diff --git a/_attributes/attributes-openshift-dedicated.adoc b/_attributes/attributes-openshift-dedicated.adoc index 9d82bba2c444..c7d459fa07b7 100644 --- a/_attributes/attributes-openshift-dedicated.adoc +++ b/_attributes/attributes-openshift-dedicated.adoc @@ -27,6 +27,15 @@ :sts-first: Security Token Service (STS) :sts-full: Security Token Service :sts-short: STS +// ROSA specific +:hcp: hosted control planes +:rosa-first: Red Hat OpenShift Service on AWS (ROSA) with {hcp} (HCP) +:rosa-short: ROSA with HCP +:rosa-classic-first: {product-title} (ROSA) (classic architecture) +:rosa-classic: Red Hat OpenShift Service on AWS (classic architecture) +:rosa-classic-short: ROSA (classic) +:classic: {rosa-classic} +:classic-short: {rosa-classic-short} //logging :logging-title: logging for Red Hat OpenShift :logging-title-uc: Logging for Red Hat OpenShift @@ -49,11 +58,6 @@ //Formerly known as CodeReady Containers and CodeReady Workspaces :openshift-local-productname: Red Hat OpenShift Local :openshift-dev-spaces-productname: Red Hat OpenShift Dev Spaces -:hcp: hosted control planes -:hcp-title: ROSA with HCP -:hcp-title-first: {product-title} (ROSA) with {hcp} (HCP) -:rosa-classic: ROSA (classic architecture) -:rosa-classic-first: {product-title} (ROSA) (classic architecture) :egress-lockdown: {hcp-title} clusters with zero egress //ROSA CLI variables :zero-egress: zero egress diff --git a/_distro_map.yml b/_distro_map.yml index 0f355bedd321..d264ecd5a832 100644 --- a/_distro_map.yml +++ b/_distro_map.yml @@ -196,7 +196,7 @@ openshift-aro: name: '4' dir: aro/4 openshift-rosa: - name: Red Hat OpenShift Service on AWS + name: Red Hat OpenShift Service on AWS (classic architecture) author: OpenShift Documentation Project site: commercial site_name: Documentation diff --git a/modules/rosa-hcp-architecture.adoc b/modules/rosa-hcp-architecture.adoc index ffa0d91dc67b..d62e35fa4591 100644 --- a/modules/rosa-hcp-architecture.adoc +++ b/modules/rosa-hcp-architecture.adoc @@ -5,21 +5,21 @@ [id="rosa-hcp-architecture_{context}"] = ROSA with HCP architecture -In {hcp-title-first}, the ROSA service hosts a highly-available, single-tenant OpenShift control plane. The hosted control plane is deployed across 3 availability zones with 2 API server instances and 3 etcd instances. +In {rosa-first}, the ROSA service hosts a highly-available, single-tenant OpenShift control plane. The hosted control plane is deployed across 3 availability zones with 2 API server instances and 3 etcd instances. You can create a ROSA with HCP cluster with or without an internet-facing API server. Private API servers are only accessible from your VPC subnets. You access the hosted control plane through an AWS PrivateLink endpoint. The worker nodes are deployed in your AWS account and run on your VPC private subnets. You can add additional private subnets from one or more availability zones to ensure high availability. Worker nodes are shared by OpenShift components and applications. OpenShift components such as the ingress controller, image registry, and monitoring are deployed on the worker nodes hosted on your VPC. -.ROSA with HCP architecture -image::544_OpenShift_ROSA-HCP_architecture-model.png[ROSA with HCP architecture] +.{rosa-short} architecture +image::544_OpenShift_ROSA-HCP_architecture-model.png[{rosa-short} architecture] [id="rosa-hcp-network-architecture_{context}"] -== ROSA with HCP architecture on public and private networks -With ROSA with HCP, you can create your clusters on public or private networks. The following images depict the architecture of both public and private networks. +== {rosa-short} architecture on public and private networks +With {rosa-short}, you can create your clusters on public or private networks. The following images depict the architecture of both public and private networks. -.ROSA with HCP deployed on a public network -image::544_OpenShift_ROSA-HCP-and-ROSA-Classic-public.png[ROSA with HCP deployed on a public network] +.{rosa-short} deployed on a public network +image::544_OpenShift_ROSA-HCP-and-ROSA-Classic-public.png[{rosa-short} deployed on a public network] -.ROSA with HCP deployed on a private network -image::544_OpenShift_ROSA-HCP-and-ROSA-Classic-private.png[ROSA with HCP deployed on a private network] \ No newline at end of file +.{rosa-short} deployed on a private network +image::544_OpenShift_ROSA-HCP-and-ROSA-Classic-private.png[{rosa-short} deployed on a private network] \ No newline at end of file diff --git a/rosa_architecture/about-hcp.adoc b/rosa_architecture/about-hcp.adoc deleted file mode 100644 index afa28626ef8e..000000000000 --- a/rosa_architecture/about-hcp.adoc +++ /dev/null @@ -1,264 +0,0 @@ -:_mod-docs-content-type: ASSEMBLY -[id="about-hcp"] -= ROSA with HCP overview -include::_attributes/common-attributes.adoc[] -include::_attributes/attributes-openshift-dedicated.adoc[] -:context: about-hcp - -//IMPORTANT!!! -//This page includes information from "Understanding ROSA" (rosa-architecture-rosa-understanding) and "What is ROSA" (cloud-experts-getting-started-what-is-rosa). I have intentionally deleted those two modules from the HCP topic map in an effort to condense our introductory materials. - -toc::[] - -ROSA is a fully-managed turnkey application platform that allows you to focus on what matters most, delivering value to your customers by building and deploying applications. Red{nbsp}Hat and AWS SRE experts manage the underlying platform so you do not have to worry about infrastructure management. ROSA provides seamless integration with a wide range of AWS compute, database, analytics, machine learning, networking, mobile, and other services to further accelerate the building and delivering of differentiating experiences to your customers. - -{hcp-title-first} offers a reduced-cost solution to create a managed ROSA cluster with a focus on efficiency. You can quickly create a new cluster and deploy applications in minutes. - -You subscribe to the service directly from your AWS account. After you create clusters, you can operate your clusters with the OpenShift web console, the ROSA CLI, or through {cluster-manager-first}. - -You receive OpenShift updates with new feature releases and a shared, common source for alignment with OpenShift Container Platform. ROSA supports the same versions of OpenShift as Red{nbsp}Hat OpenShift Dedicated and OpenShift Container Platform to achieve version consistency. - -image::291_OpenShift_on_AWS_Intro_1122_docs.png[{product-title}] - -ROSA uses AWS Security Token Service (STS) to obtain credentials to manage infrastructure in your AWS account. AWS STS is a global web service that creates temporary credentials for IAM users or federated users. ROSA uses this to assign short-term, limited-privilege, security credentials. These credentials are associated with IAM roles that are specific to each component that makes AWS API calls. This method aligns with the principals of least privilege and secure practices in cloud service resource management. The ROSA command-line interface (CLI) tool manages the STS credentials that are assigned for unique tasks and takes action on AWS resources as part of OpenShift functionality. For a more detailed explanation, see xref:../rosa_architecture/cloud-experts-rosa-hcp-sts-explained.adoc#cloud-experts-rosa-hcp-sts-explained[AWS STS and ROSA with HCP explained]. - -== Key features of {hcp-title} - -* *Cluster node scaling:* {hcp-title} requires a minimum of only two nodes, making it ideal for smaller projects while still being able to scale to support larger projects and enterprises. Easily add or remove compute nodes to match resource demand. Autoscaling allows you to automatically adjust the size of the cluster based on the current workload. See -ifdef::openshift-rosa-hcp[] -link:https://docs.openshift.com/rosa/rosa_cluster_admin/rosa_nodes/rosa-nodes-about-autoscaling-nodes.html#rosa-nodes-about-autoscaling-nodes[About autoscaling nodes on a cluster] for more details. -endif::openshift-rosa-hcp[] -ifdef::openshift-rosa[] -xref:../rosa_cluster_admin/rosa_nodes/rosa-nodes-about-autoscaling-nodes.adoc#rosa-nodes-about-autoscaling-nodes[About autoscaling nodes on a cluster] for more details. -endif::openshift-rosa[] -* *Fully managed underlying control plane infrastructure:* Control plane components, such as the API server and etcd database, are hosted in a Red{nbsp}Hat-owned AWS account. -* *Rapid provisioning time:* Provisioning time is approximately 10 minutes. -* *Continued cluster operation during upgrades:* Customers can upgrade the control plane and machine pools separately, which means they do not have to shut down the entire cluster during upgrades. -* *Native AWS service:* Access and use Red{nbsp}Hat OpenShift on-demand with a self-service onboarding experience through the AWS management console. -* *Flexible, consumption-based pricing:* Scale to your business needs and pay as you go with flexible pricing and an on-demand hourly or annual billing model. -* *Single bill for Red{nbsp}Hat OpenShift and AWS usage:* Customers will receive a single bill from AWS for both Red{nbsp}Hat OpenShift and AWS consumption. -* *Fully integrated support experience:* Installation, management, maintenance, and upgrades are performed by Red{nbsp}Hat site reliability engineers (SREs) with joint Red{nbsp}Hat and Amazon support and a 99.95% service-level agreement (SLA). See the -ifdef::openshift-rosa-hcp[] -link:https://docs.openshift.com/rosa/support/getting-support.html#getting-support[ROSA support documentation] for more details. -endif::openshift-rosa-hcp[] -ifdef::openshift-rosa[] -xref:../support/getting-support.adoc#getting-support[ROSA support documentation] for more details. -endif::openshift-rosa[] -* *AWS service integration:* AWS has a robust portfolio of cloud services, such as compute, storage, networking, database, analytics, and machine learning. All of these services are directly accessible through ROSA. This makes it easier to build, operate, and scale globally and on-demand through a familiar management interface. -* *Maximum availability:* Deploy clusters across multiple availability zones in supported regions to maximize availability and maintain high availability for your most demanding mission-critical applications and data. -* *Optimized clusters:* Choose from memory-optimized, compute-optimized, or general purpose EC2 instance types with clusters sized to meet your needs. -* *Global availability:* Refer to the xref:../rosa_architecture/rosa_policy_service_definition/rosa-hcp-service-definition.adoc#rosa-sdpolicy-regions-az_rosa-hcp-service-definition[product regional availability