From 04b45f78ef506be439cdafd881cba3a0021d67ed Mon Sep 17 00:00:00 2001 From: EricPonvelle Date: Tue, 15 Jul 2025 14:20:00 -0500 Subject: [PATCH] OSDOCS-15140: Updated HCP Install guide for migration --- ...sa-getting-started-deleting-a-cluster.adoc | 22 +++++----- ...g-started-install-configure-cli-tools.adoc | 12 ++---- modules/rosa-hcp-create-network.adoc | 6 +-- modules/rosa-hcp-vpc-manual.adoc | 6 +-- modules/rosa-hcp-vpc-subnet-tagging.adoc | 8 ++-- modules/rosa-sts-byo-oidc.adoc | 2 +- ...g-account-wide-sts-roles-and-policies.adoc | 22 ++++++++-- ...of-the-default-cluster-specifications.adoc | 41 +++++++++++-------- ...rosa-hcp-aws-private-creating-cluster.adoc | 2 +- rosa_hcp/rosa-hcp-cluster-no-cni.adoc | 11 +++-- ...hcp-creating-cluster-with-aws-kms-key.adoc | 34 +++++++-------- rosa_hcp/rosa-hcp-deleting-cluster.adoc | 2 +- rosa_hcp/rosa-hcp-egress-zero-install.adoc | 4 +- rosa_hcp/rosa-hcp-quickstart-guide.adoc | 8 ++-- ...a-hcp-sts-creating-a-cluster-ext-auth.adoc | 26 ++++++------ ...sa-hcp-sts-creating-a-cluster-quickly.adoc | 38 ++++++++--------- 16 files changed, 130 insertions(+), 114 deletions(-) diff --git a/modules/rosa-getting-started-deleting-a-cluster.adoc b/modules/rosa-getting-started-deleting-a-cluster.adoc index 09f81a65a173..6b164409da41 100644 --- a/modules/rosa-getting-started-deleting-a-cluster.adoc +++ b/modules/rosa-getting-started-deleting-a-cluster.adoc @@ -5,7 +5,7 @@ :_mod-docs-content-type: PROCEDURE [id="rosa-getting-started-deleting-a-cluster_{context}"] -= Deleting a ROSA cluster and the AWS STS resources += Deleting a ROSA cluster and the AWS IAM STS resources ifeval::["{context}" == "rosa-getting-started"] :getting-started: @@ -15,15 +15,15 @@ ifeval::["{context}" == "rosa-quickstart"] endif::[] ifdef::openshift-rosa-hcp[] -You can delete a ROSA cluster by using the {product-title} (ROSA) CLI, `rosa`. You can also use the ROSA CLI to delete the AWS Identity and Access Management (IAM) account-wide roles, the cluster-specific Operator roles, and the OpenID Connect (OIDC) provider. To delete the account-wide inline and Operator policies, you can use the AWS IAM Console. +You can delete a ROSA cluster by using the ROSA CLI, `rosa`. You can also use the ROSA CLI to delete the AWS Identity and Access Management (IAM) account-wide roles, the cluster-specific Operator roles, and the OpenID Connect (OIDC) provider. To delete the account-wide and Operator policies, you can use the AWS IAM Console or the AWS CLI. endif::openshift-rosa-hcp[] ifndef::openshift-rosa-hcp[] -You can delete a ROSA cluster that uses the AWS Security Token Service (STS) by using the {product-title} (ROSA) CLI, `rosa`. You can also use the ROSA CLI to delete the AWS Identity and Access Management (IAM) account-wide roles, the cluster-specific Operator roles, and the OpenID Connect (OIDC) provider. To delete the account-wide inline and Operator policies, you can use the AWS IAM Console. +You can delete a ROSA cluster that uses the AWS Security Token Service (STS) by using the ROSA CLI, `rosa`. You can also use the ROSA CLI to delete the AWS Identity and Access Management (IAM) account-wide roles, the cluster-specific Operator roles, and the OpenID Connect (OIDC) provider. To delete the account-wide inline and Operator policies, you can use the AWS IAM Console or the AWS CLI. endif::openshift-rosa-hcp[] [IMPORTANT] ==== -Account-wide IAM roles and policies might be used by other ROSA clusters in the same AWS account. You must only remove the resources if they are not required by other clusters. +Account-wide IAM roles and policies might be used by other ROSA clusters in the same AWS account. You must only remove the resources if they are **not** required by other clusters. ==== ifdef::getting-started[] @@ -45,10 +45,10 @@ $ rosa delete cluster --cluster= --watch + [IMPORTANT] ==== -You must wait for the cluster deletion to complete before you remove the IAM roles, policies, and OIDC provider. The account-wide roles are required to delete the resources created by the installer. The cluster-specific Operator roles are required to clean-up the resources created by the OpenShift Operators. The Operators use the OIDC provider to authenticate. +You must wait for the cluster deletion to complete before you remove the IAM roles, policies, and OIDC provider. The account-wide roles are required to delete the resources created by the installer. The cluster-specific Operator roles are required to clean-up the resources created by the OpenShift Operators. The Operators use the OIDC provider to authenticate with AWS APIs. ==== -. Delete the OIDC provider that the cluster Operators use to authenticate: +. After the cluster is deleted, delete the OIDC provider that the cluster Operators use to authenticate: + [source,terminal] ---- @@ -73,27 +73,27 @@ $ rosa delete operator-roles -c --mode auto <1> + [IMPORTANT] ==== -Account-wide IAM roles and policies might be used by other ROSA clusters in the same AWS account. You must only remove the resources if they are not required by other clusters. +Account-wide IAM roles and policies might be used by other ROSA clusters in the same AWS account. You must only remove the resources if they are **not** required by other clusters. ==== + [source,terminal] ---- $ rosa delete account-roles --prefix --mode auto <1> ---- -<1> You must include the `--` argument. Replace `` with the prefix of the account-wide roles to delete. If you did not specify a custom prefix when you created the account-wide roles, specify the default prefix, `ManagedOpenShift`. +<1> You must include the `--` argument. Replace `` with the prefix of the account-wide roles to delete. If you did not specify a custom prefix when you created the account-wide roles, specify the default prefix, depending on how they were created, `HCP-ROSA` or `ManagedOpenShift`. ifdef::openshift-rosa-hcp[] -. Delete the account-wide inline and Operator IAM policies that you created for ROSA deployments: +. Delete the account-wide and Operator IAM policies that you created for ROSA deployments: endif::openshift-rosa-hcp[] ifndef::openshift-rosa-hcp[] -. Delete the account-wide inline and Operator IAM policies that you created for ROSA deployments that use STS: +. Delete the account-wide and Operator IAM policies that you created for ROSA deployments that use STS: endif::openshift-rosa-hcp[] + .. Log in to the link:https://console.aws.amazon.com/iamv2/home#/home[AWS IAM Console]. .. Navigate to *Access management* -> *Policies* and select the checkbox for one of the account-wide policies. .. With the policy selected, click