diff --git a/_topic_maps/_topic_map_rosa.yml b/_topic_maps/_topic_map_rosa.yml index 4d0cfa7aeb..51257b4be6 100644 --- a/_topic_maps/_topic_map_rosa.yml +++ b/_topic_maps/_topic_map_rosa.yml @@ -35,40 +35,48 @@ Distros: openshift-rosa Topics: - Name: Understanding ROSA File: rosa-understanding -- Name: Architecture models - File: rosa-architecture-models -- Name: Architecture concepts - File: rosa-basic-architecture-concepts -- Name: ROSA service definition - File: rosa-service-definition -- Name: Responsibility assignment matrix - File: rosa-policy-responsibility-matrix -- Name: Understanding the ROSA with STS deployment workflow - File: rosa-sts-getting-started-workflow -- Name: Understanding process and security for ROSA - File: rosa-policy-process-security -- Name: About availability for ROSA - File: rosa-policy-understand-availability -- Name: ROSA update life cycle - File: rosa-life-cycle +- Name: ROSA architecture + Dir: rosa_architecture_sub + Distros: openshift-rosa + Topics: + - Name: Architecture concepts + File: rosa-basic-architecture-concepts + - Name: Architecture models + File: rosa-architecture-models +- Name: Policies and service definition + Dir: rosa_policy_service_definition + Distros: openshift-rosa + Topics: + - Name: About availability for ROSA + File: rosa-policy-understand-availability + - Name: Responsibility assignment matrix + File: rosa-policy-responsibility-matrix + - Name: ROSA service definition + File: rosa-service-definition + - Name: ROSA update life cycle + File: rosa-life-cycle + - Name: Understanding process and security for ROSA + File: rosa-policy-process-security +- Name: About IAM resources for ROSA with STS + File: rosa-sts-about-iam-resources - Name: Support for ROSA File: rosa-getting-support # - Name: Training for ROSA # File: rosa-training --- -Name: ROSA CLI tools +Name: ROSA CLI Dir: rosa_cli Distros: openshift-rosa Topics: # - Name: CLI and web console # File: rosa-cli-penshift-console -- Name: Getting started with the rosa CLI +- Name: Getting started with the ROSA CLI File: rosa-get-started-cli -- Name: Managing objects with the rosa CLI +- Name: Managing objects with the ROSA CLI File: rosa-manage-objects-cli -- Name: Checking account and version information with the rosa CLI +- Name: Checking account and version information with the ROSA CLI File: rosa-checking-acct-version-cli -- Name: Checking logs with the rosa CLI +- Name: Checking logs with the ROSA CLI File: rosa-checking-logs-cli --- Name: Red Hat OpenShift Cluster Manager @@ -88,31 +96,36 @@ Distros: openshift-rosa Topics: - Name: AWS prerequisites for ROSA with STS File: rosa-sts-aws-prereqs -- Name: AWS prerequisites for ROSA - File: rosa-aws-prereqs - Name: Limits and scalability File: rosa-limits-scalability - Name: Planning your environment File: rosa-planning-environment +- Name: Required AWS service quotas + File: rosa-sts-required-aws-service-quotas +- Name: Setting up your environment + File: rosa-sts-setting-up-environment --- Name: Getting started Dir: rosa_getting_started Distros: openshift-rosa Topics: +- Name: Understanding the ROSA with STS deployment workflow + File: rosa-sts-getting-started-workflow - Name: Getting started with ROSA File: rosa-getting-started -- Name: Required AWS service quotas - File: rosa-sts-required-aws-service-quotas -- Name: Setting up the environment for using STS - File: rosa-sts-setting-up-environment +--- +Name: Installing, accessing, and deleting ROSA clusters +Dir: rosa_install_access_delete_clusters +Distros: openshift-rosa +Topics: - Name: Creating a ROSA cluster with STS quickly File: rosa-sts-creating-a-cluster-quickly - Name: Creating a ROSA cluster with STS using customizations File: rosa-sts-creating-a-cluster-with-customizations -- Name: About IAM resources for ROSA with STS - File: rosa-sts-about-iam-resources - Name: Interactive cluster creation mode reference File: rosa-sts-interactive-mode-reference +- Name: Creating an AWS PrivateLink cluster on ROSA + File: rosa-aws-privatelink-creating-cluster - Name: Accessing a ROSA cluster File: rosa-sts-accessing-cluster - Name: Configuring identity providers using Red Hat OpenShift Cluster Manager @@ -125,24 +138,24 @@ Topics: Dir: rosa_getting_started_iam Distros: openshift-rosa Topics: + - Name: AWS prerequisites for ROSA + File: rosa-aws-prereqs - Name: Understanding the ROSA deployment workflow File: rosa-getting-started-workflow - Name: Required AWS service quotas File: rosa-required-aws-service-quotas - Name: Configuring your AWS account File: rosa-config-aws-account - - Name: Installing ROSA + - Name: Installing the ROSA CLI File: rosa-installing-rosa - - Name: Creating a ROSA cluster + - Name: Creating a ROSA cluster without AWS STS File: rosa-creating-cluster # - Name: Creating a ROSA cluster using the web console # File: rosa-creating-cluster-console - - Name: Creating an AWS PrivateLink cluster on ROSA - File: rosa-aws-privatelink-creating-cluster - - Name: Accessing a ROSA cluster - File: rosa-accessing-cluster - - Name: Configuring identity providers using the Red Hat OpenShift Cluster Manager - File: rosa-config-identity-providers +# - Name: Accessing a ROSA cluster +# File: rosa-accessing-cluster +# - Name: Configuring identity providers using the Red Hat OpenShift Cluster Manager +# File: rosa-config-identity-providers - Name: Deleting access to a ROSA cluster File: rosa-deleting-access-cluster - Name: Deleting a ROSA cluster @@ -160,6 +173,31 @@ Topics: # File: rosa-cluster-auth # - Name: Authorization and RBAC # File: rosa-auth-rbac +- Name: Configuring private connections + Dir: cloud_infrastructure_access + Distros: openshift-rosa + Topics: + - Name: Configuring private connections + File: rosa-configuring-private-connections + - Name: Configuring AWS VPC peering + File: dedicated-aws-peering + - Name: Configuring AWS VPN + File: dedicated-aws-vpn + - Name: Configuring AWS Direct Connect + File: dedicated-aws-dc + - Name: Configuring a private cluster + File: rosa-private-cluster +- Name: Nodes + Dir: rosa_nodes + Distros: openshift-rosa + Topics: + - Name: About machine pools + File: rosa-nodes-machinepools-about + - Name: Managing compute nodes + File: rosa-managing-worker-nodes + Distros: openshift-rosa + - Name: About autoscaling nodes on a cluster + File: rosa-nodes-about-autoscaling-nodes - Name: Logging Dir: rosa_logging Distros: openshift-rosa @@ -186,31 +224,6 @@ Topics: File: rosa-reviewing-monitoring-dashboards - Name: Troubleshooting monitoring issues File: rosa-troubleshooting-monitoring-issues -- Name: Configuring private connections - Dir: cloud_infrastructure_access - Distros: openshift-rosa - Topics: - - Name: Configuring private connections - File: rosa-configuring-private-connections - - Name: Configuring AWS VPC peering - File: dedicated-aws-peering - - Name: Configuring AWS VPN - File: dedicated-aws-vpn - - Name: Configuring AWS Direct Connect - File: dedicated-aws-dc - - Name: Configuring a private cluster - File: rosa-private-cluster -- Name: Nodes - Dir: rosa_nodes - Distros: openshift-rosa - Topics: - - Name: About machine pools - File: rosa-nodes-machinepools-about - - Name: Managing compute nodes - File: rosa-managing-worker-nodes - Distros: openshift-rosa - - Name: About autoscaling nodes on a cluster - File: rosa-nodes-about-autoscaling-nodes --- Name: Cluster security Dir: authentication @@ -230,10 +243,10 @@ Topics: #- Name: Preparing to upgrade ROSA to 4.9 # File: rosa-upgrading-cluster-prepare # Distros: openshift-rosa -- Name: Upgrading ROSA - File: rosa-upgrading - Name: Upgrading ROSA with STS File: rosa-upgrading-sts +- Name: Upgrading ROSA + File: rosa-upgrading --- Name: Add-on services Dir: adding_service_cluster @@ -244,29 +257,6 @@ Topics: - Name: Available services File: rosa-available-services --- -Name: Application development -Dir: applications -Distros: openshift-rosa -Topics: -- Name: Deployments - Dir: deployments - Distros: openshift-rosa - Topics: - - Name: Configuring custom domains for applications - File: osd-config-custom-domains-applications -# - Name: Application GitOps workflows -# File: rosa-app-gitops-workflows -# - Name: Application logging -# File: rosa-app-logging -# - Name: Applications -# File: rosa-apps -# - Name: Application metrics and alerts -# File: rosa-app-metrics and alerts -# - Name: Projects -# File: rosa-projects -# - Name: Using the internal registry -# File: rosa-using-internal-registry ---- Name: Storage and registry Dir: storage Distros: openshift-rosa @@ -296,6 +286,29 @@ Topics: - Name: CIDR range definitions File: cidr-range-definitions --- +Name: Application development +Dir: applications +Distros: openshift-rosa +Topics: +- Name: Deployments + Dir: deployments + Distros: openshift-rosa + Topics: + - Name: Configuring custom domains for applications + File: osd-config-custom-domains-applications +# - Name: Application GitOps workflows +# File: rosa-app-gitops-workflows +# - Name: Application logging +# File: rosa-app-logging +# - Name: Applications +# File: rosa-apps +# - Name: Application metrics and alerts +# File: rosa-app-metrics and alerts +# - Name: Projects +# File: rosa-projects +# - Name: Using the internal registry +# File: rosa-using-internal-registry +--- Name: Troubleshooting Dir: rosa_support Distros: openshift-rosa diff --git a/networking/configuring-cluster-wide-proxy.adoc b/networking/configuring-cluster-wide-proxy.adoc index d1e513182d..b94204e399 100644 --- a/networking/configuring-cluster-wide-proxy.adoc +++ b/networking/configuring-cluster-wide-proxy.adoc @@ -26,7 +26,7 @@ include::modules/cluster-wide-proxy-preqs.adoc[leveloffset=+1] .Additional Resources ifdef::openshift-rosa[] -For information about standard installation prerequisites, see xref:../rosa_planning/rosa-aws-prereqs.adoc#prerequisites[AWS prerequisites for ROSA]. For information about the prerequisites for installation using AWS Security Token Service (STS), see xref:../rosa_planning/rosa-sts-aws-prereqs.adoc#rosa-sts-aws-prerequisites[AWS prerequisites for ROSA with STS]. +For information about standard installation prerequisites, see xref:../rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-aws-prereqs.adoc#prerequisites[AWS prerequisites for ROSA]. For information about the prerequisites for installation using AWS Security Token Service (STS), see xref:../rosa_planning/rosa-sts-aws-prereqs.adoc#rosa-sts-aws-prerequisites[AWS prerequisites for ROSA with STS]. endif::[] ifdef::openshift-dedicated[] For more information, see xref:../osd_quickstart/osd-quickstart.adoc#osd-getting-started[Getting started with {product-title}] for a basic cluster installation workflow. diff --git a/rosa_getting_started/rosa-sts-about-iam-resources.adoc b/rosa_architecture/rosa-sts-about-iam-resources.adoc similarity index 74% rename from rosa_getting_started/rosa-sts-about-iam-resources.adoc rename to rosa_architecture/rosa-sts-about-iam-resources.adoc index 4f0afa442e..cecce2ba85 100644 --- a/rosa_getting_started/rosa-sts-about-iam-resources.adoc +++ b/rosa_architecture/rosa-sts-about-iam-resources.adoc @@ -17,15 +17,15 @@ This document provides reference information about the IAM resources that you mu [role="_additional-resources"] .Additional resources -* For steps to quickly create a ROSA cluster with STS, including the AWS IAM resources, see xref:../rosa_getting_started/rosa-sts-creating-a-cluster-quickly.adoc#rosa-sts-creating-a-cluster-quickly[Creating a ROSA cluster with STS quickly]. -* For