From a6e20d5d618bf18af50a6eb14dd05f5bf876a732 Mon Sep 17 00:00:00 2001 From: Frances_McDonald Date: Tue, 4 Mar 2025 18:17:33 +0000 Subject: [PATCH] moving file from troubleshooting to architecture renaming new assembly moving file from troubleshooting to architecture folder resolved xref issue resolved hcp fie issue changed from assembly to module to appear in the raci doc add content in id of module removing assembly in OSD topic map and renaming as managed and not sd-managed adding a condition in the node-cluster-overcommit assembly line113 for osd adding a new anchor in the node-cluster-overcommit assembly line113 conditionalising an assembly fixed topic maps to sd fixed assembly to gp to the anchor mocule or matrix assembly updating the content for sdmanaged doc removed : from csdmanaged resources doc removing landing page applied peer review suggestion removed space --- _topic_maps/_topic_map_rosa.yml | 3 - _topic_maps/_topic_map_rosa_hcp.yml | 2 +- modules/managed-resources.adoc | 70 +++++++++++++++++++ nodes/clusters/nodes-cluster-overcommit.adoc | 6 +- .../rosa-policy-responsibility-matrix.adoc | 1 + .../troubleshooting/sd-managed-resources.adoc | 2 +- 6 files changed, 76 insertions(+), 8 deletions(-) create mode 100644 modules/managed-resources.adoc diff --git a/_topic_maps/_topic_map_rosa.yml b/_topic_maps/_topic_map_rosa.yml index bb53d29625..2c153de0a9 100644 --- a/_topic_maps/_topic_map_rosa.yml +++ b/_topic_maps/_topic_map_rosa.yml @@ -424,9 +424,6 @@ Topics: - Name: Troubleshooting cluster deployments File: rosa-troubleshooting-deployments Distros: openshift-rosa - - Name: Red Hat OpenShift Service on AWS managed resources - File: sd-managed-resources - Distros: openshift-rosa --- Name: Web console Dir: web_console diff --git a/_topic_maps/_topic_map_rosa_hcp.yml b/_topic_maps/_topic_map_rosa_hcp.yml index dad69166c6..a7a1bbe38e 100644 --- a/_topic_maps/_topic_map_rosa_hcp.yml +++ b/_topic_maps/_topic_map_rosa_hcp.yml @@ -354,7 +354,7 @@ Topics: File: rosa-troubleshooting-iam-resources - Name: Troubleshooting cluster deployments File: rosa-troubleshooting-deployments - - Name: Red Hat OpenShift Service on AWS managed resources + - Name: Red Hat managed resources File: sd-managed-resources --- Name: Cluster administration diff --git a/modules/managed-resources.adoc b/modules/managed-resources.adoc new file mode 100644 index 0000000000..f89c96f485 --- /dev/null +++ b/modules/managed-resources.adoc @@ -0,0 +1,70 @@ +:_mod-docs-content-type: CONCEPT +//[id="sd-managed-resources"] +[id="sd-redhat-managed-resources_{context}"] += Red{nbsp}Hat managed resources +include::_attributes/attributes-openshift-dedicated.adoc[] +:context: sd-managed-resources + +toc::[] + +[id="sd-managed-resources-overview_{context}"] +== Overview + +The following covers all {product-title} resources that are managed or protected by the Service Reliability Engineering Platform (SRE-P) Team. Customers should not try to change these resources because doing so can lead to cluster instability. + +[id="sd-managed-resources-all_{context}"] +== Managed resources + +The following list displays the {product-title} resources managed by OpenShift Hive, the centralized fleet configuration management system. These resources are in addition to the OpenShift Container Platform resources created during installation. OpenShift Hive continually attempts to maintain consistency across all {product-title} clusters. Changes to {product-title} resources should be made through {cluster-manager} so that {cluster-manager} and Hive are synchronized. Contact ocm-feedback@redhat.com if {cluster-manager} does not support modifying the resources in question. + +.List of Red{nbsp}Hat managed resources +[%collapsible] +==== +[source,yaml] +---- +include::https://raw.githubusercontent.com/openshift/managed-cluster-config/master/resources/managed/all-osd-resources.yaml[] +---- +==== + +[id="sd-core-namespaces_{context}"] +== {product-title} core namespaces + +{product-title} core namespaces are installed by default during cluster installation. + +.List of core namespaces +[%collapsible] +==== +[source,yaml] +---- +include::https://raw.githubusercontent.com/openshift/managed-cluster-config/master/deploy/osd-managed-resources/ocp-namespaces.ConfigMap.yaml[] +---- +==== + +[id="sd-add-on-managed-namespaces_{context}"] +== {product-title} add-on