mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-05 12:46:18 +01:00
OSDOCS#7073:Support standard STS config
This commit is contained in:
Lisa Pettyjohn
committed by
openshift-cherrypick-robot
openshift-cherrypick-robot
parent
5595086d2f
commit
7c31c49af5
@@ -4,28 +4,27 @@
|
||||
|
||||
:_content-type: PROCEDURE
|
||||
[id="efs-sts_{context}"]
|
||||
= Configuring AWS EFS CSI Driver Operator with Security Token Service
|
||||
= Obtaining a role Amazon Resource Name for Security Token Service
|
||||
|
||||
This procedure explains how to configure the AWS EFS CSI Driver Operator with {product-title} on AWS Security Token Service (STS).
|
||||
|
||||
Perform this procedure before you have installed the AWS EFS CSI Operator, but not yet installed the AWS EFS CSI driver as part of the _Installing the AWS EFS CSI Driver Operator_ procedure.
|
||||
This procedure explains how to obtain a role Amazon Resource Name (ARN) to configure the AWS EFS CSI Driver Operator with {product-title} on AWS Security Token Service (STS).
|
||||
|
||||
[IMPORTANT]
|
||||
====
|
||||
If you perform this procedure after installing the driver and creating volumes, your volumes will fail to mount into pods.
|
||||
Perform this procedure before you install the AWS EFS CSI Driver Operator (see _Installing the AWS EFS CSI Driver Operator_ procedure).
|
||||
====
|
||||
|
||||
.Prerequisites
|
||||
|
||||
* You have access to the cluster as a user with the cluster-admin role.
|
||||
* Access to the cluster as a user with the cluster-admin role.
|
||||
* AWS account credentials
|
||||
* You have installed the AWS EFS CSI Operator.
|
||||
|
||||
.Procedure
|
||||
|
||||
To configure the AWS EFS CSI Driver Operator with STS:
|
||||
You can obtain the ARN role in multiple ways. The following procedure shows one method that uses the same concept and CCO utility (`ccoctl`) binary tool as cluster installation.
|
||||
|
||||
. Extract the CCO utility (`ccoctl`) binary from the {product-title} release image, which you used to install the cluster with STS. For more information, see "Configuring the Cloud Credential Operator utility".
|
||||
To obtain a role ARN for configuring AWS EFS CSI Driver Operator using STS:
|
||||
|
||||
. Extract the `ccoctl` from the {product-title} release image, which you used to install the cluster with STS. For more information, see "Configuring the Cloud Credential Operator utility".
|
||||
|
||||
. Create and save an EFS `CredentialsRequest` YAML file, such as shown in the following example, and then place it in the `credrequests` directory:
|
||||
+
|
||||
@@ -85,23 +84,30 @@ $ ccoctl aws create-iam-roles --name my-aws-efs --credentials-requests-dir credr
|
||||
2022/03/21 06:24:45 Updated Role policy for Role my-aws-efs-openshift-cluster-csi-drivers-aws-efs-cloud-
|
||||
----
|
||||
|
||||
. Create the AWS EFS cloud credentials and secret:
|
||||
. Copy the role ARN from the first line of the _Example output_ in the preceding step. The role ARN is between "Role" and "created". In this example, the role ARN is "arn:aws:iam::123456789012:role/my-aws-efs -openshift-cluster-csi-drivers-aws-efs-cloud".
|
||||
+
|
||||
[source,terminal]
|
||||
----
|
||||
$ oc create -f <path_to_ccoctl_output_dir>/manifests/openshift-cluster-csi-drivers-aws-efs-cloud-credentials-credentials.yaml
|
||||
----
|
||||
+
|
||||
.Example
|
||||
+
|
||||
[source,terminal]
|
||||
----
|
||||
$ oc create -f /manifests/openshift-cluster-csi-drivers-aws-efs-cloud-credentials-credentials.yaml
|
||||
----
|
||||
+
|
||||
.Example output
|
||||
+
|
||||
[source,terminal]
|
||||
----
|
||||
secret/aws-efs-cloud-credentials created
|
||||
----
|
||||
You will need the role ARN when you install the AWS EFS CSI Driver Operator.
|
||||
|
||||
.Next steps
|
||||
|
||||
//??the below step not needed for 4.14? ???
