openshift/openshift-docs
1
0
Fork 0
mirror of https://github.com/openshift/openshift-docs.git synced 2026-02-05 12:46:18 +01:00
Code Issues Releases Activity

Unify ccoctl install step order across providers

Browse Source
This commit is contained in:
Jeana Routh
2023-09-22 13:20:59 -04:00
committed by openshift-cherrypick-robot
parent d3f4a338a4
commit c7a2bd0fa2
16 changed files with 457 additions and 481 deletions
Download Patch File Download Diff File Expand all files Collapse all files

73
installing/installing_aws/installing-aws-china.adoc
View File

@@ -40,39 +40,6 @@ include::modules/installation-aws-upload-custom-rhcos-ami.adoc[leveloffset=+1]
include::modules/installation-obtaining-installer.adoc[leveloffset=+1]
//Installing the OpenShift CLI by downloading the binary: Moved up to precede `ccoctl` steps, which require the use of `oc`
include::modules/cli-installing-cli.adoc[leveloffset=+1]
//Supertask: Configuring an AWS cluster to use short-term credentials
[id="installing-aws-with-short-term-creds_{context}"]
== Optional: Configuring an AWS cluster to use short-term credentials
To install a cluster that is configured to use the AWS Security Token Service (STS), you must configure the CCO utility and create the required AWS resources for your cluster.
[NOTE]
====
To use the AWS STS, you must configure the Cloud Credential Operator (CCO) to run in manual mode. As part of the installation process, you set `credentialsMode` parameter to `Manual` after creating the `install-config.yaml` installation configuration file.
====
//Task part 1: Configuring the Cloud Credential Operator utility
include::modules/cco-ccoctl-configuring.adoc[leveloffset=+2]
//Task part 2: Creating the required AWS resources
[id="sts-mode-create-aws-resources-ccoctl_{context}"]
=== Creating AWS resources with the Cloud Credential Operator utility
You have the following options when creating AWS resources:
* You can use the `ccoctl aws create-all` command to create the AWS resources automatically. This is the quickest way to create the resources. See xref:../../installing/installing_aws/installing-aws-china.adoc#cco-ccoctl-creating-at-once_installing-aws-china-region[Creating AWS resources with a single command].
* If you need to review the JSON files that the `ccoctl` tool creates before modifying AWS resources, or if the process the `ccoctl` tool uses to create AWS resources automatically does not meet the requirements of your organization, you can create the AWS resources individually. See xref:../../installing/installing_aws/installing-aws-china.adoc#cco-ccoctl-creating-individually_installing-aws-china-region[Creating AWS resources individually].
//Task part 2a: Creating the required AWS resources all at once
include::modules/cco-ccoctl-creating-at-once.adoc[leveloffset=+3]
//Task part 2b: Creating the required AWS resources individually
include::modules/cco-ccoctl-creating-individually.adoc[leveloffset=+3]
include::modules/installation-initializing-manual.adoc[leveloffset=+1]
[role="_additional-resources"]
@@ -94,21 +61,49 @@ include::modules/installation-configure-proxy.adoc[leveloffset=+2]
include::modules/installation-applying-aws-security-groups.adoc[leveloffset=+2]
//Installing the OpenShift CLI by downloading the binary: Moved up to precede `ccoctl` steps, which require the use of `oc`
include::modules/cli-installing-cli.adoc[leveloffset=+1]
[id="installing-aws-manual-modes_{context}"]
== Alternatives to storing administrator-level secrets in the kube-system project
By default, administrator secrets are stored in the `kube-system` project. If you configured the `credentialsMode` parameter in the `install-config.yaml` file to `Manual`, you must use one of the following alternatives:
* If you configured the CCO utility (`ccoctl`) to implement short-term credentials for individual components, follow the procedure in xref:../../installing/installing_aws/installing-aws-china.adoc#cco-ccoctl-install-creating-manifests_installing-aws-china-region[Incorporating the Cloud Credential Operator utility manifests].
* To manage long-term cloud credentials manually, follow the procedure in xref:../../installing/installing_aws/installing-aws-china.adoc#manually-create-iam_installing-aws-china-region[Manually creating long-term credentials].
* If you will manage cloud credentials manually, follow the procedure in xref:../../installing/installing_aws/installing-aws-china.adoc#manually-create-iam_installing-aws-china-region[Manually creating long-term credentials].
* To implement short-term credentials that are managed outside the cluster for individual components, follow the procedures in xref:../../installing/installing_aws/installing-aws-china.adoc#installing-aws-with-short-term-creds_installing-aws-china-region[Configuring an AWS cluster to use short-term credentials].
// Additional steps for the Cloud Credential Operator utility (`ccoctl`)
include::modules/cco-ccoctl-install-creating-manifests.adoc[leveloffset=+2]
//Manually creating IAM
//Manually creating long-term credentials
include::modules/manually-create-identity-access-management.adoc[leveloffset=+2]
//Supertask: Configuring an AWS cluster to use short-term credentials
[id="installing-aws-with-short-term-creds_{context}"]
=== Configuring an AWS cluster to use short-term credentials
To install a cluster that is configured to use the AWS Security Token Service (STS), you must configure the CCO utility and create the required AWS resources for your cluster.
//Task part 1: Configuring the Cloud Credential Operator utility
include::modules/cco-ccoctl-configuring.adoc[leveloffset=+3]
//Task part 2: Creating the required AWS resources
[id="sts-mode-create-aws-resources-ccoctl_{context}"]
==== Creating AWS resources with the Cloud Credential Operator utility
You have the following options when creating AWS resources:
* You can use the `ccoctl aws create-all` command to create the AWS resources automatically. This is the quickest way to create the resources. See xref:../../installing/installing_aws/installing-aws-china.adoc#cco-ccoctl-creating-at-once_installing-aws-china-region[Creating AWS resources with a single command].
* If you need to review the JSON files that the `ccoctl` tool creates before modifying AWS resources, or if the process the `ccoctl` tool uses to create AWS resources automatically does not meet the requirements of your organization, you can create the AWS resources individually. See xref:../../installing/installing_aws/installing-aws-china.adoc#cco-ccoctl-creating-individually_installing-aws-china-region[Creating AWS resources individually].
//Task part 2a: Creating the required AWS resources all at once
include::modules/cco-ccoctl-creating-at-once.adoc[leveloffset=+4]
//Task part 2b: Creating the required AWS resources individually
include::modules/cco-ccoctl-creating-individually.adoc[leveloffset=+4]
//Task part 3: Incorporating the Cloud Credential Operator utility manifests
include::modules/cco-ccoctl-install-creating-manifests.adoc[leveloffset=+3]
include::modules/installation-launching-installer.adoc[leveloffset=+1]
include::modules/cli-logging-in-kubeadmin.adoc[leveloffset=+1]

73
installing/installing_aws/installing-aws-customizations.adoc
View File

@@ -37,39 +37,6 @@ include::modules/installation-aws-marketplace-subscribe.adoc[leveloffset=+1]
include::modules/installation-obtaining-installer.adoc[leveloffset=+1]
//Installing the OpenShift CLI by downloading the binary: Moved up to precede `ccoctl` steps, which require the use of `oc`
include::modules/cli-installing-cli.adoc[leveloffset=+1]
//Supertask: Configuring an AWS cluster to use short-term credentials
[id="installing-aws-with-short-term-creds_{context}"]
== Optional: Configuring an AWS cluster to use short-term credentials
To install a cluster that is configured to use the AWS Security Token Service (STS), you must configure the CCO utility and create the required AWS resources for your cluster.
[NOTE]
====
To use the AWS STS, you must configure the Cloud Credential Operator (CCO) to run in manual mode. As part of the installation process, you set `credentialsMode` parameter to `Manual` after creating the `install-config.yaml` installation configuration file.
====
//Task part 1: Configuring the Cloud Credential Operator utility
include::modules/cco-ccoctl-configuring.adoc[leveloffset=+2]
//Task part 2: Creating the required AWS resources
[id="sts-mode-create-aws-resources-ccoctl_{context}"]
=== Creating AWS resources with the Cloud Credential Operator utility
You have the following options when creating AWS resources:
* You can use the `ccoctl aws create-all` command to create the AWS resources automatically. This is the quickest way to create the resources. See xref:../../installing/installing_aws/installing-aws-customizations.adoc#cco-ccoctl-creating-at-once_installing-aws-customizations[Creating AWS resources with a single command].
* If you need to review the JSON files that the `ccoctl` tool creates before modifying AWS resources, or if the process the `ccoctl` tool uses to create AWS resources automatically does not meet the requirements of your organization, you can create the AWS resources individually. See xref:../../installing/installing_aws/installing-aws-customizations.adoc#cco-ccoctl-creating-individually_installing-aws-customizations[Creating AWS resources individually].
//Task part 2a: Creating the required AWS resources all at once
include::modules/cco-ccoctl-creating-at-once.adoc[leveloffset=+3]
//Task part 2b: Creating the required AWS resources individually
include::modules/cco-ccoctl-creating-individually.adoc[leveloffset=+3]
include::modules/installation-initializing.adoc[leveloffset=+1]
[role="_additional-resources"]
@@ -91,21 +58,49 @@ include::modules/installation-aws-config-yaml.adoc[leveloffset=+2]
include::modules/installation-configure-proxy.adoc[leveloffset=+2]
//Installing the OpenShift CLI by downloading the binary: Moved up to precede `ccoctl` steps, which require the use of `oc`
include::modules/cli-installing-cli.adoc[leveloffset=+1]
[id="installing-aws-manual-modes_{context}"]
== Alternatives to storing administrator-level secrets in the kube-system project
By default, administrator secrets are stored in the `kube-system` project. If you configured the `credentialsMode` parameter in the `install-config.yaml` file to `Manual`, you must use one of the following alternatives:
* If you configured the CCO utility (`ccoctl`) to implement short-term credentials for individual components, follow the procedure in xref:../../installing/installing_aws/installing-aws-customizations.adoc#cco-ccoctl-install-creating-manifests_installing-aws-customizations[Incorporating the Cloud Credential Operator utility manifests].
* To manage long-term cloud credentials manually, follow the procedure in xref:../../installing/installing_aws/installing-aws-customizations.adoc#manually-create-iam_installing-aws-customizations[Manually creating long-term credentials].
* If you will manage cloud credentials manually, follow the procedure in xref:../../installing/installing_aws/installing-aws-customizations.adoc#manually-create-iam_installing-aws-customizations[Manually creating long-term credentials].
* To implement short-term credentials that are managed outside the cluster for individual components, follow the procedures in xref:../../installing/installing_aws/installing-aws-customizations.adoc#installing-aws-with-short-term-creds_installing-aws-customizations[Configuring an AWS cluster to use short-term credentials].
// Additional steps for the Cloud Credential Operator utility (`ccoctl`)
include::modules/cco-ccoctl-install-creating-manifests.adoc[leveloffset=+2]
//Manually creating IAM
//Manually creating long-term credentials
include::modules/manually-create-identity-access-management.adoc[leveloffset=+2]
//Supertask: Configuring an AWS cluster to use short-term credentials
[id="installing-aws-with-short-term-creds_{context}"]
=== Configuring an AWS cluster to use short-term credentials
To install a cluster that is configured to use the AWS Security Token Service (STS), you must configure the CCO utility and create the required AWS resources for your cluster.
//Task part 1: Configuring the Cloud Credential Operator utility
include::modules/cco-ccoctl-configuring.adoc[leveloffset=+3]
//Task part 2: Creating the required AWS resources
[id="sts-mode-create-aws-resources-ccoctl_{context}"]
==== Creating AWS resources with the Cloud Credential Operator utility
You have the following options when creating AWS resources:
* You can use the `ccoctl aws create-all` command to create the AWS resources automatically. This is the quickest way to create the resources. See xref:../../installing/installing_aws/installing-aws-customizations.adoc#cco-ccoctl-creating-at-once_installing-aws-customizations[Creating AWS resources with a single command].
* If you need to review the JSON files that the `ccoctl` tool creates before modifying AWS resources, or if the process the `ccoctl` tool uses to create AWS resources automatically does not meet the requirements of your organization, you can create the AWS resources individually. See xref:../../installing/installing_aws/installing-aws-customizations.adoc#cco-ccoctl-creating-individually_installing-aws-customizations[Creating AWS resources individually].
//Task part 2a: Creating the required AWS resources all at once
include::modules/cco-ccoctl-creating-at-once.adoc[leveloffset=+4]
//Task part 2b: Creating the required AWS resources individually
include::modules/cco-ccoctl-creating-individually.adoc[leveloffset=+4]
//Task part 3: Incorporating the Cloud Credential Operator utility manifests
include::modules/cco-ccoctl-install-creating-manifests.adoc[leveloffset=+3]
include::modules/installation-launching-installer.adoc[leveloffset=+1]
include::modules/cli-logging-in-kubeadmin.adoc[leveloffset=+1]