page] to see where ROSA is available globally. - -include::modules/rosa-sdpolicy-am-billing.adoc[leveloffset=+1] - -== Getting started with {hcp-title} - -Use the following sections to find content to help you learn about and use {hcp-title}. - -[id="architect"] -=== Architect -[options="header",cols="3*"] -|=== -| Learn about {hcp-title} |Plan {hcp-title} deployment |Additional resources - -| -ifdef::openshift-rosa-hcp[] -link:https://docs.openshift.com/rosa/architecture/index.html#architecture-overview[Architecture overview] -endif::openshift-rosa-hcp[] -ifndef::openshift-rosa-hcp[] -xref:../architecture/index.adoc#architecture-overview[Architecture overview] -endif::openshift-rosa-hcp[] -| -ifdef::openshift-rosa-hcp[] -link:https://docs.openshift.com/rosa/rosa_backing_up_and_restoring_applications/backing-up-applications.html#rosa-backing-up-applications[Back up and restore] -endif::openshift-rosa-hcp[] -ifndef::openshift-rosa-hcp[] -xref:../backup_and_restore/application_backup_and_restore/oadp-intro.adoc#oadp-api[Back up and restore] -endif::openshift-rosa-hcp[] -| -xref:../rosa_architecture/rosa_policy_service_definition/rosa-hcp-life-cycle.adoc#rosa-hcp-life-cycle[{hcp-title} life cycle] -| -ifdef::openshift-rosa-hcp[] -link:https://docs.openshift.com/rosa/architecture/rosa-architecture-models.html#rosa-architecture-models[{hcp-title} architecture] -endif::openshift-rosa-hcp[] -ifndef::openshift-rosa-hcp[] -xref:../architecture/rosa-architecture-models.adoc#rosa-architecture-models[{hcp-title} architecture] -endif::openshift-rosa-hcp[] -| -ifdef::openshift-rosa-hcp[] -link:https://docs.openshift.com/rosa/rosa_architecture/rosa_policy_service_definition/rosa-policy-process-security.html#rosa-policy-process-security[Understanding process and security] -endif::openshift-rosa-hcp[] -ifndef::openshift-rosa-hcp[] -xref:../../rosa_architecture/rosa_policy_service_definition/rosa-policy-process-security.adoc#rosa-policy-process-security[Understanding process and security] -endif::openshift-rosa-hcp[] -| -xref:../rosa_architecture/rosa_policy_service_definition/rosa-hcp-service-definition.adoc#rosa-hcp-service-definition[{hcp-title} service definition] -| -xref:../rosa_architecture/rosa_policy_service_definition/rosa-hcp-life-cycle.adoc#rosa-hcp-life-cycle[Updates lifecycle] -| -// Removed as part of OSDOCS-13310, until figures are verified. -// ifdef::openshift-rosa-hcp[] -// link:https://docs.openshift.com/rosa/rosa_planning/rosa-limits-scalability.html#rosa-limits-scalability[Limits and scalability] -// endif::openshift-rosa-hcp[] -// ifndef::openshift-rosa-hcp[] -// xref:../../rosa_planning/rosa-limits-scalability.adoc#rosa-limits-scalability[Limits and scalability] -// endif::openshift-rosa-hcp[] -| -ifdef::openshift-rosa-hcp[] -link:https://docs.openshift.com/rosa/support/index.html#support-overview[Getting support] -endif::openshift-rosa-hcp[] -ifndef::openshift-rosa-hcp[] -xref:../support/index.adoc#support-overview[Getting support] -endif::openshift-rosa-hcp[] -| -| -| link:https://red.ht/rosa-roadmap[ROSA roadmap] -|=== - -[id="cluster-administrator"] -=== Cluster Administrator -[options="header",cols="4*"] -|=== -|Learn about {hcp-title} |Deploy {hcp-title} |Manage {hcp-title} |Additional resources -| -ifdef::openshift-rosa-hcp[] -link:https://docs.openshift.com/rosa/architecture/rosa-architecture-models.html#rosa-architecture-models[{hcp-title} architecture] -endif::openshift-rosa-hcp[] -ifndef::openshift-rosa-hcp[] -xref:../architecture/rosa-architecture-models.adoc#rosa-architecture-models[{hcp-title} architecture] -endif::openshift-rosa-hcp[] -| -xref:../rosa_hcp/rosa-hcp-sts-creating-a-cluster-quickly.adoc#rosa-hcp-sts-creating-a-cluster-quickly[Installing {hcp-title}] -| -ifdef::openshift-rosa-hcp[] -link:https://docs.openshift.com/rosa/observability/logging/cluster-logging.html#cluster-logging[Logging] -endif::openshift-rosa-hcp[] -ifndef::openshift-rosa-hcp[] -xref:../observability/logging/cluster-logging.adoc#cluster-logging[Logging] -endif::openshift-rosa-hcp[] -| -ifdef::openshift-rosa-hcp[] -link:https://docs.openshift.com/rosa/support/index.html#support-overview[Getting Support] -endif::openshift-rosa-hcp[] -ifndef::openshift-rosa-hcp[] -xref:../support/index.adoc#support-overview[Getting Support] -endif::openshift-rosa-hcp[] - - - -| link:https://learn.openshift.com/?extIdCarryOver=true&sc_cid=701f2000001Css5AAC[OpenShift Interactive Learning Portal] -| -xref:../storage/index.adoc#storage-overview[Storage] -| -ifdef::openshift-rosa-hcp[] -link:https://docs.openshift.com/rosa/observability/monitoring/about-openshift-container-platform-monitoring.html#about-ocp-monitoring[About {product-title} monitoring] -endif::openshift-rosa-hcp[] -ifndef::openshift-rosa-hcp[] -xref:../observability/monitoring/about-ocp-monitoring/about-ocp-monitoring.adoc#about-ocp-monitoring[About {product-title} monitoring] -endif::openshift-rosa-hcp[] -| -xref:../rosa_architecture/rosa_policy_service_definition/rosa-hcp-life-cycle.adoc#rosa-hcp-life-cycle[{hcp-title} life cycle] -| -ifdef::openshift-rosa-hcp[] -link:https://docs.openshift.com/rosa/rosa_architecture/rosa_policy_service_definition/rosa-policy-responsibility-matrix.html#rosa-policy-responsibility-matrix[ROSA responsibility matrix] -endif::openshift-rosa-hcp[] -ifndef::openshift-rosa-hcp[] -xref:../../rosa_architecture/rosa_policy_service_definition/rosa-policy-responsibility-matrix.adoc#rosa-policy-responsibility-matrix[ROSA responsibility matrix] -endif::openshift-rosa-hcp[] -| -ifdef::openshift-rosa-hcp[] -link:https://docs.openshift.com/rosa/rosa_backing_up_and_restoring_applications/backing-up-applications.html#rosa-backing-up-applications[Back up and restore] -endif::openshift-rosa-hcp[] -ifndef::openshift-rosa-hcp[] -xref:../backup_and_restore/application_backup_and_restore/oadp-intro.adoc#oadp-api[Back up and restore] -endif::openshift-rosa-hcp[] -| -ifdef::openshift-rosa-hcp[] -link:https://docs.openshift.com/rosa/rosa_architecture/rosa-sts-about-iam-resources.html#rosa-sts-about-iam-resources[About IAM resources] -endif::openshift-rosa-hcp[] -ifndef::openshift-rosa-hcp[] -xref:../rosa_architecture/rosa-sts-about-iam-resources.adoc#rosa-sts-about-iam-resources[About IAM resources] -endif::openshift-rosa-hcp[] -| link:https://red.ht/rosa-roadmap[ROSA roadmap] - -| -ifdef::openshift-rosa-hcp[] -link:https://docs.openshift.com/rosa/rosa_architecture/rosa_policy_service_definition/rosa-policy-understand-availability.html#rosa-policy-understand-availability[About availability] -endif::openshift-rosa-hcp[] -ifndef::openshift-rosa-hcp[] -xref:../../rosa_architecture/rosa_policy_service_definition/rosa-policy-understand-availability.adoc#rosa-policy-understand-availability[About availability] -endif::openshift-rosa-hcp[] -| -xref:../upgrading/rosa-hcp-upgrading.adoc#rosa-hcp-upgrading[Upgrading] -| -| - -|=== - -[id="Developer"] -=== Developer - -[options="header",cols="3*"] -|=== -|Learn about application development in {hcp-title} |Deploy applications |Additional resources - -| link:https://developers.redhat.com/[Red{nbsp}Hat Developers site] -| -ifdef::openshift-rosa-hcp[] -link:https://docs.openshift.com/rosa/applications/index.html#building-applications-overview[Building applications overview] -endif::openshift-rosa-hcp[] -ifndef::openshift-rosa-hcp[] -xref:../applications/index.adoc#building-applications-overview[Building applications overview] -endif::openshift-rosa-hcp[] -| -ifdef::openshift-rosa-hcp[] -link:https://docs.openshift.com/rosa/support/index.html#support-overview[Getting support] -endif::openshift-rosa-hcp[] -ifndef::openshift-rosa-hcp[] -xref:../support/index.adoc#support-overview[Getting support] -endif::openshift-rosa-hcp[] -| link:https://developers.redhat.com/products/openshift-dev-spaces/overview[{openshift-dev-spaces-productname} (formerly Red{nbsp}Hat CodeReady Workspaces)] -| -ifdef::openshift-rosa-hcp[] -link:https://docs.openshift.com/rosa/operators/index.html#operators-overview[Operators overview] -endif::openshift-rosa-hcp[] -ifndef::openshift-rosa-hcp[] -xref:../operators/index.adoc#operators-overview[Operators overview] -endif::openshift-rosa-hcp[] -| link:https://red.ht/rosa-roadmap[ROSA roadmap] - -| -| -ifdef::openshift-rosa-hcp[] -link:https://docs.openshift.com/rosa/openshift_images/index.html#overview-of-images[Images] -endif::openshift-rosa-hcp[] -ifndef::openshift-rosa-hcp[] -xref:../openshift_images/index.adoc#overview-of-images[Images] -endif::openshift-rosa-hcp[] -| - -| -| -ifdef::openshift-rosa-hcp[] -link:https://docs.openshift.com/rosa/cli_reference/odo-important-update.html#odo-important_update[Developer-focused CLI] -endif::openshift-rosa-hcp[] -ifndef::openshift-rosa-hcp[] -xref:../cli_reference/odo-important-update.adoc#odo-important_update[Developer-focused CLI] -endif::openshift-rosa-hcp[] -| - -|=== - -=== Before creating your first ROSA cluster - -Watch a link:https://youtu.be/KbzUbXWs6Ck[demo] of the cluster deployment process. - -For additional information about ROSA installation, see link:https://www.redhat.com/en/products/interactive-walkthrough/install-rosa[Installing Red{nbsp}Hat OpenShift Service on AWS (ROSA) interactive walkthrough]. - -[role="_additional-resources"] -== Additional resources - -* link:https://www.openshift.com/products/amazon-openshift[ROSA product page] -* link:https://aws.amazon.com/rosa/[AWS product page] -* link:https://access.redhat.com/products/red-hat-openshift-service-aws[Red{nbsp}Hat Customer Portal] -* link:https://learn.openshift.com[Learn about OpenShift] diff --git a/rosa_cluster_admin/rosa_nodes/rosa-nodes-machinepools-about.adoc b/rosa_cluster_admin/rosa_nodes/rosa-nodes-machinepools-about.adoc index f7e0720299b7..835cc321b50e 100644 --- a/rosa_cluster_admin/rosa_nodes/rosa-nodes-machinepools-about.adoc +++ b/rosa_cluster_admin/rosa_nodes/rosa-nodes-machinepools-about.adoc @@ -90,7 +90,7 @@ Each machine pool in a {product-title} cluster upgrades independently. Because t The following image depicts how machine pools work within ROSA and {rosa-classic} clusters: -image::hcp-rosa-machine-pools.png[Machine pools on ROSA classic and {hcp-tilte} clusters] +image::hcp-rosa-machine-pools.png[Machine pools on {rosa-classic-short} and {rosa-short} clusters] [NOTE] ==== diff --git a/rosa_release_notes/rosa-release-notes.adoc b/rosa_release_notes/rosa-release-notes.adoc index 5ab68e3bf9cc..934572e7b377 100644 --- a/rosa_release_notes/rosa-release-notes.adoc +++ b/rosa_release_notes/rosa-release-notes.adoc @@ -7,26 +7,41 @@ include::_attributes/attributes-openshift-dedicated.adoc[] toc::[] -{product-title} (ROSA) is a fully-managed, turnkey application platform that allows you to focus on delivering value to your customers by building and deploying applications. Red{nbsp}Hat and AWS site reliability engineering (SRE) experts manage the underlying platform so you do not have to worry about the complexity of infrastructure management. ROSA provides seamless integration with a wide range of AWS compute, database, analytics, machine learning, networking, mobile, and other services to further accelerate the building and delivering of differentiating experiences to your customers. +{product-title} +ifdef::openshift-rosa[] +({rosa-classic-short}) +endif::openshift-rosa[] +ifdef::openshift-rosa-hcp[] +({rosa-short}) +endif::openshift-rosa-hcp[] +is a fully-managed, turnkey application platform that allows you to focus on delivering value to your customers by building and deploying applications. Red{nbsp}Hat and AWS site reliability engineering (SRE) experts manage the underlying platform so you do not have to worry about the complexity of infrastructure management. +ifdef::openshift-rosa[] +{rosa-classic-short} +endif::openshift-rosa[] +ifdef::openshift-rosa-hcp[] +{rosa-short} +endif::openshift-rosa-hcp[] +provides seamless integration with a wide range of AWS compute, database, analytics, machine learning, networking, mobile, and other services to further accelerate the building and delivering of differentiating experiences to your customers. {product-title} clusters are available on the link:https://console.redhat.com/openshift[Hybrid Cloud Console]. With the Red{nbsp}Hat {cluster-manager} application for ROSA, you can deploy {product-title} clusters to cloud environments. [id="rosa-new-changes-and-updates_{context}"] == New changes and updates +ifdef::openshift-rosa[] [id="rosa-q2-2025_{context}"] === Q2 2025 ifdef::openshift-rosa[] -* **New version of {product-title} available.** {product-title} version 4.19 is now available for new clusters. For more information about upgrading to this latest version, see xref:../upgrading/rosa-upgrading-sts.adoc#rosa-upgrading-sts[Upgrading ROSA (classic architecture) clusters]. +* **New version of {product-title} available.** {product-title} version 4.19 is now available for new clusters. For more information about upgrading to this latest version, see xref:../upgrading/rosa-upgrading-sts.adoc#rosa-upgrading-sts[Upgrading {rosa-classic-short} clusters]. endif::openshift-rosa[] //remove from rosa distro once HCP split occurs. -* **New version of {hcp-title} available.** {hcp-title} version 4.19 is now available. For more information about upgrading to this latest version, see xref:../upgrading/rosa-hcp-upgrading.adoc#rosa-hcp-upgrading[Upgrading {hcp-title} clusters]. +* **New version of {rosa-first} available.** {rosa-short} version 4.19 is now available. For more information about upgrading to this latest version, see xref:../upgrading/rosa-hcp-upgrading.adoc#rosa-hcp-upgrading[Upgrading {rosa-short} clusters]. ifdef::openshift-rosa[] //Remove when ROSA HCP is published. -* **ROSA Classic cluster ownership transfer is now available for {product-title}.** You can now transfer ownership of ROSA Classic clusters. For more information, see link:https://docs.redhat.com/en/documentation/openshift_cluster_manager/1-latest/html/managing_clusters/assembly-managing-clusters#initiating-rosa-classic-ownership-transfer-proc_downloading-and-updating-pull-secrets[Initiating ownership transfer of a ROSA Classic cluster]. +* **{rosa-classic-short} cluster ownership transfer is now available for {product-title}.** You can now transfer ownership of {rosa-classic-short} clusters. For more information, see link:https://docs.redhat.com/en/documentation/openshift_cluster_manager/1-latest/html/managing_clusters/assembly-managing-clusters#initiating-rosa-classic-ownership-transfer-proc_downloading-and-updating-pull-secrets[Initiating ownership transfer of a {rosa-classic-short} cluster]. endif::openshift-rosa[] [id="rosa-q1-2025_{context}"] @@ -34,11 +49,9 @@ endif::openshift-rosa[] ifdef::openshift-rosa[] //Remove when ROSA HCP is published. -* **Cluster autoscaling is now available for {hcp-title}.** You can configure cluster autoscaling for {hcp-title}. For more information, see xref:../rosa_cluster_admin/rosa-cluster-autoscaling-hcp.adoc#rosa-cluster-autoscaling-hcp[Cluster autoscaling]. -endif::openshift-rosa[] +* **Cluster autoscaling is now available for {rosa-classic-short}.** You can configure cluster autoscaling for {rosa-short}. For more information, see xref:../rosa_cluster_admin/rosa-cluster-autoscaling-hcp.adoc#rosa-cluster-autoscaling-hcp[Cluster autoscaling]. -ifdef::openshift-rosa[] -* **{product-title} region added.** ROSA (classic architecture) is now available in the following regions: +* **{product-title} region added.** {rosa-classic-short} is now available in the following regions: + ** Tel Aviv (`il-central-1`) ** Calgary (`ca-west-1`) @@ -47,25 +60,23 @@ For more information on region availabilities, see xref:../rosa_architecture/ros endif::openshift-rosa[] ifdef::openshift-rosa-hcp[] -* **{hcp-title} region added.** {hcp-title-first} is now available in the following regions: +* **{rosa-short} region added.** {rosa-first} is now available in the following regions: + ** Malaysia (`ap-southeast-5`) ** Tel Aviv (`il-central-1`) ** Calgary (`ca-west-1`) + For more information on region availabilities, see xref:../rosa_architecture/rosa_policy_service_definition/rosa-hcp-service-definition.adoc#rosa-sdpolicy-regions-az_rosa-hcp-service-definition[Regions and availability zones]. -endif::openshift-rosa-hcp[] -ifdef::openshift-rosa-hcp[] * **Cluster autoscaling is now available for {product-title}.** You can configure cluster autoscaling for {product-title}. For more information, see xref:../rosa_cluster_admin/rosa-cluster-autoscaling.adoc#rosa-cluster-autoscaling[Cluster autoscaling]. endif::openshift-rosa-hcp[] ifdef::openshift-rosa[] -* **New version of {product-title} available.** {product-title} version 4.18 is now available. For more information about upgrading to this latest version, see xref:../upgrading/rosa-upgrading-sts.adoc#rosa-upgrading-sts[Upgrading ROSA (classic architecture) clusters]. +* **New version of {product-title} available.** {product-title} version 4.18 is now available. For more information about upgrading to this latest version, see xref:../upgrading/rosa-upgrading-sts.adoc#rosa-upgrading-sts[Upgrading {rosa-classic-short} clusters]. endif::openshift-rosa[] //remove from rosa distro once HCP split occurs. -* **New version of {hcp-title} available.** {hcp-title} version 4.18 is now available. For more information about upgrading to this latest version, see xref:../upgrading/rosa-hcp-upgrading.adoc#rosa-hcp-upgrading[Upgrading {hcp-title} clusters]. +* **New version of {rosa-short} available.** {rosa-short} version 4.18 is now available. For more information about upgrading to this latest version, see xref:../upgrading/rosa-hcp-upgrading.adoc#rosa-hcp-upgrading[Upgrading {rosa-short} clusters]. * **Graphical installer enhancements.** You can now use the graphical installer in {hybrid-console} to configure the following options when you create your cluster: ** Configure a `cluster-admin` user and optionally define a custom password. @@ -73,21 +84,16 @@ endif::openshift-rosa[] //The following is included in Classic only until the Images doc has been split for HCP ifndef::openshift-rosa-hcp[] -* **Image configuration is now available for {hcp-title}.** You can configure registries within a cluster to exclude some registries or allow only a defined list. It also allows to expose additional trusted bundle for registries to pull from. For more information, see xref:../openshift_images/image-configuration-hcp.adoc#images-configuration-parameters-hcp_image-configuration-hcp[Image configuration resources for {hcp-title}]. +* **Image configuration is now available for {rosa-short}.** You can configure registries within a cluster to exclude some registries or allow only a defined list. It also allows to expose additional trusted bundle for registries to pull from. For more information, see xref:../openshift_images/image-configuration-hcp.adoc#images-configuration-parameters-hcp_image-configuration-hcp[Image configuration resources for {rosa-short}]. endif::openshift-rosa-hcp[] -// These notes need to be duplicated until the ROSA with HCP split out is completed. +// These notes need to be duplicated until the {rosa-short} split out is completed. ifdef::openshift-rosa[] -* **{rosa-classic} cluster node limit update.** {rosa-classic} clusters versions 4.14.14 and greater can now scale to 249 worker nodes. This is an increase from the previous limit of 180 nodes. +* **{rosa-classic} cluster node limit update.** {rosa-classic-short} clusters versions 4.14.14 and greater can now scale to 249 worker nodes. This is an increase from the previous limit of 180 nodes. // Removed as part of OSDOCS-13310, until figures are verified. //For more information, see xref:../rosa_planning/rosa-limits-scalability.adoc#rosa-limits-scalability[Limits and scalability]. -* **Egress lockdown is now available as a Technology Preview on {product-title} clusters.** You can create a fully operational cluster that does not require a public egress by configuring a virtual private cloud (VPC) and using the `--properties zero_egress:true` flag when creating your cluster. For more information, see xref:../rosa_hcp/rosa-hcp-egress-lockdown-install.adoc#rosa-hcp-egress-lockdown-install[Creating a {product-title} cluster with egress lockdown]. -+ -[IMPORTANT] -==== -Egress lockdown is a Technology Preview feature. -==== +* **Egress lockdown is now available as a Technology Preview on {product-title} clusters.** You can create a fully operational cluster that does not require a public egress by configuring a virtual private cloud (VPC) and using the `--properties zero_egress:true` flag when creating your cluster. For more information, see xref:../rosa_hcp/rosa-hcp-egress-lockdown-install.adoc#rosa-hcp-egress-lockdown-install[Creating a {rosa-first} cluster with egress lockdown]. // * **{product-title} SDN network plugin blocks future major upgrades** * **Initiate live migration from OpenShift SDN to OVN-Kubernetes.** @@ -97,18 +103,11 @@ If your cluster uses the OpenShift SDN network plugin, you cannot upgrade to fut + For more information about migrating to OVN-Kubernetes, see xref:../networking/ovn_kubernetes_network_provider/migrate-from-openshift-sdn.adoc#migrate-from-openshift-sdn[Migrating from OpenShift SDN network plugin to OVN-Kubernetes network plugin]. -* **Red{nbsp}Hat SRE log-based alerting endpoints have been updated.