +++ b/modules/rosa-hcp-sts-creating-a-cluster-external-auth-provider-cli.adoc @@ -8,7 +8,7 @@ :pygments-style: emacs :icons: font -After you have created a {hcp-title} cluster with the enabled option for external authentication providers, you must create a provider using the ROSA CLI. +After you have created a {product-title} cluster with the enabled option for external authentication providers, you must create a provider using the ROSA CLI. [NOTE] ==== diff --git a/modules/rosa-hcp-sts-revoking-a-break-glass-cred-cli.adoc b/modules/rosa-hcp-sts-revoking-a-break-glass-cred-cli.adoc index e02b281d9f1a..50b23b9b0d21 100644 --- a/modules/rosa-hcp-sts-revoking-a-break-glass-cred-cli.adoc +++ b/modules/rosa-hcp-sts-revoking-a-break-glass-cred-cli.adoc @@ -5,7 +5,7 @@ :_mod-docs-content-type: PROCEDURE [id="rosa-hcp-sts-revoking-a-break-glass-cred-cli_{context}"] -= Revoking a break glass credential for a {hcp-title} cluster += Revoking a break glass credential for a {product-title} cluster You can revoke access to any break glass credentials that you have provisioned at any time by using the `revoke break-glass-credentials` command. @@ -16,7 +16,7 @@ You can revoke access to any break glass credentials that you have provisioned a .Procedure -* Revoke the break glass credentials for a {hcp-title} cluster by running the following command. +* Revoke the break glass credentials for a {product-title} cluster by running the following command. + [IMPORTANT] ==== diff --git a/modules/rosa-hcp-vpc-manual.adoc b/modules/rosa-hcp-vpc-manual.adoc index cf23412dc610..f43e191520ff 100644 --- a/modules/rosa-hcp-vpc-manual.adoc +++ b/modules/rosa-hcp-vpc-manual.adoc @@ -1,5 +1,8 @@ // Module included in the following assemblies: // +// * rosa_hcp/rosa-hcp-quickstart-guide.adoc +// * rosa_hcp/rosa-hcp-egress-zero-install.adoc +// * rosa_hcp/rosa-hcp-creating-cluster-with-aws-kms-key.adoc // * rosa_hcp/rosa-hcp-sts-creating-a-cluster-quickly.adoc ifeval::["{context}" == "rosa-hcp-egress-zero-install"] @@ -19,7 +22,7 @@ ifdef::rosa-egress-lockdown[] [id="rosa-hcp-vpc-subnet-tagging-manual_{context}"] == Tagging your subnets -Before you can use your VPC to create a {rosa-short} cluster, you must tag your VPC subnets. Automated service preflight checks verify that these resources are tagged correctly. The following table shows how to tag your resources: +Before you can use your VPC to create a {product-title} cluster, you must tag your VPC subnets. Automated service preflight checks verify that these resources are tagged correctly. The following table shows how to tag your resources: [cols="3a,8a,8a", options="header"] |=== diff --git a/modules/rosa-hcp-vpc-subnet-tagging.adoc b/modules/rosa-hcp-vpc-subnet-tagging.adoc index a00fd0ed1484..50b2e76a45ce 100644 --- a/modules/rosa-hcp-vpc-subnet-tagging.adoc +++ b/modules/rosa-hcp-vpc-subnet-tagging.adoc @@ -1,11 +1,14 @@ // Module included in the following assemblies: // +// * rosa_hcp/rosa-hcp-quickstart-guide.adoc +// * rosa_hcp/rosa-hcp-creating-cluster-with-aws-kms-key.adoc // * rosa_hcp/rosa-hcp-sts-creating-a-cluster-quickly.adoc + :_mod-docs-content-type: PROCEDURE [id="rosa-hcp-vpc-subnet-tagging_{context}"] = Tagging your subnets -Before you can use your VPC to create a {rosa-short} cluster, you must tag your VPC subnets. Automated service preflight checks verify that these resources are tagged correctly before you can use these resources for a cluster. The following table shows how your resources should be tagged: +Before you can use your VPC to create a {product-title} cluster, you must tag your VPC subnets. Automated service preflight checks verify that these resources are tagged correctly before you can use these resources for a cluster. The following table shows how your resources should be tagged: [cols="3a,8a,8a", options="header"] |=== diff --git a/modules/rosa-hcp-vpc-terraform.adoc b/modules/rosa-hcp-vpc-terraform.adoc index c68713bfeb01..b8d61a6a8660 100644 --- a/modules/rosa-hcp-vpc-terraform.adoc +++ b/modules/rosa-hcp-vpc-terraform.adoc @@ -1,5 +1,8 @@ // Module included in the following assemblies: // +// * rosa_hcp/rosa-hcp-quickstart-guide.adoc +// * rosa_hcp/rosa-hcp-egress-zero-install.adoc +// * rosa_hcp/rosa-hcp-creating-cluster-with-aws-kms-key.adoc // * rosa_hcp/rosa-hcp-sts-creating-a-cluster-quickly.adoc ifeval::["{context}" == "rosa-hcp-egress-zero-install"] @@ -10,7 +13,7 @@ endif::[] [id="rosa-hcp-vpc-terraform_{context}"] = Creating a Virtual Private Cloud using Terraform -Terraform is a tool that allows you to create various resources using an established template. The following process uses the default options as required to create a {hcp-title} cluster. For more information about using Terraform, see the additional resources. +Terraform is a tool that allows you to create various resources using an established template. The following process uses the default options as required to create a {product-title} cluster. For more information about using Terraform, see the additional resources. ifdef::rosa-egress-lockdown[] [NOTE] @@ -100,7 +103,7 @@ ifndef::rosa-egress-lockdown[] $ terraform apply rosa.tfplan ---- + -.. Optional: You can capture the values of the Terraform-provisioned private, public, and machinepool subnet IDs as environment variables to use when creating your {hcp-title} cluster by running the following commands: +.. Optional: You can capture the values of the Terraform-provisioned private, public, and machinepool subnet IDs as environment variables to use when creating your {product-title} cluster by running the following commands: + [source,terminal] ---- @@ -127,7 +130,7 @@ ifdef::rosa-egress-lockdown[] [id="rosa-hcp-vpc-subnet-tagging-terraform_{context}"] == Tagging your subnets -Before you can use your VPC to create a {hcp-title} cluster, you must tag your VPC subnets. Automated service preflight checks verify that these resources are tagged correctly. The following table shows how to tag your resources: +Before you can use your VPC to create a {product-title} cluster, you must tag your VPC subnets. Automated service preflight checks verify that these resources are tagged correctly. The following table shows how to tag your resources: [cols="3a,8a,8a", options="header"] |=== diff --git a/modules/rosa-operator-config.adoc b/modules/rosa-operator-config.adoc index f81b6173bb62..2ea44d5f67df 100644 --- a/modules/rosa-operator-config.adoc +++ b/modules/rosa-operator-config.adoc @@ -42,7 +42,7 @@ $ rosa create operator-roles --hosted-cp -- <1> You must supply a prefix when creating these Operator roles. Failing to do so produces an error. See the Additional resources of this section for information