$ rosa create cluster --cluster-name mycluster \
--subnet-ids subnet-03146b9b52b6024cb,subnet-03146b9b52b2034cc \
--bypass-network-verify --force
Network verification checks run automatically when you deploy a Red Hat OpenShift Service on AWS (ROSA) cluster into an existing Virtual Private Cloud (VPC) or create an additional machine pool with a subnet that is new to your cluster. The checks validate your network configuration and highlight errors, enabling you to resolve configuration issues prior to deployment.
You can also run the network verification checks manually to validate the configuration for an existing cluster.
When you deploy a Red Hat OpenShift Service on AWS (ROSA) cluster into an existing Virtual Private Cloud (VPC) or create an additional machine pool with a subnet that is new to your cluster, network verification runs automatically. This helps you identify and resolve configuration issues prior to deployment.
When you prepare to install your cluster by using Red Hat OpenShift Cluster Manager, the automatic checks run after you input a subnet into a subnet ID field on the Virtual Private Cloud (VPC) subnet settings page. If you create your cluster by using the ROSA CLI (rosa
) with the interactive mode, the checks run after you provide the required VPC network information. If you use the CLI without the interactive mode, the checks begin immediately prior to the cluster creation.
When you add a machine pool with a subnet that is new to your cluster, the automatic network verification checks the subnet to ensure that network connectivity is available before the machine pool is provisioned.
After automatic network verification completes, a record is sent to the service log. The record provides the results of the verification check, including any network configuration errors. You can resolve the identified issues before a deployment and the deployment has a greater chance of success.
You can also run the network verification manually for an existing cluster. This enables you to verify the network configuration for your cluster after making configuration changes. For steps to run the network verification checks manually, see Running the network verification manually.
The network verification includes checks for each of the following requirements:
The parent Virtual Private Cloud (VPC) exists.
All specified subnets belong to the VPC.
The VPC has enableDnsSupport
enabled.
The VPC has enableDnsHostnames
enabled.
Egress is available to the required domain and port combinations that are specified in the AWS firewall prerequisites section.
You can bypass the automatic network verification if you want to deploy a Red Hat OpenShift Service on AWS (ROSA) cluster with known network configuration issues into an existing Virtual Private Cloud (VPC).
If you bypass the network verification when you create a cluster, the cluster has a limited support status. After installation, you can resolve the issues and then manually run the network verification. The limited support status is removed after the verification succeeds.
When you install a cluster into an existing VPC by using Red Hat OpenShift Cluster Manager, you can bypass the automatic verification by selecting Bypass network verification on the Virtual Private Cloud (VPC) subnet settings page.
When you install a cluster into an existing VPC by using the rosa create cluster
command, you can bypass the automatic verification by including the --bypass-network-verify --force
arguments. The following example bypasses the network verification before creating a cluster:
$ rosa create cluster --cluster-name mycluster \
--subnet-ids subnet-03146b9b52b6024cb,subnet-03146b9b52b2034cc \
--bypass-network-verify --force
Alternatively, you can specify the |
After installing a Red Hat OpenShift Service on AWS (ROSA) cluster, you can run the network verification checks manually by using Red Hat OpenShift Cluster Manager or the ROSA CLI (rosa
).
You can manually run the network verification checks for an existing Red Hat OpenShift Service on AWS (ROSA) cluster by using Red Hat OpenShift Cluster Manager.
You have an existing ROSA cluster.
You are the cluster owner or you have the cluster editor role.
Navigate to OpenShift Cluster Manager Hybrid Cloud Console and select your cluster.
Select Verify networking from the Actions drop-down menu.
You can manually run the network verification checks for an existing Red Hat OpenShift Service on AWS (ROSA) cluster by using the ROSA CLI (rosa
).
When you run the network verification, you can specify a set of VPC subnet IDs or a cluster name. If you are using a proxy service, you can specify a proxy URL.
You have installed and configured the latest ROSA CLI (rosa
) on your installation host.
You have an existing ROSA cluster.
You are the cluster owner or you have the cluster editor role.
Verify the network configuration by using one of the following methods:
Verify the network configuration by specifying the cluster name. The subnet IDs are automatically detected:
$ rosa verify network -c <cluster_name> (1)
1 | Replace <cluster_name> with the name of your cluster. |
I: ✓ Network verification successful
To output the full list of verification tests, you can include the |
Verify the network configuration by specifying the VPC subnets IDs:
$ rosa verify network --subnet-ids subnet-03146b9b52b6024cb,subnet-03146b9b52b2034cc
E: Validating Subnet subnet-03146b9b52b6024cb egress
E: X Egress failed to https://events.pagerduty.com
Verify the network configuration by specifying the VPC subnets IDs and a proxy URL:
$ rosa verify network --subnet-ids subnet-03146b9b52b6024cb,subnet-03146b9b52b2034cc \
--additional-trust-bundle-file /path/to/ca.cert \
--https-proxy <proxy_url> (1)
1 | Replace <proxy_url> with the URL of your proxy service, for example https://10.10.0.1 . |
I: Using proxy configuration
I: Subnet IDs detected: subnet-03146b9b52b6024cb,subnet-03146b9b52b2034cc
E: Validating Subnet subnet-03146b9b52b6024cb egress
E: X Egress failed to https://events.pagerduty.com