** {rosa-classic} customers who are using a firewall to control egress traffic can now remove all references to `*.osdsecuritylogs.splunkcloud.com:9997` from your firewall allowlist. {rosa-classic} clusters still require the `http-inputs-osdsecuritylogs.splunkcloud.com:443` log-based alerting endpoint to be accessible from the cluster. +* **Red{nbsp}Hat SRE log-based alerting endpoints have been updated.** {rosa-classic-short} customers who are using a firewall to control egress traffic can now remove all references to `*.osdsecuritylogs.splunkcloud.com:9997` from your firewall allowlist. {rosa-classic-short} clusters still require the `http-inputs-osdsecuritylogs.splunkcloud.com:443` log-based alerting endpoint to be accessible from the cluster. endif::openshift-rosa[] ifdef::openshift-rosa-hcp[] -* **ROSA with HCP now creates independent security groups for the AWS PrivateLink endpoint and worker nodes.** {hcp-title} clusters version 4.17.2 and greater can now add additional AWS security groups to the AWS PrivateLink endpoint to allow additional ingress traffic to the cluster's API. For more information, see xref:../rosa_hcp/rosa-hcp-aws-private-creating-cluster.adoc#rosa-hcp-aws-private-security-groups_rosa-hcp-aws-private-creating-cluster[Adding additional AWS security groups to the AWS PrivateLink endpoint]. - -* **Egress lockdown is now available as a Technology Preview on {product-title} clusters.** You can create a fully operational cluster that does not require a public egress by configuring a virtual private cloud (VPC) and using the `--properties zero_egress:true` flag when creating your cluster. For more information, see xref:../rosa_hcp/rosa-hcp-egress-lockdown-install.adoc#rosa-hcp-egress-lockdown-install[Creating a {product-title} cluster with egress lockdown]. -+ --- -:FeatureName: Egress lockdown -include::snippets/technology-preview.adoc[] --- +* **{rosa-short} now creates independent security groups for the AWS PrivateLink endpoint and worker nodes.** {rosa-short} clusters version 4.17.2 and greater can now add additional AWS security groups to the AWS PrivateLink endpoint to allow additional ingress traffic to the cluster's API. For more information, see xref:../rosa_hcp/rosa-hcp-aws-private-creating-cluster.adoc#rosa-hcp-aws-private-security-groups_rosa-hcp-aws-private-creating-cluster[Adding additional AWS security groups to the AWS PrivateLink endpoint]. endif::openshift-rosa-hcp[] //The following omits all earlier updates from HCP builds, right down to Known Issues; unclear if we want this long term or if it's a stop-gap while we split the HCP docs @@ -117,57 +116,57 @@ ifdef::openshift-rosa[] [id="rosa-q4-2024_{context}"] === Q4 2024 -* **Learning tutorials for ROSA cluster and application deployment.** You can now use the xref:../cloud_experts_tutorials/cloud-experts-getting-started/cloud-experts-getting-started-deploying/cloud-experts-getting-started-choose-deployment-method.adoc#cloud-experts-getting-started-choose-deployment-method[Getting started with ROSA] tutorials to quickly deploy a ROSA cluster for demo or learning purposes. You can also use the xref:../cloud_experts_tutorials/cloud-experts-deploying-application/cloud-experts-deploying-application-intro.adoc#cloud-experts-deploying-application-intro[Deploying an application] tutorials to deploy an application on your demo cluster. +* **Learning tutorials for {rosa-classic-short} cluster and application deployment.** You can now use the xref:../cloud_experts_tutorials/cloud-experts-getting-started/cloud-experts-getting-started-deploying/cloud-experts-getting-started-choose-deployment-method.adoc#cloud-experts-getting-started-choose-deployment-method[Getting started with {rosa-classic-short}] tutorials to quickly deploy a {rosa-classic-short} cluster for demo or learning purposes. You can also use the xref:../cloud_experts_tutorials/cloud-experts-deploying-application/cloud-experts-deploying-application-intro.adoc#cloud-experts-deploying-application-intro[Deploying an application] tutorials to deploy an application on your demo cluster. * **Create a VPC using the ROSA CLI.** The `rosa create network` command lets you use the ROSA CLI to create a VPC for your cluster based on an AWS CloudFormation template. You can use this command to create and configure a VPC before creating your cluster. For more information, see xref:../cli_reference/rosa_cli/rosa-manage-objects-cli.adoc#rosa-create-network_rosa-managing-objects-cli[create network]. -* **Create additional security groups in {hcp-title} clusters.** Starting with ROSA CLI version 1.2.47, you can now create additional security groups using the ROSA CLI when creating {hcp-title} clusters. Note that additional security group IDs attached to the machine pool cannot be modified. To remove or add more security group IDs, replace the entire machine pool with a new one. +* **Create additional security groups in {rosa-classic-short} clusters.** Starting with ROSA CLI version 1.2.47, you can now create additional security groups using the ROSA CLI when creating {rosa-classic-short} clusters. Note that additional security group IDs attached to the machine pool cannot be modified. To remove or add more security group IDs, replace the entire machine pool with a new one. * **ROSA CLI update.** The ROSA CLI (`rosa`) was updated to a new version. For information about what has changed in this release, see the link:https://github.com/openshift/rosa/releases/[ROSA CLI release notes]. For more information about the ROSA CLI (`rosa`), see xref:../cli_reference/rosa_cli/rosa-get-started-cli.adoc#rosa-about_rosa-getting-started-cli[About the ROSA CLI]. -* **`VolumeDetachTimeout` configuration applied to machine pools for {hcp-title}.** ROSA is applying a `VolumeDetachTimeout` configuration of 5 minutes to all machine pools. This prevents issues with node deletion when volumes fail to detach. This only applies to {hcp-title}. +* **`VolumeDetachTimeout` configuration applied to machine pools for {rosa-classic-short}.** {rosa-classic-short} is applying a `VolumeDetachTimeout` configuration of 5 minutes to all machine pools. This prevents issues with node deletion when volumes fail to detach. This only applies to {rosa-classic-short}. -* **Configure machine pool disk volume for {hcp-title} clusters.** You can now configure the disk volume size for machine pools in {hcp-title} clusters. The default disk size is 300 GiB, and you can configure it from a minimum of 75 GiB to a maximum of 16,384 GiB. For more information, see xref:../rosa_cluster_admin/rosa_nodes/rosa-managing-worker-nodes.adoc#configuring-machine-pool-disk-volume_rosa-managing-worker-nodes[Configuring machine pool disk volume]. +* **Configure machine pool disk volume for {rosa-classic-short} clusters.** You can now configure the disk volume size for machine pools in {rosa-classic-short} clusters. The default disk size is 300 GiB, and you can configure it from a minimum of 75 GiB to a maximum of 16,384 GiB. For more information, see xref:../rosa_cluster_admin/rosa_nodes/rosa-managing-worker-nodes.adoc#configuring-machine-pool-disk-volume_rosa-managing-worker-nodes[Configuring machine pool disk volume]. -* **Edit the billing account for existing ROSA with HCP clusters.** You can now update the billing account associated with your {hcp-title} clusters after cluster creation. For more information, see the {cluster-manager} documentation: link:https://docs.redhat.com/en/documentation/openshift_cluster_manager/1-latest/html-single/managing_clusters/index#proc_updating-billing-accts-rosa-hcp_assembly-managing-clusters[Updating billing accounts for OpenShift Service on AWS Hosted Control Planes clusters]. +* **Edit the billing account for existing {rosa-short} clusters.** You can now update the billing account associated with your {rosa-short} clusters after cluster creation. For more information, see the {cluster-manager} documentation: link:https://docs.redhat.com/en/documentation/openshift_cluster_manager/1-latest/html-single/managing_clusters/index#proc_updating-billing-accts-rosa-hcp_assembly-managing-clusters[Updating billing accounts for OpenShift Service on AWS Hosted Control Planes clusters]. [id="rosa-q3-2024_{context}"] === Q3 2024 -* **{hcp-title} multi-architecture cluster update.** {hcp-title-first} clusters created before 25 July, 2024 will migrate to a multi-architecture image on their next upgrade allowing you to use {AWS} Arm-based Graviton instance types for your workloads. For more information, see xref:../upgrading/rosa-hcp-upgrading.adoc#rosa-upgrade-options_rosa-hcp-upgrading[Upgrading {hcp-title} clusters]. +* **{rosa-short} multi-architecture cluster update.** {rosa-first} clusters created before 25 July, 2024 will migrate to a multi-architecture image on their next upgrade allowing you to use {AWS} Arm-based Graviton instance types for your workloads. For more information, see xref:../upgrading/rosa-hcp-upgrading.adoc#rosa-upgrade-options_rosa-hcp-upgrading[Upgrading {rosa-short} clusters]. -* **{hcp-title} cluster node limit update.** {hcp-title} clusters can now scale to 500 worker nodes. This is an increase from the previous limit of 250 nodes. The 250 node limit is an increase from the previous limit 90 nodes on 26 August, 2024. +* **{rosa-short} cluster node limit update.** {rosa-short} clusters can now scale to 500 worker nodes. This is an increase from the previous limit of 250 nodes. The 250 node limit is an increase from the previous limit 90 nodes on 26 August, 2024. // Removed as part of OSDOCS-13310, until figures are verified. // For more information, see xref:../rosa_planning/rosa-hcp-limits-scalability.adoc#tested-cluster-maximums-hcp-sd_rosa-hcp-limits-scalability[ROSA with HCP cluster maximums]. -* **IMDSv2 support in {hcp-title}.** You can now enforce the use of the IMDSv2 endpoint for default machine pool worker nodes on new {hcp-title} clusters and for new machine pools on existing clusters. For more information, see xref:../rosa_hcp/terraform/rosa-hcp-creating-a-cluster-quickly-terraform.adoc#rosa-hcp-creating-a-cluster-quickly-terraform[Creating a default ROSA cluster using Terraform]. +* **IMDSv2 support in {rosa-short}.** You can now enforce the use of the IMDSv2 endpoint for default machine pool worker nodes on new {rosa-short} clusters and for new machine pools on existing clusters. For more information, see xref:../rosa_hcp/terraform/rosa-hcp-creating-a-cluster-quickly-terraform.adoc#rosa-hcp-creating-a-cluster-quickly-terraform[Creating a default ROSA cluster using Terraform]. -* **Upgrade multiple nodes simultaneously.