openshift/openshift-docs
1
0
Fork 0
mirror of https://github.com/openshift/openshift-docs.git synced 2026-02-05 12:46:18 +01:00
Code Issues Releases Activity

Re-home 'Admin credentials root secret format'

Browse Source
This commit is contained in:
Jeana Routh
2022-08-23 17:13:21 -04:00
committed by openshift-cherrypick-robot
parent 643aaa9b79
commit 4d5f092509
9 changed files with 139 additions and 63 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
authentication/managing_cloud_provider_credentials/cco-mode-mint.adoc
View File

@@ -49,6 +49,9 @@ The credential you provide for mint mode in GCP must have the following permissi
* `resourcemanager.projects.getIamPolicy`
* `resourcemanager.projects.setIamPolicy`
//Admin credentials root secret format
include::modules/admin-credentials-root-secret-formats.adoc[leveloffset=+1]
//Mint Mode with removal or rotation of the admin credential
include::modules/mint-mode-with-removal-of-admin-credential.adoc[leveloffset=+1]

6
authentication/managing_cloud_provider_credentials/cco-mode-passthrough.adoc
View File

@@ -87,10 +87,16 @@ To install an {product-title} cluster on VMware vSphere, the CCO requires a cred
|====
//Admin credentials root secret format
include::modules/admin-credentials-root-secret-formats.adoc[leveloffset=+1]
[id="passthrough-mode-maintenance"]
== Passthrough mode credential maintenance
If `CredentialsRequest` CRs change over time as the cluster is upgraded, you must manually update the passthrough mode credential to meet the requirements. To avoid credentials issues during an upgrade, check the `CredentialsRequest` CRs in the release image for the new version of {product-title} before upgrading. To locate the `CredentialsRequest` CRs that are required for your cloud provider, see _Manually creating IAM_ for xref:../../installing/installing_aws/manually-creating-iam.adoc#manually-creating-iam-aws[AWS], xref:../../installing/installing_azure/manually-creating-iam-azure.adoc#manually-creating-iam-azure[Azure], or xref:../../installing/installing_gcp/manually-creating-iam-gcp.adoc#manually-creating-iam-gcp[GCP].
//Rotating cloud provider credentials manually
include::modules/manually-rotating-cloud-creds.adoc[leveloffset=+2]
[id="passthrough-mode-reduce-permissions"]
== Reducing permissions after installation
When using passthrough mode, each component has the same permissions used by all other components. If you do not reduce the permissions after installing, all components have the broad permissions that are required to run the installer.