×

This tutorial describes the process for activating Red Hat OpenShift Service on AWS (ROSA) with hosted control planes (HCP) and linking to an AWS account, before deploying the first cluster.

If you have received a private offer for the product, make sure to proceed according to the instructions provided with the private offer before following this tutorial. The private offer is designed either for a case when the product is already activated, which replaces an active subscription, or for first time activations.

Prerequisites

  • Make sure to log into the Red Hat account that you plan to associate with the AWS account where you have activated ROSA with HCP in previous steps.

  • Only a single AWS account that will be used for service billing can be associated with a Red Hat account. Typically an organizational AWS account that has other AWS accounts, such as developer accounts, linked would be the one that is to be billed, rather than individual AWS end user accounts.

  • Red Hat accounts belonging to the same Red Hat organization will be linked with the same AWS account. Therefore, you can manage who has access to creating ROSA with HCP clusters on the Red Hat organization account level.

Subscription enablement and AWS account setup

  1. Activate the ROSA with HCP product at the AWS console page by clicking the Get started button:

    rosa get started

    If you have activated ROSA before but did not complete the process, you can click the button and complete the account linking as described in the following steps.

  2. Confirm that you want your contact information to be shared with Red Hat and enable the service:

    rosa enable 2
    • You will not be charged by enabling the service in this step. The connection is made for billing and metering that will take place only after you deploy your first cluster. This could take a few minutes.

  3. After the process is completed, you will see a confirmation:

    rosa prereq enable 3
  4. Other sections on this verification page show the status of additional prerequisites. In case any of these prerequisites are not met, a respective message is shown. Here is an example of insufficient quotas in the selected region:

    rosa service quota 4
    1. Click the Increase service quotas button or use the Learn more link to get more information about the about how to manage service quotas. In the case of insufficient quotas, note that quotas are region-specific. You can use the region switcher in the upper right corner of the web console to re-run the quota check for any region you are interested in and then submit service quota increase requests as needed.

  5. If all the prerequisites are met, the page will look like this:

    rosa prereq 5

    The ELB service-linked role is created for you automatically. You can click any of the small Info blue links to get contextual help and resources.

AWS and Red Hat account and subscription linking

  1. Click the orange Continue to Red Hat button to proceed with account linking:

    rosa continue rh 6
  2. If you are not already logged in to your Red Hat account in your current browser’s session, you will be asked to log in to your account:

    rosa login rh account 7
    • You can also register for a new Red Hat account or reset your password on this page.

    • Make sure to log into the Red Hat account that you plan to associate with the AWS account where you have activated ROSA with HCP in previous steps.

    • Only a single AWS account that will be used for service billing can be associated with a Red Hat account. Typically an organizational AWS account that has other AWS accounts, such as developer accounts, linked would be the one that is to be billed, rather than individual AWS end user accounts.

    • Red Hat accounts belonging to the same Red Hat organization will be linked with the same AWS account. Therefore, you can manage who has access to creating ROSA with HCP clusters on the Red Hat organization account level.

  3. Complete the Red Hat account linking after reviewing the terms and conditions:

    This step is available only if the logged-in Red Hat account, or the Red Hat organization managing the Red Hat account, was not linked to an AWS account before.

    rosa rh account connection 8

    Both the Red Hat and AWS account numbers are shown on this screen.

  4. Click the Connect accounts button if you agree with the service terms.

    If this is the first time you are using the Red Hat Hybrid Cloud Console, you will be asked to agree with the general managed services terms and conditions before being able to create the first ROSA cluster:

    rosa terms conditions 9

    Additional terms that need to be reviewed and accepted will be shown after clicking the View Terms and Conditions button:

    rosa terms conditions 9 5

    Submit your agreement once you have reviewed any additional terms when prompted at this time.

  5. The Hybrid Cloud Console provides a confirmation that AWS prerequisites were completed and lists the first steps needed for cluster deployment:

    rosa cluster create 10
  6. The following steps pertain to technical deployment of the cluster:

    rosa deploy 11
    • It is possible that these steps will be performed on a different machine than where the service enablement and account linking were completed.

    • As mentioned previously, any Red Hat account belonging to the Red Hat organization that was linked with the AWS account that activated the ROSA service will have access to creating a cluster and will be able to select the billing AWS account that was linked under this Red Hat organization previously.

      The last section of this page shows cluster deployment options, either using the rosa CLI or through the web console:

      rosa cli ui 12
    • The following steps describe cluster deployment using the rosa CLI.

    • If you are interested in deployment using the web console only, you can skip to the ROSA with HCP cluster deployment using the web console section. However, note that the rosa CLI is required for certain tasks, such as creating the account roles. If you are deploying ROSA for the first time, follow this the CLI steps until running the rosa whoami command, before skipping to the web console deployment steps.

ROSA with HCP cluster deployment using the CLI

  1. Click the Download the ROSA CLI button to download the ROSA command line interface (CLI) for your operating system and set it up as described in the Help with ROSA CLI setup.

    Make sure that you have the most recent AWS CLI installed. See Instructions to install the AWS CLI for more information.

  2. After the previous steps are completed, you can verify that both CLI are available by running the rosa version. This command shows an update notification if you are using an older version and aws –version commands in your terminal.

  3. The prerequisite for creating a ROSA with HCP cluster is to log in using the rosa cli by the personalized command with your unique token shown under step 2.1. To authenticate, run this command on the web console. Use the copy button for easy copy and pasting of the command with full token into your terminal:

    rosa token 13

    Do not share your unique token.

  4. The final prerequisite before your first cluster deployment is making sure the necessary account-wide roles and policies are created. The rosa CLI can help with that by using the command shown under step 2.2. To create the necessary account-wide roles and policies quickly… on the web console. The alternative to that is manual creation of these roles and policies.

  5. After logging in, creating the account roles, and verifying your identity using the rosa whoami command, your terminal will look similar to this: