Merge branch 'openshift:main' into OBSDOCS-1372-rb

Author: libander

_attributes/common-attributes.adoc

@@ -265,6 +265,8 @@ endif::[]
 // IBM Cloud Bare Metal (Classic)
 :ibm-cloud-bm: IBM Cloud(R) Bare Metal (Classic)
 :ibm-cloud-bm-title: IBM Cloud Bare Metal (Classic)
+//IBM Cloud Object Storage (COS)
+:ibm-cloud-object-storage: IBM Cloud Object Storage (COS)
 // IBM Power
 :ibm-power-name: IBM Power(R)
 :ibm-power-title: IBM Power

_topic_maps/_topic_map.yml

@@ -1328,6 +1328,90 @@ Topics:
   File: accessing-hosts
 - Name: Networking dashboards
   File: networking-dashboards
+- Name: Networking Operators
+  Dir: networking_operators
+  Distros: openshift-enterprise,openshift-origin
+  Topics:
+  - Name: AWS Load Balancer Operator
+    Dir: aws_load_balancer_operator
+    Distros: openshift-enterprise,openshift-origin
+    Topics:
+    - Name: AWS Load Balancer Operator release notes
+      File: aws-load-balancer-operator-release-notes
+    - Name: Understanding the AWS Load Balancer Operator
+      File: understanding-aws-load-balancer-operator
+    - Name: Installing the AWS Load Balancer Operator
+      File: install-aws-load-balancer-operator
+    - Name: Installing the AWS Load Balancer Operator on a cluster that uses AWS STS
+      File: installing-albo-sts-cluster
+    - Name: Creating an instance of the AWS Load Balancer Controller
+      File: create-instance-aws-load-balancer-controller
+    - Name: Serving multiple ingress resources through a single AWS Load Balancer
+      File: multiple-ingress-through-single-alb
+    - Name: Adding TLS termination on the AWS Load Balancer
+      File: add-tls-termination
+    - Name: Configuring cluster-wide proxy on the AWS Load Balancer Operator
+      File: configure-egress-proxy-aws-load-balancer-operator
+#   - Name: Understanding the Ingress Node Firewall Operator
+#     File: ingress-node-firewall-operator
+#   - Name: eBPF manager Operator
+#     Dir: ebpf_manager
+#     Topics:
+#     - Name: About the eBPF Manager Operator
+#       File: ebpf-manager-operator-about
+#     - Name: Installing the eBPF Manager Operator
+#       File: ebpf-manager-operator-install
+#     - Name: Deploying an eBPF program
+#       File: ebpf-manager-operator-deploy
+#   - Name: Understanding the Cluster Network Operator
+#     File: cluster-network-operator
+#   - Name: Understanding the DNS Operator
+#     File: dns-operator
+#   - Name: Understanding the Ingress Operator
+#     File: ingress-operator
+#   - Name: External DNS Operator
+#     Dir: external_dns_operator
+#     Topics:
+#     - Name: External DNS Operator release notes
+#       File: external-dns-operator-release-notes
+#     - Name: Understanding the External DNS Operator
+#       File: understanding-external-dns-operator
+#     - Name: Installing the External DNS Operator
+#       File: nw-installing-external-dns-operator-on-cloud-providers
+#     - Name: External DNS Operator configuration parameters
+#       File: nw-configuration-parameters
+#     - Name: Creating DNS records on a public hosted zone for AWS
+#       File: nw-creating-dns-records-on-aws
+#     - Name: Creating DNS records on a public zone for Azure
+#       File: nw-creating-dns-records-on-azure
+#     - Name: Creating DNS records on a public managed zone for GCP
+#       File: nw-creating-dns-records-on-gcp