steps to create a ROSA cluster with STS using customizations, including the AWS IAM resources, see xref:../rosa_getting_started/rosa-sts-creating-a-cluster-with-customizations.adoc#rosa-sts-creating-a-cluster-with-customizations[Creating a ROSA cluster with STS using customizations]. +* For steps to quickly create a ROSA cluster with STS, including the AWS IAM resources, see xref:../rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-quickly.adoc#rosa-sts-creating-a-cluster-quickly[Creating a ROSA cluster with STS quickly]. +* For steps to create a ROSA cluster with STS using customizations, including the AWS IAM resources, see xref:../rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-with-customizations.adoc#rosa-sts-creating-a-cluster-with-customizations[Creating a ROSA cluster with STS using customizations]. include::modules/rosa-sts-account-wide-roles-and-policies.adoc[leveloffset=+1] [role="_additional-resources"] .Additional resources -* For a definition of OpenShift major, minor, and patch versions, see xref:../rosa_architecture/rosa-life-cycle.adoc#rosa-life-cycle-definitions_rosa-life-cycle[the {product-title} update life cycle]. +* For a definition of OpenShift major, minor, and patch versions, see xref:../rosa_architecture/rosa_policy_service_definition/rosa-life-cycle.adoc#rosa-life-cycle-definitions_rosa-life-cycle[the {product-title} update life cycle]. include::modules/rosa-sts-account-wide-role-and-policy-commands.adoc[leveloffset=+2] include::modules/rosa-sts-operator-roles.adoc[leveloffset=+1] diff --git a/rosa_architecture/rosa-sts-getting-started-workflow.adoc b/rosa_architecture/rosa-sts-getting-started-workflow.adoc deleted file mode 100644 index 79ec484b3c..0000000000 --- a/rosa_architecture/rosa-sts-getting-started-workflow.adoc +++ /dev/null @@ -1,32 +0,0 @@ -:_content-type: ASSEMBLY -[id="rosa-sts-understanding-the-deployment-workflow"] -= Understanding the ROSA with STS deployment workflow -include::_attributes/attributes-openshift-dedicated.adoc[] -:context: rosa-sts-overview-of-the-deployment-workflow - -toc::[] - -Before you create a {product-title} (ROSA) cluster, you must complete the AWS prerequisites, verify that the required AWS service quotas are available, and set up your environment. - -This document provides an overview of the ROSA with STS deployment workflow stages and refers to detailed resources for each stage. - -[id="rosa-sts-overview-of-the-deployment-workflow"] -== Overview of the ROSA with STS deployment workflow - -The AWS Security Token Service (STS) is a global web service that provides short-term credentials for IAM or federated users. You can use AWS STS with {product-title} (ROSA) to allocate temporary, limited-privilege credentials for component-specific IAM roles. The service enables cluster components to make AWS API calls using secure cloud resource management practices. - -You can follow the workflow stages outlined in this section to set up and access a ROSA cluster that uses STS. - -. xref:../rosa_planning/rosa-sts-aws-prereqs.adoc#rosa-sts-aws-prereqs[Complete the AWS prerequisites for ROSA with STS]. To deploy a ROSA cluster with STS, your AWS account must meet the prerequisite requirements. -. xref:../rosa_getting_started/rosa-sts-required-aws-service-quotas.adoc#rosa-sts-required-aws-service-quotas[Review the required AWS service quotas]. To prepare for your cluster deployment, review the AWS service quotas that are required to run a ROSA cluster. -. xref:../rosa_getting_started/rosa-sts-setting-up-environment.adoc#rosa-sts-setting-up-environment[Set up the environment and install ROSA using STS]. Before you create a ROSA with STS cluster, you must enable ROSA in your AWS account, install and configure the required CLI tools, and verify the configuration of the CLI tools. You must also verify that the AWS Elastic Load Balancing (ELB) service role exists and that the required AWS resource quotas are available. -. xref:../rosa_getting_started/rosa-sts-creating-a-cluster-quickly.adoc#rosa-sts-creating-a-cluster-quickly[Create a ROSA cluster with STS quickly] or xref:../rosa_getting_started/rosa-sts-creating-a-cluster-with-customizations.adoc#rosa-sts-creating-a-cluster-with-customizations[create a cluster using customizations]. Use the ROSA CLI (`rosa`) to create a cluster with STS. You can create a cluster by using the default options, or you can apply customizations to suit the needs of your organization. -. xref:../rosa_getting_started/rosa-sts-accessing-cluster.adoc#rosa-sts-accessing-cluster[Access your cluster]. You can configure an identity provider and grant cluster administrator privileges to the identity provider users as required. You can also access a newly-deployed cluster quickly by configuring a `cluster-admin` user. -. xref:../rosa_getting_started/rosa-sts-deleting-access-cluster.adoc#rosa-sts-deleting-access-cluster[Revoke access to a ROSA cluster for a user]. You can revoke access to a ROSA with STS cluster from a user by using the ROSA CLI or the web console. -. xref:../rosa_getting_started/rosa-sts-deleting-cluster.adoc#rosa-sts-deleting-cluster[Delete a ROSA cluster]. You can delete a ROSA with STS cluster by using the ROSA CLI (`rosa`). After deleting a cluster, you can delete the STS resources by using the AWS Identity and Access Management (IAM) Console. - -[id="additional_resources_{context}"] -[role="_additional-resources"] -== Additional resources - -* For information about using the ROSA deployment workflow to create a cluster that does not use AWS STS, see xref:../rosa_getting_started/rosa_getting_started_iam/rosa-getting-started-workflow.adoc#rosa-understanding-the-deployment-workflow[Understanding the ROSA deployment workflow]. diff --git a/rosa_architecture/rosa_architecture_sub/_attributes b/rosa_architecture/rosa_architecture_sub/_attributes new file mode 120000 index 0000000000..f27fd275ea --- /dev/null +++ b/rosa_architecture/rosa_architecture_sub/_attributes @@ -0,0 +1 @@ +../_attributes/ \ No newline at end of file diff --git a/rosa_getting_started/rosa_getting_started_iam/images b/rosa_architecture/rosa_architecture_sub/images similarity index 100% rename from rosa_getting_started/rosa_getting_started_iam/images rename to rosa_architecture/rosa_architecture_sub/images diff --git a/rosa_getting_started/rosa_getting_started_iam/modules b/rosa_architecture/rosa_architecture_sub/modules similarity index 100% rename from rosa_getting_started/rosa_getting_started_iam/modules rename to rosa_architecture/rosa_architecture_sub/modules diff --git a/rosa_architecture/rosa-architecture-models.adoc b/rosa_architecture/rosa_architecture_sub/rosa-architecture-models.adoc similarity index 100% rename from rosa_architecture/rosa-architecture-models.adoc rename to rosa_architecture/rosa_architecture_sub/rosa-architecture-models.adoc diff --git a/rosa_architecture/rosa-basic-architecture-concepts.adoc b/rosa_architecture/rosa_architecture_sub/rosa-basic-architecture-concepts.adoc similarity index 100% rename from rosa_architecture/rosa-basic-architecture-concepts.adoc rename to rosa_architecture/rosa_architecture_sub/rosa-basic-architecture-concepts.adoc diff --git a/rosa_getting_started/rosa_getting_started_iam/snippets b/rosa_architecture/rosa_architecture_sub/snippets similarity index 100% rename from rosa_getting_started/rosa_getting_started_iam/snippets rename to rosa_architecture/rosa_architecture_sub/snippets diff --git a/rosa_architecture/rosa_policy_service_definition/_attributes b/rosa_architecture/rosa_policy_service_definition/_attributes new file mode 120000 index 0000000000..f27fd275ea --- /dev/null +++ b/rosa_architecture/rosa_policy_service_definition/_attributes @@ -0,0 +1 @@ +../_attributes/ \ No newline at end of file diff --git a/rosa_architecture/rosa_policy_service_definition/images b/rosa_architecture/rosa_policy_service_definition/images new file mode 120000 index 0000000000..5e67573196 --- /dev/null +++ b/rosa_architecture/rosa_policy_service_definition/images @@ -0,0 +1 @@ +../images \ No newline at end of file diff --git a/rosa_architecture/rosa_policy_service_definition/modules b/rosa_architecture/rosa_policy_service_definition/modules new file mode 120000 index 0000000000..464b823aca --- /dev/null +++ b/rosa_architecture/rosa_policy_service_definition/modules @@ -0,0 +1 @@ +../modules \ No newline at end of file diff --git a/rosa_architecture/rosa-life-cycle.adoc b/rosa_architecture/rosa_policy_service_definition/rosa-life-cycle.adoc similarity index 76% rename from rosa_architecture/rosa-life-cycle.adoc rename to rosa_architecture/rosa_policy_service_definition/rosa-life-cycle.adoc index 880749dbcd..71da351bee 100644 --- a/rosa_architecture/rosa-life-cycle.adoc +++ b/rosa_architecture/rosa_policy_service_definition/rosa-life-cycle.adoc @@ -10,7 +10,7 @@ include::modules/life-cycle-overview.adoc[leveloffset=+1] .Additional resources -* xref:../rosa_architecture/rosa-service-definition.adoc#rosa-service-definition[{product-title} service definition] +* xref:../rosa_policy_service_definition/rosa-service-definition.adoc#rosa-service-definition[{product-title} service definition] include::modules/life-cycle-definitions.adoc[leveloffset=+1] include::modules/life-cycle-major-versions.adoc[leveloffset=+1] @@ -19,7 +19,7 @@ include::modules/life-cycle-minor-versions.adoc[leveloffset=+1] [role="_additional-resources"] .Additional resources -* xref:../rosa_architecture/rosa-life-cycle.adoc#rosa-limited-support_rosa-life-cycle[{product-title} limited support status] +* xref:../rosa_policy_service_definition/rosa-life-cycle.adoc#rosa-limited-support_rosa-life-cycle[{product-title} limited support status] include::modules/life-cycle-patch-versions.adoc[leveloffset=+1] include::modules/life-cycle-limited-support.adoc[leveloffset=+1] diff --git a/rosa_architecture/rosa-policy-process-security.adoc b/rosa_architecture/rosa_policy_service_definition/rosa-policy-process-security.adoc similarity index 79% rename from rosa_architecture/rosa-policy-process-security.adoc rename to rosa_architecture/rosa_policy_service_definition/rosa-policy-process-security.adoc index a72cbed552..37e3fc4580 100644 --- a/rosa_architecture/rosa-policy-process-security.adoc +++ b/rosa_architecture/rosa_policy_service_definition/rosa-policy-process-security.adoc @@ -28,6 +28,6 @@ include::modules/rosa-policy-disaster-recovery.adoc[leveloffset=+1] == Additional resources -* For more information about customer or shared responsibilities, see the xref:../rosa_architecture/rosa-policy-responsibility-matrix.adoc#rosa-policy-responsibilities_rosa-policy-responsibility-matrix[ROSA Responsibilities] document. +* For more information about customer or shared responsibilities, see the xref:../rosa_policy_service_definition/rosa-policy-responsibility-matrix.adoc#rosa-policy-responsibilities_rosa-policy-responsibility-matrix[ROSA Responsibilities] document. -* For more information about ROSA and its components, see the xref:../rosa_architecture/rosa-service-definition.adoc#rosa-service-definition[ROSA Service Definition]. +* For more information about ROSA and its components, see the xref:../rosa_policy_service_definition/rosa-service-definition.adoc#rosa-service-definition[ROSA Service Definition]. diff --git a/rosa_architecture/rosa-policy-responsibility-matrix.adoc b/rosa_architecture/rosa_policy_service_definition/rosa-policy-responsibility-matrix.adoc similarity index 100% rename from