×

Use the Red Hat OpenShift Service on AWS CLI (rosa) with the default options to quickly create an OpenShift cluster that uses the AWS Security Token Service (STS).

Creating a ROSA cluster with STS using the default options

Through the Red Hat OpenShift Service on AWS CLI (rosa), you can quickly create an OpenShift cluster that uses the AWS Security Token Service (STS).

Additionally, you can use auto mode to immediately create the required AWS Identity and Access Management (IAM) resources using the current AWS account. auto mode is used in the following procedure to immediately create the account-wide IAM roles and policies, including the Operator policies, as well as the OpenID Connect (OIDC) identity provider.

Prerequisites
  • You have completed the AWS prerequisites for ROSA with STS.

  • You have available AWS service quotas.

  • You have enabled the ROSA service in the AWS Console.

  • You installed and configured the latest AWS (aws), ROSA (rosa), and OpenShift (oc) CLIs on your workstation.

  • You logged in to your Red Hat account by using the rosa CLI.

  • You verified that the AWS Elastic Load Balancing (ELB) service role exists in your AWS account.

    To successfully install ROSA 4.10 clusters, use ROSA CLI 1.1.11 or above.

Procedure
  1. Create the required account-wide roles and policies, including the Operator policies:

    $ rosa create account-roles --mode auto

    When using auto mode, you can optionally specify the -y argument to bypass the interactive prompts and automatically confirm operations.

  2. Create a cluster with STS using the defaults. When you use the defaults, the latest stable OpenShift version is installed:

    $ rosa create cluster --cluster-name <cluster_name> --sts --mode auto (1)
    1 Replace <cluster_name> with the name of your cluster.

    When you specify --mode auto, the rosa create cluster command creates the cluster-specific Operator IAM roles and the OIDC provider automatically. The Operators use the OIDC provider to authenticate.

  3. Check the status of your cluster:

    $ rosa describe cluster --cluster <cluster_name|cluster_id>

    The following State field changes are listed in the output as the cluster installation progresses:

    • waiting (Waiting for OIDC configuration)

    • pending (Preparing account)

    • installing (DNS setup in progress)

    • installing

    • ready

      If installation fails or the State field does not change to ready after about 40 minutes, check the installation troubleshooting documentation for more details.

  4. Track the progress of the cluster creation by watching the OpenShift installer logs:

    $ rosa logs install --cluster <cluster_name|cluster_id> --watch (1)
    1 Specify the --watch flag to watch for new log messages as the installation progresses. This argument is optional.

Additional resources