openshift/openshift-docs
1
0
Fork 0
mirror of https://github.com/openshift/openshift-docs.git synced 2026-02-05 12:46:18 +01:00
Code Issues Releases Activity

OSDOCS-16524: Updated ROSA Architecture for DITA compliance

Browse Source
This commit is contained in:
EricPonvelle
2025-10-24 16:55:40 -05:00
parent a61be5dfaa
commit 529039925d
30 changed files with 268 additions and 679 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
modules/rosa-architecture-topics.adoc Normal file
View File

@@ -0,0 +1,34 @@
// Module included in the following assemblies:
//
// * rosa_architecture/rosa_policy_service_definition/rosa-service-definition.adoc
:_mod-docs-content-type: CONCEPT
[id="architect_{context}"]
= Architect
[options="header",cols="3*"]
|===
| Learn about {rosa-title} |Plan {rosa-title} deployment |Additional resources
|
link:https://docs.redhat.com/en/documentation/red_hat_openshift_service_on_aws/4/html/architecture/architecture-overview#architecture-overview[Architecture overview]
|
link:https://docs.redhat.com/en/documentation/red_hat_openshift_service_on_aws/4/html/backup_and_restore/oadp-application-backup-and-restore[Back up and restore]
|
link:https://docs.redhat.com/en/documentation/red_hat_openshift_service_on_aws/4/html/introduction_to_rosa/policies-and-service-definition#rosa-hcp-life-cycle[{product-title} life cycle]
|
link:https://docs.redhat.com/en/documentation/red_hat_openshift_service_on_aws/4/html/architecture/rosa-architecture-models#rosa-architecture-models[{product-title} architecture]
|
link:https://docs.redhat.com/en/documentation/red_hat_openshift_service_on_aws/4/html/introduction_to_rosa/policies-and-service-definition#rosa-policy-process-security[Understanding process and security]
link:https://docs.redhat.com/en/documentation/red_hat_openshift_service_on_aws/4/html/introduction_to_rosa/policies-and-service-definition[{product-title} service definition]
link:https://docs.redhat.com/en/documentation/red_hat_openshift_service_on_aws/4/html/introduction_to_rosa/policies-and-service-definition#rosa-hcp-life-cycle[Lifecycle updates]
|
|
link:https://docs.redhat.com/en/documentation/red_hat_openshift_service_on_aws/4/html/support/support-overview#support-overview[Getting support]
|
|
| link:https://red.ht/rosa-roadmap[ROSA roadmap]
|===

36
modules/rosa-cluster-admin-topics.adoc Normal file
View File

@@ -0,0 +1,36 @@
// Module included in the following assemblies:
//
// * rosa_architecture/rosa_policy_service_definition/rosa-service-definition.adoc
:_mod-docs-content-type: CONCEPT
[id="cluster-administrator_{context}"]
= Cluster Administrator
[options="header",cols="4*"]
|===
|Learn about {product-title} |Deploy {product-title} |Manage {product-title} |Additional resources
//Row 1
|link:https://docs.redhat.com/en/documentation/red_hat_openshift_service_on_aws_classic_architecture/4/html/architecture/rosa-architecture-models#rosa-architecture-models[{product-title} architecture]
|link:https://docs.redhat.com/en/documentation/red_hat_openshift_service_on_aws/4/html/install_clusters/rosa-hcp-sts-creating-a-cluster-quickly[Installing {product-title}]
|link:https://docs.redhat.com/en/documentation/red_hat_openshift_service_on_aws/4/html/logging/about-logging[Logging]
|link:https://docs.redhat.com/en/documentation/red_hat_openshift_service_on_aws/4/html-single/support/index#rosa-troubleshooting-installing_rosa-troubleshooting-installations[Getting support]
//Row 2
|link:https://learn.openshift.com/?extIdCarryOver=true&sc_cid=701f2000001Css5AAC[OpenShift Interactive Learning Portal]
|link:https://docs.redhat.com/en/documentation/red_hat_openshift_service_on_aws/4/html-single/storage/index#storage-overview[Storage]
|link:https://docs.redhat.com/en/documentation/red_hat_openshift_service_on_aws/4/html-single/monitoring/index#about-monitoring[About {product-title} monitoring]
link:https://docs.redhat.com/en/documentation/red_hat_openshift_service_on_aws/4/html-single/introduction_to_rosa/index#rosa-hcp-life-cycle[{product-title} life cycle]
link:https://docs.redhat.com/en/documentation/red_hat_openshift_service_on_aws/4/html/introduction_to_rosa/policies-and-service-definition#rosa-policy-responsibilities_rosa-policy-responsibility-matrix[{product-title} responsibility matrix]
|link:https://docs.redhat.com/en/documentation/red_hat_openshift_service_on_aws/4/html/backup_and_restore/oadp-application-backup-and-restore#oadp-introduction[Back up and restore]
//Row 3
|link:https://docs.redhat.com/en/documentation/red_hat_openshift_service_on_aws/4/html/introduction_to_rosa/rosa-hcp-about-iam-resources[About IAM resources]
|link:https://red.ht/rosa-roadmap[{product-title} roadmap]
|link:https://docs.redhat.com/en/documentation/red_hat_openshift_service_on_aws/4/html/introduction_to_rosa/policies-and-service-definition#about-availability-for-rosa[About availability]
|link:https://docs.redhat.com/en/documentation/red_hat_openshift_service_on_aws/4/html-single/upgrading/index#rosa-hcp-upgrading[Upgrading]
|
|
|===

28
modules/rosa-developer-topics.adoc Normal file
View File

@@ -0,0 +1,28 @@
// Module included in the following assemblies:
//
// * rosa_architecture/rosa_policy_service_definition/rosa-service-definition.adoc
:_mod-docs-content-type: CONCEPT
[id="rosa-developer-topics_{context}"]
= Developer
[options="header",cols="3*"]
|===
|Learn about application development in {product-title} |Deploy applications |Additional resources
|link:https://developers.redhat.com/[Red{nbsp}Hat Developers site]
|link:https://docs.redhat.com/en/documentation/red_hat_openshift_service_on_aws/4/html/building_applications/building-applications-overview#building-applications-overview[Building applications overview]
|link:https://docs.redhat.com/en/documentation/red_hat_openshift_service_on_aws/4/html/support/support-overview#support-overview[Getting support]
|link:https://developers.redhat.com/products/openshift-dev-spaces/overview[{openshift-dev-spaces-productname} (formerly Red{nbsp}Hat CodeReady Workspaces)]
|link:https://docs.redhat.com/en/documentation/red_hat_openshift_service_on_aws/4/html/operators/operators-overview#operators-overview[Operators overview]
|link:https://red.ht/rosa-roadmap[{product-title} roadmap]
|
|link:https://docs.redhat.com/en/documentation/red_hat_openshift_service_on_aws/4/html/images/overview-of-images#overview-of-images[Images]
|
|
|link:https://docs.redhat.com/en/documentation/red_hat_openshift_service_on_aws/4/html/cli_tools/developer-cli-odo#odo-important_update[Developer-focused CLI]
|
|===

8
modules/rosa-getting-started-learn.adoc Normal file
View File

@@ -0,0 +1,8 @@
// Module included in the following assemblies:
//
// * rosa_architecture/rosa_policy_service_definition/rosa-service-definition.adoc
:_mod-docs-content-type: CONCEPT
[id="rosa-getting-started-learn_{context}"]
= Getting started with {product-title}
Use the following sections to find content to help you learn about and use {product-title}.

20
modules/rosa-key-features.adoc Normal file
View File

@@ -0,0 +1,20 @@
// Module included in the following assemblies:
//
// * rosa_architecture/rosa_policy_service_definition/rosa-service-definition.adoc
:_mod-docs-content-type: CONCEPT
[id="rosa-key-features_{context}"]
= Key features of {product-title}
* *Cluster node scaling:* {product-title} requires a minimum of only two nodes, making it ideal for smaller projects while still being able to scale to support larger projects and enterprises. Easily add or remove compute nodes to match resource demand. Autoscaling allows you to automatically adjust the size of the cluster based on the current workload. See link:https://docs.redhat.com/en/documentation/red_hat_openshift_service_on_aws/4/html/cluster_administration/rosa-cluster-autoscaling-hcp[About autoscaling nodes on a cluster] for more details.
* *Fully managed underlying control plane infrastructure:* Control plane components, such as the API server and etcd database, are hosted in a Red{nbsp}Hat-owned AWS account.
* *Rapid provisioning time:* Provisioning time is approximately 10 minutes.
* *Continued cluster operation during upgrades:* Customers can upgrade the control plane and machine pools separately, ensuring the cluster remains operational during the upgrade process.
* *Native AWS service:* Access and use Red{nbsp}Hat OpenShift on-demand with a self-service onboarding experience through the AWS management console.
* *Flexible, consumption-based pricing:* Scale to your business needs and pay as you go with flexible pricing and an on-demand hourly or annual billing model.
* *Single bill for Red{nbsp}Hat OpenShift and AWS usage:* Customers will receive a single bill from AWS for both Red{nbsp}Hat OpenShift and AWS consumption.
* *Fully integrated support experience:* Management, maintenance, and upgrades are performed by Red{nbsp}Hat site reliability engineers (SREs) with joint Red{nbsp}Hat and Amazon support and a 99.95% service-level agreement (SLA). See the link:https://docs.redhat.com/en/documentation/red_hat_openshift_service_on_aws/4/html/support/getting-support#getting-support[{product-title} support documentation] for more details.
* *AWS service integration:* AWS has a robust portfolio of cloud services, such as compute, storage, networking, database, analytics, Virtualization and AI. All of these services are directly accessible through {product-title}. This makes it easier to build, operate, and scale globally and on-demand through a familiar management interface.
* *Maximum availability:* Deploy clusters across multiple availability zones in supported regions to maximize availability and maintain high availability for your most demanding mission-critical applications and data.
* *Optimized clusters:* Choose from memory-optimized, compute-optimized, general purpose, or accelerated EC2 instance types with clusters to meet your needs.
* *Global availability:* Refer to the link:https://docs.redhat.com/en/documentation/red_hat_openshift_service_on_aws/4/html/introduction_to_rosa/policies-and-service-definition#rosa-sdpolicy-regions-az_rosa-hcp-service-definition[product regional availability page] to see where {product-title} is available globally.

8
modules/rosa-next-steps-cluster.adoc Normal file
View File

@@ -0,0 +1,8 @@
// Module included in the following assemblies:
//
// * rosa_architecture/rosa_policy_service_definition/rosa-service-definition.adoc
:_mod-docs-content-type: CONCEPT
[id="rosa-next-steps-cluster_{context}"]
= Before creating your first {product-title} cluster
For additional information about ROSA installation, see a quick introduction to the process in link:https://www.redhat.com/en/products/interactive-walkthrough/install-rosa[Installing {product-title} interactive walkthrough].

7
modules/rosa-policy-change-management.adoc
View File

@@ -67,7 +67,12 @@ Red{nbsp}Hat does not automatically upgrade your clusters. You can schedule to u
Because the required permissions can change between y-stream releases, the AWS managed policies are automatically updated before an upgrade can be performed.
====
ifndef::openshift-dedicated[]
You can review the history of all cluster upgrade events in the {cluster-manager} web console.
endif::openshift-dedicated[]
ifdef::openshift-dedicated[]
You can review the history of all cluster upgrade events in the {cluster-manager} web console. For more information about releases, see the link:https://access.redhat.com/support/policy/updates/openshift/dedicated[Life Cycle policy].
endif::openshift-dedicated[]
[id="rosa-policy-resource-responsibilities_{context}"]
== Service and Customer resource responsibilities
@@ -239,4 +244,4 @@ applications and data hosted on the AWS Cloud.
1. For more information on authentication flow for AWS STS, see link:https://docs.redhat.com/en/documentation/openshift_container_platform/latest/html/authentication_and_authorization/managing-cloud-provider-credentials#cco-short-term-creds-auth-flow-aws-diagram_cco-short-term-creds[Authentication flow for AWS STS].
2. For more information on pruning images, see link:https://docs.redhat.com/en/documentation/openshift_container_platform/latest/html/registry/registry-overview-1#pruning-images_registry-overview[Automatically Pruning Images].
2. For more information on pruning images, see link:https://docs.redhat.com/en/documentation/openshift_container_platform/latest/html/registry/registry-overview-1#pruning-images_registry-overview[Automatically pruning Images].

9
modules/rosa-sdpolicy-account-manageme.adoc Normal file
View File

@@ -0,0 +1,9 @@
// Module included in the following assemblies:
//
// * rosa_architecture/rosa_policy_service_definition/rosa-hcp-service-definition.adoc
// * rosa_architecture/rosa_policy_service_definition/rosa-service-definition.adoc
:_mod-docs-content-type: CONCEPT
[id="rosa-sdpolicy-account-management_{context}"]
= Account management
This section provides information about the service definition for {product-title} account management.

9
modules/rosa-sdpolicy-account-management.adoc Normal file
View File

@@ -0,0 +1,9 @@
// Module included in the following assemblies:
//
// * rosa_architecture/rosa_policy_service_definition/rosa-hcp-service-definition.adoc
// * rosa_architecture/rosa_policy_service_definition/rosa-service-definition.adoc
:_mod-docs-content-type: CONCEPT
[id="rosa-sdpolicy-account-management_{context}"]
= Account management
This section provides information about the service definition for {product-title} account management.

2
modules/rosa-sdpolicy-am-cluster-self-service.adoc
View File

@@ -1,6 +1,6 @@
// Module included in the following assemblies:
//
// * rosa_architecture/rosa_policy_service_definition/rosa-hcp-service-definition.adoc
// * rosa_architecture/rosa_policy_service_definition/rosa-service-definition.adoc
:_mod-docs-content-type: CONCEPT
[id="rosa-sdpolicy-cluster-self-service_{context}"]

8
modules/sre-rosa-policy-identity-access-management.adoc Normal file
View File

@@ -0,0 +1,8 @@
// Module included in the following assemblies:
//
// * rosa_architecture/rosa_policy_service_definition/rosa-sre-access.adoc
:_mod-docs-content-type: CONCEPT
[id="rosa-policy-identity-access-management_{context}"]
= Identity and access management
Most access by Red{nbsp}Hat SRE teams is done by using cluster Operators through automated configuration management.

7
modules/sre-rosa-policy-subprocessors.adoc Normal file
View File

@@ -0,0 +1,7 @@
// Module included in the following assemblies:
//
// * rosa_architecture/rosa_policy_service_definition/rosa-sre-access.adoc
:_mod-docs-content-type: CONCEPT
[id="sre-rosa-policy-subprocessors_{context}"]
= Subprocessors
For a list of the available subprocessors, see the link:https://access.redhat.com/articles/5528091[Red{nbsp}Hat Subprocessor List] on the Red{nbsp}Hat Customer Portal.

245
rosa_architecture/about-hcp.adoc
View File

@@ -1,6 +1,7 @@
:_mod-docs-content-type: ASSEMBLY
[id="about-hcp"]
= {product-title} overview
include::_attributes/common-attributes.adoc[]
include::_attributes/attributes-openshift-dedicated.adoc[]
:context: about-hcp
@@ -10,6 +11,7 @@ include::_attributes/attributes-openshift-dedicated.adoc[]
toc::[]
[role="_abstract"]
{product-title} is a fully-managed turnkey application platform that allows you to focus on what matters most, delivering value to your customers by building and deploying applications. Red{nbsp}Hat and AWS SRE experts manage the underlying platform so you do not have to worry about infrastructure management. {product-title} provides seamless integration with a wide range of AWS compute, database, analytics, machine learning, networking, mobile, AI and other services to further accelerate the building and delivering of differentiating experiences to your customers.
{product-title} offers a reduced-cost solution to create a managed {product-title} cluster with a focus on efficiency and security. You can quickly create a new cluster and deploy applications in minutes.
@@ -20,253 +22,26 @@ You receive OpenShift updates with new feature releases and a shared, common sou
image::291_OpenShift_on_AWS_Intro_1122_docs.png[{product-title}]
{product-title} uses AWS Security Token Service (STS) with AWS IAM to obtain credentials to manage infrastructure in your AWS account. AWS STS is a global web service that creates temporary credentials for IAM users/roles or federated users/roles. {product-title} uses this to assign short-term, limited-privilege, security credentials. These credentials are associated with IAM roles that are specific to each component that makes AWS API calls. This method aligns with the principals of least privilege and secure practices in cloud service resource management. The ROSA command-line interface (CLI) tool manages the STS credentials that are assigned for unique tasks and takes action on AWS resources as part of OpenShift functionality. For a more detailed explanation, see xref:../rosa_architecture/cloud-experts-rosa-hcp-sts-explained.adoc#cloud-experts-rosa-hcp-sts-explained[AWS STS and ROSA with HCP explained].
{product-title} uses AWS Security Token Service (STS) with AWS IAM to obtain credentials to manage infrastructure in your AWS account. AWS STS is a global web service that creates temporary credentials for IAM users/roles or federated users/roles. {product-title} uses this to assign short-term, limited-privilege, security credentials. These credentials are associated with IAM roles that are specific to each component that makes AWS API calls. This method aligns with the principals of least privilege and secure practices in cloud service resource management. The ROSA command-line interface (CLI) tool manages the STS credentials that are assigned for unique tasks and takes action on AWS resources as part of OpenShift functionality. For a more detailed explanation, see xref:../rosa_architecture/cloud-experts-rosa-hcp-sts-explained.adoc#cloud-experts-rosa-hcp-sts-explained[AWS STS and {product-title} explained].
== Key features of {product-title}
* *Cluster node scaling:* {product-title} requires a minimum of only two nodes, making it ideal for smaller projects while still being able to scale to support larger projects and enterprises. Easily add or remove compute nodes to match resource demand. Autoscaling allows you to automatically adjust the size of the cluster based on the current workload. See
ifdef::openshift-rosa-hcp[]
link:https://docs.openshift.com/rosa/rosa_cluster_admin/rosa_nodes/rosa-nodes-about-autoscaling-nodes.html#rosa-nodes-about-autoscaling-nodes[About autoscaling nodes on a cluster] for more details.
endif::openshift-rosa-hcp[]
ifdef::openshift-rosa[]
xref:../rosa_cluster_admin/rosa_nodes/rosa-nodes-about-autoscaling-nodes.adoc#rosa-nodes-about-autoscaling-nodes[About autoscaling nodes on a cluster] for more details.
endif::openshift-rosa[]
* *Fully managed underlying control plane infrastructure:* Control plane components, such as the API server and etcd database, are hosted in a Red{nbsp}Hat-owned AWS account.
* *Rapid provisioning time:* Provisioning time is approximately 10 minutes.
* *Continued cluster operation during upgrades:* Customers can upgrade the control plane and machine pools separately, ensuring the cluster remains operational during the upgrade process.
* *Native AWS service:* Access and use Red{nbsp}Hat OpenShift on-demand with a self-service onboarding experience through the AWS management console.
* *Flexible, consumption-based pricing:* Scale to your business needs and pay as you go with flexible pricing and an on-demand hourly or annual billing model.
* *Single bill for Red{nbsp}Hat OpenShift and AWS usage:* Customers will receive a single bill from AWS for both Red{nbsp}Hat OpenShift and AWS consumption.
* *Fully integrated support experience:* Management, maintenance, and upgrades are performed by Red{nbsp}Hat site reliability engineers (SREs) with joint Red{nbsp}Hat and Amazon support and a 99.95% service-level agreement (SLA). See the
ifdef::openshift-rosa-hcp[]
link:https://docs.openshift.com/rosa/support/getting-support.html#getting-support[ROSA support documentation] for more details.
endif::openshift-rosa-hcp[]
ifdef::openshift-rosa[]
xref:../support/getting-support.adoc#getting-support[ROSA support documentation] for more details.
endif::openshift-rosa[]
* *AWS service integration:* AWS has a robust portfolio of cloud services, such as compute, storage, networking, database, analytics, Virtualization and AI. All of these services are directly accessible through ROSA. This makes it easier to build, operate, and scale globally and on-demand through a familiar management interface.
* *Maximum availability:* Deploy clusters across multiple availability zones in supported regions to maximize availability and maintain high availability for your most demanding mission-critical applications and data.
* *Optimized clusters:* Choose from memory-optimized, compute-optimized, general purpose, or accelerated EC2 instance types with clusters to meet your needs.
* *Global availability:* Refer to the xref:../rosa_architecture/rosa_policy_service_definition/rosa-hcp-service-definition.adoc#rosa-sdpolicy-regions-az_rosa-hcp-service-definition[product regional availability page] to see where ROSA is available globally.
include::modules/rosa-key-features.adoc[leveloffset=+1]
include::modules/rosa-sdpolicy-am-billing.adoc[leveloffset=+1]
== Getting started with {product-title}
include::modules/rosa-getting-started-learn.adoc[leveloffset=+1]
Use the following sections to find content to help you learn about and use {product-title}.
include::modules/rosa-architecture-topics.adoc[leveloffset=+2]
[id="architect"]
=== Architect
[options="header",cols="3*"]
|===
| Learn about {hcp-title} |Plan {hcp-title} deployment |Additional resources
include::modules/rosa-cluster-admin-topics.adoc[leveloffset=+2]
|
ifdef::openshift-rosa-hcp[]
link:https://docs.openshift.com/rosa/architecture/index.html#architecture-overview[Architecture overview]
endif::openshift-rosa-hcp[]
ifndef::openshift-rosa-hcp[]
xref:../architecture/index.adoc#architecture-overview[Architecture overview]
endif::openshift-rosa-hcp[]
|
ifdef::openshift-rosa-hcp[]
link:https://docs.openshift.com/rosa/rosa_backing_up_and_restoring_applications/backing-up-applications.html#rosa-backing-up-applications[Back up and restore]
endif::openshift-rosa-hcp[]
ifndef::openshift-rosa-hcp[]
xref:../backup_and_restore/application_backup_and_restore/oadp-intro.adoc#oadp-api[Back up and restore]
endif::openshift-rosa-hcp[]
ifdef::openshift-rosa-hcp[]|
xref:../rosa_architecture/rosa_policy_service_definition/rosa-hcp-life-cycle.adoc#rosa-hcp-life-cycle[{hcp-title} life cycle]
endif::openshift-rosa-hcp[]|
ifdef::openshift-rosa-hcp[]
link:https://docs.openshift.com/rosa/architecture/rosa-architecture-models.html#rosa-architecture-models[{hcp-title} architecture]
endif::openshift-rosa-hcp[]
ifndef::openshift-rosa-hcp[]
xref:../architecture/rosa-architecture-models.adoc#rosa-architecture-models[{hcp-title} architecture]
endif::openshift-rosa-hcp[]
|
ifdef::openshift-rosa-hcp[]
link:https://docs.openshift.com/rosa/rosa_architecture/rosa_policy_service_definition/rosa-policy-process-security.html#rosa-policy-process-security[Understanding process and security]
endif::openshift-rosa-hcp[]
ifndef::openshift-rosa-hcp[]
xref:../../rosa_architecture/rosa_policy_service_definition/rosa-policy-process-security.adoc#rosa-policy-process-security[Understanding process and security]
endif::openshift-rosa-hcp[]
include::modules/rosa-developer-topics.adoc[leveloffset=+2]
ifdef::openshift-rosa-hcp[]
xref:../rosa_architecture/rosa_policy_service_definition/rosa-hcp-service-definition.adoc#rosa-hcp-service-definition[{hcp-title} service definition]
endif::openshift-rosa-hcp[]
xref:../rosa_architecture/rosa_policy_service_definition/rosa-hcp-life-cycle.adoc#rosa-hcp-life-cycle[Updates lifecycle]
|
// Removed as part of OSDOCS-13310, until figures are verified.
// ifdef::openshift-rosa-hcp[]
// link:https://docs.openshift.com/rosa/rosa_planning/rosa-limits-scalability.html#rosa-limits-scalability[Limits and scalability]
// endif::openshift-rosa-hcp[]
// ifndef::openshift-rosa-hcp[]
// xref:../../rosa_planning/rosa-limits-scalability.adoc#rosa-limits-scalability[Limits and scalability]
// endif::openshift-rosa-hcp[]
|
ifdef::openshift-rosa-hcp[]
link:https://docs.openshift.com/rosa/support/index.html#support-overview[Getting support]
endif::openshift-rosa-hcp[]
ifndef::openshift-rosa-hcp[]
xref:../support/index.adoc#support-overview[Getting support]
endif::openshift-rosa-hcp[]
|
|
| link:https://red.ht/rosa-roadmap[ROSA roadmap]
|===
[id="cluster-administrator"]
=== Cluster Administrator
[options="header",cols="4*"]
|===
|Learn about {hcp-title} |Deploy {hcp-title} |Manage {hcp-title} |Additional resources
|
ifdef::openshift-rosa-hcp[]
link:https://docs.openshift.com/rosa/architecture/rosa-architecture-models.html#rosa-architecture-models[{product-title} architecture]
endif::openshift-rosa-hcp[]
ifndef::openshift-rosa-hcp[]
xref:../architecture/rosa-architecture-models.adoc#rosa-architecture-models[{product-title} architecture]
endif::openshift-rosa-hcp[]
|
xref:../rosa_hcp/rosa-hcp-sts-creating-a-cluster-quickly.adoc#rosa-hcp-sts-creating-a-cluster-quickly[Installing {product-title}]
|
ifdef::openshift-rosa-hcp[]
link:https://docs.openshift.com/rosa/observability/logging/cluster-logging.html#cluster-logging[Logging]
endif::openshift-rosa-hcp[]
ifndef::openshift-rosa-hcp[]
xref:../observability/logging/cluster-logging.adoc#cluster-logging[Logging]
endif::openshift-rosa-hcp[]
|
ifdef::openshift-rosa-hcp[]
link:https://docs.openshift.com/rosa/support/index.html#support-overview[Getting Support]
endif::openshift-rosa-hcp[]
ifndef::openshift-rosa-hcp[]
xref:../support/index.adoc#support-overview[Getting Support]
endif::openshift-rosa-hcp[]
| link:https://learn.openshift.com/?extIdCarryOver=true&sc_cid=701f2000001Css5AAC[OpenShift Interactive Learning Portal]
|
xref:../storage/index.adoc#storage-overview[Storage]
|
ifdef::openshift-rosa-hcp[]
link:https://docs.openshift.com/rosa/observability/monitoring/about-openshift-container-platform-monitoring.html#about-ocp-monitoring[About {product-title} monitoring]
endif::openshift-rosa-hcp[]
ifndef::openshift-rosa-hcp[]
xref:../observability/monitoring/about-ocp-monitoring/about-ocp-monitoring.adoc#about-ocp-monitoring[About {product-title} monitoring]
endif::openshift-rosa-hcp[]
ifdef::openshift-rosa-hcp[]
xref:../rosa_architecture/rosa_policy_service_definition/rosa-hcp-life-cycle.adoc#rosa-hcp-life-cycle[{product-title}life cycle]
endif::openshift-rosa-hcp[]
ifdef::openshift-rosa-hcp[]
link:https://docs.openshift.com/rosa/rosa_architecture/rosa_policy_service_definition/rosa-policy-responsibility-matrix.html#rosa-policy-responsibility-matrix[ROSA responsibility matrix]
endif::openshift-rosa-hcp[]
ifndef::openshift-rosa-hcp[]
xref:../../rosa_architecture/rosa_policy_service_definition/rosa-policy-responsibility-matrix.adoc#rosa-policy-responsibility-matrix[ROSA responsibility matrix]
endif::openshift-rosa-hcp[]
|
ifdef::openshift-rosa-hcp[]
link:https://docs.openshift.com/rosa/rosa_backing_up_and_restoring_applications/backing-up-applications.html#rosa-backing-up-applications[Back up and restore]
endif::openshift-rosa-hcp[]
ifndef::openshift-rosa-hcp[]
xref:../backup_and_restore/application_backup_and_restore/oadp-intro.adoc#oadp-api[Back up and restore]
endif::openshift-rosa-hcp[]
|
ifdef::openshift-rosa-hcp[]
link:https://docs.openshift.com/rosa/rosa_architecture/rosa-sts-about-iam-resources.html#rosa-sts-about-iam-resources[About IAM resources]
endif::openshift-rosa-hcp[]
ifndef::openshift-rosa-hcp[]
xref:../rosa_architecture/rosa-sts-about-iam-resources.adoc#rosa-sts-about-iam-resources[About IAM resources]
endif::openshift-rosa-hcp[]
|link:https://red.ht/rosa-roadmap[ROSA roadmap]
|
ifdef::openshift-rosa-hcp[]
link:https://docs.openshift.com/rosa/rosa_architecture/rosa_policy_service_definition/rosa-policy-understand-availability.html#rosa-policy-understand-availability[About availability]
endif::openshift-rosa-hcp[]
ifndef::openshift-rosa-hcp[]
xref:../../rosa_architecture/rosa_policy_service_definition/rosa-policy-understand-availability.adoc#rosa-policy-understand-availability[About availability]
endif::openshift-rosa-hcp[]
//adding condition to get hcp upgrading PR built
ifdef::openshift-rosa-hcp[]
|xref:../upgrading/rosa-hcp-upgrading.adoc#rosa-hcp-upgrading[Upgrading]
endif::openshift-rosa-hcp[]
|
|
|===
[id="Developer"]
=== Developer
[options="header",cols="3*"]
|===
|Learn about application development in {product-title} |Deploy applications |Additional resources
| link:https://developers.redhat.com/[Red{nbsp}Hat Developers site]
|
ifdef::openshift-rosa-hcp[]
link:https://docs.openshift.com/rosa/applications/index.html#building-applications-overview[Building applications overview]
endif::openshift-rosa-hcp[]
ifndef::openshift-rosa-hcp[]
xref:../applications/index.adoc#building-applications-overview[Building applications overview]
endif::openshift-rosa-hcp[]
|
ifdef::openshift-rosa-hcp[]
link:https://docs.openshift.com/rosa/support/index.html#support-overview[Getting support]
endif::openshift-rosa-hcp[]
ifndef::openshift-rosa-hcp[]
xref:../support/index.adoc#support-overview[Getting support]
endif::openshift-rosa-hcp[]
| link:https://developers.redhat.com/products/openshift-dev-spaces/overview[{openshift-dev-spaces-productname} (formerly Red{nbsp}Hat CodeReady Workspaces)]
|
ifdef::openshift-rosa-hcp[]
link:https://docs.openshift.com/rosa/operators/index.html#operators-overview[Operators overview]
endif::openshift-rosa-hcp[]
ifndef::openshift-rosa-hcp[]
xref:../operators/index.adoc#operators-overview[Operators overview]
endif::openshift-rosa-hcp[]
| link:https://red.ht/rosa-roadmap[ROSA roadmap]
|
|
ifdef::openshift-rosa-hcp[]
link:https://docs.openshift.com/rosa/openshift_images/index.html#overview-of-images[Images]
endif::openshift-rosa-hcp[]
ifndef::openshift-rosa-hcp[]
xref:../openshift_images/index.adoc#overview-of-images[Images]
endif::openshift-rosa-hcp[]
|
|
|
ifdef::openshift-rosa-hcp[]
link:https://docs.openshift.com/rosa/cli_reference/odo-important-update.html#odo-important_update[Developer-focused CLI]
endif::openshift-rosa-hcp[]
ifndef::openshift-rosa-hcp[]
xref:../cli_reference/odo-important-update.adoc#odo-important_update[Developer-focused CLI]
endif::openshift-rosa-hcp[]
|
|===
=== Before creating your first {product-title} cluster
//Per PM review, commented out until we get a valid ROSA HCP demo.
// Watch a link:https://youtu.be/KbzUbXWs6Ck[demo] of the cluster deployment process.
For additional information about ROSA installation, see a qucik introdcution to the process in link:https://www.redhat.com/en/products/interactive-walkthrough/install-rosa[Installing {product-title} interactive walkthrough].
include::modules/rosa-next-steps-cluster.adoc[leveloffset=+2]
[role="_additional-resources"]
== Additional resources
* link:https://www.openshift.com/products/amazon-openshift[ROSA product page]
* link:https://www.openshift.com/products/amazon-openshift[{product-title} product page]
* link:https://aws.amazon.com/rosa/[AWS product page]
* link:https://access.redhat.com/products/red-hat-openshift-service-aws[Red{nbsp}Hat Customer Portal]
* link:https://learn.openshift.com[Learn about OpenShift]

