-
Notifications
You must be signed in to change notification settings - Fork 39
docs: DOC-2415 and DOC-1897: AWS Secret Cleanup + MirrorRegistry v2 Endpoints #9151
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. Weβll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
Merged
Changes from 6 commits
Commits
Show all changes
14 commits
Select commit
Hold shift + click to select a range
f9e689f
Rough draft
achuribooks d8e373e
Merge docs-rel-4-8-a into DOC-2415
achuribooks 7a361b6
Rough draft complete
achuribooks 64d4813
Fixing links
achuribooks 1635c39
Apply suggestions from code review
achuribooks 6067efd
mirrorRegistry fix
achuribooks abe2f3e
ci: auto-formatting prettier issues
achuribooks 59fe3ae
Additional cleanup
achuribooks c7c4a2e
Merge docs-rel-4-8-a into DOC-2415
achuribooks 2285e41
Update custom.scss
achuribooks 390eec2
Apply suggestions from code review
achuribooks b5063fc
Merge branch 'docs-rel-4-8-a' into DOC-2415
achuribooks 31a25b8
ci: auto-formatting prettier issues
achuribooks cabcb2e
Missing link + erroneous Azure mention
achuribooks File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file was deleted.
Oops, something went wrong.
File renamed without changes.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,12 @@ | ||
| --- | ||
| partial_category: clusters-aws-account-setup | ||
| partial_name: aws-account-setup-validate | ||
| --- | ||
|
|
||
| 1. Log in to [Palette](https://console.spectrocloud.com) as a tenant admin. | ||
|
|
||
| 2. From the left main menu, select **Tenant Settings**. | ||
|
|
||
| 3. From the **Tenant Settings Menu**, select **Cloud Accounts**. | ||
|
|
||
| 4. Verify that your AWS account appears in the **AWS** section. |
40 changes: 40 additions & 0 deletions
40
_partials/clusters/aws/_aws-dynamic-credentials-enablement-1.mdx
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,40 @@ | ||
| --- | ||
| partial_category: clusters-aws-account-setup | ||
| partial_name: aws-dynamic-credentials-enablement-1 | ||
| --- | ||
|
|
||
| 1. Log in to [Palette](https://console.spectrocloud.com) as a tenant admin. | ||
|
|
||
| 2. From the left main menu, select **Tenant Settings**. | ||
|
|
||
| 3. From the **Tenant Settings Menu**, select **Cloud Accounts**. | ||
|
|
||
| 4. Locate the **AWS** section and select **Add AWS Account**. | ||
|
|
||
| 5. Fill out the following information. | ||
|
|
||
| | **Palette Parameter** | **Description** | | ||
| | -------------------------- | --------------------------------------------------------------------------------------------------- | | ||
| | **Account Name** | Enter a custom account name. The account name must be unique within the tenant scope. | | ||
| | **Description (Optional)** | Enter a description for the cloud account. | | ||
| | **Partition** | Select **{props.partition}**. | | ||
| | **STS** | Select **STS** to authenticate your AWS account using STS credentials and reveal the **ARN** field. | | ||
|
|
||
| 6. When you select **STS**, the right side of the wizard populates with details on how to create an IAM role for | ||
| Palette. Log in to your AWS account and begin the IAM role creation process by navigating to **IAM > Roles > Create | ||
| role**. The following table expands on the information provided by the wizard. | ||
|
|
||
| | **AWS Parameter** | **Description** | | ||
| | ------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | ||
| | **Trusted entity type** | Select **AWS account**. In the **An AWS account** section, select **Another AWS account**. | | ||
| | **Account ID** | Copy the **Account ID** displayed on the Palette wizard. If using a self-hosted instance, this is the same AWS account that you configured for your Palette or VerteX instance to enable STS. Refer to the appropriate [Enable Adding AWS Accounts Using STS - Palette](/enterprise-version/system-management/configure-aws-sts-account/) or [Enable Adding AWS Accounts Using STS - VerteX](/vertex/system-management/configure-aws-sts-account/) guide for more information. | | ||
| | **Require external ID** | In the **An AWS account** section, below **Options**, select **Require External ID**. | | ||
| | **External ID** | Copy the **External ID** displayed on the Palette wizard. This ID is generated by Palette or VerteX and is different for each tenant. | | ||
