rosa list regions --hosted-cp
This tutorial outlines deploying a Red Hat OpenShift Service on AWS (ROSA) with hosted control planes (HCP) cluster.
With ROSA with HCP, you can decouple the control plane from the data plane. This is a new deployment model for ROSA in which the control plane is hosted in a Red Hat-owned AWS account. The control plane is no longer hosted in your AWS account, reducing your AWS infrastructure expenses. The control plane is dedicated to a single cluster and is highly available. For more information, see the ROSA with HCP documentation.
Before deploying a ROSA with HCP cluster, you must have the following resources:
VPC - This is a bring-your-own VPC model, also referred to as BYO-VPC.
OIDC - OIDC configuration and an OIDC provider with that specific configuration.
ROSA version 1.2.31 or higher
In this tutorial, we will create these resources first. We will also set up some environment variables so that it is easier to run the command to create the ROSA with HCP cluster.
First, ensure that your AWS CLI (aws
) is configured to use a region where ROSA with HCP is available. To find out which regions are supported run the following command:
rosa list regions --hosted-cp
Create the VPC. For this tutorial, the following script will create the VPC and its required components for you. It will use the region configured for the aws
CLI.
curl https://raw.githubusercontent.com/openshift-cs/rosaworkshop/master/rosa-workshop/rosa/resources/setup-vpc.sh | bash
For more about VPC requirements, see the VPC documentation.
The above script outputs two commands. Set the commands as environment variables to make running the create cluster
command easier. Copy them from the output and run them as shown:
export PUBLIC_SUBNET_ID=<public subnet id here>
export PRIVATE_SUBNET_ID=<private subnet id here>
Confirm that the environment variables are set by running the following command:
echo "Public Subnet: $PUBLIC_SUBNET_ID"; echo "Private Subnet: $PRIVATE_SUBNET_ID"
Public Subnet: subnet-0faeeeb0000000000
Private Subnet: subnet-011fe340000000000
In this tutorial, we will use the automatic mode when creating the OIDC configuration. We will also store the OIDC ID as an environment variable for later use. The command uses the ROSA CLI to create your cluster’s unique OIDC configuration.
To create the OIDC configuration for this tutorial, run the following command:
export OIDC_ID=$(rosa create oidc-config --mode auto --managed --yes -o json | jq -r '.id')
Run the following command to set up some environment variables so that it is easier to run the command to create the ROSA with HCP cluster:
export CLUSTER_NAME=<enter cluster name>
export REGION=<region VPC was created in>
Run |
If this is the first time you are deploying ROSA in this account and you have not yet created the account roles, create the account-wide roles and policies, including the Operator policies. Since ROSA uses AWS Security Token Service (STS), this step creates the AWS IAM roles and policies that are needed for ROSA to interact with your account.
Run the following command to create the account-wide roles:
rosa create account-roles --mode auto --yes
Run the following command to create the cluster:
rosa create cluster --cluster-name $CLUSTER_NAME \
--subnet-ids ${PUBLIC_SUBNET_ID},${PRIVATE_SUBNET_ID} \
--hosted-cp \
--region $REGION \
--oidc-config-id $OIDC_ID \
--sts --mode auto --yes
The cluster is ready and completely usable after about 10 minutes. The cluster will have a control plane across three AWS availability zones in your selected region and create two worker nodes in your AWS account.
Run one of the following commands to check the status of the cluster:
For a detailed view of the cluster status, run:
rosa describe cluster --cluster $CLUSTER_NAME
For an abridged view of the cluster status, run:
rosa list clusters
To watch the log as it progresses, run:
rosa logs install --cluster $CLUSTER_NAME --watch
Once the state changes to “ready” your cluster is installed. It might take a few more minutes for the worker nodes to come online.