on the Operator prefix. <2> This value is the OIDC configuration ID that you created for your {product-title} cluster. -<3> This value is the installer role ARN that you created when you created the ROSA account roles. +<3> This value is the installer role ARN that you created when you created the {product-title} account roles. -- + You must include the `--hosted-cp` parameter to create the correct roles for {product-title} clusters. This command returns the following information. @@ -74,7 +74,7 @@ I: To create a cluster with these roles, run the following command: + -- <1> This field is prepopulated with the prefix that you set in the initial creation command. -<2> This field requires you to select an OIDC configuration that you created for your {rosa-short} cluster. +<2> This field requires you to select an OIDC configuration that you created for your {product-title} cluster. -- + The Operator roles are now created and ready to use for creating your {product-title} cluster. diff --git a/modules/rosa-sts-byo-oidc.adoc b/modules/rosa-sts-byo-oidc.adoc index afd9e62dbb2c..ea08df2e6520 100644 --- a/modules/rosa-sts-byo-oidc.adoc +++ b/modules/rosa-sts-byo-oidc.adoc @@ -1,11 +1,17 @@ // Module included in the following assemblies: // -// * rosa_architecture/rosa-oidc-overview.adoc +// // * rosa_architecture/rosa-sts-about-iam-resources.adoc +// * rosa_architecture/rosa-oidc-overview.adoc +// * rosa_hcp/rosa-hcp-quickstart-guide.adoc +// * rosa_hcp/rosa-hcp-egress-zero-install.adoc +// * rosa_hcp/rosa-hcp-cluster-no-cni.adoc +// * rosa_hcp/rosa-hcp-creating-cluster-with-aws-kms-key.adoc // * rosa_hcp/rosa-hcp-sts-creating-a-cluster-quickly.adoc // * rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-quickly.adoc // * rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-with-customizations.adoc -// * rosa_planning/rosa-hcp-prepare-iam-resources.adoc +// * rosa_planning/rosa-hcp-iam-resources.adoc +// * rosa_planning/rosa-hcp-prepare-iam-roles-resources.adoc ifeval::["{context}" == "rosa-hcp-cluster-no-cni"] :hcp: @@ -15,34 +21,11 @@ endif::[] [id="rosa-sts-byo-oidc_{context}"] = Creating an OpenID Connect configuration -When creating a -ifdef::openshift-rosa-hcp[] -{rosa-short} -endif::openshift-rosa-hcp[] -ifdef::openshift-rosa[] -ifdef::hcp[] -{rosa-short} -endif::hcp[] -ifndef::hcp[] -{rosa-classic-short} -endif::hcp[] -endif::openshift-rosa[] -cluster, you can create the OpenID Connect (OIDC) configuration prior to creating your cluster. This configuration is registered to be used with OpenShift Cluster Manager. +When creating a {product-title} cluster, you can create the OpenID Connect (OIDC) configuration before creating your cluster. This configuration is registered to be used with {cluster-manager}. .Prerequisites -ifdef::openshift-rosa-hcp[] -* You have completed the AWS prerequisites for {rosa-short}. -endif::openshift-rosa-hcp[] -ifdef::openshift-rosa[] -* You have completed the AWS prerequisites for -ifdef::hcp[] -{rosa-short}. -endif::hcp[] -ifndef::hcp[] -{rosa-classic-short}. -endif::hcp[] -endif::openshift-rosa[] +* You have completed the AWS prerequisites for {product-title}. * You have installed and configured the latest ROSA CLI, `rosa`, on your installation host. .Procedure diff --git a/modules/rosa-sts-cluster-terraform-destroy.adoc b/modules/rosa-sts-cluster-terraform-destroy.adoc index 10f39deb4c14..01c100dfcc46 100644 --- a/modules/rosa-sts-cluster-terraform-destroy.adoc +++ b/modules/rosa-sts-cluster-terraform-destroy.adoc @@ -1,7 +1,8 @@ // Module included in the following assemblies: // -// * rosa_install_access_delete_clusters/rosa-classic-creating-a-cluster-quickly-terraform.adoc -// +// * rosa_hcp/terraform/rosa-hcp-creating-a-cluster-quickly-terraform.adoc +// * rosa_install_access_delete_clusters/terraform/rosa-classic-creating-a-cluster-quickly-terraform.adoc + ifeval::["{context}" == "rosa-classic-creating-a-cluster-quickly-terraform"] :tf-defaults: endif::[] @@ -11,7 +12,7 @@ endif::[] :_content-type: PROCEDURE [id="sd-terraform-cluster-destroy_{context}"] -= Deleting your ROSA cluster with Terraform += Deleting your {product-title} cluster with Terraform Use the `terraform destroy` command to remove all of the resources that were created with the `terraform apply` command. diff --git a/modules/rosa-sts-cluster-terraform-execute.adoc b/modules/rosa-sts-cluster-terraform-execute.adoc index 2fb0011b8250..e3745e0ce786 100644 --- a/modules/rosa-sts-cluster-terraform-execute.adoc +++ b/modules/rosa-sts-cluster-terraform-execute.adoc @@ -1,7 +1,8 @@ // Module included in the following assemblies: // -// * rosa_install_access_delete_clusters/rosa-classic-creating-a-cluster-quickly-terraform.adoc -// +// * rosa_hcp/terraform/rosa-hcp-creating-a-cluster-quickly-terraform.adoc +// * rosa_install_access_delete_clusters/terraform/rosa-classic-creating-a-cluster-quickly-terraform.adoc + ifeval::["{context}" == "rosa-classic-creating-a-cluster-quickly-terraform"] :tf-rosa-classic: endif::[] diff --git a/modules/rosa-sts-creating-account-wide-sts-roles-and-policies.adoc b/modules/rosa-sts-creating-account-wide-sts-roles-and-policies.adoc index c6e52f4966fc..3e7a69fe08c9 100644 --- a/modules/rosa-sts-creating-account-wide-sts-roles-and-policies.adoc +++ b/modules/rosa-sts-creating-account-wide-sts-roles-and-policies.adoc @@ -15,14 +15,7 @@ ifeval::["{context}" == "rosa-quickstart"] :quickstart: endif::[] -Before using the {hybrid-console} to create -ifdef::openshift-rosa[] -{rosa-classic-short} -endif::openshift-rosa[] -ifdef::openshift-rosa-hcp[] -{rosa-short} -endif::openshift-rosa-hcp[] -clusters that use the AWS Security Token Service (STS), create the required account-wide STS roles and policies, including the Operator policies. +Before using the {hybrid-console} to create {product-title} clusters that use the AWS Security Token Service (STS), create the required account-wide STS roles and policies, including the Operator policies. ifdef::quick-install[] .Prerequisites @@ -30,8 +23,8 @@ ifdef::quick-install[] * You have completed the AWS prerequisites for ROSA with STS. * You have available AWS service quotas. * You have enabled the ROSA service in the AWS Console. -* You have installed and configured the latest ROSA CLI (`rosa`) on your installation host. Run `rosa version` to see your currently installed version of the ROSA CLI. If a newer version is available, the CLI provides a link to download this upgrade. -* You have logged in to your Red{nbsp}Hat account by using the ROSA CLI. +* You have installed and configured the latest {rosa-cli} on your installation host. Run `rosa version` to see your currently installed version of the {rosa-cli}. If a newer version is available, the CLI provides a link to download this upgrade. +* You have logged in to your Red{nbsp}Hat account by using the {rosa-cli}. endif::[] .Procedure diff --git a/modules/rosa-sts-terraform-considerations.adoc b/modules/rosa-sts-terraform-considerations.adoc index b5c7eb90e27a..f8eb71b5ec60 100644 --- a/modules/rosa-sts-terraform-considerations.adoc +++ b/modules/rosa-sts-terraform-considerations.adoc @@ -1,6 +1,8 @@ // Module included in the following assemblies: // -// * rosa_planning/rosa-understanding-terraform.adoc +// * rosa_hcp/terraform/rosa-hcp-creating-a-cluster-quickly-terraform.adoc +// * rosa_install_access_delete_clusters/terraform/rosa-classic-creating-a-cluster-quickly-terraform.adoc + :_mod-docs-content-type: CONCEPT [id="rosa-sts-terraform-considerations_{context}"] = Considerations when using Terraform diff --git a/modules/rosa-sts-terraform-prerequisites.adoc b/modules/rosa-sts-terraform-prerequisites.adoc index 72b547b044ae..5ee020d32df8 100644 --- a/modules/rosa-sts-terraform-prerequisites.adoc +++ b/modules/rosa-sts-terraform-prerequisites.adoc @@ -1,6 +1,7 @@ // Module included in the following assemblies: // -// * rosa_planning/rosa-understanding-terraform.adoc +// * rosa_hcp/terraform/rosa-hcp-creating-a-cluster-quickly-terraform.adoc +// * rosa_install_access_delete_clusters/terraform/rosa-classic-creating-a-cluster-quickly-terraform.adoc :_mod-docs-content-type: CONCEPT [id="rosa-sts-terraform-prerequisites_{context}"] @@ -8,12 +9,12 @@ To use link:https://registry.terraform.io/providers/terraform-redhat/rhcs/latest/docs[the Red{nbsp}Hat Cloud Services provider] inside your Terraform configuration, you must meet the following prerequisites: -* You have installed the {product-title} command-line interface (CLI) tool. +* You have installed the {rosa-cli} tool. * You have your offline link:https://console.redhat.com/openshift/token/rosa[{cluster-manager-first} token]. * You have installed link:https://developer.hashicorp.com/terraform/downloads[Terraform version 1.4.6] or newer. * You have created your AWS account-wide IAM roles. + -The specific account-wide IAM roles and policies provide the STS permissions required for ROSA support, installation, control plane, and compute functionality. This includes account-wide Operator policies. See the Additional resources for more information on the AWS account roles. +The specific account-wide IAM roles and policies provide the STS permissions required for {product-title} support, installation, control plane, and compute functionality. This includes account-wide Operator policies. See the Additional resources for more information on the AWS account roles. * You have an link:https://aws.amazon.com/free/?all-free-tier[AWS account] and link:https://docs.aws.amazon.com/IAM/latest/UserGuide/security-creds.html[associated credentials] that allow you to create resources. The credentials are configured for the AWS provider. See the link:https://registry.terraform.io/providers/hashicorp/aws/latest/docs#authentication-and-configuration[Authentication and Configuration] section in AWS Terraform provider documentation. * You have, at minimum, the following permissions in your AWS IAM role policy that is operating Terraform. Check for these permissions in the AWS console. + diff --git a/modules/rosa-terraform-overview.adoc b/modules/rosa-terraform-overview.adoc index 00258c159fb5..b223e5336937 100644 --- a/modules/rosa-terraform-overview.adoc +++ b/modules/rosa-terraform-overview.adoc @@ -1,7 +1,7 @@ // Module included in the following assemblies: // -// * rosa_install_access_delete_clusters/rosa-classic-creating-a-cluster-quickly-terraform.adoc -// +// * rosa_hcp/terraform/rosa-hcp-creating-a-cluster-quickly-terraform.adoc +// * rosa_install_access_delete_clusters/terraform/rosa-classic-creating-a-cluster-quickly-terraform.adoc :_content-type: CONCEPT diff --git a/modules/rosa-unlinking-and-deleting-ocm-and-user-iam-roles.adoc b/modules/rosa-unlinking-and-deleting-ocm-and-user-iam-roles.adoc index 882cb1202721..b635ed284fd8 100644 --- a/modules/rosa-unlinking-and-deleting-ocm-and-user-iam-roles.adoc +++ b/modules/rosa-unlinking-and-deleting-ocm-and-user-iam-roles.adoc @@ -11,31 +11,11 @@ endif::[] [id="rosa-unlinking-and-deleting-ocm-and-user-iam-roles_{context}"] = Unlinking and deleting the {cluster-manager} and user IAM roles -When you install a -ifndef::hcp[] -{rosa-classic-short} -endif::hcp[] -ifdef::hcp[] -{rosa-short} -endif::hcp[] -cluster by using {cluster-manager-first}, you also create {cluster-manager} and user Identity and Access Management (IAM) roles that link to your Red{nbsp}Hat organization. After deleting your cluster, you can unlink and delete the roles by using the ROSA CLI (`rosa`). +When you install a {product-title} cluster by using {cluster-manager-first}, you also create {cluster-manager} and user Identity and Access Management (IAM) roles that link to your Red{nbsp}Hat organization. After deleting your cluster, you can unlink and delete the roles by using the ROSA CLI (`rosa`). [IMPORTANT] ==== -The {cluster-manager} and user IAM roles are required if you want to use {cluster-manager} to install and manage other -ifndef::hcp[] -{rosa-classic-short} clusters -endif::hcp[] -ifdef::hcp[] -{rosa-short} -endif::hcp[] -in the same AWS account. Only remove the roles if you no longer need to use the {cluster-manager} to install -ifndef::hcp[] -{rosa-classic-short} clusters. -endif::hcp[] -ifdef::hcp[] -{rosa-short} clusters. -endif::hcp[] +The {cluster-manager} and user IAM roles are required if you want to use {cluster-manager} to install and manage other {product-title} clusters in the same AWS account. Only remove the roles if you no longer need to use the {cluster-manager} to install {product-title} clusters. ==== .Prerequisites diff --git a/rosa_architecture/rosa-oidc-overview.adoc b/rosa_architecture/rosa-oidc-overview.adoc index e61f44dff1df..6ecba1b2078c 100644 --- a/rosa_architecture/rosa-oidc-overview.adoc +++ b/rosa_architecture/rosa-oidc-overview.adoc @@ -27,4 +27,6 @@ include::modules/rosa-sts-oidc-provider-command.adoc[leveloffset=+1] == Additional resources * See xref:../rosa_architecture/rosa-sts-about-iam-resources.adoc#rosa-byo-odic-overview_rosa-sts-about-iam-resources[Creating an OpenID Connect Configuration] for the ROSA Classic instructions. -* See xref:../rosa_hcp/rosa-hcp-sts-creating-a-cluster-quickly.adoc#rosa-sts-byo-oidc_rosa-hcp-sts-creating-a-cluster-quickly[Creating an OpenID Connect Configuration] for the {hcp-title} instructions. \ No newline at end of file +ifdef::openshift-rosa-hcp[] +* See