73
installing/installing_aws/installing-aws-government-region.adoc
View File

@@ -41,39 +41,6 @@ include::modules/installation-aws-marketplace-subscribe.adoc[leveloffset=+1]
include::modules/installation-obtaining-installer.adoc[leveloffset=+1]
//Installing the OpenShift CLI by downloading the binary: Moved up to precede `ccoctl` steps, which require the use of `oc`
include::modules/cli-installing-cli.adoc[leveloffset=+1]
//Supertask: Configuring an AWS cluster to use short-term credentials
[id="installing-aws-with-short-term-creds_{context}"]
== Optional: Configuring an AWS cluster to use short-term credentials
To install a cluster that is configured to use the AWS Security Token Service (STS), you must configure the CCO utility and create the required AWS resources for your cluster.
[NOTE]
====
To use the AWS STS, you must configure the Cloud Credential Operator (CCO) to run in manual mode. As part of the installation process, you set `credentialsMode` parameter to `Manual` after creating the `install-config.yaml` installation configuration file.
====
//Task part 1: Configuring the Cloud Credential Operator utility
include::modules/cco-ccoctl-configuring.adoc[leveloffset=+2]
//Task part 2: Creating the required AWS resources
[id="sts-mode-create-aws-resources-ccoctl_{context}"]
=== Creating AWS resources with the Cloud Credential Operator utility
You have the following options when creating AWS resources:
* You can use the `ccoctl aws create-all` command to create the AWS resources automatically. This is the quickest way to create the resources. See xref:../../installing/installing_aws/installing-aws-government-region.adoc#cco-ccoctl-creating-at-once_installing-aws-government-region[Creating AWS resources with a single command].
* If you need to review the JSON files that the `ccoctl` tool creates before modifying AWS resources, or if the process the `ccoctl` tool uses to create AWS resources automatically does not meet the requirements of your organization, you can create the AWS resources individually. See xref:../../installing/installing_aws/installing-aws-government-region.adoc#cco-ccoctl-creating-individually_installing-aws-government-region[Creating AWS resources individually].
//Task part 2a: Creating the required AWS resources all at once
include::modules/cco-ccoctl-creating-at-once.adoc[leveloffset=+3]
//Task part 2b: Creating the required AWS resources individually
include::modules/cco-ccoctl-creating-individually.adoc[leveloffset=+3]
include::modules/installation-initializing-manual.adoc[leveloffset=+1]
[role="_additional-resources"]
@@ -95,21 +62,49 @@ include::modules/installation-configure-proxy.adoc[leveloffset=+2]
include::modules/installation-applying-aws-security-groups.adoc[leveloffset=+2]
//Installing the OpenShift CLI by downloading the binary: Moved up to precede `ccoctl` steps, which require the use of `oc`
include::modules/cli-installing-cli.adoc[leveloffset=+1]
[id="installing-aws-manual-modes_{context}"]
== Alternatives to storing administrator-level secrets in the kube-system project
By default, administrator secrets are stored in the `kube-system` project. If you configured the `credentialsMode` parameter in the `install-config.yaml` file to `Manual`, you must use one of the following alternatives:
* If you configured the CCO utility (`ccoctl`) to implement short-term credentials for individual components, follow the procedure in xref:../../installing/installing_aws/installing-aws-government-region.adoc#cco-ccoctl-install-creating-manifests_installing-aws-government-region[Incorporating the Cloud Credential Operator utility manifests].
* To manage long-term cloud credentials manually, follow the procedure in xref:../../installing/installing_aws/installing-aws-government-region.adoc#manually-create-iam_installing-aws-government-region[Manually creating long-term credentials].
* If you will manage cloud credentials manually, follow the procedure in xref:../../installing/installing_aws/installing-aws-government-region.adoc#manually-create-iam_installing-aws-government-region[Manually creating long-term credentials].
* To implement short-term credentials that are managed outside the cluster for individual components, follow the procedures in xref:../../installing/installing_aws/installing-aws-government-region.adoc#installing-aws-with-short-term-creds_installing-aws-government-region[Incorporating the Cloud Credential Operator utility manifests].
// Additional steps for the Cloud Credential Operator utility (`ccoctl`)
include::modules/cco-ccoctl-install-creating-manifests.adoc[leveloffset=+2]
//Manually creating IAM
//Manually creating long-term credentials
include::modules/manually-create-identity-access-management.adoc[leveloffset=+2]
//Supertask: Configuring an AWS cluster to use short-term credentials
[id="installing-aws-with-short-term-creds_{context}"]
=== Configuring an AWS cluster to use short-term credentials
To install a cluster that is configured to use the AWS Security Token Service (STS), you must configure the CCO utility and create the required AWS resources for your cluster.
//Task part 1: Configuring the Cloud Credential Operator utility
include::modules/cco-ccoctl-configuring.adoc[leveloffset=+3]
//Task part 2: Creating the required AWS resources
[id="sts-mode-create-aws-resources-ccoctl_{context}"]
==== Creating AWS resources with the Cloud Credential Operator utility
You have the following options when creating AWS resources:
* You can use the `ccoctl aws create-all` command to create the AWS resources automatically. This is the quickest way to create the resources. See xref:../../installing/installing_aws/installing-aws-government-region.adoc#cco-ccoctl-creating-at-once_installing-aws-government-region[Creating AWS resources with a single command].
* If you need to review the JSON files that the `ccoctl` tool creates before modifying AWS resources, or if the process the `ccoctl` tool uses to create AWS resources automatically does not meet the requirements of your organization, you can create the AWS resources individually. See xref:../../installing/installing_aws/installing-aws-government-region.adoc#cco-ccoctl-creating-individually_installing-aws-government-region[Creating AWS resources individually].
//Task part 2a: Creating the required AWS resources all at once
include::modules/cco-ccoctl-creating-at-once.adoc[leveloffset=+4]
//Task part 2b: Creating the required AWS resources individually
include::modules/cco-ccoctl-creating-individually.adoc[leveloffset=+4]
//Task part 3: Incorporating the Cloud Credential Operator utility manifests
include::modules/cco-ccoctl-install-creating-manifests.adoc[leveloffset=+3]
include::modules/installation-launching-installer.adoc[leveloffset=+1]
include::modules/cli-logging-in-kubeadmin.adoc[leveloffset=+1]

73
installing/installing_aws/installing-aws-network-customizations.adoc
View File