rosa_architecture/rosa-policy-responsibility-matrix.adoc rename to rosa_architecture/rosa_policy_service_definition/rosa-policy-responsibility-matrix.adoc diff --git a/rosa_architecture/rosa-policy-understand-availability.adoc b/rosa_architecture/rosa_policy_service_definition/rosa-policy-understand-availability.adoc similarity index 100% rename from rosa_architecture/rosa-policy-understand-availability.adoc rename to rosa_architecture/rosa_policy_service_definition/rosa-policy-understand-availability.adoc diff --git a/rosa_architecture/rosa-service-definition.adoc b/rosa_architecture/rosa_policy_service_definition/rosa-service-definition.adoc similarity index 72% rename from rosa_architecture/rosa-service-definition.adoc rename to rosa_architecture/rosa_policy_service_definition/rosa-service-definition.adoc index 8f443e56e1..95b25436a8 100644 --- a/rosa_architecture/rosa-service-definition.adoc +++ b/rosa_architecture/rosa_policy_service_definition/rosa-service-definition.adoc @@ -19,5 +19,5 @@ include::modules/rosa-sdpolicy-security.adoc[leveloffset=+1] == Additional resources -* See xref:../rosa_architecture/rosa-policy-process-security.adoc#rosa-policy-process-security[Understanding process and security for ROSA] for the latest compliance information. -* See xref:../rosa_architecture/rosa-life-cycle.adoc#rosa-life-cycle[ROSA life cycle] +* See xref:../rosa_policy_service_definition/rosa-policy-process-security.adoc#rosa-policy-process-security[Understanding process and security for ROSA] for the latest compliance information. +* See xref:../rosa_policy_service_definition/rosa-life-cycle.adoc#rosa-life-cycle[ROSA life cycle] diff --git a/rosa_architecture/rosa_policy_service_definition/snippets b/rosa_architecture/rosa_policy_service_definition/snippets new file mode 120000 index 0000000000..9f5bc7e4dd --- /dev/null +++ b/rosa_architecture/rosa_policy_service_definition/snippets @@ -0,0 +1 @@ +../snippets \ No newline at end of file diff --git a/rosa_cluster_admin/cloud_infrastructure_access/rosa-private-cluster.adoc b/rosa_cluster_admin/cloud_infrastructure_access/rosa-private-cluster.adoc index 7f42ec048d..a89d35143c 100644 --- a/rosa_cluster_admin/cloud_infrastructure_access/rosa-private-cluster.adoc +++ b/rosa_cluster_admin/cloud_infrastructure_access/rosa-private-cluster.adoc @@ -23,4 +23,4 @@ include::modules/rosa-enable-private-cluster-existing.adoc[leveloffset=+1] [role="_additional-resources"] == Additional resources -* xref:../../rosa_getting_started/rosa_getting_started_iam/rosa-aws-privatelink-creating-cluster.adoc#rosa-aws-privatelink-creating-cluster[Creating an AWS PrivateLink cluster on ROSA] +* xref:../../rosa_install_access_delete_clusters/rosa-aws-privatelink-creating-cluster.adoc#rosa-aws-privatelink-creating-cluster[Creating an AWS PrivateLink cluster on ROSA] diff --git a/rosa_cluster_admin/rosa_nodes/rosa-managing-worker-nodes.adoc b/rosa_cluster_admin/rosa_nodes/rosa-managing-worker-nodes.adoc index 98b630a3e1..b1a904de2b 100644 --- a/rosa_cluster_admin/rosa_nodes/rosa-managing-worker-nodes.adoc +++ b/rosa_cluster_admin/rosa_nodes/rosa-managing-worker-nodes.adoc @@ -29,4 +29,4 @@ include::modules/rosa-adding-taints.adoc[leveloffset=+1] * xref:../../rosa_cluster_admin/rosa_nodes/rosa-nodes-about-autoscaling-nodes.adoc#rosa-nodes-about-autoscaling-nodes[About autoscaling] * xref:../../rosa_cluster_admin/rosa_nodes/rosa-nodes-about-autoscaling-nodes.adoc#rosa-nodes-about-autoscaling-nodes[Enabling autoscaling] * xref:../../rosa_cluster_admin/rosa_nodes/rosa-nodes-about-autoscaling-nodes.adoc#nodes-disabling-autoscaling-nodes[Disabling autoscaling] -* xref:../../rosa_architecture/rosa-service-definition.adoc#rosa-service-definition[ROSA Service Definition] +* xref:../../rosa_architecture/rosa_policy_service_definition/rosa-service-definition.adoc#rosa-service-definition[ROSA Service Definition] diff --git a/rosa_cluster_admin/rosa_nodes/rosa-nodes-about-autoscaling-nodes.adoc b/rosa_cluster_admin/rosa_nodes/rosa-nodes-about-autoscaling-nodes.adoc index b6cf71d1b7..6b8b6a8aef 100644 --- a/rosa_cluster_admin/rosa_nodes/rosa-nodes-about-autoscaling-nodes.adoc +++ b/rosa_cluster_admin/rosa_nodes/rosa-nodes-about-autoscaling-nodes.adoc @@ -36,7 +36,7 @@ include::modules/ocm-enabling-autoscaling-nodes.adoc[leveloffset=+2] ifdef::openshift-rosa[] [NOTE] ==== -Additionally, you can configure autoscaling on the default machine pool when you xref:../../rosa_getting_started/rosa_getting_started_iam/rosa-creating-cluster.adoc#rosa-creating-cluster[create the cluster using interactive mode]. +Additionally, you can configure autoscaling on the default machine pool when you xref:../../rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-creating-cluster.adoc#rosa-creating-cluster[create the cluster using interactive mode]. ==== [discrete] @@ -57,7 +57,7 @@ You can disable autoscaling on a cluster using {cluster-manager} console or the [NOTE] ==== -Additionally, you can configure autoscaling on the default machine pool when you xref:../../rosa_getting_started/rosa_getting_started_iam/rosa-creating-cluster.adoc#rosa-creating-cluster[create the cluster using interactive mode]. +Additionally, you can configure autoscaling on the default machine pool when you xref:../../rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-creating-cluster.adoc#rosa-creating-cluster[create the cluster using interactive mode]. ==== endif::[] diff --git a/rosa_getting_started/rosa-getting-started-workflow.adoc b/rosa_getting_started/rosa-getting-started-workflow.adoc deleted file mode 100644 index aa63455a44..0000000000 --- a/rosa_getting_started/rosa-getting-started-workflow.adoc +++ /dev/null @@ -1,35 +0,0 @@ -:_content-type: ASSEMBLY -[id="rosa-understanding-the-deployment-workflow"] -= Understanding the ROSA deployment workflow -include::_attributes/attributes-openshift-dedicated.adoc[] -:context: rosa-understanding-the-deployment-workflow - -toc::[] - -Before you create a {product-title} (ROSA) cluster that uses the AWS Security Token Service (STS), you must complete the AWS prerequisites, verify that the required AWS service quotas are available, and set up your environment. - -This document provides an overview of the ROSA with STS deployment workflow stages and refers to detailed resources for each stage. - -[id="rosa-overview-of-the-deployment-workflow"] -== Overview of the ROSA deployment workflow - -You can follow the workflow stages outlined in this section to set up and access a {product-title} (ROSA) cluster. - -. xref:../rosa_getting_started/rosa-aws-prereqs.adoc#prerequisites[Perform the AWS prerequisites]. To deploy a ROSA cluster, your AWS account must meet the prerequisite requirements. -. xref:../rosa_getting_started/rosa-required-aws-service-quotas.adoc#rosa-required-aws-service-quotas[Review the required AWS service quotas]. To prepare for your cluster deployment, review the AWS service quotas that are required to run a ROSA cluster. -. xref:../rosa_getting_started/rosa-config-aws-account.adoc#rosa-config-aws-account[Configure your AWS account]. Before you create a ROSA cluster, you must enable ROSA in your AWS account, install and configure the AWS CLI (`aws`) tool, and verify the AWS CLI tool configuration. -. xref:../rosa_getting_started/rosa-installing-rosa.adoc#rosa-installing-rosa[Install the ROSA and OpenShift CLI tools and verify the AWS servce quotas]. Install and configure the ROSA CLI (`aws`) and the OpenShift CLI (`oc`). You can verify if the required AWS resource quotas are available by using the ROSA CLI. -. xref:../rosa_getting_started/rosa-creating-cluster.adoc#rosa-creating-cluster[Create a ROSA cluster] or xref:../rosa_getting_started/rosa-aws-privatelink-creating-cluster.adoc#rosa-aws-privatelink-creating-cluster[Create a ROSA cluster using AWS PrivateLink]. Use the ROSA CLI (`rosa`) to create a cluster. You can optionally create a ROSA cluster with AWS PrivateLink. -. xref:../rosa_getting_started/rosa-accessing-cluster.adoc#rosa-accessing-cluster[Access a cluster]. You can configure an identity provider and grant cluster administrator privileges to the identity provider users as required. You can also access a newly deployed cluster quickly by configuring a `cluster-admin` user. -. xref:../rosa_getting_started/rosa-deleting-access-cluster.adoc#rosa-deleting-access-cluster[Revoke access to a ROSA cluster for a user]. You can revoke access to a ROSA cluster from a user by using the ROSA CLI or the web console. -. xref:../rosa_getting_started/rosa-deleting-cluster.adoc#rosa-deleting-cluster[Delete a ROSA cluster]. You can delete a ROSA cluster by using the ROSA CLI (`rosa`). - -[id="additional_resources_{context}"] -[role="_additional-resources"] -== Additional resources - -* For information about using the ROSA deployment workflow to create a cluster that uses the AWS Security Token Service (STS), see xref:../rosa_getting_started_sts/rosa-sts-getting-started-workflow.adoc#rosa-sts-overview-of-the-deployment-workflow[Understanding the ROSA with STS deployment workflow ]. -* xref:../rosa_getting_started/rosa-config-identity-providers.adoc#rosa-config-identity-providers[Configuring identity providers] -* xref:../rosa_getting_started/rosa-deleting-cluster.adoc#rosa-deleting-cluster[Deleting a cluster] -* xref:../rosa_getting_started/rosa-deleting-access-cluster.adoc#rosa-deleting-access-cluster[Deleting access to a cluster] -* xref:../rosa_getting_started/rosa-quickstart.adoc#rosa-command-reference[Command quick reference for creating clusters and users] diff --git a/rosa_getting_started/rosa-getting-started.adoc b/rosa_getting_started/rosa-getting-started.adoc index c26ac44acc..d25ea2d316 100644 --- a/rosa_getting_started/rosa-getting-started.adoc +++ b/rosa_getting_started/rosa-getting-started.adoc @@ -13,13 +13,13 @@ You can create a ROSA cluster either with or without the AWS Security Token Serv [id="rosa-getting-started-prerequisites_{context}"] == Prerequisites -* You reviewed the xref:../rosa_architecture/rosa-understanding.adoc#rosa-understanding[introduction to {product-title} (ROSA)], and the documentation on ROSA xref:../rosa_architecture/rosa-architecture-models.adoc#rosa-architecture-models[architecture models] and xref:../rosa_architecture/rosa-basic-architecture-concepts.adoc#rosa-basic-architecture-concepts[architecture concepts]. +* You reviewed the xref:../rosa_architecture/rosa-understanding.adoc#rosa-understanding[introduction to {product-title} (ROSA)], and the documentation on ROSA xref:../rosa_architecture/rosa_architecture_sub/rosa-architecture-models.adoc#rosa-architecture-models[architecture models] and xref:../rosa_architecture/rosa_architecture_sub/rosa-basic-architecture-concepts.adoc#rosa-basic-architecture-concepts[architecture concepts]. * You read the documentation on xref:../rosa_planning/rosa-limits-scalability.adoc#rosa-limits-scalability[limits and scalability] and the xref:../rosa_planning/rosa-planning-environment.adoc#rosa-planning-environment[guidelines for planning your environment]. * You reviewed the detailed xref:../rosa_planning/rosa-sts-aws-prereqs.adoc#rosa-sts-aws-prereqs[AWS prerequisites for ROSA with STS]. -* You have the xref:../rosa_getting_started/rosa-sts-required-aws-service-quotas.adoc#rosa-sts-required-aws-service-quotas[AWS service quotas that are required to run a ROSA cluster]. +* You have the xref:../rosa_planning/rosa-sts-required-aws-service-quotas.adoc#rosa-sts-required-aws-service-quotas[AWS service quotas that