2
rosa_architecture/cloud-experts-rosa-hcp-sts-explained.adoc
View File

@@ -1,6 +1,7 @@
:_mod-docs-content-type: ASSEMBLY
[id="cloud-experts-rosa-hcp-sts-explained"]
= AWS STS and ROSA with HCP explained
include::_attributes/common-attributes.adoc[]
include::_attributes/attributes-openshift-dedicated.adoc[]
:context: cloud-experts-rosa-hcp-sts-explained
@@ -11,6 +12,7 @@ toc::[]
//Brought into ROSA product docs 2023-10-26
//Modified for HCP 2024-4-16
[role="_abstract"]
{hcp-title-first} uses an AWS (Amazon Web Services) Security Token Service (STS) for AWS Identity Access Management (IAM) to obtain the necessary credentials to interact with resources in your AWS account.
[id="credential-methods-rosa-hcp"]

328
rosa_architecture/index.adoc
View File

@@ -1,334 +1,12 @@
:_mod-docs-content-type: ASSEMBLY
[id="welcome-index"]
= {product-title} {product-version} Documentation
include::_attributes/common-attributes.adoc[]
:context: welcome-index
{toc}
{toc-title}
toc::[]
[role="_abstract"]
[.lead]
ifndef::openshift-rosa,openshift-rosa-hcp,openshift-telco[]
Welcome to the official {product-title} {product-version} documentation, where you can learn about {product-title} and start exploring its features.
endif::openshift-rosa,openshift-rosa-hcp,openshift-telco[]
ifdef::openshift-rosa[]
Welcome to the official {product-title} (ROSA) documentation, where you can learn about ROSA and start exploring its features.
To learn about ROSA, interacting with ROSA by using {cluster-manager-first} and command-line interface (CLI) tools, consumption experience, and integration with Amazon Web Services (AWS) services, start with xref:../rosa_architecture/rosa-understanding.adoc#rosa-understanding[the Introduction to ROSA documentation].
image::291_OpenShift_on_AWS_Intro_1122_docs.png[{product-title}]
To navigate the ROSA documentation, use the left navigation bar.
endif::openshift-rosa[]
ifdef::openshift-rosa-hcp[]
Welcome to the official {product-title} documentation, where you can learn about {product-title} and start exploring its features.
endif::openshift-rosa-hcp[]
ifndef::openshift-rosa,openshift-rosa-hcp[]
ifndef::openshift-rosa,openshift-rosa-hcp,openshift-dedicated,openshift-dpu,openshift-telco[]
To navigate the {product-title} {product-version} documentation, you can use one of the following methods:
* Use the left navigation bar to browse the documentation.
* Select the task that interests you from the contents of this Welcome page.
endif::openshift-rosa,openshift-rosa-hcp,openshift-dedicated,openshift-dpu,openshift-telco[]
ifdef::openshift-dpu[]
To navigate the {product-title} data processing unit (DPU) documentation, use the left navigation bar.
For documentation that is not DPU-specific, see the link:https://docs.openshift.com/container-platform/latest/welcome/index.html[{product-title} documentation].
endif::[]
ifdef::openshift-telco[]
[.lead]
[IMPORTANT]
====
The telco core and telco RAN DU reference design specifications (RDS) are no longer published at this location.
For the latest version of the telco RDS, see link:https://docs.openshift.com/container-platform/{product-version}/scalability_and_performance/telco_ref_design_specs/telco-ref-design-specs-overview.html[Telco core and RAN DU reference design specifications].
====
endif::[]
ifdef::openshift-dedicated[]
To navigate the {product-title} documentation, use the left navigation bar.
endif::[]
ifdef::openshift-enterprise,openshift-webscale,openshift-origin[]
Start with xref:../architecture/architecture.adoc#architecture-overview-architecture[Architecture] and
xref:../security/container_security/security-understanding.adoc#understanding-security[Security and compliance].
ifdef::openshift-enterprise,openshift-webscale[]
Next, view the
xref:../release_notes/ocp-4-15-release-notes.adoc#ocp-4-15-release-notes[release notes].
endif::[]
ifdef::openshift-online,openshift-aro[]
Start with **xref:../architecture/architecture.adoc#architecture-overview-architecture[Architecture]**.
endif::[]
ifdef::openshift-enterprise,openshift-webscale,openshift-origin[]
== Cluster installer activities
Explore the following {product-title} installation tasks:
- **xref:../installing/overview/index.adoc#ocp-installation-overview[{product-title} installation overview]**: Depending on the platform, you can install {product-title} on installer-provisioned or user-provisioned infrastructure. The {product-title} installation program provides the flexibility to deploy {product-title} on a range of different platforms.
// PR open https://github.com/openshift/openshift-docs/pull/77474
//- **xref:../installing/installing_alibaba/installing-alibaba-assisted-installer[Installing a cluster on {alibaba} by using the Assisted Installer]**: On {alibaba}, you can install {product-title} by using the Assisted Installer. This is currently a Technology Preview feature only.
- **xref:../installing/installing_aws/preparing-to-install-on-aws.adoc#preparing-to-install-on-aws[Install a cluster on {aws-short}]**: On AWS, you can install {product-title} on installer-provisioned infrastructure or user-provisioned infrastructure.
- **xref:../installing/installing_azure/preparing-to-install-on-azure.adoc#preparing-to-install-on-azure[Install a cluster on {azure-full}]**: On Microsoft Azure, you can install {product-title} on installer-provisioned infrastructure or user-provisioned infrastructure.
- **xref:../installing/installing_azure_stack_hub/preparing-to-install-on-azure-stack-hub.adoc#preparing-to-install-on-azure-stack-hub[Install a cluster on {azure-full} Stack Hub]**: On Microsoft Azure Stack Hub, you can install {product-title} on installer-provisioned infrastructure or user-provisioned infrastructure.
- **xref:../installing/installing_on_prem_assisted/installing-on-prem-assisted.adoc#using-the-assisted-installer_installing-on-prem-assisted[Installing {product-title} with the Assisted Installer]**: The Assisted Installer is an installation solution that is provided on the Red Hat {hybrid-console}. The Assisted Installer supports installing an {product-title} cluster on multiple platforms.
- **xref:../installing/installing_with_agent_based_installer/installing-with-agent-based-installer.adoc#installing-ocp-agent_installing-with-agent-based-installer[Installing {product-title} with the Agent-based Installer]**: You can use the Agent-based Installer to generate a bootable ISO image that contains the Assisted discovery agent, the Assisted Service, and all the other information required to deploy an {product-title} cluster. The Agent-based Installer leverages the advantages of the Assisted Installer in a disconnected environment
- **xref:../installing/installing_bare_metal/preparing-to-install-on-bare-metal.adoc#preparing-to-install-on-bare-metal[Install a cluster on bare metal]**: On bare metal, you can install {product-title} on installer-provisioned infrastructure or user-provisioned infrastructure. If none of the available platform and cloud provider deployment options meet your needs, consider using bare metal user-provisioned infrastructure.
- **xref:../installing/installing_gcp/preparing-to-install-on-gcp.adoc#preparing-to-install-on-gcp[Install a cluster on {gcp-short}]**: On {gcp-first} you can install {product-title} on installer-provisioned infrastructure or user-provisioned infrastructure.
ifndef::openshift-origin[]
- **xref:../installing/installing_ibm_cloud/preparing-to-install-on-ibm-cloud.adoc#preparing-to-install-on-ibm-cloud[Install a cluster on {ibm-cloud-name}]**: On {ibm-cloud-name}, you can install {product-title} on installer-provisioned infrastructure.
- **xref:../installing/installing_ibm_powervs/preparing-to-install-on-ibm-power-vs.adoc#preparing-to-install-on-ibm-power-vs[Install a cluster on {ibm-power-name} Virtual Server]**: On {ibm-power-name} Virtual Server, you can install {product-title} on installer-provisioned infrastructure.
- **xref:../installing/installing_ibm_power/installing-ibm-power.adoc#installing-ibm-power[Install a cluster on {ibm-power-name}]**: On {ibm-power-name}, you can install {product-title} on user-provisioned infrastructure.
- **xref:../installing/installing_ibm_z/preparing-to-install-on-ibm-z.adoc#preparing-to-install-on-ibm-z[Install a cluster on {ibm-z-name} and {ibm-linuxone-name}]**: On {ibm-z-name} and {ibm-linuxone-name}, you can install {product-title} on user-provisioned infrastructure.
endif::openshift-origin[]
- **Install a cluster on {oci-first}**: You can use the {ai-full} or the Agent-based Installer to install a cluster on {oci}. This means that you can run cluster workloads on infrastructure that supports dedicated, hybrid, public, and multiple cloud environments. See xref:../installing/installing_oci/installing-oci-assisted-installer.adoc#installing-oci-assisted-installer[Installing a cluster on {oci-first-no-rt} by using the {ai-full}] and xref:../installing/installing_oci/installing-oci-agent-based-installer.adoc#installing-oci-agent-based-installer[Installing a cluster on {oci-first-no-rt} by using the Agent-based Installer].
- **xref:../installing/installing_nutanix/preparing-to-install-on-nutanix.adoc#preparing-to-install-nutanix[Install a cluster on Nutanix]**: On Nutanix, you can install a cluster on your {product-title} on installer-provisioned infrastructure.
- **xref:../installing/installing_openstack/preparing-to-install-on-openstack.adoc#preparing-to-install-on-openstack[Install a cluster on {rh-openstack-first}]**: On {rh-openstack}, you can install {product-title} on installer-provisioned infrastructure or user-provisioned infrastructure.
- **xref:../installing/installing_vsphere/ipi/installing-vsphere-installer-provisioned.adoc#installing-vsphere-installer-provisioned[Install a cluster on {vmw-full}]**: You can install {product-title} on supported versions of {vmw-short}.
== Other cluster installer activities
ifndef::openshift-origin[]
- **Install a cluster in a restricted network**: If your cluster uses
user-provisioned infrastructure on
xref:../installing/installing_aws/upi/installing-restricted-networks-aws.adoc#installing-restricted-networks-aws[{aws-first}],
xref:../installing/installing_gcp/installing-restricted-networks-gcp.adoc#installing-restricted-networks-gcp[{gcp-short}],
xref:../installing/installing_vsphere/upi/installing-restricted-networks-vsphere.adoc#installing-restricted-networks-vsphere[{vmw-short}], xref:../installing/installing_ibm_cloud/installing-ibm-cloud-restricted.adoc#installing-ibm-cloud-restricted[{ibm-cloud-name}], xref:../installing/installing_ibm_z/preparing-to-install-on-ibm-z.adoc#preparing-to-install-on-ibm-z[{ibm-z-name} and {ibm-linuxone-name}], xref:../installing/installing_ibm_power/installing-restricted-networks-ibm-power.adoc#installing-restricted-networks-ibm-power[{ibm-power-name}],
or
xref:../installing/installing_bare_metal/installing-restricted-networks-bare-metal.adoc#installing-restricted-networks-bare-metal[bare metal] and the cluster
does not have full access to the internet, you must mirror the {product-title} installation images. To do this action, use one of the following methods, so that you can install a cluster in a restricted network.
*** xref:../disconnected/installing-mirroring-installation-images.adoc#installing-mirroring-installation-images[Mirroring images for a disconnected installation]
*** xref:../disconnected/about-installing-oc-mirror-v2.adoc#about-installing-oc-mirror-v2[Mirroring images for a disconnected installation by using the oc-mirror plugin v2]
endif::openshift-origin[]
ifdef::openshift-origin[]
- **Install a cluster in a restricted network**: If your cluster that uses
user-provisioned infrastructure on
xref:../installing/installing_aws/upi/installing-restricted-networks-aws.adoc#installing-restricted-networks-aws[{aws-first}],
xref:../installing/installing_gcp/installing-restricted-networks-gcp.adoc#installing-restricted-networks-gcp[{gcp-short}],
or
xref:../installing/installing_bare_metal/installing-restricted-networks-bare-metal.adoc#installing-restricted-networks-bare-metal[bare metal]
does not have full access to the internet, then
xref:../disconnected/installing-mirroring-installation-images.adoc#installing-mirroring-installation-images[mirror the {product-title} installation images] and install a cluster in a restricted network.
endif::openshift-origin[]
- **Install a cluster in an existing network**: If you use an existing Virtual Private Cloud (VPC) in
xref:../installing/installing_aws/ipi/installing-aws-vpc.adoc#installing-aws-vpc[{aws-first}] or
xref:../installing/installing_gcp/installing-gcp-vpc.adoc#installing-gcp-vpc[{gcp-short}] or an existing
xref:../installing/installing_azure/ipi/installing-azure-vnet.adoc#installing-azure-vnet[VNet]
on Microsoft Azure, you can install a cluster. Also consider xref:../installing/installing_gcp/installing-gcp-shared-vpc.adoc#installation-gcp-shared-vpc-prerequisites_installing-gcp-shared-vpc[Installing a cluster on {gcp-short} into a shared VPC]
- **Install a private cluster**: If your cluster does not require external
internet access, you can install a private cluster on
xref:../installing/installing_aws/ipi/installing-aws-private.adoc#installing-aws-private[{aws-first}],
xref:../installing/installing_azure/ipi/installing-azure-private.adoc#installing-azure-private[{azure-full}],
xref:../installing/installing_gcp/installing-gcp-private.adoc#installing-gcp-private[{gcp-short}], or
xref:../installing/installing_ibm_cloud/preparing-to-install-on-ibm-cloud.adoc#preparing-to-install-on-ibm-cloud[{ibm-cloud-name}]. Internet access is still required to access the cloud APIs and installation media.
- **xref:../installing/installing_bare_metal/installing-bare-metal.adoc#rhcos-install-iscsi-manual_installing-bare-metal[Installing RHCOS manually on an iSCSI boot device] and xref:../installing/installing_bare_metal/installing-bare-metal.adoc#rhcos-install-iscsi-ibft_installing-bare-metal[Installing RHCOS on an iSCSI boot device using iBFT]**: You can target iSCSI devices as the root disk for installation of {op-system}. Multipathing is also supported.
- **xref:../installing/installing-troubleshooting.adoc#installing-troubleshooting[Check installation logs]**: Access installation logs to evaluate issues that occur during {product-title} installation.
- **xref:../web_console/web-console.adoc#web-console[Access {product-title}]**: Use credentials output at the end of the installation process to log in to the {product-title} cluster from the command line or web console.
- **xref:../storage/persistent_storage/persistent-storage-ocs.adoc#red-hat-openshift-data-foundation[Install Red Hat OpenShift Data Foundation]**: You can install {rh-storage-first} as an Operator to provide highly integrated and simplified persistent storage management for containers.
- **xref:../machine_configuration/mco-coreos-layering.adoc#mco-coreos-layering[{image-mode-os-lower}]**: As a post-installation task, you can add new images on top of the base {op-system} image. This layering does not modify the base {op-system} image. Instead, the layering creates a custom layered image that includes all {op-system} functions and adds additional functions to specific nodes in the cluster.
endif::[]
ifndef::openshift-rosa,openshift-rosa-hcp,openshift-dedicated,openshift-dpu,microshift[]
== Developer activities
Develop and deploy containerized applications with {product-title}. {product-title} is a platform for developing and deploying containerized applications. Read the following {product-title} documentation, so that you can better understand {product-title} functions:
- **xref:../architecture/understanding-development.adoc#understanding-development[Understand {product-title} development]**: Learn the different types of containerized applications, from simple containers to advanced Kubernetes deployments and Operators.
- **xref:../applications/projects/working-with-projects.adoc#working-with-projects[Work with projects]**: Create projects from the {product-title} web console or OpenShift CLI (`oc`) to organize and share the software you develop.
- **xref:../applications/creating_applications/odc-creating-applications-using-developer-perspective.adoc#odc-creating-applications-using-developer-perspective[Creating applications using the Developer perspective]**: Use the *Developer* perspective in the {product-title} web console to easily create and deploy applications.
- **xref:../applications/odc-viewing-application-composition-using-topology-view.adoc#odc-viewing-application-topology_viewing-application-composition-using-topology-view[Viewing application composition using the Topology view]**: Use the *Topology* view to visually interact with your applications, monitor status, connect and group components, and modify your code base.
- **link:https://docs.openshift.com/pipelines/latest/create/creating-applications-with-cicd-pipelines.html#creating-applications-with-cicd-pipelines[Create CI/CD Pipelines]**: Pipelines are serverless, cloud-native, continuous integration and continuous deployment systems that run in isolated containers.
Pipelines use standard Tekton custom resources to automate deployments and are designed for decentralized teams that work on microservice-based architecture.
ifdef::openshift-enterprise,openshift-webscale,openshift-origin[]
- **link:https://docs.openshift.com/gitops/latest/understanding_openshift_gitops/about-redhat-openshift-gitops.html#about-redhat-openshift-gitops[Manage your infrastructure and application configurations]**: GitOps is a declarative way to implement continuous deployment for cloud native applications. GitOps defines infrastructure and application definitions as code. GitOps uses this code to manage multiple workspaces and clusters to simplify the creation of infrastructure and application configurations. GitOps also handles and automates complex deployments at a fast pace, which saves time during deployment and release cycles.
- **xref:../applications/working_with_helm_charts/configuring-custom-helm-chart-repositories.adoc#installing-a-helm-chart-on-an-openshift-cluster_configuring-custom-helm-chart-repositories[Deploy Helm charts]**:
xref:../applications/working_with_helm_charts/understanding-helm.adoc#understanding-helm[Helm] is a software package manager that simplifies deployment of applications and services to {product-title} clusters. Helm uses a packaging format called _charts_. A Helm chart is a collection of files that describes the {product-title} resources.
- **xref:../cicd/builds/understanding-image-builds.adoc#understanding-image-builds[Understand image builds]**: Choose from different build strategies (Docker, S2I, custom, and pipeline) that can include different kinds of source materials, such as Git repositories, local binary inputs, and external artifacts. You can follow examples of build types from basic builds to advanced builds.
- **xref:../openshift_images/index.adoc#overview-of-images[Create container images]**: A container image is the most basic building block in {product-title} and Kubernetes applications. By defining image streams, you can gather multiple versions of an image in one place as you continue to develop the image stream. With S2I containers, you can insert your source code into a base container. The base container is configured to run code of a particular type, such as Ruby, Node.js, or Python.
- **xref:../applications/deployments/what-deployments-are.adoc#what-deployments-are[Create deployments]**: Use `Deployment` objects to exert fine-grained management over applications. Deployments create replica sets according to the rollout strategy, which orchestrates pod lifecycles.
- **xref:../applications/creating_applications/using-templates.adoc#using-templates[Create templates]**: Use existing templates or create your own templates that describe how an application is built or deployed. A template can combine images with descriptions, parameters, replicas, exposed ports and other content that defines how an application can be run or built.
- **xref:../operators/understanding/olm-what-operators-are.adoc#olm-what-operators-are[Understand Operators]**: Operators are the preferred method for creating on-cluster applications for {product-title} {product-version}. Learn about the Operator Framework and how to deploy applications by using installed Operators into your projects.
- **Reference the xref:../rest_api/overview/index.adoc#api-index[REST API index]**: Learn about {product-title} application programming interface endpoints.
// Need to provide a link closer to 4.15 GA
- **Software Supply Chain Security enhancements**: The PipelineRun *details* page in the *Developer* or *Administrator* perspective of the web console provides a visual representation of identified vulnerabilities, which are categorized by severity. Additionally, these enhancements provide an option to download or view Software Bill of Materials (SBOMs) for enhanced transparency and control within your supply chain. Learn about link:https://docs.openshift.com/pipelines/1.13/secure/setting-up-openshift-pipelines-to-view-software-supply-chain-security-elements.html[setting up OpenShift Pipelines in the web console to view Software Supply Chain Security elements].
endif::openshift-enterprise,openshift-webscale,openshift-origin[]
endif::openshift-rosa,openshift-rosa-hcp,openshift-dedicated,openshift-dpu,microshift[]
ifdef::openshift-dedicated[]
== Developer activities
{product-title} is a platform for developing and deploying containerized applications. Read the following {product-title} documentation, so that you can better understand {product-title} functions:
- *Understand {product-title} development*: Learn the different types of containerized applications, from simple containers to advanced Kubernetes deployments and Operators.
- *Work with projects*: Create projects from the web console or CLI to organize and share the software you develop.
- *Work with applications*: Use the *Developer* perspective in the {product-title} web console to easily create and deploy applications. Use the *Topology* view to visually interact with your applications, monitor status, connect and group components, and modify your code base.
- *Create CI/CD Pipelines*: Pipelines are serverless, cloud-native, continuous integration and continuous deployment systems that run in isolated containers. Pipelines use standard Tekton custom resources to automate deployments and are designed for decentralized teams that work on microservices-based architecture.
- *Understand Operators*: Operators are the preferred method for creating on-cluster applications for {product-title} {product-version}. Learn about the Operator Framework and how to deploy applications by using installed Operators into your projects.
- *Understand image builds*: Choose from different build strategies (Docker, S2I, custom, and pipeline) that can include different kinds of source materials, such as Git repositories, local binary inputs, and external artifacts. You can follow examples of build types from basic builds to advanced builds.
- *Create container images*: A container image is the most basic building block in {product-title} (and Kubernetes) applications. By defining image streams, you can gather multiple versions of an image in one place as you continue its development. With S2I containers, you can insert your source code into a base container that is set up to run code of a particular type (such as Ruby, Node.js, or Python).
- *Create deployments*: Use `Deployment` objects to exert fine-grained management over applications. Deployments create replica sets according to the rollout strategy, which orchestrates pod lifecycles.
- *Create templates*: Use existing templates or create your own templates that describe how an application is built or deployed. A template can combine images with descriptions, parameters, replicas, exposed ports and other content that defines how an application can be run or built.
endif::openshift-dedicated[]
ifdef::openshift-enterprise,openshift-webscale,openshift-origin[]
== Cluster administrator activities
Manage machines, provide services to users, and follow monitoring and logging reports. Read the following {product-title} documentation, so that you can better understand {product-title} functions:
- **xref:../architecture/architecture.adoc#architecture-overview-architecture[Understand {product-title} management]**: Learn about components of the {product-title} {product-version} control plane. See how {product-title} control plane and compute nodes are managed and updated through the xref:../machine_management/index.adoc#machine-api-overview_overview-of-machine-management[Machine API] and xref:../architecture/control-plane.adoc#operators-overview_control-plane[Operators].
- **xref:../installing/overview/cluster-capabilities.adoc#cluster-capabilities[Cluster capabilities]**: As a cluster administrator, you can enable cluster capabilities that were disabled before installation.
=== Manage cluster components
- **Manage machines**: Manage xref:../machine_management/index.adoc#machine-mgmt-intro-managing-compute_overview-of-machine-management[compute] and xref:../machine_management/index.adoc#machine-mgmt-intro-managing-control-plane_overview-of-machine-management[control plane] machines in your cluster with machine sets, by xref:../machine_management/deploying-machine-health-checks.adoc#deploying-machine-health-checks[deploying health checks], and xref:../machine_management/applying-autoscaling.adoc#applying-autoscaling[applying autoscaling].
- **xref:../registry/index.adoc#registry-overview[Manage container registries]**: Each {product-title} cluster includes a built-in container registry for storing its images. You can also configure a separate link:https://access.redhat.com/documentation/en-us/red_hat_quay/[{quay}] registry to use with {product-title}. The link:https://quay.io[Quay.io] website provides a public container registry that stores {product-title} containers and Operators.
- **xref:../authentication/understanding-authentication.adoc#understanding-authentication[Manage users and groups]**: Add users and groups with different levels of permissions to use or modify clusters.
- **xref:../authentication/understanding-authentication.adoc#understanding-authentication[Manage authentication]**: Learn how user, group, and API authentication works in {product-title}. {product-title} supports xref:../authentication/understanding-identity-provider.adoc#supported-identity-providers[multiple identity providers].
- **Manage xref:../security/certificates/replacing-default-ingress-certificate.adoc#replacing-default-ingress[ingress], xref:../security/certificates/api-server.adoc#api-server-certificates[API server], and xref:../../security/certificates/service-serving-certificate.adoc#add-service-serving[service] certificates**: {product-title} creates certificates by default for the Ingress Operator, the API server, and for services needed by complex middleware applications that require encryption. You might need to change, add, or rotate these certificates.
- **xref:../networking/understanding-networking.adoc#understanding-networking[Manage networking]**: The cluster network in {product-title} is managed by the xref:../networking/networking_operators/cluster-network-operator.adoc#nw-cluster-network-operator_cluster-network-operator[Cluster Network Operator] (CNO). The Multus Container Network Interface adds the capability to attach xref:../networking/multiple_networks/understanding-multiple-networks.adoc#understanding-multiple-networks[multiple network interfaces] to a pod. By using
xref:../networking/network_security/network_policy/about-network-policy.adoc#about-network-policy[network policy] features, you can isolate your pods or permit selected traffic.
