Home GitHub

ROSA Quickstart

A Quickstart guide to deploying a RedHat OpenShift cluster on AWS.

Author: Steve Mirman

Video Walkthrough

If you prefer a more visual medium, you can watch Steve Mirman walk through this quickstart on YouTube.

Prerequisites

AWS CLI

You’ll need to have an AWS account to configure the CLI against.

MacOS

See AWS Docs for alternative install options.

  1. Install AWS CLI using the macOS command line

     curl "https://awscli.amazonaws.com/AWSCLIV2.pkg" -o "AWSCLIV2.pkg"
     sudo installer -pkg AWSCLIV2.pkg -target /
    

Linux

See AWS Docs for alternative install options.

  1. Install AWS CLI using the Linux command line

     curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
     unzip awscliv2.zip
     sudo ./aws/install
    

Windows

See AWS Docs for alternative install options.

  1. Install AWS CLI using the Windows command line

     C:\> msiexec.exe /i https://awscli.amazonaws.com/AWSCLIV2.msi
    

Docker

See AWS Docs for alternative install options.

  1. To run the AWS CLI version 2 Docker image, use the docker run command.

     docker run --rm -it amazon/aws-cli command
    

Prepare AWS Account for OpenShift

  1. Configure the AWS CLI by running the following command

     aws configure
    
  2. You will be required to enter an AWS Access Key ID and an AWS Secret Access Key along with a default region name and output format

     % aws configure
     AWS Access Key ID []: 
     AWS Secret Access Key []: 
     Default region name [us-east-2]: 
     Default output format [json]:
    

    The AWS Access Key ID and AWS Secret Access Key values can be obtained by logging in to the AWS console and creating an Access Key in the Security Credentials section of the IAM dashboard for your user

  3. Validate your credentials

     aws sts get-caller-identity
    

    You should receive output similar to the following

     {
       "UserId": <your ID>,
       "Account": <your account>,
       "Arn": <your arn>
     }
    

Get a Red Hat Offline Access Token

  1. Log into cloud.redhat.com

  2. Browse to https://cloud.redhat.com/openshift/token/rosa

  3. Copy the Offline Access Token and save it for the next step

Set up the OpenShift CLI (oc)

  1. Download the OS specific OpenShift CLI from Red Hat

  2. Unzip the downloaded file on your local machine

  3. Place the extracted oc executable in your OS path or local directory

Set up the ROSA CLI

  1. Download the OS specific ROSA CLI from Red Hat

  2. Unzip the downloaded file on your local machine

  3. Place the extracted rosa and kubectl executables in your OS path or local directory

  4. Log in to ROSA

  rosa login

You will be prompted to enter in the Red Hat Offline Access Token you retrieved earlier and should receive the following message

  Logged in as <email address> on 'https://api.openshift.com'

Verify ROSA privileges

Verify that ROSA has the minimal permissions

  rosa verify permissions

Expected output: AWS SCP policies ok

Verify that ROSA has the minimal quota

  rosa verify quota

Expected output: AWS quota ok

Initialize ROSA

Initialize the ROSA CLI to complete the remaining validation checks and configurations

  rosa init

Deploy Red Hat OpenShift on AWS (ROSA)

Interactive Installation

ROSA can be installed using command line parameters or in interactive mode. For an interactive installation run the following command

  rosa create cluster --interactive

As part of the interactive install you will be required to enter the following parameters or accept the default values (if applicable)

  Cluster name:
  Multiple availability zones (y/N):
  AWS region (select):
  OpenShift version (select):
  Install into an existing VPC (y/N):
  Compute nodes instance type (optional):
  Enable autoscaling (y/N):
  Compute nodes [2]:
  Machine CIDR [10.0.0.0/16]:
  Service CIDR [172.30.0.0/16]:
  Pod CIDR [10.128.0.0/14]:
  Host prefix [23]:
  Private cluster (y/N):

Note: the installation process should take between 30 - 45 minutes

To get the web console link run the following command.

Substitute your actual cluster name for <cluster-name>

  rosa describe cluster --cluster=<cluster-name>

Create cluster-admin user

By default, only the OpenShift SRE team will have access to the ROSA cluster. To add a local admin user, run the following command to create the cluster-admin account in your cluster.

Substitute your actual cluster name for <cluster-name>

  rosa create admin --cluster=<cluster-name>

Refresh your web browser and you should see the cluster-admin option to log in

Delete Red Hat OpenShift on AWS (ROSA)

Deleting a ROSA cluster consists of two parts

  1. Delete the cluster instance, including the removal of AWS resources.

Substitute your actual cluster name for <cluster-name>

  rosa delete cluster --cluster=<cluster-name>
  1. Delete the CloudFormation stack, including the removal of the osdCcsAdmin user
  rosa init --delete-stack