openshift/openshift-docs
1
0
Fork 0
mirror of https://github.com/openshift/openshift-docs.git synced 2026-02-06 06:46:26 +01:00
Code Issues Releases Activity

New feature text for CCO in 4.6

Browse Source
This commit is contained in:
Jeana Routh
2020-09-02 13:19:31 -04:00
parent 6fc3ec042a
commit 63bf284b7d
1 changed files with 27 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
release_notes/ocp-4-6-release-notes.adoc
View File

@@ -749,6 +749,11 @@ Your upgrade to {product-title} 4.6 should now no longer be blocked by this feat
[id="ocp-4-6-images"]
=== Images
[id="ocp-4-6-cloud-credential-operator-mode-support"]
==== Support for Cloud Credential Operator modes
In addition to the existing default mode of operation, the xref:../operators/operator-reference.adoc#cloud-credential-operator_red-hat-operators[Cloud Credential Operator (CCO)] can now be explicitly configured to operate in the following modes: `Mint`, `Passthrough`, and `Manual`. This feature provides transparency and flexibility in how the CCO uses cloud credentials to process `CredentialRequests` in the cluster for installation and other tasks.
[id="ocp-4-6-samples-operator"]
==== Cluster Samples Operator on Power and Z
@@ -1426,6 +1431,28 @@ In some cases, these errors might cause the `KubeAPIErrorsHigh` alert to fire, b
* Rules API back-ends are sometimes not detected if Store API stores are discovered before Rules API stores. When this occurs, a store reference is created without a Rules API client, and the Rules API endpoint from Thanos Querier does not return any rules.
(link:https://bugzilla.redhat.com/show_bug.cgi?id=1870287[*BZ#1870287*])
* If an AWS account is configured to use AWS Organizations service control policies (SCPs) that use a global condition to deny all actions or require a specific permission, the AWS policy simulator API that validates permissions produces a false negative. When the permissions cannot be validated, {product-title} AWS installations fail, even if the provided credentials have the required permissions for installation.
+
To work around this issue, you can bypass the AWS policy simulator permissions check by setting a value for the `credentialsMode` parameter in the `install-config.yaml` configuration file. The value of `credentialsMode` changes the behavior of the Cloud Credential Operator (CCO) to one of xref:../operators/operator-reference.adoc#cloud-credential-operator_red-hat-operators[three supported modes].
+
.Example `install-config.yaml` configuration file
+
[source,yaml]
----
apiVersion: v1
baseDomain: cluster1.example.com
credentialsMode: Mint <1>
compute:
- architecture: amd64
hyperthreading: Enabled
...
----
<1> This line is added to set the `credentialsMode` parameter to `Mint`.
+
When bypassing this check, ensure that the credentials you provide have the xref:../operators/operator-reference.adoc#cloud-credential-operator_red-hat-operators[permissions that are required for the specified mode].
+
(link:https://bugzilla.redhat.com/show_bug.cgi?id=1829101[*BZ#1829101*])
[id="ocp-4-6-asynchronous-errata-updates"]
== Asynchronous errata updates