OSDOCS-14662:CQA on Creating a cluster on GC with WIF auth guide #102371
Conversation
openshift-ci-robot
added
the
jira/valid-reference
|
@AedinC: This pull request references OSDOCS-14662 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the epic to target the "4.21.0" version, but no target version was set. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
openshift-ci
bot
added
the
size/L
|
🤖 Thu Nov 20 17:51:25 - Prow CI generated the docs preview: https://102371--ocpdocs-pr.netlify.app/ |
openshift-merge-robot
added
the
needs-rebase
openshift-merge-robot
removed
the
needs-rebase
AedinC
changed the title
openshift-ci
bot
added
the
do-not-merge/work-in-progress
openshift-merge-robot
added
the
needs-rebase
openshift-ci
bot
added
size/XL
openshift-merge-robot
removed
the
needs-rebase
AedinC
changed the title
| Follow the steps in this procedure to create a Workload Identity Federation (WIF) configuration using the {cluster-manager} CLI (`ocm`). | ||
|
|
||
| .Procedure | ||
| You can create a WIF configuration using the `auto` mode or the `manual` mode. |
There was a problem hiding this comment.
🤖 [error] AsciiDocDITA.TaskStep: Content other than a single list cannot be mapped to DITA tasks.
| .Procedure | ||
| You can create a WIF configuration using the `auto` mode or the `manual` mode. | ||
|
|
||
| The `auto` mode enables you to automatically create the service accounts for {product-title} components as well as other IAM resources. |
There was a problem hiding this comment.
🤖 [error] AsciiDocDITA.TaskStep: Content other than a single list cannot be mapped to DITA tasks.
|
|
||
| The `auto` mode enables you to automatically create the service accounts for {product-title} components as well as other IAM resources. | ||
|
|
||
| Alternatively, you can use the `manual` mode. In `manual` mode, you are provided with commands within a `script.sh` file which you use to manually create the service accounts for {product-title} components as well as other IAM resources. |
There was a problem hiding this comment.
🤖 [error] AsciiDocDITA.TaskStep: Content other than a single list cannot be mapped to DITA tasks.
| --version <osd_version> <3> | ||
| --federated-project <gcp_project_id> <4> | ||
| ---- | ||
| <1> Replace `<wif_name>` with the name of your WIF configuration. |
There was a problem hiding this comment.
🤖 [error] AsciiDocDITA.CalloutList: Callouts are not supported in DITA.
| ==== | ||
| + | ||
| -- | ||
| .Example output |
There was a problem hiding this comment.
🤖 [error] AsciiDocDITA.BlockTitle: Block titles can only be assigned to examples, figures, and tables in DITA.
| --project <gcp_project_id> \ <2> | ||
| --mode=manual | ||
| ---- | ||
| <1> Replace `<wif_name>` with the name of your WIF configuration. |
There was a problem hiding this comment.
🤖 [error] AsciiDocDITA.CalloutList: Callouts are not supported in DITA.
| |sre_managed_support | ||
| |=== | ||
|
|
||
| For the complete list of WIF configuration roles and their assigned permissions, see link:https://github.com/openshift/managed-cluster-config/blob/master/resources/wif/4.19/vanilla.yaml[managed-cluster-config]. |
There was a problem hiding this comment.
🤖 [error] AsciiDocDITA.TaskStep: Content other than a single list cannot be mapped to DITA tasks.
| ---- | ||
| $ ocm list clusters --parameter search="gcp.authentication.wif_config_id = '<wif_config_id>'" <1> | ||
| ---- | ||
| <1> Replace `<wif_config_id>` with the ID of the WIF configuration. |
There was a problem hiding this comment.
🤖 [error] AsciiDocDITA.CalloutList: Callouts are not supported in DITA.
| ---- | ||
| $ ocm gcp verify wif-config <wif_config_name>|<wif_config_id> <1> | ||
| ---- | ||
| <1> Replace `<wif_config_name>` and `<wif_config_id>` with the name and ID of your WIF configuration, respectively. |
There was a problem hiding this comment.
🤖 [error] AsciiDocDITA.CalloutList: Callouts are not supported in DITA.
| <1> Replace `<wif_config_name>` and `<wif_config_id>` with the name and ID of your WIF configuration, respectively. | ||
|
|
||
| -- | ||
| .Example output |
There was a problem hiding this comment.
🤖 [error] AsciiDocDITA.BlockTitle: Block titles can only be assigned to examples, figures, and tables in DITA.
|
|
||
| When you update a wif-config or create a new one, ensure your {cluster-manager} CLI (`ocm`) is up to date. Not updating to the latest version of the `ocm` can result in error messages and service disruptions. | ||
|
|
||
| .Example output |
There was a problem hiding this comment.
