More details from dev

modules/cco-ccoctl-creating-at-once.adoc

@@ -80,9 +80,10 @@ ifdef::aws-sts[]
 $ oc adm release extract \
   --credentials-requests \
   --cloud=aws \
-  --to=<path_to_directory_with_list_of_credentials_requests>/credrequests \ <1>
+  --to=<path_to_directory_with_list_of_credentials_requests>/credrequests \// <1>
   --from=quay.io/<path_to>/ocp-release:<version>
-  --<TBD_new_flag> <2>
+  --included \// <2>
+  --install-config <path_to_directory_with_installation_configuration>/install-config.yaml <3>
 ----
 endif::aws-sts[]
 ifdef::google-cloud-platform[]
@@ -92,7 +93,8 @@ $ oc adm release extract \
   --cloud=gcp \
   --to=<path_to_directory_with_list_of_credentials_requests>/credrequests \ <1>
   --from=quay.io/<path_to>/ocp-release:<version>
-  --<TBD_new_flag> <2>
+  --included \// <2>
+  --install-config <path_to_directory_with_installation_configuration>/install-config.yaml <3>
 ----
 endif::google-cloud-platform[]
 ifdef::alibabacloud-default,alibabacloud-customizations,alibabacloud-vpc[]
@@ -102,86 +104,20 @@ $ oc adm release extract \
   --cloud=alibabacloud \
   --to=<path_to_directory_with_list_of_credentials_requests>/credrequests \ <1>
   $RELEASE_IMAGE
-  --<TBD_new_flag> <2>
+  --included \// <2>
+  --install-config <path_to_directory_with_installation_configuration>/install-config.yaml <3>
 ----
 endif::alibabacloud-default,alibabacloud-customizations,alibabacloud-vpc[]
 +
 <1> `credrequests` is the directory where the list of `CredentialsRequest` objects is stored. This command creates the directory if it does not exist.
-<2> TBD new info for cluster capabilities
+<2> The `--included` parameter includes only the manifests that your specific cluster configuration needs.
+<3> Specify the location of the `install-config.yaml` file.
 +
 [NOTE]
 ====
 This command can take a few moments to run.
 ====
 
-////
-// This step will be made obsolete by a TBD `oc adm release extract` argument. (https://issues.redhat.com/browse/OTA-559)
-ifdef::aws-sts[]
-. If your cluster uses cluster capabilities to disable one or more optional components, delete the `CredentialsRequest` custom resources for any disabled components.
-+
-.Example `credrequests` directory contents for {product-title} 4.12 on AWS
-+
-[source,terminal]
-----
-0000_30_machine-api-operator_00_credentials-request.yaml <1>
-0000_50_cloud-credential-operator_05-iam-ro-credentialsrequest.yaml <2>
-0000_50_cluster-image-registry-operator_01-registry-credentials-request.yaml <3>
-0000_50_cluster-ingress-operator_00-ingress-credentials-request.yaml <4>
-0000_50_cluster-network-operator_02-cncc-credentials.yaml <5>
-0000_50_cluster-storage-operator_03_credentials_request_aws.yaml <6>
-----
-+
-<1> The Machine API Operator CR is required.
-<2> The Cloud Credential Operator CR is required.
-<3> The Image Registry Operator CR is required.
-<4> The Ingress Operator CR is required.
-<5> The Network Operator CR is required.
-<6> The Storage Operator CR is an optional component and might be disabled in your cluster.
-endif::aws-sts[]
-ifdef::google-cloud-platform[]
-. If your cluster uses cluster capabilities to disable one or more optional components, delete the `CredentialsRequest` custom resources for any disabled components.
-+
-.Example `credrequests` directory contents for {product-title} 4.12 on GCP
-+
-[source,terminal]
-----
-0000_26_cloud-controller-manager-operator_16_credentialsrequest-gcp.yaml <1>
-0000_30_machine-api-operator_00_credentials-request.yaml <2>
-0000_50_cloud-credential-operator_05-gcp-ro-credentialsrequest.yaml <3>
-0000_50_cluster-image-registry-operator_01-registry-credentials-request-gcs.yaml <4>
-0000_50_cluster-ingress-operator_00-ingress-credentials-request.yaml <5>
-0000_50_cluster-network-operator_02-cncc-credentials.yaml <6>
-0000_50_cluster-storage-operator_03_credentials_request_gcp.yaml <7>
-----
-+
-<1> The Cloud Controller Manager Operator CR is required.
-<2> The Machine API Operator CR is required.
-<3> The Cloud Credential Operator CR is required.
-<4> The Image Registry Operator CR is required.
-<5> The Ingress Operator CR is required.
-<6> The Network Operator CR is required.
-<7> The Storage Operator CR is an optional component and might be disabled in your cluster.
-endif::google-cloud-platform[]
-ifdef::alibabacloud-default,alibabacloud-customizations,alibabacloud-vpc[]
-. If your cluster uses cluster capabilities to disable one or more optional components, delete the `CredentialsRequest` custom resources for any disabled components.
-+
-.Example `credrequests` directory contents for {product-title} 4.12 on Alibaba Cloud
-+
-[source,terminal]
-----
-0000_30_machine-api-operator_00_credentials-request.yaml <1>
-0000_50_cluster-image-registry-operator_01-registry-credentials-request-alibaba.yaml <2>
-0000_50_cluster-ingress-operator_00-ingress-credentials-request.yaml <3>
-0000_50_cluster-storage-operator_03_credentials_request_alibaba.yaml <4>
-----
-+
-<1> The Machine API Operator CR is required.
-<2> The Image Registry Operator CR is required.
-<3> The Ingress Operator CR is required.
-<4> The Storage Operator CR is an optional component and might be disabled in your cluster.
-endif::alibabacloud-default,alibabacloud-customizations,alibabacloud-vpc[]
-////
-
 ifdef::aws-sts,google-cloud-platform[]
 . Use the `ccoctl` tool to process all `CredentialsRequest` objects in the `credrequests` directory:
 +
@@ -205,6 +141,7 @@ $ ccoctl aws create-all \
 [NOTE]
 ====
 If your cluster uses Technology Preview features that are enabled by the `TechPreviewNoUpgrade` feature set, you must include the `--enable-tech-preview` parameter.
+//Does --included make this obsolete?
 ====
 endif::aws-sts[]
 ifdef::google-cloud-platform[]
@@ -229,6 +166,7 @@ where:
 [NOTE]
 ====
 If your cluster uses Technology Preview features that are enabled by the `TechPreviewNoUpgrade` feature set, you must include the `--enable-tech-preview` parameter.
+//Does --included make this obsolete?
 ====
 endif::google-cloud-platform[]
 
@@ -258,6 +196,7 @@ where:
 [NOTE]
 ====
 If your cluster uses Technology Preview features that are enabled by the `TechPreviewNoUpgrade` feature set, you must include the `--enable-tech-preview` parameter.
+//Does --included make this obsolete?
 ====
 +
 .Example output

modules/cco-ccoctl-creating-individually.adoc

@@ -89,35 +89,13 @@ $ oc adm release extract --credentials-requests \
   --cloud=aws \
   --to=<path_to_directory_with_list_of_credentials_requests>/credrequests \// <1>
   --from=quay.io/<path_to>/ocp-release:<version>
-  --<TBD_new_flag> <2>
+  --included \// <2>
+  --install-config <path_to_directory_with_installation_configuration>/install-config.yaml <3>
 ----
 +
 <1> `credrequests` is the directory where the list of `CredentialsRequest` objects is stored. This command creates the directory if it does not exist.
-<2> TBD new info for cluster capabilities
-
-////
-// This step will be made obsolete by a TBD `oc adm release extract` argument. (https://issues.redhat.com/browse/OTA-559)
-.. If your cluster uses cluster capabilities to disable one or more optional components, delete the `CredentialsRequest` custom resources for any disabled components.
-+
-.Example `credrequests` directory contents for {product-title} 4.12 on AWS
-+
-[source,terminal]
-----
-0000_30_machine-api-operator_00_credentials-request.yaml <1>
-0000_50_cloud-credential-operator_05-iam-ro-credentialsrequest.yaml <2>
-0000_50_cluster-image-registry-operator_01-registry-credentials-request.yaml <3>
-0000_50_cluster-ingress-operator_00-ingress-credentials-request.yaml <4>
-0000_50_cluster-network-operator_02-cncc-credentials.yaml <5>
-0000_50_cluster-storage-operator_03_credentials_request_aws.yaml <6>
-----
-+
-<1> The Machine API Operator CR is required.
-<2> The Cloud Credential Operator CR is required.
-<3> The Image Registry Operator CR is required.
-<4> The Ingress Operator CR is required.
-<5> The Network Operator CR is required.
-<6> The Storage Operator CR is an optional component and might be disabled in your cluster.
-////
+<2> The `--included` parameter includes only the manifests that your specific cluster configuration needs.
+<3> Specify the location of the `install-config.yaml` file.
 
 .. Use the `ccoctl` tool to process all `CredentialsRequest` objects in the `credrequests` directory:
 +
@@ -135,6 +113,7 @@ $ ccoctl aws create-iam-roles \
 For AWS environments that use alternative IAM API endpoints, such as GovCloud, you must also specify your region with the `--region` parameter.
 
