openshift/openshift-docs
1
0
Fork 0
mirror of https://github.com/openshift/openshift-docs.git synced 2026-02-05 12:46:18 +01:00
Code Issues Releases Activity

AboutPruning

Browse Source
This commit is contained in:
mletalie
2025-08-18 09:27:31 -04:00
committed by openshift-cherrypick-robot
parent d5ca33857b
commit 8652eafc58
3 changed files with 17 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
_topic_maps/_topic_map_rosa.yml
View File

@@ -28,10 +28,10 @@ Distros: openshift-rosa
Topics:
- Name: Welcome
File: index
- Name: Learn more about ROSA with HCP
File: about-hcp
- Name: AWS STS and ROSA with HCP explained
File: cloud-experts-rosa-hcp-sts-explained
#- Name: Learn more about ROSA with HCP
# File: about-hcp
#- Name: AWS STS and ROSA with HCP explained
# File: cloud-experts-rosa-hcp-sts-explained
- Name: Legal notice
File: legal-notice
Distros: openshift-rosa

9
cloud_experts_tutorials/cloud-experts-getting-started/cloud-experts-rosa-sts-explained.adoc
View File

@@ -13,7 +13,10 @@ This tutorial outlines the two options for allowing {product-title} (ROSA) to in
[NOTE]
====
This content currently covers ROSA Classic with AWS STS. For ROSA with hosted control planes (HCP) with AWS STS, see xref:../../welcome/cloud-experts-rosa-hcp-sts-explained.adoc#cloud-experts-rosa-hcp-sts-explained[AWS STS and ROSA with HCP explained].
This content currently covers ROSA Classic with AWS STS.
ifdef::openshift-rosa-hcp[]
For ROSA with hosted control planes (HCP) with AWS STS, see xref:../../welcome/cloud-experts-rosa-hcp-sts-explained.adoc#cloud-experts-rosa-hcp-sts-explained[AWS STS and ROSA with HCP explained].
endif::openshift-rosa-hcp[]
====
This tutorial will:
@@ -92,7 +95,7 @@ The policies determine the allowed actions for each of the roles. See xref:../..
+
[.small]
--
1. This policy is used by the cluster Operator roles, listed below. The Operator roles are created in a second step because they are dependent on an existing cluster name and cannot be created at the same time as the account-wide roles.
1. This policy is used by the cluster Operator roles, listed below. The Operator roles are created in a second step because they are dependent on an existing cluster name and cannot be created at the same time as the account-wide roles.
--
+
** The Operator roles are:
@@ -146,7 +149,7 @@ image::cloud-experts-sts-explained_oidc_op_roles.png[]
== ROSA with STS use cases
.Creating nodes at cluster install
The Red{nbsp}Hat installation program uses the `RH-Managed-OpenShift-Installer` role and a trust policy to assume the `Managed-OpenShift-Installer-Role` role in the customer's account. This process returns temporary credentials from AWS STS. The installation program begins making the required API calls with the temporary credentials just received from STS. The installation program creates the required infrastructure in AWS. The credentials expire within an hour and the installation program no longer has access to the customer's account.
The Red{nbsp}Hat installation program uses the `RH-Managed-OpenShift-Installer` role and a trust policy to assume the `Managed-OpenShift-Installer-Role` role in the customer's account. This process returns temporary credentials from AWS STS. The installation program begins making the required API calls with the temporary credentials just received from STS. The installation program creates the required infrastructure in AWS. The credentials expire within an hour and the installation program no longer has access to the customer's account.
The same process also applies for support cases. In support cases, a Red{nbsp}Hat site reliability engineer (SRE) replaces the installation program.

13
support/troubleshooting/rosa-troubleshooting-installations-hcp.adoc
View File

@@ -22,12 +22,13 @@ endif::openshift-rosa-hcp[]
include::modules/rosa-troubleshoot-hcp-install.adoc[leveloffset=+1]
//remove these conditionals once HCP migration happens
ifndef::openshift-rosa-hcp[]
[role="_additional-resources"]
.Additional resources
* For information about the required IAM, see xref:../../rosa_planning/rosa-sts-ocm-role.adoc#rosa-sts-ocm-role[ROSA IAM role resources].
* For information about the AWS STS prerequisites for {hcp-title} clusters, see xref:../../welcome/cloud-experts-rosa-hcp-sts-explained.adoc#cloud-experts-rosa-hcp-sts-explained[AWS STS and ROSA with HCP explained].
endif::openshift-rosa-hcp[]
// [role="_additional-resources"]
// .Additional resources
// * For information about the required IAM, see xref:../../rosa_planning/rosa-sts-ocm-role.adoc#rosa-sts-ocm-role[ROSA IAM role resources].
// ifndef::openshift-rosa-hcp[]
// * For information about the AWS STS prerequisites for {hcp-title} clusters, see xref:../../welcome/cloud-experts-rosa-hcp-sts-explained.adoc#cloud-experts-rosa-hcp-sts-explained[AWS STS and ROSA with HCP explained].
// endif::openshift-rosa-hcp[]
include::modules/rosa-hcp-no-console-access.adoc[leveloffset=+1]