on *Actions* -> *Delete* to open the delete policy dialog. .. Enter the policy name to confirm the deletion and select *Delete* to delete the policy. -.. Repeat this step to delete each of the account-wide inline and Operator policies for the cluster. +.. Repeat this step to delete each of the account-wide and Operator policies for the cluster. ifeval::["{context}" == "rosa-getting-started"] :getting-started: diff --git a/modules/rosa-getting-started-install-configure-cli-tools.adoc b/modules/rosa-getting-started-install-configure-cli-tools.adoc index 0fe8fcae4b21..233c4e6add9d 100644 --- a/modules/rosa-getting-started-install-configure-cli-tools.adoc +++ b/modules/rosa-getting-started-install-configure-cli-tools.adoc @@ -2,6 +2,8 @@ // // * rosa_getting_started/rosa-getting-started.adoc // * rosa_getting_started/rosa-quickstart-guide-ui.adoc +// * rosa_hcp/rosa-hcp-quickstart-guide.adoc +// * rosa_planning/rosa-sts-setting-up-environment.adoc :_mod-docs-content-type: PROCEDURE [id="rosa-getting-started-install-configure-cli-tools_{context}"] @@ -19,8 +21,6 @@ Several command-line interface (CLI) tools are required to deploy and work with . Log in to your Red{nbsp}Hat and AWS accounts to access the download page for each required tool. .. Log in to your Red{nbsp}Hat account at link:https://console.redhat.com[console.redhat.com]. .. Log in to your AWS account at link:https://aws.amazon.com[aws.amazon.com]. - -//This should be a separate module . Install and configure the latest AWS CLI (`aws`). .. Install the AWS CLI by following the link:https://aws.amazon.com/cli/[AWS Command Line Interface] documentation appropriate for your workstation. .. Configure the AWS CLI by specifying your `aws_access_key_id`, `aws_secret_access_key`, and `region` in the `.aws/credentials` file. For more information, see link:https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-quickstart.html[AWS Configuration basics] in the AWS documentation. @@ -41,8 +41,7 @@ $ aws sts get-caller-identity --output text ---- arn:aws:iam:::user/ ---- - -//This should be a separate module ++ . Install and configure the latest ROSA CLI (`rosa`). .. Navigate to link:https://console.redhat.com/openshift/downloads[*Downloads*]. .. Find *Red Hat OpenShift Service on AWS command line interface (`rosa)* in the list of tools and click *Download*. @@ -92,8 +91,6 @@ Your ROSA CLI is up to date. // For steps to configure `rosa` tab completion for different shell types, see the help menu by running `rosa completion --help`. // ==== // endif::[] - -//The following should probably also be a separate module . Log in to the ROSA CLI using an offline access token. .. Run the login command: + @@ -121,7 +118,6 @@ To login to your Red Hat account, get an offline access token at https://console ==== In the future you can specify the offline access token by using the `--token=""` argument when you run the `rosa login` command. ==== - .. Verify that you are logged in and confirm that your credentials are correct before proceeding: + [source,terminal] @@ -144,8 +140,6 @@ OCM Organization ID: OCM Organization Name: Your organization OCM Organization External ID: ---- - -//This should be a separate module . Install and configure the latest OpenShift CLI (`oc`). .. Use the ROSA CLI to download the `oc` CLI. + diff --git a/modules/rosa-hcp-create-network.adoc b/modules/rosa-hcp-create-network.adoc index cfea3114c61e..a6de3b895292 100644 --- a/modules/rosa-hcp-create-network.adoc +++ b/modules/rosa-hcp-create-network.adoc @@ -10,11 +10,11 @@ ifeval::["{context}" == "rosa-hcp-egress-zero-install"] endif::[] :_mod-docs-content-type: PROCEDURE [id="rosa-hcp-create-network_{context}"] -= Creating a Virtual Private Cloud using the ROSA CLI += Creating an AWS VPC using the ROSA CLI -The `rosa create network` command is available in v.1.2.48 or later of the ROSA command-line interface (CLI). The command uses AWS CloudFormation to create a VPC and the other networking components used to install a ROSA cluster. CloudFormation is a native AWS infrastructure-as-code tool and is compatible with the AWS CLI. +The `rosa create network` command is available in v.1.2.48 or later of the ROSA command-line interface (CLI). The command uses AWS CloudFormation to create a VPC and associated networking components necessary to install a ROSA cluster. CloudFormation is a native AWS infrastructure-as-code tool and is compatible with the AWS CLI. -If you do not specify a template, CloudFormation uses a default template that creates the following parameters: +If you do not specify a template, CloudFormation uses a default template that creates resources with the following parameters: [cols="2a,3a",options="header"] |=== diff --git a/modules/rosa-hcp-vpc-manual.adoc b/modules/rosa-hcp-vpc-manual.adoc index 416935edceed..cf23412dc610 100644 --- a/modules/rosa-hcp-vpc-manual.adoc +++ b/modules/rosa-hcp-vpc-manual.adoc @@ -8,9 +8,9 @@ endif::[] :_mod-docs-content-type: PREFERENCE [id="rosa-hcp-vpc-manual_{context}"] -= Creating a Virtual Private Cloud manually += Creating an AWS Virtual Private Cloud manually -If you choose to manually create your Virtual Private Cloud (VPC) instead of using Terraform, go to link:https://us-east-1.console.aws.amazon.com/vpc/[the VPC page in the AWS console]. +If you choose to manually create your AWS Virtual Private Cloud (VPC) instead of using Terraform, go to link:https://us-east-1.console.aws.amazon.com/vpc/[the VPC page in the AWS console]. include::snippets/rosa-existing-vpc-requirements.adoc[leveloffset=+0] @@ -19,7 +19,7 @@ ifdef::rosa-egress-lockdown[] [id="rosa-hcp-vpc-subnet-tagging-manual_{context}"] == Tagging your subnets -Before you can use your VPC to create a {hcp-title} cluster, you must tag your VPC subnets. Automated service preflight checks verify that these resources are tagged correctly. The following table shows how to tag your resources: +Before you can use your VPC to create a {rosa-short} cluster, you must tag your VPC subnets. Automated service preflight checks verify that these resources are tagged correctly. The following table shows how to tag your resources: [cols="3a,8a,8a", options="header"] |=== diff --git a/modules/rosa-hcp-vpc-subnet-tagging.adoc b/modules/rosa-hcp-vpc-subnet-tagging.adoc index 67e71a91116c..a00fd0ed1484 100644 --- a/modules/rosa-hcp-vpc-subnet-tagging.adoc +++ b/modules/rosa-hcp-vpc-subnet-tagging.adoc @@ -5,7 +5,7 @@ [id="rosa-hcp-vpc-subnet-tagging_{context}"] = Tagging your subnets -Before you can use your VPC to create a {hcp-title} cluster, you must tag your VPC subnets. Automated service preflight checks verify that these resources are tagged correctly before you can use these resources. The following table shows how your resources should be tagged as the following: +Before you can use your VPC to create a {rosa-short} cluster, you must tag your VPC subnets. Automated service preflight checks verify that these resources are tagged correctly before you can use these resources for a cluster. The following table shows how your resources should be tagged: [cols="3a,8a,8a", options="header"] |=== @@ -15,17 +15,17 @@ Before you can use your VPC to create a {hcp-title} cluster, you must tag your V | Public subnet | `kubernetes.io/role/elb` -| `1` or no value +| `1` (or no value) | Private subnet | `kubernetes.io/role/internal-elb` -| `1` or no value +| `1` (or no value) |=== [NOTE] ==== -You must tag at least one private subnet and, if applicable, and one public subnet. +You must tag at least one private subnet and, if applicable, one public subnet. ==== .Prerequisites diff --git a/modules/rosa-sts-byo-oidc.adoc b/modules/rosa-sts-byo-oidc.adoc index 0d72a5d11ec9..b73a6329ac5d 100644 --- a/modules/rosa-sts-byo-oidc.adoc +++ b/modules/rosa-sts-byo-oidc.adoc @@ -11,7 +11,7 @@ [id="rosa-sts-byo-oidc_{context}"] = Creating an OpenID Connect configuration -When using a +When creating a ifdef::openshift-rosa-hcp[] {rosa-short} endif::openshift-rosa-hcp[] diff --git a/modules/rosa-sts-creating-account-wide-sts-roles-and-policies.adoc b/modules/rosa-sts-creating-account-wide-sts-roles-and-policies.adoc index 96569cf96934..c6e52f4966fc 100644 --- a/modules/rosa-sts-creating-account-wide-sts-roles-and-policies.adoc +++ b/modules/rosa-sts-creating-account-wide-sts-roles-and-policies.adoc @@ -1,7 +1,8 @@ // Module included in the following assemblies: // -// * rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-quickly.adoc // * rosa_getting_started/rosa-quickstart-guide-ui.adoc +// * rosa_hcp/rosa-hcp-quickstart-guide.adoc +// * rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-quickly.adoc :_mod-docs-content-type: PROCEDURE [id="rosa-sts-creating-account-wide-sts-roles-and-policies_{context}"] @@ -14,7 +15,14 @@ ifeval::["{context}" == "rosa-quickstart"] :quickstart: endif::[] -Before using the {cluster-manager-first} {hybrid-console-second} to create {product-title} (ROSA) clusters that use the AWS Security Token Service (STS), create the required account-wide STS roles and policies, including the Operator policies. +Before using the {hybrid-console} to create +ifdef::openshift-rosa[] +{rosa-classic-short} +endif::openshift-rosa[] +ifdef::openshift-rosa-hcp[] +{rosa-short} +endif::openshift-rosa-hcp[] +clusters that use the AWS Security Token Service (STS), create the required account-wide STS roles and policies, including the Operator policies. ifdef::quick-install[] .Prerequisites @@ -37,11 +45,19 @@ $ rosa list account-roles ---- endif::[] -. If they do not exist in your AWS account, create the required account-wide STS roles and policies: +. If they do not exist in your AWS account, create the required account-wide AWS IAM STS roles and policies: + +ifdef::openshift-rosa[] [source,terminal] ---- $ rosa create account-roles ---- +endif::openshift-rosa[] +ifdef::openshift-rosa-hcp[] +[source,terminal] +---- +$ rosa create account-roles --hosted-cp +---- +endif::openshift-rosa-hcp[] + Select the default values at the prompts to quickly create the roles and policies. diff --git a/modules/rosa-sts-overview-of-the-default-cluster-specifications.adoc b/modules/rosa-sts-overview-of-the-default-cluster-specifications.adoc index c3538d691d3d..473ab73f614c 100644 --- a/modules/rosa-sts-overview-of-the-default-cluster-specifications.adoc +++ b/modules/rosa-sts-overview-of-the-default-cluster-specifications.adoc @@ -1,8 +1,11 @@ // Module included in the following assemblies: // +// * rosa_getting_started/rosa-quickstart-guide-ui.adoc +// * rosa_hcp/terraform/rosa-hcp-creating-a-cluster-quickly-terraform.adoc +// * rosa_hcp/rosa-hcp-quickstart-guide.adoc // * rosa_hcp/rosa-hcp-sts-creating-a-cluster-quickly.adoc +// * rosa_install_access_delete_clusters/terraform/rosa-classic-creating-a-cluster-quickly-terraform.adoc // * rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-quickly.adoc -// * rosa_getting_started/rosa-quickstart-guide-ui.adoc ifeval::["{context}" == "rosa-classic-creating-a-cluster-quickly-terraform"] :tf-classic: @@ -10,9 +13,6 @@ endif::[] ifeval::["{context}" == "rosa-hcp-creating-a-cluster-quickly-terraform"] :tf-hcp: endif::[] -ifeval::["{context}" == "rosa-hcp-sts-creating-a-cluster-quickly"] -:hcp-rosa: -endif::[] :_mod-docs-content-type: CONCEPT [id="rosa-sts-overview-of-the-default-cluster-specifications_{context}"] @@ -48,9 +48,16 @@ ifdef::tf-classic,tf-hcp[] * Default IAM role prefix: `rosa-<6-digit-alphanumeric-string>` endif::tf-classic,tf-hcp[] ifndef::tf-classic,tf-hcp[] +ifdef::openshift-rosa[] * Default IAM role prefix: `ManagedOpenShift` +endif::openshift-rosa[] +ifdef::openshift-rosa-hcp[] +* Default IAM role prefix: `HCP-ROSA` +endif::openshift-rosa-hcp[] endif::tf-classic,tf-hcp[] +ifndef::openshift-rosa-hcp[] * No cluster admin role created +endif::openshift-rosa-hcp[] |Cluster settings | @@ -70,29 +77,32 @@ ifdef::openshift-rosa-hcp[] * Default AWS region for installations using the ROSA CLI (`rosa`): Defined by your `aws` CLI configuration * Default EC2 IMDS endpoints (both v1 and v2) are enabled endif::openshift-rosa-hcp[] -* Availability: Single zone for the data plane endif::tf-classic,tf-hcp[] -ifndef::rosa-hcp,tf-hcp[] +ifndef::openshift-rosa-hcp,tf-hcp[] * EC2 Instance Metadata Service (IMDS) is enabled and allows the use of IMDSv1 or IMDSv2 (token optional) -endif::rosa-hcp,tf-hcp[] +endif::openshift-rosa-hcp,tf-hcp[] +* Availability: Single zone for the data plane * Monitoring for user-defined projects: Enabled -ifndef::openshift-rosa-hcp,hcp-rosa[] +ifdef::openshift-rosa-hcp[] +* No cluster admin role created +endif::openshift-rosa-hcp[] +ifndef::openshift-rosa-hcp[] |Encryption |* Cloud storage is encrypted at rest * Additional etcd encryption is not enabled * The default AWS Key Management Service (KMS) key is used as the encryption key for persistent data -endif::openshift-rosa-hcp,hcp-rosa[] +endif::openshift-rosa-hcp[] -ifdef::openshift-rosa,openshift-rosa-hcp,tf-classic[] +ifdef::openshift-rosa,tf-classic[] |Control plane node configuration |* Control plane node instance type: m5.2xlarge (8 vCPU, 32 GiB RAM) * Control plane node count: 3 -endif::openshift-rosa,openshift-rosa-hcp,tf-classic[] -ifndef::openshift-rosa-hcp,hcp-rosa[] +endif::openshift-rosa,tf-classic[] +ifndef::openshift-rosa-hcp[] |Infrastructure node configuration |* Infrastructure node instance type: r5.xlarge (4 vCPU, 32 GiB RAM) * Infrastructure node count: 2 -endif::openshift-rosa-hcp,hcp-rosa[] +endif::openshift-rosa-hcp[] |Compute node machine pool |* Compute node instance type: m5.xlarge (4 vCPU 16, GiB RAM) @@ -145,7 +155,7 @@ endif::openshift-rosa-hcp[] + [NOTE] ==== -For installations that use {cluster-manager} on the {hybrid-console-second}, the `auto` mode requires an admin-privileged {cluster-manager} role. +For installations that use {cluster-manager} on the {hybrid-console-second}, the `auto` mode requires an admin-privileged {cluster-manager} role (ocm-role). ==== ifdef::tf-classic,tf-hcp[] * Default Operator role prefix: `rosa-<6-digit-alphanumeric-string>` @@ -175,7 +185,4 @@ endif::[] ifeval::["{context}" == "rosa-hcp-creating-a-cluster-quickly-terraform"] :!tf-hcp: endif::[] -ifeval::["{context}" == "rosa-hcp-sts-creating-a-cluster-quickly"] -:!hcp-rosa: -endif::[] diff --git a/rosa_hcp/rosa-hcp-aws-private-creating-cluster.adoc b/rosa_hcp/rosa-hcp-aws-private-creating-cluster.adoc index 04d9618493f7..c6e08b41781d 100644 --- a/rosa_hcp/rosa-hcp-aws-private-creating-cluster.adoc +++ b/rosa_hcp/rosa-hcp-aws-private-creating-cluster.adoc @@ -6,7 +6,7 @@ include::_attributes/attributes-openshift-dedicated.adoc[] toc::[] -For {hcp-title-first} workloads that do not require public internet access, you can create a private cluster. +For {product-title} workloads that do not require public internet access, you can create a private cluster. //include::modules/osd-aws-privatelink-about.adoc[leveloffset=+1] //include::modules/osd-aws-privatelink-required-resources.adoc[leveloffset=+1] diff --git a/rosa_hcp/rosa-hcp-cluster-no-cni.adoc b/rosa_hcp/rosa-hcp-cluster-no-cni.adoc index 0f74cbf60be1..98b2d15aa1b3 100644 --- a/rosa_hcp/rosa-hcp-cluster-no-cni.adoc +++ b/rosa_hcp/rosa-hcp-cluster-no-cni.adoc @@ -7,20 +7,19 @@ include::_attributes/common-attributes.adoc[] toc::[] -You can use your own Container Network Interface (CNI) plugin when creating a {hcp-title-first} cluster. -You can create a {hcp-title} cluster without a CNI and install your own CNI plugin after cluster creation. +You can use your own Container Network Interface (CNI) plugin when creating a {product-title} cluster. You can create a {rosa-short} cluster without a CNI and install your own CNI plugin after cluster creation. [IMPORTANT] ==== For customers who choose to use their own CNI, the responsibility of CNI plugin support belongs to the customer in coordination with their chosen CNI vendor. ==== -The default plugin for {hcp-title} is the xref:../networking/ovn_kubernetes_network_provider/about-ovn-kubernetes.adoc#about-ovn-kubernetes[OVN-Kubernetes network plugin]. This plugin is the only Red Hat supported CNI plugin for {hcp-title}. +The default plugin for {rosa-short} is the xref:../networking/ovn_kubernetes_network_provider/about-ovn-kubernetes.adoc#about-ovn-kubernetes[OVN-Kubernetes network plugin]. This plugin is the only Red Hat supported CNI plugin for {rosa-short}. -If you choose to use your own CNI for {hcp-title} clusters, it is strongly recommended that you obtain commercial support from the plugin vendor before creating your clusters. Red Hat support cannot assist with CNI-related issues such as pod to pod traffic for customers who choose to use their own CNI. Red Hat still provides support for all non-CNI issues. If you want CNI-related support from Red Hat, you must install the cluster with the default OVN-Kubernetes network plugin. For more information, see the xref:../rosa_architecture/rosa_policy_service_definition/rosa-policy-responsibility-matrix.adoc#rosa-policy-responsibility-matrix[responsibility matrix]. +If you choose to use your own CNI for {rosa-short} clusters, it is strongly recommended that you obtain commercial support from the plugin vendor before creating your clusters. Red Hat support cannot assist with CNI-related issues such as pod to pod traffic for customers who choose to use their own CNI. Red Hat still provides support for all non-CNI issues. If you want CNI-related support from Red Hat, you must install the cluster with the default OVN-Kubernetes network plugin. For more information, see the xref:../rosa_architecture/rosa_policy_service_definition/rosa-policy-responsibility-matrix.adoc#rosa-policy-responsibility-matrix[responsibility matrix]. [id="rosa-hcp-no-cni-cluster-creation"] -== Creating a {hcp-title} cluster without a CNI plugin +== Creating a {rosa-short} cluster without a CNI plugin === Prerequisites * Ensure that you have completed the xref:../rosa_planning/rosa-sts-aws-prereqs.adoc[AWS prerequisites]. @@ -37,7 +36,7 @@ include::modules/rosa-operator-config.adoc[leveloffset=+2] [id="additional-resources_rosa-hcp-operator-prefix-no-cni"] .Additional resources -* See xref:../rosa_architecture/rosa-sts-about-iam-resources.adoc#rosa-sts-about-operator-role-prefixes_rosa-sts-about-iam-resources[About custom Operator IAM role prefixes] for information on the Operator prefixes. +* xref:../rosa_architecture/rosa-sts-about-iam-resources.adoc#rosa-sts-about-operator-role-prefixes_rosa-sts-about-iam-resources[About custom Operator IAM role prefixes] include::modules/rosa-hcp-sts-creating-a-cluster-cli-no-cni-plugin.adoc[leveloffset=+1] diff --git a/rosa_hcp/rosa-hcp-creating-cluster-with-aws-kms-key.adoc b/rosa_hcp/rosa-hcp-creating-cluster-with-aws-kms-key.adoc index 83b44419e039..0f068245d028 100644 --- a/rosa_hcp/rosa-hcp-creating-cluster-with-aws-kms-key.adoc +++ b/rosa_hcp/rosa-hcp-creating-cluster-with-aws-kms-key.adoc @@ -6,15 +6,15 @@ include::_attributes/attributes-openshift-dedicated.adoc[] toc::[] -Create a {product-title} (ROSA) with a {hcp} (HCP) cluster using a custom AWS Key Management Service (KMS) key. +Create a {product-title} cluster using a custom AWS Key Management Service (KMS) key. //include::modules/rosa-sts-creating-a-cluster-quickly-ocm.adoc[leveloffset=+1] //include::modules/rosa-sts-associating-your-aws-account.adoc[leveloffset=+2] [id="rosa-hcp-creating-cluster-with-aws-kms-key-prereqs"] -== {hcp-title} Prerequisites +== {rosa-short} Prerequisites -To create a {hcp-title} cluster, you must have the following items: +To create a {rosa-short} cluster, you must have the following items: * A configured virtual private cloud (VPC) * Account-wide roles @@ -22,9 +22,9 @@ To create a {hcp-title} cluster, you must have the following items: * Operator roles [id="rosa-hcp-creating-cluster-with-aws-kms-key-creating-vpc"] -== Creating a Virtual Private Cloud for your {hcp-title} clusters +== Creating a Virtual Private Cloud for your {rosa-short} clusters -You must have a Virtual Private Cloud (VPC) to create {hcp-title} cluster. Use one of the following methods to create a VPC: +You must have a Virtual Private Cloud (VPC) to create {rosa-short} cluster. Use one of the following methods to create a VPC: * Create a VPC using the ROSA command-line interface (CLI) * Create a VPC by using a Terraform template @@ -42,8 +42,8 @@ include::modules/rosa-hcp-create-network.adoc[leveloffset=+3] [id="additional-resources_rosa-hcp-create-network-kms-key"] .Additional resources -* See the link:https://aws.amazon.com/cloudformation/[AWS CloudFormation] for more information about structuring CloudFormation files to create VPCs. -* See the link:https://github.com/openshift/rosa/blob/master/cmd/create/network/templates/rosa-quickstart-default-vpc/cloudformation.yaml[default VPC AWS CloudFormation template] for more information. +* link:https://aws.amazon.com/cloudformation/[AWS CloudFormation] +* link:https://github.com/openshift/rosa/blob/master/cmd/create/network/templates/rosa-quickstart-default-vpc/cloudformation.yaml[default VPC AWS CloudFormation template] [discrete] include::modules/rosa-hcp-vpc-terraform.adoc[leveloffset=+3] @@ -52,7 +52,7 @@ include::modules/rosa-hcp-vpc-terraform.adoc[leveloffset=+3] [id="additional-resources_rosa-hcp-vpc-terraform-kms-key"] .Additional resources -* See the link:https://github.com/openshift-cs/terraform-vpc-example[Terraform VPC] repository for a detailed list of all options available when customizing the VPC for your needs. +* link:https://github.com/openshift-cs/terraform-vpc-example[Terraform VPC repository] [discrete] include::modules/rosa-hcp-vpc-manual.adoc[leveloffset=+2] @@ -91,13 +91,13 @@ ifndef::openshift-rosa-hcp[] [id="additional-resources_rosa-hcp-creating-cluster-with-aws-kms-key"] == Additional resources -* For information on using the CLI to create a cluster, see xref:../rosa_hcp/rosa-hcp-sts-creating-a-cluster-quickly.adoc#rosa-hcp-sts-creating-a-cluster-cli_rosa-hcp-sts-creating-a-cluster-quickly[Creating a ROSA with HCP cluster using the CLI]. -* For steps to deploy a ROSA cluster using manual mode, see xref:../rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-with-customizations.adoc#rosa-sts-creating-cluster-using-customizations_rosa-sts-creating-a-cluster-with-customizations[Creating a cluster using customizations]. -* For more information about the AWS Identity Access Management (IAM) resources required to deploy {product-title} with STS, see xref:../rosa_architecture/rosa-sts-about-iam-resources.adoc#rosa-sts-about-iam-resources[About IAM resources for clusters that use STS]. -* For details about optionally setting an Operator role name prefix, see xref:../rosa_architecture/rosa-sts-about-iam-resources.adoc#rosa-sts-about-operator-role-prefixes_rosa-sts-about-iam-resources[About custom Operator IAM role prefixes]. -* For information about the prerequisites to installing ROSA with STS, see xref:../rosa_planning/rosa-sts-aws-prereqs.adoc#rosa-sts-aws-prereqs[AWS prerequisites for ROSA with STS]. -* For details about using the `auto` and `manual` modes to create the required STS resources, see xref:../rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-with-customizations.adoc#rosa-understanding-deployment-modes_rosa-sts-creating-a-cluster-with-customizations[Understanding the auto and manual deployment modes]. -* For more information about using OpenID Connect (OIDC) identity providers in AWS IAM, see link:https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_oidc.html[Creating OpenID Connect (OIDC) identity providers]. -* For more information about troubleshooting ROSA cluster installations, see xref:../support/troubleshooting/rosa-troubleshooting-installations-hcp.adoc#rosa-troubleshooting-installations-hcp[Troubleshooting ROSA with HCP cluster installations]. -* For steps to contact Red{nbsp}Hat Support for assistance, see xref:../support/getting-support.adoc#getting-support[Getting support for Red{nbsp}Hat OpenShift Service on AWS]. +* xref:../rosa_hcp/rosa-hcp-sts-creating-a-cluster-quickly.adoc#rosa-hcp-sts-creating-a-cluster-cli_rosa-hcp-sts-creating-a-cluster-quickly[Creating a ROSA with HCP cluster using the CLI] +* xref:../rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-with-customizations.adoc#rosa-sts-creating-cluster-using-customizations_rosa-sts-creating-a-cluster-with-customizations[Creating a cluster using customizations] +* xref:../rosa_architecture/rosa-sts-about-iam-resources.adoc#rosa-sts-about-iam-resources[About IAM resources for clusters that use STS] +* xref:../rosa_architecture/rosa-sts-about-iam-resources.adoc#rosa-sts-about-operator-role-prefixes_rosa-sts-about-iam-resources[About custom Operator IAM role prefixes] +* xref:../rosa_planning/rosa-sts-aws-prereqs.adoc#rosa-sts-aws-prereqs[AWS prerequisites for ROSA with STS] +* xref:../rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-with-customizations.adoc#rosa-understanding-deployment-modes_rosa-sts-creating-a-cluster-with-customizations[Understanding the auto and manual deployment modes] +* link:https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_oidc.html[Creating OpenID Connect (OIDC) identity providers] +* xref:../support/troubleshooting/rosa-troubleshooting-installations-hcp.adoc#rosa-troubleshooting-installations-hcp[Troubleshooting ROSA with HCP cluster installations] +* xref:../support/getting-support.adoc#getting-support[Getting support for Red{nbsp}Hat OpenShift Service on AWS] endif::openshift-rosa-hcp[] diff --git a/rosa_hcp/rosa-hcp-deleting-cluster.adoc b/rosa_hcp/rosa-hcp-deleting-cluster.adoc index e45f42ddb1a0..c9cfbf7512b4 100644 --- a/rosa_hcp/rosa-hcp-deleting-cluster.adoc +++ b/rosa_hcp/rosa-hcp-deleting-cluster.adoc @@ -6,7 +6,7 @@ include::_attributes/attributes-openshift-dedicated.adoc[] toc::[] -If you want to delete a {hcp-title-first} cluster, you can use either the {cluster-manager-first} or the ROSA command-line interface (CLI) (`rosa`). After deleting your cluster, you can also delete the AWS Identity and Access Management (IAM) resources that are used by the cluster. +If you want to delete a {product-title} cluster, you can use either the {cluster-manager-first} or the ROSA command-line interface (CLI) (`rosa`). After deleting your cluster, you can also delete the AWS Identity and Access Management (IAM) resources that are used by the cluster. include::modules/rosa-hcp-deleting-cluster.adoc[leveloffset=+1] diff --git a/rosa_hcp/rosa-hcp-egress-zero-install.adoc b/rosa_hcp/rosa-hcp-egress-zero-install.adoc index 55f5b3bcf8b3..6149f6fa30b5 100644 --- a/rosa_hcp/rosa-hcp-egress-zero-install.adoc +++ b/rosa_hcp/rosa-hcp-egress-zero-install.adoc @@ -62,7 +62,7 @@ A physical connection might exist between machines on the internal network and a [IMPORTANT] ==== -* You can use {egress-zero} on all supported versions of {product-title} that use the hosted control plane architecture; however, Red{nbsp}Hat suggests using the latest available z-stream release for each {ocp} version. +* You can use {egress-zero} on all supported versions of {rosa-short} that use the hosted control plane architecture; however, Red{nbsp}Hat suggests using the latest available z-stream release for each {ocp} version. * While you may install and upgrade your clusters as you would a regular cluster, due to an upstream issue with how the internal image registry functions in disconnected environments, your cluster that uses {egress-zero} will not be able to fully use all platform components, such as the image registry. You can restore these features by using the latest ROSA version when upgrading or installing your cluster. ==== @@ -72,7 +72,7 @@ include::modules/rosa-hcp-set-environment-variables.adoc[leveloffset=+1] [id="rosa-hcp-egress-zero-install-creating_{context}"] == Creating a Virtual Private Cloud for your {hcp-title} clusters -You must have a Virtual Private Cloud (VPC) to create a {hcp-title} cluster. To pull images from the local ECR mirror over your VPC endpoint, you must configure a privatelink service connection and modify the default security groups with specific tags. Use one of the following methods to create a VPC: +You must have a Virtual Private Cloud (VPC) to create a {rosa-short} cluster. To pull images from the local ECR mirror over your VPC endpoint, you must configure a privatelink service connection and modify the default security groups with specific tags. Use one of the following methods to create a VPC: * Create a VPC using the ROSA command-line interface (CLI) * Create a VPC by using a Terraform template diff --git a/rosa_hcp/rosa-hcp-quickstart-guide.adoc b/rosa_hcp/rosa-hcp-quickstart-guide.adoc index a4b002af6592..69812bb81750 100644 --- a/rosa_hcp/rosa-hcp-quickstart-guide.adoc +++ b/rosa_hcp/rosa-hcp-quickstart-guide.adoc @@ -19,14 +19,14 @@ include::modules/rosa-getting-started-install-configure-cli-tools.adoc[leveloffs .Next steps -Before you can use the {cluster-manager} {hybrid-console-second} to deploy ROSA clusters, you must associate your AWS account with your Red{nbsp}Hat organization and create the required account-wide STS roles and policies. +Before you can use the {hybrid-console} to deploy {rosa-short} clusters, you must associate your AWS account with your Red{nbsp}Hat organization and create the required account-wide AWS IAM STS roles and policies for ROSA. include::modules/rosa-sts-creating-account-wide-sts-roles-and-policies.adoc[leveloffset=+1] [id="rosa-hcp-quickstart-creating-vpc"] -== Creating a Virtual Private Cloud for your {hcp-title} clusters +== Creating a Virtual Private Cloud for your {rosa-short} clusters -You must have a Virtual Private Cloud (VPC) to create {hcp-title} cluster. You can use the following methods to create a VPC: +You must have an AWS Virtual Private Cloud (VPC) to create a {rosa-short} cluster. You can use the following methods to create a VPC: * Create a VPC using the ROSA CLI * Create a VPC by using a Terraform template @@ -34,7 +34,7 @@ You must have a Virtual Private Cloud (VPC) to create {hcp-title} cluster. You c [NOTE] ==== -The Terraform instructions are for testing and demonstration purposes. Your own installation requires some modifications to the VPC for your own use. You should also ensure that when you use this Terraform script it is in the same region that you intend to install your cluster. In these examples, use `us-east-2`. +The Terraform instructions are for testing and demonstration purposes. Your own installation requires some modifications to the VPC for your own use. You should also ensure that when you use this linked Terraform configuration, it is in the same region that you intend to install your cluster. In these examples, `us-east-2` is used. ==== [discrete] diff --git a/rosa_hcp/rosa-hcp-sts-creating-a-cluster-ext-auth.adoc b/rosa_hcp/rosa-hcp-sts-creating-a-cluster-ext-auth.adoc index 85b27a016b9d..0e8ef80ff23f 100644 --- a/rosa_hcp/rosa-hcp-sts-creating-a-cluster-ext-auth.adoc +++ b/rosa_hcp/rosa-hcp-sts-creating-a-cluster-ext-auth.adoc @@ -1,23 +1,23 @@ :_mod-docs-content-type: ASSEMBLY [id="rosa-hcp-sts-creating-a-cluster-ext-auth"] -= Creating a {hcp-title} cluster that uses direct authentication with an external OIDC identity provider += Creating a {rosa-short} cluster that uses direct authentication with an external OIDC identity provider include::_attributes/attributes-openshift-dedicated.adoc[] :context: rosa-hcp-sts-creating-a-cluster-ext-auth toc::[] -You can create {hcp-title-first} clusters that use an external OpenID Connect (OIDC) identity provider to issue tokens for authentication, replacing the built-in OpenShift OAuth server. While the built-in OpenShift OAuth server supports integration with a variety of identity providers, including external OIDC identity providers, it is limited to the capabilities of the OAuth server itself. You can directly integrate external OIDC identity providers with {hcp-title} clusters in order to facilitate machine-to-machine workflows, such as CLI, and provide additional capabilities which are not available when using the built-in OpenShift OAuth server. +You can create {product-title} clusters that use an external OpenID Connect (OIDC) identity provider to issue tokens for authentication, replacing the built-in OpenShift OAuth server. While the built-in OpenShift OAuth server supports integration with a variety of identity providers, including external OIDC identity providers, it is limited to the capabilities of the OAuth server itself. You can directly integrate external OIDC identity providers with {rosa-short} clusters in order to facilitate machine-to-machine workflows, such as CLI, and provide additional capabilities which are not available when using the built-in OpenShift OAuth server. [IMPORTANT] ==== -Since it is not possible to upgrade or convert existing ROSA clusters to a {hcp} architecture, you must create a new cluster to use {hcp-title} functionality. You also cannot convert a cluster that was created to use external authentication providers to use the internal OAuth2 server. You must also create a new cluster. +Since it is not possible to upgrade or convert existing {rosa-classic-short} clusters to a {hcp} architecture, you must create a new cluster to use {rosa-short} functionality. You also cannot convert a cluster that was created to use external authentication providers to use the internal OAuth2 server. You must also create a new cluster. ==== include::snippets/imp-rosa-hcp-no-shared-vpc-support.adoc[leveloffset=+0] [NOTE] ==== -{hcp-title} clusters only support {sts-first} authentication. +{rosa-short} clusters only support {sts-first} authentication. ==== .Further reading @@ -31,9 +31,9 @@ endif::openshift-rosa-hcp[] //For a full list of the supported certificates, see the xref:#../rosa_architecture/rosa_policy_service_definition/rosa-policy-process-security.adoc#rosa-policy-compliance_rosa-policy-process-security[Compliance] section of "Understanding process and security for Red{nbsp}Hat OpenShift Service on AWS". [id="rosa-hcp-external-auth-prereqs"] -== {hcp-title} Prerequisites +== {rosa-short} Prerequisites -To create a {hcp-title} cluster, you must have completed the following steps: +To create a {rosa-short} cluster, you must have completed the following steps: ifndef::openshift-rosa-hcp[] * Completed the xref:../rosa_planning/rosa-sts-aws-prereqs.adoc#rosa-sts-aws-prereqs[AWS prerequisites] @@ -63,7 +63,7 @@ include::modules/rosa-hcp-sts-creating-a-break-glass-cred-cli.adoc[leveloffset=+ [role="_additional-resources"] .Additional resources -* For more information about creating a {hcp-title} cluster with external authentication enabled, see xref:../rosa_hcp/rosa-hcp-sts-creating-a-cluster-ext-auth.adoc#rosa-hcp-sts-creating-a-cluster-external-auth-cluster-cli_rosa-hcp-sts-creating-a-cluster-ext-auth[Creating a {hcp-title} cluster that uses direct authentication with an external OIDC identity provider]. +* xref:../rosa_hcp/rosa-hcp-sts-creating-a-cluster-ext-auth.adoc#rosa-hcp-sts-creating-a-cluster-external-auth-cluster-cli_rosa-hcp-sts-creating-a-cluster-ext-auth[Creating a {hcp-title} cluster that uses direct authentication with an external OIDC identity provider] //* For more information about CLI configurations, see xref:#../cli_reference/openshift_cli/managing-cli-profiles.adoc#managing-cli-profiles[Managing CLI profiles]. include::modules/rosa-hcp-sts-accessing-a-break-glass-cred-cli.adoc[leveloffset=+1] @@ -82,9 +82,9 @@ include::modules/rosa-hcp-sts-creating-a-cluster-external-auth-provider-delete-c == Additional resources // * To learn more about the default CIDR ranges for {product-title}, see xref:#../networking/cidr-range-definitions.adoc#cidr-range-definitions[CIDR range definitions]. -* For details about optionally setting an Operator role name prefix, see xref:../rosa_architecture/rosa-sts-about-iam-resources.adoc#rosa-sts-about-operator-role-prefixes_rosa-sts-about-iam-resources[About custom Operator IAM role prefixes]. -* For information about the prerequisites to installing ROSA with STS, see xref:../rosa_planning/rosa-sts-aws-prereqs.adoc#rosa-sts-aws-prereqs[AWS prerequisites for ROSA with STS]. -* For details about using the `auto` and `manual` modes to create the required STS resources, see xref:../rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-with-customizations.adoc#rosa-understanding-deployment-modes_rosa-sts-creating-a-cluster-with-customizations[Understanding the auto and manual deployment modes]. -* For more information about using OpenID Connect (OIDC) identity providers in AWS IAM, see link:https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_oidc.html[Creating OpenID Connect (OIDC) identity providers] in the AWS documentation. -* For more information about troubleshooting ROSA cluster installations, see xref:../support/troubleshooting/rosa-troubleshooting-installations-hcp.adoc#rosa-troubleshooting-installations-hcp[Troubleshooting ROSA with HCP cluster installations]. -* For steps to contact Red{nbsp}Hat Support for assistance, see xref:../support/getting-support.adoc#getting-support[Getting support for Red{nbsp}Hat OpenShift Service on AWS]. \ No newline at end of file +* xref:../rosa_architecture/rosa-sts-about-iam-resources.adoc#rosa-sts-about-operator-role-prefixes_rosa-sts-about-iam-resources[About custom Operator IAM role prefixes] +* xref:../rosa_planning/rosa-sts-aws-prereqs.adoc#rosa-sts-aws-prereqs[AWS prerequisites for ROSA with STS] +* xref:../rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-with-customizations.adoc#rosa-understanding-deployment-modes_rosa-sts-creating-a-cluster-with-customizations[Understanding the auto and manual deployment modes] +* link:https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_oidc.html[Creating OpenID Connect (OIDC) identity providers] in the AWS documentation. +* xref:../support/troubleshooting/rosa-troubleshooting-installations-hcp.adoc#rosa-troubleshooting-installations-hcp[Troubleshooting ROSA with HCP cluster installations] +* xref:../support/getting-support.adoc#getting-support[Getting support for Red{nbsp}Hat OpenShift Service on AWS] \ No newline at end of file diff --git a/rosa_hcp/rosa-hcp-sts-creating-a-cluster-quickly.adoc b/rosa_hcp/rosa-hcp-sts-creating-a-cluster-quickly.adoc index 46d2d29c1aa0..378198968307 100644 --- a/rosa_hcp/rosa-hcp-sts-creating-a-cluster-quickly.adoc +++ b/rosa_hcp/rosa-hcp-sts-creating-a-cluster-quickly.adoc @@ -1,32 +1,32 @@ :_mod-docs-content-type: ASSEMBLY -[id="rosa-hcp-sts-creating-a-cluster-quickly"] -= Creating ROSA with HCP clusters using the default options include::_attributes/attributes-openshift-dedicated.adoc[] :context: rosa-hcp-sts-creating-a-cluster-quickly +[id="rosa-hcp-sts-creating-a-cluster-quickly"] += Creating {rosa-short} clusters using the default options toc::[] ifndef::openshift-rosa-hcp[] [NOTE] ==== -If you are looking for a quickstart guide for ROSA Classic, see xref:../rosa_getting_started/rosa-quickstart-guide-ui.adoc#rosa-quickstart-guide-ui[{product-title} quickstart guide]. +If you are looking for a quickstart guide for {rosa-classic-short}, see xref:../rosa_getting_started/rosa-quickstart-guide-ui.adoc#rosa-quickstart-guide-ui[{product-title} quickstart guide]. ==== endif::openshift-rosa-hcp[] -{hcp-title-first} offers a more efficient and reliable architecture for creating {product-title} (ROSA) clusters. With {hcp-title}, each cluster has a dedicated control plane that is isolated in a ROSA service account. +{product-title} offers a more efficient and reliable architecture for creating {rosa-short} clusters. With {rosa-short}, each