You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: modules/create-wif-cluster-ocm.adoc
+2-1Lines changed: 2 additions & 1 deletion
Original file line number
Diff line number
Diff line change
@@ -55,13 +55,14 @@ Workload Identity Federation (WIF) is only supported on {product-title} version
55
55
.. Select a cloud provider region from the *Region* drop-down menu.
56
56
.. Select a *Single zone* or *Multi-zone* configuration.
57
57
+
58
-
.. Optional: Select *Enable Secure Boot for Shielded VMs* to use Shielded VMs when installing your cluster. For more information, see link:https://cloud.google.com/security/products/shielded-vm[Shielded VMs].
58
+
.. Optional: Select *Enable Secure Boot support for Shielded VMs* to use Shielded VMs when installing your cluster. For more information, see link:https://cloud.google.com/security/products/shielded-vm[Shielded VMs].
59
59
+
60
60
[IMPORTANT]
61
61
====
62
62
To successfully create a cluster, you must select *Enable Secure Boot support for Shielded VMs* if your organization has the policy constraint `constraints/compute.requireShieldedVm` enabled. For more information regarding GCP organizational policy constraints, see link:https://cloud.google.com/resource-manager/docs/organization-policy/org-policy-constraints[Organization policy constraints].
63
63
====
64
64
+
65
+
65
66
.. Leave *Enable user workload monitoring* selected to monitor your own projects in isolation from Red Hat Site Reliability Engineer (SRE) platform metrics. This option is enabled by default.
66
67
67
68
. Optional: Expand *Advanced Encryption* to make changes to encryption settings.
Copy file name to clipboardExpand all lines: modules/osd-create-cluster-ccs.adoc
+14-14Lines changed: 14 additions & 14 deletions
Original file line number
Diff line number
Diff line change
@@ -68,36 +68,36 @@ To successfully create a cluster, you must select *Enable Secure Boot support fo
68
68
+
69
69
70
70
.. Leave *Enable user workload monitoring* selected to monitor your own projects in isolation from Red Hat Site Reliability Engineer (SRE) platform metrics. This option is enabled by default.
71
-
.. Optional: Expand *Advanced Encryption* to make changes to encryption settings.
72
71
73
-
... Accept the default setting *Use default KMS Keys* to use your default AWS KMS key, or select *Use Custom KMS keys* to use a custom KMS key.
74
-
.... With *Use Custom KMS keys* selected, enter the AWS Key Management Service (KMS) custom key Amazon Resource Name (ARN) ARN in the *Key ARN* field.
75
-
The key is used for encrypting all control plane, infrastructure, worker node root volumes, and persistent volumes in your cluster.
72
+
. Optional: Expand *Advanced Encryption* to make changes to encryption settings.
76
73
77
-
+
74
+
.. Select *Use custom KMS keys* to use custom KMS keys. If you prefer not to use custom KMS keys, leave the default setting *Use default KMS Keys*.
78
75
79
-
... Select *Use custom KMS keys* to use custom KMS keys. If you prefer not to use custom KMS keys, leave the default setting *Use default KMS Keys*.
80
76
+
77
+
81
78
[IMPORTANT]
82
79
====
83
80
To use custom KMS keys, the IAM service account `osd-ccs-admin` must be granted the *Cloud KMS CryptoKey Encrypter/Decrypter* role. For more information about granting roles on a resource, see link:https://cloud.google.com/kms/docs/iam#granting_roles_on_a_resource[Granting roles on a resource].
84
81
====
85
-
+
86
-
With *Use Custom KMS keys* selected:
87
82
88
-
.... Select a key ring location from the *Key ring location* drop-down menu.
89
-
.... Select a key ring from the *Key ring* drop-down menu.
90
-
.... Select a key name from the *Key name* drop-down menu.
91
-
.... Provide the *KMS Service Account*.
92
83
+
93
-
... Optional: Select *Enable FIPS cryptography* if you require your cluster to be FIPS validated.
84
+
85
+
.. With *Use Custom KMS keys* selected:
86
+
87
+
... Select a key ring location from the *Key ring location* drop-down menu.
88
+
... Select a key ring from the *Key ring* drop-down menu.
89
+
... Select a key name from the *Key name* drop-down menu.
90
+
... Provide the *KMS Service Account*.
91
+
92
+
.. Optional: Select *Enable FIPS cryptography* if you require your cluster to be FIPS validated.
94
93
+
95
94
[NOTE]
96
95
====
97
96
If *Enable FIPS cryptography* is selected, *Enable additional etcd encryption* is enabled by default and cannot be disabled. You can select *Enable additional etcd encryption* without selecting *Enable FIPS cryptography*.
98
97
====
99
98
+
100
-
... Optional: Select *Enable additional etcd encryption* if you require etcd key value encryption. With this option, the etcd key values are encrypted, but the keys are not. This option is in addition to the control plane storage encryption that encrypts the etcd volumes in {product-title} clusters by default.
99
+
.. Optional: Select *Enable additional etcd encryption* if you require etcd key value encryption.
100
+
With this option, the etcd key values are encrypted, but not the keys. This option is in addition to the control plane storage encryption that encrypts the etcd volumes in {product-title} clusters by default.
0 commit comments