Secret Creation for ROSA - Non STS Cluster

[nfrankish]

The documentation provided has options for ROSA around creating the credential when its a STS enabled cluster - see https://access.redhat.com/documentation/en-us/red_hat_openshift_service_on_aws/4/html/tutorials/cloud-experts-aws-load-balancer-operator.

However on a non STS ROSA cluster, there is no documentation for the requirements or provisioning of the secret.

The operator fails to install, and the operator details page highlights that a secret needs to be created (see attachment 1) - however, in a ROSA cluster that action is blocked - See attachment 2

[alebedev87]

I'm not a ROSA expert and I cannot say to which extent the non STS mode is recommended. I just know that it's not the default mode anymore. So, I don't know whether it's a documentation gap or an intent.

As a workaround I can propose to use the OCP documentation.

[nfrankish]

Yeah appreciate that its now no longer the default, however we have two existing clusters that were stuck with for the forseable future. That documentation appears to still be fore a STS cluster. Ill open a case with RedHat as well for options.

[candita]

/assign @alebedev87

[alebedev87]

@nfrankish : I believe the creation of CredentialsRequest resources was unblocked in the recent ROSA versions. That allowed us to implement the new STS flow based on the self credentials provisioning, see #113. The OCP documentation can help you to understand how to create and provide IAM role to the operator and controller (ROSA uses STS mode by default).

[nfrankish]

Thanks for the update - i know it started working for us recently, so probably related. Thanks for checking in!