are required to run a ROSA cluster]. include::modules/rosa-getting-started-environment-setup.adoc[leveloffset=+1] include::modules/rosa-getting-started-enable-rosa.adoc[leveloffset=+2] @@ -38,7 +38,7 @@ include::modules/rosa-getting-started-configure-an-idp.adoc[leveloffset=+2] .Additional resource -* For detailed steps to configure each of the supported identity provider types, see xref:../rosa_getting_started/rosa-sts-config-identity-providers.adoc#rosa-sts-config-identity-providers[Configuring identity providers for STS] +* For detailed steps to configure each of the supported identity provider types, see xref:../rosa_install_access_delete_clusters/rosa-sts-config-identity-providers.adoc#rosa-sts-config-identity-providers[Configuring identity providers for STS] include::modules/rosa-getting-started-grant-user-access.adoc[leveloffset=+2] include::modules/rosa-getting-started-grant-admin-privileges.adoc[leveloffset=+2] @@ -63,6 +63,6 @@ include::modules/rosa-getting-started-deleting-a-cluster.adoc[leveloffset=+1] * For more information about setting up accounts and ROSA clusters using AWS STS, see xref:../rosa_planning/rosa-sts-aws-prereqs.adoc#rosa-sts-overview-of-the-deployment-workflow[Understanding the ROSA with STS deployment workflow] -* For information about setting up accounts and ROSA clusters without using AWS STS, see xref:../rosa_getting_started/rosa_getting_started_iam/rosa-getting-started-workflow.adoc#rosa-understanding-the-deployment-workflow[Understanding the ROSA deployment workflow] +* For information about setting up accounts and ROSA clusters without using AWS STS, see xref:../rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-getting-started-workflow.adoc#rosa-understanding-the-deployment-workflow[Understanding the ROSA deployment workflow] * For documentation on upgrading your cluster, see xref:../upgrading/rosa-upgrading.adoc#rosa-upgrading[Upgrading ROSA clusters] diff --git a/rosa_getting_started/rosa-installing-rosa.adoc b/rosa_getting_started/rosa-installing-rosa.adoc deleted file mode 100644 index be27b62258..0000000000 --- a/rosa_getting_started/rosa-installing-rosa.adoc +++ /dev/null @@ -1,24 +0,0 @@ -:_content-type: ASSEMBLY -[id="rosa-installing-rosa"] -= Installing ROSA -include::_attributes/attributes-openshift-dedicated.adoc[] -:context: rosa-installing-rosa - -toc::[] - -After you configure your AWS account, install {product-title} (ROSA). - -include::modules/rosa-installing.adoc[leveloffset=+1] - -[id="next-steps_rosa-installing-rosa"] -== Next steps - -* xref:../rosa_getting_started/rosa-creating-cluster.adoc#rosa-creating-cluster[Create a ROSA cluster] or xref:../rosa_getting_started/rosa-aws-privatelink-creating-cluster.adoc#rosa-aws-privatelink-creating-cluster[Create an AWS PrivateLink cluster on ROSA]. - -[id="additional-resources_rosa-installing-rosa"] -[role="_additional-resources"] -== Additional resources - -* xref:../rosa_planning/rosa-aws-prereqs.adoc#prerequisites[AWS prerequisites] -* xref:../rosa_getting_started/rosa-required-aws-service-quotas.adoc#rosa-required-aws-service-quotas[Required AWS service quotas and requesting increases] -* xref:../rosa_architecture/rosa-getting-started-workflow.adoc#rosa-understanding-the-deployment-workflow[Understanding the ROSA deployment workflow] diff --git a/rosa_getting_started/rosa-sts-getting-started-workflow.adoc b/rosa_getting_started/rosa-sts-getting-started-workflow.adoc new file mode 100644 index 0000000000..25a180fd7f --- /dev/null +++ b/rosa_getting_started/rosa-sts-getting-started-workflow.adoc @@ -0,0 +1,32 @@ +:_content-type: ASSEMBLY +[id="rosa-sts-understanding-the-deployment-workflow"] += Understanding the ROSA with STS deployment workflow +include::_attributes/attributes-openshift-dedicated.adoc[] +:context: rosa-sts-overview-of-the-deployment-workflow + +toc::[] + +Before you create a {product-title} (ROSA) cluster, you must complete the AWS prerequisites, verify that the required AWS service quotas are available, and set up your environment. + +This document provides an overview of the ROSA with STS deployment workflow stages and refers to detailed resources for each stage. + +[id="rosa-sts-overview-of-the-deployment-workflow"] +== Overview of the ROSA with STS deployment workflow + +The AWS Security Token Service (STS) is a global web service that provides short-term credentials for IAM or federated users. You can use AWS STS with {product-title} (ROSA) to allocate temporary, limited-privilege credentials for component-specific IAM roles. The service enables cluster components to make AWS API calls using secure cloud resource management practices. + +You can follow the workflow stages outlined in this section to set up and access a ROSA cluster that uses STS. + +. xref:../rosa_planning/rosa-sts-aws-prereqs.adoc#rosa-sts-aws-prereqs[Complete the AWS prerequisites for ROSA with STS]. To deploy a ROSA cluster with STS, your AWS account must meet the prerequisite requirements. +. xref:../rosa_planning/rosa-sts-required-aws-service-quotas.adoc#rosa-sts-required-aws-service-quotas[Review the required AWS service quotas]. To prepare for your cluster deployment, review the AWS service quotas that are required to run a ROSA cluster. +. xref:../rosa_planning/rosa-sts-setting-up-environment.adoc#rosa-sts-setting-up-environment[Set up the environment and install ROSA using STS]. Before you create a ROSA with STS cluster, you must enable ROSA in your AWS account, install and configure the required CLI tools, and verify the configuration of the CLI tools. You must also verify that the AWS Elastic Load Balancing (ELB) service role exists and that the required AWS resource quotas are available. +. xref:../rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-quickly.adoc#rosa-sts-creating-a-cluster-quickly[Create a ROSA cluster with STS quickly] or xref:../rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-with-customizations.adoc#rosa-sts-creating-a-cluster-with-customizations[create a cluster using customizations]. Use the ROSA CLI (`rosa`) to create a cluster with STS. You can create a cluster by using the default options, or you can apply customizations to suit the needs of your organization. +. xref:../rosa_install_access_delete_clusters/rosa-sts-accessing-cluster.adoc#rosa-sts-accessing-cluster[Access your cluster]. You can configure an identity provider and grant cluster administrator privileges to the identity provider users as required. You can also access a newly-deployed cluster quickly by configuring a `cluster-admin` user. +. xref:../rosa_install_access_delete_clusters/rosa-sts-deleting-access-cluster.adoc#rosa-sts-deleting-access-cluster[Revoke access to a ROSA cluster for a user]. You can revoke access to a ROSA with STS cluster from a user by using the ROSA CLI or the web console. +. xref:../rosa_install_access_delete_clusters/rosa-sts-deleting-cluster.adoc#rosa-sts-deleting-cluster[Delete a ROSA cluster]. You can delete a ROSA with STS cluster by using the ROSA CLI (`rosa`). After deleting a cluster, you can delete the STS resources by using the AWS Identity and Access Management (IAM) Console. + +[id="additional_resources_{context}"] +[role="_additional-resources"] +== Additional resources + +* For information about using the ROSA deployment workflow to create a cluster that does not use AWS STS, see xref:../rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-getting-started-workflow.adoc#rosa-understanding-the-deployment-workflow[Understanding the ROSA deployment workflow]. diff --git a/rosa_getting_started/rosa_getting_started_iam/rosa-config-aws-account.adoc b/rosa_getting_started/rosa_getting_started_iam/rosa-config-aws-account.adoc deleted file mode 100644 index 70ef1424e2..0000000000 --- a/rosa_getting_started/rosa_getting_started_iam/rosa-config-aws-account.adoc +++ /dev/null @@ -1,24 +0,0 @@ -:_content-type: ASSEMBLY -[id="rosa-config-aws-account"] -= Configuring your AWS account -include::_attributes/attributes-openshift-dedicated.adoc[] -:context: rosa-config-aws-account - -toc::[] - -After you complete the AWS prerequisites, configure your AWS account and enable the {product-title} (ROSA) service. - -include::modules/rosa-configuring-aws-account.adoc[leveloffset=+1] - -[id="next-steps_rosa-config-aws-account"] -== Next steps - -* xref:../../rosa_getting_started/rosa_getting_started_iam/rosa-installing-rosa.adoc#rosa-installing-rosa[Install ROSA] - -[id="additional-resources_rosa-config-aws-account"] -[role="_additional-resources"] -== Additional resources - -* xref:../../rosa_planning/rosa-aws-prereqs.adoc#prerequisites[AWS prerequisites] -* xref:../../rosa_getting_started/rosa_getting_started_iam/rosa-required-aws-service-quotas.adoc#rosa-required-aws-service-quotas[Required AWS service quotas and requesting increases] -* xref:../../rosa_getting_started/rosa_getting_started_iam/rosa-getting-started-workflow.adoc#rosa-understanding-the-deployment-workflow[Understanding the ROSA deployment workflow] diff --git a/rosa_getting_started/rosa_getting_started_iam/rosa-creating-cluster.adoc b/rosa_getting_started/rosa_getting_started_iam/rosa-creating-cluster.adoc deleted file mode 100644 index bab904c411..0000000000 --- a/rosa_getting_started/rosa_getting_started_iam/rosa-creating-cluster.adoc +++ /dev/null @@ -1,24 +0,0 @@ -:_content-type: ASSEMBLY -[id="rosa-creating-cluster"] -= Creating a ROSA cluster -include::_attributes/attributes-openshift-dedicated.adoc[] -:context: rosa-creating-cluster - -toc::[] - -After you set up your environment and install {product-title} (ROSA), create a cluster. - -This document describes how to set up a ROSA cluster. Alternatively, you can create a ROSA cluster with AWS PrivateLink. - -include::modules/rosa-creating-cluster.adoc[leveloffset=+1] - -== Next steps -xref:../../rosa_getting_started/rosa_getting_started_iam/rosa-config-identity-providers.adoc#rosa-config-identity-providers[Configure identity providers] - - -[role="_additional-resources"] -== Additional resources - -* xref:../../rosa_getting_started/rosa_getting_started_iam/rosa-getting-started-workflow.adoc#rosa-understanding-the-deployment-workflow[Understanding the ROSA deployment workflow] -* xref:../../rosa_getting_started/rosa_getting_started_iam/rosa-deleting-cluster.adoc#rosa-deleting-cluster[Deleting a ROSA cluster] -* xref:../../rosa_architecture/rosa-architecture-models.adoc#rosa-architecture-models[ROSA architecture] diff --git a/rosa_getting_started/rosa_getting_started_iam/rosa-getting-started-workflow.adoc b/rosa_getting_started/rosa_getting_started_iam/rosa-getting-started-workflow.adoc deleted file mode 100644 index 076dd3b0a5..0000000000 --- a/rosa_getting_started/rosa_getting_started_iam/rosa-getting-started-workflow.adoc +++ /dev/null @@ -1,31 +0,0 @@ -:_content-type: ASSEMBLY -[id="rosa-understanding-the-deployment-workflow"] -= Understanding the ROSA deployment workflow -include::_attributes/attributes-openshift-dedicated.adoc[] -:context: rosa-understanding-the-deployment-workflow - -toc::[] - -Before you create a {product-title} (ROSA) cluster that uses the AWS Security Token Service (STS), you must complete the AWS prerequisites, verify that the required AWS service quotas are available, and set up your environment. - -This document provides an overview of the ROSA with STS deployment workflow stages and refers to detailed resources for each stage. - -[id="rosa-overview-of-the-deployment-workflow"] -== Overview of the ROSA deployment