Skip to content

Commit ce4cf11

Browse files
dfitzmaudfitzmau
authored
Merge pull request #87443 from dfitzmau/OCPBUGS-45919
OCPBUGS#45919: Updated the service account in STS
2 parents ab81c14 + 433ad1c commit ce4cf11

File tree

3 files changed

+10
-10
lines changed

3 files changed

+10
-10
lines changed

modules/aws-installing-an-aws-load-balancer-operator.adoc

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,7 @@ You can install an AWS Load Balancer Operator and an AWS Load Balancer Controlle
1515
* You have access to modify the VPC and subnets of the created ROSA cluster.
1616
* You have installed the ROSA CLI (`rosa`).
1717
* You have installed the Amazon Web Services (AWS) CLI.
18-
* You are using OpenShift Container Platform 4.13 or later.
18+
* You are using {product-title} 4.13 or later.
1919
2020
[IMPORTANT]
2121
====
@@ -86,7 +86,7 @@ $ IDP_ARN="arn:aws:iam::{AWS_AccountNo}:oidc-provider/${IDP}" <1>
8686
.Example output
8787
[source,terminal,subs="quotes,verbatim"]
8888
----
89-
$ cat EOF albo-operator-trusted-policy.json
89+
$ cat <<EOF > albo-operator-trusted-policy.json
9090
{
9191
"Version": "2012-10-17",
9292
"Statement": [
@@ -160,7 +160,7 @@ $ aws iam put-role-policy --role-name albo-operator --policy-name perms-policy-a
160160
----
161161
$ IDP='{Cluster_OIDC_Endpoint}'
162162
$ IDP_ARN="arn:aws:iam::{AWS_AccountNo}:oidc-provider/${IDP}"
163-
$ cat <EOF> albo-controller-trusted-policy.json
163+
$ cat <<EOF > albo-controller-trusted-policy.json
164164
{
165165
"Version": "2012-10-17",
166166
"Statement": [
@@ -172,7 +172,7 @@ $ cat <EOF> albo-controller-trusted-policy.json
172172
"Action": "sts:AssumeRoleWithWebIdentity",
173173
"Condition": {
174174
"StringEquals": {
175-
"${IDP}:sub": "system:serviceaccount:aws-load-balancer-operator:aws-load-balancer-controller-cluster"
175+
"${IDP}:sub": "system:serviceaccount:aws-load-balancer-operator:aws-load-balancer-operator-controller-manager"
176176
}
177177
}
178178
}
@@ -196,7 +196,7 @@ $ echo $CONTROLLER_ROLE_ARN
196196
ROLE arn:aws:iam::<aws_account_number>:role/albo-controller 2023-08-02T12:13:22Z
197197
ASSUMEROLEPOLICYDOCUMENT 2012-10-17
198198
STATEMENT sts:AssumeRoleWithWebIdentity Allow
199-
STRINGEQUALS system:serviceaccount:aws-load-balancer-operator:aws-load-balancer-controller-cluster
199+
STRINGEQUALS system:serviceaccount:aws-load-balancer-operator:aws-load-balancer-operator-controller-manager
200200
PRINCIPAL arn:aws:iam:<aws_account_number>:oidc-provider/<oidc_provider_id>
201201
----
202202
+
@@ -243,7 +243,7 @@ ELBv2 resources (such as ALBs and NLBs) created by AWS Load Balancer Operator do
243243
+
244244
[source,terminal]
245245
----
246-
$ cat EOF | oc apply -f -
246+
$ cat <<EOF | oc apply -f -
247247
apiVersion: operators.coreos.com/v1
248248
kind: OperatorGroup
249249
metadata:
@@ -258,7 +258,7 @@ EOF
258258
+
259259
[source,terminal]
260260
----
261-
$ cat EOF | oc apply -f -
261+
$ cat <<EOF | oc apply -f -
262262
apiVersion: operators.coreos.com/v1alpha1
263263
kind: Subscription
264264
metadata:

modules/using-aws-cli-create-iam-role-alb-controller.adoc

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -30,7 +30,7 @@ $ cat <<EOF > albo-controller-trust-policy.json
3030
"Action": "sts:AssumeRoleWithWebIdentity",
3131
"Condition": {
3232
"StringEquals": {
33-
"<cluster_oidc_endpoint>:sub": "system:serviceaccount:aws-load-balancer-operator:aws-load-balancer-controller-cluster" <2>
33+
"<cluster_oidc_endpoint>:sub": "system:serviceaccount:aws-load-balancer-operator:aws-load-balancer-operator-controller-manager" <2>
3434
}
3535
}
3636
}
@@ -54,7 +54,7 @@ $ aws iam create-role --role-name albo-controller --assume-role-policy-document
5454
ROLE arn:aws:iam::<aws_account_number>:role/albo-controller 2023-08-02T12:13:22Z <1>
5555
ASSUMEROLEPOLICYDOCUMENT 2012-10-17
5656
STATEMENT sts:AssumeRoleWithWebIdentity Allow
57-
STRINGEQUALS system:serviceaccount:aws-load-balancer-operator:aws-load-balancer-controller-cluster
57+
STRINGEQUALS system:serviceaccount:aws-load-balancer-operator:aws-load-balancer-operator-controller-manager
5858
PRINCIPAL arn:aws:iam:<aws_account_number>:oidc-provider/<cluster_oidc_endpoint>
5959
----
6060
<1> Note the ARN of an {aws-short} IAM role for the {aws-short} Load Balancer Controller, such as `arn:aws:iam::777777777777:role/albo-controller`.

modules/using-aws-cli-create-iam-role-alb-operator.adoc

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -30,7 +30,7 @@ $ cat <<EOF > albo-operator-trust-policy.json
3030
"Action": "sts:AssumeRoleWithWebIdentity",
3131
"Condition": {
3232
"StringEquals": {
33-
"<cluster_oidc_endpoint>:sub": "system:serviceaccount:aws-load-balancer-operator:aws-load-balancer-controller-cluster" <2>
33+
"<cluster_oidc_endpoint>:sub": "system:serviceaccount:aws-load-balancer-operator:aws-load-balancer-operator-controller-manager" <2>
3434
}
3535
}
3636
}

0 commit comments

Comments
 (0)