namespaces + +{product-title} add-ons are services available for installation after cluster installation. These additional services include {openshift-dev-spaces-productname}, Red{nbsp}Hat OpenShift API Management, and Cluster Logging Operator. Any changes to resources within the following namespaces can be overridden by the add-on during upgrades, which can lead to unsupported configurations for the add-on functionality. + +.List of add-on managed namespaces +[%collapsible] +==== +[source,yaml] +---- +include::https://raw.githubusercontent.com/openshift/managed-cluster-config/master/resources/addons-namespaces/main.yaml[] +---- +==== + +[id="sd-validating-webhooks_{context}"] +== {product-title} validating webhooks + +{product-title} validating webhooks are a set of dynamic admission controls maintained by the OpenShift SRE team. These HTTP callbacks, also known as webhooks, are called for various types of requests to ensure cluster stability. The following list describes the various webhooks with rules containing the registered operations and resources that are controlled. Any attempt to circumvent these validating webhooks could affect the stability and supportability of the cluster. + +.List of validating webhooks +[%collapsible] +==== +[source,json] +---- +include::https://raw.githubusercontent.com/openshift/managed-cluster-validating-webhooks/master/docs/webhooks.json[] +---- +==== + diff --git a/nodes/clusters/nodes-cluster-overcommit.adoc b/nodes/clusters/nodes-cluster-overcommit.adoc index 593b93e242..556177ad6e 100644 --- a/nodes/clusters/nodes-cluster-overcommit.adoc +++ b/nodes/clusters/nodes-cluster-overcommit.adoc @@ -109,6 +109,6 @@ ifdef::openshift-rosa,openshift-rosa-hcp,openshift-dedicated[] * xref:../../nodes/clusters/nodes-cluster-limit-ranges.adoc#nodes-cluster-limit-ranges[Restrict resource consumption with limit ranges] endif::openshift-rosa,openshift-rosa-hcp,openshift-dedicated[] // TODO: Add this xref to ROSA HCP when the Support book is added. -ifndef::openshift-rosa-hcp,openshift-enterprise[] -* xref:../../support/troubleshooting/sd-managed-resources.adoc#sd-managed-resources[Red Hat Managed resources] -endif::openshift-rosa-hcp,openshift-enterprise[] +ifndef::openshift-rosa-hcp,openshift-enterprise,openshift-dedicated[] +* xref:../../rosa_architecture/rosa_policy_service_definition/rosa-policy-responsibility-matrix.adoc#sd-managed-resources-overview_sd-managed-resources[Red Hat Managed resources] +endif::openshift-rosa-hcp,openshift-enterprise,openshift-dedicated[] diff --git a/rosa_architecture/rosa_policy_service_definition/rosa-policy-responsibility-matrix.adoc b/rosa_architecture/rosa_policy_service_definition/rosa-policy-responsibility-matrix.adoc index 9c4a1ea09f..6b1022e27f 100644 --- a/rosa_architecture/rosa_policy_service_definition/rosa-policy-responsibility-matrix.adoc +++ b/rosa_architecture/rosa_policy_service_definition/rosa-policy-responsibility-matrix.adoc @@ -41,6 +41,7 @@ endif::openshift-rosa-hcp[] include::modules/rosa-policy-security-and-compliance.adoc[leveloffset=+1] include::modules/rosa-policy-disaster-recovery.adoc[leveloffset=+1] +include::modules/managed-resources.adoc[leveloffset=+1] [role="_additional-resources"] .Additional resources diff --git a/support/troubleshooting/sd-managed-resources.adoc b/support/troubleshooting/sd-managed-resources.adoc index e2dd475f3b..8fc90cfcde 100644 --- a/support/troubleshooting/sd-managed-resources.adoc +++ b/support/troubleshooting/sd-managed-resources.adoc @@ -9,7 +9,7 @@ toc::[] [id="sd-managed-resources-overview_{context}"] == Overview -The following covers all {product-title} resources that are managed or protected by the Service Reliability Engineering Platform (SRE-P) Team. Customers should not attempt to modify these resources because doing so can lead to cluster instability. +The following covers all {product-title} resources that are managed or protected by the Service Reliability Engineering Platform (SRE-P) Team. Customers should not try to change these resources because doing so can lead to cluster instability. [id="sd-managed-resources-all_{context}"] == Hive managed resources