workflow - -You can follow the workflow stages outlined in this section to set up and access a {product-title} (ROSA) cluster. - -. xref:../../rosa_planning/rosa-aws-prereqs.adoc#prerequisites[Perform the AWS prerequisites]. To deploy a ROSA cluster, your AWS account must meet the prerequisite requirements. -. xref:../../rosa_getting_started/rosa_getting_started_iam/rosa-required-aws-service-quotas.adoc#rosa-required-aws-service-quotas[Review the required AWS service quotas]. To prepare for your cluster deployment, review the AWS service quotas that are required to run a ROSA cluster. -. xref:../../rosa_getting_started/rosa_getting_started_iam/rosa-config-aws-account.adoc#rosa-config-aws-account[Configure your AWS account]. Before you create a ROSA cluster, you must enable ROSA in your AWS account, install and configure the AWS CLI (`aws`) tool, and verify the AWS CLI tool configuration. -. xref:../../rosa_getting_started/rosa_getting_started_iam/rosa-installing-rosa.adoc#rosa-installing-rosa[Install the ROSA and OpenShift CLI tools and verify the AWS servce quotas]. Install and configure the ROSA CLI (`aws`) and the OpenShift CLI (`oc`). You can verify if the required AWS resource quotas are available by using the ROSA CLI. -. xref:../../rosa_getting_started/rosa_getting_started_iam/rosa-creating-cluster.adoc#rosa-creating-cluster[Create a ROSA cluster] or xref:../../rosa_getting_started/rosa_getting_started_iam/rosa-aws-privatelink-creating-cluster.adoc#rosa-aws-privatelink-creating-cluster[Create a ROSA cluster using AWS PrivateLink]. Use the ROSA CLI (`rosa`) to create a cluster. You can optionally create a ROSA cluster with AWS PrivateLink. -. xref:../../rosa_getting_started/rosa_getting_started_iam/rosa-accessing-cluster.adoc#rosa-accessing-cluster[Access a cluster]. You can configure an identity provider and grant cluster administrator privileges to the identity provider users as required. You can also access a newly-deployed cluster quickly by configuring a `cluster-admin` user. -. xref:../../rosa_getting_started/rosa_getting_started_iam/rosa-deleting-access-cluster.adoc#rosa-deleting-access-cluster[Revoke access to a ROSA cluster for a user]. You can revoke access to a ROSA cluster from a user by using the ROSA CLI or the web console. -. xref:../../rosa_getting_started/rosa_getting_started_iam/rosa-deleting-cluster.adoc#rosa-deleting-cluster[Delete a ROSA cluster]. You can delete a ROSA cluster by using the ROSA CLI (`rosa`). - -[id="additional_resources_{context}"] -[role="_additional-resources"] -== Additional resources - -* For information about using the ROSA deployment workflow to create a cluster that uses the AWS Security Token Service (STS), see xref:../../rosa_planning/rosa-sts-aws-prereqs.adoc#rosa-sts-overview-of-the-deployment-workflow[Understanding the ROSA with STS deployment workflow]. diff --git a/rosa_getting_started/rosa_getting_started_iam/rosa-installing-rosa.adoc b/rosa_getting_started/rosa_getting_started_iam/rosa-installing-rosa.adoc deleted file mode 100644 index cfedc68f1d..0000000000 --- a/rosa_getting_started/rosa_getting_started_iam/rosa-installing-rosa.adoc +++ /dev/null @@ -1,24 +0,0 @@ -:_content-type: ASSEMBLY -[id="rosa-installing-rosa"] -= Installing ROSA -include::_attributes/attributes-openshift-dedicated.adoc[] -:context: rosa-installing-rosa - -toc::[] - -After you configure your AWS account, install {product-title} (ROSA). - -include::modules/rosa-installing.adoc[leveloffset=+1] - -[id="next-steps_rosa-installing-rosa"] -== Next steps - -* xref:../../rosa_getting_started/rosa_getting_started_iam/rosa-creating-cluster.adoc#rosa-creating-cluster[Create a ROSA cluster] or xref:../../rosa_getting_started/rosa_getting_started_iam/rosa-aws-privatelink-creating-cluster.adoc#rosa-aws-privatelink-creating-cluster[Create an AWS PrivateLink cluster on ROSA]. - -[id="additional-resources_rosa-installing-rosa"] -[role="_additional-resources"] -== Additional resources - -* xref:../../rosa_planning/rosa-aws-prereqs.adoc#prerequisites[AWS prerequisites] -* xref:../../rosa_getting_started/rosa_getting_started_iam/rosa-required-aws-service-quotas.adoc#rosa-required-aws-service-quotas[Required AWS service quotas and requesting increases] -* xref:../../rosa_getting_started/rosa_getting_started_iam/rosa-getting-started-workflow.adoc#rosa-understanding-the-deployment-workflow[Understanding the ROSA deployment workflow] diff --git a/rosa_install_access_delete_clusters/_attributes b/rosa_install_access_delete_clusters/_attributes new file mode 120000 index 0000000000..f27fd275ea --- /dev/null +++ b/rosa_install_access_delete_clusters/_attributes @@ -0,0 +1 @@ +../_attributes/ \ No newline at end of file diff --git a/rosa_install_access_delete_clusters/images b/rosa_install_access_delete_clusters/images new file mode 120000 index 0000000000..5e67573196 --- /dev/null +++ b/rosa_install_access_delete_clusters/images @@ -0,0 +1 @@ +../images \ No newline at end of file diff --git a/rosa_install_access_delete_clusters/modules b/rosa_install_access_delete_clusters/modules new file mode 120000 index 0000000000..464b823aca --- /dev/null +++ b/rosa_install_access_delete_clusters/modules @@ -0,0 +1 @@ +../modules \ No newline at end of file diff --git a/rosa_getting_started/rosa_getting_started_iam/rosa-aws-privatelink-creating-cluster.adoc b/rosa_install_access_delete_clusters/rosa-aws-privatelink-creating-cluster.adoc similarity index 51% rename from rosa_getting_started/rosa_getting_started_iam/rosa-aws-privatelink-creating-cluster.adoc rename to rosa_install_access_delete_clusters/rosa-aws-privatelink-creating-cluster.adoc index eb34692548..8a9cc85f2d 100644 --- a/rosa_getting_started/rosa_getting_started_iam/rosa-aws-privatelink-creating-cluster.adoc +++ b/rosa_install_access_delete_clusters/rosa-aws-privatelink-creating-cluster.adoc @@ -14,11 +14,12 @@ include::modules/rosa-aws-privatelink-create-cluster.adoc[leveloffset=+1] include::modules/osd-aws-privatelink-config-dns-forwarding.adoc[leveloffset=+1] == Next steps -xref:../../rosa_getting_started/rosa_getting_started_iam/rosa-config-identity-providers.adoc#rosa-config-identity-providers[Configure identity providers] +xref:../rosa_install_access_delete_clusters/rosa-sts-config-identity-providers.adoc#rosa-sts-config-identity-providers[Configure identity providers] [role="_additional-resources"] == Additional resources -* xref:../../rosa_planning/rosa-aws-prereqs.adoc#osd-aws-privatelink-firewall-prerequisites[AWS PrivateLink firewall prerequisites] -* xref:../../rosa_getting_started/rosa_getting_started_iam/rosa-getting-started-workflow.adoc#rosa-understanding-the-deployment-workflow[Understanding the ROSA deployment workflow] -* xref:../../rosa_getting_started/rosa_getting_started_iam/rosa-deleting-cluster.adoc#rosa-deleting-cluster[Deleting a ROSA cluster] -* xref:../../rosa_architecture/rosa-architecture-models.adoc#rosa-architecture-models[ROSA architecture] + +* xref:rosa_getting_started_iam/rosa-aws-prereqs.adoc#osd-aws-privatelink-firewall-prerequisites[AWS PrivateLink firewall prerequisites] +* xref:../rosa_getting_started/rosa-sts-getting-started-workflow.adoc#rosa-sts-overview-of-the-deployment-workflow[Overview of the ROSA with STS deployment workflow] +* xref:../rosa_install_access_delete_clusters/rosa-sts-deleting-cluster.adoc#rosa-sts-deleting-cluster[Deleting a ROSA cluster] +* xref:../rosa_architecture/rosa_architecture_sub/rosa-architecture-models.adoc#rosa-architecture-models[ROSA architecture] diff --git a/rosa_getting_started/rosa-sts-accessing-cluster.adoc b/rosa_install_access_delete_clusters/rosa-sts-accessing-cluster.adoc similarity index 71% rename from rosa_getting_started/rosa-sts-accessing-cluster.adoc rename to rosa_install_access_delete_clusters/rosa-sts-accessing-cluster.adoc index 30f45355d3..c28ab0bc24 100644 --- a/rosa_getting_started/rosa-sts-accessing-cluster.adoc +++ b/rosa_install_access_delete_clusters/rosa-sts-accessing-cluster.adoc @@ -17,5 +17,5 @@ include::modules/rosa-create-dedicated-cluster-admins.adoc[leveloffset=+1] [role="_additional-resources"] == Additional resources -* xref:../rosa_getting_started/rosa-sts-config-identity-providers.adoc#rosa-sts-config-identity-providers[Configuring identity providers using {cluster-manager-first} console] -* xref:../rosa_architecture/rosa-sts-getting-started-workflow.adoc#rosa-sts-understanding-the-deployment-workflow[Understanding the ROSA with STS deployment workflow] +* xref:../rosa_install_access_delete_clusters/rosa-sts-config-identity-providers.adoc#rosa-sts-config-identity-providers[Configuring identity providers using {cluster-manager-first} console] +* xref:../rosa_getting_started/rosa-sts-getting-started-workflow.adoc#rosa-sts-understanding-the-deployment-workflow[Understanding the ROSA with STS deployment workflow] diff --git a/rosa_getting_started/rosa-sts-config-identity-providers.adoc b/rosa_install_access_delete_clusters/rosa-sts-config-identity-providers.adoc similarity index 78% rename from rosa_getting_started/rosa-sts-config-identity-providers.adoc rename to rosa_install_access_delete_clusters/rosa-sts-config-identity-providers.adoc index fff0f38654..4d85af0404 100644 --- a/rosa_getting_started/rosa-sts-config-identity-providers.adoc +++ b/rosa_install_access_delete_clusters/rosa-sts-config-identity-providers.adoc @@ -21,5 +21,5 @@ include::modules/config-htpasswd-idp.adoc[leveloffset=+1] [id="additional-resources-cluster-access-sts"] [role="_additional-resources"] == Additional resources -* xref:../rosa_getting_started/rosa-sts-accessing-cluster.adoc#rosa-sts-accessing-cluster[Accessing a cluster] -* xref:../rosa_architecture/rosa-sts-getting-started-workflow.adoc#rosa-sts-understanding-the-deployment-workflow[Understanding the ROSA with STS deployment workflow] +* xref:../rosa_install_access_delete_clusters/rosa-sts-accessing-cluster.adoc#rosa-sts-accessing-cluster[Accessing a cluster] +* xref:../rosa_getting_started/rosa-sts-getting-started-workflow.adoc#rosa-sts-understanding-the-deployment-workflow[Understanding the ROSA with STS deployment workflow] diff --git a/rosa_getting_started/rosa-sts-creating-a-cluster-quickly.adoc b/rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-quickly.adoc similarity index 83% rename from rosa_getting_started/rosa-sts-creating-a-cluster-quickly.adoc rename to rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-quickly.adoc index f33e32aff2..ccbe90bdb6 100644 --- a/rosa_getting_started/rosa-sts-creating-a-cluster-quickly.adoc +++ b/rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-quickly.adoc @@ -13,13 +13,13 @@ include::modules/rosa-sts-creating-a-cluster-quickly.adoc[leveloffset=+1] [id="next-steps_{context}"] == Next steps -* xref:../rosa_getting_started/rosa-sts-accessing-cluster.adoc#rosa-sts-accessing-cluster[Accessing a ROSA cluster] +* xref:../rosa_install_access_delete_clusters/rosa-sts-accessing-cluster.adoc#rosa-sts-accessing-cluster[Accessing a ROSA cluster] [role="_additional-resources"] [id="additional-resources_rosa-sts-creating-a-cluster-quickly"] == Additional resources -* For more information about the AWS Identity Access Management (IAM) resources required to deploy {product-title} with STS, see xref:../rosa_getting_started/rosa-sts-about-iam-resources.adoc#rosa-sts-about-iam-resources[About IAM resources for clusters that use STS]. +* For more information about the AWS Identity Access Management (IAM) resources required to deploy {product-title} with STS, see xref:../rosa_architecture/rosa-sts-about-iam-resources.adoc#rosa-sts-about-iam-resources[About IAM resources for clusters that use STS]. * For information about the prerequisites to installing ROSA with STS, see xref:../rosa_planning/rosa-sts-aws-prereqs.adoc#rosa-sts-aws-prereqs[AWS prerequisites for ROSA with STS]. * For more information about using OpenID Connect (OIDC) identity providers in AWS IAM, see link:https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_oidc.html[Creating OpenID Connect (OIDC) identity providers] in the AWS documentation. * For more information about troubleshooting ROSA cluster deployments, see xref:../rosa_support/rosa-troubleshooting-deployments.adoc#rosa-troubleshooting-cluster-deployments[Troubleshooting cluster deployments]. diff --git a/rosa_getting_started/rosa-sts-creating-a-cluster-with-customizations.adoc b/rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-with-customizations.adoc similarity index 70% rename from rosa_getting_started/rosa-sts-creating-a-cluster-with-customizations.adoc rename to rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-with-customizations.adoc index 32f671952f..0976d87b2a 100644 --- a/rosa_getting_started/rosa-sts-creating-a-cluster-with-customizations.adoc +++ b/rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-with-customizations.adoc @@ -14,15 +14,15 @@ include::modules/rosa-sts-creating-a-cluster-with-customizations.adoc[leveloffse [id="next-steps_{context}"] == Next steps -* xref:../rosa_getting_started/rosa-sts-accessing-cluster.adoc#rosa-sts-accessing-cluster[Accessing a ROSA cluster] +* xref:../rosa_install_access_delete_clusters/rosa-sts-accessing-cluster.adoc#rosa-sts-accessing-cluster[Accessing a ROSA cluster] [role="_additional-resources"] [id="additional-resources_rosa-sts-creating-a-cluster-with-customizations"] == Additional resources -* For more information about the AWS Identity Access Management (IAM) resources required to deploy {product-title} with STS, see xref:../rosa_getting_started/rosa-sts-about-iam-resources.adoc#rosa-sts-about-iam-resources[About IAM resources for clusters that use STS]. -* For an overview of the options that are presented when you create a cluster using interactive mode, see xref:../rosa_getting_started/rosa-sts-interactive-mode-reference.adoc#rosa-sts-understanding-interactive-mode-options_rosa-sts-interactive-mode-reference[Interactive cluster creation mode reference]. +* For more information about the AWS Identity Access Management (IAM) resources required to deploy {product-title} with STS, see xref:../rosa_architecture/rosa-sts-about-iam-resources.adoc#rosa-sts-about-iam-resources[About IAM resources for clusters that use STS]. +* For an overview of the options that are presented when you create a cluster using interactive mode, see xref:../rosa_install_access_delete_clusters/rosa-sts-interactive-mode-reference.adoc#rosa-sts-understanding-interactive-mode-options_rosa-sts-interactive-mode-reference[Interactive cluster creation mode reference]. * For information about the prerequisites to installing ROSA with STS, see xref:../rosa_planning/rosa-sts-aws-prereqs.adoc#rosa-sts-aws-prereqs[AWS prerequisites for ROSA with STS]. * For more information about using OpenID Connect (OIDC) identity providers in AWS IAM, see link:https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_oidc.html[Creating OpenID Connect (OIDC) identity providers] in the AWS documentation. -* For more information about etcd encryption, see the xref:../rosa_architecture/rosa-service-definition.adoc#rosa-sdpolicy-etcd-encryption_rosa-service-definition[etcd encryption service definition]. +* For more information about etcd encryption, see the xref:../rosa_architecture/rosa_policy_service_definition/rosa-service-definition.adoc#rosa-sdpolicy-etcd-encryption_rosa-service-definition[etcd encryption service definition]. * For more information about troubleshooting ROSA cluster deployments, see xref:../rosa_support/rosa-troubleshooting-deployments.adoc#rosa-troubleshooting-cluster-deployments[Troubleshooting cluster deployments]. diff --git a/rosa_getting_started/rosa-sts-deleting-access-cluster.adoc b/rosa_install_access_delete_clusters/rosa-sts-deleting-access-cluster.adoc similarity index 100% rename from rosa_getting_started/rosa-sts-deleting-access-cluster.adoc rename to rosa_install_access_delete_clusters/rosa-sts-deleting-access-cluster.adoc diff --git a/rosa_getting_started/rosa-sts-deleting-cluster.adoc b/rosa_install_access_delete_clusters/rosa-sts-deleting-cluster.adoc similarity index 100% rename from rosa_getting_started/rosa-sts-deleting-cluster.adoc rename to rosa_install_access_delete_clusters/rosa-sts-deleting-cluster.adoc diff --git a/rosa_getting_started/rosa-sts-interactive-mode-reference.adoc b/rosa_install_access_delete_clusters/rosa-sts-interactive-mode-reference.adoc similarity index 63% rename from rosa_getting_started/rosa-sts-interactive-mode-reference.adoc rename to rosa_install_access_delete_clusters/rosa-sts-interactive-mode-reference.adoc index 5968b851e1..11cb44409f 100644 --- a/rosa_getting_started/rosa-sts-interactive-mode-reference.adoc +++ b/rosa_install_access_delete_clusters/rosa-sts-interactive-mode-reference.adoc @@ -14,7 +14,7 @@ include::modules/rosa-sts-interactive-mode-reference.adoc[leveloffset=+1] [id="additional-resources_rosa-sts-interactive-mode-reference"] == Additional resources * For a list of the supported maximums, see xref:../rosa_planning/rosa-limits-scalability.adoc#tested-cluster-maximums_rosa-limits-scalability[ROSA tested cluster maximums]. -* For detailed steps to quickly create a ROSA cluster with STS, including the AWS IAM resources, see xref:../rosa_getting_started/rosa-sts-creating-a-cluster-quickly.adoc#rosa-sts-creating-a-cluster-quickly[Creating a ROSA cluster with STS quickly]. -* For detailed steps to create a ROSA cluster with STS using customizations, including the AWS IAM resources, see xref:../rosa_getting_started/rosa-sts-creating-a-cluster-with-customizations.adoc#rosa-sts-creating-a-cluster-with-customizations[Creating a ROSA cluster with STS using customizations]. -* For more information about etcd encryption, see the xref:../rosa_architecture/rosa-service-definition.adoc#rosa-sdpolicy-etcd-encryption_rosa-service-definition[etcd encryption service definition]. +* For detailed steps to quickly create a ROSA cluster with STS, including the AWS IAM resources, see xref:../rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-quickly.adoc#rosa-sts-creating-a-cluster-quickly[Creating a ROSA cluster with STS quickly]. +* For detailed steps to create a ROSA cluster with STS using customizations, including the AWS IAM resources, see xref:../rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-with-customizations.adoc#rosa-sts-creating-a-cluster-with-customizations[Creating a ROSA cluster with STS using customizations]. +* For more information about etcd encryption, see the xref:../rosa_architecture/rosa_policy_service_definition/rosa-service-definition.adoc#rosa-sdpolicy-etcd-encryption_rosa-service-definition[etcd encryption service definition]. * For an example VPC architecture, see xref:../rosa_planning/rosa-sts-aws-prereqs.adoc#rosa-vpc_rosa-sts-aws-prereqs[this sample VPC architecture]. diff --git a/rosa_getting_started/rosa_getting_started_iam/_attributes b/rosa_install_access_delete_clusters/rosa_getting_started_iam/_attributes similarity index 100% rename from rosa_getting_started/rosa_getting_started_iam/_attributes rename to rosa_install_access_delete_clusters/rosa_getting_started_iam/_attributes diff --git a/rosa_install_access_delete_clusters/rosa_getting_started_iam/images b/rosa_install_access_delete_clusters/rosa_getting_started_iam/images new file mode 120000 index 0000000000..5e67573196 --- /dev/null +++ b/rosa_install_access_delete_clusters/rosa_getting_started_iam/images @@ -0,0 +1 @@ +../images \ No newline at end of file diff --git a/rosa_install_access_delete_clusters/rosa_getting_started_iam/modules b/rosa_install_access_delete_clusters/rosa_getting_started_iam/modules new file mode 120000 index 0000000000..464b823aca --- /dev/null +++ b/rosa_install_access_delete_clusters/rosa_getting_started_iam/modules @@ -0,0 +1 @@ +../modules \ No newline at end of file diff --git a/rosa_getting_started/rosa_getting_started_iam/rosa-accessing-cluster.adoc b/rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-accessing-cluster.adoc similarity index 72% rename from rosa_getting_started/rosa_getting_started_iam/rosa-accessing-cluster.adoc rename to rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-accessing-cluster.adoc index e39e1f8a6f..aac5bcb881 100644 --- a/rosa_getting_started/rosa_getting_started_iam/rosa-accessing-cluster.adoc +++ b/rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-accessing-cluster.adoc @@ -22,5 +22,5 @@ include::modules/rosa-create-dedicated-cluster-admins.adoc[leveloffset=+1] [role="_additional-resources"] == Additional resources -* xref:../../rosa_getting_started/rosa_getting_started_iam/rosa-config-identity-providers.adoc#rosa-config-identity-providers[Configuring identity providers] -* xref:../../rosa_getting_started/rosa_getting_started_iam/rosa-getting-started-workflow.adoc#rosa-understanding-the-deployment-workflow[Understanding the ROSA deployment workflow] +* xref:../../rosa_install_access_delete_clusters/rosa-sts-config-identity-providers.adoc#rosa-sts-config-identity-providers[Configuring identity providers] +* xref:../../rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-getting-started-workflow.adoc#rosa-understanding-the-deployment-workflow[Understanding the ROSA deployment workflow] diff --git a/rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-aws-prereqs.adoc b/rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-aws-prereqs.adoc new file mode 100644 index 0000000000..93cbdbc8e3 --- /dev/null +++ b/rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-aws-prereqs.adoc @@ -0,0 +1,29 @@ +:_content-type: ASSEMBLY +include::_attributes/attributes-openshift-dedicated.adoc[] +:context: prerequisites + +[id="prerequisites"] += AWS prerequisites for ROSA + +toc::[] + +{product-title} (ROSA) provides a model that allows Red Hat to deploy clusters into a customer’s existing Amazon Web Service (AWS) account. + +You must ensure that the prerequisites are met before installing ROSA. This requirements document does not apply to AWS Security Token Service (STS). If you are using STS, see the xref:../../rosa_planning/rosa-sts-aws-prereqs.adoc#rosa-aws-prereqs_rosa-sts-aws-prereqs[STS-specific requirements]. + +include::modules/rosa-aws-understand.adoc[leveloffset=+1] +include::modules/rosa-aws-requirements.adoc[leveloffset=+1] +include::modules/rosa-aws-procedure.adoc[leveloffset=+1] +include::modules/rosa-aws-scp.adoc[leveloffset=+1] +include::modules/rosa-aws-iam.adoc[leveloffset=+1] +include::modules/rosa-aws-provisioned.adoc[leveloffset=+1] +include::modules/osd-aws-privatelink-firewall-prerequisites.adoc[leveloffset=+1] + +== Next steps +xref:../rosa_getting_started_iam/rosa-required-aws-service-quotas.adoc#rosa-required-aws-service-quotas[Review the required AWS service quotas] + +[role="_additional-resources"] +== Additional resources +* See xref:../../rosa_planning/rosa-limits-scalability.adoc#initial-planning-considerations_rosa-limits-scalability[Intial Planning Considerations] for guidance on worker node count. +* See