|
||||
//. Create the AWS EFS cloud credentials and secret:
|
||||
//+
|
||||
//[source, terminal]
|
||||
//----
|
||||
//$ oc create -f <path_to_ccoctl_output_dir>/manifests/openshift-cluster-csi-drivers-aws-efs-cloud-credentials-credentials.yaml
|
||||
//----
|
||||
//+
|
||||
//.Example
|
||||
//+
|
||||
//[source, terminal]
|
||||
//----
|
||||
//$ oc create -f /manifests/openshift-cluster-csi-drivers-aws-efs-cloud-credentials-credentials.yaml
|
||||
//----
|
||||
//+
|
||||
//.Example output
|
||||
//+
|
||||
//[source, terminal]
|
||||
//----
|
||||
//secret/aws-efs-cloud-credentials created
|
||||
//----
|
||||
@@ -34,9 +34,14 @@ Be sure to select the *{FeatureName} CSI Driver Operator* and not the *{FeatureN
|
||||
|
||||
.. On the *Install Operator* page, ensure that:
|
||||
+
|
||||
ifdef::openshift-rosa,openshift-enterprise[]
|
||||
* If you are using {FeatureName} with AWS Secure Token Service (STS), in the *role ARN* field, enter the ARN role copied from the last step of the _Obtaining a role Amazon Resource Name for Security Token Service_ procedure.
|
||||
endif::[]
|
||||
* *All namespaces on the cluster (default)* is selected.
|
||||
* *Installed Namespace* is set to *openshift-cluster-csi-drivers*.
|
||||
|
||||
.. Click *Install*.
|
||||
+
|
||||
After the installation finishes, the {FeatureName} CSI Operator is listed in the *Installed Operators* section of the web console.
|
||||
|
||||
.Next steps
|
||||
|
||||
@@ -13,4 +13,10 @@ ifdef::openshift-rosa[]
|
||||
. If you are using Amazon Elastic File Storage (Amazon EFS) with AWS Secure Token Service (STS), configure the https://github.com/openshift/aws-efs-csi-driver[{FeatureName} CSI driver] with STS.
|
||||
endif::openshift-rosa[]
|
||||
|
||||
ifdef::openshift-rosa,openshift-enterprise[]
|
||||
. If you are using {FeatureName} with AWS Secure Token Service (STS), obtain a role Amazon Resource Name (ARN) for STS. This is required for installing the {FeatureName} CSI Driver Operator.
|
||||
endif::[]
|
||||
|
||||
. Install the {FeatureName} CSI Driver Operator.
|
||||
|
||||
. Install the {FeatureName} CSI Driver.
|
||||
|
||||
@@ -32,16 +32,20 @@ include::modules/persistent-storage-csi-about.adoc[leveloffset=+1]
|
||||
:FeatureName: AWS EFS
|
||||
include::modules/persistent-storage-efs-csi-driver-operator-setup.adoc[leveloffset=+1]
|
||||
|
||||
include::modules/persistent-storage-csi-olm-operator-install.adoc[leveloffset=+2]
|
||||
.Next steps
|
||||
* If you are using {FeatureName} with AWS Secure Token Service (STS), you must configure the {FeatureName} CSI Driver with STS. For more information, see xref:../../storage/container_storage_interface/persistent-storage-csi-aws-efs.adoc#efs-sts_persistent-storage-csi-aws-efs[Configuring AWS EFS CSI Driver with STS].
|
||||
|
||||
ifdef::openshift-rosa,openshift-enterprise[]
|
||||
include::modules/persistent-storage-csi-efs-sts.adoc[leveloffset=+2]
|
||||
|
||||
xref:../../storage/container_storage_interface/persistent-storage-csi-aws-efs.adoc#persistent-storage-csi-olm-operator-install_persistent-storage-csi-aws-efs[Install the AWS EFS CSI Driver Operator].
|
||||
[role="_additional-resources"]
|
||||
.Additional resources
|
||||
* xref:../../storage/container_storage_interface/persistent-storage-csi-aws-efs.adoc#persistent-storage-csi-olm-operator-install_persistent-storage-csi-aws-efs[Installing the AWS EFS CSI Driver Operator]
|
||||
* xref:../../installing/installing_aws/installing-aws-customizations.adoc#cco-ccoctl-configuring_installing-aws-customizations[Configuring the Cloud Credential Operator utility]
|
||||
* xref:../../storage/container_storage_interface/persistent-storage-csi-aws-efs.adoc#persistent-storage-csi-efs-driver-install_persistent-storage-csi-aws-efs[Installing the {FeatureName} CSI Driver]
|
||||
endif::[]
|
||||
|
||||
include::modules/persistent-storage-csi-olm-operator-install.adoc[leveloffset=+2]
|
||||
|
||||
xref:../../storage/container_storage_interface/persistent-storage-csi-aws-efs.adoc#persistent-storage-csi-efs-driver-install_persistent-storage-csi-aws-efs[Install the AWS EFS CSI Driver].
|
||||
|
||||
include::modules/persistent-storage-csi-efs-driver-install.adoc[leveloffset=+2]
|
||||
|
||||
|
||||
Reference in New Issue
Block a user