IMPORTANT NOTE: This site is not official Red Hat documentation and is provided for informational purposes only. These guides may be experimental, proof of concept, or early adoption. Officially supported documentation is available at docs.openshift.com and access.redhat.com.

ROSA Quickstart

Authors: Steve Mirman, Paul Czarkowski
Last Editor: Dustin Scott
Published Date: 10 June 2021
Modified Date: 25 May 2023

A Quickstart guide to deploying a Red Hat OpenShift cluster on AWS.

Video Walkthrough

Quick Introduction to ROSA by Charlotte Fung on AWS YouTube channel

If you prefer a more visual medium, you can watch Steve Mirman walk through this quickstart on YouTube .

Prerequisites

AWS CLI

You’ll need to have an AWS account to configure the CLI against.

MacOS

See AWS Docs for alternative install options.

  1. Install AWS CLI using the macOS command line

    curl "https://awscli.amazonaws.com/AWSCLIV2.pkg" -o "AWSCLIV2.pkg"
sudo installer -pkg AWSCLIV2.pkg -target /

Linux

See AWS Docs for alternative install options.

  1. Install AWS CLI using the Linux command line

    curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip"
unzip awscliv2.zip
sudo ./aws/install

Windows

See AWS Docs for alternative install options.

  1. Install AWS CLI using the Windows command line

    C:\> msiexec.exe /i https://awscli.amazonaws.com/AWSCLIV2.msi

Docker

See AWS Docs for alternative install options.

  1. To run the AWS CLI version 2 Docker image, use the docker run command.

    docker run --rm -it amazon/aws-cli command

Prepare AWS Account for OpenShift

  1. Configure the AWS CLI by running the following command

    aws configure

  2. You will be required to enter an AWS Access Key ID and an AWS Secret Access Key along with a default region name and output format

    % aws configure
AWS Access Key ID []:
AWS Secret Access Key []:
Default region name [us-east-2]:
Default output format [json]:

    The AWS Access Key ID and AWS Secret Access Key values can be obtained by logging in to the AWS console and creating an Access Key in the Security Credentials section of the IAM dashboard for your user

  3. Validate your credentials

    aws sts get-caller-identity

    You should receive output similar to the following

    {
  "UserId": <your ID>,
  "Account": <your account>,
  "Arn": <your arn>
}

  4. If this is a brand new AWS account that has never had a AWS Load Balancer installed in it, you should run the following

    aws iam create-service-linked-role --aws-service-name \
"elasticloadbalancing.amazonaws.com"

Get a Red Hat Offline Access Token

  1. Log into cloud.redhat.com

  2. Browse to https://cloud.redhat.com/openshift/token/rosa

  3. Copy the Offline Access Token and save it for the next step

Set up the OpenShift CLI (oc)

  1. Download the OS specific OpenShift CLI from Red Hat

  2. Unzip the downloaded file on your local machine

  3. Place the extracted oc executable in your OS path or local directory

Set up the ROSA CLI

  1. Download the OS specific ROSA CLI from Red Hat

  2. Unzip the downloaded file on your local machine

  3. Place the extracted rosa and kubectl executables in your OS path or local directory

  4. Log in to ROSA

rosa login

You will be prompted to enter in the Red Hat Offline Access Token you retrieved earlier and should receive the following message

Logged in as <email address> on 'https://api.openshift.com'

Verify ROSA privileges

Verify that ROSA has the minimal permissions

rosa verify permissions

Expected output: AWS SCP policies ok

Verify that ROSA has the minimal quota

rosa verify quota

Expected output: AWS quota ok

Initialize ROSA

Initialize the ROSA CLI to complete the remaining validation checks and configurations

rosa init

Deploy Red Hat OpenShift on AWS (ROSA)

Interactive Installation

ROSA can be installed using command line parameters or in interactive mode. For an interactive installation run the following command

rosa create cluster --interactive --mode auto

As part of the interactive install you will be required to enter the following parameters or accept the default values (if applicable)

Cluster name:
Multiple availability zones (y/N):
AWS region (select):
OpenShift version (select):
Install into an existing VPC (y/N):
Compute nodes instance type (optional):
Enable autoscaling (y/N):
Compute nodes [2]:
Machine CIDR [10.0.0.0/16]:
Service CIDR [172.30.0.0/16]:
Pod CIDR [10.128.0.0/14]:
Host prefix [23]:
Private cluster (y/N):

Note: the installation process should take between 30 - 45 minutes

To get the web console link run the following command.

Substitute your actual cluster name for <cluster-name>

rosa describe cluster --cluster=<cluster-name>

Create cluster-admin user

By default, only the OpenShift SRE team will have access to the ROSA cluster. To add a local admin user, run the following command to create the cluster-admin account in your cluster.

Substitute your actual cluster name for <cluster-name>

rosa create admin --cluster=<cluster-name>

Refresh your web browser and you should see the cluster-admin option to log in

Delete Red Hat OpenShift on AWS (ROSA)

Deleting a ROSA cluster consists of two parts

  1. Delete the cluster instance, including the removal of AWS resources.

Substitute your actual cluster name for <cluster-name>

rosa delete cluster --cluster=<cluster-name>

Delete Cluster’s operator-roles and oidc-provider as shown in the above delete cluster command’s output. For e.g.

rosa delete operator-roles -c <cluster-name>
rosa delete oidc-provider -c <cluster-name>
  1. Delete the CloudFormation stack, including the removal of the osdCcsAdmin user
rosa init --delete-stack