+#     - Name: Creating DNS records on a public DNS zone for Infoblox
+#       File: nw-creating-dns-records-on-infoblox
+#     - Name: Configuring the cluster-wide proxy on the External DNS Operator
+#       File: nw-configuring-cluster-wide-egress-proxy
+#   - Name: SR-IOV Operator
+#     Dir: sr-iov-operator
+#     Distros: openshift-enterprise,openshift-origin
+#     Topics:
+#     - Name: Installing the SR-IOV Operator
+#       File: installing-sriov-operator
+#     - Name: Configuring the SR-IOV Operator
+#       File: configuring-sriov-operator
+#     - Name: Uninstalling the SR-IOV Operator
+#       File: uninstalling-sriov-operator
+#   - Name: About the Kubernetes NMState Operator
+#     File: k8s-nmstate-about-the-k8s-nmstate-operator
+#   - Name: MetalLB Operator
+#     Dir: metallb-operator
+#     Distros: openshift-enterprise,openshift-origin
+#     Topics:
+#     - Name: About MetalLB and the MetalLB Operator
+#       File: about-metallb
+#     - Name: Installing the MetalLB Operator
+#       File: metallb-operator-install
+#     - Name: Upgrading the MetalLB Operator
+#       File: metallb-upgrading-operator
 - Name: Network security
   Dir: network_security
   Distros: openshift-enterprise,openshift-origin
@@ -1461,26 +1545,6 @@ Topics:
     File: nw-configuring-cluster-wide-egress-proxy
 - Name: CIDR range definitions
   File: cidr-range-definitions
-- Name: AWS Load Balancer Operator
-  Dir: aws_load_balancer_operator
-  Distros: openshift-enterprise,openshift-origin
-  Topics:
-  - Name: AWS Load Balancer Operator release notes
-    File: aws-load-balancer-operator-release-notes
-  - Name: Understanding the AWS Load Balancer Operator
-    File: understanding-aws-load-balancer-operator
-  - Name: Installing the AWS Load Balancer Operator
-    File: install-aws-load-balancer-operator
-  - Name: Installing the AWS Load Balancer Operator on a cluster that uses AWS STS
-    File: installing-albo-sts-cluster
-  - Name: Creating an instance of the AWS Load Balancer Controller
-    File: create-instance-aws-load-balancer-controller
-  - Name: Serving multiple ingress resources through a single AWS Load Balancer
-    File: multiple-ingress-through-single-alb
-  - Name: Adding TLS termination on the AWS Load Balancer
-    File: add-tls-termination
-  - Name: Configuring cluster-wide proxy on the AWS Load Balancer Operator
-    File: configure-egress-proxy-aws-load-balancer-operator
 - Name: Multiple networks
   Dir: multiple_networks
   Distros: openshift-enterprise,openshift-origin
@@ -2571,6 +2635,8 @@ Topics:
     File: nodes-pods-secrets
   - Name: Providing sensitive data to pods by using an external secrets store
     File: nodes-pods-secrets-store
+  - Name: Authenticating pods with short-term credentials
+    File: nodes-pods-short-term-auth
   - Name: Creating and using config maps
     File: nodes-pods-configmaps
   - Name: Using Device Manager to make devices available to nodes
@@ -3469,6 +3535,8 @@ Topics:
       File: oadp-installing-operator
     - Name: Configuring OADP with AWS S3 compatible storage
       File: installing-oadp-aws
+    - Name: Configuring OADP with IBM Cloud
+      File: installing-oadp-ibm-cloud
     - Name: Configuring OADP with Azure
       File: installing-oadp-azure
     - Name: Configuring OADP with GCP