- **xref:../operators/understanding/olm-understanding-software-catalog.adoc#olm-understanding-software-catalog[Manage Operators]**: Lists of Red Hat, ISV, and community Operators can be reviewed by cluster administrators and xref:../operators/admin/olm-adding-operators-to-cluster.adoc#olm-adding-operators-to-a-cluster[installed on their clusters]. After you install them, you can xref:../operators/user/olm-creating-apps-from-installed-operators.adoc#olm-creating-apps-from-installed-operators[run], xref:../operators/admin/olm-upgrading-operators.adoc#olm-upgrading-operators[upgrade], back up, or otherwise manage the Operator on your cluster.
- **xref:../windows_containers/understanding-windows-container-workloads.adoc#understanding-windows-container-workloads_understanding-windows-container-workloads[Understanding Windows container workloads]**. You can use the {productwinc} feature to run Windows compute nodes in an {product-title} cluster. This is possible by using the Red Hat Windows Machine Config Operator (WMCO) to install and manage Windows nodes.
=== Change cluster components
- **xref:../operators/understanding/crds/crd-extending-api-with-crds.adoc#crd-extending-api-with-crds[Use custom resource definitions (CRDs) to modify the cluster]**: Cluster features implemented with Operators can be modified with CRDs. Learn to xref:../operators/understanding/crds/crd-extending-api-with-crds.adoc#crd-creating-custom-resources-definition_crd-extending-api-with-crds[create a CRD] and xref:../operators/understanding/crds/crd-managing-resources-from-crds.adoc#crd-managing-resources-from-crds[manage resources from CRDs].
ifdef::openshift-enterprise,openshift-webscale,openshift-origin[]
- **xref:../applications/quotas/quotas-setting-per-project.adoc#quotas-setting-per-project[Set resource quotas]**: Choose from CPU, memory, and other system resources to xref:../applications/quotas/quotas-setting-per-project.adoc#quotas-setting-per-project[set quotas].
endif::openshift-enterprise,openshift-webscale,openshift-origin[]
- **xref:../applications/pruning-objects.adoc#pruning-objects[Prune and reclaim resources]**: Reclaim space by pruning unneeded Operators, groups, deployments, builds, images, registries, and cron jobs.
- **xref:../scalability_and_performance/recommended-performance-scale-practices/recommended-infrastructure-practices.adoc#scaling-cluster-monitoring-operator[Scale] and xref:../scalability_and_performance/using-node-tuning-operator.adoc#using-node-tuning-operator[tune] clusters**: Set cluster limits, tune nodes, scale cluster monitoring, and optimize networking, storage, and routes for your environment.
// Added context here.
- **xref:../updating/understanding_updates/intro-to-updates.adoc#understanding-openshift-updates[Update a cluster]**:
Use the Cluster Version Operator (CVO) to upgrade your {product-title} cluster. If an update is available from the OpenShift Update Service (OSUS), you apply that cluster update from the {product-title} xref:../updating/updating_a_cluster/updating-cluster-web-console.adoc#updating-cluster-web-console[web console] or the xref:../updating/updating_a_cluster/updating-cluster-cli.adoc#updating-cluster-cli[OpenShift CLI] (`oc`).
- **xref:../disconnected/updating/index.adoc#about-disconnected-updates[Using the OpenShift Update Service in a disconnected environment]**: You can use the OpenShift Update Service for recommending {product-title} updates in disconnected environments.
- **xref:../nodes/clusters/nodes-cluster-worker-latency-profiles.adoc#nodes-cluster-worker-latency-profiles[Improving cluster stability in high latency environments by using worker latency profiles]**: If your network has latency issues, you can use one of three worker latency profiles to help ensure that your control plane does not accidentally evict pods in case it cannot reach a worker node. You can configure or modify the profile at any time during the life of the cluster.
=== Observe a cluster
- **xref:../observability/distr_tracing/distr_tracing_arch/distr-tracing-architecture.adoc#distr-tracing-architecture[Red Hat OpenShift distributed tracing platform]**: Store and visualize large volumes of requests passing through distributed systems, across the whole stack of microservices, and under heavy loads. Use the distributed tracing platform for monitoring distributed transactions, gathering insights into your instrumented services, network profiling, performance and latency optimization, root cause analysis, and troubleshooting the interaction between components in modern cloud-native microservices-based applications.
// xreffing to the installation page until further notice because OTEL content is currently planned for internal restructuring across pages that is likely to result in renamed page files
- **xref:../observability/otel/otel-installing.adoc#install-otel[Red Hat build of OpenTelemetry]**: Instrument, generate, collect, and export telemetry traces, metrics, and logs to analyze and understand your software's performance and behavior. Use open source backends like Tempo or Prometheus, or use commercial offerings. Learn a single set of APIs and conventions, and own the data that you generate.
- **xref:../observability/network_observability/network-observability-overview.adoc#network-observability-overview[Network Observability]**: Observe network traffic for {product-title} clusters by using eBPF technology to create and enrich network flows. You can xref:../observability/network_observability/metrics-alerts-dashboards.adoc#metrics-alerts-dashboards_metrics-alerts-dashboards[view dashboards, customize alerts], and xref:../observability/network_observability/observing-network-traffic.adoc#network-observability-trafficflow_nw-observe-network-traffic[analyze network flow] information for further insight and troubleshooting.
- **xref:../observability/monitoring/about-ocp-monitoring/about-ocp-monitoring.adoc#about-ocp-monitoring[In-cluster monitoring]**:
Learn to xref:../observability/monitoring/getting-started/core-platform-monitoring-first-steps.adoc#core-platform-monitoring-first-steps[configure the monitoring stack].
After configuring monitoring, use the web console to access xref:../observability/monitoring/accessing-metrics/accessing-metrics-as-an-administrator.adoc#reviewing-monitoring-dashboards-admin_accessing-metrics-as-an-administrator[monitoring dashboards]. In addition to infrastructure metrics, you can also scrape and view metrics for your own services.
- **xref:../support/remote_health_monitoring/about-remote-health-monitoring.adoc#about-remote-health-monitoring_about-remote-health-monitoring[Remote health monitoring]**: {product-title} collects anonymized aggregated information about your cluster. By using Telemetry and the Insights Operator, this data is received by Red Hat and used to improve {product-title}. You can view the xref:../support/remote_health_monitoring/showing-data-collected-by-remote-health-monitoring.adoc#showing-data-collected-by-remote-health-monitoring_showing-data-collected-by-remote-health-monitoring[data collected by remote health monitoring].
- **xref:../observability/power_monitoring/power-monitoring-overview.adoc#power-monitoring-overview[{PM-title-c} (Technology Preview)]**: You can use {PM-title} to monitor the power usage and identify power-consuming containers running in an {product-title} cluster. {PM-shortname-c} collects and exports energy-related system statistics from various components, such as CPU and DRAM. {PM-shortname-c} provides granular power consumption data for Kubernetes pods, namespaces, and nodes.
== Storage activities
- **xref:../storage/understanding-persistent-storage.adoc#understanding-persistent-storage[Manage storage]**: With {product-title}, a cluster administrator can configure persistent storage by using
xref:../storage/persistent_storage/persistent-storage-ocs.adoc#red-hat-openshift-data-foundation[Red Hat OpenShift Data Foundation],
xref:../storage/persistent_storage/persistent-storage-aws.adoc#persistent-storage-using-aws-ebs[{aws-short} Elastic Block Store],
xref:../storage/persistent_storage/persistent-storage-nfs.adoc#persistent-storage-using-nfs[NFS],
xref:../storage/persistent_storage/persistent-storage-iscsi.adoc#persistent-storage-using-iscsi[iSCSI],
xref:../storage/container_storage_interface/persistent-storage-csi.adoc#persistent-storage-using-csi[Container Storage Interface (CSI)],
and more.
You can xref:../storage/expanding-persistent-volumes.adoc#expanding-persistent-volumes[expand persistent volumes], configure xref:../storage/dynamic-provisioning.adoc#dynamic-provisioning[dynamic provisioning], and use CSI to xref:../storage/container_storage_interface/persistent-storage-csi.adoc#persistent-storage-using-csi[configure], xref:../storage/container_storage_interface/persistent-storage-csi-cloning.adoc#persistent-storage-csi-cloning[clone], and use xref:../storage/container_storage_interface/persistent-storage-csi-snapshots.adoc#persistent-storage-csi-snapshots[snapshots] of persistent storage.
- **xref:../storage/container_storage_interface/persistent-storage-csi-smb-cifs.adoc#persistent-storage-csi-smb-cifs[Persistent storage using CIFS/SMB CSI Driver Operator (Technology Preview)]**: {product-title} is capable of provisioning persistent volumes (PVs) with a Container Storage Interface (CSI) driver for the Common Internet File System (CIFS) dialect/Server Message Block (SMB) protocol. The CIFS/SMB CSI Driver Operator that manages this driver is in Technology Preview status.
- **xref:../storage/container_storage_interface/persistent-storage-csi-snapshots.adoc#persistent-storage-csi-snapshots-overview_persistent-storage-csi-snapshots[Changing vSphere CSI maximum number of snapshots]**: The default maximum number of snapshots in {vmw-first} Container Storage Interface (CSI) is 3 per volume. In {product-title} {product-version}, you can now change this maximum number of snapshots to a maximum of 32 per volume. You also have granular control of the maximum number of snapshots for vSAN and Virtual Volume datastores.
- **xref:../storage/container_storage_interface/persistent-storage-csi.adoc#persistent-storage-csi[Volume cloning supported for Azure File (Technology Preview)]**: {product-title} {product-version} introduces volume cloning for the Microsoft Azure File Container Storage Interface (CSI) Driver Operator as a Technology Preview feature.
- **xref:../storage/understanding-persistent-storage.adoc#pv-access-modes_understanding-persistent-storage[RWOP with SELinux context mount]**: {product-title} {product-version} changes feature status from Technical Preview status to generally available for the access mode `ReadWriteOncePod` (RWOP). RWOP can be used only in a single pod on a single node. If the driver enables it, RWOP uses the SELinux context mount set in the PodSpec or container, which allows the driver to mount the volume directly with the correct SELinux labels.
endif::openshift-enterprise,openshift-webscale,openshift-origin[]
ifdef::openshift-dedicated[]
== Cluster administrator activities
While cluster maintenance and host configuration is performed by the Red Hat Site Reliability Engineering (SRE) team, other ongoing tasks on your {product-title} {product-version} cluster can be performed by {product-title} cluster administrators. As an {product-title} cluster administrator, the documentation helps you:
- *Manage Dedicated Administrators*: Grant or revoke permissions to `dedicated admin` users.
- *Work with Logging*: Learn about OpenShift Logging and configure the Cluster Logging Operator.
- *Monitor clusters*: Learn to use the Web UI to access monitoring dashboards.
- *Manage nodes*: Learn to manage nodes, including configuring machine pools and autoscaling.
endif::openshift-dedicated[]
endif::openshift-enterprise,openshift-webscale,openshift-origin[]
endif::openshift-rosa,openshift-rosa-hcp[]
ifdef::openshift-enterprise[]
== Hosted control plane activities
* **Support for bare metal and {VirtProductName}**: {hcp-capital} for {product-title} is now Generally Available on bare metal and {VirtProductName} platforms. For more information, see the following documentation:
** link:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.10/html/clusters/cluster_mce_overview#configuring-hosting-service-cluster-configure-bm[Configuring hosted control plane clusters on bare metal]
** link:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.10/html/clusters/cluster_mce_overview#hosted-control-planes-manage-kubevirt[Managing hosted control plane clusters on OpenShift Virtualization]
* **Technology Preview features**: {hcp-capital} remains available as a Technology Preview feature on the {aws-first}, {ibm-power-name}, and {ibm-z-name} platforms. You can now provision a hosted control plane cluster by using the non bare metal agent machines. For more information, see the following documentation:
** link:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.10/html/clusters/cluster_mce_overview#hosting-service-cluster-configure-aws[Configuring the hosting cluster on {aws-short} (Technology Preview)]
** link:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.10/html/clusters/cluster_mce_overview#config-hosted-service-ibmpower[Configuring the hosting cluster on a 64-bit x86 {product-title} cluster to create {hcp} for {ibm-power-name} compute nodes (Technology Preview)]
** link:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.10/html/clusters/cluster_mce_overview#configuring-hosting-service-cluster-ibmz[Configuring the hosted cluster on 64-bit x86 bare metal for {ibm-z-name} compute nodes (Technology Preview)]
** link:https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.10/html/clusters/cluster_mce_overview#configuring-hosting-service-cluster-configure-agent-non-bm[Configuring hosted control plane clusters using non bare metal agent machines (Technology Preview)]
endif::openshift-enterprise[]
Welcome to the official {product-title} documentation, where you can learn about {product-title} and start exploring its features.

