After you have an OpenShift Dedicated subscription, you can access your services and create your cluster.

Understanding your cluster cloud options

OpenShift Dedicated offers OpenShift Container Platform clusters as a managed service on Amazon Web Services (AWS) or Google Cloud Platform (GCP). You can use your existing cloud account to leverage discounts, or purchase a standard cluster through Red Hat.

Standard clusters

Standard OpenShift Dedicated clusters are deployed into their own AWS or GCP infrastructure accounts, each owned by Red Hat. Red Hat is responsible for this account, and cloud infrastructure costs are paid directly by Red Hat. The customer only pays the Red Hat subscription costs.

Customer Cloud Subscription (CCS)

Red Hat OpenShift Dedicated provides a Customer Cloud Subscription (CCS) model that allows Red Hat to deploy and manage OpenShift Dedicated into a customer’s AWS or GCP account. Red Hat requires several prerequisites be met in order to provide this service and this service is supported by Red Hat Site Reliability Engineers (SRE).

In the Customer Cloud Subscription model, the customer pays the cloud infrastructure provider directly for cloud costs and the cloud infrastructure account is part of a customer’s Organization, with specific access granted to Red Hat. The customer will have restricted access to this account, but is able to view billing and usage information. In this model, the customer pays Red Hat for the CCS subscription and pays the cloud provider for the cloud costs.

Creating a cluster on AWS

You can create an OpenShift Dedicated cluster on Amazon Web Services (AWS) using a standard cloud account owned by Red Hat or with your own cloud account using the Customer Cloud Subscription (CCS) model.

Using the CCS model to deploy and manage OpenShift Dedicated into your AWS account requires several prerequisites to be met.

Prerequisites
  • Your AWS account is configured for use with OpenShift Dedicated.

  • No services are deployed in your AWS account.

  • The necessary quotas and limits needed to support the desired cluster size are available in your AWS account.

  • An IAM user called osdCcsAdmin exists with the AdministratorAccess policy attached.

  • An Organization Service Control Policy (SCP) is set up.

  • It is recommended that you have at least Business Support from AWS.

Procedure
  1. Log in to OpenShift Cluster Manager (OCM).

  2. Click Create ClusterRed Hat OpenShift DedicatedCreate Cluster.

  3. Select AWS as your infrastructure provider.

  4. Select your billing model.

    • Standard is selected by default.

    • If you select the Customer cloud subscription model, an informational dialogue window will open. Review the prerequisites for installing an AWS CCS cluster and click Close. You must provide the following AWS account details before continuing with your cluster creation:

      1. Enter your AWS account ID.

      2. Enter your AWS access key ID and AWS secret access key to input your AWS IAM user credentials.

        Revoking these credentials in AWS will result in a loss of access to any cluster created with these credentials.

      3. Optional: You can select Bypass AWS Service Control Policy (SCP) checks. Some AWS SCPs will cause the installation to fail, even if the credentials have the correct permissions. Disabling SCP checks allows installation to proceed. The SCP will still be enforced even if the checks are bypassed.

  5. Enter your Cluster name.

  6. Select a Region and choose either a Single zone or Multizone availability.

  7. Select your Compute node instance type and the Compute node count (per zone). After your cluster is created, you can change the number of compute nodes in your cluster, but you can not change the worker node instance type. The number and types of nodes available to you depend on your OpenShift Dedicated subscription.

  8. Optional: Expand Edit node labels to add labels to your nodes. Click Add label to add more node labels.

  9. If you are creating a standard OpenShift Dedicated cluster, select the amount of Persistent storage and Load balancers you want to set on the deployed cluster. You can also accept the provided defaults.

  10. Select your preferred network configuration.

    • Basic is selected by default. This setting creates a new VPC for your cluster using the default values.

    • Select Advanced if you want to install into an existing VPC (CCS clusters only), configure your networking IP ranges, or set your cluster privacy.

      1. Enter the Availability zone, Private subnet ID, and the Public subnet ID to install into an existing VPC.

      2. Enter the desired values to configure your network IP ranges or enter the following defaults:

        1. Node CIDR: 10.0.0.0/16

        2. Service CIDR: 172.30.0.0/16

        3. Pod CIDR: 10.128.0.0/14

        4. Host Prefix: /23

      3. Select your preferred cluster privacy. Private is selected by default.

    CIDR configurations cannot be changed later. Confirm your selections with your network administrator before proceeding.

    If the cluster privacy is set to Private, you will not be able to access your cluster until you configure private connections in your cloud provider.

  11. Select your cluster update method.

    • Manual is selected by default. With this option, you are responsible for updating your cluster. If your cluster version falls too far behind, it will be automatically updated.

