×
Tutorial: ROSA prerequisites
This document contains a set of prerequisites that must be run once before you can create your first ROSA cluster.
AWS
An AWS account with the AWS ROSA prerequisites met.
AWS CLI
MacOS
-
Install AWS CLI using the MacOS command line:
$ curl "https://awscli.amazonaws.com/AWSCLIV2.pkg" -o "AWSCLIV2.pkg" $ sudo installer -pkg AWSCLIV2.pkg -target /See AWS Documentation for alternative install options.
Linux
-
Install AWS CLI using the Linux command line:
$ curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" $ unzip awscliv2.zip $ sudo ./aws/installSee AWS Documentation for alternative install options.
Windows
-
Install AWS CLI using the Windows command line:
$ C:\> msiexec.exe /i https://awscli.amazonaws.com/AWSCLIV2.msiSee AWS Documentation for alternative install options.
Prepare AWS Account for OpenShift
-
Configure the AWS CLI by running:
$ aws configure -
You will be required to enter an
AWS Access Key IDand anAWS Secret Access Keyalong with a default region name and output format:$ aws configureSample outputAWS Access Key ID []: AWS Secret Access Key []: Default region name [us-east-2]: Default output format [json]:The
AWS Access Key IDandAWS Secret Access Keyvalues can be obtained by logging in to the AWS console and creating an Access Key in the Security Credentials section of the IAM dashboard for your user. -
Validate your credentials:
$ aws sts get-caller-identityYou should receive output similar to the following:
Sample output{ "UserId": <your ID>, "Account": <your account>, "Arn": <your arn> } -
If this is a new AWS account that has never had a AWS Load Balancer (ALB) installed in it, run the following:
$ aws iam create-service-linked-role --aws-service-name \ "elasticloadbalancing.amazonaws.com"
Get a Red Hat Offline Access Token
-
Navigate to OpenShift Cluster Manager API Token.
-
Copy the Offline Access Token and save it for the next step.
Set up the OpenShift CLI (oc)
-
Download the operating system specific OpenShift CLI from Red Hat.
-
Extract the downloaded file on your local machine.
-
Place the extracted
ocexecutable in your operating system path or local directory.
Set up the ROSA CLI (rosa)
-
Download the operating system specific ROSA CLI from Red Hat.
-
Extract the downloaded file on your local machine.
-
Place the extracted
rosaandkubectlexecutables in your operating system path or local directory. -
Log in to ROSA:
$ rosa loginYou will be prompted to enter in the Red Hat Offline Access Token you retrieved earlier and should receive the following message:
Logged in as <email address> on 'https://api.openshift.com' -
Verify that ROSA has the minimal quota:
$ rosa verify quotaExpected output:
AWS quota ok
Associate your AWS account with your Red Hat account
To perform ROSA cluster provisioning tasks, you must create ocm-role and user-role IAM resources in your AWS account and link them to your Red Hat organization.
-
Create the
ocm-rolewhich the OpenShift Cluster Manager will use to be able to administer and Create ROSA clusters. If this has already been done for your OpenShift Cluster Manager Organization, you can skip to creating the user-role:If you have multiple AWS accounts that you want to associate with your Red Hat Organization, you can use the
--profileoption to specify the AWS profile you want to associate.$ rosa create ocm-role --mode auto --yes -
Create the User Role that allows OpenShift Cluster Manager to verify that users creating a cluster have access to the current AWS account:
If you have multiple AWS accounts that you want to associate with your Red Hat Organization, you can use the
--profileoption to specify the AWS profile you want to associate.$ rosa create user-role --mode auto --yes -
Create the ROSA Account Roles which give the ROSA installer and machines permissions to perform actions in your account:
$ rosa create account-roles --mode auto --yes