Merge pull request #60203 from EricPonvelle/OSDOCS-6147_HCP-Updates

OSDOCS-6147: Updated ROSA with HCP content

Author: EricPonvelle

_topic_maps/_topic_map_rosa.yml

@@ -111,7 +111,7 @@ Topics:
 - Name: Using the Node Tuning Operator on ROSA with HCP
   File: rosa-tuning-config
 ---
-Name: Install ROSA classic clusters
+Name: Install ROSA Classic clusters
 Dir: rosa_install_access_delete_clusters
 Distros: openshift-rosa
 Topics:

modules/rosa-adding-tuning.adoc

@@ -12,7 +12,7 @@ You can add tunings for compute (also known as worker) nodes in a machine pool t
 
 ifdef::openshift-rosa[]
 * You installed and configured the latest AWS (`aws`), ROSA (`rosa`), and OpenShift (`oc`) CLIs on your workstation.
-* You logged in to your Red Hat account by using the `rosa` CLI.
+* You logged in to your Red Hat account by using the ROSA CLI.
 * You created a {product-title} (ROSA) cluster.
 endif::openshift-rosa[]
 ifndef::openshift-rosa[]

modules/rosa-creating-node-tuning.adoc

@@ -6,7 +6,7 @@
 [id="rosa-creating-node-tuning_{context}"]
 = Creating node tuning configurations on {hcp-title}
 
-You can create tuning configurations using the `rosa` CLI.
+You can create tuning configurations using the ROSA CLI.
 
 .Prerequisites
 

modules/rosa-deleting-node-tuning.adoc

@@ -6,7 +6,7 @@
 [id="rosa-deleting-node-tuning_{context}"]
 = Deleting node tuning configurations on {hcp-title}
 
-You can delete tuning configurations by using the `rosa` CLI.
+You can delete tuning configurations by using the ROSA CLI.
 
 [NOTE]
 ====

modules/rosa-hcp-byo-oidc.adoc

@@ -4,16 +4,9 @@
 
 :_content-type: PROCEDURE
 [id="rosa-hcp-byo-oidc_{context}"]
-= Generating your own OpenID Connect configuration
+= Creating an OpenID Connect configuration
 
-You can create your own OpenID Connect (OIDC) configuration before you create your cluster by using the `rosa create oidc-config --mode=auto` command. This command produces an OIDC configuration that is hosted under Red Hat's AWS account. The `rosa` CLI provides some additional options for creating your OIDC configuration.
-
-You can generate managed or unmanaged OIDC configurations. Customer-hosted, or unmanaged, OIDC configurations are stored within your AWS account, and the configurations are flagged for use with {cluster-manager-first}. This process also provides you with a private key to have access to and take ownership of the configurations. Red Hat-hosted, or managed, OIDC configurations are stored within Red Hat's AWS account. This process provides you with private keys for accessing the configuration. 
-
-[NOTE]
-====
-When using the `--managed` parameter, you can only create a new managed OIDC configuration if there are no unused configurations; all existing OIDC configurations must be attached to a cluster. If you delete all of your clusters with attached managed OIDC configurations, you cannot create a new configuration until the unused one is reused or deleted.
-====
+When using a {hcp-title} cluster, you must create the OpenID Connect (OIDC) configuration prior to creating your cluster. This configuration is registered to be used with OCM.
 
 .Prerequisites
 
@@ -35,18 +28,17 @@ This command returns the following information.
 +
 [source,terminal]
 ----
-I: This command will create a S3 bucket populating it with documents to be compliant with OIDC protocol. It will also create a Secret in Secrets Manager containing the private key
-I: Using arn:aws:iam::242819244:role/ManagedOpenShift-Installer-Role for the Installer role
-? Prefix for OIDC (optional): 
-I: Setting up unmanaged OIDC configuration 'oidc-r7u1'
-I: Please run the following command to create a cluster with this oidc config
-rosa create cluster --sts --oidc-config-id 233hvnrjoqu14jltk6lhbhf2tj11f8un
-I: Creating OIDC provider using 'arn:aws:iam::242819244:user/userName'
+? Would you like to create a Managed (Red Hat hosted) OIDC Configuration Yes
+I: Setting up managed OIDC configuration
+I: To create Operator Roles for this OIDC Configuration, run the following command and remember to replace <user-defined> with a prefix of your choice:
+	rosa create operator-roles --prefix <user-defined> --oidc-config-id 13cdr6b
+If you are going to create a Hosted Control Plane cluster please include '--hosted-cp'
+I: Creating OIDC provider using 'arn:aws:iam::4540112244:user/userName'
 ? Create the OIDC provider? Yes
-I: Created OIDC provider with ARN 'arn:aws:iam::242819244:oidc-provider/oidc-r7u1.s3.us-east-1.amazonaws.com'
+I: Created OIDC provider with ARN 'arn:aws:iam::4540112244:oidc-provider/dvbwgdztaeq9o.cloudfront.net/13cdr6b'
 ----
-
-When creating your cluster, you must supply the OIDC config ID. The CLI output provides this value for `--mode auto`, otherwise you must to determine these values based on `aws` CLI output for `--mode manual`.
++
+When creating your cluster, you must supply the OIDC config ID. The CLI output provides this value for `--mode auto`, otherwise you must determine these values based on `aws` CLI output for `--mode manual`.
 
