From 6b75f2c3932ba7a06d0d33bf1e0b2e0d9e5b8372 Mon Sep 17 00:00:00 2001 From: xenolinux Date: Fri, 14 Nov 2025 12:21:45 +0530 Subject: [PATCH] OSDOCS#14994: Minor SSCSI fixes --- modules/secrets-store-aws.adoc | 33 ++++++++++++++++---------------- modules/secrets-store-azure.adoc | 16 ++++++++-------- 2 files changed, 24 insertions(+), 25 deletions(-) diff --git a/modules/secrets-store-aws.adoc b/modules/secrets-store-aws.adoc index 102a9cbdafe4..55843e93cd7b 100644 --- a/modules/secrets-store-aws.adoc +++ b/modules/secrets-store-aws.adoc @@ -15,27 +15,27 @@ endif::[] [id="secrets-store-aws_{context}"] = Mounting secrets from {secrets-store-provider} -You can use the {secrets-store-operator} to mount secrets from {secrets-store-provider} to a CSI volume in {product-title}. To mount secrets from {secrets-store-provider}, your cluster must be installed on AWS and use AWS Security Token Service (STS). +You can use the {secrets-store-operator} to mount secrets from {secrets-store-provider} to a CSI volume in {product-title}. To mount secrets from {secrets-store-provider}, your must install your cluster on AWS and use AWS Security Token Service (STS). [IMPORTANT] ==== -It is not supported to use the {secrets-store-operator} with {secrets-store-provider} in a hosted control plane cluster. +To use the {secrets-store-operator} with {secrets-store-provider} is not supported in {hcp}. ==== .Prerequisites -* Your cluster is installed on AWS and uses AWS Security Token Service (STS). -* You have installed the {secrets-store-operator}. See _Installing the {secrets-store-driver}_ for instructions. -* You have configured {secrets-store-provider} to store the required secrets. -* You have extracted and prepared the `ccoctl` binary. -* You have installed the `jq` CLI tool. * You have access to the cluster as a user with the `cluster-admin` role. +* You have installed the `jq` tool. +* You have extracted and prepared the `ccoctl` utility. +* You have installed the cluster on {aws-first} and the cluster uses {aws-short} Security Token Service (STS). +* You have installed the {secrets-store-operator}. For more information, see "Installing the {secrets-store-driver}". +* You have configured {secrets-store-provider} to store the required secrets. .Procedure . Install the {secrets-store-provider} provider: -.. Create a YAML file with the following configuration for the provider resources: +.. Create a YAML file by using the following example configuration: + [IMPORTANT] ==== @@ -153,24 +153,23 @@ $ oc adm policy add-scc-to-user privileged -z csi-secrets-store-provider-aws -n $ oc apply -f aws-provider.yaml ---- -. Grant permission to allow the service account to read the AWS secret object: +. Grant the read permission to the service account for the AWS secret object: .. Create a directory to contain the credentials request by running the following command: + [source,terminal] ---- -$ mkdir credentialsrequest-dir-aws +$ mkdir ---- -.. Create a YAML file with the following configuration for the credentials request: +.. Create a YAML file that defines the `CredentialsRequest` resource configuration. See the following example configuration: + -.Example `credentialsrequest.yaml` file [source,yaml] ---- apiVersion: cloudcredential.openshift.io/v1 kind: CredentialsRequest metadata: - name: aws-provider-test + name: aws-creds-request namespace: openshift-cloud-credential-operator spec: providerSpec: @@ -196,10 +195,10 @@ endif::aws-systems-manager-parameter-store[] name: aws-creds namespace: my-namespace serviceAccountNames: - - aws-provider + - ---- -.. Retrieve the OIDC provider by running the following command: +.. Retrieve the OpenID Connect (OIDC) provider by running the following command: + [source,terminal] ---- @@ -219,8 +218,8 @@ Copy the OIDC provider name `` from the output to use in the ---- $ ccoctl aws create-iam-roles \ --name my-role --region= \ - --credentials-requests-dir=credentialsrequest-dir-aws \ - --identity-provider-arn arn:aws:iam:::oidc-provider/ --output-dir=credrequests-ccoctl-output + --credentials-requests-dir= \ + --identity-provider-arn arn:aws:iam:::oidc-provider/ --output-dir= ---- + .Example output diff --git a/modules/secrets-store-azure.adoc b/modules/secrets-store-azure.adoc index 87b8628518ae..91274125ed36 100644 --- a/modules/secrets-store-azure.adoc +++ b/modules/secrets-store-azure.adoc @@ -6,14 +6,14 @@ [id="secrets-store-azure_{context}"] = Mounting secrets from Azure Key Vault -You can use the {secrets-store-operator} to mount secrets from Azure Key Vault to a CSI volume in {product-title}. To mount secrets from Azure Key Vault, your cluster must be installed on Microsoft Azure. +You can use the {secrets-store-operator} to mount secrets from Azure Key Vault to a Container Storage Interface (CSI) volume in {product-title}. To mount secrets from Azure Key Vault, your cluster must be installed on Microsoft Azure. .Prerequisites * Your cluster is installed on Azure. -* You have installed the {secrets-store-operator}. See _Installing the {secrets-store-driver}_ for instructions. -* You have configured Azure Key Vault to store the required secrets. -* You have installed the Azure CLI (`az`). +* You installed the {secrets-store-operator}. See _Installing the {secrets-store-driver}_ for instructions. +* You configured Azure Key Vault to store the required secrets. +* You installed the Azure CLI (`az`). * You have access to the cluster as a user with the `cluster-admin` role. .Procedure @@ -283,11 +283,11 @@ $ oc create -f deployment.yaml * Verify that you can access the secrets from Azure Key Vault in the pod volume mount: -.. List the secrets in the pod mount: +.. List the secrets in the pod mount by running the following command: + [source,terminal] ---- -$ oc exec busybox- -n my-namespace -- ls /mnt/secrets-store/ +$ oc exec my-azure-deployment- -n my-namespace -- ls /mnt/secrets-store/ ---- + .Example output @@ -296,11 +296,11 @@ $ oc exec busybox- -n my-namespace -- ls /mnt/secrets-store/ secret1 ---- -.. View a secret in the pod mount: +.. View a secret in the pod mount by running the following command: + [source,terminal] ---- -$ oc exec busybox- -n my-namespace -- cat /mnt/secrets-store/secret1 +$ oc exec my-azure-deployment- -n my-namespace -- cat /mnt/secrets-store/secret1 ---- + .Example output