Merge pull request #78032 from openshift-cherrypick-robot/cherry-pick-77460-to-enterprise-4.16

[enterprise-4.16] OSDOCS-10649: Adding update steps for Entra cluster
2026-02-05 12:46:18 +01:00 · 2024-06-25 11:37:59 -04:00
parent 376e6462d3 53595a234f
commit cc206e800c
1 changed files with 41 additions and 1 deletions
--- a/modules/cco-ccoctl-upgrading.adoc
+++ b/modules/cco-ccoctl-upgrading.adoc
@@ -44,7 +44,7 @@ $ ccoctl aws create-all \// <1>
 <6> Optional: By default, the `ccoctl` utility stores the OpenID Connect (OIDC) configuration files in a public S3 bucket and uses the S3 URL as the public OIDC endpoint. To store the OIDC configuration in a private S3 bucket that is accessed by the IAM identity provider through a public CloudFront distribution URL instead, use the `--create-private-s3-bucket` parameter.
 ====
 +
-.Google Cloud Platform (GCP)
+.{gcp-first}
 [%collapsible]
 ====
 [source,terminal]
@@ -80,6 +80,46 @@ $ ccoctl ibmcloud create-service-id \
 <4> Optional: Specify the name of the resource group used for scoping the access policies.
 ====
 +
+.{azure-first}
+[%collapsible]
+====
+[source,terminal]
+----
+$ ccoctl azure create-managed-identities \
+  --name <azure_infra_name> \// <1>
+  --output-dir ./output_dir \
+  --region <azure_region> \// <2>
+  --subscription-id <azure_subscription_id> \// <3>
+  --credentials-requests-dir <path_to_directory_for_credentials_requests> \
+  --issuer-url "${OIDC_ISSUER_URL}" \// <4>
+  --dnszone-resource-group-name <azure_dns_zone_resourcegroup_name> \// <5>
+  --installation-resource-group-name "${AZURE_INSTALL_RG}" <6>
+----
+<1> The value of the `name` parameter is used to create an Azure resource group.
+To use an existing Azure resource group instead of creating a new one, specify the `--oidc-resource-group-name` argument with the existing group name as its value.
+<2> Specify the region of the existing cluster.
+<3> Specify the subscription ID of the existing cluster.
+<4> Specify the OIDC issuer URL from the existing cluster.
+You can obtain this value by running the following command:
+
+[source,terminal]
+----
+$ oc get authentication cluster \
+  -o jsonpath \
+  --template='{ .spec.serviceAccountIssuer }'
+----
+<5> Specify the name of the resource group that contains the DNS zone.
+<6> Specify the {azure-short} resource group name.
+You can obtain this value by running the following command:
+
+[source,terminal]
+----
+$ oc get infrastructure cluster \
+  -o jsonpath \
+  --template '{ .status.platformStatus.azure.resourceGroupName }'
+----
+====
+
 .Nutanix
 [%collapsible]
 ====