2
rosa_architecture/legal-notice.adoc
View File

@@ -1,9 +1,11 @@
:_mod-docs-content-type: ASSEMBLY
[id="legal-notice"]
= Legal notice
include::_attributes/common-attributes.adoc[]
:context: legal-notice
[role="_abstract"]
[.lead]
Copyright © 2024 Red Hat, Inc.

2
rosa_architecture/rosa-architecture-models.adoc
View File

@@ -1,12 +1,14 @@
:_mod-docs-content-type: ASSEMBLY
[id="rosa-architecture-models"]
= Architecture models
include::_attributes/attributes-openshift-dedicated.adoc[]
include::_attributes/common-attributes.adoc[]
:context: rosa-architecture-models
toc::[]
[role="_abstract"]
{product-title} has the following cluster topology:
Hosted control plane (HCP) - The control plane is hosted in a Red{nbsp}Hat account and the worker nodes are deployed in the customer's AWS account.

6
rosa_architecture/rosa-oidc-overview.adoc
View File

@@ -1,11 +1,13 @@
:_mod-docs-content-type: ASSEMBLY
[id="rosa-oidc-overview"]
= OpenID Connect Overview
include::_attributes/attributes-openshift-dedicated.adoc[]
:context: rosa-oidc-overview
toc::[]
[role="_abstract"]
OpenID Connect (OIDC) uses Security Token Service (STS) to allow clients to provide a web identity token to gain access to multiple services. When a client signs into a service using STS, the token is validated against the OIDC identity provider.
The OIDC protocol uses a configuration URL that contains the necessary information to authenticate a client's identity. The protocol responds to the provider with the credentials needed for the provider to validate the client and sign them in.
@@ -26,7 +28,7 @@ include::modules/rosa-sts-oidc-provider-command.adoc[leveloffset=+1]
[id="additional-resources_rosa-oidc-config"]
== Additional resources
* See xref:../rosa_architecture/rosa-sts-about-iam-resources.adoc#rosa-byo-odic-overview_rosa-sts-about-iam-resources[Creating an OpenID Connect Configuration] for the ROSA Classic instructions.
* xref:../rosa_architecture/rosa-sts-about-iam-resources.adoc#rosa-byo-odic-overview_rosa-sts-about-iam-resources[Creating an OpenID Connect Configuration]
ifdef::openshift-rosa-hcp[]
* See xref:../rosa_hcp/rosa-hcp-sts-creating-a-cluster-quickly.adoc#rosa-sts-byo-oidc_rosa-hcp-sts-creating-a-cluster-quickly[Creating an OpenID Connect Configuration] for the {hcp-title} instructions.
* xref:../rosa_hcp/rosa-hcp-sts-creating-a-cluster-quickly.adoc#rosa-sts-byo-oidc_rosa-hcp-sts-creating-a-cluster-quickly[Creating an OpenID Connect Configuration]
endif::openshift-rosa-hcp[]

19
rosa_architecture/rosa-sts-about-iam-resources.adoc
View File

@@ -2,18 +2,21 @@
ifndef::openshift-rosa-hcp[]
[id="rosa-sts-about-iam-resources"]
= About IAM resources for STS clusters
include::_attributes/attributes-openshift-dedicated.adoc[]
:context: rosa-sts-about-iam-resources
endif::openshift-rosa-hcp[]
ifdef::openshift-rosa-hcp[]
[id="rosa-hcp-about-iam-resources"]
= About IAM resources
include::_attributes/attributes-openshift-dedicated.adoc[]
:context: rosa-sts-about-iam-resources
endif::openshift-rosa-hcp[]
toc::[]
[role="_abstract"]
ifndef::openshift-rosa-hcp[]
To deploy a {product-title} (ROSA) cluster that uses the AWS Security Token Service (STS),
endif::openshift-rosa-hcp[]
@@ -55,12 +58,7 @@ endif::openshift-rosa-hcp[]
[id="rosa-sts-ocm-roles-and-permissions_{context}"]
== {cluster-manager} roles and permissions
If you create ROSA clusters by using {cluster-manager-url}, you must have the following AWS IAM roles linked to your AWS account to create and manage the clusters.
ifndef::openshift-rosa-hcp[]
For more information about linking your IAM roles to your AWS account, see xref:../rosa_planning/rosa-sts-aws-prereqs.adoc#rosa-associating-account_rosa-sts-aws-prereqs[Associating your AWS account].
// This section needs to remain hidden until the migration is completed
// For more information about linking your IAM roles to your AWS account, see xref:../rosa_planning/rosa-sts-aws-prereqs.adoc#rosa-associating-account_rosa-sts-aws-prereqs[Associating your AWS account].
endif::openshift-rosa-hcp[]
If you create ROSA clusters by using {cluster-manager-url}, you must have the following AWS IAM roles linked to your AWS account to create and manage the clusters. For more information, see xref:../rosa_planning/rosa-sts-aws-prereqs.adoc#rosa-associating-account_rosa-sts-aws-prereqs[Associating your AWS account].
These AWS IAM roles are as follows:
@@ -82,11 +80,10 @@ include::modules/rosa-sts-understanding-ocm-role.adoc[leveloffset=+2]
include::modules/rosa-sts-ocm-role-creation.adoc[leveloffset=+2]
AWS IAM roles link to your AWS account to create and manage the clusters.
ifndef::openshift-rosa-hcp[]
For more information about linking your IAM roles to your AWS account, see xref:../rosa_planning/rosa-sts-aws-prereqs.adoc#rosa-associating-account_rosa-sts-aws-prereqs[Associating your AWS account].
// This section needs to remain hidden until the migration is completed
// For more information about linking your IAM roles to your AWS account, see xref:../rosa_planning/rosa-sts-aws-prereqs.adoc#rosa-associating-account_rosa-sts-aws-prereqs[Associating your AWS account].
[role="_additional-resources"]
.Additional resources
* xref:../rosa_planning/rosa-sts-aws-prereqs.adoc#rosa-associating-account_rosa-sts-aws-prereqs[Associating your AWS account]
endif::openshift-rosa-hcp[]
[role="_additional-resources"]
@@ -117,7 +114,7 @@ endif::openshift-rosa-hcp[]
[role="_additional-resources"]
.Additional resources
* link:https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html[Permissions boundaries for IAM entities] (AWS documentation)
* link:https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html[AWS documentation about permissions boundaries for IAM entities]
ifdef::openshift-rosa[]
* xref:../rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-quickly.adoc#rosa-sts-creating-account-wide-sts-roles-and-policies_rosa-sts-creating-a-cluster-quickly[Creating the account-wide STS roles and policies]
endif::openshift-rosa[]

9
rosa_architecture/rosa-understanding.adoc
View File

@@ -1,11 +1,13 @@
:_mod-docs-content-type: ASSEMBLY
[id="rosa-understanding"]
= Understanding ROSA
include::_attributes/attributes-openshift-dedicated.adoc[]
:context: rosa-understanding
toc::[]
[role="_abstract"]
Learn about {product-title} (ROSA), interacting with ROSA by using {cluster-manager-first} and command-line interface (CLI) tools, consumption experience, and integration with Amazon Web Services (AWS) services.
[id="rosa-understanding-about_{context}"]
@@ -63,9 +65,4 @@ To get started with deploying your cluster, ensure your AWS account has met the
* xref:../ocm/ocm-overview.adoc#ocm-overview[OpenShift Cluster Manager]
//* xref ../rosa_architecture/rosa-sts-about-iam-resources.adoc#rosa-sts-about-iam-resources[About IAM resources]
* xref:../rosa_getting_started/rosa-getting-started.adoc#rosa-getting-started[Getting started with {product-title}]
* link:https://aws.amazon.com/rosa/pricing/[AWS pricing page]
// Remove these modules?
//include::modules/rosa-understanding.adoc[leveloffset=+1]
//include::modules/rosa-using-sts.adoc[leveloffset=+2]
* link:https://aws.amazon.com/rosa/pricing/[AWS pricing page]

4
rosa_architecture/rosa_policy_service_definition/rosa-hcp-instance-types.adoc
View File

@@ -5,7 +5,9 @@ include::_attributes/attributes-openshift-dedicated.adoc[]
= {hcp-title-first} instance types
toc::[]
{hcp-title} offers the following worker node instance types and sizes:
[role="_abstract"]
{hcp-title} offers the following worker node instance types and sizes.
//TODO OSDOCS-11789: Confirm this
[NOTE]

1
rosa_architecture/rosa_policy_service_definition/rosa-hcp-life-cycle.adoc
View File

@@ -6,6 +6,7 @@ include::_attributes/attributes-openshift-dedicated.adoc[]
toc::[]
[role="_abstract"]
include::modules/life-cycle-overview.adoc[leveloffset=+1]
[role="_additional-resources"]

24
rosa_architecture/rosa_policy_service_definition/rosa-hcp-service-definition.adoc
View File

@@ -6,13 +6,10 @@ include::_attributes/attributes-openshift-dedicated.adoc[]
toc::[]
[role="_abstract"]
This documentation outlines the service definition for the {hcp-title-first} managed service.
[id="rosa-hcp-sdpolicy-account-management_{context}"]
== Account management
This section provides information about the service definition for {product-title} account management.
include::modules/rosa-sdpolicy-account-management.adoc[leveloffset=+1]
include::modules/rosa-sdpolicy-am-billing.adoc[leveloffset=+2]
include::modules/rosa-sdpolicy-am-cluster-self-service.adoc[leveloffset=+2]
@@ -26,7 +23,7 @@ include::modules/rosa-sdpolicy-instance-types.adoc[leveloffset=+2]
[role="_additional-resources"]
.Additional resources
For a detailed listing of supported instance types, see xref:../rosa_policy_service_definition/rosa-hcp-instance-types.adoc#rosa-hcp-instance-types[{hcp-title} instance types].
* xref:../rosa_policy_service_definition/rosa-hcp-instance-types.adoc#rosa-hcp-instance-types[{product-title} instance types]
include::modules/rosa-sdpolicy-am-regions-az.adoc[leveloffset=+2]
@@ -46,13 +43,7 @@ include::modules/rosa-sdpolicy-networking.adoc[leveloffset=+1]
[role="_additional-resources"]
.Additional resources
* For more information about the network verification checks, see
ifdef::openshift-rosa-hcp[]
link:https://docs.openshift.com/rosa/networking/network-verification.html#network-verification[Network verification].
endif::openshift-rosa-hcp[]
ifndef::openshift-rosa-hcp[]
xref:../../networking/network_security/network-verification.adoc#network-verification[Network verification].
endif::openshift-rosa-hcp[]
* xref:../../networking/network_security/network-verification.adoc#network-verification[Network verification]
include::modules/rosa-sdpolicy-storage.adoc[leveloffset=+1]
include::modules/rosa-sdpolicy-platform.adoc[leveloffset=+1]
@@ -62,8 +53,5 @@ include::modules/rosa-sdpolicy-security.adoc[leveloffset=+1]
[id="additional-resources_rosa-hcp-service-definition"]
== Additional resources
ifdef::openshift-rosa-hcp[]
* link:https://docs.openshift.com/rosa/rosa_architecture/rosa_policy_service_definition/rosa-policy-process-security.html[Understanding security for ROSA]
endif::openshift-rosa-hcp[]
* See xref:../rosa_policy_service_definition/rosa-hcp-life-cycle.adoc#rosa-hcp-life-cycle[ROSA life cycle]
* xref:../rosa_policy_service_definition/rosa-policy-process-security.adoc#rosa-policy-process-security[Understanding security for {product-title}]
* xref:../rosa_policy_service_definition/rosa-hcp-life-cycle.adoc#rosa-hcp-life-cycle[{product-title} life cycle]

3
rosa_architecture/rosa_policy_service_definition/rosa-instance-types.adoc
View File

@@ -6,7 +6,8 @@ include::_attributes/attributes-openshift-dedicated.adoc[]
toc::[]
{product-title} offers the following worker node instance types and sizes:
[role="_abstract"]
{product-title} offers the following worker node instance types and sizes.
include::modules/rosa-sdpolicy-am-aws-compute-types.adoc[leveloffset=+1]

1
rosa_architecture/rosa_policy_service_definition/rosa-life-cycle.adoc
View File

@@ -6,6 +6,7 @@ include::_attributes/attributes-openshift-dedicated.adoc[]
toc::[]
[role="_abstract"]
include::modules/life-cycle-overview.adoc[leveloffset=+1]
[role="_additional-resources"]

45
rosa_architecture/rosa_policy_service_definition/rosa-policy-process-security.adoc
View File

@@ -6,35 +6,42 @@ include::_attributes/attributes-openshift-dedicated.adoc[]
toc::[]
This document details the Red{nbsp}Hat, Amazon Web Services (AWS), and customer security responsibilities for the managed {product-title} (ROSA).
[role="_abstract"]
This document details the Red{nbsp}Hat, Amazon Web Services (AWS), and customer security responsibilities for the managed {product-title}.
.Acronyms and terms
* *AWS* - Amazon Web Services
* *CEE* - Customer Experience and Engagement (Red{nbsp}Hat Support)
* *CI/CD* - Continuous Integration / Continuous Delivery
* *CVE* - Common Vulnerabilities and Exposures
* *PVs* - Persistent Volumes
* *ROSA* - {product-title}
* *SRE* - Red{nbsp}Hat Site Reliability Engineering
* *VPC* - Virtual Private Cloud
[cols="1,3a"]
|===
| Acroynm | Definition
|*AWS*
|Amazon Web Services
|* *CEE*
|Customer Experience and Engagement (Red{nbsp}Hat Support)
|* *CI/CD*
|Continuous Integration / Continuous Delivery
|* *CVE*
|Common Vulnerabilities and Exposures
|* *PVs*
|Persistent Volumes
|* *SRE*
|Red{nbsp}Hat Site Reliability Engineering
|* *VPC*
|Virtual Private Cloud
|===
include::modules/rosa-policy-security-regulation-compliance.adoc[leveloffset=+1]
[role="_additional-resources"]
.Additional resources
* See link:https://access.redhat.com/articles/5528091[Red{nbsp}Hat Subprocessor List] for information on SRE residency.
* For more information about customer or shared responsibilities, see xref:../../rosa_architecture/rosa_policy_service_definition/rosa-policy-responsibility-matrix.adoc#rosa-policy-responsibilities_rosa-policy-responsibility-matrix[ROSA Responsibilities].
* link:https://access.redhat.com/articles/5528091[Red{nbsp}Hat Subprocessor List]
* xref:../../rosa_architecture/rosa_policy_service_definition/rosa-policy-responsibility-matrix.adoc#rosa-policy-responsibilities_rosa-policy-responsibility-matrix[ROSA Responsibilities]
ifndef::openshift-rosa-hcp[]
* For more information about ROSA and its components, see the xref:../../rosa_architecture/rosa_policy_service_definition/rosa-service-definition.adoc#rosa-service-definition[ROSA Service Definition].
* For more information about security, compliance, and audit logs, see xref:../../security/audit-log-view.adoc#audit-log-view[Viewing audit logs].
* xref:../../rosa_architecture/rosa_policy_service_definition/rosa-service-definition.adoc#rosa-service-definition[ROSA Service Definition]
* xref:../../security/audit-log-view.adoc#audit-log-view[Viewing audit logs]
endif::openshift-rosa-hcp[]
ifdef::openshift-rosa-hcp[]
* For more information about ROSA and its components, see xref:../../rosa_architecture/rosa_policy_service_definition/rosa-hcp-service-definition.adoc#rosa-hcp-service-definition[ROSA with HCP Service Definition].
* For more information about security, compliance, and adding additional constraints for IP-based AWS role assumption, see xref:../../security/rosa-adding-additional-constraints-for-ip-based-aws-role-assumption.adoc#rosa-adding-additional-constraints-for-ip-based-aws-role-assumption_[Adding additional constraints for IP-based AWS role assumption].
* xref:../../rosa_architecture/rosa_policy_service_definition/rosa-hcp-service-definition.adoc#rosa-hcp-service-definition[ROSA with HCP Service Definition]
* xref:../../security/rosa-adding-additional-constraints-for-ip-based-aws-role-assumption.adoc#rosa-adding-additional-constraints-for-ip-based-aws-role-assumption_[Adding additional constraints for IP-based AWS role assumption]
endif::openshift-rosa-hcp[]

8
rosa_architecture/rosa_policy_service_definition/rosa-policy-responsibility-matrix.adoc
View File

@@ -6,10 +6,12 @@ include::_attributes/attributes-openshift-dedicated.adoc[]
toc::[]
[role="_abstract"]
This documentation outlines Red{nbsp}Hat, Amazon Web Services (AWS), and customer responsibilities for the {product-title} managed service.
include::modules/rosa-policy-responsibilities.adoc[leveloffset=+1]
ifdef::openshift-rosa-hcp[]
[role="_additional-resources"]
.Additional resources
ifdef::openshift-rosa[]
@@ -18,9 +20,7 @@ endif::openshift-rosa[]
ifdef::openshift-dedicated[]
* xref:../../rosa_planning/rosa-sts-aws-prereqs.adoc#osd-aws-privatelink-firewall-prerequisites_rosa-sts-aws-prereqs[Firewall prerequisites]
endif::openshift-dedicated[]
endif::openshift-rosa-hcp[]
include::modules/rosa-policy-shared-responsibility.adoc[leveloffset=+1]
@@ -46,7 +46,7 @@ ifdef::openshift-rosa-hcp[]
* xref:../../rosa_planning/rosa-sts-aws-prereqs.adoc#rosa-hcp-firewall-prerequisites_rosa-sts-aws-prereqs[Firewall prerequisites for {product-title}]
endif::openshift-rosa-hcp[]
ifdef::openshift-rosa[]
* xref:../../rosa_planning/rosa-sts-aws-prereqs.adoc#rosa-classic-firewall-prerequisites_rosa-sts-aws-prereqs[Firewall prerequisites for ROSA (classic architecture) clusters using STS]
* xref:../../rosa_planning/rosa-sts-aws-prereqs.adoc#rosa-classic-firewall-prerequisites_rosa-sts-aws-prereqs[Firewall prerequisites for {product-title} clusters]
endif::openshift-rosa[]
ifdef::openshift-dedicated[]
* xref:../../rosa_planning/rosa-sts-aws-prereqs.adoc#osd-aws-privatelink-firewall-prerequisites_rosa-sts-aws-prereqs[Firewall prerequisites]

3
rosa_architecture/rosa_policy_service_definition/rosa-policy-understand-availability.adoc
View File

@@ -6,7 +6,8 @@ include::_attributes/attributes-openshift-dedicated.adoc[]
toc::[]
Availability and disaster avoidance are extremely important aspects of any application platform. Although {product-title} (ROSA) provides many protections against failures at several levels, customer-deployed applications must be appropriately configured for high availability. To account for outages that might occur with cloud providers, additional options are available such as deploying a cluster across multiple availability zones and maintaining multiple clusters with failover mechanisms.
[role="_abstract"]
Availability and disaster avoidance are extremely important aspects of any application platform. Although {product-title} provides many protections against failures at several levels, customer-deployed applications must be appropriately configured for high availability. To account for outages that might occur with cloud providers, additional options are available such as deploying a cluster across multiple availability zones and maintaining multiple clusters with failover mechanisms.
include::modules/rosa-policy-failure-points.adoc[leveloffset=+1]

47
rosa_architecture/rosa_policy_service_definition/rosa-service-definition.adoc
View File

@@ -6,48 +6,26 @@ include::_attributes/attributes-openshift-dedicated.adoc[]
toc::[]
This documentation outlines the service definition for the {product-title} (ROSA) managed service.
[id="rosa-sdpolicy-account-management_{context}"]
== Account management
This section provides information about the service definition for {product-title} account management.
[role="_abstract"]
This documentation outlines the service definition for the {product-title} managed service.
include::modules/rosa-sdpolicy-account-management.adoc[leveloffset=+1]
include::modules/rosa-sdpolicy-am-billing.adoc[leveloffset=+2]
include::modules/rosa-sdpolicy-am-cluster-self-service.adoc[leveloffset=+2]
[role="_additional-resources"]
.Additional resources
ifdef::openshift-rosa-hcp[]
* xref:../../rosa_architecture/rosa_policy_service_definition/rosa-hcp-service-definition.adoc#rosa-sdpolicy-red-hat-operator_rosa-hcp-service-definition[Red{nbsp}Hat Operator Support]
endif::openshift-rosa-hcp[]
ifndef::openshift-rosa-hcp[]
* xref:../../rosa_architecture/rosa_policy_service_definition/rosa-service-definition.adoc#rosa-sdpolicy-red-hat-operator_rosa-service-definition[Red{nbsp}Hat Operator Support]
endif::openshift-rosa-hcp[]
ifdef::openshift-rosa-hcp[]
* link:https://docs.openshift.com/rosa/rosa_cluster_admin/rosa-configuring-pid-limits.html#rosa-configuring-pid-limits[Configuring PID limits]
endif::openshift-rosa-hcp[]
ifndef::openshift-rosa-hcp[]
* xref:../../rosa_cluster_admin/rosa-configuring-pid-limits.adoc#rosa-configuring-pid-limits[Configuring PID limits]
endif::openshift-rosa-hcp[]
include::modules/rosa-sdpolicy-instance-types.adoc[leveloffset=+2]
[role="_additional-resources"]
.Additional resources
ifdef::openshift-rosa-hcp[]
* xref:../rosa_policy_service_definition/rosa-hcp-instance-types.adoc#rosa-instance-types[{product-title} instance types].
endif::openshift-rosa-hcp[]
ifndef::openshift-rosa-hcp[]
* xref:../rosa_policy_service_definition/rosa-instance-types.adoc#rosa-instance-types[{product-title} instance types]
// Removed as part of OSDOCS-13310, until figures are verified.
//* xref:../../rosa_planning/rosa-limits-scalability.adoc#rosa-limits-scalability[Limits and scalability]
endif::openshift-rosa-hcp[]
include::modules/rosa-sdpolicy-am-regions-az.adoc[leveloffset=+2]
[role="_additional-resources"]
@@ -66,13 +44,7 @@ include::modules/rosa-sdpolicy-networking.adoc[leveloffset=+1]
[role="_additional-resources"]
.Additional resources
* For more information about the network verification checks, see
ifdef::openshift-rosa-hcp[]
link:https://docs.openshift.com/rosa/networking/network-verification.html#network-verification[Network verification].
endif::openshift-rosa-hcp[]
ifndef::openshift-rosa-hcp[]
xref:../../networking/network_security/network-verification.adoc#network-verification[Network verification].
endif::openshift-rosa-hcp[]
* xref:../../networking/network_security/network-verification.adoc#network-verification[Network verification]
include::modules/rosa-sdpolicy-storage.adoc[leveloffset=+1]
include::modules/rosa-sdpolicy-platform.adoc[leveloffset=+1]
@@ -81,12 +53,5 @@ include::modules/rosa-sdpolicy-security.adoc[leveloffset=+1]
[role="_additional-resources"]
[id="additional-resources_rosa-service-definition"]
== Additional resources
ifdef::openshift-rosa-hcp[]
* * xref:../rosa_architecture/rosa_policy_service_definition/rosa-policy-responsibility-matrix.adoc#rosa-policy-responsibility-matrix[Shared responsibility matrix]
* link:https://docs.openshift.com/rosa/rosa_policy_service_definition/rosa-policy-process-security.html#rosa-policy-process-security[Understanding process and security for ROSA]
* link:https://docs.openshift.com/rosa/rosa_policy_service_definition/rosa-life-cycle.html#rosa-life-cycle[ROSA life cycle]
endif::openshift-rosa-hcp[]
ifndef::openshift-rosa-hcp[]
* xref:../rosa_policy_service_definition/rosa-policy-process-security.adoc#rosa-policy-process-security[Understanding process and security for ROSA]
* xref:../rosa_policy_service_definition/rosa-life-cycle.adoc#rosa-life-cycle[ROSA life cycle]
endif::openshift-rosa-hcp[]
* xref:../rosa_policy_service_definition/rosa-policy-process-security.adoc#rosa-policy-process-security[Understanding process and security for {product-title}]
* xref:../rosa_policy_service_definition/rosa-life-cycle.adoc#rosa-life-cycle[{product-title} life cycle]

22
rosa_architecture/rosa_policy_service_definition/rosa-sre-access.adoc
View File

@@ -4,23 +4,19 @@ include::_attributes/attributes-openshift-dedicated.adoc[]
[id="rosa-sre-access"]
= SRE and service account access
Red{nbsp}Hat site reliability engineering (SRE) access to {product-title} (ROSA) clusters is outlined through identity and access management.
[id="rosa-policy-identity-access-management_{context}"]
== Identity and access management
Most access by Red{nbsp}Hat SRE teams is done by using cluster Operators through automated configuration management.
[id="subprocessors_{context}"]
.Subprocessors
For a list of the available subprocessors, see the link:https://access.redhat.com/articles/5528091[Red{nbsp}Hat Subprocessor List] on the Red{nbsp}Hat Customer Portal.
[role="_abstract"]
Red{nbsp}Hat site reliability engineering (SRE) access to {product-title} clusters is outlined through identity and access management.
include::modules/sre-rosa-policy-identity-access-management.adoc[leveloffset=+1]
include::modules/sre-rosa-policy-subprocessors.adoc[leveloffset=+2]
include::modules/sre-cluster-access.adoc[leveloffset=+1]
include::modules/rosa-red-hat-support-access.adoc[leveloffset=+1]
[role="_additional-resources"]
.Additional resources
* link:https://docs.redhat.com/en/documentation/red_hat_openshift_service_on_aws/4/html/support/approved-access[Approved Access].
* link:https://docs.redhat.com/en/documentation/red_hat_openshift_service_on_aws/4/html/authentication_and_authorization/using-rbac#default-roles_using-rbac[Default cluster roles].
* link:https://docs.redhat.com/en/documentation/red_hat_openshift_service_on_aws/4/html/support/approved-access[Approved Access]
* link:https://docs.redhat.com/en/documentation/red_hat_openshift_service_on_aws/4/html/authentication_and_authorization/using-rbac#default-roles_using-rbac[Default cluster roles]
include::modules/rosa-customer-access.adoc[leveloffset=+1]
include::modules/rosa-access-approval-review.adoc[leveloffset=+1]
@@ -29,6 +25,6 @@ include::modules/how-service-accounts-assume-aws-iam-roles-in-sre-owned-projects
[role="_additional-resources"]
.Additional resources
* For more information about the AWS IAM roles used by the cluster Operators, see xref:../../rosa_architecture/rosa-sts-about-iam-resources.adoc#rosa-sts-operator-roles_rosa-sts-about-iam-resources[Cluster-specific Operator IAM role reference].
* xref:../../rosa_architecture/rosa-sts-about-iam-resources.adoc#rosa-sts-operator-roles_rosa-sts-about-iam-resources[Cluster-specific Operator IAM role reference]
* For more information about the policies and permissions that the cluster Operators require, see xref:../../rosa_architecture/rosa-sts-about-iam-resources.adoc#rosa-sts-account-wide-roles-and-policies-creation-methods_rosa-sts-about-iam-resources[Methods of account-wide role creation].
* xref:../../rosa_architecture/rosa-sts-about-iam-resources.adoc#rosa-sts-account-wide-roles-and-policies-creation-methods_rosa-sts-about-iam-resources[Methods of account-wide role creation]