@@ -36,39 +36,6 @@ include::modules/ssh-agent-using.adoc[leveloffset=+1]
include::modules/installation-obtaining-installer.adoc[leveloffset=+1]
//Installing the OpenShift CLI by downloading the binary: Moved up to precede `ccoctl` steps, which require the use of `oc`
include::modules/cli-installing-cli.adoc[leveloffset=+1]
//Supertask: Configuring an AWS cluster to use short-term credentials
[id="installing-aws-with-short-term-creds_{context}"]
== Optional: Configuring an AWS cluster to use short-term credentials
To install a cluster that is configured to use the AWS Security Token Service (STS), you must configure the CCO utility and create the required AWS resources for your cluster.
[NOTE]
====
To use the AWS STS, you must configure the Cloud Credential Operator (CCO) to run in manual mode. As part of the installation process, you set `credentialsMode` parameter to `Manual` after creating the `install-config.yaml` installation configuration file.
====
//Task part 1: Configuring the Cloud Credential Operator utility
include::modules/cco-ccoctl-configuring.adoc[leveloffset=+2]
//Task part 2: Creating the required AWS resources
[id="sts-mode-create-aws-resources-ccoctl_{context}"]
=== Creating AWS resources with the Cloud Credential Operator utility
You have the following options when creating AWS resources:
* You can use the `ccoctl aws create-all` command to create the AWS resources automatically. This is the quickest way to create the resources. See xref:../../installing/installing_aws/installing-aws-network-customizations.adoc#cco-ccoctl-creating-at-once_installing-aws-network-customizations[Creating AWS resources with a single command].
* If you need to review the JSON files that the `ccoctl` tool creates before modifying AWS resources, or if the process the `ccoctl` tool uses to create AWS resources automatically does not meet the requirements of your organization, you can create the AWS resources individually. See xref:../../installing/installing_aws/installing-aws-network-customizations.adoc#cco-ccoctl-creating-individually_installing-aws-network-customizations[Creating AWS resources individually].
//Task part 2a: Creating the required AWS resources all at once
include::modules/cco-ccoctl-creating-at-once.adoc[leveloffset=+3]
//Task part 2b: Creating the required AWS resources individually
include::modules/cco-ccoctl-creating-individually.adoc[leveloffset=+3]
include::modules/nw-network-config.adoc[leveloffset=+1]
include::modules/installation-initializing.adoc[leveloffset=+1]
@@ -91,21 +58,49 @@ include::modules/installation-aws-config-yaml.adoc[leveloffset=+2]
include::modules/installation-configure-proxy.adoc[leveloffset=+2]
//Installing the OpenShift CLI by downloading the binary: Moved up to precede `ccoctl` steps, which require the use of `oc`
include::modules/cli-installing-cli.adoc[leveloffset=+1]
[id="installing-aws-manual-modes_{context}"]
== Alternatives to storing administrator-level secrets in the kube-system project
By default, administrator secrets are stored in the `kube-system` project. If you configured the `credentialsMode` parameter in the `install-config.yaml` file to `Manual`, you must use one of the following alternatives:
* If you configured the CCO utility (`ccoctl`) to implement short-term credentials for individual components, follow the procedure in xref:../../installing/installing_aws/installing-aws-network-customizations.adoc#cco-ccoctl-install-creating-manifests_installing-aws-network-customizations[Incorporating the Cloud Credential Operator utility manifests].
* To manage long-term cloud credentials manually, follow the procedure in xref:../../installing/installing_aws/installing-aws-network-customizations.adoc#manually-create-iam_installing-aws-network-customizations[Manually creating long-term credentials].
* If you will manage cloud credentials manually, follow the procedure in xref:../../installing/installing_aws/installing-aws-network-customizations.adoc#manually-create-iam_installing-aws-network-customizations[Manually creating long-term credentials].
* To implement short-term credentials that are managed outside the cluster for individual components, follow the procedures in xref:../../installing/installing_aws/installing-aws-network-customizations.adoc#installing-aws-with-short-term-creds_installing-aws-network-customizations[Configuring an AWS cluster to use short-term credentials].
// Additional steps for the Cloud Credential Operator utility (`ccoctl`)
include::modules/cco-ccoctl-install-creating-manifests.adoc[leveloffset=+2]
//Manually creating IAM
//Manually creating long-term credentials
include::modules/manually-create-identity-access-management.adoc[leveloffset=+2]
//Supertask: Configuring an AWS cluster to use short-term credentials
[id="installing-aws-with-short-term-creds_{context}"]
=== Configuring an AWS cluster to use short-term credentials
To install a cluster that is configured to use the AWS Security Token Service (STS), you must configure the CCO utility and create the required AWS resources for your cluster.
//Task part 1: Configuring the Cloud Credential Operator utility
include::modules/cco-ccoctl-configuring.adoc[leveloffset=+3]
//Task part 2: Creating the required AWS resources
[id="sts-mode-create-aws-resources-ccoctl_{context}"]
==== Creating AWS resources with the Cloud Credential Operator utility
You have the following options when creating AWS resources:
* You can use the `ccoctl aws create-all` command to create the AWS resources automatically. This is the quickest way to create the resources. See xref:../../installing/installing_aws/installing-aws-network-customizations.adoc#cco-ccoctl-creating-at-once_installing-aws-network-customizations[Creating AWS resources with a single command].
* If you need to review the JSON files that the `ccoctl` tool creates before modifying AWS resources, or if the process the `ccoctl` tool uses to create AWS resources automatically does not meet the requirements of your organization, you can create the AWS resources individually. See xref:../../installing/installing_aws/installing-aws-network-customizations.adoc#cco-ccoctl-creating-individually_installing-aws-network-customizations[Creating AWS resources individually].
//Task part 2a: Creating the required AWS resources all at once
include::modules/cco-ccoctl-creating-at-once.adoc[leveloffset=+4]
//Task part 2b: Creating the required AWS resources individually
include::modules/cco-ccoctl-creating-individually.adoc[leveloffset=+4]
//Task part 3: Incorporating the Cloud Credential Operator utility manifests
include::modules/cco-ccoctl-install-creating-manifests.adoc[leveloffset=+3]
// Network Operator specific configuration
include::modules/nw-operator-cr.adoc[leveloffset=+1]
include::modules/nw-modifying-operator-install-config.adoc[leveloffset=+1]

73
installing/installing_aws/installing-aws-outposts-remote-workers.adoc
View File

@@ -41,39 +41,6 @@ include::modules/ssh-agent-using.adoc[leveloffset=+1]
include::modules/installation-obtaining-installer.adoc[leveloffset=+1]
//Installing the OpenShift CLI by downloading the binary: Moved up to precede `ccoctl` steps, which require the use of `oc`
include::modules/cli-installing-cli.adoc[leveloffset=+1]
//Supertask: Configuring an AWS cluster to use short-term credentials
[id="installing-aws-with-short-term-creds_{context}"]
== Optional: Configuring an AWS cluster to use short-term credentials
To install a cluster that is configured to use the AWS Security Token Service (STS), you must configure the CCO utility and create the required AWS resources for your cluster.
[NOTE]
====
To use the AWS STS, you must configure the Cloud Credential Operator (CCO) to run in manual mode. As part of the installation process, you set `credentialsMode` parameter to `Manual` after creating the `install-config.yaml` installation configuration file.
====
//Task part 1: Configuring the Cloud Credential Operator utility
include::modules/cco-ccoctl-configuring.adoc[leveloffset=+2]
//Task part 2: Creating the required AWS resources
[id="sts-mode-create-aws-resources-ccoctl_{context}"]
=== Creating AWS resources with the Cloud Credential Operator utility
You have the following options when creating AWS resources:
* You can use the `ccoctl aws create-all` command to create the AWS resources automatically. This is the quickest way to create the resources. See xref:../../installing/installing_aws/installing-aws-outposts-remote-workers.adoc#cco-ccoctl-creating-at-once_installing-aws-outposts-remote-workers[Creating AWS resources with a single command].
* If you need to review the JSON files that the `ccoctl` tool creates before modifying AWS resources, or if the process the `ccoctl` tool uses to create AWS resources automatically does not meet the requirements of your organization, you can create the AWS resources individually. See xref:../../installing/installing_aws/installing-aws-outposts-remote-workers.adoc#cco-ccoctl-creating-individually_installing-aws-outposts-remote-workers[Creating AWS resources individually].
//Task part 2a: Creating the required AWS resources all at once
include::modules/cco-ccoctl-creating-at-once.adoc[leveloffset=+3]
//Task part 2b: Creating the required AWS resources individually
include::modules/cco-ccoctl-creating-individually.adoc[leveloffset=+3]
include::modules/installation-minimum-resource-requirements.adoc[leveloffset=+1]
[role="_additional-resources"]
@@ -94,21 +61,49 @@ include::modules/installation-applying-aws-security-groups.adoc[leveloffset=+2]
include::modules/installation-aws-editing-manifests.adoc[leveloffset=+1]
//Installing the OpenShift CLI by downloading the binary: Moved up to precede `ccoctl` steps, which require the use of `oc`
include::modules/cli-installing-cli.adoc[leveloffset=+1]
[id="installing-aws-manual-modes_{context}"]
== Alternatives to storing administrator-level secrets in the kube-system project
By default, administrator secrets are stored in the `kube-system` project. If you configured the `credentialsMode` parameter in the `install-config.yaml` file to `Manual`, you must use one of the following alternatives:
* If you configured the CCO utility (`ccoctl`) to implement short-term credentials for individual components, follow the procedure in xref:../../installing/installing_aws/installing-aws-outposts-remote-workers.adoc#cco-ccoctl-install-creating-manifests_installing-aws-outposts-remote-workers[Incorporating the Cloud Credential Operator utility manifests].
* To manage long-term cloud credentials manually, follow the procedure in xref:../../installing/installing_aws/installing-aws-outposts-remote-workers.adoc#manually-create-iam_installing-aws-outposts-remote-workers[Manually creating long-term credentials].
* If you will manage cloud credentials manually, follow the procedure in xref:../../installing/installing_aws/installing-aws-outposts-remote-workers.adoc#manually-create-iam_installing-aws-outposts-remote-workers[Manually creating long-term credentials].
* To implement short-term credentials that are managed outside the cluster for individual components, follow the procedures in xref:../../installing/installing_aws/installing-aws-outposts-remote-workers.adoc#installing-aws-with-short-term-creds_installing-aws-outposts-remote-workers[Configuring an AWS cluster to use short-term credentials].
// Additional steps for the Cloud Credential Operator utility (`ccoctl`)
include::modules/cco-ccoctl-install-creating-manifests.adoc[leveloffset=+2]
//Manually creating IAM
//Manually creating long-term credentials
include::modules/manually-create-identity-access-management.adoc[leveloffset=+2]
//Supertask: Configuring an AWS cluster to use short-term credentials
[id="installing-aws-with-short-term-creds_{context}"]
=== Configuring an AWS cluster to use short-term credentials
To install a cluster that is configured to use the AWS Security Token Service (STS), you must configure the CCO utility and create the required AWS resources for your cluster.
//Task part 1: Configuring the Cloud Credential Operator utility
include::modules/cco-ccoctl-configuring.adoc[leveloffset=+3]
//Task part 2: Creating the required AWS resources
[id="sts-mode-create-aws-resources-ccoctl_{context}"]
==== Creating AWS resources with the Cloud Credential Operator utility
You have the following options when creating AWS resources:
* You can use the `ccoctl aws create-all` command to create the AWS resources automatically. This is the quickest way to create the resources. See xref:../../installing/installing_aws/installing-aws-outposts-remote-workers.adoc#cco-ccoctl-creating-at-once_installing-aws-outposts-remote-workers[Creating AWS resources with a single command].
* If you need to review the JSON files that the `ccoctl` tool creates before modifying AWS resources, or if the process the `ccoctl` tool uses to create AWS resources automatically does not meet the requirements of your organization, you can create the AWS resources individually. See xref:../../installing/installing_aws/installing-aws-outposts-remote-workers.adoc#cco-ccoctl-creating-individually_installing-aws-outposts-remote-workers[Creating AWS resources individually].
//Task part 2a: Creating the required AWS resources all at once
include::modules/cco-ccoctl-creating-at-once.adoc[leveloffset=+4]
//Task part 2b: Creating the required AWS resources individually
include::modules/cco-ccoctl-creating-individually.adoc[leveloffset=+4]
//Task part 3: Incorporating the Cloud Credential Operator utility manifests
include::modules/cco-ccoctl-install-creating-manifests.adoc[leveloffset=+3]
include::modules/installation-launching-installer.adoc[leveloffset=+1]
include::modules/cli-logging-in-kubeadmin.adoc[leveloffset=+1]

73
installing/installing_aws/installing-aws-private.adoc
View File

@@ -34,39 +34,6 @@ include::modules/ssh-agent-using.adoc[leveloffset=+1]
include::modules/installation-obtaining-installer.adoc[leveloffset=+1]
//Installing the OpenShift CLI by downloading the binary: Moved up to precede `ccoctl` steps, which require the use of `oc`
include::modules/cli-installing-cli.adoc[leveloffset=+1]
//Supertask: Configuring an AWS cluster to use short-term credentials
[id="installing-aws-with-short-term-creds_{context}"]
== Optional: Configuring an AWS cluster to use short-term credentials
To install a cluster that is configured to use the AWS Security Token Service (STS), you must configure the CCO utility and create the required AWS resources for your cluster.
[NOTE]
====
To use the AWS STS, you must configure the Cloud Credential Operator (CCO) to run in manual mode. As part of the installation process, you set `credentialsMode` parameter to `Manual` after creating the `install-config.yaml` installation configuration file.
====
//Task part 1: Configuring the Cloud Credential Operator utility
include::modules/cco-ccoctl-configuring.adoc[leveloffset=+2]
//Task part 2: Creating the required AWS resources
[id="sts-mode-create-aws-resources-ccoctl_{context}"]
=== Creating AWS resources with the Cloud Credential Operator utility
You have the following options when creating AWS resources:
* You can use the `ccoctl aws create-all` command to create the AWS resources automatically. This is the quickest way to create the resources. See xref:../../installing/installing_aws/installing-aws-private.adoc#cco-ccoctl-creating-at-once_installing-aws-private[Creating AWS resources with a single command].
* If you need to review the JSON files that the `ccoctl` tool creates before modifying AWS resources, or if the process the `ccoctl` tool uses to create AWS resources automatically does not meet the requirements of your organization, you can create the AWS resources individually. See xref:../../installing/installing_aws/installing-aws-private.adoc#cco-ccoctl-creating-individually_installing-aws-private[Creating AWS resources individually].
//Task part 2a: Creating the required AWS resources all at once
include::modules/cco-ccoctl-creating-at-once.adoc[leveloffset=+3]
//Task part 2b: Creating the required AWS resources individually
include::modules/cco-ccoctl-creating-individually.adoc[leveloffset=+3]
include::modules/installation-initializing-manual.adoc[leveloffset=+1]
[role="_additional-resources"]
@@ -89,21 +56,49 @@ include::modules/installation-configure-proxy.adoc[leveloffset=+2]
include::modules/installation-applying-aws-security-groups.adoc[leveloffset=+2]
//Installing the OpenShift CLI by downloading the binary: Moved up to precede `ccoctl` steps, which require the use of `oc`
include::modules/cli-installing-cli.adoc[leveloffset=+1]
[id="installing-aws-manual-modes_{context}"]
== Alternatives to storing administrator-level secrets in the kube-system project
By default, administrator secrets are stored in the `kube-system` project. If you configured the `credentialsMode` parameter in the `install-config.yaml` file to `Manual`, you must use one of the following alternatives:
* If you configured the CCO utility (`ccoctl`) to implement short-term credentials for individual components, follow the procedure in xref:../../installing/installing_aws/installing-aws-private.adoc#cco-ccoctl-install-creating-manifests_installing-aws-private[Incorporating the Cloud Credential Operator utility manifests].
* To manage long-term cloud credentials manually, follow the procedure in xref:../../installing/installing_aws/installing-aws-private.adoc#manually-create-iam_installing-aws-private[Manually creating long-term credentials].
* If you will manage cloud credentials manually, follow the procedure in xref:../../installing/installing_aws/installing-aws-private.adoc#manually-create-iam_installing-aws-private[Manually creating long-term credentials].
* To implement short-term credentials that are managed outside the cluster for individual components, follow the procedures in xref:../../installing/installing_aws/installing-aws-private.adoc#installing-aws-with-short-term-creds_installing-aws-private[Configuring an AWS cluster to use short-term credentials].
// Additional steps for the Cloud Credential Operator utility (`ccoctl`)
include::modules/cco-ccoctl-install-creating-manifests.adoc[leveloffset=+2]
//Manually creating IAM
//Manually creating long-term credentials
include::modules/manually-create-identity-access-management.adoc[leveloffset=+2]
//Supertask: Configuring an AWS cluster to use short-term credentials
[id="installing-aws-with-short-term-creds_{context}"]
=== Configuring an AWS cluster to use short-term credentials
To install a cluster that is configured to use the AWS Security Token Service (STS), you must configure the CCO utility and create the required AWS resources for your cluster.
//Task part 1: Configuring the Cloud Credential Operator utility
include::modules/cco-ccoctl-configuring.adoc[leveloffset=+3]
//Task part 2: Creating the required AWS resources
[id="sts-mode-create-aws-resources-ccoctl_{context}"]
==== Creating AWS resources with the Cloud Credential Operator utility
You have the following options when creating AWS resources:
* You can use the `ccoctl aws create-all` command to create the AWS resources automatically. This is the quickest way to create the resources. See xref:../../installing/installing_aws/installing-aws-private.adoc#cco-ccoctl-creating-at-once_installing-aws-private[Creating AWS resources with a single command].
* If you need to review the JSON files that the `ccoctl` tool creates before modifying AWS resources, or if the process the `ccoctl` tool uses to create AWS resources automatically does not meet the requirements of your organization, you can create the AWS resources individually. See xref:../../installing/installing_aws/installing-aws-private.adoc#cco-ccoctl-creating-individually_installing-aws-private[Creating AWS resources individually].
//Task part 2a: Creating the required AWS resources all at once
include::modules/cco-ccoctl-creating-at-once.adoc[leveloffset=+4]
//Task part 2b: Creating the required AWS resources individually
include::modules/cco-ccoctl-creating-individually.adoc[leveloffset=+4]
//Task part 3: Incorporating the Cloud Credential Operator utility manifests
include::modules/cco-ccoctl-install-creating-manifests.adoc[leveloffset=+3]
include::modules/installation-launching-installer.adoc[leveloffset=+1]
include::modules/cli-logging-in-kubeadmin.adoc[leveloffset=+1]

73
installing/installing_aws/installing-aws-secret-region.adoc
View File

@@ -44,39 +44,6 @@ include::modules/ssh-agent-using.adoc[leveloffset=+1]
include::modules/installation-obtaining-installer.adoc[leveloffset=+1]
//Installing the OpenShift CLI by downloading the binary: Moved up to precede `ccoctl` steps, which require the use of `oc`
include::modules/cli-installing-cli.adoc[leveloffset=+1]
//Supertask: Configuring an AWS cluster to use short-term credentials
[id="installing-aws-with-short-term-creds_{context}"]
== Optional: Configuring an AWS cluster to use short-term credentials
To install a cluster that is configured to use the AWS Security Token Service (STS), you must configure the CCO utility and create the required AWS resources for your cluster.
[NOTE]
====
To use the AWS STS, you must configure the Cloud Credential Operator (CCO) to run in manual mode. As part of the installation process, you set `credentialsMode` parameter to `Manual` after creating the `install-config.yaml` installation configuration file.
====
//Task part 1: Configuring the Cloud Credential Operator utility
include::modules/cco-ccoctl-configuring.adoc[leveloffset=+2]
//Task part 2: Creating the required AWS resources
[id="sts-mode-create-aws-resources-ccoctl_{context}"]
=== Creating AWS resources with the Cloud Credential Operator utility
You have the following options when creating AWS resources:
* You can use the `ccoctl aws create-all` command to create the AWS resources automatically. This is the quickest way to create the resources. See xref:../../installing/installing_aws/installing-aws-secret-region.adoc#cco-ccoctl-creating-at-once_installing-aws-secret-region[Creating AWS resources with a single command].
* If you need to review the JSON files that the `ccoctl` tool creates before modifying AWS resources, or if the process the `ccoctl` tool uses to create AWS resources automatically does not meet the requirements of your organization, you can create the AWS resources individually. See xref:../../installing/installing_aws/installing-aws-secret-region.adoc#cco-ccoctl-creating-individually_installing-aws-secret-region[Creating AWS resources individually].
//Task part 2a: Creating the required AWS resources all at once
include::modules/cco-ccoctl-creating-at-once.adoc[leveloffset=+3]
//Task part 2b: Creating the required AWS resources individually
include::modules/cco-ccoctl-creating-individually.adoc[leveloffset=+3]
include::modules/installation-initializing-manual.adoc[leveloffset=+1]
[role="_additional-resources"]
@@ -88,21 +55,49 @@ include::modules/installation-aws-config-yaml.adoc[leveloffset=+2]
include::modules/installation-configure-proxy.adoc[leveloffset=+2]
include::modules/installation-applying-aws-security-groups.adoc[leveloffset=+2]
//Installing the OpenShift CLI by downloading the binary: Moved up to precede `ccoctl` steps, which require the use of `oc`
include::modules/cli-installing-cli.adoc[leveloffset=+1]
[id="installing-aws-manual-modes_{context}"]
== Alternatives to storing administrator-level secrets in the kube-system project
By default, administrator secrets are stored in the `kube-system` project. If you configured the `credentialsMode` parameter in the `install-config.yaml` file to `Manual`, you must use one of the following alternatives:
* If you configured the CCO utility (`ccoctl`) to implement short-term credentials for individual components, follow the procedure in xref:../../installing/installing_aws/installing-aws-secret-region.adoc#cco-ccoctl-install-creating-manifests_installing-aws-secret-region[Incorporating the Cloud Credential Operator utility manifests].
* To manage long-term cloud credentials manually, follow the procedure in xref:../../installing/installing_aws/installing-aws-secret-region.adoc#manually-create-iam_installing-aws-secret-region[Manually creating long-term credentials].
* If you will manage cloud credentials manually, follow the procedure in xref:../../installing/installing_aws/installing-aws-secret-region.adoc#manually-create-iam_installing-aws-secret-region[Manually creating long-term credentials].
* To implement short-term credentials that are managed outside the cluster for individual components, follow the procedures in xref:../../installing/installing_aws/installing-aws-secret-region.adoc#installing-aws-with-short-term-creds_installing-aws-secret-region[Configuring an AWS cluster to use short-term credentials].
// Additional steps for the Cloud Credential Operator utility (`ccoctl`)
include::modules/cco-ccoctl-install-creating-manifests.adoc[leveloffset=+2]
//Manually creating IAM
//Manually creating long-term credentials
include::modules/manually-create-identity-access-management.adoc[leveloffset=+2]
//Supertask: Configuring an AWS cluster to use short-term credentials
[id="installing-aws-with-short-term-creds_{context}"]
=== Configuring an AWS cluster to use short-term credentials
To install a cluster that is configured to use the AWS Security Token Service (STS), you must configure the CCO utility and create the required AWS resources for your cluster.
//Task part 1: Configuring the Cloud Credential Operator utility
include::modules/cco-ccoctl-configuring.adoc[leveloffset=+3]
//Task part 2: Creating the required AWS resources
[id="sts-mode-create-aws-resources-ccoctl_{context}"]
==== Creating AWS resources with the Cloud Credential Operator utility
You have the following options when creating AWS resources:
* You can use the `ccoctl aws create-all` command to create the AWS resources automatically. This is the quickest way to create the resources. See xref:../../installing/installing_aws/installing-aws-secret-region.adoc#cco-ccoctl-creating-at-once_installing-aws-secret-region[Creating AWS resources with a single command].
* If you need to review the JSON files that the `ccoctl` tool creates before modifying AWS resources, or if the process the `ccoctl` tool uses to create AWS resources automatically does not meet the requirements of your organization, you can create the AWS resources individually. See xref:../../installing/installing_aws/installing-aws-secret-region.adoc#cco-ccoctl-creating-individually_installing-aws-secret-region[Creating AWS resources individually].
//Task part 2a: Creating the required AWS resources all at once
include::modules/cco-ccoctl-creating-at-once.adoc[leveloffset=+4]
//Task part 2b: Creating the required AWS resources individually
include::modules/cco-ccoctl-creating-individually.adoc[leveloffset=+4]
//Task part 3: Incorporating the Cloud Credential Operator utility manifests
include::modules/cco-ccoctl-install-creating-manifests.adoc[leveloffset=+3]
include::modules/installation-launching-installer.adoc[leveloffset=+1]
include::modules/cli-logging-in-kubeadmin.adoc[leveloffset=+1]

73
installing/installing_aws/installing-aws-vpc.adoc
View File

@@ -32,39 +32,6 @@ include::modules/ssh-agent-using.adoc[leveloffset=+1]
include::modules/installation-obtaining-installer.adoc[leveloffset=+1]
//Installing the OpenShift CLI by downloading the binary: Moved up to precede `ccoctl` steps, which require the use of `oc`
include::modules/cli-installing-cli.adoc[leveloffset=+1]
//Supertask: Configuring an AWS cluster to use short-term credentials
[id="installing-aws-with-short-term-creds_{context}"]
== Optional: Configuring an AWS cluster to use short-term credentials
To install a cluster that is configured to use the AWS Security Token Service (STS), you must configure the CCO utility and create the required AWS resources for your cluster.
[NOTE]
====
To use the AWS STS, you must configure the Cloud Credential Operator (CCO) to run in manual mode. As part of the installation process, you set `credentialsMode` parameter to `Manual` after creating the `install-config.yaml` installation configuration file.
====
//Task part 1: Configuring the Cloud Credential Operator utility
include::modules/cco-ccoctl-configuring.adoc[leveloffset=+2]
//Task part 2: Creating the required AWS resources
[id="sts-mode-create-aws-resources-ccoctl_{context}"]
=== Creating AWS resources with the Cloud Credential Operator utility
You have the following options when creating AWS resources:
* You can use the `ccoctl aws create-all` command to create the AWS resources automatically. This is the quickest way to create the resources. See xref:../../installing/installing_aws/installing-aws-vpc.adoc#cco-ccoctl-creating-at-once_installing-aws-vpc[Creating AWS resources with a single command].
* If you need to review the JSON files that the `ccoctl` tool creates before modifying AWS resources, or if the process the `ccoctl` tool uses to create AWS resources automatically does not meet the requirements of your organization, you can create the AWS resources individually. See xref:../../installing/installing_aws/installing-aws-vpc.adoc#cco-ccoctl-creating-individually_installing-aws-vpc[Creating AWS resources individually].
//Task part 2a: Creating the required AWS resources all at once
include::modules/cco-ccoctl-creating-at-once.adoc[leveloffset=+3]
//Task part 2b: Creating the required AWS resources individually
include::modules/cco-ccoctl-creating-individually.adoc[leveloffset=+3]
include::modules/installation-initializing.adoc[leveloffset=+1]
[role="_additional-resources"]
@@ -87,21 +54,49 @@ include::modules/installation-configure-proxy.adoc[leveloffset=+2]
include::modules/installation-applying-aws-security-groups.adoc[leveloffset=+2]
//Installing the OpenShift CLI by downloading the binary: Moved up to precede `ccoctl` steps, which require the use of `oc`
include::modules/cli-installing-cli.adoc[leveloffset=+1]
[id="installing-aws-manual-modes_{context}"]
== Alternatives to storing administrator-level secrets in the kube-system project
By default, administrator secrets are stored in the `kube-system` project. If you configured the `credentialsMode` parameter in the `install-config.yaml` file to `Manual`, you must use one of the following alternatives:
* If you configured the CCO utility (`ccoctl`) to implement short-term credentials for individual components, follow the procedure in xref:../../installing/installing_aws/installing-aws-vpc.adoc#cco-ccoctl-install-creating-manifests_installing-aws-vpc[Incorporating the Cloud Credential Operator utility manifests].
* To manage long-term cloud credentials manually, follow the procedure in xref:../../installing/installing_aws/installing-aws-vpc.adoc#manually-create-iam_installing-aws-vpc[Manually creating long-term credentials].
* If you will manage cloud credentials manually, follow the procedure in xref:../../installing/installing_aws/installing-aws-vpc.adoc#manually-create-iam_installing-aws-vpc[Manually creating long-term credentials].
* To implement short-term credentials that are managed outside the cluster for individual components, follow the procedures in xref:../../installing/installing_aws/installing-aws-vpc.adoc#installing-aws-with-short-term-creds_installing-aws-vpc[Configuring an AWS cluster to use short-term credentials].
// Additional steps for the Cloud Credential Operator utility (`ccoctl`)
include::modules/cco-ccoctl-install-creating-manifests.adoc[leveloffset=+2]
//Manually creating IAM
//Manually creating long-term credentials
include::modules/manually-create-identity-access-management.adoc[leveloffset=+2]
//Supertask: Configuring an AWS cluster to use short-term credentials
[id="installing-aws-with-short-term-creds_{context}"]
=== Configuring an AWS cluster to use short-term credentials
To install a cluster that is configured to use the AWS Security Token Service (STS), you must configure the CCO utility and create the required AWS resources for your cluster.
//Task part 1: Configuring the Cloud Credential Operator utility
include::modules/cco-ccoctl-configuring.adoc[leveloffset=+3]
//Task part 2: Creating the required AWS resources
[id="sts-mode-create-aws-resources-ccoctl_{context}"]
==== Creating AWS resources with the Cloud Credential Operator utility
You have the following options when creating AWS resources:
* You can use the `ccoctl aws create-all` command to create the AWS resources automatically. This is the quickest way to create the resources. See xref:../../installing/installing_aws/installing-aws-vpc.adoc#cco-ccoctl-creating-at-once_installing-aws-vpc[Creating AWS resources with a single command].
* If you need to review the JSON files that the `ccoctl` tool creates before modifying AWS resources, or if the process the `ccoctl` tool uses to create AWS resources automatically does not meet the requirements of your organization, you can create the AWS resources individually. See xref:../../installing/installing_aws/installing-aws-vpc.adoc#cco-ccoctl-creating-individually_installing-aws-vpc[Creating AWS resources individually].
//Task part 2a: Creating the required AWS resources all at once
include::modules/cco-ccoctl-creating-at-once.adoc[leveloffset=+4]
//Task part 2b: Creating the required AWS resources individually
include::modules/cco-ccoctl-creating-individually.adoc[leveloffset=+4]
//Task part 3: Incorporating the Cloud Credential Operator utility manifests
include::modules/cco-ccoctl-install-creating-manifests.adoc[leveloffset=+3]
include::modules/installation-launching-installer.adoc[leveloffset=+1]
include::modules/cli-logging-in-kubeadmin.adoc[leveloffset=+1]

73
installing/installing_aws/installing-restricted-networks-aws-installer-provisioned.adoc
View File

@@ -44,39 +44,6 @@ include::modules/cluster-entitlements.adoc[leveloffset=+1]
include::modules/ssh-agent-using.adoc[leveloffset=+1]
//Installing the OpenShift CLI by downloading the binary: Moved up to precede `ccoctl` steps, which require the use of `oc`
include::modules/cli-installing-cli.adoc[leveloffset=+1]
//Supertask: Configuring an AWS cluster to use short-term credentials
[id="installing-aws-with-short-term-creds_{context}"]
== Optional: Configuring an AWS cluster to use short-term credentials
To install a cluster that is configured to use the AWS Security Token Service (STS), you must configure the CCO utility and create the required AWS resources for your cluster.
[NOTE]
====
To use the AWS STS, you must configure the Cloud Credential Operator (CCO) to run in manual mode. As part of the installation process, you set `credentialsMode` parameter to `Manual` after creating the `install-config.yaml` installation configuration file.
====
//Task part 1: Configuring the Cloud Credential Operator utility
include::modules/cco-ccoctl-configuring.adoc[leveloffset=+2]
//Task part 2: Creating the required AWS resources
[id="sts-mode-create-aws-resources-ccoctl_{context}"]
=== Creating AWS resources with the Cloud Credential Operator utility
You have the following options when creating AWS resources:
* You can use the `ccoctl aws create-all` command to create the AWS resources automatically. This is the quickest way to create the resources. See xref:../../installing/installing_aws/installing-restricted-networks-aws-installer-provisioned.adoc#cco-ccoctl-creating-at-once_installing-restricted-networks-aws-installer-provisioned[Creating AWS resources with a single command].
* If you need to review the JSON files that the `ccoctl` tool creates before modifying AWS resources, or if the process the `ccoctl` tool uses to create AWS resources automatically does not meet the requirements of your organization, you can create the AWS resources individually. See xref:../../installing/installing_aws/installing-restricted-networks-aws-installer-provisioned.adoc#cco-ccoctl-creating-individually_installing-restricted-networks-aws-installer-provisioned[Creating AWS resources individually].
//Task part 2a: Creating the required AWS resources all at once
include::modules/cco-ccoctl-creating-at-once.adoc[leveloffset=+3]
//Task part 2b: Creating the required AWS resources individually
include::modules/cco-ccoctl-creating-individually.adoc[leveloffset=+3]
include::modules/installation-initializing.adoc[leveloffset=+1]
[role="_additional-resources"]
@@ -94,21 +61,49 @@ include::modules/installation-aws-config-yaml.adoc[leveloffset=+2]
include::modules/installation-configure-proxy.adoc[leveloffset=+2]
//Installing the OpenShift CLI by downloading the binary: Moved up to precede `ccoctl` steps, which require the use of `oc`
include::modules/cli-installing-cli.adoc[leveloffset=+1]
[id="installing-aws-manual-modes_{context}"]
== Alternatives to storing administrator-level secrets in the kube-system project
By default, administrator secrets are stored in the `kube-system` project. If you configured the `credentialsMode` parameter in the `install-config.yaml` file to `Manual`, you must use one of the following alternatives:
* If you configured the CCO utility (`ccoctl`) to implement short-term credentials for individual components, follow the procedure in See xref:../../installing/installing_aws/installing-restricted-networks-aws-installer-provisioned.adoc#cco-ccoctl-install-creating-manifests_installing-restricted-networks-aws-installer-provisioned[Incorporating the Cloud Credential Operator utility manifests].
* To manage long-term cloud credentials manually, follow the procedure in xref:../../installing/installing_aws/installing-restricted-networks-aws-installer-provisioned.adoc#manually-create-iam_installing-restricted-networks-aws-installer-provisioned[Manually creating long-term credentials].
* If you will manage cloud credentials manually, follow the procedure in See xref:../../installing/installing_aws/installing-restricted-networks-aws-installer-provisioned.adoc#manually-create-iam_installing-restricted-networks-aws-installer-provisioned[Manually creating long-term credentials].
* To implement short-term credentials that are managed outside the cluster for individual components, follow the procedures in xref:../../installing/installing_aws/installing-restricted-networks-aws-installer-provisioned.adoc#installing-aws-with-short-term-creds_installing-restricted-networks-aws-installer-provisioned[Configuring an AWS cluster to use short-term credentials].
// Additional steps for the Cloud Credential Operator utility (`ccoctl`)
include::modules/cco-ccoctl-install-creating-manifests.adoc[leveloffset=+2]
//Manually creating IAM
//Manually creating long-term credentials
include::modules/manually-create-identity-access-management.adoc[leveloffset=+2]
//Supertask: Configuring an AWS cluster to use short-term credentials
[id="installing-aws-with-short-term-creds_{context}"]
=== Configuring an AWS cluster to use short-term credentials
To install a cluster that is configured to use the AWS Security Token Service (STS), you must configure the CCO utility and create the required AWS resources for your cluster.
//Task part 1: Configuring the Cloud Credential Operator utility
include::modules/cco-ccoctl-configuring.adoc[leveloffset=+3]
//Task part 2: Creating the required AWS resources
[id="sts-mode-create-aws-resources-ccoctl_{context}"]
==== Creating AWS resources with the Cloud Credential Operator utility
You have the following options when creating AWS resources:
* You can use the `ccoctl aws create-all` command to create the AWS resources automatically. This is the quickest way to create the resources. See xref:../../installing/installing_aws/installing-restricted-networks-aws-installer-provisioned.adoc#cco-ccoctl-creating-at-once_installing-restricted-networks-aws-installer-provisioned[Creating AWS resources with a single command].
* If you need to review the JSON files that the `ccoctl` tool creates before modifying AWS resources, or if the process the `ccoctl` tool uses to create AWS resources automatically does not meet the requirements of your organization, you can create the AWS resources individually. See xref:../../installing/installing_aws/installing-restricted-networks-aws-installer-provisioned.adoc#cco-ccoctl-creating-individually_installing-restricted-networks-aws-installer-provisioned[Creating AWS resources individually].
//Task part 2a: Creating the required AWS resources all at once
include::modules/cco-ccoctl-creating-at-once.adoc[leveloffset=+4]
//Task part 2b: Creating the required AWS resources individually
include::modules/cco-ccoctl-creating-individually.adoc[leveloffset=+4]
//Task part 3: Incorporating the Cloud Credential Operator utility manifests
include::modules/cco-ccoctl-install-creating-manifests.adoc[leveloffset=+3]
include::modules/installation-launching-installer.adoc[leveloffset=+1]
include::modules/cli-logging-in-kubeadmin.adoc[leveloffset=+1]

43
installing/installing_gcp/installing-gcp-customizations.adoc
View File

@@ -25,21 +25,6 @@ include::modules/ssh-agent-using.adoc[leveloffset=+1]
include::modules/installation-obtaining-installer.adoc[leveloffset=+1]
//Installing the OpenShift CLI by downloading the binary: Moved up to precede `ccoctl` steps, which require the use of `oc`
include::modules/cli-installing-cli.adoc[leveloffset=+1]
//Supertask: Configuring a GCP cluster to use short-term credentials
[id="installing-gcp-with-short-term-creds_{context}"]
== Optional: Configuring a GCP cluster to use short-term credentials
To install a cluster that is configured to use GCP Workload Identity, you must configure the CCO utility and create the required GCP resources for your cluster.
//Task part 1: Configuring the Cloud Credential Operator utility
include::modules/cco-ccoctl-configuring.adoc[leveloffset=+2]
//Task part 2: Creating the required GCP resources
include::modules/cco-ccoctl-creating-at-once.adoc[leveloffset=+2]
include::modules/installing-gcp-user-defined-labels-and-tags.adoc[leveloffset=+1]
//Configuring user-defined labels and tags for GCP
@@ -48,7 +33,6 @@ include::modules/installing-gcp-cluster-creation.adoc[leveloffset=+2]
//Querying user-defined labels and tags for GCP
include::modules/installing-gcp-querying-labels-tags-gcp.adoc[leveloffset=+2]
include::modules/installation-initializing.adoc[leveloffset=+1]
[role="_additional-resources"]
@@ -81,21 +65,36 @@ include::modules/installation-gcp-config-yaml.adoc[leveloffset=+2]
include::modules/installation-configure-proxy.adoc[leveloffset=+2]
//Installing the OpenShift CLI by downloading the binary: Moved up to precede `ccoctl` steps, which require the use of `oc`
include::modules/cli-installing-cli.adoc[leveloffset=+1]
[id="installing-gcp-manual-modes_{context}"]
== Alternatives to storing administrator-level secrets in the kube-system project
By default, administrator secrets are stored in the `kube-system` project. If you configured the `credentialsMode` parameter in the `install-config.yaml` file to `Manual`, you must use one of the following alternatives:
* If you configured the CCO utility (`ccoctl`) to implement short-term credentials for individual components, follow the procedure in xref:../../installing/installing_gcp/installing-gcp-customizations.adoc#cco-ccoctl-install-creating-manifests_installing-gcp-customizations[Incorporating the Cloud Credential Operator utility manifests].
* To manage long-term cloud credentials manually, follow the procedure in xref:../../installing/installing_gcp/installing-gcp-customizations.adoc#manually-create-iam_installing-gcp-customizations[Manually creating long-term credentials].
* If you will manage cloud credentials manually, follow the procedure in xref:../../installing/installing_gcp/installing-gcp-customizations.adoc#manually-create-iam_installing-gcp-customizations[Manually creating long-term credentials].
* To implement short-term credentials that are managed outside the cluster for individual components, follow the procedures in xref:../../installing/installing_gcp/installing-gcp-customizations.adoc#installing-gcp-with-short-term-creds_installing-gcp-customizations[Configuring a GCP cluster to use short-term credentials].
// Additional steps for the Cloud Credential Operator utility (`ccoctl`)
include::modules/cco-ccoctl-install-creating-manifests.adoc[leveloffset=+2]
//Manually creating IAM
//Manually creating long-term credentials
include::modules/manually-create-identity-access-management.adoc[leveloffset=+2]
//Supertask: Configuring a GCP cluster to use short-term credentials
[id="installing-gcp-with-short-term-creds_{context}"]
=== Configuring a GCP cluster to use short-term credentials
To install a cluster that is configured to use GCP Workload Identity, you must configure the CCO utility and create the required GCP resources for your cluster.
//Task part 1: Configuring the Cloud Credential Operator utility
include::modules/cco-ccoctl-configuring.adoc[leveloffset=+3]
//Task part 2: Creating the required GCP resources
include::modules/cco-ccoctl-creating-at-once.adoc[leveloffset=+3]
//Task part 3: Incorporating the Cloud Credential Operator utility manifests
include::modules/cco-ccoctl-install-creating-manifests.adoc[leveloffset=+3]
include::modules/installation-gcp-marketplace.adoc[leveloffset=+1]
include::modules/installation-launching-installer.adoc[leveloffset=+1]

42
installing/installing_gcp/installing-gcp-network-customizations.adoc
View File