xref:../rosa_hcp/rosa-hcp-sts-creating-a-cluster-quickly.adoc#rosa-sts-byo-oidc_rosa-hcp-sts-creating-a-cluster-quickly[Creating an OpenID Connect Configuration] for the {hcp-title} instructions. +endif::openshift-rosa-hcp[] \ No newline at end of file diff --git a/rosa_hcp/rosa-hcp-aws-private-creating-cluster.adoc b/rosa_hcp/rosa-hcp-aws-private-creating-cluster.adoc index b92199eb816f..ac17d2261fe9 100644 --- a/rosa_hcp/rosa-hcp-aws-private-creating-cluster.adoc +++ b/rosa_hcp/rosa-hcp-aws-private-creating-cluster.adoc @@ -8,21 +8,16 @@ toc::[] For {product-title} workloads that do not require public internet access, you can create a private cluster. -//include::modules/osd-aws-privatelink-about.adoc[leveloffset=+1] -//include::modules/osd-aws-privatelink-required-resources.adoc[leveloffset=+1] include::modules/rosa-hcp-aws-private-create-cluster.adoc[leveloffset=+1] include::modules/rosa-hcp-aws-private-security-groups.adoc[leveloffset=+1] include::modules/rosa-additional-principals-overview.adoc[leveloffset=+1] include::modules/rosa-additional-principals-create.adoc[leveloffset=+2] include::modules/rosa-additional-principals-edit.adoc[leveloffset=+2] -ifdef::openshift-rosa[] [id="next-steps_rosa-hcp-aws-private-creating-cluster"] == Next steps -xref:../rosa_install_access_delete_clusters/rosa-sts-config-identity-providers.adoc#rosa-sts-config-identity-providers[Configuring identity providers] -endif::openshift-rosa[] +xref:../authentication/sd-configuring-identity-providers.adoc#sd-configuring-identity-providers[Configuring identity providers] -ifdef::openshift-rosa-hcp[] [role="_additional-resources"] [id="additional-resources_rosa-hcp-aws-privatelink-creating-cluster"] == Additional resources @@ -30,5 +25,4 @@ ifdef::openshift-rosa-hcp[] * xref:../rosa_planning/rosa-sts-aws-prereqs.adoc#rosa-hcp-firewall-prerequisites_rosa-sts-aws-prereqs[AWS PrivateLink firewall prerequisites] * xref:../rosa_hcp/rosa-hcp-deleting-cluster.adoc#rosa-hcp-deleting-cluster[Deleting a {product-title} cluster] * xref:../rosa_architecture/rosa-architecture-models.adoc#rosa-hcp-architecture_rosa-architecture-models[{product-title} architecture models] -* xref:../support/troubleshooting/rosa-troubleshooting-installations-hcp.adoc#rosa-troubleshooting-installations-hcp[Troubleshooting {product-title} cluster installations] -endif::openshift-rosa-hcp[] \ No newline at end of file +* xref:../support/troubleshooting/rosa-troubleshooting-installations-hcp.adoc#rosa-troubleshooting-installations-hcp[Troubleshooting {product-title} cluster installations] \ No newline at end of file diff --git a/rosa_hcp/rosa-hcp-creating-cluster-with-aws-kms-key.adoc b/rosa_hcp/rosa-hcp-creating-cluster-with-aws-kms-key.adoc index c3f7e65b18b3..7688840dbfc5 100644 --- a/rosa_hcp/rosa-hcp-creating-cluster-with-aws-kms-key.adoc +++ b/rosa_hcp/rosa-hcp-creating-cluster-with-aws-kms-key.adoc @@ -81,25 +81,14 @@ include::modules/creating-cluster-with-aws-kms-key.adoc[leveloffset=+2] [role="_additional-resources"] [id="additional-resources_rosa-hcp-operator-prefix"] -ifndef::openshift-rosa-hcp[] -[id="next-steps-2_{context}"] -== Next steps - -* xref:../rosa_install_access_delete_clusters/rosa-sts-accessing-cluster.adoc#rosa-sts-accessing-cluster[Accessing a ROSA cluster] - [role="_additional-resources"] [id="additional-resources_rosa-hcp-creating-cluster-with-aws-kms-key"] == Additional resources * xref:../rosa_hcp/rosa-hcp-sts-creating-a-cluster-quickly.adoc#rosa-hcp-sts-creating-a-cluster-cli_rosa-hcp-sts-creating-a-cluster-quickly[Creating a ROSA with HCP cluster using the CLI] -* xref:../rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-with-customizations.adoc#rosa-sts-creating-cluster-using-customizations_rosa-sts-creating-a-cluster-with-customizations[Creating a cluster using customizations] * xref:../rosa_architecture/rosa-sts-about-iam-resources.adoc#rosa-sts-about-iam-resources[About IAM resources for clusters that use STS] * xref:../rosa_architecture/rosa-sts-about-iam-resources.adoc#rosa-sts-about-operator-role-prefixes_rosa-sts-about-iam-resources[About custom Operator IAM role prefixes] * xref:../rosa_planning/rosa-sts-aws-prereqs.adoc#rosa-sts-aws-prereqs[AWS prerequisites for ROSA with STS] -* xref:../rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-with-customizations.adoc#rosa-understanding-deployment-modes_rosa-sts-creating-a-cluster-with-customizations[Understanding the auto and manual deployment modes] * link:https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_oidc.html[Creating OpenID Connect (OIDC) identity providers] -endif::openshift-rosa-hcp[] * xref:../support/getting-support.adoc#getting-support[Getting support for Red{nbsp}Hat OpenShift Service on AWS] -ifdef::openshift-rosa-hcp[] -* xref:../support/troubleshooting/rosa-troubleshooting-installations-hcp.adoc#rosa-troubleshooting-installations-hcp[Troubleshooting ROSA with HCP cluster installations] -endif::openshift-rosa-hcp[] +* xref:../support/troubleshooting/rosa-troubleshooting-installations-hcp.adoc#rosa-troubleshooting-installations-hcp[Troubleshooting ROSA with HCP cluster installations] \ No newline at end of file diff --git a/rosa_hcp/rosa-hcp-deleting-cluster.adoc b/rosa_hcp/rosa-hcp-deleting-cluster.adoc index 0a75a801bbd2..207085744270 100644 --- a/rosa_hcp/rosa-hcp-deleting-cluster.adoc +++ b/rosa_hcp/rosa-hcp-deleting-cluster.adoc @@ -6,25 +6,16 @@ include::_attributes/attributes-openshift-dedicated.adoc[] toc::[] -If you want to delete a {product-title} cluster, you can use either the {cluster-manager-first} or the ROSA command-line interface (CLI) (`rosa`). After deleting your cluster, you can also delete the AWS Identity and Access Management (IAM) resources that are used by the cluster. +If you want to delete a {product-title} cluster, you can use either the {cluster-manager-first} or the {rosa-cli-first}. After deleting your cluster, you can also delete the AWS Identity and Access Management (IAM) resources that are used by the cluster. include::modules/rosa-hcp-deleting-cluster.adoc[leveloffset=+1] .Troubleshooting -ifdef::openshift-rosa[] -* If the cluster cannot be deleted because of missing IAM roles, see xref:../support/troubleshooting/rosa-troubleshooting-deployments.adoc#rosa-troubleshooting-cluster-deletion_rosa-troubleshooting-cluster-deployments[Repairing a cluster that cannot be deleted]. -endif::openshift-rosa[] * Ensure that there are no add-ons for your cluster pending in the link:https://console.redhat.com/openshift[Hybrid Cloud Console]. * Ensure that all AWS resources and dependencies have been deleted in the Amazon Web Console. include::modules/rosa-deleting-sts-iam-resources-account-wide.adoc[leveloffset=+1] -ifdef::openshift-rosa[] -[role="_additional-resources"] -.Additional