cluster has a dedicated control plane that is isolated in the ROSA service AWS account. -Create a {hcp-title} cluster quickly by using the default options and automatic AWS Identity and Access Management (IAM) resource creation. You can deploy your cluster by using the ROSA CLI (`rosa`). +Create a {rosa-short} cluster quickly by using the default options and automatic AWS Identity and Access Management (IAM) resource creation. You can deploy your cluster by using the ROSA CLI (`rosa`). [IMPORTANT] ==== -Since it is not possible to upgrade or convert existing ROSA clusters to a {hcp} architecture, you must create a new cluster to use {hcp-title} functionality. +Since it is not possible to upgrade or convert existing {rosa-classic-short} clusters to hosted control plane architecture, you must create a new cluster to use {rosa-short} functionality. ==== include::snippets/imp-rosa-hcp-no-shared-vpc-support.adoc[leveloffset=+0] [NOTE] ==== -{hcp-title} clusters only support AWS Security Token Service (STS) authentication. +{rosa-short} clusters only support AWS IAM with Security Token Service (STS) authentication. ==== ifndef::openshift-rosa-hcp[] @@ -59,7 +59,7 @@ include::modules/rosa-sts-overview-of-the-default-cluster-specifications.adoc[le //TODO OSDOCS-11789: Move these out of the deployment doc and into the prepare doc? Keep in both locations? [id="rosa-hcp-prereqs"] -== {hcp-title} Prerequisites +== {rosa-short} Prerequisites To create a {hcp-title} cluster, you must have the following items: @@ -71,7 +71,7 @@ To create a {hcp-title} cluster, you must have the following items: [id="rosa-hcp-creating-vpc"] === Creating a Virtual Private Cloud for your {hcp-title} clusters -You must have a Virtual Private Cloud (VPC) to create {hcp-title} cluster. You can use the following methods to create a VPC: +You must have a Virtual Private Cloud (VPC) to create {rosa-short} cluster. You can use the following methods to create a VPC: * Create a VPC using the ROSA CLI * Create a VPC by using a Terraform template @@ -79,7 +79,7 @@ You must have a Virtual Private Cloud (VPC) to create {hcp-title} cluster. You c [NOTE] ==== -The Terraform instructions are for testing and demonstration purposes. Your own installation requires some modifications to the VPC for your own use. You should also ensure that when you use this Terraform script it is in the same region that you intend to install your cluster. In these examples, use `us-east-2`. +The Terraform instructions are for testing and demonstration purposes. Your own installation requires some modifications to the VPC for your own use. You should also ensure that when you use this Terraform configuration, it is in the same region that you intend to install your cluster. In these examples, `us-east-2` is used. ==== [discrete] @@ -144,13 +144,13 @@ ifndef::openshift-rosa-hcp[] [id="additional-resources_rosa-sts-creating-a-cluster-quickly"] == Additional resources -* For steps to deploy a ROSA cluster using manual mode, see xref:../rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-with-customizations.adoc#rosa-sts-creating-cluster-using-customizations_rosa-sts-creating-a-cluster-with-customizations[Creating a cluster using customizations]. -* For more information about the AWS Identity Access Management (IAM) resources required to deploy {product-title} with STS, see xref:../rosa_architecture/rosa-sts-about-iam-resources.adoc#rosa-sts-about-iam-resources[About IAM resources for clusters that use STS]. -* See xref:../rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-aws-prereqs.adoc#rosa-security-groups_prerequisites[Additional custom security groups] for information about security group requirements. -* For details about optionally setting an Operator role name prefix, see xref:../rosa_architecture/rosa-sts-about-iam-resources.adoc#rosa-sts-about-operator-role-prefixes_rosa-sts-about-iam-resources[About custom Operator IAM role prefixes]. -* For information about the prerequisites to installing ROSA with STS, see xref:../rosa_planning/rosa-sts-aws-prereqs.adoc#rosa-sts-aws-prereqs[AWS prerequisites for ROSA with STS]. -* For details about using the `auto` and `manual` modes to create the required STS resources, see xref:../rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-with-customizations.adoc#rosa-understanding-deployment-modes_rosa-sts-creating-a-cluster-with-customizations[Understanding the auto and manual deployment modes]. -* For more information about using OpenID Connect (OIDC) identity providers in AWS IAM, see link:https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_oidc.html[Creating OpenID Connect (OIDC) identity providers] in the AWS documentation. -* For more information about troubleshooting {hcp-title} cluster installations, see xref:../support/troubleshooting/rosa-troubleshooting-installations-hcp.adoc#rosa-troubleshooting-installations-hcp[Troubleshooting ROSA with HCP installations]. -* For steps to contact Red{nbsp}Hat Support for assistance, see xref:../support/getting-support.adoc#getting-support[Getting support for Red{nbsp}Hat OpenShift Service on AWS]. +* xref:../rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-with-customizations.adoc#rosa-sts-creating-cluster-using-customizations_rosa-sts-creating-a-cluster-with-customizations[Creating a cluster using customizations] +* xref:../rosa_architecture/rosa-sts-about-iam-resources.adoc#rosa-sts-about-iam-resources[About IAM resources for clusters that use STS] +* xref:../rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-aws-prereqs.adoc#rosa-security-groups_prerequisites[Additional custom security groups] +* xref:../rosa_architecture/rosa-sts-about-iam-resources.adoc#rosa-sts-about-operator-role-prefixes_rosa-sts-about-iam-resources[About custom Operator IAM role prefixes] +* xref:../rosa_planning/rosa-sts-aws-prereqs.adoc#rosa-sts-aws-prereqs[AWS prerequisites for ROSA with STS] +* xref:../rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-with-customizations.adoc#rosa-understanding-deployment-modes_rosa-sts-creating-a-cluster-with-customizations[Understanding the auto and manual deployment modes] +* link:https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_oidc.html[Creating OpenID Connect (OIDC) identity providers] +* xref:../support/troubleshooting/rosa-troubleshooting-installations-hcp.adoc#rosa-troubleshooting-installations-hcp[Troubleshooting ROSA with HCP installations] +* xref:../support/getting-support.adoc#getting-support[Getting support for Red{nbsp}Hat OpenShift Service on AWS] endif::openshift-rosa-hcp[] \ No newline at end of file