 If your cluster uses Technology Preview features that are enabled by the `TechPreviewNoUpgrade` feature set, you must include the `--enable-tech-preview` parameter.
+//Does --included make this obsolete?
 ====
 +
 For each `CredentialsRequest` object, `ccoctl` creates an IAM role with a trust policy that is tied to the specified OIDC identity provider, and a permissions policy as defined in each `CredentialsRequest` object from the {product-title} release image.

modules/cco-ccoctl-deleting-sts-resources.adoc

@@ -82,13 +82,15 @@ $ RELEASE_IMAGE=$(./openshift-install version | awk '/release image/ {print $3}'
 +
 [source,terminal]
 ----
-$ oc adm release extract --credentials-requests \
+$ oc adm release extract
+  --credentials-requests \
   --cloud=gcp \
   --to=<path_to_directory_with_list_of_credentials_requests>/credrequests \ <1>
   $RELEASE_IMAGE
 ----
 +
 <1> `credrequests` is the directory where the list of `CredentialsRequest` objects is stored. This command creates the directory if it does not exist.
+//Does this procedure require the --included flag?
 
 . Delete the GCP resources that `ccoctl` created:
 +

modules/cco-ccoctl-upgrading.adoc

@@ -28,18 +28,16 @@ On AWS clusters, some `ccoctl` commands make AWS API calls to create or modify A
 +
 [source,terminal]
 ----
-$ oc adm release extract --credentials-requests \
-  --cloud=<provider_type> \
-  --to=<path_to_directory_with_list_of_credentials_requests>/credrequests \
-  quay.io/<path_to>/ocp-release:<version>
+$ oc adm release extract \
+  --credentials-requests \
+  --cloud=<provider_type> \// <1>
+  --to=<path_to_directory_with_list_of_credentials_requests>/credrequests \// <2>
+  --from=quay.io/<path_to>/ocp-release:<version> \
+  --included "${WHATEVER_YOU_CURRENTLY_DO_FOR_UPDATE_TARGET_IMAGE}" <3>
 ----
-+
-where:
-+
---
-* `<provider_type>` is the value for your cloud provider. Valid values are `alibabacloud`, `aws`, `gcp`, `ibmcloud`, and `nutanix`.
-* `credrequests` is the directory where the list of `CredentialsRequest` objects is stored. This command creates the directory if it does not exist.
---
+<1> Specify the value for your cloud provider. Valid values are `alibabacloud`, `aws`, `azure`, `gcp`, `ibmcloud`, and `nutanix`.
+<2> Specify the directory where the list of `CredentialsRequest` objects is stored. This command creates the directory if it does not exist.
+<3> WIP
 
 . For each `CredentialsRequest` CR in the release image, ensure that a namespace that matches the text in the `spec.secretRef.namespace` field exists in the cluster. This field is where the generated secrets that hold the credentials configuration are stored.
 +

modules/installation-user-infra-generate-k8s-manifest-ignition.adoc

@@ -366,8 +366,17 @@ release image quay.io/openshift-release-dev/ocp-release:4.y.z-x86_64
 +
 [source,terminal]
 ----
-$ oc adm release extract quay.io/openshift-release-dev/ocp-release:4.y.z-x86_64 --credentials-requests --cloud=azure
-----
+$ oc adm release extract \
+  --credentials-requests \
+  --cloud=azure \
+  --to=<path_to_directory_with_list_of_credentials_requests>/credrequests \ <1>
+  --from=quay.io/<path_to>/ocp-release:<version>
+  --included \// <2>
+  --install-config <path_to_directory_with_installation_configuration>/install-config.yaml <3>
+----
+<1> `credrequests` is the directory where the list of `CredentialsRequest` objects is stored. This command creates the directory if it does not exist.
+<2> The `--included` parameter includes only the manifests that your specific cluster configuration needs.
+<3> Specify the location of the `install-config.yaml` file.
 +
 This command creates a YAML file for each `CredentialsRequest` object.
 +
@@ -415,7 +424,7 @@ stringData:
 [IMPORTANT]
 ====
 The release image includes `CredentialsRequest` objects for Technology Preview features that are enabled by the `TechPreviewNoUpgrade` feature set. You can identify these objects by their use of the `release.openshift.io/feature-set: TechPreviewNoUpgrade` annotation.
-
+//Does --included make this obsolete?
 * If you are not using any of these features, do not create secrets for these objects. Creating secrets for Technology Preview features that you are not using can cause the installation to fail.
 
 * If you are using any of these features, you must create secrets for the corresponding objects.

modules/manually-configure-iam-nutanix.adoc

@@ -46,11 +46,13 @@ $ oc adm release extract \
   --cloud=nutanix \
   --to=<path_to_directory_with_list_of_credentials_requests>/credrequests \// <1>
   quay.io/<path_to>/ocp-release:<version> \
-  --<TBD_new_flag> <2>
+  --included \// <2>
+  --install-config <path_to_directory_with_installation_configuration>/install-config.yaml <3>
 ----
 +
 <1> Specify the path to the directory that contains the files for the component `CredentialsRequests` objects. If the specified directory does not exist, this command creates it.
-<2> TBD new info for cluster capabilities
+<2> The `--included` parameter includes only the manifests that your specific cluster configuration needs.
+<3> Specify the location of the `install-config.yaml` file.
 +
 .Sample `CredentialsRequest` object
 [source,yaml]

modules/manually-create-iam-ibm-cloud.adoc

@@ -88,13 +88,15 @@ $ RELEASE_IMAGE=$(./openshift-install version | awk '/release image/ {print $3}'
 ----
 $ oc adm release extract \
   --cloud=<provider_name> \
-  --credentials-requests $RELEASE_IMAGE \ <1>
-  --to=<path_to_credential_requests_directory> <2>
-  --<TBD_new_flag> <3>
+  --credentials-requests $RELEASE_IMAGE \// <1>
+  --to=<path_to_credential_requests_directory> \// <2>
+  --included \// <3>
+  --install-config <path_to_directory_with_installation_configuration>/install-config.yaml <4>
 ----
 <1> The name of the provider. For example: `ibmcloud` or `powervs`.
 <2> The directory where the credential requests will be stored.
-<3> TBD new info for cluster capabilities
+<3> The `--included` parameter includes only the manifests that your specific cluster configuration needs.
+<4> Specify the location of the `install-config.yaml` file.
 +
 This command creates a YAML file for each `CredentialsRequest` object.
 +

modules/manually-create-identity-access-management.adoc

@@ -105,7 +105,7 @@ release image quay.io/openshift-release-dev/ocp-release:4.y.z-x86_64
 +
 [source,terminal]
 ----
-$ oc adm release extract quay.io/openshift-release-dev/ocp-release:4.y.z-x86_64 \
+$ oc adm release extract \
   --credentials-requests \
 ifdef::aws[]
   --cloud=aws
@@ -116,7 +116,14 @@ endif::azure,ash[]
 ifdef::google-cloud-platform[]
   --cloud=gcp
 endif::google-cloud-platform[]
+  --to=<path_to_directory_with_list_of_credentials_requests>/credrequests \ <1>
+  --from=quay.io/<path_to>/ocp-release:<version>
+  --included \// <2>
+  --install-config <path_to_directory_with_installation_configuration>/install-config.yaml <3>
 ----
+<1> `credrequests` is the directory where the list of `CredentialsRequest` objects is stored. This command creates the directory if it does not exist.
+<2> The `--included` parameter includes only the manifests that your specific cluster configuration needs.
+<3> Specify the location of the `install-config.yaml` file.
 +
 This command creates a YAML file for each `CredentialsRequest` object.
 +
@@ -231,7 +238,7 @@ endif::google-cloud-platform[]
 [IMPORTANT]
 ====
 The release image includes `CredentialsRequest` objects for Technology Preview features that are enabled by the `TechPreviewNoUpgrade` feature set. You can identify these objects by their use of the `release.openshift.io/feature-set: TechPreviewNoUpgrade` annotation.
-
+//Does --included make this obsolete?
 * If you are not using any of these features, do not create secrets for these objects. Creating secrets for Technology Preview features that you are not using can cause the installation to fail.
 
 * If you are using any of these features, you must create secrets for the corresponding objects.

modules/manually-maintained-credentials-upgrade.adoc

@@ -23,8 +23,6 @@ The "Manually creating IAM" section of the installation content for your cloud p
 * If the `CredentialsRequest` custom resources for any existing credentials that are stored in secrets have changed permissions requirements, update the permissions as required.
 --
 
-////
-// This step will be made obsolete by a TBD `oc adm release extract` argument. (https://issues.redhat.com/browse/OTA-559)
 . If your cluster uses cluster capabilities to disable one or more optional components, delete the `CredentialsRequest` custom resources for any disabled components.
 +
 .Example `credrequests` directory contents for {product-title} 4.12 on AWS
@@ -70,7 +68,6 @@ The "Manually creating IAM" section of the installation content for your cloud p
 <6> The Network Operator CR is required.
 <7> The Storage Operator CR is an optional component and might be disabled in your cluster.
 --
-////
 
 .Next steps
 * Update the `upgradeable-to` annotation to indicate that the cluster is ready to upgrade.