resources -* xref:../support/troubleshooting/rosa-troubleshooting-deployments.adoc#rosa-troubleshooting-cluster-deletion_rosa-troubleshooting-cluster-deployments[Repairing a cluster that cannot be deleted] -endif::openshift-rosa[] - include::modules/rosa-deleting-account-wide-iam-roles-and-policies.adoc[leveloffset=+2] [role="_additional-resources"] diff --git a/rosa_hcp/rosa-hcp-egress-zero-install.adoc b/rosa_hcp/rosa-hcp-egress-zero-install.adoc index 75c30ccfe42d..98be40956067 100644 --- a/rosa_hcp/rosa-hcp-egress-zero-install.adoc +++ b/rosa_hcp/rosa-hcp-egress-zero-install.adoc @@ -12,22 +12,19 @@ All public and private clusters with {egress-zero} get their Red{nbsp}Hat contai {egress-zero-title} use AWS ECR to provision your clusters without the need for public internet. Because necessary cluster lifecycle processes occur over AWS private networking, AWS ECR serves as a critical service for core cluster platform images. For more information on AWS ECR, see link:https://aws.amazon.com/ecr/[Amazon Elastic Container Registry]. You can create a fully operational cluster that does not require a public egress by configuring a virtual private cloud (VPC) and using the `--properties zero_egress:true` flag when creating your cluster. -//condition out to build pruning PR -ifdef::openshift-rosa-hcp[] + See xref:../upgrading/rosa-hcp-upgrading.adoc#rosa-hcp-upgrading[Upgrading {product-title} clusters] to upgrade clusters using {egress-zero}. -endif::openshift-rosa-hcp[] [NOTE] ==== -Clusters created in restricted network environments may be unable to use certain ROSA features including Red Hat Insights and Telemetry. These clusters may also experience potential failures for workloads that require public access to registries such as `quay.io`. When using clusters installed with {egress-zero}, you can also install Red Hat-owned Operators from OperatorHub. For a complete list of Red Hat-owned Operators, see the link:https://catalog.redhat.com/search?searchType=software&target_platforms=Red%20Hat%20OpenShift&deployed_as=Operator&p=1&partnerName=Red%20Hat%2C%20Inc.%7CRed%20Hat[Red{nbsp}Hat Ecosystem Catalog]. Only the default Operator channel is mirrored for any Operator that is installed with {egress-zero}. +Clusters created in restricted network environments may be unable to use certain {product-title} features including Red Hat Insights and Telemetry. These clusters may also experience potential failures for workloads that require public access to registries such as `quay.io`. When using clusters installed with {egress-zero}, you can also install Red Hat-owned Operators from OperatorHub. For a complete list of Red Hat-owned Operators, see the link:https://catalog.redhat.com/search?searchType=software&target_platforms=Red%20Hat%20OpenShift&deployed_as=Operator&p=1&partnerName=Red%20Hat%2C%20Inc.%7CRed%20Hat[Red{nbsp}Hat Ecosystem Catalog]. Only the default Operator channel is mirrored for any Operator that is installed with {egress-zero}. ==== [discrete] [id="rosa-glossary-disconnected_{context}"] == Glossary of network environment terms -Although it is used throughout the {product-title} documentation, _disconnected environment_ is a broad term that can refer to environments with various levels of internet connectivity. -Other terms are sometimes used to refer to a specific level of internet connectivity, and these environments might require additional unique configurations. These network types differ from a "standard network," which has full access to the internet. +Although it is used throughout the {product-title} documentation, _disconnected environment_ is a broad term that can refer to environments with various levels of internet connectivity. Other terms are sometimes used to refer to a specific level of internet connectivity, and these environments might require additional unique configurations. These network types differ from a "standard network," which has full access to the internet. The following table describes the different terms used to refer to environments without a full internet connection: diff --git a/rosa_hcp/rosa-hcp-quickstart-guide.adoc b/rosa_hcp/rosa-hcp-quickstart-guide.adoc index 44a6a6a2b0b9..e0ea5bd6be8a 100644 --- a/rosa_hcp/rosa-hcp-quickstart-guide.adoc +++ b/rosa_hcp/rosa-hcp-quickstart-guide.adoc @@ -6,7 +6,7 @@ include::_attributes/attributes-openshift-dedicated.adoc[] toc::[] -Follow this guide to quickly create a {product-title} cluster using the command-line interface (CLI), grant user access, deploy your first application, and learn how to revoke user access and delete your cluster. +Follow this guide to quickly create a {product-title} cluster using the {rosa-cli-first}, grant user access, deploy your first application, and learn how to revoke user access and delete your cluster. [discrete] include::modules/rosa-sts-overview-of-the-default-cluster-specifications.adoc[leveloffset=+2] @@ -19,7 +19,7 @@ include::modules/rosa-getting-started-install-configure-cli-tools.adoc[leveloffs .Next steps -Before you can use the {hybrid-console} to deploy {product-title} clusters, you must associate your AWS account with your Red{nbsp}Hat organization and create the required account-wide AWS IAM STS roles and policies for ROSA. +Before you can use the {hybrid-console} to deploy {product-title} clusters, you must associate your AWS account with your Red{nbsp}Hat organization and create the required account-wide AWS IAM STS roles and policies for {product-title}. include::modules/rosa-sts-creating-account-wide-sts-roles-and-policies.adoc[leveloffset=+1] @@ -28,7 +28,7 @@ include::modules/rosa-sts-creating-account-wide-sts-roles-and-policies.adoc[leve You must have an AWS Virtual Private Cloud (VPC) to create a {product-title} cluster. You can use the following methods to create a VPC: -* Create a VPC using the ROSA CLI +* Create a VPC using the {rosa-cli} * Create a VPC by using a Terraform template * Manually create the VPC resources in the AWS console diff --git a/rosa_hcp/rosa-hcp-shared-vpc-config.adoc b/rosa_hcp/rosa-hcp-shared-vpc-config.adoc index b488590a76da..b19a56df6306 100644 --- a/rosa_hcp/rosa-hcp-shared-vpc-config.adoc +++ b/rosa_hcp/rosa-hcp-shared-vpc-config.adoc @@ -1,12 +1,12 @@ :_mod-docs-content-type: ASSEMBLY include::_attributes/attributes-openshift-dedicated.adoc[] [id="rosa-hcp-shared-vpc-config"] -= Configuring a shared VPC for ROSA with HCP clusters += Configuring a shared VPC for {product-title} clusters :context: rosa-shared-vpc-config toc::[] -You can create {hcp-title-first} clusters in shared, centrally-managed AWS virtual private clouds (VPCs). +You can create {product-title} clusters in shared, centrally-managed AWS virtual private clouds (VPCs). include::snippets/install-cluster-in-vpc.adoc[] @@ -23,7 +23,7 @@ image::522-shared-vpc-overview.png[] [NOTE] ==== -Only certain cluster-to-VPC relationships are supported. Multiple ROSA clusters in a single VPC are not supported. For more information, see link:https://access.redhat.com/solutions/6980058[Multiple ROSA clusters in a single VPC] +Only certain cluster-to-VPC relationships are supported. Multiple {product-title} clusters in a single VPC are not supported. For more information, see link:https://access.redhat.com/solutions/6980058[Multiple {product-title} clusters in a single VPC] ==== .Prerequisites for the *VPC Owner* @@ -33,7 +33,7 @@ Only certain cluster-to-VPC relationships are supported. Multiple ROSA clusters .Prerequisites for the *Cluster Creator* * You installed the link:https://console.redhat.com/openshift/downloads#tool-rosa[ROSA CLI (`rosa`)] 1.2.49 or later. -* You created all of the required link:https://docs.openshift.com/rosa/rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-quickly.html[ROSA account roles] for creating a cluster. +* You created all of the required link:https://docs.openshift.com/rosa/rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-quickly.html[{product-title} account roles] for creating a cluster. * The *Cluster Creator's* AWS account is separate from the *VPC Owner's* AWS account. include::modules/rosa-hcp-sharing-vpc-creation-and-sharing.adoc[leveloffset=+1] diff --git a/rosa_hcp/rosa-hcp-sts-creating-a-cluster-ext-auth.adoc b/rosa_hcp/rosa-hcp-sts-creating-a-cluster-ext-auth.adoc index b70602b8ed56..f2d08f3d5233 100644 --- a/rosa_hcp/rosa-hcp-sts-creating-a-cluster-ext-auth.adoc +++ b/rosa_hcp/rosa-hcp-sts-creating-a-cluster-ext-auth.adoc @@ -19,23 +19,18 @@ Since it is not possible to upgrade or convert existing {rosa-classic-title} clu ==== .Further reading -ifdef::openshift-rosa-hcp[] * For a comparison between {product-title} and {rosa-classic-title}, see the xref:../rosa_architecture/rosa-architecture-models.adoc#rosa-hcp-classic-comparison_rosa-architecture-models[Comparing architecture models] documentation. -endif::openshift-rosa-hcp[] -* See the AWS documentation for information about link:https://docs.aws.amazon.com/rosa/latest/userguide/getting-started-hcp.html[Getting started with ROSA with HCP using the ROSA CLI in auto mode]. +* See the AWS documentation for information about link:https://docs.aws.amazon.com/rosa/latest/userguide/getting-started-hcp.html[Getting started with {product-title} using the ROSA CLI in auto mode]. -//.Additional resources -// -//For a full list of the supported certificates, see the xref:#../rosa_architecture/rosa_policy_service_definition/rosa-policy-process-security.adoc#rosa-policy-compliance_rosa-policy-process-security[Compliance] section of "Understanding process and security for Red{nbsp}Hat OpenShift Service on AWS". +.Additional resources + +For a full list of the supported certificates, see the xref:../rosa_architecture/rosa_policy_service_definition/rosa-policy-process-security.adoc#rosa-policy-compliance_rosa-policy-process-security[Compliance] section of "Understanding process and security for Red{nbsp}Hat OpenShift Service on AWS". [id="rosa-hcp-external-auth-prereqs"] == {product-title} Prerequisites To create a {product-title} cluster, you must have completed the following steps: -ifndef::openshift-rosa-hcp[] -* Completed the xref:../rosa_planning/rosa-sts-aws-prereqs.adoc#rosa-sts-aws-prereqs[AWS prerequisites] -endif::openshift-rosa-hcp[] * xref:../rosa_hcp/rosa-hcp-sts-creating-a-cluster-quickly.adoc#rosa-hcp-creating-vpc[Configured virtual private cloud (VPC)] * Created xref:../rosa_hcp/rosa-hcp-sts-creating-a-cluster-quickly.adoc#rosa-sts-creating-account-wide-sts-roles-and-policies_rosa-hcp-sts-creating-a-cluster-quickly[Account-wide roles] * Created an xref:../rosa_hcp/rosa-hcp-sts-creating-a-cluster-quickly.adoc#rosa-sts-byo-oidc_rosa-hcp-sts-creating-a-cluster-quickly[OIDC configuration] @@ -52,8 +47,8 @@ include::modules/rosa-hcp-sts-example-external-auth-provider.adoc[leveloffset=+2 * link:https://learn.microsoft.com/en-us/entra/fundamentals/whatis[What is Microsoft Entra ID?] (Microsoft documentation) * xref:../cloud_experts_tutorials/cloud-experts-entra-id-idp.adoc#cloud-experts-entra-id-idp[Configuring Microsoft Entra ID (formerly Azure Active Directory) as an identity provider] * link:https://www.keycloak.org/guides[Keycloak documentaton] -//* For information about the similar `idps` tool in the ROSA CLI, see xref:#../cli_reference/rosa_cli/rosa-manage-objects-cli.adoc#rosa-create-idp_rosa-managing-objects-cli[`create idp`]. -//* For more information about options in the ROSA CLI, see xref:#../cli_reference/rosa_cli/rosa-manage-objects-cli.adoc#rosa-create-external-auth-provider_rosa-managing-objects-cli[`create external-auth-provider`], xref:../cli_reference/rosa_cli/rosa-manage-objects-cli.adoc#rosa-list-external-auth-provider_rosa-managing-objects-cli[`list external-auth-provider`], and xref:../cli_reference/rosa_cli/rosa-manage-objects-cli.adoc#rosa-delete-external-auth-provider_rosa-managing-objects-cli[`delete external-auth-provider`]. +* For information about the similar `idps` tool in the ROSA CLI, see xref:../cli_reference/rosa_cli/rosa-manage-objects-cli.adoc#rosa-create-idp_rosa-managing-objects-cli[`create idp`]. +* For more information about options in the ROSA CLI, see xref:../cli_reference/rosa_cli/rosa-manage-objects-cli.adoc#rosa-create-external-auth-provider_rosa-managing-objects-cli[`create external-auth-provider`], xref:../cli_reference/rosa_cli/rosa-manage-objects-cli.adoc#rosa-list-external-auth-provider_rosa-managing-objects-cli[`list external-auth-provider`], and xref:../cli_reference/rosa_cli/rosa-manage-objects-cli.adoc#rosa-delete-external-auth-provider_rosa-managing-objects-cli[`delete external-auth-provider`]. // Step 3: Create, list, and revoke a break glass credential include::modules/rosa-hcp-sts-creating-a-break-glass-cred-cli.adoc[leveloffset=+1] @@ -82,7 +77,5 @@ include::modules/rosa-hcp-sts-creating-a-cluster-external-auth-provider-delete-c * xref:../rosa_architecture/rosa-sts-about-iam-resources.adoc#rosa-sts-about-operator-role-prefixes_rosa-sts-about-iam-resources[About custom Operator IAM role prefixes] * xref:../rosa_planning/rosa-sts-aws-prereqs.adoc#rosa-hcp-aws-prereqs[AWS prerequisites for ROSA with STS] * link:https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_oidc.html[Creating OpenID Connect (OIDC) identity providers] in the AWS