** You can now configure a machine pool to upgrade multiple nodes simultaneously. Two new machine pool parameters, `max-surge` and `max-unavailable`, give you greater control over how machine pool upgrades occur. For more information, see xref:../upgrading/rosa-hcp-upgrading.adoc#rosa-hcp-upgrading[Upgrading {hcp-title} clusters]. +* **Upgrade multiple nodes simultaneously.** You can now configure a machine pool to upgrade multiple nodes simultaneously. Two new machine pool parameters, `max-surge` and `max-unavailable`, give you greater control over how machine pool upgrades occur. For more information, see xref:../upgrading/rosa-hcp-upgrading.adoc#rosa-hcp-upgrading[Upgrading {rosa-short} clusters]. -* **{hcp-title} Graviton Arm-based instance types.** You can now use {AWS} Arm-based Graviton instance types for your workloads in {hcp-title-first} clusters created after 24 July, 2024. For more information, see xref:../rosa_architecture/rosa_policy_service_definition/rosa-hcp-instance-types.adoc#rosa-sdpolicy-aws-instance-types-graviton_rosa-hcp-instance-types[AWS Graviton Arm-based instance types]. +* **{rosa-short} Graviton Arm-based instance types.** You can now use {AWS} Arm-based Graviton instance types for your workloads in {rosa-first} clusters created after 24 July, 2024. For more information, see xref:../rosa_architecture/rosa_policy_service_definition/rosa-hcp-instance-types.adoc#rosa-sdpolicy-aws-instance-types-graviton_rosa-hcp-instance-types[AWS Graviton Arm-based instance types]. * **ROSA CLI update.** The ROSA CLI (`rosa`) was updated to a new version. For information about what has changed in this release, see the link:https://github.com/openshift/rosa/releases/tag/v1.2.42[ROSA CLI release notes]. For more information about the ROSA CLI (`rosa`), see xref:../cli_reference/rosa_cli/rosa-get-started-cli.adoc#rosa-about_rosa-getting-started-cli[About the ROSA CLI]. [id="rosa-q2-2024_{context}"] === Q2 2024 -* **Approve additional principals for {hcp-title} clusters.** You can approve additional user-roles to connect to your cluster's private API server endpoint. For more information, see xref:../rosa_hcp/rosa-hcp-aws-private-creating-cluster.adoc#rosa-additional-principals-overview_rosa-hcp-aws-private-creating-cluster[Additional principals on your {hcp-title} cluster]. +* **Approve additional principals for {rosa-short} clusters.** You can approve additional user-roles to connect to your cluster's private API server endpoint. For more information, see xref:../rosa_hcp/rosa-hcp-aws-private-creating-cluster.adoc#rosa-additional-principals-overview_rosa-hcp-aws-private-creating-cluster[Additional principals on your {rosa-short} cluster]. * **ROSA CLI update.** The ROSA CLI (`rosa`) was updated to a new version. For information about what has changed in this release, see the link:https://github.com/openshift/rosa/releases/tag/v1.2.41[ROSA CLI release notes]. For more information about the ROSA CLI (`rosa`), see xref:../cli_reference/rosa_cli/rosa-get-started-cli.adoc#rosa-about_rosa-getting-started-cli[About the ROSA CLI]. -* **Approved Access for ROSA clusters.** Red{nbsp}Hat Site Reliability Engineering (SRE) managing and proactively supporting ROSA Clusters will typically not require elevated access to customer clusters as part of the normal operations. In the unlikely event should Red{nbsp}Hat SRE (Site Reliability Engineer) need elevated access, the _Approved Access_ functionality provides an interface for customers to review and _approve_ or _deny_ access requests. +* **Approved Access for {rosa-classic-short} clusters.** Red{nbsp}Hat Site Reliability Engineering (SRE) managing and proactively supporting {rosa-classic-short} clusters will typically not require elevated access to customer clusters as part of the normal operations. In the unlikely event should Red{nbsp}Hat SRE (Site Reliability Engineer) need elevated access, the _Approved Access_ functionality provides an interface for customers to review and _approve_ or _deny_ access requests. + -Elevated access requests to ROSA clusters and the corresponding cloud accounts can be created by Red{nbsp}Hat SRE either in response to a customer-initiated support ticket or in response to alerts received by a Red{nbsp}Hat SRE, as part of the standard incident response process. For more information, see xref:../support/approved-access.adoc#approved-access[Approved Access]. This is applicable to ROSA and Red{nbsp}Hat OpenShift Service on AWS (classic architecture). +Elevated access requests to {rosa-classic-short} clusters and the corresponding cloud accounts can be created by Red{nbsp}Hat SRE either in response to a customer-initiated support ticket or in response to alerts received by a Red{nbsp}Hat SRE, as part of the standard incident response process. For more information, see xref:../support/approved-access.adoc#approved-access[Approved Access]. This is applicable to ROSA and Red{nbsp}Hat OpenShift Service on AWS (classic architecture). -* **ROSA command enhancement.** The `rosa describe` command has a new optional argument, `--get-role-policy-bindings`. This new argument allows users to view the policies attached to STS roles assigned to the selected cluster. For more information, see xref:../cli_reference/rosa_cli/rosa-manage-objects-cli.adoc#rosa-describe-cluster_rosa-managing-objects-cli[describe cluster]. +* **ROSA CLI enhancement.** The `rosa describe` command has a new optional argument, `--get-role-policy-bindings`. This new argument allows users to view the policies attached to STS roles assigned to the selected cluster. For more information, see xref:../cli_reference/rosa_cli/rosa-manage-objects-cli.adoc#rosa-describe-cluster_rosa-managing-objects-cli[describe cluster]. -* **Expanded customer-managed policy capabilities.** You can now attach customer-managed policies to the IAM roles required to run both ROSA (classic architecture) and ROSA clusters. Furthermore, these customer-managed policies, including the permissions attached to those policies, are not modified during cluster or role upgrades. For more information, see xref:../rosa_architecture/rosa-sts-about-iam-resources.adoc#rosa-aws-customer-managed-policies_rosa-sts-about-iam-resources[Customer-managed policies]. +* **Expanded customer-managed policy capabilities.** You can now attach customer-managed policies to the IAM roles required to run both {rosa-classic-short} and {rosa-short} clusters. Furthermore, these customer-managed policies, including the permissions attached to those policies, are not modified during cluster or role upgrades. For more information, see xref:../rosa_architecture/rosa-sts-about-iam-resources.adoc#rosa-aws-customer-managed-policies_rosa-sts-about-iam-resources[Customer-managed policies]. -* **Permission boundaries for the installer role policy.** You can apply a policy as a _permissions boundary_ on the ROSA installer role. The combination of policy and boundary policy limits the maximum permissions for the Amazon Web Services(AWS) Identity and Access Management (IAM) entity role. ROSA includes a set of three prepared permission boundary policy files, with which you can restrict permissions for the installer role since changing the installer policy itself is not supported. For more information, see xref:../rosa_architecture/rosa-sts-about-iam-resources.adoc#rosa-sts-aws-requirements-attaching-boundary-policy_rosa-sts-about-iam-resources[Permission boundaries for the installer role]. This is applicable only to Red{nbsp}Hat OpenShift Service on AWS (classic architecture). +* **Permission boundaries for the installer role policy.** You can apply a policy as a _permissions boundary_ on the ROSA installer role. The combination of policy and boundary policy limits the maximum permissions for the Amazon Web Services(AWS) Identity and Access Management (IAM) entity role. {rosa-classic-short} includes a set of three prepared permission boundary policy files, with which you can restrict permissions for the installer role since changing the installer policy itself is not supported. For more information, see xref:../rosa_architecture/rosa-sts-about-iam-resources.adoc#rosa-sts-aws-requirements-attaching-boundary-policy_rosa-sts-about-iam-resources[Permission boundaries for the installer role]. This is applicable only to Red{nbsp}Hat OpenShift Service on AWS (classic architecture). * **Cluster delete protection.** You can now enable the cluster delete protection option, which helps to prevent you from accidentally deleting a cluster. For more information on using the cluster delete protection option with the ROSA CLI, see xref:../cli_reference/rosa_cli/rosa-manage-objects-cli.adoc#rosa-edit-cluster_rosa-managing-objects-cli[edit cluster]. For more information on using the cluster delete protection option in the UI, see xref:../rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-quickly.adoc#rosa-sts-creating-a-cluster-using-defaults-ocm_rosa-sts-creating-a-cluster-quickly[Creating a cluster with the default options using OpenShift Cluster Manager]. -* **{hcp-title} regions added.** {hcp-title-first} is now available in the following regions: +* **{rosa-short} regions added.** {rosa-first} is now available in the following regions: + ** Zurich (`eu-central-2`) ** Hong Kong (`ap-east-1`) @@ -177,24 +176,24 @@ Elevated access requests to ROSA clusters and the corresponding cloud accounts c + For more information on region availabilities, see xref:../rosa_architecture/rosa_policy_service_definition/rosa-hcp-service-definition.adoc#rosa-sdpolicy-regions-az_rosa-hcp-service-definition[Regions and availability zones]. -* **Added support for external authentication providers.** You can now create clusters configured with external authentication providers, such as Microsoft Entra ID and KeyCloak. For more information, see xref:../rosa_hcp/rosa-hcp-sts-creating-a-cluster-ext-auth.adoc#rosa-hcp-sts-creating-a-cluster-ext-auth[Creating ROSA with HCP clusters with external authentication]. +* **Added support for external authentication providers.** You can now create clusters configured with external authentication providers, such as Microsoft Entra ID and KeyCloak. For more information, see xref:../rosa_hcp/rosa-hcp-sts-creating-a-cluster-ext-auth.adoc#rosa-hcp-sts-creating-a-cluster-ext-auth[Creating {rosa-short} clusters with external authentication]. * **Longer cluster names enhancement.