$ . <(rosa completion)
Setup and basic usage of the rosa
CLI.
Use the rosa
command-line utility for Red Hat OpenShift Service on AWS (ROSA) to create, update, manage, and delete Red Hat OpenShift Service on AWS clusters and resources.
To set up the rosa
CLI, download the latest release, then configure and initialize rosa
:
Download the latest release of the rosa
CLI for your operating system from the Red Hat OpenShift Service on AWS product page.
It is recommended that after you download the release, you rename the executable file that you downloaded to rosa
, and then add rosa
to your path.
Optional: After downloading rosa
, enable Bash completion for rosa
. Bash completion helps to automatically complete commands and suggest options when you press Tab
. The command generates a Bash completion file for rosa
and sources it to your current shell session.
To configure your Bash shell to load rosa
completions for each session, add the following command to your Bashrc
file (~/.Bashrc
or ~/.profile
).
$ . <(rosa completion)
Use the following commands to configure the rosa
CLI.
Log in to your Red Hat account, saving the credentials to the rosa
configuration file. You must provide a token when logging in. You can copy your token from the Red Hat OpenShift Service on AWS token page.
The rosa
CLI looks for a token in the following priority order:
Command-line arguments
The ROSA_TOKEN
environment variable
The rosa
configuration file
Interactively from a command-line prompt
$ rosa login [arguments]
Option | Definition |
---|---|
--client-id |
The OpenID client identifier (string). Default: |
--client-secret |
The OpenID client secret (string). |
--insecure |
Enables insecure communication with the server. This disables verification of TLS certificates and host names. |
--scope |
The OpenID scope (string). If this option is used, it replaces the default scopes. This can be repeated multiple times to specify multiple scopes. Default: |
--token |
Accesses or refreshes the token (string). |
--token-url |
The OpenID token URL (string). Default: |
Option | Definition |
---|---|
--help |
Shows help for this command. |
--debug |
Enables debug mode. |
--profile |
Specifies an AWS profile (string) from your credentials file. |
--v <level> |
The log level for V logs. |
Log out of rosa
. Logging out also removes the rosa
configuration file.
$ rosa logout [arguments]
Option | Definition |
---|---|
--help |
Shows help for this command. |
--debug |
Enables debug mode. |
--profile |
Specifies an AWS profile (string) from your credentials file. |
--v <level> |
The log level for V logs. |
Verify that the AWS permissions required to create a rosa
cluster are configured correctly.
$ rosa verify permissions [arguments]
Option | Definition |
---|---|
--help |
Shows help for this command. |
--debug |
Enables debug mode. |
--region |
The AWS region (string) in which to run the command. This value overrides the |
--profile |
Specifies an AWS profile (string) from your credentials file. |
--v <level> |
The log level for V logs. |
Verify that the AWS permissions are configured correctly:
$ rosa verify permissions
Verify that the AWS permissions are configured correctly in a specific region:
$ rosa verify permissions --region=us-west-2
Verifies that AWS quotas are configured correctly for your default region.
$ rosa verify quota [arguments]
Option | Definition |
---|---|
--help |
Shows help for this command. |
--debug |
Enables debug mode. |
--region |
The AWS region (string) in which to run the command. This value overrides the |
--profile |
Specifies an AWS profile (string) from your credentials file. |
--v <level> |
The log level for V logs. |
Verify that the AWS quotas are configured correctly for the default region:
$ rosa verify quota
Verify that the AWS quotas are configured correctly in a specific region:
$ rosa verify quota --region=us-west-2
Download the latest compatible version of the OpenShift Container Platform CLI (oc
).
After downloading oc
, you must unzip the archive and add it to your path.
$ rosa download oc [arguments]
Option | Definition |
---|---|
--help |
Shows help for this command. |
--debug |
Enables debug mode. |
--profile |
Specifies an AWS profile (string) from your credentials file. |
--v <level> |
The log level for V logs. |
Download oc
client tools:
$ rosa download oc
Verifies that the OpenShift Container Platform CLI (oc
) is installed correctly.
$ rosa verify oc [arguments]
Option | Definition |
---|---|
--help |
Shows help for this command. |
--debug |
Enables debug mode. |
--region |
The AWS region (string) in which to run the command. This value overrides the AWS_REGION environment variable. |
--profile |
Specifies an AWS profile (string) from your credentials file. |
--v <level> |
The log level for V logs. |
Verify oc
client tools:
$ rosa verify oc
Use the init
command to initialize Red Hat OpenShift Service on AWS (ROSA).
Perform a series of checks to verify that you are ready to deploy an Red Hat OpenShift Service on AWS cluster.
The list of checks includes the following:
Checks to see that you have logged in (see login
)
Checks that your AWS credentials are valid
Checks that your AWS permissions are valid (see verify permissions
)
Checks that your AWS quota levels are high enough (see verify quota
)
Runs a cluster simulation to ensure cluster creation will perform as expected
Checks that the osdCcsAdmin
user has been created in your AWS account
Checks that the OpenShift Container Platform command-line tool is available on your system
$ rosa init [arguments]
Option | Definition |
---|---|
--region |
The AWS region (string) in which to verify quota and permissions. This value overrides the |
--delete-stack |
Deletes the stack template that is applied to your AWS account during the |
--client-id |
The OpenID client identifier (string). Default: |
--client-secret |
The OpenID client secret (string). |
--insecure |
Enables insecure communication with the server. This disables verification of TLS certificates and host names. |
--scope |
The OpenID scope (string). If this option is used, it completely replaces the default scopes. This can be repeated multiple times to specify multiple scopes. Default: |
--token |
Accesses or refreshes the token (string). |
--token-url |
The OpenID token URL (string). Default: |
Option | Definition |
---|---|
--help |
Shows help for this command. |
--debug |
Enables debug mode. |
--profile |
Specifies an AWS profile (string) from your credentials file. |
--v <level> |
The log level for V logs. |
Configure your AWS account to allow ROSA clusters:
$ rosa init
Configure a new AWS account using pre-existing OpenShift Cluster Manager (OCM) credentials:
$ rosa init --token=$OFFLINE_ACCESS_TOKEN
This is an example workflow of how to use a Bash script with the rosa
CLI.
Make sure that AWS credentials are available as one of the following options:
AWS profile
Environment variables (AWS_ACCESS_KEY_ID
, AWS_SECRET_ACCESS_KEY
)
Initialize rosa
using an OpenShift Cluster Manager (OCM) offline token from Red Hat:
$ rosa init --token=<token>
Create the Red Hat OpenShift Service on AWS (ROSA) cluster:
$ rosa create cluster --cluster-name=<cluster_name>
Add an identity provider (IDP):
$ rosa create idp --cluster=<cluster_name> --type=<identity_provider> [arguments]
Add a dedicated-admin
user:
$ rosa grant user dedicated-admin --user=<idp_user_name> --cluster=<cluster_name>