documentation. -ifdef::openshift-rosa-hcp[] -* xref:../support/troubleshooting/rosa-troubleshooting-installations-hcp.adoc#rosa-troubleshooting-installations-hcp[Troubleshooting ROSA with HCP cluster installations] -endif::openshift-rosa-hcp[] +* xref:../support/troubleshooting/rosa-troubleshooting-installations-hcp.adoc#rosa-troubleshooting-installations-hcp[Troubleshooting {product-title} cluster installations] * xref:../support/getting-support.adoc#getting-support[Getting support for Red{nbsp}Hat OpenShift Service on AWS] \ No newline at end of file diff --git a/rosa_hcp/rosa-hcp-sts-creating-a-cluster-quickly.adoc b/rosa_hcp/rosa-hcp-sts-creating-a-cluster-quickly.adoc index 2d9c51b7730a..30a44b31c9b2 100644 --- a/rosa_hcp/rosa-hcp-sts-creating-a-cluster-quickly.adoc +++ b/rosa_hcp/rosa-hcp-sts-creating-a-cluster-quickly.adoc @@ -6,7 +6,7 @@ include::_attributes/attributes-openshift-dedicated.adoc[] toc::[] -{product-title} offers a more efficient and reliable architecture for creating {product-title} clusters. With {product-title}, each cluster has a dedicated control plane that is isolated in the ROSA service AWS account. +{product-title} that use {hcp} offer a more efficient and reliable architecture for creating {product-title} clusters. With {hcp}, each cluster has a dedicated control plane that is isolated in the AWS account. Create a {product-title} cluster quickly by using the default options and automatic AWS Identity and Access Management (IAM) resource creation. You can deploy your cluster by using the ROSA CLI (`rosa`). @@ -20,6 +20,14 @@ Since it is not possible to upgrade or convert existing {rosa-classic-title} clu {product-title} clusters only support AWS IAM Security Token Service (STS) authentication. ==== +.Further reading +* See the AWS documentation for information about link:https://docs.aws.amazon.com/rosa/latest/userguide/getting-started-hcp.html[Getting started with {product-title} using the ROSA CLI in auto mode]. + +[role="_additional-resources"] +.Additional resources + +For a full list of the supported certificates, see the xref:../rosa_architecture/rosa_policy_service_definition/rosa-policy-process-security.adoc#rosa-policy-compliance_rosa-policy-process-security[Compliance] section of "Understanding process and security for Red{nbsp}Hat OpenShift Service on AWS". + [discrete] [id="hcp-considerations_{context}"] === Considerations regarding auto creation mode @@ -31,6 +39,8 @@ Alternatively, you can use `manual` mode, which outputs the `aws` commands neede [id="next-steps-hcp_{context}"] .Next steps +* Ensure that you have completed the xref:../rosa_planning/rosa-sts-aws-prereqs.adoc#rosa-sts-aws-prereqs[AWS prerequisites]. + include::modules/rosa-sts-overview-of-the-default-cluster-specifications.adoc[leveloffset=+1] //TODO OSDOCS-11789: Move these out of the deployment doc and into the prepare doc? Keep in both locations? @@ -99,37 +109,21 @@ include::modules/rosa-sts-byo-oidc.adoc[leveloffset=+2] include::modules/rosa-operator-config.adoc[leveloffset=+2] -ifndef::openshift-rosa,openshift-rosa-hcp[] [role="_additional-resources"] [id="additional-resources_rosa-hcp-operator-prefix"] .Additional resources * See xref:../rosa_architecture/rosa-sts-about-iam-resources.adoc#rosa-sts-about-operator-role-prefixes_rosa-sts-about-iam-resources[About custom Operator IAM role prefixes] for information on the Operator prefixes. -endif::openshift-rosa,openshift-rosa-hcp[] include::modules/rosa-hcp-sts-creating-a-cluster-cli.adoc[leveloffset=+1] -ifndef::openshift-rosa,openshift-rosa-hcp[] -[id="next-steps-2_{context}"] -== Next steps - -* xref:../rosa_install_access_delete_clusters/rosa-sts-accessing-cluster.adoc#rosa-sts-accessing-cluster[Accessing a ROSA cluster] -* xref:../rosa_cluster_admin/rosa-cluster-notifications.adoc#add-notification-contact_rosa-cluster-notifications[Adding notification contacts] -endif::openshift-rosa,openshift-rosa-hcp[] - -ifndef::openshift-rosa,openshift-rosa-hcp[] [role="_additional-resources"] [id="additional-resources_rosa-sts-creating-a-cluster-quickly"] == Additional resources -* xref:../rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-with-customizations.adoc#rosa-sts-creating-cluster-using-customizations_rosa-sts-creating-a-cluster-with-customizations[Creating a cluster using customizations] * xref:../rosa_architecture/rosa-sts-about-iam-resources.adoc#rosa-sts-about-iam-resources[About IAM resources for clusters that use STS] -* xref:../rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-aws-prereqs.adoc#rosa-security-groups_prerequisites[Additional custom security groups] * xref:../rosa_architecture/rosa-sts-about-iam-resources.adoc#rosa-sts-about-operator-role-prefixes_rosa-sts-about-iam-resources[About custom Operator IAM role prefixes] -* xref:../rosa_planning/rosa-hcp-aws-prereqs.adoc#rosa-hcp-aws-prereqs[AWS prerequisites for ROSA with STS] -* xref:../rosa_planning/rosa-sts-aws-prereqs.adoc#rosa-sts-aws-prereqs[AWS prerequisites for ROSA with STS] -* xref:../rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-with-customizations.adoc#rosa-understanding-deployment-modes_rosa-sts-creating-a-cluster-with-customizations[Understanding the auto and manual deployment modes] +* xref:../rosa_planning/rosa-sts-aws-prereqs.adoc#rosa-hcp-aws-prereqs[AWS prerequisites for ROSA with STS] * link:https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_oidc.html[Creating OpenID Connect (OIDC) identity providers] * xref:../support/troubleshooting/rosa-troubleshooting-installations-hcp.adoc#rosa-troubleshooting-installations-hcp[Troubleshooting {product-title} installations] -* xref:../support/getting-support.adoc#getting-support[Getting support for Red{nbsp}Hat OpenShift Service on AWS] -endif::openshift-rosa,openshift-rosa-hcp[] \ No newline at end of file +* xref:../support/getting-support.adoc#getting-support[Getting support for Red{nbsp}Hat OpenShift Service on AWS] \ No newline at end of file diff --git a/rosa_hcp/terraform/rosa-hcp-creating-a-cluster-quickly-terraform.adoc b/rosa_hcp/terraform/rosa-hcp-creating-a-cluster-quickly-terraform.adoc index 4e33d70d23d2..a508b8824961 100644 --- a/rosa_hcp/terraform/rosa-hcp-creating-a-cluster-quickly-terraform.adoc +++ b/rosa_hcp/terraform/rosa-hcp-creating-a-cluster-quickly-terraform.adoc @@ -11,9 +11,9 @@ Create a {product-title} cluster quickly by using a Terraform cluster template t The cluster creation process described below uses a Terraform configuration that prepares a {product-title} cluster with the following resources: * An OIDC provider with a managed `oidc-config` configuration -* Prerequisite IAM Operator roles with associated AWS Managed ROSA Policies -* IAM account roles with associated AWS Managed ROSA Policies -* All other AWS resources required to create a ROSA with STS cluster +* Prerequisite IAM Operator roles with associated AWS Managed {product-title} Policies +* IAM account roles with associated AWS Managed {product-title} Policies +* All other AWS resources required to create a {product-title} cluster include::modules/rosa-terraform-overview.adoc[leveloffset=+1] include::modules/rosa-sts-terraform-prerequisites.adoc[leveloffset=+1] @@ -25,7 +25,7 @@ include::modules/rosa-sts-overview-of-the-default-cluster-specifications.adoc[le [id="rosa-hcp-creating-a-cluster-quickly-terraform-procedure"] == Creating a default {product-title} cluster using Terraform -The cluster creation process outlined below shows how to use Terraform to create your account-wide IAM roles and a ROSA cluster with a managed OIDC configuration. +The cluster creation process outlined below shows how to use Terraform to create your account-wide IAM roles and a {product-title} cluster with a managed OIDC configuration. include::modules/rosa-sts-cluster-terraform-setup.adoc[leveloffset=+2] include::modules/rosa-hcp-cluster-terraform-file-creation.adoc[leveloffset=+2] diff --git a/rosa_release_notes/rosa-release-notes.adoc b/rosa_release_notes/rosa-release-notes.adoc index 3e25cc2f75fa..b81aecf8daec 100644 --- a/rosa_release_notes/rosa-release-notes.adoc +++ b/rosa_release_notes/rosa-release-notes.adoc @@ -219,8 +219,9 @@ ifdef::openshift-rosa-hcp[] For more information on region availabilities, see xref:../rosa_architecture/rosa_policy_service_definition/rosa-hcp-service-definition.adoc#rosa-sdpolicy-regions-az_rosa-hcp-service-definition[Regions and availability zones]. * **Added support for external authentication providers.** You can now create clusters configured with external authentication providers, such as Microsoft Entra ID and KeyCloak. For more information, see xref:../rosa_hcp/rosa-hcp-sts-creating-a-cluster-ext-auth.adoc#rosa-hcp-sts-creating-a-cluster-ext-auth[Creating {product-title} clusters with external authentication]. -endif::openshift-rosa-hcp[] + * **Added support for external authentication providers.** You can now create clusters configured with external authentication providers, such as Microsoft Entra ID and KeyCloak. For more information, see xref:../rosa_hcp/rosa-hcp-sts-creating-a-cluster-ext-auth.adoc#rosa-hcp-sts-creating-a-cluster-ext-auth[Creating ROSA with HCP clusters with external authentication]. +endif::openshift-rosa-hcp[] * **Longer cluster names enhancement.** You can now specify a cluster name that is longer than 15 characters. For cluster names that are longer than 15 characters, you can customize the domain prefix for the cluster URL by using the `domain-prefix` flag in the ROSA CLI (`rosa`) or by selecting the **Create custom domain prefix** checkbox in the {hybrid-console}. For more information, see xref:../cli_reference/rosa_cli/rosa-manage-objects-cli.adoc#rosa-create-cluster-command_rosa-managing-objects-cli[create cluster in Managing objects with the ROSA CLI]. @@ -330,9 +331,6 @@ endif::openshift-rosa-hcp[] ifdef::openshift-rosa-hcp[] * **ROSA region added.** {product-title} (ROSA) is now available in the United Arab Emirates (`me-central-1`) region. For more information on region availability, see xref:../rosa_architecture/rosa_policy_service_definition/rosa-service-definition.adoc#rosa-sdpolicy-regions-az_rosa-service-definition[Regions and availability zones]. endif::openshift-rosa-hcp[] -include::snippets/rosa-hcp-rn.adoc[leveloffset=+1] -:featureName: ROSA with HCP -include::snippets/technology-preview.adoc[leveloffset=+1] [id="rosa-q1-2023_{context}"] === Q1 2023 diff --git a/snippets/rosa-hcp-rn.adoc b/snippets/rosa-hcp-rn.adoc index 023c229696e9..6de5e68aa6d8 100644 --- a/snippets/rosa-hcp-rn.adoc +++ b/snippets/rosa-hcp-rn.adoc @@ -3,4 +3,4 @@ // * rosa_release_notes/rosa-release-notes.adoc :_mod-docs-content-type: SNIPPET -* **Hosted control planes.** {hcp-title-first} clusters are now available as a link:https://access.redhat.com/support/offerings/techpreview[Technology Preview] feature. This new architecture provides a lower-cost, more resilient ROSA architecture. For more information, see xref:../rosa_hcp/rosa-hcp-sts-creating-a-cluster-quickly.adoc#rosa-hcp-sts-creating-a-cluster-quickly[Creating {hcp-title} clusters using the default options]. \ No newline at end of file +* **Hosted control planes.** {product-title} clusters that use {hcp} are now available as a link:https://access.redhat.com/support/offerings/techpreview[Technology Preview] feature. This new architecture provides a lower-cost, more resilient ROSA architecture. For more information, see xref:../rosa_hcp/rosa-hcp-sts-creating-a-cluster-quickly.adoc#rosa-hcp-sts-creating-a-cluster-quickly[Creating {hcp-title} clusters using the default options]. \ No newline at end of file diff --git a/snippets/vpc-troubleshooting.adoc b/snippets/vpc-troubleshooting.adoc index 9e5b458a9742..a1ebad05ccad 100644 --- a/snippets/vpc-troubleshooting.adoc +++ b/snippets/vpc-troubleshooting.adoc @@ -1,8 +1,8 @@ // Snippet included in the following assemblies: // -// * rosa_hcp/rosa-hcp-creating-cluster-with-aws-kms-key.adoc -// * rosa_hcp/rosa-hcp-egress-zero-install.adoc // * rosa_hcp/rosa-hcp-quickstart-guide.adoc +// * rosa_hcp/rosa-hcp-egress-zero-install.adoc +// * rosa_hcp/rosa-hcp-creating-cluster-with-aws-kms-key.adoc // * rosa_hcp/rosa-hcp-sts-creating-a-cluster-quickly.adoc :_mod-docs-content-type: SNIPPET @@ -15,8 +15,7 @@ If your cluster fails to install, troubleshoot these common issues: * Make sure your link:https://docs.aws.amazon.com/vpc/latest/userguide/VPC_DHCP_Options.html[DHCP option set] includes a domain name, and ensure that the domain name does not include any spaces or capital letters. * If your VPC uses a custom DNS resolver (the `domain name servers` field of your DHCP option set is not `AmazonProvideDNS`), make sure it is able to properly resolve the private hosted zones configured in Route53. -//commented out until pruning is complete for the other books as this is breaking the build for the Pruning Support task -//For more information about troubleshooting {product-title} cluster installations, see xref:../../support/troubleshooting/rosa-troubleshooting-installations-hcp.adoc#rosa-troubleshooting-installations-hcp[Troubleshooting {product-title} cluster installations]. +For more information about troubleshooting {product-title} cluster installations, see xref:../support/troubleshooting/rosa-troubleshooting-installations-hcp.adoc#rosa-troubleshooting-installations-hcp[Troubleshooting {product-title} cluster installations]. [discrete] [id="troubleshooting_vpc-support_{context}"]