| | **Permissions policies** | Search for and select the [required IAM policies](/clusters/public-cloud/aws/required-iam-policies/): **PaletteControllerPolicy**, **PaletteControlPlanePolicy**, **PaletteDeploymentPolicy**, and **PaletteNodesPolicy**. If deploying EKS clusters, add the **PaletteControllersEKSPolicy** as well. | | ||
| | **Role name** | In the **Role details** section, enter `SpectroCloudRole` for the **Role name**. | | ||
|
|
||
| 7. Your new role appears in the **Roles** list. Locate and select the new role. In the **Summary** section, copy the | ||
| Amazon Resource Name (**ARN**) for the role. | ||
|
|
||
| 8. In Palette, paste the role ARN into the **ARN** field. | ||
|
|
||
17 changes: 17 additions & 0 deletions
17
_partials/clusters/aws/_aws-dynamic-credentials-prerequisites.mdx
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,17 @@ | ||
| --- | ||
| partial_category: clusters-aws-account-setup | ||
| partial_name: aws-dynamic-credentials-prerequisites | ||
| --- | ||
|
|
||
| - A Palette account with [tenant admin](/tenant-settings/) access. | ||
|
|
||
| - An AWS account with the [required IAM policies](/clusters/public-cloud/aws/required-iam-policies/). | ||
|
|
||
| - The ability to create an [IAM role](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user.html) | ||
| that Palette can assume using STS. You will create the role while adding your AWS account to Palette. | ||
|
|
||
| - (Self-hosted Palette and Palette VerteX only) By default, adding AWS accounts using STS is disabled in self-hosted | ||
| Palette and Palette VerteX. To allow tenants to add AWS accounts using STS, refer to the appropriate | ||
| [Enable Adding AWS Accounts Using STS - Palette](/enterprise-version/system-management/configure-aws-sts-account/) | ||
| or [Enable Adding AWS Accounts Using STS - VerteX](/vertex/system-management/configure-aws-sts-account/) | ||
| guide. |
24 changes: 24 additions & 0 deletions
24
_partials/clusters/aws/_aws-static-credentials-enablement-1.mdx
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,24 @@ | ||
| --- | ||
| partial_category: clusters-aws-account-setup | ||
| partial_name: aws-static-credentials-enablement-1 | ||
| --- | ||
|
|
||
| 1. Log in to [Palette](https://console.spectrocloud.com) as a tenant admin. | ||
|
|
||
| 2. From the left main menu, select **Tenant Settings**. | ||
|
|
||
| 3. From the **Tenant Settings Menu**, select **Cloud Accounts**. | ||
achuribooks marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
|
||
|
|
||
| 4. Locate the **AWS** section and select **Add AWS Account**. | ||
|
|
||
| 5. Fill out the following information. | ||
|
|
||
| | **Parameter** | **Description** | | ||
| | --------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | ||
| | **Account Name** | Enter a custom account name. The account name must be unique within the tenant scope. | | ||
| | **Description (Optional)** | Enter a description for the cloud account. | | ||
| | **Partition** | Select **{props.partition}**. | | ||
| | **Credentials** | Select **Credentials** to authenticate your AWS account using static access credentials and reveal the fields **Access key** and **Secret access key**. | | ||
| | **Access key** | Enter your IAM user's access key. This is found in the **Summary** section of your AWS **IAM > Users** dashboard. Refer to [Manage access keys for IAM users](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html) for more information on access keys. | | ||
| | **Secret access key** | Enter your IAM user's secret access key that corresponds to the **Access key**. This key cannot be viewed or regenerated after the initial creation of your **Access key**. If you cannot retrieve your secret access key, you must create a new access key pair. | | ||
|
|
||
9 changes: 9 additions & 0 deletions
9
_partials/clusters/aws/_aws-static-credentials-prerequisites.mdx
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,9 @@ | ||
| --- | ||
| partial_category: clusters-aws-account-setup | ||
| partial_name: aws-static-credentials-prerequisites | ||
| --- | ||
|
|
||
| - A {props.edition} account with [tenant admin](/tenant-settings/) access. | ||
|
|
||