** You can now specify a cluster name that is longer than 15 characters. For cluster names that are longer than 15 characters, you can customize the domain prefix for the cluster URL by using the `domain-prefix` flag in the ROSA CLI (`rosa`) or by selecting the **Create custom domain prefix** checkbox in the {hybrid-console}. For more information, see xref:../cli_reference/rosa_cli/rosa-manage-objects-cli.adoc#rosa-create-cluster-command_rosa-managing-objects-cli[create cluster in Managing objects with the ROSA CLI]. -* **Additional Security Groups for {hcp-title}.** Starting with ROSA CLI version 1.2.37, you can now use the `--additional-security-group-ids ` when creating machine pools on {hcp-title} clusters. For more information, see xref:../rosa_cluster_admin/rosa_nodes/rosa-managing-worker-nodes.html#creating_machine_pools_cli_rosa-managing-worker-nodes[Creating a machine pool using the ROSA CLI] and the xref:../cli_reference/rosa_cli/rosa-manage-objects-cli.html#rosa-create-machinepool_rosa-managing-objects-cli[create machinepool] section of the ROSA CLI reference. +* **Additional Security Groups for {rosa-short}.** Starting with ROSA CLI version 1.2.37, you can now use the `--additional-security-group-ids ` when creating machine pools on {rosa-short} clusters. For more information, see xref:../rosa_cluster_admin/rosa_nodes/rosa-managing-worker-nodes.html#creating_machine_pools_cli_rosa-managing-worker-nodes[Creating a machine pool using the ROSA CLI] and the xref:../cli_reference/rosa_cli/rosa-manage-objects-cli.html#rosa-create-machinepool_rosa-managing-objects-cli[create machinepool] section of the ROSA CLI reference. * **Node management improvements.** Now, you can perform specific tasks to make clusters more efficient. You can cordon, uncordon, and drain a specific node. For more information, see xref:../nodes/nodes/nodes-nodes-working.adoc[Working with nodes]. -* **Node drain grace periods.** You can now configure node drain grace periods in {hcp-title-first} clusters with the `rosa` CLI. +* **Node drain grace periods.** You can now configure node drain grace periods in {rosa-first} and {rosa-classic-short} clusters with the `rosa` CLI. + -For more information about configuring node drain grace periods, see xref:../rosa_cluster_admin/rosa_nodes/rosa-managing-worker-nodes.adoc#rosa-node-drain-grace-period_rosa-managing-worker-nodes[Configuring node drain grace periods in {hcp-title-first}]. +For more information about configuring node drain grace periods, see xref:../rosa_cluster_admin/rosa_nodes/rosa-managing-worker-nodes.adoc#rosa-node-drain-grace-period_rosa-managing-worker-nodes[Configuring node drain grace periods in {rosa-first}]. [id="rosa-q1-2024_{context}"] === Q1 2024 -* **Machine pool update.** You can now upgrade machine pools that are configured on ROSA with HCP clusters. For more information, see xref:../cli_reference/rosa_cli/rosa-manage-objects-cli.adoc#rosa-upgrade-machinepool_rosa-managing-objects-cli[upgrade machinepool]. +* **Machine pool update.** You can now upgrade machine pools that are configured on {rosa-classic-short} clusters. For more information, see xref:../cli_reference/rosa_cli/rosa-manage-objects-cli.adoc#rosa-upgrade-machinepool_rosa-managing-objects-cli[upgrade machinepool]. -* **{hcp-title} regions added.** {hcp-title-first} is now available in the following regions: +* **{rosa-short} regions added.** {rosa-first} is now available in the following regions: + ** Hyderabad (`ap-south-2`) ** Milan (`eu-south-1`) @@ -212,7 +211,7 @@ For more information on region availabilities, see xref:../rosa_architecture/ros * **Availability zone update.** You can now optionally select a single availability zone (AZ) for machine pools when you have a multi-AZ cluster. For more information, see xref:../rosa_cluster_admin/rosa_nodes/rosa-managing-worker-nodes.adoc#creating_machine_pools_cli_rosa-managing-worker-nodes[Creating a machine pool using the ROSA CLI]. -* **Log linking is enabled by default** - Beginning with {product-title} 4.15, log linking is enabled by default. Log linking gives you access to the container logs for your pods. +* **Log linking is enabled by default** - Beginning with {rosa-classic} 4.15, log linking is enabled by default. Log linking gives you access to the container logs for your pods. * **Availability zone update.** You can now optionally select a single availability zone (AZ) for machine pools when you have a multi-AZ cluster. For more information, see xref:../rosa_cluster_admin/rosa_nodes/rosa-managing-worker-nodes.adoc#creating_machine_pools_cli_rosa-managing-worker-nodes[Creating a machine pool using the ROSA CLI]. @@ -225,7 +224,7 @@ For more information on region availabilities, see xref:../rosa_architecture/ros * **Delete cluster command enhancement.** With the release of ROSA CLI (`rosa`) version 1.2.31, the `--best-effort` argument was added, which allows you to force-delete clusters when using the `rosa delete cluster` command. For more information, see xref:../cli_reference/rosa_cli/rosa-manage-objects-cli.adoc#rosa-delete-cluster_rosa-managing-objects-cli[delete cluster]. -* **{hcp-title-first}.** {hcp-title} is now generally available. For more information, see xref:../rosa_hcp/rosa-hcp-sts-creating-a-cluster-quickly.adoc#rosa-hcp-sts-creating-a-cluster-quickly[Creating ROSA with HCP clusters using the default options]. +* **{rosa-first}.** {rosa-short} is now generally available. For more information, see xref:../rosa_hcp/rosa-hcp-sts-creating-a-cluster-quickly.adoc#rosa-hcp-sts-creating-a-cluster-quickly[Creating {rosa-short} clusters using the default options]. * **Configurable process identifier (PID) limits.** With the release of ROSA CLI (`rosa`) version 1.2.31, administrators can use the `rosa create kubeletconfig` and `rosa edit kubeletconfig` commands to set the maximum PIDs for an existing cluster. For more information, see link:https://access.redhat.com/articles/7033551[Changing the maximum number of process IDs per pod (podPidsLimit) for ROSA]. @@ -239,7 +238,7 @@ endif::openshift-rosa-hcp[] * **Command update.** With the release of ROSA CLI (`rosa`) version 1.2.28, a new command, `rosa describe machinepool`, was added that allows you to check detailed information regarding a specific ROSA cluster machine pool. For more information, see xref:../cli_reference/rosa_cli/rosa-manage-objects-cli.adoc#rosa-describe-machinepool_rosa-managing-objects-cli[describe machinepool]. -* **Documentation update.** The Operators section was added to the ROSA documentation. Operators are the preferred method of packaging, deploying, and managing services on the control plane. For more information, see xref:../operators/index.adoc[Operators overview]. +* **Documentation update.** The Operators section was added to the {rosa-short} and {rosa-classic-short} documentation. Operators are the preferred method of packaging, deploying, and managing services on the control plane. For more information, see xref:../operators/index.adoc[Operators overview]. * **{VirtProductName} support.** The release of {VirtProductName} 4.14 added support for running {VirtProductName} on ROSA Classic clusters. For more information, see link:https://docs.openshift.com/container-platform/4.14/virt/install/preparing-cluster-for-virt.html#virt-aws-bm_preparing-cluster-for-virt[{VirtProductName} on AWS bare metal] in the {OCP} documentation. @@ -249,15 +248,15 @@ endif::openshift-rosa-hcp[] * **ROSA CLI update.** The ROSA CLI (`rosa`) was updated to a new version. For information about what has changed in this release, see the link:https://github.com/openshift/rosa/releases/tag/v1.2.27[ROSA CLI release notes]. For more information about the ROSA CLI (`rosa`), see xref:../cli_reference/rosa_cli/rosa-get-started-cli.adoc#rosa-about_rosa-getting-started-cli[About the ROSA CLI]. -* **Cluster autoscaling.** You can now enable cluster autoscaling using ROSA clusters. Cluster autoscaling automatically adjusts the size of a cluster so that all pods have a place to run, and there are no unneeded nodes. You can enable autoscaling during and after cluster creation using either OpenShift Cluster Manager or the ROSA CLI (`rosa`). For more information, see xref:../rosa_cluster_admin/rosa-cluster-autoscaling.adoc[Cluster autoscaling]. +* **Cluster autoscaling.** You can now enable cluster autoscaling using {rosa-classic-short} clusters. Cluster autoscaling automatically adjusts the size of a cluster so that all pods have a place to run, and there are no unneeded nodes. You can enable autoscaling during and after cluster creation using either OpenShift Cluster Manager or the ROSA CLI (`rosa`). For more information, see xref:../rosa_cluster_admin/rosa-cluster-autoscaling.adoc[Cluster autoscaling]. -* **Shared virtual private clouds.** ROSA now supports installing clusters into VPCs shared among AWS accounts that are part of AWS organizations. AWS account installing ROSA cluster can now use shared subnets owned by a management account. For more information, see xref:../rosa_install_access_delete_clusters/rosa-shared-vpc-config.adoc[Configuring a shared virtual private cloud for ROSA clusters]. +* **Shared virtual private clouds.** ROSA now supports installing clusters into VPCs shared among AWS accounts that are part of AWS organizations. AWS account installing {rosa-classic-short} cluster can now use shared subnets owned by a management account. For more information, see xref:../rosa_install_access_delete_clusters/rosa-shared-vpc-config.adoc[Configuring a shared virtual private cloud for ROSA clusters]. * **Machine pool disk volume size.** You can now configure your machine pool disk volume size for additional flexibility. You can select your own sizing for the disk volumes of their worker machine pool nodes. For more information, see xref:../rosa_cluster_admin/rosa_nodes/rosa-managing-worker-nodes.adoc#configuring_machine_pool_disk_volumerosa-managing-worker-nodes[Configuring machine pool disk volume]. * **Machine pool update.** You can now add taints to the machine pool that is automatically generated during cluster creation. You can also delete this machine pool. This new feature provides more flexibility and cost-effectiveness for cluster administrators, specifically in regards to scaling infrastructure based on changing resource requirements. For more information, see xref:../rosa_cluster_admin/rosa_nodes/rosa-managing-worker-nodes.adoc#creating_a_machine_pool_rosa-managing-worker-nodes[Creating a machine pool]. -* **ROSA regions added.** {product-title} (ROSA) is now available in the following regions: +* **ROSA regions added.** {product-title} ({rosa-classic-short}) is now available in the following regions: + ** Spain (`eu-south-2`) ** Hyderabad (`ap-south-2`) @@ -266,20 +265,18 @@ endif::openshift-rosa-hcp[] + For more information on region availabilities, see xref:../rosa_architecture/rosa_policy_service_definition/rosa-service-definition.adoc#rosa-sdpolicy-regions-az_rosa-service-definition[Regions and availability zones]. -* **Documentation update.** The CLI Tools section was added to the ROSA documentation and includes more detailed information to help you fully use all of the supported CLI tools. The ROSA CLI section can now be found nested inside the CLI Tools heading. For more information, see xref:../cli_reference/index.adoc[CLI tools overview]. +* **Documentation update.** The CLI Tools section was added to the {rosa-classic-short} documentation and includes more detailed information to help you fully use all of the supported CLI tools. The ROSA CLI section can now be found nested inside the CLI Tools heading. For more information, see xref:../cli_reference/index.adoc[CLI tools overview]. * **Documentation update.** The Monitoring section in the documentation was expanded and now includes more detailed information to help you conveniently manage your ROSA clusters. For more information, see xref:../observability/monitoring/about-ocp-monitoring/about-ocp-monitoring.adoc#about-ocp-monitoring[About {product-title} monitoring]. [id="rosa-q2-2023_{context}"] -=== Q2 2023 +=== Q2 2023 - testing this PR * **ROSA CLI update.** The ROSA CLI (`rosa`) was updated to a new version. For information about what has changed in this release, see the link:https://github.com/openshift/rosa/releases/tag/v1.2.23[ROSA CLI release notes]. For more information about the ROSA CLI (`rosa`), see xref:../cli_reference/rosa_cli/rosa-get-started-cli.adoc#rosa-about_rosa-getting-started-cli[About the ROSA CLI]. -* **ROSA region added.** {product-title} (ROSA) is now available in the United Arab Emirates (`me-central-1`) region. For more information on region availability, see xref:../rosa_architecture/rosa_policy_service_definition/rosa-service-definition.adoc#rosa-sdpolicy-regions-az_rosa-service-definition[Regions and availability zones]. +* **ROSA region added.** {product-title} ({rosa-classic-short}) is now available in the United Arab Emirates (`me-central-1`) region. For more information on region availability, see xref:../rosa_architecture/rosa_policy_service_definition/rosa-service-definition.adoc#rosa-sdpolicy-regions-az_rosa-service-definition[Regions and availability zones]. include::snippets/rosa-hcp-rn.adoc[leveloffset=+1] -:featureName: ROSA with HCP -include::snippets/technology-preview.adoc[leveloffset=+1] [id="rosa-q1-2023_{context}"] === Q1 2023 @@ -290,12 +287,12 @@ endif::openshift-rosa[] [id="rosa-known-issues_{context}"] == Known issues -// These notes need to be duplicated until the ROSA with HCP split out is completed. +// These notes need to be duplicated until the {rosa-short} split out is completed. ifdef::openshift-rosa[] -* While egress lockdown works across all supported versions of ROSA, Red Hat suggests you upgrade your cluster or build a cluster to the latest z-stream for your {ocp}. Due to an upstream issue with the internal image registry functionality in disconnected environments, you may experience issues with various {ocp} components within your cluster until you upgrade your version of HCP to the latest z-stream. If you are using older z-stream ROSA clusters with the egress lockdown feature, you must include a public route to the internet from your cluster. See link:https://issues.redhat.com/browse/OCPBUGS-44314[OCPBUGS-44314] for further details. +* While egress lockdown works across all supported versions of {rosa-classic-short}, Red{nbsp}Hat suggests you upgrade your cluster or build a cluster to the latest z-stream for your {ocp}. Due to an upstream issue with the internal image registry functionality in disconnected environments, you may experience issues with various {ocp} components within your cluster until you upgrade your version of HCP to the latest z-stream. If you are using older z-stream ROSA clusters with the egress lockdown feature, you must include a public route to the internet from your cluster. See link:https://issues.redhat.com/browse/OCPBUGS-44314[OCPBUGS-44314] for further details. endif::openshift-rosa[] ifdef::openshift-rosa-hcp[] -* While egress lockdown works across all supported versions of ROSA, Red Hat suggests you upgrade your cluster or build a cluster to the latest z-stream for your {ocp}. Due to an upstream issue with the internal image registry functionality in disconnected environments, you may experience issues with various {ocp} components within your cluster until you upgrade your version of HCP to the latest z-stream. If you are using older z-stream ROSA clusters with the egress lockdown feature, you must include a public route to the internet from your cluster. See link:https://issues.redhat.com/browse/OCPBUGS-44314[OCPBUGS-44314] for further details. +* While egress lockdown works across all supported versions of {rosa-short}, Red{nbsp}Hat suggests you upgrade your cluster or build a cluster to the latest z-stream for your {ocp}. Due to an upstream issue with the internal image registry functionality in disconnected environments, you may experience issues with various {ocp} components within your cluster until you upgrade your version of HCP to the latest z-stream. If you are using older z-stream {rosa-short} clusters with the egress lockdown feature, you must include a public route to the internet from your cluster. See link:https://issues.redhat.com/browse/OCPBUGS-44314[OCPBUGS-44314] for further details. endif::openshift-rosa-hcp[] * {OCP} 4.14 introduced an updated HAProxy image from 2.2 to 2.6. This update created a change in behavior enforcing strict RFC 7230 compliance, rejecting requests with multiple `Transfer-Encoding` headers. This may cause exposed pods in {product-title} 4.14 clusters sending multiple `Transfer-Encoding` headers to respond with a `502 Bad Gateway` or `400 Bad Request error`. To avoid this issue, ensure that your applications are not sending multiple `Transfer-Encoding` headers. For more information, see link:https://access.redhat.com/solutions/7055002[Red Hat Knowledgebase article]. (link:https://issues.redhat.com/browse/OCPBUGS-43095[*OCPBUGS-43095*]) @@ -307,8 +304,8 @@ include::modules/rosa-update-cli-tool.adoc[] [id="rosa-deprecated-removed-features_{context}"] == Deprecated and removed features -Some features available in previous releases have been deprecated or removed. Deprecated functionality is still included in ROSA and continues to be supported; however, it will be removed in a future release of this product and is not recommended for new deployments. +Some features available in previous releases have been deprecated or removed. Deprecated functionality is still included in {rosa-short} and {rosa-classic-short} and continues to be supported; however, it will be removed in a future release of this product and is not recommended for new deployments. -* **ROSA non-STS deployment mode.** ROSA non-STS deployment mode is no longer the preferred method for new clusters. Instead, users must deploy ROSA with the STS mode. This deprecation is in line with our new ROSA provisioning wizard UI experience at https://console.redhat.com/openshift/create/rosa/wizard. +* **ROSA non-STS deployment mode.** {rosa-classic-short} non-STS deployment mode is no longer the preferred method for new clusters. Instead, users must deploy {rosa-classic-short} with the STS mode. This deprecation is in line with our new ROSA provisioning wizard UI experience at https://console.redhat.com/openshift/create/rosa/wizard. -* **Label removal on core namespaces.** ROSA is no longer labeling OpenShift core using the `name` label. Customers should migrate to referencing the `kubernetes.io/metadata.name` label if needed for Network Policies or other use cases. +* **Label removal on core namespaces.** {rosa-classic-short} is no longer labeling OpenShift core using the `name` label. Customers should migrate to referencing the `kubernetes.io/metadata.name` label if needed for Network Policies or other use cases. diff --git a/snippets/rosa-hcp-rn.adoc b/snippets/rosa-hcp-rn.adoc index 023c229696e9..78d2fff510e4 100644 --- a/snippets/rosa-hcp-rn.adoc +++ b/snippets/rosa-hcp-rn.adoc @@ -3,4 +3,4 @@ // * rosa_release_notes/rosa-release-notes.adoc :_mod-docs-content-type: SNIPPET -* **Hosted control planes.** {hcp-title-first} clusters are now available as a link:https://access.redhat.com/support/offerings/techpreview[Technology Preview] feature. This new architecture provides a lower-cost, more resilient ROSA architecture. For more information, see xref:../rosa_hcp/rosa-hcp-sts-creating-a-cluster-quickly.adoc#rosa-hcp-sts-creating-a-cluster-quickly[Creating {hcp-title} clusters using the default options]. \ No newline at end of file +* **Hosted control planes.** {rosa-first} clusters are now available as a link:https://access.redhat.com/support/offerings/techpreview[Technology Preview] feature. This new architecture provides a lower-cost, more resilient ROSA architecture. For more information, see xref:../rosa_hcp/rosa-hcp-sts-creating-a-cluster-quickly.adoc#rosa-hcp-sts-creating-a-cluster-quickly[Creating {rosa-short} clusters using the default options]. \ No newline at end of file diff --git a/welcome/cloud-experts-rosa-hcp-sts-explained.adoc b/welcome/cloud-experts-rosa-hcp-sts-explained.adoc index b8c3640ed758..8e49e8feee79 100644 --- a/welcome/cloud-experts-rosa-hcp-sts-explained.adoc +++ b/welcome/cloud-experts-rosa-hcp-sts-explained.adoc @@ -1,26 +1,26 @@ :_mod-docs-content-type: ASSEMBLY [id="cloud-experts-rosa-hcp-sts-explained"] -= AWS STS and ROSA with HCP explained += AWS STS and {rosa-short} explained include::_attributes/common-attributes.adoc[] include::_attributes/attributes-openshift-dedicated.adoc[] :context: cloud-experts-rosa-hcp-sts-explained - + toc::[] //rosaworkshop.io content metadata //Brought into ROSA product docs 2023-10-26 //Modified for HCP 2024-4-16 -{hcp-title-first} uses an AWS (Amazon Web Services) Security Token Service (STS) for AWS Identity Access Management (IAM) to obtain the necessary credentials to interact with resources in your AWS account. +{rosa-first} uses an AWS (Amazon Web Services) Security Token Service (STS) for AWS Identity Access Management (IAM) to obtain the necessary credentials to interact with resources in your AWS account. [id="credential-methods-rosa-hcp"] == AWS STS credential method -As part of {hcp-title}, Red{nbsp}Hat must be granted the necessary permissions to manage infrastructure resources in your AWS account. -{hcp-title} grants the cluster's automation software limited, short-term access to resources in your AWS account. +As part of {rosa-short}, Red{nbsp}Hat