From c8a1bd2172c9e24a84616a8f21f7c4ca03602e6c Mon Sep 17 00:00:00 2001 From: mletalie Date: Wed, 30 Jul 2025 09:21:42 -0400 Subject: [PATCH] cross project --- modules/create-wif-cluster-cli.adoc | 16 ++++++++++++++++ modules/create-wif-cluster-ocm.adoc | 4 ++++ osd_whats_new/osd-whats-new.adoc | 9 ++++++++- 3 files changed, 28 insertions(+), 1 deletion(-) diff --git a/modules/create-wif-cluster-cli.adoc b/modules/create-wif-cluster-cli.adoc index d1a72b30233c..fde6e2ccaa63 100644 --- a/modules/create-wif-cluster-cli.adoc +++ b/modules/create-wif-cluster-cli.adoc @@ -46,10 +46,26 @@ Alternatively, you can use the `manual` mode. In `manual` mode, you are provided $ ocm gcp create wif-config --name \ <1> --project \ <2> --version <3> + --federated-project <4> ---- <1> Replace `` with the name of your WIF configuration. <2> Replace `` with the ID of the {GCP} project where the WIF configuration will be implemented. <3> Optional: Replace `` with the desired {product-title} version the wif-config will need to support. If you do not specify a version, the wif-config will support the latest {product-title} y-stream version as well as the last three supported {product-title} y-stream versions (beginning with version 4.17). +<4> Optional: Replace `` with the ID of the dedicated project where the workload identity pools and providers will be created and managed. If the `--federated-project` flag is not specified, the workload identity pools and providers will be created and managed in the project specified by the `--project` flag. ++ + +[NOTE] +===== +Using a dedicated project to create and manage workload identity pools and providers is recommended by {GCP}. +Using a dedicated project helps you to establish centralized governance over the configuration of workload identity pools and providers, enforce uniform attribute mappings and conditions throughout all projects and applications, and ensure that only authorized identity providers can authenticate with WIF. + +For more information, see link:https://cloud.google.com/iam/docs/best-practices-for-using-workload-identity-federation#dedicated-project[Use a dedicated project to manage workload identity pools and providers]. +===== ++ +[IMPORTANT] +==== +Creating and managing workload identity pools and providers in a dedicated project is only allowed during initial WIF configuration creation. The `--federated-project` flag cannot be applied to existing `wif-configs`. +==== + -- .Example output diff --git a/modules/create-wif-cluster-ocm.adoc b/modules/create-wif-cluster-ocm.adoc index 87f62884fcec..dfe5bb26bbf1 100644 --- a/modules/create-wif-cluster-ocm.adoc +++ b/modules/create-wif-cluster-ocm.adoc @@ -32,9 +32,13 @@ ---- $ ocm gcp create wif-config --name \ <1> --project \ <2> + --version <3> + --federated-project <4> ---- <1> Replace `` with the name of your WIF configuration. <2> Replace `` with the ID of the {GCP} project where the WIF configuration will be implemented. +<3> Optional: Replace `` with the desired {product-title} version the wif-config will need to support. If you do not specify a version, the wif-config will support the latest {product-title} y-stream version as well as the last three supported {product-title} y-stream versions (beginning with version 4.17). +<4> Optional: Replace `` with the ID of the dedicated project where the workload identity pools and providers will be created and managed. If `--federated-project` is not specified, the workload identity pools and providers will be created and managed in the project specified by the `--project flag`. + . Select a configured WIF configuration from the *WIF configuration* drop-down list. If you want to select the WIF configuration you created in the last step, click *Refresh* first. + diff --git a/osd_whats_new/osd-whats-new.adoc b/osd_whats_new/osd-whats-new.adoc index 1e13532d75a0..9b330c28c6f3 100644 --- a/osd_whats_new/osd-whats-new.adoc +++ b/osd_whats_new/osd-whats-new.adoc @@ -16,11 +16,18 @@ With its foundation in Kubernetes, {product-title} is a complete {OCP} cluster p == New changes and updates [id="osd-q2-2025_{context}"] + +=== Q3 2025 +* ** Support for managing workload identity pools and providers in a dedicated {GCP} project.** +{product-title} on {GCP} now supports the option of creating and managing workload identity pools and providers in a specified dedicated project during the creation of a WIF configuration. Red{nbsp}Hat plans on offering this option for existing WIF configurations in an upcoming release. For more information, see xref:../osd_gcp_clusters/creating-a-gcp-cluster-with-workload-identity-federation.adoc#create-wif-configuration_osd-creating-a-cluster-on-gcp-with-workload-identity-federation[Creating a WIF configuration]. + + + === Q2 2025 // * **{product-title} SDN network plugin blocks future major upgrades** * **Updated version requirements for migration from OpenShift SDN to OVN-Kubernetes.** -Your cluster version must be 4.16.43 or above to initiate live migration from the OpenShift SDN network plugin to the OVN-Kubernetes network plugin. +Your cluster version must be 4.16.43 or above to initiate live migration from the OpenShift SDN network plugin to the OVN-Kubernetes network plugin. + If your cluster uses the OpenShift SDN network plugin, you cannot upgrade to future major versions of {product-title} without migrating to OVN-Kubernetes. +