| - An AWS account with an [IAM user](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_create.html) for {props.edition}. | ||
| The IAM user must be assigned the [required IAM policies](/clusters/public-cloud/aws/required-iam-policies/). |
13 changes: 13 additions & 0 deletions
13
_partials/clusters/aws/_aws-static-dynamic-credentials-enablement-2.mdx
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,13 @@ | ||
| --- | ||
| partial_category: clusters-aws-account-setup | ||
| partial_name: aws-static-dynamic-credentials-enablement-2 | ||
| --- | ||
|
|
||
| Select **Validate** to verify your AWS credentials. A green check mark indicates valid credentials. You cannot add your AWS account to Palette until you verify your credentials. | ||
|
|
||
| <li>Once your credentials are verified, the **Add IAM Policies** toggle is displayed. Toggle **Add IAM Policies** on and use the **Policies** drop-down menu to select any desired IAM policies you want to assign to the Palette IAM user. </li> | ||
|
|
||
| <li>To deploy clusters to your AWS cloud through a [Private Cloud Gateway (PCG)](/clusters/pcg/architecture/), toggle **Connect Private Cloud Gateway** on and select a **Private Cloud Gateway** from the drop-down menu. The PCG must be deployed and registered with {props.edition} at **Tenant Settings > Private Cloud Gateway** in order to select it. </li> | ||
|
|
||
| <li>Select **Confirm** to add your AWS account to Palette.</li> | ||
|
|
37 changes: 37 additions & 0 deletions
37
_partials/clusters/aws/eks-pod-identity/_eks-pod-identity-enablement.mdx
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,37 @@ | ||
| --- | ||
| partial_category: eks-pod-identity | ||
| partial_name: eks-pod-identity-enablement | ||
| --- | ||
|
|
||
| 1. Log in to [Palette](https://console.spectrocloud.com) as a tenant admin. | ||
|
|
||
| 2. From the left main menu, select **Tenant Settings**. | ||
|
|
||
| 3. From the **Tenant Settings Menu**, select **Cloud Accounts**. | ||
achuribooks marked this conversation as resolved.
Outdated
Show resolved
Hide resolved
|
||
|
|
||
| 4. Locate the **AWS** section and select **Add AWS Account**. | ||
|
|
||
| 5. Fill out the following information. | ||
|
|
||
| | **Palette Parameter** | **Description** | | ||
| | -------------------------- | --------------------------------------------------------------------------------------------------- | | ||
| | **Account Name** | Enter a custom account name. The account name must be unique within the tenant scope. | | ||
| | **Description (Optional)** | Enter a description for the cloud account. | | ||
| | **Partition** | Select **{props.partition}**. | | ||
| | **EKS Pod Identity** | Select **EKS Pod Identity** to authenticate your AWS account using the EKS Pod Identity method and reveal the **ARN** field. | | ||
|
|
||
| 6. In the AWS console, navigate to **IAM > Roles**, and select the new IAM role created for Palette (for example,`SpectroCloudRole`). In the **Summary** section, copy the Amazon Resource Name (**ARN**) for the role. | ||
|
|
||
| 7. In Palette, paste the role ARN into the **ARN** field. | ||
|
|
||
| 8. Select **Validate** to verify your AWS credentials. A green check mark indicates valid credentials. You cannot add your AWS account to Palette until you verify your credentials. | ||
|
|
||
| The **Add IAM Policies** option appears after successful validation. Leave this blank, as the required IAM policies have already been assigned to the IAM role created for Palette (for | ||
| example, `SpectroCloudRole`). | ||
|
|
||
| 9. (Optional) To set a | ||
| [permission boundary](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html), toggle | ||
| **Add Permission Boundary** on and provide the ARN of a IAM policy or role in the **Permission Boundary ARN** | ||
| field. | ||
|
|
||
| 10. Select Confirm to add your AWS account to Palette. | ||
File renamed without changes.
File renamed without changes.
File renamed without changes.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
File renamed without changes.
File renamed without changes.
35 changes: 0 additions & 35 deletions
35
_partials/eks-pod-identity/_eks-pod-identity-enablement.mdx
This file was deleted.
Oops, something went wrong.
Oops, something went wrong.
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.