🤖 [error] AsciiDocDITA.BlockTitle: Block titles can only be assigned to examples, figures, and tables in DITA.
| ocm gcp update wif-config <wif_name> \ <1> | ||
| --version <version> <2> | ||
| ---- | ||
| <1> Replace `<wif_name>` with the name of the WIF configuration you want to update. |
There was a problem hiding this comment.
🤖 [error] AsciiDocDITA.CalloutList: Callouts are not supported in DITA.
| <1> Replace `<wif_name>` with the name of the WIF configuration you want to update. | ||
| <2> Optional: Replace `<version>` with the {product-title} y-stream version you plan to update the cluster to. If you do not specify a version, the wif-config will be updated to support the latest {product-title} y-stream version as well as the last three {product-title} supported y-stream versions (beginning with version 4.17). | ||
|
|
||
| The stale set of permissions previously assigned to the `osd-deployer` service account will remain on the account after updating the wif-config. You need to manually access the roles and remove these stale permissions from them. |
There was a problem hiding this comment.
🤖 [error] AsciiDocDITA.TaskStep: Content other than a single list cannot be mapped to DITA tasks.
modules/wif-requirements.adoc
Outdated
| = Workload Identity Federation requirements | ||
|
|
||
| [role="_abstract"] | ||
| You must complete the following prerequisites before xref:../osd_gcp_clusters/creating-a-gcp-cluster-with-workload-identity-federation.adoc#create-wif-cluster-ocm_osd-creating-a-cluster-on-gcp-with-workload-identity-federation[Creating a Workload Identity Federation cluster using OpenShift Cluster Manager] and xref:../osd_gcp_clusters/creating-a-gcp-cluster-with-workload-identity-federation.adoc#create-wif-cluster-cli_osd-creating-a-cluster-on-gcp-with-workload-identity-federation[Creating a Workload Identity Federation cluster using the OCM CLI]. |
There was a problem hiding this comment.
🤖 [error] OpenShiftAsciiDoc.NoXrefInModules: Do not include xrefs in modules, only assemblies.
modules/wif-requirements.adoc
Outdated
| = Workload Identity Federation requirements | ||
|
|
||
| [role="_abstract"] | ||
| You must complete the following prerequisites before xref:../osd_gcp_clusters/creating-a-gcp-cluster-with-workload-identity-federation.adoc#create-wif-cluster-ocm_osd-creating-a-cluster-on-gcp-with-workload-identity-federation[Creating a Workload Identity Federation cluster using OpenShift Cluster Manager] and xref:../osd_gcp_clusters/creating-a-gcp-cluster-with-workload-identity-federation.adoc#create-wif-cluster-cli_osd-creating-a-cluster-on-gcp-with-workload-identity-federation[Creating a Workload Identity Federation cluster using the OCM CLI]. |
There was a problem hiding this comment.
🤖 [error] OpenShiftAsciiDoc.SuggestAttribute: Use the AsciiDoc attribute '{cluster-manager}' rather than the plain text product term 'OpenShift Cluster Manager', unless your use case is an exception.
modules/wif-requirements.adoc
Outdated
| For more information regarding resource quotas and limits, see _Resource quotas per project_ in the _Additional resources_ section. | ||
| ==== | ||
| + | ||
| * You have reviewed the xref:../osd_architecture/osd-understanding.adoc#osd-understanding[introduction to {product-title}] and the documentation on xref:../architecture/index.adoc#architecture-overview[architecture concepts]. |
There was a problem hiding this comment.
🤖 [error] OpenShiftAsciiDoc.NoXrefInModules: Do not include xrefs in modules, only assemblies.
modules/wif-requirements.adoc
Outdated
| ==== | ||
| + | ||
| * You have reviewed the xref:../osd_architecture/osd-understanding.adoc#osd-understanding[introduction to {product-title}] and the documentation on xref:../architecture/index.adoc#architecture-overview[architecture concepts]. | ||
| * You have reviewed the xref:../osd_getting_started/osd-understanding-your-cloud-deployment-options.adoc#osd-understanding-your-cloud-deployment-options[{product-title} cloud deployment options]. |
There was a problem hiding this comment.
🤖 [error] OpenShiftAsciiDoc.NoXrefInModules: Do not include xrefs in modules, only assemblies.
modules/wif-requirements.adoc
Outdated
| + | ||
| * You have reviewed the xref:../osd_architecture/osd-understanding.adoc#osd-understanding[introduction to {product-title}] and the documentation on xref:../architecture/index.adoc#architecture-overview[architecture concepts]. | ||
| * You have reviewed the xref:../osd_getting_started/osd-understanding-your-cloud-deployment-options.adoc#osd-understanding-your-cloud-deployment-options[{product-title} cloud deployment options]. | ||
| * You have read and completed the xref:../osd_planning/gcp-ccs.adoc#ccs-gcp-customer-procedure_gcp-ccs[Required customer procedure]. |
There was a problem hiding this comment.
