×

Red Hat OpenShift Service on AWS (ROSA) is a fully-managed, turnkey application platform that allows you to focus on delivering value to your customers by building and deploying applications. Red Hat and AWS site reliability engineering (SRE) experts manage the underlying platform so you do not have to worry about the complexity of infrastructure management. ROSA provides seamless integration with a wide range of AWS compute, database, analytics, machine learning, networking, mobile, and other services to further accelerate the building and delivering of differentiating experiences to your customers.

Red Hat OpenShift Service on AWS clusters are available on the Hybrid Cloud Console. With the Red Hat OpenShift Cluster Manager application for ROSA, you can deploy Red Hat OpenShift Service on AWS clusters to either on-premises or cloud environments.

New changes and updates

Q4 2024

  • rosa create network command added for ROSA with HCP clusters. You can now use the rosa create network command when creating ROSA with HCP clusters to create networks using AWS CloudFormation templates. This helper command is intended to help create and configure a VPC for use with ROSA with HCP. This command also supports zero egress clusters. For more information, see create network.

  • Create additional security groups in ROSA with HCP clusters. Starting with ROSA CLI version 1.2.47, you can now create additional security groups using the ROSA CLI when creating ROSA with HCP clusters. Note that additional security group IDs attached to the machine pool cannot be modified. To remove or add more security group IDs, replace the entire machine pool with a new one.

  • ROSA CLI update. The ROSA CLI (rosa) was updated to a new version. For information about what has changed in this release, see the ROSA CLI release notes. For more information about the ROSA CLI (rosa), see About the ROSA CLI.

  • VolumeDetachTimeout configuration applied to machine pools for ROSA with HCP. ROSA is applying a VolumeDetachTimeout configuration of 5 minutes to all machine pools. This prevents issues with node deletion when volumes fail to detach. This only applies to ROSA with HCP.

  • Configure machine pool disk volume for ROSA with HCP clusters. You can now configure the disk volume size for machine pools in ROSA with HCP clusters. The default disk size is 300 GiB, and you can configure it from a minimum of 75 GiB to a maximum of 16,384 GiB. For more information, see Configuring machine pool disk volume.

Q3 2024

  • ROSA with HCP multi-architecture cluster update. Red Hat OpenShift Service on AWS (ROSA) with hosted control planes (HCP) clusters created before 25 July, 2024 will migrate to a multi-architecture image on their next upgrade allowing you to use Amazon Web Services (AWS) Arm-based Graviton instance types for your workloads. For more information, see Upgrading ROSA with HCP clusters.

  • ROSA with HCP cluster node limit update. ROSA with HCP clusters can now scale to 500 worker nodes. This is an increase from the previous limit of 250 nodes. The 250 node limit is an increase from the previous limit 90 nodes on 26 August, 2024. For more information, see ROSA with HCP cluster maximums.

  • IMDSv2 support in ROSA with HCP. You can now enforce the use of the IMDSv2 endpoint for default machine pool worker nodes on new ROSA with HCP clusters and for new machine pools on existing clusters. For more information, see Creating a default ROSA cluster using Terraform.

  • Upgrade multiple nodes simultaneously. You can now configure a machine pool to upgrade multiple nodes simultaneously. Two new machine pool parameters, max-surge and max-unavailable, give you greater control over how machine pool upgrades occur. For more information, see Upgrading ROSA with HCP clusters.

  • ROSA with HCP Graviton Arm-based instance types. You can now use Amazon Web Services (AWS) Arm-based Graviton instance types for your workloads in Red Hat OpenShift Service on AWS (ROSA) with hosted control planes (HCP) clusters created after 24 July, 2024. For more information, see AWS Graviton Arm-based instance types.

  • ROSA CLI update. The ROSA CLI (rosa) was updated to a new version. For information about what has changed in this release, see the ROSA CLI release notes. For more information about the ROSA CLI (rosa), see About the ROSA CLI.

Q2 2024

  • Approve additional principals for ROSA with HCP clusters. You can approve additional user-roles to connect to your cluster’s private API server endpoint. For more information, see Additional principals on your ROSA with HCP cluster.

  • ROSA CLI update. The ROSA CLI (rosa) was updated to a new version. For information about what has changed in this release, see the ROSA CLI release notes. For more information about the ROSA CLI (rosa), see About the ROSA CLI.

  • Approved Access for ROSA clusters. Red Hat Site Reliability Engineering (SRE) managing and proactively supporting ROSA Clusters will typically not require elevated access to customer clusters as part of the normal operations. In the unlikely event should Red Hat SRE (Site Reliability Engineer) need elevated access, the Approved Access functionality provides an interface for customers to review and approve or deny access requests.

    Elevated access requests to ROSA clusters and the corresponding cloud accounts can be created by Red Hat SRE either in response to a customer-initiated support ticket or in response to alerts received by a Red Hat SRE, as part of the standard incident response process. For more information, see Approved Access. This is applicable to ROSA and Red Hat OpenShift Service on AWS (classic architecture).

  • ROSA command enhancement. The rosa describe command has a new optional argument, --get-role-policy-bindings. This new argument allows users to view the policies attached to STS roles assigned to the selected cluster. For more information, see describe cluster.

  • Expanded customer-managed policy capabilities. You can now attach customer-managed policies to the IAM roles required to run both ROSA (classic architecture) and ROSA clusters. Furthermore, these customer-managed policies, including the permissions attached to those policies, are not modified during cluster or role upgrades. For more information, see Customer-managed policies.

  • Permission boundaries for the installer role policy. You can apply a policy as a permissions boundary on the ROSA installer role. The combination of policy and boundary policy limits the maximum permissions for the Amazon Web Services(AWS) Identity and Access Management (IAM) entity role. ROSA includes a set of three prepared permission boundary policy files, with which you can restrict permissions for the installer role since changing the installer policy itself is not supported. For more information, see Permission boundaries for the installer role. This is applicable only to Red Hat OpenShift Service on AWS (classic architecture).

  • Cluster delete protection. You can now enable the cluster delete protection option, which helps to prevent you from accidentally deleting a cluster. For more information on using the cluster delete protection option with the ROSA CLI, see edit cluster. For more information on using the cluster delete protection option in the UI, see Creating a cluster with the default options using OpenShift Cluster Manager.

  • ROSA with HCP regions added. Red Hat OpenShift Service on AWS (ROSA) with hosted control planes (HCP) is now available in the following regions:

    • Zurich (eu-central-2)

    • Hong Kong (ap-east-1)

    • Osaka (ap-northeast-3)

    • Spain (eu-south-2)

    • UAE (me-central-1)

      For more information on region availabilities, see Regions and availability zones.

  • Added support for external authentication providers. You can now create clusters configured with external authentication providers, such as Microsoft Entra ID and KeyCloak. For more information, see Creating ROSA with HCP clusters with external authentication.

  • Longer cluster names enhancement. You can now specify a cluster name that is longer than 15 characters. For cluster names that are longer than 15 characters, you can customize the domain prefix for the cluster URL by using the domain-prefix flag in the ROSA CLI (rosa) or by selecting the Create custom domain prefix checkbox in the Red Hat Hybrid Cloud Console. For more information, see create cluster in Managing objects with the ROSA CLI.

  • Additional Security Groups for ROSA with HCP. Starting with ROSA CLI version 1.2.37, you can now use the --additional-security-group-ids <sec_group_id> when creating machine pools on ROSA with HCP clusters. For more information, see Creating a machine pool using the ROSA CLI and the create machinepool section of the ROSA CLI reference.

  • Node management improvements. Now, you can perform specific tasks to make clusters more efficient. You can cordon, uncordon, and drain a specific node. For more information, see Working with nodes.

  • Node drain grace periods. You can now configure node drain grace periods in Red Hat OpenShift Service on AWS (ROSA) with hosted control planes (HCP) clusters with the rosa CLI.

Q1 2024

  • Machine pool update. You can now upgrade machine pools that are configured on ROSA with HCP clusters. For more information, see upgrade machinepool.

  • ROSA with HCP regions added. Red Hat OpenShift Service on AWS (ROSA) with hosted control planes (HCP) is now available in the following regions:

    • Hyderabad (ap-south-2)

    • Milan (eu-south-1)

    • London (eu-west-2)

    • Mumbai (ap-south-1)

    • Cape Town (af-south-1)

    • Seoul (ap-northeast-2)

    • Stockholm (eu-north-1)

      For more information on region availabilities, see Regions and availability zones.

  • ROSA CLI update. The ROSA CLI (rosa) was updated to a new version. For information about what has changed in this release, see the ROSA CLI release notes. For more information about the ROSA CLI (rosa), see About the ROSA CLI.

  • Log linking is enabled by default. Beginning with Red Hat OpenShift Service on AWS 4.15, log linking is enabled by default. Log linking gives you access to the container logs for your pods.

  • Availability zone update. You can now optionally select a single availability zone (AZ) for machine pools when you have a multi-AZ cluster. For more information, see Creating a machine pool using the ROSA CLI.

  • Log linking is enabled by default - Beginning with Red Hat OpenShift Service on AWS 4.15, log linking is enabled by default. Log linking gives you access to the container logs for your pods.

  • Availability zone update. You can now optionally select a single availability zone (AZ) for machine pools when you have a multi-AZ cluster. For more information, see Creating a machine pool using the ROSA CLI.

  • Delete cluster command enhancement. With the release of ROSA CLI (rosa) version 1.2.31, the --best-effort argument was added, which allows you to force-delete clusters when using the rosa delete cluster command. For more information, see delete cluster.

Q4 2023

  • ROSA CLI update. The ROSA CLI (rosa) was updated to a new version. For information about what has changed in this release, see the ROSA CLI release notes. For more information about the ROSA CLI (rosa), see About the ROSA CLI.

  • Delete cluster command enhancement. With the release of ROSA CLI (rosa) version 1.2.31, the --best-effort argument was added, which allows you to force-delete clusters when using the rosa delete cluster command. For more information, see delete cluster.

  • Red Hat OpenShift Service on AWS (ROSA) with hosted control planes (HCP). ROSA with HCP is now generally available. For more information, see Creating ROSA with HCP clusters using the default options.

  • Configurable process identifier (PID) limits. With the release of ROSA CLI (rosa) version 1.2.31, administrators can use the rosa create kubeletconfig and rosa edit kubeletconfig commands to set the maximum PIDs for an existing cluster. For more information, see Changing the maximum number of process IDs per pod (podPidsLimit) for ROSA.

  • Configure custom security groups. With the release of ROSA CLI (rosa) version 1.2.31, administrators can use the rosa create command or the OpenShift Cluster Manager to create a new cluster or a new machine pool with up to 5 additional custom security groups. Configuring custom security groups gives administrators greater control over resource access in new clusters and machine pools. For more information, see Security groups.

  • Command update. With the release of ROSA CLI (rosa) version 1.2.28, a new command, rosa describe machinepool, was added that allows you to check detailed information regarding a specific ROSA cluster machine pool. For more information, see describe machinepool.

  • Documentation update. The Operators section was added to the ROSA documentation. Operators are the preferred method of packaging, deploying, and managing services on the control plane. For more information, see Operators overview.

  • OpenShift Virtualization support. The release of OpenShift Virtualization 4.14 added support for running OpenShift Virtualization on ROSA Classic clusters. For more information, see OpenShift Virtualization on AWS bare metal in the OpenShift Container Platform documentation.

Q3 2023

  • ROSA CLI update. The ROSA CLI (rosa) was updated to a new version. For information about what has changed in this release, see the ROSA CLI release notes. For more information about the ROSA CLI (rosa), see About the ROSA CLI.

  • Cluster autoscaling. You can now enable cluster autoscaling using ROSA clusters. Cluster autoscaling automatically adjusts the size of a cluster so that all pods have a place to run, and there are no unneeded nodes. You can enable autoscaling during and after cluster creation using either OpenShift Cluster Manager or the ROSA CLI (rosa). For more information, see Cluster autoscaling.

  • Shared virtual private clouds. ROSA now supports installing clusters into VPCs shared among AWS accounts that are part of AWS organizations. AWS account installing ROSA cluster can now use shared subnets owned by a management account. For more information, see Configuring a shared virtual private cloud for ROSA clusters.

  • Machine pool disk volume size. You can now configure your machine pool disk volume size for additional flexibility. You can select your own sizing for the disk volumes of their worker machine pool nodes. For more information, see Configuring machine pool disk volume.

  • Machine pool update. You can now add taints to the machine pool that is automatically generated during cluster creation. You can also delete this machine pool. This new feature provides more flexibility and cost-effectiveness for cluster administrators, specifically in regards to scaling infrastructure based on changing resource requirements. For more information, see Creating a machine pool.

  • ROSA regions added. Red Hat OpenShift Service on AWS (ROSA) is now available in the following regions:

    • Spain (eu-south-2)

    • Hyderabad (ap-south-2)

    • Melbourne (ap-southeast-4)

    • Zurich (eu-central-2)

      For more information on region availabilities, see Regions and availability zones.

  • Documentation update. The CLI Tools section was added to the ROSA documentation and includes more detailed information to help you fully use all of the supported CLI tools. The ROSA CLI section can now be found nested inside the CLI Tools heading. For more information, see CLI tools overview.

  • Documentation update. The Monitoring section in the documentation was expanded and now includes more detailed information to help you conveniently manage your ROSA clusters. For more information, see About Red Hat OpenShift Service on AWS monitoring.

Q2 2023

  • ROSA CLI update. The ROSA CLI (rosa) was updated to a new version. For information about what has changed in this release, see the ROSA CLI release notes. For more information about the ROSA CLI (rosa), see About the ROSA CLI.

  • ROSA region added. Red Hat OpenShift Service on AWS (ROSA) is now available in the United Arab Emirates (me-central-1) region. For more information on region availability, see Regions and availability zones.

ROSA with HCP is a Technology Preview feature only. Technology Preview features are not supported with Red Hat production service level agreements (SLAs) and might not be functionally complete. Red Hat does not recommend using them in production. These features provide early access to upcoming product features, enabling customers to test functionality and provide feedback during the development process.

For more information about the support scope of Red Hat Technology Preview features, see Technology Preview Features Support Scope.

Q1 2023

  • OIDC provider endpoint URL update. Starting with ROSA CLI version 1.2.7, all new cluster OIDC provider endpoint URLs are no longer regional. Amazon CloudFront is part of this implementation to improve access speed, reduce latency, and improve resiliency. This change is only available for new clusters created with ROSA CLI 1.2.7 or later. There are no supported migration paths for existing OIDC provider configurations.

Known issues

  • OpenShift Container Platform 4.14 introduced an updated HAProxy image from 2.2 to 2.6. This update created a change in behavior enforcing strict RFC 7230 compliance, rejecting requests with multiple Transfer-Encoding headers. This may cause exposed pods in Red Hat OpenShift Service on AWS 4.14 clusters sending multiple Transfer-Encoding headers to respond with a 502 Bad Gateway or 400 Bad Request error. To avoid this issue, ensure that your applications are not sending multiple Transfer-Encoding headers. For more information, see Red Hat Knowledgebase article. (OCPBUGS-43095)

  • If you configure your cluster using external OIDC configuration and set the --user-auth flag to disabled, the console pods might enter a crash loop. (OCPBUGS-29510)

  • The OpenShift Cluster Manager roles (ocm-role) and user roles (user-role) that are key to the ROSA provisioning wizard might get enabled accidentally in your Red Hat organization by another user. However, this behavior does not affect the usability.

  • The htpasswd identity provider does not function as expected in all scenarios against the rosa create admin function.

Updating the ROSA CLI tool

To use the latest version of the Red Hat OpenShift Service on AWS (ROSA) CLI, rosa, download the ROSA CLI (rosa) from the Hybrid Cloud Console. If you already have this tool, the procedure is the same for updates.

Procedure
  1. Download the file from the Hybrid Cloud Console.

  2. Unzip the downloaded file.

  3. Move the file to the /usr/bin/rosa directory by running the following command:

    $ sudo mv rosa /usr/bin/rosa
  4. Confirm your version by running the following command:

    $ rosa version
    Example output
    <version>
    Your ROSA CLI is up to date.

Deprecated and removed features

Some features available in previous releases have been deprecated or removed. Deprecated functionality is still included in ROSA and continues to be supported; however, it will be removed in a future release of this product and is not recommended for new deployments.

  • ROSA non-STS deployment mode. ROSA non-STS deployment mode is no longer the preferred method for new clusters. Instead, users must deploy ROSA with the STS mode. This deprecation is in line with our new ROSA provisioning wizard UI experience at https://console.redhat.com/openshift/create/rosa/wizard.

  • Label removal on core namespaces. ROSA is no longer labeling OpenShift core using the name label. Customers should migrate to referencing the kubernetes.io/metadata.name label if needed for Network Policies or other use cases.