xref:../../rosa_architecture/rosa_policy_service_definition/rosa-policy-process-security.adoc#rosa-policy-sre-access_rosa-policy-process-security[SRE access to all Red Hat OpenShift Service on AWS clusters] for information about how Red Hat site reliability engineering accesses ROSA clusters. +* xref:../rosa_getting_started_iam/rosa-getting-started-workflow.adoc#rosa-understanding-the-deployment-workflow[Understanding the ROSA deployment workflow] diff --git a/rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-config-aws-account.adoc b/rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-config-aws-account.adoc new file mode 100644 index 0000000000..1b9eb46e00 --- /dev/null +++ b/rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-config-aws-account.adoc @@ -0,0 +1,24 @@ +:_content-type: ASSEMBLY +[id="rosa-config-aws-account"] += Configuring your AWS account +include::_attributes/attributes-openshift-dedicated.adoc[] +:context: rosa-config-aws-account + +toc::[] + +After you complete the AWS prerequisites, configure your AWS account and enable the {product-title} (ROSA) service. + +include::modules/rosa-configuring-aws-account.adoc[leveloffset=+1] + +[id="next-steps_rosa-config-aws-account"] +== Next steps + +* xref:../../rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-installing-rosa.adoc#rosa-installing-rosa[Install ROSA] + +[id="additional-resources_rosa-config-aws-account"] +[role="_additional-resources"] +== Additional resources + +* xref:../../rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-aws-prereqs.adoc#prerequisites[AWS prerequisites] +* xref:../../rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-required-aws-service-quotas.adoc#rosa-required-aws-service-quotas[Required AWS service quotas and requesting increases] +* xref:../../rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-getting-started-workflow.adoc#rosa-understanding-the-deployment-workflow[Understanding the ROSA deployment workflow] diff --git a/rosa_getting_started/rosa_getting_started_iam/rosa-config-identity-providers.adoc b/rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-config-identity-providers.adoc similarity index 76% rename from rosa_getting_started/rosa_getting_started_iam/rosa-config-identity-providers.adoc rename to rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-config-identity-providers.adoc index b302056ac2..3f7762a503 100644 --- a/rosa_getting_started/rosa_getting_started_iam/rosa-config-identity-providers.adoc +++ b/rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-config-identity-providers.adoc @@ -21,5 +21,5 @@ include::modules/config-htpasswd-idp.adoc[leveloffset=+1] [id="additional-resources-idps"] [role="_additional-resources"] == Additional resources -* xref:../../rosa_getting_started/rosa_getting_started_iam/rosa-accessing-cluster.adoc#rosa-accessing-cluster[Accessing a cluster] -* xref:../../rosa_getting_started/rosa_getting_started_iam/rosa-getting-started-workflow.adoc#rosa-understanding-the-deployment-workflow[Understanding the ROSA deployment workflow] +* xref:../../rosa_install_access_delete_clusters/rosa-sts-accessing-cluster.adoc#rosa-sts-accessing-cluster[Accessing a cluster] +* xref:../../rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-getting-started-workflow.adoc#rosa-understanding-the-deployment-workflow[Understanding the ROSA deployment workflow] diff --git a/rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-creating-cluster.adoc b/rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-creating-cluster.adoc new file mode 100644 index 0000000000..be3c025bc4 --- /dev/null +++ b/rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-creating-cluster.adoc @@ -0,0 +1,24 @@ +:_content-type: ASSEMBLY +[id="rosa-creating-cluster"] += Creating a ROSA cluster without AWS STS +include::_attributes/attributes-openshift-dedicated.adoc[] +:context: rosa-creating-cluster + +toc::[] + +After you set up your environment and install {product-title} (ROSA), create a cluster. + +This document describes how to set up a ROSA cluster. Alternatively, you can create a ROSA cluster with AWS PrivateLink. + +include::modules/rosa-creating-cluster.adoc[leveloffset=+1] + +== Next steps +xref:../../rosa_install_access_delete_clusters/rosa-sts-config-identity-providers.adoc#rosa-sts-config-identity-providers[Configure identity providers] + + +[role="_additional-resources"] +== Additional resources + +* xref:../../rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-getting-started-workflow.adoc#rosa-understanding-the-deployment-workflow[Understanding the ROSA deployment workflow] +* xref:../../rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-deleting-cluster.adoc#rosa-deleting-cluster[Deleting a ROSA cluster] +* xref:../../rosa_architecture/rosa_architecture_sub/rosa-architecture-models.adoc#rosa-architecture-models[ROSA architecture] diff --git a/rosa_getting_started/rosa_getting_started_iam/rosa-deleting-access-cluster.adoc b/rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-deleting-access-cluster.adoc similarity index 100% rename from rosa_getting_started/rosa_getting_started_iam/rosa-deleting-access-cluster.adoc rename to rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-deleting-access-cluster.adoc diff --git a/rosa_getting_started/rosa_getting_started_iam/rosa-deleting-cluster.adoc b/rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-deleting-cluster.adoc similarity index 100% rename from rosa_getting_started/rosa_getting_started_iam/rosa-deleting-cluster.adoc rename to rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-deleting-cluster.adoc diff --git a/rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-getting-started-workflow.adoc b/rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-getting-started-workflow.adoc new file mode 100644 index 0000000000..3160d48323 --- /dev/null +++ b/rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-getting-started-workflow.adoc @@ -0,0 +1,35 @@ +:_content-type: ASSEMBLY +[id="rosa-understanding-the-deployment-workflow"] += Understanding the ROSA deployment workflow +include::_attributes/attributes-openshift-dedicated.adoc[] +:context: rosa-understanding-the-deployment-workflow + +toc::[] + +Before you create a {product-title} (ROSA) cluster that uses the AWS Security Token Service (STS), you must complete the AWS prerequisites, verify that the required AWS service quotas are available, and set up your environment. + +This document provides an overview of the ROSA with STS deployment workflow stages and refers to detailed resources for each stage. + +[id="rosa-overview-of-the-deployment-workflow"] +== Overview of the ROSA deployment workflow + +You can follow the workflow stages outlined in this section to set up and access a {product-title} (ROSA) cluster. + +. xref:../../rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-aws-prereqs.adoc#prerequisites[Perform the AWS prerequisites]. To deploy a ROSA cluster, your AWS account must meet the prerequisite requirements. +. xref:../../rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-required-aws-service-quotas.adoc#rosa-required-aws-service-quotas[Review the required AWS service quotas]. To prepare for your cluster deployment, review the AWS service quotas that are required to run a ROSA cluster. +. xref:../../rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-config-aws-account.adoc#rosa-config-aws-account[Configure your AWS account]. Before you create a ROSA cluster, you must enable ROSA in your AWS account, install and configure the AWS CLI (`aws`) tool, and verify the AWS CLI tool configuration. +. xref:../../rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-installing-rosa.adoc#rosa-installing-rosa[Install the ROSA and OpenShift CLI tools and verify the AWS servce quotas]. Install and configure the ROSA CLI (`aws`) and the OpenShift CLI (`oc`). You can verify if the required AWS resource quotas are available by using the ROSA CLI. +. xref:../../rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-creating-cluster.adoc#rosa-creating-cluster[Create a ROSA cluster] or xref:../../rosa_install_access_delete_clusters/rosa-aws-privatelink-creating-cluster.adoc#rosa-aws-privatelink-creating-cluster[Create a ROSA cluster using AWS PrivateLink]. Use the ROSA CLI (`rosa`) to create a cluster. You can optionally create a ROSA cluster with AWS PrivateLink. +. xref:../../rosa_install_access_delete_clusters/rosa-sts-accessing-cluster.adoc#rosa-sts-accessing-cluster[Access a cluster]. You can configure an identity provider and grant cluster administrator privileges to the identity provider users as required. You can also access a newly deployed cluster quickly by configuring a `cluster-admin` user. +. xref:../../rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-deleting-access-cluster.adoc#rosa-deleting-access-cluster[Revoke access to a ROSA cluster for a user]. You can revoke access to a ROSA cluster from a user by using the ROSA CLI or the web console. +. xref:../../rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-deleting-cluster.adoc#rosa-deleting-cluster[Delete a ROSA cluster]. You can delete a ROSA cluster by using the ROSA CLI (`rosa`). + +[id="additional_resources_{context}"] +[role="_additional-resources"] +== Additional resources + +* For information about using the ROSA deployment workflow to create a cluster that uses the AWS Security Token Service (STS), see xref:../../rosa_getting_started/rosa-sts-getting-started-workflow.adoc#rosa-sts-overview-of-the-deployment-workflow[Understanding the ROSA with STS deployment workflow]. +* xref:../../rosa_install_access_delete_clusters/rosa-sts-config-identity-providers.adoc#rosa-sts-config-identity-providers[Configuring identity providers] +* xref:../rosa_getting_started_iam/rosa-deleting-cluster.adoc#rosa-deleting-cluster[Deleting a cluster] +* xref:../rosa_getting_started_iam/rosa-deleting-access-cluster.adoc#rosa-deleting-access-cluster[Deleting access to a cluster] +* xref:../rosa_getting_started_iam/rosa-quickstart.adoc#rosa-command-reference[Command quick reference for creating clusters and users] diff --git a/rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-installing-rosa.adoc b/rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-installing-rosa.adoc new file mode 100644 index 0000000000..2a5541900a --- /dev/null +++ b/rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-installing-rosa.adoc @@ -0,0 +1,24 @@ +:_content-type: ASSEMBLY +[id="rosa-installing-rosa"] += Installing the ROSA CLI +include::_attributes/attributes-openshift-dedicated.adoc[] +:context: rosa-installing-rosa + +toc::[] + +After you configure your AWS account, install {product-title} (ROSA). + +include::modules/rosa-installing.adoc[leveloffset=+1] + +[id="next-steps_rosa-installing-rosa"] +== Next steps + +* xref:../../rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-creating-cluster.adoc#rosa-creating-cluster[Create a ROSA cluster] or xref:../rosa-aws-privatelink-creating-cluster.adoc#rosa-aws-privatelink-creating-cluster[Create an AWS PrivateLink cluster on ROSA]. + +[id="additional-resources_rosa-installing-rosa"] +[role="_additional-resources"] +== Additional resources + +* xref:../../rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-aws-prereqs.adoc#prerequisites[AWS prerequisites] +* xref:../../rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-required-aws-service-quotas.adoc#rosa-required-aws-service-quotas[Required AWS service