 .Verification
 

modules/rosa-hcp-classic-comparison.adoc

@@ -18,9 +18,9 @@
 | Hosted Control Plane 
 | Classic
 
-| *What are each of the installation paths?*
-| This installation path deploys control plane components, such as etcd, API server, and oauth, that are hosted separately on AWS in a Red Hat-owned and managed account. 
-| This installation path deploys the control plane components side by side with infrastructure and worker nodes that are hosted together in the customer’s same AWS account.
+| Cluster infrastructure hosting
+| {hcp-title} deploys control plane components, such as etcd, API server, and oauth, that are hosted separately on AWS in a Red Hat-owned and managed account. 
+| ROSA Classic deploys the control plane components side by side with infrastructure and worker nodes that are hosted together in the customer’s same AWS account.
 
 | *Provisioning Time*
 | Approximately 10 minutes 
@@ -29,17 +29,18 @@
 | *Architecture*
 |
     * Underlying control plane infrastructure is fully managed and directly unavailable to end customers except through dedicated and explicitly exposed endpoints
+    * Work nodes are hosted in the customer's AWS account
 |
     * Customer is responsible for hosting control plane and AWS infrastructure, while still being _managed_ by Red Hat
-    * All-in-one {product-title} infrastructure architecture
+    * Work nodes are hosted in the customer's AWS account
 
-| *Footprint*
+| *Minimum Amazon EC2 footprint*
 | One cluster requires a minimum of two nodes
 | One cluster requires a minimum of seven nodes
 
 | *Deployment* 
 | 
-    * Deploy using ROSA CLI or web UI
+    * Deploy using ROSA CLI
     * Customers provision "Hosted Clusters" that deploy the control plane components into Red Hat's AWS account
     * Customers provision "Machine Pools" that deploy worker nodes into the customer's AWS account
 |
@@ -52,22 +53,16 @@
 
 | *Regional Availability* 
 | 
-* eu-central-1
-* eu-west-1
-* us-east-1
-* us-east-2
-* us-west-2
-| Available for purchase in all countries where AWS is commercially available 
+* Europe - Frankfort (eu-central-1)
+* Europe - Ireland (eu-west-1)
+* US East - N. Virginia (us-east-1)
+* US East - Ohio (us-east-2)
+* US West - Oregon (us-west-2)
+| For AWS Region availability, see link:https://docs.aws.amazon.com/general/latest/gr/rosa.html[Red Hat OpenShift Service on AWS endpoints and quotas] in the AWS documentation. 
 
 | *Compliance* 
 | 
-    * Compliance certifications planned for after GA
-    * FIPS compliance not yet available
+    * Compliance certifications and FIPS are not yet available.
 | 
-    * ISO 27001, 17, 18
-    * SOC 2 Type 2
-    * SOC 3
-    * PCI-DSS
-    * HIPAA 
-
+    * Compliance specifics are located in the {product-title} documentation.
 |===

modules/rosa-hcp-creating-account-wide-sts-roles-and-policies.adoc

@@ -6,7 +6,7 @@
 [id="rosa-sts-creating-account-wide-sts-roles-and-policies_{context}"]
 = Creating the account-wide STS roles and policies
 
-Before using the {cluster-manager-first} {hybrid-console-second} to create {hcp-title-first} clusters, create the required account-wide roles and policies, including the Operator policies.
+Before using the ROSA CLI to create {hcp-title-first} clusters, create the required account-wide roles and policies, including the Operator policies.
 
 .Prerequisites
 
@@ -19,31 +19,15 @@ Before using the {cluster-manager-first} {hybrid-console-second} to create {hcp-
 ====
 To successfully install {hcp-title} clusters, use the latest version of the ROSA CLI (`rosa`).
 ====
-* You have logged in to your Red Hat account by using the `rosa` CLI.
+* You have logged in to your Red Hat account by using the ROSA CLI.
 
 .Procedure
 
-. Check your AWS account for existing roles and policies by running the following command:
+. If they do not exist in your AWS account, create the required account-wide STS roles and policies by running the following command: 
 +
 [source,terminal]
 ----
-$ rosa list account-roles
+$ rosa create account-roles --force-policy-creation
 ----
 +
-.Sample output
-[source,terminal]
-----
-I: Fetching account roles
-ROLE NAME                           ROLE TYPE      ROLE ARN                                                   OPENSHIFT VERSION
-ManagedOpenShift-ControlPlane-Role  Control plane  arn:aws:iam::8744:role/ManagedOpenShift-ControlPlane-Role  4.13
-ManagedOpenShift-Installer-Role     Installer      arn:aws:iam::8744:role/ManagedOpenShift-Installer-Role     4.13
-ManagedOpenShift-Support-Role       Support        arn:aws:iam::8744:role/ManagedOpenShift-Support-Role       4.13
-ManagedOpenShift-Worker-Role        Worker         arn:aws:iam::8744:role/ManagedOpenShift-Worker-Role        4.13
-----
-
-. If they do not exist in your AWS account, create the required account-wide STS roles and policies by running the following command: 
-+
-[source,terminal]
-----
-$ rosa create account-roles
-----
+The `--force-policy-creation` parameter updates any existing roles and policies that are present. If no roles and policies are present, the command creates these resources instead.

modules/rosa-hcp-sts-creating-a-cluster-cli.adoc

@@ -19,7 +19,8 @@ When using {product-title} (ROSA) CLI (`rosa`) to create a cluster, you can sele
 ====
 To successfully install ROSA clusters, use the latest version of the ROSA CLI (`rosa`).
 ====
-* You have logged in to your Red Hat account by using the `rosa` CLI.
+* You have logged in to your Red Hat account by using the ROSA CLI.
+* You have created an OIDC configuration.
 * You have verified that the AWS Elastic Load Balancing (ELB) service role exists in your AWS account.
 
 .Procedure
@@ -33,18 +34,14 @@ To successfully install ROSA clusters, use the latest version of the ROSA CLI (`
 //----
 
 . You can create your {hcp-title} cluster with one of the following commands. 
-+
-[NOTE]
-====
-If you are using your own OIDC provider, you must include the OIDC config ID, such as `--oidc-config-id <oidc_config_id>`.
-====
 
 ** Create a cluster with a single, initial machine pool, publicly available API, and publicly available Ingress by running the following command:
 +
 [source,terminal]
 ----
 $ rosa create cluster --cluster-name=<cluster_name> \
-    --sts --mode=auto --hosted-cp --subnet-ids=<public-subnet-id>,<private-subnet-id>
+    --sts --mode=auto --hosted-cp --operator-roles-prefix <operator-role-prefix> \ 
+    --oidc-config-id <ID-of-OIDC-configuration> --subnet-ids=<public-subnet-id>,<private-subnet-id>
 ----
 
 ** Create a cluster with a single, initial machine pool, privately available API, and privately available Ingress by running the following command:
@@ -54,11 +51,6 @@ $ rosa create cluster --cluster-name=<cluster_name> \
 $ rosa create cluster --private --cluster-name=<cluster_name> \
     --sts --mode=auto --hosted-cp --subnet-ids=<private-subnet-id>
 ----
-+
-[NOTE]
-====
-When you specify `--mode auto`, the `rosa create cluster` command creates the cluster-specific Operator IAM roles and the OIDC provider automatically. The Operators use the OIDC provider to authenticate.
-====
 
 . Check the status of your cluster by running the following command:
 +
@@ -69,7 +61,6 @@ $ rosa describe cluster --cluster=<cluster_name>
 +
 The following `State` field changes are listed in the output as the cluster installation progresses:
 +
-* `waiting (Waiting for OIDC configuration)`
 * `pending (Preparing account)`
 * `installing (DNS setup in progress)`
 * `installing`

modules/rosa-hcp-vpc-manual.adoc

@@ -6,7 +6,7 @@
 [id="rosa-hcp-vpc-manual_{context}"]
 = Creating a Virtual Private Cloud manually
 
-To manually create your Virtual Private Cloud (VPC), go to link:https://us-east-1.console.aws.amazon.com/vpc/[the VPC page in the AWS console]. Your VPC must have the following details.
+If you choose to manually create your Virtual Private Cloud (VPC) instead of using Terraform, go to link:https://us-east-1.console.aws.amazon.com/vpc/[the VPC page in the AWS console]. Your VPC must meet the requirements shown in the following table.
 
 .Requirements for your VPC
 [options="header",cols="50,50"]

modules/rosa-hcp-vpc-terraform.adoc

@@ -44,11 +44,11 @@ $ terraform init
 +
 A message confirming the initialization appears when this process completes.
 
-. To build your VPC Terraform plan based off of the downloaded template, run the `plan` command. You can specify a cluster name and your AWS region.
+. To build your VPC Terraform plan based off of the downloaded template, run the `plan` command. You must include your AWS region. Optionally, you can specify a cluster name.
 +
 [source,terminal]
 ----
-$ terraform plan -out rosa.plan [-var aws_region=<region>] [-var cluster_name=<cluster_name>]
+$ terraform plan -out rosa.plan -var aws_region=<region> [-var cluster_name=<cluster_name>]
 ----
 
 . You should have a `rosa.plan` file in the directory that you created in the first step. Apply this plan file to build your VPC by running the following command: