diff --git a/modules/cco-ccoctl-configuring.adoc b/modules/cco-ccoctl-configuring.adoc index f7b7cd84d082..f663343aed78 100644 --- a/modules/cco-ccoctl-configuring.adoc +++ b/modules/cco-ccoctl-configuring.adoc @@ -124,6 +124,7 @@ endif::[] ifndef::update[= Configuring the Cloud Credential Operator utility] ifdef::update[= Configuring the Cloud Credential Operator utility for a cluster update] +[role="_abstract"] //Nutanix-only intro because it needs context in its install procedure. ifdef::nutanix[] The Cloud Credential Operator (CCO) manages cloud provider credentials as Kubernetes custom resource definitions (CRDs). To install a cluster on Nutanix, you must set the CCO to `manual` mode as part of the installation process. @@ -200,10 +201,11 @@ Ensure that the architecture of the `$RELEASE_IMAGE` matches the architecture of [source,terminal] ---- $ oc image extract $CCO_IMAGE \ - --file="/usr/bin/ccoctl." \// <1> + --file="/usr/bin/ccoctl." \ -a ~/.pull-secret ---- -<1> For ``, specify the value that corresponds to the version of {op-system-base-full} that the host uses. ++ +For ``, specify the value that corresponds to the version of {op-system-base-full} that the host uses. If no value is specified, `ccoctl.rhel8` is used by default. The following values are valid: + diff --git a/modules/cco-ccoctl-creating-at-once.adoc b/modules/cco-ccoctl-creating-at-once.adoc index 96afc920e952..a9ac9d8ac17c 100644 --- a/modules/cco-ccoctl-creating-at-once.adoc +++ b/modules/cco-ccoctl-creating-at-once.adoc @@ -149,13 +149,16 @@ $ RELEASE_IMAGE=$(./openshift-install version | awk '/release image/ {print $3}' $ oc adm release extract \ --from=$RELEASE_IMAGE \ --credentials-requests \ - --included \// <1> - --install-config=/install-config.yaml \// <2> - --to= <3> + --included \ + --install-config=/install-config.yaml \ + --to= ---- -<1> The `--included` parameter includes only the manifests that your specific cluster configuration requires. -<2> Specify the location of the `install-config.yaml` file. -<3> Specify the path to the directory where you want to store the `CredentialsRequest` objects. If the specified directory does not exist, this command creates it. ++ +where: ++ +`--included`:: Specifies to include only the manifests that your specific cluster configuration requires. +``:: Specifies the location of the `install-config.yaml` file. +``:: Specifies the path to the directory where you want to store the `CredentialsRequest` objects. If the specified directory does not exist, this command creates it. + [NOTE] ==== @@ -179,19 +182,22 @@ ifdef::aws-sts[] [source,terminal] ---- $ ccoctl aws create-all \ - --name= \// <1> - --region= \// <2> - --credentials-requests-dir= \// <3> - --output-dir= \// <4> - --create-private-s3-bucket \// <5> - --permissions-boundary-arn= <6> + --name= \ + --region= \ + --credentials-requests-dir= \ + --output-dir= \ + --create-private-s3-bucket \ + --permissions-boundary-arn= ---- -<1> Specify the name used to tag any cloud resources that are created for tracking. -<2> Specify the AWS region in which cloud resources will be created. -<3> Specify the directory containing the files for the component `CredentialsRequest` objects. -<4> Optional: Specify the directory in which you want the `ccoctl` utility to create objects. By default, the utility creates objects in the directory in which the commands are run. -<5> Optional: By default, the `ccoctl` utility stores the OpenID Connect (OIDC) configuration files in a public S3 bucket and uses the S3 URL as the public OIDC endpoint. To store the OIDC configuration in a private S3 bucket that is accessed by the IAM identity provider through a public CloudFront distribution URL instead, use the `--create-private-s3-bucket` parameter. -<6> Optional: Specify the Amazon Resource Name (ARN) of the {aws-short} IAM policy to use as the permissions boundary for the IAM roles created by the `ccoctl` utility. ++ +where: ++ +``:: Specifies the name used to tag any cloud resources that are created for tracking. +``:: Specifies the AWS region in which cloud resources will be created. +``:: Specifies the directory containing the files for the component `CredentialsRequest` objects. +``:: Specifies the directory in which you want the `ccoctl` utility to create objects. By default, the utility creates objects in the directory in which the commands are run. This parameter is optional. +`--create-private-s3-bucket`:: Specifies that the OpenID Connect (OIDC) configuration files should be stored in a private S3 bucket that is accessed by the IAM identity provider through a public CloudFront distribution URL. Note that by default, the `ccoctl` utility stores the OIDC configuration files in a public S3 bucket and uses the S3 URL as the public OIDC endpoint. This parameter is optional. +``:: Specifies the Amazon Resource Name (ARN) of the {aws-short} IAM policy to use as the permissions boundary for the IAM roles created by the `ccoctl` utility. This parameter is optional. + [NOTE] ==== @@ -202,17 +208,20 @@ ifdef::google-cloud-platform[] [source,terminal] ---- $ ccoctl gcp create-all \ - --name= \// <1> - --region= \// <2> - --project= \// <3> - --credentials-requests-dir= \// <4> - --key-storage-method= <5> + --name= \ + --region= \ + --project= \ + --credentials-requests-dir= \ + --key-storage-method= ---- -<1> Specify the user-defined name for all created {gcp-short} resources used for tracking. If you plan to install the {gcp-short} Filestore Container Storage Interface (CSI) Driver Operator, retain this value. -<2> Specify the {gcp-short} region in which cloud resources will be created. -<3> Specify the {gcp-short} project ID in which cloud resources will be created. -<4> Specify the directory containing the files of `CredentialsRequest` manifests to create {gcp-short} service accounts. -<5> Optional: Specify the method for storing OIDC JWK files. Accepted values are `public-bucket` and `pool-jwk-file`. The default value `public-bucket` creates a public GCS bucket to host the OIDC configuration and JWK files. The `pool-jwk-file` value attaches the JWK directly to the workload identity pool provider without creating a public bucket. ++ +where: ++ +``:: Specifies the user-defined name for all created {gcp-short} resources used for tracking. If you plan to install the {gcp-short} Filestore Container Storage Interface (CSI) Driver Operator, retain this value. +``:: Specifies the {gcp-short} region in which cloud resources will be created. +``:: Specifies the {gcp-short} project ID in which cloud resources will be created. +``:: Specifies the directory containing the files of `CredentialsRequest` manifests to create {gcp-short} service accounts. +``:: Specifies the method for storing OIDC JWK files. Accepted values are `public-bucket` and `pool-jwk-file`. The default value `public-bucket` creates a public GCS bucket to host the OIDC configuration and JWK files. The `pool-jwk-file` value attaches the JWK directly to the workload identity pool provider without creating a public bucket. This parameter is optional. + [NOTE] ==== @@ -223,25 +232,28 @@ ifdef::azure-workload-id[] [source,terminal] ---- $ ccoctl azure create-all \ - --name= \// <1> - --output-dir= \// <2> - --region= \// <3> - --subscription-id= \// <4> - --credentials-requests-dir= \// <5> - --dnszone-resource-group-name= \// <6> - --tenant-id= \// <7> - --network-resource-group-name \// <8> - --preserve-existing-roles <9> + --name= \ + --output-dir= \ + --region= \ + --subscription-id= \ + --credentials-requests-dir= \ + --dnszone-resource-group-name= \ + --tenant-id= \ + --network-resource-group-name \ + --preserve-existing-roles ---- -<1> Specify the user-defined name for all created Azure resources used for tracking. -<2> Optional: Specify the directory in which you want the `ccoctl` utility to create objects. By default, the utility creates objects in the directory in which the commands are run. -<3> Specify the Azure region in which cloud resources will be created. -<4> Specify the Azure subscription ID to use. -<5> Specify the directory containing the files for the component `CredentialsRequest` objects. -<6> Specify the name of the resource group containing the cluster's base domain Azure DNS zone. -<7> Specify the Azure tenant ID to use. -<8> Optional: Specify the virtual network resource group if it is different from the cluster resource group. -<9> Optional: Specify this flag to ensure that any custom role assignments you define on managed identities are not removed during {product-title} updates. ++ +where: ++ +``:: Specifies the user-defined name for all created Azure resources used for tracking. +``:: Specifies the directory in which you want the `ccoctl` utility to create objects. By default, the utility creates objects in the directory in which the commands are run. This parameter is optional. +``:: Specifies the Azure region in which cloud resources will be created. +``:: Specifies the Azure subscription ID to use. +``:: Specifies the directory containing the files for the component `CredentialsRequest` objects. +``:: Specifies the name of the resource group containing the cluster's base domain Azure DNS zone. +``:: Specifies the Azure tenant ID to use. +``:: Specifies the virtual network resource group if it is different from the cluster resource group. This parameter is optional. +`--preserve-existing-roles`:: Specifies that any custom role assignments you define on managed identities are not removed during {product-title} updates. This parameter is optional. + [NOTE] ==== diff --git a/modules/procedure-enabling-bgp-evpn-primary-cudn.adoc b/modules/procedure-enabling-bgp-evpn-primary-cudn.adoc index fef3c4963e9e..e08c814b5a17 100644 --- a/modules/procedure-enabling-bgp-evpn-primary-cudn.adoc +++ b/modules/procedure-enabling-bgp-evpn-primary-cudn.adoc @@ -403,5 +403,3 @@ spec: ---- //// - -