$ rosa create account-roles --mode auto
Use the Red Hat OpenShift Service on AWS CLI (rosa
) with the default options to quickly create an OpenShift cluster that uses the AWS Security Token Service (STS).
Through the Red Hat OpenShift Service on AWS CLI (rosa
), you can quickly create an OpenShift cluster that uses the AWS Security Token Service (STS).
Additionally, you can use auto
mode to immediately create the required AWS Identity and Access Management (IAM) resources using the current AWS account. auto
mode is used in the following procedure to immediately create the account-wide IAM roles and policies, including the Operator policies, as well as the OpenID Connect (OIDC) identity provider.
You have completed the AWS prerequisites for ROSA with STS.
You have available AWS service quotas.
You have enabled the ROSA service in the AWS Console.
You installed and configured the latest AWS (aws
), ROSA (rosa
), and OpenShift (oc
) CLIs on your workstation.
You logged in to your Red Hat account by using the rosa
CLI.
You verified that the AWS Elastic Load Balancing (ELB) service role exists in your AWS account.
To successfully install ROSA 4.10 clusters, use ROSA CLI 1.1.11 or above. |
Create the required account-wide roles and policies, including the Operator policies:
$ rosa create account-roles --mode auto
When using |
Create a cluster with STS using the defaults. When you use the defaults, the latest stable OpenShift version is installed:
$ rosa create cluster --cluster-name <cluster_name> --sts --mode auto (1)
1 | Replace <cluster_name> with the name of your cluster. |
When you specify |
Check the status of your cluster:
$ rosa describe cluster --cluster <cluster_name|cluster_id>
The following State
field changes are listed in the output as the cluster installation progresses:
waiting (Waiting for OIDC configuration)
pending (Preparing account)
installing (DNS setup in progress)
installing
ready
If installation fails or the |
Track the progress of the cluster creation by watching the OpenShift installer logs:
$ rosa logs install --cluster <cluster_name|cluster_id> --watch (1)
1 | Specify the --watch flag to watch for new log messages as the installation progresses. This argument is optional. |
For more information about the AWS Identity Access Management (IAM) resources required to deploy Red Hat OpenShift Service on AWS with STS, see About IAM resources for clusters that use STS.
For information about the prerequisites to installing ROSA with STS, see AWS prerequisites for ROSA with STS.
For more information about using OpenID Connect (OIDC) identity providers in AWS IAM, see Creating OpenID Connect (OIDC) identity providers in the AWS documentation.
For more information about troubleshooting ROSA cluster deployments, see Troubleshooting cluster deployments.