You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: cloud_experts_tutorials/cloud-experts-entra-id-idp.adoc
+9-9Lines changed: 9 additions & 9 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -16,7 +16,7 @@ toc::[]
16
16
// - Paul Czarkowski
17
17
// ---
18
18
19
-
This tutorial demonstrates how to configure Microsoft Entra ID (formerly Azure Active Directory) as the cluster identity provider in {product-title} (ROSA). This tutorial walks through the creation of an Microsoft Entra ID (Entra ID) application and configure Red Hat OpenShift Service on AWS (ROSA) to authenticate using Azure AD.
19
+
This tutorial demonstrates how to configure Microsoft Entra ID (formerly Azure Active Directory) as the cluster identity provider in {product-title} (ROSA). This tutorial walks through the creation of an Microsoft Entra ID (Entra ID) application and configure Red Hat OpenShift Service on AWS (ROSA) to authenticate using Azure AD.
20
20
21
21
This tutorial walks through the following steps:
22
22
@@ -37,7 +37,7 @@ Create a set of security groups and assign users by following link:https://learn
37
37
+
38
38
First, construct the cluster's OAuth callback URL and make note of it. To do so, run the following command, making sure to replace the variable specified:
39
39
+
40
-
The "AAD" directory at the end of the the OAuth callback URL should match the OAuth identity provider name you'll setup later.
40
+
The "AAD" directory at the end of the OAuth callback URL should match the OAuth identity provider name you'll setup later.
In addition to individual user authentication, OpenShift provides group claim functionality. This functionality allows an OpenID Connect identity provider, like Entra ID, to offer a user’s group membership for use within OpenShift. To enable group claims, we will configure Entra ID to provide a groups claim.
88
+
In addition to individual user authentication, OpenShift provides group claim functionality. This functionality allows an OpenID Connect identity provider, like Entra ID, to offer a user’s group membership for use within OpenShift. To enable group claims, we will configure Entra ID to provide a groups claim.
== Grant additional permissions to individual users
161
161
162
-
Once the cluster authentication Operator reconciles your changes (generally within a few minutes), you will be able to log in to the cluster using Entra ID.
162
+
Once the cluster authentication Operator reconciles your changes (generally within a few minutes), you will be able to log in to the cluster using Entra ID.
163
163
164
164
Once you log in, you will notice that you have very limited permissions. This is because, by default, OpenShift only grants you the ability to create new projects (namespaces) in the cluster. Other projects (namespaces) are restricted from view.
Now, any user in the specified group will automatically be granted `cluster-admin` access.
196
196
197
-
For more information on how to use RBAC to define and apply permissions in OpenShift, see link:https://docs.openshift.com/container-platform/latest/authentication/using-rbac.html[the OpenShift documentation].
197
+
For more information on how to use RBAC to define and apply permissions in OpenShift, see link:https://docs.openshift.com/container-platform/latest/authentication/using-rbac.html[the OpenShift documentation].
Copy file name to clipboardExpand all lines: modules/installing-gcp-user-defined-labels-and-tags.adoc
+5-5Lines changed: 5 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -8,9 +8,9 @@
8
8
:FeatureName: Support for user-defined labels and tags for GCP
9
9
include::snippets/technology-preview.adoc[]
10
10
11
-
Google Cloud Platform (GCP) provides labels and tags that help to identify and organize the resources created for a specific {product-title} cluster, making them easier to manage.
11
+
Google Cloud Platform (GCP) provides labels and tags that help to identify and organize the resources created for a specific {product-title} cluster, making them easier to manage.
12
12
13
-
You can define labels and tags for each GCP resource only during {product-title} cluster installation.
13
+
You can define labels and tags for each GCP resource only during {product-title} cluster installation.
14
14
15
15
[IMPORTANT]
16
16
====
@@ -19,7 +19,7 @@ User-defined labels and tags are not supported for {product-title} clusters upgr
19
19
20
20
.User-defined labels
21
21
22
-
User-defined labels and {product-title} specific labels are applied only to resources created by {product-title} installation program and its core components such as:
22
+
User-defined labels and {product-title} specific labels are applied only to resources created by {product-title} installation program and its core components such as:
23
23
24
24
* GCP filestore CSI Driver Operator
25
25
* GCP PD CSI Driver Operator
@@ -46,7 +46,7 @@ User-defined labels and {product-title} labels are available on the following GC
46
46
47
47
User-defined tags are attached to resources created by the {product-title} Image Registry Operator and not on the resources created by any other Operators or the Kubernetes in-tree components.
48
48
49
-
User-defined tags are available on on the following GCP resources:
49
+
User-defined tags are available on the following GCP resources:
50
50
* Storage bucket
51
51
52
52
.Limitations to the user-defined tags
@@ -57,7 +57,7 @@ User-defined tags are available on on the following GCP resources:
57
57
** Filestore instance resources created by the GCP filestore CSI driver Operator
58
58
** Compute disk and compute image resources created by the GCP PD CSI driver Operator
59
59
* Tags are not supported for buckets located in the following regions:
60
-
**`us-east2`
60
+
**`us-east2`
61
61
**`us-east3`
62
62
* Image Registry Operator does not throw any error but skips processing tags when the buckets are created in the tags unsupported region.
63
63
* Tags must not be restricted to particular service accounts, because Operators create and use service accounts with minimal roles.
To build your own RPMs, choose a tool of your choice, such as the the `rpmbuild` tool, and initialize the RPM build tree in your home directory. The following is an example procedure. As long as your RPMs are accessible to Image Builder, you can use the method you prefer to build the application RPMs.
9
+
To build your own RPMs, choose a tool of your choice, such as the `rpmbuild` tool, and initialize the RPM build tree in your home directory. The following is an example procedure. As long as your RPMs are accessible to Image Builder, you can use the method you prefer to build the application RPMs.
Copy file name to clipboardExpand all lines: modules/mirror-registry-ssl-cert-replace.adoc
+8-8Lines changed: 8 additions & 8 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -4,19 +4,19 @@
4
4
5
5
:_content-type: PROCEDURE
6
6
[id="mirror-registry-ssl-cert-replace_{context}"]
7
-
= Replacing mirror registry for Red Hat OpenShift SSL/TLS certificates
7
+
= Replacing mirror registry for Red Hat OpenShift SSL/TLS certificates
8
8
9
-
In some cases, you might want to update your SSL/TLS certificates for the the _mirror registry for Red Hat OpenShift_. This is useful in the following scenarios:
9
+
In some cases, you might want to update your SSL/TLS certificates for the _mirror registry for Red Hat OpenShift_. This is useful in the following scenarios:
10
10
11
11
* If you are replacing the current _mirror registry for Red Hat OpenShift_ certificate.
12
-
* If you are using the same certificate as the previous _mirror registry for Red Hat OpenShift_ installation.
13
-
* If you are periodically updating the _mirror registry for Red Hat OpenShift_ certificate.
12
+
* If you are using the same certificate as the previous _mirror registry for Red Hat OpenShift_ installation.
13
+
* If you are periodically updating the _mirror registry for Red Hat OpenShift_ certificate.
14
14
15
15
Use the following procedure to replace _mirror registry for Red Hat OpenShift_ SSL/TLS certificates.
16
16
17
-
.Prerequisites
17
+
.Prerequisites
18
18
19
-
* You have downloaded the `./mirror-registry` binary from the link:https://console.redhat.com/openshift/downloads#tool-mirror-registry[OpenShift console *Downloads*] page.
19
+
* You have downloaded the `./mirror-registry` binary from the link:https://console.redhat.com/openshift/downloads#tool-mirror-registry[OpenShift console *Downloads*] page.
20
20
21
21
.Procedure
22
22
@@ -29,7 +29,7 @@ $ ./mirror-registry install \
29
29
--quayRoot <example_directory_name>
30
30
----
31
31
+
32
-
This installs the _mirror registry for Red Hat OpenShift_ to the `$HOME/quay-install` directory.
32
+
This installs the _mirror registry for Red Hat OpenShift_ to the `$HOME/quay-install` directory.
33
33
34
34
. Prepare a new certificate authority (CA) bundle and generate new `ssl.key` and `ssl.crt` key files. For more information, see link:https://access.redhat.com/documentation/en-us/red_hat_quay/3/html-single/deploy_red_hat_quay_for_proof-of-concept_non-production_purposes/index#introduction-using-ssl[Using SSL/TLS].
Copy file name to clipboardExpand all lines: modules/ovn-kubernetes-architecture-con.adoc
+2-2Lines changed: 2 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -22,6 +22,6 @@ The OVN northbound database contains the current desired state of the network, p
22
22
The `ovn-northd` (`northd` container) connects to the OVN northbound database and the OVN southbound database.
23
23
It translates the logical network configuration in terms of conventional network concepts, taken from the OVN northbound database, into logical data path flows in the OVN southbound database.
24
24
25
-
The OVN southbound database has physical and logical representations of the network and binding tables that link them together. It contains the chassis information of the node and other constructs like remote transit switch ports that are required to to connect to the other nodes in the cluster. The OVN southbound database also contains all the logic flows. The logic flows are shared with the `ovn-controller` process that runs on each node and the `ovn-controller` turns those into `OpenFlow` rules to program `Open vSwitch`(OVS).
25
+
The OVN southbound database has physical and logical representations of the network and binding tables that link them together. It contains the chassis information of the node and other constructs like remote transit switch ports that are required to connect to the other nodes in the cluster. The OVN southbound database also contains all the logic flows. The logic flows are shared with the `ovn-controller` process that runs on each node and the `ovn-controller` turns those into `OpenFlow` rules to program `Open vSwitch`(OVS).
26
26
27
-
The Kubernetes control plane nodes each contain an `ovnkube-control-plane` pod which does the central IP address management (IPAM) allocation for each node in the cluster. At any given time a single `ovnkube-control-plane` pod is the leader.
27
+
The Kubernetes control plane nodes each contain an `ovnkube-control-plane` pod which does the central IP address management (IPAM) allocation for each node in the cluster. At any given time a single `ovnkube-control-plane` pod is the leader.
0 commit comments