    • Select Automatic if you want your cluster to be automatically upgraded when new versions are available. If you opt for automatic upgrades, you must specify the preferred day of the week and the time (UTC) for the upgrade to start.

      High and Critical security concerns (CVEs) will be patched automatically within 48 hours, regardless of your chosen update strategy.

  12. Optional: You can set a grace period for Node Draining during cluster upgrades. A 1 hour grace period is set by default.

  13. Click Create cluster. The cluster creation process begins and takes about 30-40 minutes to complete.

Verification
  • The Installing cluster heading, under the Overview tab, indicates that the cluster is installing and you can view the installation logs from this heading. The Status indicator under the Details heading indicates when your cluster is Ready for use.

Creating a cluster on GCP

You can create an OpenShift Dedicated cluster on Google Cloud Platform (GCP) using a standard cloud account owned by Red Hat or with your own cloud account using the Customer Cloud Subscription (CCS) model.

Using the CCS model to deploy and manage OpenShift Dedicated into your GCP account requires several prerequisites to be met.

Prerequisites
  • Your GCP account has been configured for use with OpenShift Dedicated.

  • The necessary resource quotas and limits needed to support the desired cluster size are available in your GCP account.

  • A GCP project has already been created.

    The project name must be 10 characters or less.

  • An IAM service account in GCP called osd-ccs-admin with the following roles attached:

    • DNS Administrator

    • Organization Policy Viewer Owner

    • Project IAM Admin

    • Service Management Administrator

    • Service Usage Admin

    • Storage Admin

  • A key has been created for your GCP service account and exported to a file named osServiceAccount.json.

  • It is recommended that you have at least Production Support from GCP.

  • To prevent potential conflicts, it is recommended that no other resources are provisioned in the project prior to provisioning OpenShift Dedicated.

Procedure
  1. Log in to OpenShift Cluster Manager (OCM).

  2. Click Create ClusterRed Hat OpenShift DedicatedCreate cluster.

  3. Select Google Cloud as your infrastructure provider.

  4. Select your billing model.

    • Standard is selected by default.

    • If you select the Customer cloud subscription model, an informational dialogue window will open. Review the prerequisites for installing a GCP CCS cluster and click Close. You must provide your GCP service account information with a JSON file. Click Browse to locate and attach the Service account JSON file to your cluster.

  5. Enter your Cluster name.

  6. Select a Region and choose either a Single zone or Multizone availability.

  7. Select your Compute node instance type and the Compute node count (per zone). After your cluster is created, you can change the number of compute nodes in your cluster, but you can not change the worker node instance type. The number and types of nodes available to you depend on your OpenShift Dedicated subscription.

  8. Optional: Expand Edit node labels to add labels to your nodes. Click Add label to add more node labels.

  9. If you are creating a standard OpenShift Dedicated cluster, select the amount of Persistent storage and Load balancers you want to set on the deployed cluster. You can also accept the provided defaults.

  10. Select your preferred network configuration.

    • Basic is selected by default. This setting creates a new VPC for your cluster using the default values.

    • Select Advanced if you want to configure your networking IP ranges or set your cluster privacy.

      1. Enter the desired values to configure your network IP ranges or enter the following defaults:

        1. Node CIDR: 10.0.0.0/16

        2. Service CIDR: 172.30.0.0/16

        3. Pod CIDR: 10.128.0.0/14

        4. Host Prefix: /23

      2. If you are creating a CCS OpenShift Dedicated cluster, you can enable private clusters. This option is not available for standard clusters. Select your preferred cluster privacy. Private is selected by default.

    CIDR configurations cannot be changed later. Confirm your selections with your network administrator before proceeding.

    If the cluster privacy is set to Private, you will not be able to access your cluster until you configure private connections in your cloud provider.

  11. Select your cluster update method.

    • Manual is selected by default. With this option, you are responsible for updating your cluster. If your cluster version falls too far behind, it will be automatically updated.

    • Select Automatic if you want your cluster to be automatically upgraded when new versions are available. If you opt for automatic upgrades, you must specify the preferred day of the week and the time (UTC) for the upgrade to start.

    High and Critical security concerns (CVEs) are patched automatically within 48 hours, regardless of your chosen update strategy.

  12. Optional: You can set a grace period for Node Draining during cluster upgrades. A 1 hour grace period is set by default.

  13. Click Create cluster. The cluster creation process begins and takes about 30-40 minutes to complete.

Verification
  • The Installing cluster heading, under the Overview tab, indicates that the cluster is installing and you can view the installation logs from this heading. The Status indicator under the Details heading indicates when your cluster is Ready for use.