_topic_maps/_topic_map_osd.yml

@@ -121,6 +121,10 @@ Distros: openshift-dedicated
 Topics:
 - Name: Creating a cluster on AWS
   File: creating-an-aws-cluster
+- Name: Creating a GCP Private Service Connect enabled private cluster
+  File: creating-a-gcp-psc-enabled-private-cluster
+- Name: Creating a cluster on GCP with Workload Identity Federation
+  File: creating-a-gcp-cluster-with-workload-identity-federation
 - Name: Creating a cluster on GCP
   File: creating-a-gcp-cluster
 - Name: Configuring your identity providers
@@ -369,8 +373,8 @@ Distros: openshift-dedicated
 Topics:
 - Name: Viewing audit logs
   File: audit-log-view
-- Name: Required allowlist IP addresses for SRE cluster access
-  File: rh-required-whitelisted-IP-addresses-for-sre-access
+# - Name: Required allowlist IP addresses for SRE cluster access
+#   File: rh-required-whitelisted-IP-addresses-for-sre-access
 ---
 Name: Authentication and authorization
 Dir: authentication
@@ -819,6 +823,14 @@ Distros: openshift-dedicated
 Topics:
 - Name: About networking
   File: about-managed-networking
+# - Name: Networking Operators
+#   Dir: networking_operators
+#   Distros: openshift-dedicated
+#   Topics:
+#   - Name: Understanding the DNS Operator
+#     File: dns-operator
+#   - Name: Understanding the Ingress Operator
+#     File: ingress-operator
 - Name: Understanding the DNS Operator
   File: dns-operator
 - Name: Understanding the Ingress Operator

_topic_maps/_topic_map_rosa.yml

@@ -1082,12 +1082,22 @@ Distros: openshift-rosa
 Topics:
 - Name: About networking
   File: about-managed-networking
+- Name: Networking Operators
+  Dir: networking_operators
+  Distros: openshift-rosa
+  Topics:
+  - Name: AWS Load Balancer Operator
+    File: aws-load-balancer-operator
+  # - Name: Understanding the DNS Operator
+  #   File: dns-operator
+  # - Name: Understanding the Ingress Operator
+  #   File: ingress-operator
+  # - Name: Understanding the Ingress Node Firewall Operator
+  #   File: ingress-node-firewall-operator
 - Name: Understanding the DNS Operator
   File: dns-operator
 - Name: Understanding the Ingress Operator
   File: ingress-operator
-- Name: AWS Load Balancer Operator
-  File: aws-load-balancer-operator
 - Name: Network verification
   File: network-verification
 - Name: Configuring a cluster-wide proxy during installation

_topic_maps/_topic_map_rosa_hcp.yml

@@ -88,6 +88,22 @@ Topics:
   Topics:
   - Name: Workshop overview
     File: learning-lab-overview
+  - Name: Deployment
+    File: cloud-experts-deploying-application-deployment
+  - Name: Health Check
+    File: cloud-experts-deploying-application-health-check
+  - Name: Storage
+    File: cloud-experts-deploying-application-storage
+  - Name: ConfigMap, secrets, and environment variables
+    File: cloud-experts-deploying-configmaps-secrets-env-var
+  - Name: Networking
+    File: cloud-experts-deploying-application-networking
+  - Name: Scaling an application
+    File: cloud-experts-deploying-application-scaling
+  - Name: S2i deployments
+    File: cloud-experts-deploying-application-s2i-deployments
+  - Name: Using Source-to-Image (S2I) webhooks for automated deployment
+    File: cloud-experts-deploying-s2i-webhook-cicd
 # ---
 # Name: Architecture
 # Dir: architecture

authentication/managing_cloud_provider_credentials/cco-short-term-creds.adoc

@@ -57,6 +57,23 @@ include::modules/cco-short-term-creds-aws-olm.adoc[leveloffset=+2]
 .Additional resources
 * xref:../../operators/operator_sdk/token_auth/osdk-cco-aws-sts.adoc#osdk-cco-aws-sts[CCO-based workflow for OLM-managed Operators with {aws-short} {sts-short}]
 
+// Content stub for later addition:
+////
+// Application support for AWS STS service account tokens
+// Extra context so module can be reused within assembly (unset in module)
+:context: aws
+// Attributes used in module with cloud-specific values (unset in module)
+:cloud-auth-first: {aws-short} {sts-first}
+:cloud-auth-short: {aws-short} {sts-short}
+include::modules/cco-short-term-creds-workloads.adoc[leveloffset=+2] 
+
+[role="_additional-resources"]
+.Additional resources
+* xr3f:../../nodes/pods/nodes-pods-short-term-auth.adoc#nodes-pods-short-term-auth-configuring-aws_nodes-pods-short-term-auth[Configuring {aws-short} {sts-short} authentication for pods on {aws-short}]
+
+:context: cco-short-term-creds
+////
+
 [id="cco-short-term-creds-gcp_{context}"]
 == {gcp-wid-short}
 
@@ -82,6 +99,20 @@ include::modules/cco-short-term-creds-gcp-olm.adoc[leveloffset=+2]
 .Additional resources
 * xref:../../operators/operator_sdk/token_auth/osdk-cco-gcp.adoc#osdk-cco-gcp[CCO-based workflow for OLM-managed Operators with {gcp-wid-first}]
 
+// Application support for GCP Workload Identity service account tokens
+// Extra context so module can be reused within assembly (unset in module)
+:context: gcp
+// Attributes used in module with cloud-specific values (unset in module)
+:cloud-auth-first: {gcp-wid-first}
+:cloud-auth-short: {gcp-wid-short}
+include::modules/cco-short-term-creds-workloads.adoc[leveloffset=+2]
+
+[role="_additional-resources"]
+.Additional resources
+* xref:../../nodes/pods/nodes-pods-short-term-auth.adoc#nodes-pods-short-term-auth-configuring-gcp_nodes-pods-short-term-auth[Configuring {gcp-wid-short} authentication for applications on {gcp-short}]
+
+:context: cco-short-term-creds
+
 [id="cco-short-term-creds-azure_{context}"]
 == {entra-first}
 
@@ -107,6 +138,23 @@ include::modules/cco-short-term-creds-azure-olm.adoc[leveloffset=+2]
 .Additional resources
 * xref:../../operators/operator_sdk/token_auth/osdk-cco-azure.adoc#osdk-cco-azure[CCO-based workflow for OLM-managed Operators with {entra-first}]
 
+// Content stub for later addition:
+////
+// Application support for Microsoft Entra Workload ID service account tokens
+// Extra context so module can be reused within assembly (unset in module)
+:context: azure
+// Attributes used in module with cloud-specific values (unset in module)
+:cloud-auth-first: {entra-first}
+:cloud-auth-short: {entra-short}
+include::modules/cco-short-term-creds-workloads.adoc[leveloffset=+2]
+
+[role="_additional-resources"]
+.Additional resources
+* xr3f:../../nodes/pods/nodes-pods-short-term-auth.adoc#nodes-pods-short-term-auth-configuring-azure_nodes-pods-short-term-auth[Configuring {entra-first} authentication for pods on {azure-short}]
+
+:context: cco-short-term-creds
+////
+
 [role="_additional-resources"]
 [id="additional-resources_{context}"]
 == Additional resources

backup_and_restore/application_backup_and_restore/installing/installing-oadp-aws.adoc

@@ -11,8 +11,6 @@ toc::[]
 
 You install the OpenShift API for Data Protection (OADP) with Amazon Web Services (AWS) S3 compatible storage by installing the OADP Operator. The Operator installs link:https://{velero-domain}/docs/v{velero-version}/[Velero {velero-version}].
 
-{ibm-cloud-name} S3 is supported as an AWS S3 compatible backup storage provider.
-
 include::snippets/oadp-mtc-operator.adoc[]
 
 You configure AWS for Velero, create a default `Secret`, and then install the Data Protection Application. For more details, see xref:../../..//backup_and_restore/application_backup_and_restore/installing/oadp-installing-operator.adoc#oadp-installing-operator-doc[Installing the OADP Operator].

backup_and_restore/application_backup_and_restore/installing/installing-oadp-ibm-cloud.adoc

@@ -0,0 +1,34 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="installing-oadp-ibm-cloud"]
+= Configuring the {oadp-full} with {ibm-cloud-title}
+include::_attributes/common-attributes.adoc[]
+:context: installing-oadp-ibm-cloud
+:installing-oadp-ibm-cloud:
+:credentials: cloud-credentials
+
+
+toc::[]
+
+You install the {oadp-first} Operator on an {ibm-cloud-title} cluster to back up and restore applications on the cluster. You configure {ibm-cloud-object-storage} to store the backups.
+
+// configuring the IBM COS instance
+include::modules/configuring-ibm-cos.adoc[leveloffset=+1]
+// include the module for creating default secret
+include::modules/oadp-creating-default-secret.adoc[leveloffset=+1]
+// include the module for creating custom secret
+include::modules/oadp-secrets-for-different-credentials.adoc[leveloffset=+1]
+// include the DPA module
+include::modules/oadp-installing-dpa-1-3.adoc[leveloffset=+1]
+// include the module for setting Velero CPU and memory resource allocations 
+include::modules/oadp-setting-resource-limits-and-requests.adoc[leveloffset=+1]
+// include the node agent config module
+include::modules/oadp-configuring-node-agents.adoc[leveloffset=+1]
+// include the module for client burst and qps config
+include::modules/oadp-configuring-client-burst-qps.adoc[leveloffset=+1]
+// include the module for configuring multiple BSL
+include::modules/oadp-configuring-dpa-multiple-bsl.adoc[leveloffset=+1]
+// include the module for disabling node agent in the DPA
+include::modules/oadp-about-disable-node-agent-dpa.adoc[leveloffset=+1]
+
+:!installing-oadp-ibm-cloud:
+

hosted_control_planes/hcp-disconnected/disconnected-install-ibmz-hcp.adoc

@@ -19,19 +19,15 @@ For the control plane, ICSP objects are managed in the management cluster. These
 
 To work with disconnected registries in the {hcp}, you must first create the appropriate ICSP in the management cluster. Then, to deploy disconnected workloads in the data plane, you need to add the entries that you want into the `ImageContentSources` field in the hosted cluster manifest.
 
-.Prerequisites to deploy {hcp} on {ibm-z-title} in a disconnected environment
+include::modules/hcp-ibmz-dc-prereqs.adoc[leveloffset=+1]
 
-* You set up the mirror registry. For more information, see "Creating a mirror registry with mirror registry for Red Hat OpenShift".   
-* You mirrored an image for a disconnected installation. For more information, see "Mirroring images for a disconnected installation using the oc-mirror plugin".
+[role="_additional-resources"]
+.Additional resources
+* xref:../../disconnected/mirroring/installing-mirroring-creating-registry.adoc#mirror-registry-introduction_installing-mirroring-creating-registry[Creating a mirror registry with mirror registry for Red Hat OpenShift]
+* xref:../../disconnected/mirroring/installing-mirroring-disconnected.adoc#installing-mirroring-disconnected[Mirroring images for a disconnected installation using the oc-mirror plugin]
 
 include::modules/hcp-ibmz-adding-credentials-registry.adoc[leveloffset=+1]
 
 include::modules/hcp-ibmz-update-reg-ca.adoc[leveloffset=+1]
 
-include::modules/hcp-ibmz-adding-reg-ca-hostedcluster.adoc[leveloffset=+1]
-
-[role="_additional-resources"]
-.Additional resources
-* xref:../../disconnected/mirroring/installing-mirroring-creating-registry.adoc#mirror-registry-introduction_installing-mirroring-creating-registry[Creating a mirror registry with mirror registry for Red Hat OpenShift]
-
-* xref:../../disconnected/mirroring/installing-mirroring-disconnected.adoc#installing-mirroring-disconnected[Mirroring images for a disconnected installation using the oc-mirror plugin]
+include::modules/hcp-ibmz-adding-reg-ca-hostedcluster.adoc[leveloffset=+1]