OIDC setup for Deployments is hard for a user to find #14549
Description
We mention nothing about OIDC setup in Deployments in the docs, at least from the quick scan I did of the tree and the outline of several docs.
In order for Deployments to do anything useful, the user is going to have to get cloud credentials into their deployment workflow.
There are several ways to do this:
- Use an ESC environment to get temporary credentials.
- Configure OIDC directly between Deployments and a public cloud provider. I can't see any reason why someone would use this over an ESC environment since if they are using Deployments, they are using a paid feature, and would therefore probably be fine using another paid feature: ESC.
- Hard-code credentials in Deployments environment variables.
The way we have this info arranged in the docs is under "Identity and Access Management", per cloud, which makes it really hard to connect back to the actual problem a user is trying to solve, which is "How do I get credentials so my Deployments pipeline actually works".
We need to make sure the docs make it easy for the user to solve this problem. The easiest thing to do is to ensure that we have a big callout (info level) that explains that cloud creds are necessary, a common problem, and then provide links to the solutions, both for the major clouds whose OIDC we support, and also what to do with other secrets like API keys, tokens, etc.