must be granted the necessary permissions to manage infrastructure resources in your AWS account. +{rosa-short} grants the cluster's automation software limited, short-term access to resources in your AWS account. The STS method uses predefined roles and policies to grant temporary, least-privilege permissions to IAM roles. The credentials typically expire an hour after being requested. Once expired, they are no longer recognized by AWS and no longer have account access from API requests made with them. For more information, see the link:https://docs.aws.amazon.com/STS/latest/APIReference/welcome.html[AWS documentation]. -AWS IAM STS roles must be created for each {hcp-title} cluster. The ROSA command-line interface (CLI) (`rosa`) manages the STS roles and helps you attach the ROSA-specific, AWS-managed policies to each role. The CLI provides the commands and files to create the roles, attach the AWS-managed policies, and an option to allow the CLI to automatically create the roles and attach the policies. +AWS IAM STS roles must be created for each {rosa-short} cluster. The {rosa-short} command-line interface (CLI) (`rosa`) manages the STS roles and helps you attach the {rosa-short}-specific, AWS-managed policies to each role. The CLI provides the commands and files to create the roles, attach the AWS-managed policies, and an option to allow the CLI to automatically create the roles and attach the policies. //See [insert new xref when we have one for HCP] for more information about the different `--mode` options. [id="hcp-sts-security"] @@ -33,18 +33,18 @@ Security features for AWS STS include: * There is no need to rotate or revoke credentials. Whenever the service needs to perform an action, it obtains credentials that expire in one hour or less. * Credential expiration reduces the risks of credentials leaking and being reused. -{hcp-title} grants cluster software components least-privilege permissions with short-term security credentials to specific and segregated IAM roles. The credentials are associated with IAM roles specific to each component and cluster that makes AWS API calls. This method aligns with principles of least-privilege and secure practices in cloud service resource management. +{rosa-short} grants cluster software components least-privilege permissions with short-term security credentials to specific and segregated IAM roles. The credentials are associated with IAM roles specific to each component and cluster that makes AWS API calls. This method aligns with principles of least-privilege and secure practices in cloud service resource management. [id="components-specific-to-rosa-hcp-with-sts"] -== Components of {hcp-title} -* *AWS infrastructure* - The infrastructure required for the cluster including the Amazon EC2 instances, Amazon EBS storage, and networking components. See xref:../rosa_architecture/rosa_policy_service_definition/rosa-service-definition.adoc#rosa-sdpolicy-aws-compute-types_rosa-service-definition[AWS compute types] to see the supported instance types for compute nodes and xref:../rosa_planning/rosa-sts-aws-prereqs.adoc#rosa-ec2-instances_rosa-sts-aws-prereqs[provisioned AWS infrastructure] for more information on cloud resource configuration. +== Components of {rosa-short} +* *AWS infrastructure* - The infrastructure required for the cluster including the Amazon EC2 instances, Amazon EBS storage, and networking components. See xref:../rosa_architecture/rosa_policy_service_definition/rosa-hcp-service-definition.adoc#rosa-sdpolicy-aws-compute-types_rosa-service-definition[AWS compute types] to see the supported instance types for compute nodes and xref:../rosa_planning/rosa-sts-aws-prereqs.adoc#rosa-ec2-instances_rosa-sts-aws-prereqs[provisioned AWS infrastructure] for more information on cloud resource configuration. * *AWS STS* - A method for granting short-term, dynamic tokens to provide users the necessary permissions to temporarily interact with your AWS account resources. * *OpenID Connect (OIDC)* - A mechanism for cluster Operators to authenticate with AWS, assume the cluster roles through a trust policy, and obtain temporary credentials from AWS IAM STS to make the required API calls. -* *Roles and policies* - The roles and policies used by {hcp-title} can be divided into account-wide roles and policies and Operator roles and policies. +* *Roles and policies* - The roles and policies used by {rosa-short} can be divided into account-wide roles and policies and Operator roles and policies. + The policies determine the allowed actions for each of the roles. ifdef::openshift-rosa[] -See xref:../rosa_architecture/rosa-sts-about-iam-resources.adoc#rosa-sts-about-iam-resources[About IAM resources] for more details about the individual roles and policies. See xref:../rosa_planning/rosa-sts-ocm-role.adoc#rosa-sts-ocm-role[ROSA IAM role resource] for more details about trust policies. +See xref:../rosa_architecture/rosa-sts-about-iam-resources.adoc#rosa-sts-about-iam-resources[About IAM resources] for more details about the individual roles and policies. See xref:../rosa_planning/rosa-sts-ocm-role.adoc#rosa-sts-ocm-role[{rosa-short} IAM role resource] for more details about trust policies. endif::openshift-rosa[] ifdef::openshift-rosa-hcp[] See xref:../rosa_architecture/rosa-sts-about-iam-resources.adoc#rosa-sts-about-iam-resources[About IAM resources] for more details about the individual roles and policies. See xref:../rosa_planning/rosa-hcp-prepare-iam-roles-resources.adoc#rosa-hcp-prepare-iam-roles-resources[Required IAM roles and resources] for more details on preparing these resources in your cluster. @@ -90,9 +90,9 @@ Certain policies are used by the cluster Operator roles, listed below. The Opera ** Trust policies are created for each account-wide role and each Operator role. [id="deploying-rosa-hcp-with-sts-cluster"] -== Deploying a {hcp-title} cluster +== Deploying a {rosa-short} cluster -Deploying a {hcp-title} cluster follows the following steps: +Deploying a {rosa-short} cluster follows the following steps: . You create the account-wide roles. . You create the Operator roles. @@ -105,7 +105,7 @@ During the cluster creation process, the ROSA CLI creates the required JSON file The ROSA CLI can automatically create the roles for you, or you can manually create them by using the `--mode manual` or `--mode auto` flags. For further details about deployment, see xref:../rosa_hcp/rosa-hcp-sts-creating-a-cluster-quickly.adoc#rosa-sts-creating-cluster-using-customizations_rosa-sts-creating-a-cluster-with-customizations[Creating a cluster with customizations]. [id="hcp-sts-process"] -== {hcp-title} workflow +== {rosa-short} workflow The user creates the required account-wide roles. During role creation, a trust policy, known as a cross-account trust policy, is created which allows a Red{nbsp}Hat-owned role to assume the roles. Trust policies are also created for the EC2 service, which allows workloads on EC2 instances to assume roles and obtain credentials. AWS assigns a corresponding permissions policy to each role. After the account-wide roles and policies are created, the user can create a cluster. Once cluster creation is initiated, the user creates the Operator roles so that cluster Operators can make AWS API calls. These roles are then assigned to the corresponding permission policies that were created earlier and a trust policy with an OIDC provider. The Operator roles differ from the account-wide roles in that they ultimately represent the pods that need access to AWS resources. Because a user cannot attach IAM roles to pods, they must create a trust policy with an OIDC provider so that the Operator, and therefore the pods, can access the roles they need. diff --git a/welcome/index.adoc b/welcome/index.adoc index b634948bafcc..c4a2da22fab7 100644 --- a/welcome/index.adoc +++ b/welcome/index.adoc @@ -2,6 +2,7 @@ [id="welcome-index"] = {product-title} {product-version} Documentation include::_attributes/common-attributes.adoc[] +include::_attributes/attributes-openshift-dedicated.adoc[] :context: welcome-index {toc} {toc-title} @@ -13,23 +14,23 @@ ifndef::openshift-rosa,openshift-telco[] Welcome to the official {product-title} {product-version} documentation, where you can learn about {product-title} and start exploring its features. endif::openshift-rosa,openshift-telco[] ifdef::openshift-rosa[] -Welcome to the official {product-title} (ROSA) documentation, where you can learn about ROSA and start exploring its features. -To learn about ROSA, interacting with ROSA by using {cluster-manager-first} and command-line interface (CLI) tools, consumption experience, and integration with Amazon Web Services (AWS) services, start with xref:../rosa_architecture/rosa-understanding.adoc#rosa-understanding[the Introduction to ROSA documentation]. +Welcome to the official {product-title} ({rosa-classic-short}) documentation, where you can learn about {rosa-classic-short} and start exploring its features. +To learn about {rosa-classic-short}, interacting with {rosa-classic-short} by using {cluster-manager-first} and command-line interface (CLI) tools, consumption experience, and integration with Amazon Web Services (AWS) services, start with xref:../rosa_architecture/rosa-understanding.adoc#rosa-understanding[the Introduction to ROSA documentation]. image::291_OpenShift_on_AWS_Intro_1122_docs.png[{product-title}] endif::openshift-rosa[] ifdef::openshift-rosa[] -To navigate the ROSA documentation, use the left navigation bar. +To navigate the {rosa-classic-short} documentation, use the left navigation bar. endif::[] -ifndef::openshift-rosa,openshift-dedicated,openshift-dpu,openshift-telco[] +ifndef::openshift-rosa,openshift-rosa-hcp,openshift-dedicated,openshift-dpu,openshift-telco[] To navigate the {product-title} {product-version} documentation, you can use one of the following methods: * Use the navigation bar to browse the documentation. * Select the task that interests you from xref:../welcome/learn_more_about_openshift.adoc#learn_more_about_openshift[Learn more about {product-title}]. * {product-title} has a variety of layered offerings to add additional functionality and extend the capabilities of a cluster. For more information, see link:https://access.redhat.com/support/policy/updates/openshift_operators[{product-title} Operator Life Cycles] -endif::openshift-rosa,openshift-dedicated,openshift-dpu,openshift-telco[] +endif::openshift-rosa,openshift-rosa-hcp,openshift-dedicated,openshift-dpu,openshift-telco[] ifdef::openshift-dpu[] To navigate the {product-title} data processing unit (DPU) documentation, use the left navigation bar.