🤖 [error] OpenShiftAsciiDoc.NoXrefInModules: Do not include xrefs in modules, only assemblies.
modules/wif-requirements.adoc
Outdated
| [NOTE] | ||
| ==== | ||
| WIF supports the deployment of a private {product-title} on {GCP} cluster with Private Service Connect (PSC). Red Hat recommends using PSC when deploying private clusters. | ||
| For more information about the prerequisites for PSC, see xref:../osd_gcp_clusters/creating-a-gcp-psc-enabled-private-cluster.adoc#private-service-connect-prereqs[Prerequisites for Private Service Connect]. |
There was a problem hiding this comment.
🤖 [error] OpenShiftAsciiDoc.NoXrefInModules: Do not include xrefs in modules, only assemblies.
| .Additional resources | ||
|
|
||
| * xref:../osd_planning/gcp-ccs.adoc#ccs-gcp-customer-requirements_gcp-ccs[Customer requirements] | ||
| * xref:../applications/quotas/quotas-setting-per-project.adoc[Resource quotas per project] |
There was a problem hiding this comment.
🤖 [error] OpenShiftAsciiDoc.XrefContainsAnchorID: The xref is missing an anchor ID.
modules/create-wif-cluster-ocm.adoc
Outdated
| .Prerequisites | ||
|
|
||
| * You have created a WIF configuration. For more information, see "Creating a Workload Identity Federation configuration". | ||
| * You have access to the {cluster-manager} web console. For more information, see _Accessing OpenShift Cluster Manager_ in the _Additional resources_ section. |
There was a problem hiding this comment.
🤖 [error] OpenShiftAsciiDoc.SuggestAttribute: Use the AsciiDoc attribute '{cluster-manager}' rather than the plain text product term 'OpenShift Cluster Manager', unless your use case is an exception.
| .Additional resources | ||
|
|
||
| == Additional resources | ||
| * xref:../ocm/ocm-overview.adoc#accessing_ocm[Accessing OpenShift Cluster Manager]. |
There was a problem hiding this comment.
🤖 [error] AsciiDocDITA.RelatedLinks: Content other than links cannot be mapped to DITA related-links.
| .Additional resources | ||
|
|
||
| == Additional resources | ||
| * xref:../ocm/ocm-overview.adoc#accessing_ocm[Accessing OpenShift Cluster Manager]. |
There was a problem hiding this comment.
🤖 [error] OpenShiftAsciiDoc.SuggestAttribute: Use the AsciiDoc attribute '{cluster-manager}' rather than the plain text product term 'OpenShift Cluster Manager', unless your use case is an exception.
|
@AedinC: This pull request references OSDOCS-14662 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the epic to target the "4.21.0" version, but no target version was set. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
| @@ -1,5 +1,4 @@ | |||
| StylesPath = .vale/styles | |||
There was a problem hiding this comment.
Make sure to revert this file prior to merging.
| include::modules/ocm-cli-verify-wif-commands.adoc[leveloffset=+1] | ||
|
|
||
|
|
||
| .Additional resources |
There was a problem hiding this comment.
Per these examples, you can make this a == and it needs an role.
|
|
||
| * You have reviewed the xref:../osd_architecture/osd-understanding.adoc#osd-understanding[introduction to {product-title}] and the documentation on xref:../architecture/index.adoc#architecture-overview[architecture concepts]. | ||
| * You have reviewed the xref:../osd_getting_started/osd-understanding-your-cloud-deployment-options.adoc#osd-understanding-your-cloud-deployment-options[{product-title} cloud deployment options]. | ||
| .Additional resources |
There was a problem hiding this comment.
According to the assembly template, we can keep ==Prerequisites.
There was a problem hiding this comment.
Great. This is stuff I've missed.
AedinC
force-pushed
the
OSDOCS-14662
branch
2 times, most recently
from
d8e3c06 to
a4c8741
Compare
AedinC
changed the title
openshift-ci
bot
removed
the
do-not-merge/work-in-progress
|
@AedinC: all tests passed! Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
|
/cherrypick enterprise-4.20 |
|
@AedinC: new pull request created: #102890 In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
@AedinC: new pull request created: #102891 In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
7 participants
Version(s):
4.20+
Issue:
https://issues.redhat.com/browse/OSDOCS-14662
Link to docs preview:
Creating a cluster on Google Cloud with Workload Identity Federation authentication
QE review:
Additional information: