You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
= Parameter options for creating your own OpenID Connect configuration
10
9
11
10
The following options may be added to the `rosa create oidc-config` command. All of these parameters are optional. Running the `rosa create oidc-config` command without parameters creates an unmanaged OIDC configuration.
12
11
13
12
[NOTE]
14
13
====
15
-
You are required to register the unmanaged OIDC configuration by posting a request to `/oidc_configs` through OCM. You receive an ID in the response. Use this ID to create a cluster.
14
+
You are required to register the unmanaged OIDC configuration by posting a request to `/oidc_configs` through OpenShift Cluster Manager. You receive an ID in the response. Use this ID to create a cluster.
16
15
====
17
16
18
17
[discrete]
19
-
[id="rosa-oidc-raw-files_{context}"]
18
+
[id="rosa-sts-byo-oidc-raw-files_{context}"]
20
19
== raw-files
21
20
22
21
Allows you to provide raw files for the private RSA key. This key is named `rosa-private-key-oidc-<random_label_of_length_4>.key`. You also receive a discovery document, named `discovery-document-oidc-<random_label_of_length_4>.json`, and a JSON Web Key Set, named `jwks-oidc-<random_label_of_length_4>.json`.
@@ -30,12 +29,12 @@ $ rosa create oidc-config --raw-files
30
29
----
31
30
32
31
[discrete]
33
-
[id="rosa-oidc-mode_{context}"]
32
+
[id="rosa-sts-byo-oidc-mode_{context}"]
34
33
== mode
35
34
36
-
Allows you to specify the mode to create your OIDC configuration. With the `manual` option, you receive AWS commands that setup the OIDC configuration within an S3 bucket. This option stores the private key in the Secrets Manager. With the `manual` option, the OIDC Endpoint URL is the URL for the S3 bucket. You must retrieve the Secrets Manager ARN to register the OIDC configuration with OCM.
35
+
Allows you to specify the mode to create your OIDC configuration. With the `manual` option, you receive AWS commands that set up the OIDC configuration in an S3 bucket. This option stores the private key in the Secrets Manager. With the `manual` option, the OIDC Endpoint URL is the URL for the S3 bucket. You must retrieve the Secrets Manager ARN to register the OIDC configuration with OpenShift Cluster Manager.
37
36
38
-
Using the `auto` option, you receive the same OIDC configuration and AWS resources as the `manual` mode. One change is that ROSA calls AWS, so you do not need to do anything else. The OIDC Endpoint URL is the URL for the S3 bucket. The CLI retrieves the Secrets Manager ARN, registers the OIDC configuration with OCM, and reports the second `rosa` command that the user can run to continue with the creation of the STS cluster.
37
+
You receive the same OIDC configuration and AWS resources as the `manual` mode when using the `auto` option. A significant difference between the two options is that when using the `auto` option, ROSA calls AWS, so you do not need to take any further actions. The OIDC Endpoint URL is the URL for the S3 bucket. The CLI retrieves the Secrets Manager ARN, registers the OIDC configuration with OpenShift Cluster Manager, and reports the second `rosa` command that the user can run to continue with the creation of the STS cluster.
39
38
40
39
.Example
41
40
[source,terminal]
@@ -44,7 +43,7 @@ $ rosa create oidc-config --mode=<auto|manual>
44
43
----
45
44
46
45
[discrete]
47
-
[id="rosa-oidc-managed_{context}"]
46
+
[id="rosa-sts-byo-oidc-managed_{context}"]
48
47
== managed
49
48
50
49
Creates an OIDC configuration that is hosted under Red Hat's AWS account. This command creates a private key that responds directly with an OIDC Config ID for you to use when creating the STS cluster.
When using a {hcp-title} cluster, you must create the OpenID Connect (OIDC) configuration prior to creating your cluster. This configuration is registered to be used with OCM.
17
+
When using a
18
+
ifdef::rosa-hcp[]
19
+
{hcp-title} cluster, you must
20
+
endif::rosa-hcp[]
21
+
ifndef::rosa-hcp[]
22
+
{product-title} cluster, you can
23
+
endif::rosa-hcp[]
24
+
create the OpenID Connect (OIDC) configuration prior to creating your cluster. This configuration is registered to be used with OpenShift Cluster Manager.
18
25
19
26
.Prerequisites
20
27
21
28
ifdef::rosa-hcp[]
22
29
* You have completed the AWS prerequisites for {hcp-title}.
23
30
endif::rosa-hcp[]
24
-
ifdef::rosa-classic[]
31
+
ifdef::rosa-hcp[]
25
32
* You have completed the AWS prerequisites for {product-title}.
26
-
endif::rosa-classic[]
33
+
endif::rosa-hcp[]
27
34
* You have installed and configured the latest {product-title} (ROSA) CLI, `rosa`, on your installation host.
* See xref:../rosa_architecture/rosa-sts-about-iam-resources.adoc#rosa-byo-odic-overview_rosa-sts-about-iam-resources[Creating an OpenID Connect Configuration] for the ROSA Classic instructions.
30
-
* See xref:../rosa_hcp/rosa-hcp-sts-creating-a-cluster-quickly.adoc#rosa-hcp-byo-oidc_rosa-hcp-sts-creating-a-cluster-quickly[Creating an OpenID Connect Configuration] for the {hcp-title} instructions.
30
+
* See xref:../rosa_hcp/rosa-hcp-sts-creating-a-cluster-quickly.adoc#rosa-sts-byo-oidc_rosa-hcp-sts-creating-a-cluster-quickly[Creating an OpenID Connect Configuration] for the {hcp-title} instructions.
* For more information about the default components required for an AWS cluster, see link:https://docs.aws.amazon.com/vpc/latest/userguide/default-vpc.html[Default VPCs] in the AWS documentation.
39
39
* For instructions on creating a VPC in the AWS console, see link:https://docs.aws.amazon.com/vpc/latest/userguide/create-vpc.html[Create a VPC] in the AWS documentation.
0 commit comments