Red Hat SummitChapter 3. Approved access
With Red Hat Site Reliability Engineering (SRE), you typically do not need elevated access to systems to do normal operations to manage and support your Red Hat OpenShift Service on AWS clusters. If you have elevated access, you can give SRE the access levels of a cluster-admin role.
In the unlikely event that SRE needs elevated access to systems, use the Approved Access interface to review and approve or deny access to these systems. SRE can create elevated access requests to Red Hat OpenShift Service on AWS clusters and the corresponding cloud accounts in response to a customer-initiated support ticket or to alerts as part of the standard incident response process.
When you enable Approved Access and an SRE creates an access request, cluster owners receive an email notification informing them of a new access request. The email notification has a link allowing the cluster owner to approve or deny the access request. If you do not respond to this request, there is a risk to your service-level agreement (SLA) for Red Hat OpenShift Service on AWS.
Denying an access request requires you to complete the Justification field. In this case, SRE cannot directly act on the resources related to the incident. Customers can still use the Red Hat Customer Support resource to help investigate and resolve any issues.
3.1. Enabling approved access for ROSA clusters by submitting a support case
Red Hat OpenShift Service on AWS Approved Access is not enabled by default. To enable Approved Access for your Red Hat OpenShift Service on AWS clusters, you should create a support ticket.
Procedure
- Log in to the Customer Support page of the Red Hat Customer Portal.
- Click Get support.
On the Cases tab of the Customer support page:
- Optional: Change the pre-filled account and owner details if needed.
- Select the Configuration category and click Continue.
Enter the following information:
- In the Product field, select Red Hat OpenShift Service on AWS Hosted control planes.
- In the Problem statement field, enter Enable ROSA Access Protection.
- Click See more options.
- Select OpenShift Cluster ID from the drop-down list.
Fill the remaining mandatory fields in the form:
What are you experiencing? What are you expecting to happen?
- Fill with Approved Access.
Define the value or impact to you or the business.
- Fill with Approved Access.
- Click Continue.
- Select Severity as 4(Low) and click Continue.
- Preview the case details and click Submit.
3.2. Reviewing an access request from an email notification
Cluster owners receive an email notification when Red Hat Site Reliability Engineering (SRE) request access to their cluster with a link to review the request in the Hybrid Cloud Console.
Procedure
- Click the link within the email to bring you to the Hybrid Cloud Console.
In the Access Request Details dialog, click Approve or Deny under Decision.
NoteDenying an access request requires you to complete the Justification field. In this case, SRE cannot directly act on the resources related to the incident. Customers can still use the Customer Support to help investigate and resolve any issues.
- Click Save.
3.3. Reviewing an access request from the Hybrid Cloud Console
Review access requests for your Red Hat OpenShift Service on AWS clusters from the Hybrid Cloud Console.
Procedure
- Navigate to OpenShift Cluster Manager and select Cluster List.
- Click the cluster name to review the Access Request.
- Select the Access Requests tab to list all states.
- Select Open under Actions for the Pending state.
In the Access Request Details dialog, click Approve or Deny under Decision.
NoteDenying an access request requires you to complete the Justification field. In this case, Site Reliability Engineering (SRE) cannot directly act on the resources related to the incident. Customers can still use the Customer Support to help investigate and resolve any issues.
- Click Save.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}