From 53595a234f938304f595f12bf788c2f6947c27c0 Mon Sep 17 00:00:00 2001
From: Jeana Routh <jeana@redhat.com>
Date: Thu, 13 Jun 2024 16:18:23 -0400
Subject: [PATCH] OSDOCS-10649: Adding update steps for Entra cluster

---
 modules/cco-ccoctl-upgrading.adoc | 42 ++++++++++++++++++++++++++++++-
 1 file changed, 41 insertions(+), 1 deletion(-)

diff --git a/modules/cco-ccoctl-upgrading.adoc b/modules/cco-ccoctl-upgrading.adoc
index f467d96eae..4bccfbc7f2 100644
--- a/modules/cco-ccoctl-upgrading.adoc
+++ b/modules/cco-ccoctl-upgrading.adoc
@@ -44,7 +44,7 @@ $ ccoctl aws create-all \// <1>
 <6> Optional: By default, the `ccoctl` utility stores the OpenID Connect (OIDC) configuration files in a public S3 bucket and uses the S3 URL as the public OIDC endpoint. To store the OIDC configuration in a private S3 bucket that is accessed by the IAM identity provider through a public CloudFront distribution URL instead, use the `--create-private-s3-bucket` parameter.
 ====
 +
-.Google Cloud Platform (GCP)
+.{gcp-first}
 [%collapsible]
 ====
 [source,terminal]
@@ -80,6 +80,46 @@ $ ccoctl ibmcloud create-service-id \
 <4> Optional: Specify the name of the resource group used for scoping the access policies.
 ====
 +
+.{azure-first}
+[%collapsible]
+====
+[source,terminal]
+----
+$ ccoctl azure create-managed-identities \
+  --name <azure_infra_name> \// <1>
+  --output-dir ./output_dir \
+  --region <azure_region> \// <2>
+  --subscription-id <azure_subscription_id> \// <3>
+  --credentials-requests-dir <path_to_directory_for_credentials_requests> \
+  --issuer-url "${OIDC_ISSUER_URL}" \// <4>
+  --dnszone-resource-group-name <azure_dns_zone_resourcegroup_name> \// <5>
+  --installation-resource-group-name "${AZURE_INSTALL_RG}" <6>
+----
+<1> The value of the `name` parameter is used to create an Azure resource group.
+To use an existing Azure resource group instead of creating a new one, specify the `--oidc-resource-group-name` argument with the existing group name as its value.
+<2> Specify the region of the existing cluster.
+<3> Specify the subscription ID of the existing cluster.
+<4> Specify the OIDC issuer URL from the existing cluster.
+You can obtain this value by running the following command:
++
+[source,terminal]
+----
+$ oc get authentication cluster \
+  -o jsonpath \
+  --template='{ .spec.serviceAccountIssuer }'
+----
+<5> Specify the name of the resource group that contains the DNS zone.
+<6> Specify the {azure-short} resource group name.
+You can obtain this value by running the following command:
++
+[source,terminal]
+----
+$ oc get infrastructure cluster \
+  -o jsonpath \
+  --template '{ .status.platformStatus.azure.resourceGroupName }'
+----
+====
++
 .Nutanix
 [%collapsible]
 ====