quotas and requesting increases] +* xref:../../rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-getting-started-workflow.adoc#rosa-understanding-the-deployment-workflow[Understanding the ROSA deployment workflow] diff --git a/rosa_getting_started/rosa_getting_started_iam/rosa-quickstart.adoc b/rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-quickstart.adoc similarity index 63% rename from rosa_getting_started/rosa_getting_started_iam/rosa-quickstart.adoc rename to rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-quickstart.adoc index 0b7361de60..e99ad7a9f5 100644 --- a/rosa_getting_started/rosa_getting_started_iam/rosa-quickstart.adoc +++ b/rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-quickstart.adoc @@ -10,4 +10,4 @@ include::modules/rosa-quickstart-instructions.adoc[leveloffset=+1] [role="_additional-resources"] == Additional resources -* xref:../../rosa_getting_started/rosa_getting_started_iam/rosa-getting-started-workflow.adoc#rosa-understanding-the-deployment-workflow[Understanding the ROSA deployment workflow] +* xref:../../rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-getting-started-workflow.adoc#rosa-understanding-the-deployment-workflow[Understanding the ROSA deployment workflow] diff --git a/rosa_getting_started/rosa_getting_started_iam/rosa-required-aws-service-quotas.adoc b/rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-required-aws-service-quotas.adoc similarity index 57% rename from rosa_getting_started/rosa_getting_started_iam/rosa-required-aws-service-quotas.adoc rename to rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-required-aws-service-quotas.adoc index 23ceda25b7..54fb72a557 100644 --- a/rosa_getting_started/rosa_getting_started_iam/rosa-required-aws-service-quotas.adoc +++ b/rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-required-aws-service-quotas.adoc @@ -11,9 +11,9 @@ Review this list of the required Amazon Web Service (AWS) service quotas that ar include::modules/rosa-required-aws-service-quotas.adoc[leveloffset=+1] == Next steps -* xref:../../rosa_getting_started/rosa_getting_started_iam/rosa-config-aws-account.adoc#rosa-config-aws-account[Configure your AWS account] +* xref:../../rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-config-aws-account.adoc#rosa-config-aws-account[Configure your AWS account] [role="_additional-resources"] == Additional resources -* xref:../../rosa_getting_started/rosa_getting_started_iam/rosa-getting-started-workflow.adoc#rosa-understanding-the-deployment-workflow[Understanding the ROSA deployment workflow] +* xref:../../rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-getting-started-workflow.adoc#rosa-understanding-the-deployment-workflow[Understanding the ROSA deployment workflow] diff --git a/rosa_install_access_delete_clusters/rosa_getting_started_iam/snippets b/rosa_install_access_delete_clusters/rosa_getting_started_iam/snippets new file mode 120000 index 0000000000..9f5bc7e4dd --- /dev/null +++ b/rosa_install_access_delete_clusters/rosa_getting_started_iam/snippets @@ -0,0 +1 @@ +../snippets \ No newline at end of file diff --git a/rosa_install_access_delete_clusters/snippets b/rosa_install_access_delete_clusters/snippets new file mode 120000 index 0000000000..9f5bc7e4dd --- /dev/null +++ b/rosa_install_access_delete_clusters/snippets @@ -0,0 +1 @@ +../snippets \ No newline at end of file diff --git a/rosa_planning/rosa-aws-prereqs.adoc b/rosa_planning/rosa-aws-prereqs.adoc deleted file mode 100644 index b065e3ac95..0000000000 --- a/rosa_planning/rosa-aws-prereqs.adoc +++ /dev/null @@ -1,29 +0,0 @@ -:_content-type: ASSEMBLY -include::_attributes/attributes-openshift-dedicated.adoc[] -:context: prerequisites - -[id="prerequisites"] -= AWS prerequisites for ROSA - -toc::[] - -{product-title} (ROSA) provides a model that allows Red Hat to deploy clusters into a customer’s existing Amazon Web Service (AWS) account. - -You must ensure that the prerequisites are met before installing ROSA. This requirements document does not apply to AWS Security Token Service (STS). If you are using STS, see the xref:../rosa_planning/rosa-sts-aws-prereqs.adoc#rosa-aws-prereqs_rosa-sts-aws-prereqs[STS-specific requirements]. - -include::modules/rosa-aws-understand.adoc[leveloffset=+1] -include::modules/rosa-aws-requirements.adoc[leveloffset=+1] -include::modules/rosa-aws-procedure.adoc[leveloffset=+1] -include::modules/rosa-aws-scp.adoc[leveloffset=+1] -include::modules/rosa-aws-iam.adoc[leveloffset=+1] -include::modules/rosa-aws-provisioned.adoc[leveloffset=+1] -include::modules/osd-aws-privatelink-firewall-prerequisites.adoc[leveloffset=+1] - -== Next steps -xref:../rosa_getting_started/rosa_getting_started_iam/rosa-required-aws-service-quotas.adoc#rosa-required-aws-service-quotas[Review the required AWS service quotas] - -[role="_additional-resources"] -== Additional resources -* See xref:../rosa_planning/rosa-limits-scalability.adoc#initial-planning-considerations_rosa-limits-scalability[Intial Planning Considerations] for guidance on worker node count. -* See xref:../rosa_architecture/rosa-policy-process-security.adoc#rosa-policy-sre-access_rosa-policy-process-security[SRE access to all Red Hat OpenShift Service on AWS clusters] for information about how Red Hat site reliability engineering accesses ROSA clusters. -* xref:../rosa_getting_started/rosa_getting_started_iam/rosa-getting-started-workflow.adoc#rosa-understanding-the-deployment-workflow[Understanding the ROSA deployment workflow] diff --git a/rosa_planning/rosa-sts-aws-prereqs.adoc b/rosa_planning/rosa-sts-aws-prereqs.adoc index 11fb8f50b7..c13c3dc5b0 100644 --- a/rosa_planning/rosa-sts-aws-prereqs.adoc +++ b/rosa_planning/rosa-sts-aws-prereqs.adoc @@ -25,9 +25,9 @@ include::modules/rosa-sts-aws-iam.adoc[leveloffset=+1] include::modules/rosa-aws-provisioned.adoc[leveloffset=+1] == Next steps -xref:../rosa_getting_started/rosa-sts-required-aws-service-quotas.adoc#rosa-sts-required-aws-service-quotas[Review the required AWS service quotas] +xref:../rosa_planning/rosa-sts-required-aws-service-quotas.adoc#rosa-sts-required-aws-service-quotas[Review the required AWS service quotas] [role="_additional-resources"] == Additional resources * See xref:../rosa_planning/rosa-limits-scalability.adoc#initial-planning-considerations_rosa-limits-scalability[Intial Planning Considerations] for guidance on worker node count. -* See xref:../rosa_architecture/rosa-policy-process-security.adoc#rosa-policy-sre-access_rosa-policy-process-security[SRE access to all Red Hat OpenShift Service on AWS clusters] for information about how Red Hat site reliability engineering accesses ROSA clusters. +* See xref:../rosa_architecture/rosa_policy_service_definition/rosa-policy-process-security.adoc#rosa-policy-sre-access_rosa-policy-process-security[SRE access to all Red Hat OpenShift Service on AWS clusters] for information about how Red Hat site reliability engineering accesses ROSA clusters. diff --git a/rosa_getting_started/rosa-sts-required-aws-service-quotas.adoc b/rosa_planning/rosa-sts-required-aws-service-quotas.adoc similarity index 75% rename from rosa_getting_started/rosa-sts-required-aws-service-quotas.adoc rename to rosa_planning/rosa-sts-required-aws-service-quotas.adoc index efc3e8f589..0f14d57b52 100644 --- a/rosa_getting_started/rosa-sts-required-aws-service-quotas.adoc +++ b/rosa_planning/rosa-sts-required-aws-service-quotas.adoc @@ -11,4 +11,4 @@ Review this list of the required Amazon Web Service (AWS) service quotas that ar include::modules/rosa-required-aws-service-quotas.adoc[leveloffset=+1] == Next steps -* xref:../rosa_getting_started/rosa-sts-setting-up-environment.adoc#rosa-sts-setting-up-environment[Set up the environment and install ROSA] +* xref:../rosa_planning/rosa-sts-setting-up-environment.adoc#rosa-sts-setting-up-environment[Set up the environment and install ROSA] diff --git a/rosa_getting_started/rosa-sts-setting-up-environment.adoc b/rosa_planning/rosa-sts-setting-up-environment.adoc similarity index 55% rename from rosa_getting_started/rosa-sts-setting-up-environment.adoc rename to rosa_planning/rosa-sts-setting-up-environment.adoc index 94f15531da..c0c37e0687 100644 --- a/rosa_getting_started/rosa-sts-setting-up-environment.adoc +++ b/rosa_planning/rosa-sts-setting-up-environment.adoc @@ -13,11 +13,11 @@ include::modules/rosa-sts-setting-up-environment.adoc[leveloffset=+1] [id="next-steps_rosa-sts-setting-up-environment"] == Next steps -* xref:../rosa_getting_started/rosa-sts-creating-a-cluster-quickly.adoc#rosa-sts-creating-a-cluster-quickly[Create a ROSA cluster with STS quickly] or xref:../rosa_getting_started/rosa-sts-creating-a-cluster-with-customizations.adoc#rosa-sts-creating-a-cluster-with-customizations[create a cluster using customizations]. +* xref:../rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-quickly.adoc#rosa-sts-creating-a-cluster-quickly[Create a ROSA cluster with STS quickly] or xref:../rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-with-customizations.adoc#rosa-sts-creating-a-cluster-with-customizations[create a cluster using customizations]. [id="additional-resources"] [role="_additional-resources"] == Additional resources * xref:../rosa_planning/rosa-sts-aws-prereqs.adoc#rosa-sts-aws-prereqs[AWS Prerequisites] -* xref:../rosa_getting_started/rosa-sts-required-aws-service-quotas.adoc#rosa-sts-required-aws-service-quotas[Required AWS service quotas and increase requests] +* xref:../rosa_planning/rosa-sts-required-aws-service-quotas.adoc#rosa-sts-required-aws-service-quotas[Required AWS service quotas and increase requests] diff --git a/upgrading/rosa-upgrading-sts.adoc b/upgrading/rosa-upgrading-sts.adoc index 86b7c1aabb..68b7e1ec43 100644 --- a/upgrading/rosa-upgrading-sts.adoc +++ b/upgrading/rosa-upgrading-sts.adoc @@ -9,7 +9,7 @@ toc::[] [id="rosa-lifecycle-policy_{context}"] == Life cycle policies and planning -To plan an upgrade, review the xref:../rosa_architecture/rosa-life-cycle.adoc#rosa-life-cycle[{product-title} update life cycle]. The life cycle page includes release definitions, support and upgrade requirements, installation policy information and life cycle dates. +To plan an upgrade, review the xref:../rosa_architecture/rosa_policy_service_definition/rosa-life-cycle.adoc#rosa-life-cycle[{product-title} update life cycle]. The life cycle page includes release definitions, support and upgrade requirements, installation policy information and life cycle dates. [id="rosa-sts-upgrading-a-cluster-with-sts"] == Upgrading a ROSA cluster that uses STS diff --git a/upgrading/rosa-upgrading.adoc b/upgrading/rosa-upgrading.adoc index df6a11e02b..2a24345f6d 100644 --- a/upgrading/rosa-upgrading.adoc +++ b/upgrading/rosa-upgrading.adoc @@ -9,7 +9,7 @@ toc::[] [id="rosa-lifecycle-policy_{context}"] == Life cycle policies and planning -To plan an upgrade, review the xref:../rosa_architecture/rosa-life-cycle.adoc#rosa-life-cycle[{product-title} update life cycle]. The life cycle page includes release definitions, support and upgrade requirements, installation policy information and life cycle dates. +To plan an upgrade, review the xref:../rosa_architecture/rosa_policy_service_definition/rosa-life-cycle.adoc#rosa-life-cycle[{product-title} update life cycle]. The life cycle page includes release definitions, support and upgrade requirements, installation policy information and life cycle dates. [id="rosa-sts-upgrading-a-cluster"] == Upgrading a ROSA cluster