Merge pull request #95654 from openshift-cherrypick-robot/cherry-pick-95218-to-enterprise-4.19

xenolinux · web-flow · commit 94f10d4c764e · 2025-07-07T15:45:56.000+05:30
[enterprise-4.19] OCPBUGS-52463# Add note on viewing additional ccoctl options + optional param for specifying VNET RG
diff --git a/modules/cco-ccoctl-creating-at-once.adoc b/modules/cco-ccoctl-creating-at-once.adoc
@@ -224,7 +224,8 @@ $ ccoctl azure create-all \
   --subscription-id=<azure_subscription_id> \// <4>
   --credentials-requests-dir=<path_to_credentials_requests_directory> \// <5>
   --dnszone-resource-group-name=<azure_dns_zone_resource_group_name> \// <6>
-  --tenant-id=<azure_tenant_id> <7>
+  --tenant-id=<azure_tenant_id> \// <7> 
+  --network-resource-group-name <azure_resource_group> <8>
 ----
 <1> Specify the user-defined name for all created Azure resources used for tracking.
 <2> Optional: Specify the directory in which you want the `ccoctl` utility to create objects. By default, the utility creates objects in the directory in which the commands are run.
@@ -233,6 +234,7 @@ $ ccoctl azure create-all \
 <5> Specify the directory containing the files for the component `CredentialsRequest` objects.
 <6> Specify the name of the resource group containing the cluster's base domain Azure DNS zone.
 <7> Specify the Azure tenant ID to use.
+<8> Optional: Specify the virtual network resource group if it is different from the cluster resource group.
 +
 [NOTE]
 ====
diff --git a/modules/enabling-entra-workload-id-existing-cluster.adoc b/modules/enabling-entra-workload-id-existing-cluster.adoc
@@ -171,6 +171,11 @@ $ AZURE_INSTALL_RG=`oc get infrastructure cluster -o jsonpath --template '{ .sta
 
 . Use the `ccoctl` utility to create managed identities for all `CredentialsRequest` objects by running the following command:
 +
+[NOTE]
+====
+The following command does not show all available options. For a complete list of options, including those that might be necessary for your specific use case, run `$ ccoctl azure create-managed-identities --help`.
+====
++
 [source,terminal]
 ----
 $ ccoctl azure create-managed-identities \
@@ -181,9 +186,11 @@ $ ccoctl azure create-managed-identities \
   --credentials-requests-dir <path_to_directory_for_credentials_requests> \
   --issuer-url "${OIDC_ISSUER_URL}" \
   --dnszone-resource-group-name <azure_dns_zone_resourcegroup_name> \// <1>
-  --installation-resource-group-name "${AZURE_INSTALL_RG}"
+  --installation-resource-group-name "${AZURE_INSTALL_RG}" \
+  --network-resource-group-name <azure_resource_group> <2>
 ----
 <1> Specify the name of the resource group that contains the DNS zone.
+<2> Optional: Specify the virtual network resource group if it is different from the cluster resource group.
 
 . Apply the {azure-short} pod identity webhook configuration for {entra-short} by running the following command:
 +
