Create an OpenShift cluster on AWS (ROSA)

Create OpenShift cluster on AWS (ROSA)

  1. Create account role
rosa create account-roles

ROSA

  1. Check the created role

    • Access to IAM
    • Select Roles
    • Find ManagedOpenShift roles

ROSA

  1. Create an OpenShift cluster

    • Initialize a cluster with default configs of ROSA

    • You can initialize an OpenShift cluster with default configurations by running the following command

rosa create cluster --cluster-name rosa-lab --sts --mode auto --yes

ROSA

  1. However, for a deeper dive, let’s initialize the cluster and customize the configs.

    • Create a cluster and customize the config
rosa create cluster --sts

  • Cluster name: rosa-lab

    • OpenShift version: In this lab, we will use version 4.10.16
    • Installer role ARN: Select the ARN corresponding to the role created in the previous step
    • External ID (optional): This field will be used when we want to assume role from another account. In this lab, we will leave it blank
    • Operator roles prefix: to default
    • Multiple availability zones (optional): Select yes if you want the EC2 instances in the cluster to be spread across different AZs. In this lab, we will choose Yes
    • AWS region: ap-southeast-1
    • PrivateLink cluster (optional): No
      • Select yes if you want Red Hat to use AWS’s Private Link to manage and monitor the openshift cluster
    • Install into an existing VPC (optional): No
      • Select yes if you want to install the cluster into an existing VPC
    • Enable Customer Managed key (optional): No Select if you want to use the managed key to encrypt the EBS volume corresponding to the instances in the cluster
    • Compute nodes instance type (optional): c5.xlarge (cheapest)
    • Enable autoscaling (optional): No
    • Compute nodes: 3
    • Machine CIDR: 10.0.0.0/16 (default)
    • Service CIDR: 172.30.0.0/16 (default)
    • ** CIDR Pod:** 10.128.0.0/14 (default)
    • Host prefix: 26
    • Encrypt etcd data (optional): No
      • Select yes if you want to encrypt the content in etcd (including resources of Kubernetes API and OpenShift API such as Secrets, ConfigMaps, Routes, OAuth access tokens, OAuth authorize tokens)
    • Disable Workload monitoring (optional): No
      • Select yes if you want to disable monitoring for the cluster

  • Run 2 commands to create role for operator and Open ID Connect identity provider, leave default options

rosa create operator-roles --cluster rosa-lab --region ap-southeast-1
rosa create oidc-provider --cluster rosa-lab --region ap-southeast-1
  1. Cluster will take about 40 minutes to initialize. When the state value is displayed as ready, the cluster has been created successfully. Check cluster list
rosa list clusters

ROSA

  1. Access the OpenShift interface to view the created cluster.

ROSA

  1. To view cluster details
rosa describe cluster -c rosa-lab

ROSA

  1. You can see the log of the cluster
rosa logs install -c rosa-lab --watch

ROSA