@@ -31,21 +31,6 @@ include::modules/ssh-agent-using.adoc[leveloffset=+1]
include::modules/installation-obtaining-installer.adoc[leveloffset=+1]
//Installing the OpenShift CLI by downloading the binary: Moved up to precede `ccoctl` steps, which require the use of `oc`
include::modules/cli-installing-cli.adoc[leveloffset=+1]
//Supertask: Configuring a GCP cluster to use short-term credentials
[id="installing-gcp-with-short-term-creds_{context}"]
== Optional: Configuring a GCP cluster to use short-term credentials
To install a cluster that is configured to use GCP Workload Identity, you must configure the CCO utility and create the required GCP resources for your cluster.
//Task part 1: Configuring the Cloud Credential Operator utility
include::modules/cco-ccoctl-configuring.adoc[leveloffset=+2]
//Task part 2: Creating the required GCP resources
include::modules/cco-ccoctl-creating-at-once.adoc[leveloffset=+2]
include::modules/installation-initializing.adoc[leveloffset=+1]
[role="_additional-resources"]
@@ -78,21 +63,36 @@ include::modules/installation-gcp-config-yaml.adoc[leveloffset=+2]
include::modules/installation-configure-proxy.adoc[leveloffset=+2]
//Installing the OpenShift CLI by downloading the binary: Moved up to precede `ccoctl` steps, which require the use of `oc`
include::modules/cli-installing-cli.adoc[leveloffset=+1]
[id="installing-gcp-manual-modes_{context}"]
== Alternatives to storing administrator-level secrets in the kube-system project
By default, administrator secrets are stored in the `kube-system` project. If you configured the `credentialsMode` parameter in the `install-config.yaml` file to `Manual`, you must use one of the following alternatives:
* If you configured the CCO utility (`ccoctl`) to implement short-term credentials for individual components, follow the procedure in xref:../../installing/installing_gcp/installing-gcp-network-customizations.adoc#cco-ccoctl-install-creating-manifests_installing-gcp-network-customizations[Incorporating the Cloud Credential Operator utility manifests].
* To manage long-term cloud credentials manually, follow the procedure in xref:../../installing/installing_gcp/installing-gcp-network-customizations.adoc#manually-create-iam_installing-gcp-network-customizations[Manually creating long-term credentials].
* If you will manage cloud credentials manually, follow the procedure in xref:../../installing/installing_gcp/installing-gcp-network-customizations.adoc#manually-create-iam_installing-gcp-network-customizations[Manually creating long-term credentials].
* To implement short-term credentials that are managed outside the cluster for individual components, follow the procedures in xref:../../installing/installing_gcp/installing-gcp-network-customizations.adoc#installing-gcp-with-short-term-creds_installing-gcp-network-customizations[Configuring a GCP cluster to use short-term credentials].
// Additional steps for the Cloud Credential Operator utility (`ccoctl`)
include::modules/cco-ccoctl-install-creating-manifests.adoc[leveloffset=+2]
//Manually creating IAM
//Manually creating long-term credentials
include::modules/manually-create-identity-access-management.adoc[leveloffset=+2]
//Supertask: Configuring a GCP cluster to use short-term credentials
[id="installing-gcp-with-short-term-creds_{context}"]
=== Configuring a GCP cluster to use short-term credentials
To install a cluster that is configured to use GCP Workload Identity, you must configure the CCO utility and create the required GCP resources for your cluster.
//Task part 1: Configuring the Cloud Credential Operator utility
include::modules/cco-ccoctl-configuring.adoc[leveloffset=+3]
//Task part 2: Creating the required GCP resources
include::modules/cco-ccoctl-creating-at-once.adoc[leveloffset=+3]
//Task part 3: Incorporating the Cloud Credential Operator utility manifests
include::modules/cco-ccoctl-install-creating-manifests.adoc[leveloffset=+3]
// Network Operator specific configuration
include::modules/nw-network-config.adoc[leveloffset=+1]
include::modules/nw-modifying-operator-install-config.adoc[leveloffset=+1]

42
installing/installing_gcp/installing-gcp-private.adoc
View File

@@ -28,21 +28,6 @@ include::modules/ssh-agent-using.adoc[leveloffset=+1]
include::modules/installation-obtaining-installer.adoc[leveloffset=+1]
//Installing the OpenShift CLI by downloading the binary: Moved up to precede `ccoctl` steps, which require the use of `oc`
include::modules/cli-installing-cli.adoc[leveloffset=+1]
//Supertask: Configuring a GCP cluster to use short-term credentials
[id="installing-gcp-with-short-term-creds_{context}"]
== Optional: Configuring a GCP cluster to use short-term credentials
To install a cluster that is configured to use GCP Workload Identity, you must configure the CCO utility and create the required GCP resources for your cluster.
//Task part 1: Configuring the Cloud Credential Operator utility
include::modules/cco-ccoctl-configuring.adoc[leveloffset=+2]
//Task part 2: Creating the required GCP resources
include::modules/cco-ccoctl-creating-at-once.adoc[leveloffset=+2]
include::modules/installation-initializing-manual.adoc[leveloffset=+1]
[role="_additional-resources"]
@@ -78,21 +63,36 @@ include::modules/nw-gcp-installing-global-access-configuration.adoc[leveloffset=
include::modules/installation-configure-proxy.adoc[leveloffset=+2]
//Installing the OpenShift CLI by downloading the binary: Moved up to precede `ccoctl` steps, which require the use of `oc`
include::modules/cli-installing-cli.adoc[leveloffset=+1]
[id="installing-gcp-manual-modes_{context}"]
== Alternatives to storing administrator-level secrets in the kube-system project
By default, administrator secrets are stored in the `kube-system` project. If you configured the `credentialsMode` parameter in the `install-config.yaml` file to `Manual`, you must use one of the following alternatives:
* If you configured the CCO utility (`ccoctl`) to implement short-term credentials for individual components, follow the procedure in xref:../../installing/installing_gcp/installing-gcp-private.adoc#cco-ccoctl-install-creating-manifests_installing-gcp-private[Incorporating the Cloud Credential Operator utility manifests].
* To manage long-term cloud credentials manually, follow the procedure in xref:../../installing/installing_gcp/installing-gcp-private.adoc#manually-create-iam_installing-gcp-private[Manually creating long-term credentials].
* If you will manage cloud credentials manually, follow the procedure in xref:../../installing/installing_gcp/installing-gcp-private.adoc#manually-create-iam_installing-gcp-private[Manually creating long-term credentials].
* To implement short-term credentials that are managed outside the cluster for individual components, follow the procedures in xref:../../installing/installing_gcp/installing-gcp-private.adoc#installing-gcp-with-short-term-creds_installing-gcp-private[Configuring a GCP cluster to use short-term credentials].
// Additional steps for the Cloud Credential Operator utility (`ccoctl`)
include::modules/cco-ccoctl-install-creating-manifests.adoc[leveloffset=+2]
//Manually creating IAM
//Manually creating long-term credentials
include::modules/manually-create-identity-access-management.adoc[leveloffset=+2]
//Supertask: Configuring a GCP cluster to use short-term credentials
[id="installing-gcp-with-short-term-creds_{context}"]
=== Configuring a GCP cluster to use short-term credentials
To install a cluster that is configured to use GCP Workload Identity, you must configure the CCO utility and create the required GCP resources for your cluster.
//Task part 1: Configuring the Cloud Credential Operator utility
include::modules/cco-ccoctl-configuring.adoc[leveloffset=+3]
//Task part 2: Creating the required GCP resources
include::modules/cco-ccoctl-creating-at-once.adoc[leveloffset=+3]
//Task part 3: Incorporating the Cloud Credential Operator utility manifests
include::modules/cco-ccoctl-install-creating-manifests.adoc[leveloffset=+3]
include::modules/installation-launching-installer.adoc[leveloffset=+1]
include::modules/cli-logging-in-kubeadmin.adoc[leveloffset=+1]

42
installing/installing_gcp/installing-gcp-shared-vpc.adoc
View File

@@ -27,21 +27,6 @@ include::modules/ssh-agent-using.adoc[leveloffset=+1]
include::modules/installation-obtaining-installer.adoc[leveloffset=+1]
//Installing the OpenShift CLI by downloading the binary: Moved up to precede `ccoctl` steps, which require the use of `oc`
include::modules/cli-installing-cli.adoc[leveloffset=+1]
//Supertask: Configuring a GCP cluster to use short-term credentials
[id="installing-gcp-with-short-term-creds_{context}"]
== Optional: Configuring a GCP cluster to use short-term credentials
To install a cluster that is configured to use GCP Workload Identity, you must configure the CCO utility and create the required GCP resources for your cluster.
//Task part 1: Configuring the Cloud Credential Operator utility
include::modules/cco-ccoctl-configuring.adoc[leveloffset=+2]
//Task part 2: Creating the required GCP resources
include::modules/cco-ccoctl-creating-at-once.adoc[leveloffset=+2]
include::modules/installation-user-infra-generate.adoc[leveloffset=+1]
include::modules/installation-initializing-manual.adoc[leveloffset=+2]
@@ -58,21 +43,36 @@ include::modules/installation-gcp-shared-vpc-config.adoc[leveloffset=+2]
include::modules/installation-configure-proxy.adoc[leveloffset=+2]
//Installing the OpenShift CLI by downloading the binary: Moved up to precede `ccoctl` steps, which require the use of `oc`
include::modules/cli-installing-cli.adoc[leveloffset=+1]
[id="installing-gcp-manual-modes_{context}"]
== Alternatives to storing administrator-level secrets in the kube-system project
By default, administrator secrets are stored in the `kube-system` project. If you configured the `credentialsMode` parameter in the `install-config.yaml` file to `Manual`, you must use one of the following alternatives:
* If you configured the CCO utility (`ccoctl`) to implement short-term credentials for individual components, follow the procedure in xref:../../installing/installing_gcp/installing-gcp-shared-vpc.adoc#cco-ccoctl-install-creating-manifests_installing-gcp-shared-vpc[Incorporating the Cloud Credential Operator utility manifests].
* To manage long-term cloud credentials manually, follow the procedure in xref:../../installing/installing_gcp/installing-gcp-shared-vpc.adoc#manually-create-iam_installing-gcp-shared-vpc[Manually creating long-term credentials].
* If you will manage cloud credentials manually, follow the procedure in xref:../../installing/installing_gcp/installing-gcp-shared-vpc.adoc#manually-create-iam_installing-gcp-shared-vpc[Manually creating long-term credentials].
* To implement short-term credentials that are managed outside the cluster for individual components, follow the procedures in xref:../../installing/installing_gcp/installing-gcp-shared-vpc.adoc#installing-gcp-with-short-term-creds_installing-gcp-shared-vpc[Configuring a GCP cluster to use short-term credentials].
// Additional steps for the Cloud Credential Operator utility (`ccoctl`)
include::modules/cco-ccoctl-install-creating-manifests.adoc[leveloffset=+2]
//Manually creating IAM
//Manually creating long-term credentials
include::modules/manually-create-identity-access-management.adoc[leveloffset=+2]
//Supertask: Configuring a GCP cluster to use short-term credentials
[id="installing-gcp-with-short-term-creds_{context}"]
=== Configuring a GCP cluster to use short-term credentials
To install a cluster that is configured to use GCP Workload Identity, you must configure the CCO utility and create the required GCP resources for your cluster.
//Task part 1: Configuring the Cloud Credential Operator utility
include::modules/cco-ccoctl-configuring.adoc[leveloffset=+3]
//Task part 2: Creating the required GCP resources
include::modules/cco-ccoctl-creating-at-once.adoc[leveloffset=+3]
//Task part 3: Incorporating the Cloud Credential Operator utility manifests
include::modules/cco-ccoctl-install-creating-manifests.adoc[leveloffset=+3]
include::modules/installation-launching-installer.adoc[leveloffset=+1]
include::modules/cli-logging-in-kubeadmin.adoc[leveloffset=+1]

42
installing/installing_gcp/installing-gcp-vpc.adoc
View File

@@ -24,21 +24,6 @@ include::modules/ssh-agent-using.adoc[leveloffset=+1]
include::modules/installation-obtaining-installer.adoc[leveloffset=+1]
//Installing the OpenShift CLI by downloading the binary: Moved up to precede `ccoctl` steps, which require the use of `oc`
include::modules/cli-installing-cli.adoc[leveloffset=+1]
//Supertask: Configuring a GCP cluster to use short-term credentials
[id="installing-gcp-with-short-term-creds_{context}"]
== Optional: Configuring a GCP cluster to use short-term credentials
To install a cluster that is configured to use GCP Workload Identity, you must configure the CCO utility and create the required GCP resources for your cluster.
//Task part 1: Configuring the Cloud Credential Operator utility
include::modules/cco-ccoctl-configuring.adoc[leveloffset=+2]
//Task part 2: Creating the required GCP resources
include::modules/cco-ccoctl-creating-at-once.adoc[leveloffset=+2]
include::modules/installation-initializing.adoc[leveloffset=+1]
[role="_additional-resources"]
@@ -74,21 +59,36 @@ include::modules/nw-gcp-installing-global-access-configuration.adoc[leveloffset=
include::modules/installation-configure-proxy.adoc[leveloffset=+2]
//Installing the OpenShift CLI by downloading the binary: Moved up to precede `ccoctl` steps, which require the use of `oc`
include::modules/cli-installing-cli.adoc[leveloffset=+1]
[id="installing-gcp-manual-modes_{context}"]
== Alternatives to storing administrator-level secrets in the kube-system project
By default, administrator secrets are stored in the `kube-system` project. If you configured the `credentialsMode` parameter in the `install-config.yaml` file to `Manual`, you must use one of the following alternatives:
* If you configured the CCO utility (`ccoctl`) to implement short-term credentials for individual components, follow the procedure in xref:../../installing/installing_gcp/installing-gcp-vpc.adoc#cco-ccoctl-install-creating-manifests_installing-gcp-vpc[Incorporating the Cloud Credential Operator utility manifests].
* To manage long-term cloud credentials manually, follow the procedure in xref:../../installing/installing_gcp/installing-gcp-vpc.adoc#manually-create-iam_installing-gcp-vpc[Manually creating long-term credentials].
* If you will manage cloud credentials manually, follow the procedure in xref:../../installing/installing_gcp/installing-gcp-vpc.adoc#manually-create-iam_installing-gcp-vpc[Manually creating long-term credentials].
* To implement short-term credentials that are managed outside the cluster for individual components, follow the procedures in xref:../../installing/installing_gcp/installing-gcp-vpc.adoc#installing-gcp-with-short-term-creds_installing-gcp-vpc[Configuring a GCP cluster to use short-term credentials].
// Additional steps for the Cloud Credential Operator utility (`ccoctl`)
include::modules/cco-ccoctl-install-creating-manifests.adoc[leveloffset=+2]
//Manually creating IAM
//Manually creating long-term credentials
include::modules/manually-create-identity-access-management.adoc[leveloffset=+2]
//Supertask: Configuring a GCP cluster to use short-term credentials
[id="installing-gcp-with-short-term-creds_{context}"]
=== Configuring a GCP cluster to use short-term credentials
To install a cluster that is configured to use GCP Workload Identity, you must configure the CCO utility and create the required GCP resources for your cluster.
//Task part 1: Configuring the Cloud Credential Operator utility
include::modules/cco-ccoctl-configuring.adoc[leveloffset=+3]
//Task part 2: Creating the required GCP resources
include::modules/cco-ccoctl-creating-at-once.adoc[leveloffset=+3]
//Task part 3: Incorporating the Cloud Credential Operator utility manifests
include::modules/cco-ccoctl-install-creating-manifests.adoc[leveloffset=+3]
include::modules/installation-launching-installer.adoc[leveloffset=+1]
include::modules/cli-logging-in-kubeadmin.adoc[leveloffset=+1]

42
installing/installing_gcp/installing-restricted-networks-gcp-installer-provisioned.adoc
View File

@@ -36,21 +36,6 @@ include::modules/cluster-entitlements.adoc[leveloffset=+1]
include::modules/ssh-agent-using.adoc[leveloffset=+1]
//Installing the OpenShift CLI by downloading the binary: Moved up to precede `ccoctl` steps, which require the use of `oc`
include::modules/cli-installing-cli.adoc[leveloffset=+1]
//Supertask: Configuring a GCP cluster to use short-term credentials
[id="installing-gcp-with-short-term-creds_{context}"]
== Optional: Configuring a GCP cluster to use short-term credentials
To install a cluster that is configured to use GCP Workload Identity, you must configure the CCO utility and create the required GCP resources for your cluster.
//Task part 1: Configuring the Cloud Credential Operator utility
include::modules/cco-ccoctl-configuring.adoc[leveloffset=+2]
//Task part 2: Creating the required GCP resources
include::modules/cco-ccoctl-creating-at-once.adoc[leveloffset=+2]
include::modules/installation-initializing.adoc[leveloffset=+1]
[role="_additional-resources"]
@@ -80,21 +65,36 @@ include::modules/nw-gcp-installing-global-access-configuration.adoc[leveloffset=
include::modules/installation-configure-proxy.adoc[leveloffset=+2]
//Installing the OpenShift CLI by downloading the binary: Moved up to precede `ccoctl` steps, which require the use of `oc`
include::modules/cli-installing-cli.adoc[leveloffset=+1]
[id="installing-gcp-manual-modes_{context}"]
== Alternatives to storing administrator-level secrets in the kube-system project
By default, administrator secrets are stored in the `kube-system` project. If you configured the `credentialsMode` parameter in the `install-config.yaml` file to `Manual`, you must use one of the following alternatives:
* If you configured the CCO utility (`ccoctl`) to implement short-term credentials for individual components, follow the procedure in xref:../../installing/installing_gcp/installing-restricted-networks-gcp-installer-provisioned.adoc#cco-ccoctl-install-creating-manifests_installing-restricted-networks-gcp-installer-provisioned[Incorporating the Cloud Credential Operator utility manifests].
* To manage long-term cloud credentials manually, follow the procedure in xref:../../installing/installing_gcp/installing-restricted-networks-gcp-installer-provisioned.adoc#manually-create-iam_installing-restricted-networks-gcp-installer-provisioned[Manually creating long-term credentials].
* If you will manage cloud credentials manually, follow the procedure in xref:../../installing/installing_gcp/installing-restricted-networks-gcp-installer-provisioned.adoc#manually-create-iam_installing-restricted-networks-gcp-installer-provisioned[Manually creating long-term credentials].
* To implement short-term credentials that are managed outside the cluster for individual components, follow the procedures in xref:../../installing/installing_gcp/installing-restricted-networks-gcp-installer-provisioned.adoc#installing-gcp-with-short-term-creds_installing-restricted-networks-gcp-installer-provisioned[Configuring a GCP cluster to use short-term credentials].
// Additional steps for the Cloud Credential Operator utility (`ccoctl`)
include::modules/cco-ccoctl-install-creating-manifests.adoc[leveloffset=+2]
//Manually creating IAM
//Manually creating long-term credentials
include::modules/manually-create-identity-access-management.adoc[leveloffset=+2]
//Supertask: Configuring a GCP cluster to use short-term credentials
[id="installing-gcp-with-short-term-creds_{context}"]
=== Configuring a GCP cluster to use short-term credentials
To install a cluster that is configured to use GCP Workload Identity, you must configure the CCO utility and create the required GCP resources for your cluster.
//Task part 1: Configuring the Cloud Credential Operator utility
include::modules/cco-ccoctl-configuring.adoc[leveloffset=+3]
//Task part 2: Creating the required GCP resources
include::modules/cco-ccoctl-creating-at-once.adoc[leveloffset=+3]
//Task part 3: Incorporating the Cloud Credential Operator utility manifests
include::modules/cco-ccoctl-install-creating-manifests.adoc[leveloffset=+3]
include::modules/installation-launching-installer.adoc[leveloffset=+1]
include::modules/cli-logging-in-kubeadmin.adoc[leveloffset=+1]

28
modules/cco-ccoctl-install-verifying.adoc
View File

@@ -10,7 +10,7 @@ You can verify that your cluster is using short-term security credentials for in
.Prerequisites
* You deployed an {product-title} cluster using the Cloud Credential Operator utility (`ccoctl`).
* You deployed an {product-title} cluster using the Cloud Credential Operator utility (`ccoctl`) to implement short-term credentials.
* You installed the {oc-first}.
@@ -26,9 +26,31 @@ You can verify that your cluster is using short-term security credentials for in
$ oc get secrets -n kube-system <secret_name>
----
+
where `<secret_name>` is `aws-creds` for AWS or `gcp-credentials` for GCP.
where `<secret_name>` is the name of the root secret for your cloud provider.
+
An error confirms that the root secret is not present on the cluster.
[cols=2,options=header]
|===
|Platform
|Secret name
|AWS
|`aws-creds`
|Azure
|`azure-credentials`
|GCP
|`gcp-credentials`
|===
+
An error confirms that the root secret is not present on the cluster. The following example shows the expected output from an AWS cluster:
+
.Example output
[source,text]
----
Error from server (NotFound): secrets "aws-creds" not found
----
. Verify that the components are using short-term security credentials for individual components by running the following command:
+