forked from openshift/openshift-docs
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
OSDOCS-3454 - Adding ROSA UI cluster creation procedures
- Loading branch information
1 parent
4c3b290
commit 2dc16c3
Showing
17 changed files
with
873 additions
and
113 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
17 changes: 17 additions & 0 deletions
17
modules/rosa-creating-operator-roles-and-oidc-manually-ocm.adoc
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,17 @@ | ||
| // Module included in the following assemblies: | ||
| // | ||
| // * rosa_getting_started_sts/rosa_creating_a_cluster_with_sts/rosa-sts-creating-a-cluster-with-customizations.adoc | ||
|
|
||
| :_content-type: CONCEPT | ||
| [id="rosa-creating-operator-roles-and-oidc-manually-ocm_{context}"] | ||
| = Creating the Operator roles and OIDC provider using {cluster-manager} | ||
|
|
||
| If you use {cluster-manager-first} to install your cluster and opt to create the required AWS IAM Operator roles and the OIDC provider using `manual` mode, you are prompted to select one of the following methods to install the resources. The options are provided to enable you to choose a resource creation method that suits the needs of your organization: | ||
|
|
||
| //CloudFormation:: You can use this method to create the Operator roles and the OIDC provider from the CLI using an AWS CloudFormation template and a parameter file. For more information about AWS CloudFormation, see the link:https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/Welcome.html[AWS documentation]. | ||
|
|
||
| AWS CLI (`aws`):: With this method, you can download and extract an archive file that contains the `aws` commands and policy files required to create the IAM resources. Run the provided CLI commands from the directory that contains the policy files to create the Operator roles and the OIDC provider. | ||
|
|
||
| ROSA CLI (`rosa`):: You can run the commands provided by this method to create the Operator roles and the OIDC provider for your cluster using `rosa`. | ||
|
|
||
| If you use `auto` mode, {cluster-manager} creates the Operator roles and the OIDC provider automatically, using the permissions provided through the {cluster-manager} IAM role. To use this feature, you must apply admin privileges to the role. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,20 @@ | ||
| // Module included in the following assemblies: | ||
| // | ||
| // * rosa_getting_started/rosa-sts-about-iam-resources.adoc | ||
|
|
||
| :_content-type: CONCEPT | ||
| [id="rosa-sts-about-operator-role-prefixes_{context}"] | ||
| = About custom Operator IAM role prefixes | ||
|
|
||
| Each {product-title} (ROSA) cluster that uses the AWS Security Token Service (STS) requires cluster-specific Operator IAM roles. | ||
|
|
||
| By default, the Operator role names are prefixed with the cluster name and a random 4-digit hash. For example, the Cloud Credential Operator IAM role for a cluster named `mycluster` has the default name `mycluster-<hash>-openshift-cloud-credential-operator-cloud-credentials`, where `<hash>` is a random 4-digit string. | ||
|
|
||
| This default naming convention enables you to easily identify the Operator IAM roles for a cluster in your AWS account. | ||
|
|
||
| When you create the Operator roles for a cluster, you can optionally specify a custom prefix to use instead of `<cluster_name>-<hash>`. By using a custom prefix, you can prepend logical identifiers to your Operator role names to meet the requirements of your environment. For example, you might prefix the cluster name and the environment type, such as `mycluster-dev`. In that example, the Cloud Credential Operator role name with the custom prefix is `mycluster-dev-openshift-cloud-credential-operator-cloud-credenti`. | ||
|
|
||
| [NOTE] | ||
| ==== | ||
| The role names are truncated to 64 characters. | ||
| ==== |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,79 @@ | ||
| // Module included in the following assemblies: | ||
| // | ||
| // * rosa_getting_started_sts/rosa_creating_a_cluster_with_sts/rosa-sts-creating-a-cluster-quickly.adoc | ||
| // * rosa_getting_started/rosa-getting-started.adoc | ||
|
|
||
| :_content-type: PROCEDURE | ||
| [id="rosa-sts-creating-cluster-using-defaults-cli_{context}"] | ||
| = Creating a cluster with the default options using the CLI | ||
|
|
||
| When using the {product-title} (ROSA) CLI (`rosa`) to create a cluster that uses the AWS Security Token Service (STS), you can select the default options to create the cluster quickly. | ||
|
|
||
| .Prerequisites | ||
|
|
||
| * You have completed the AWS prerequisites for ROSA with STS. | ||
| * You have available AWS service quotas. | ||
| * You have enabled the ROSA service in the AWS Console. | ||
| * You have installed and configured the latest ROSA CLI (`rosa`) on your installation host. | ||
| + | ||
| [NOTE] | ||
| ==== | ||
| To successfully install ROSA 4.10 clusters, use the latest version of the ROSA CLI. | ||
| ==== | ||
| * You have logged in to your Red Hat account by using the `rosa` CLI. | ||
| * You have verified that the AWS Elastic Load Balancing (ELB) service role exists in your AWS account. | ||
| .Procedure | ||
|
|
||
| . Create the required account-wide roles and policies, including the Operator policies: | ||
| + | ||
| [source,terminal] | ||
| ---- | ||
| $ rosa create account-roles --mode auto | ||
| ---- | ||
| + | ||
| [NOTE] | ||
| ==== | ||
| When using `auto` mode, you can optionally specify the `-y` argument to bypass the interactive prompts and automatically confirm operations. | ||
| ==== | ||
|
|
||
| . Create a cluster with STS using the defaults. When you use the defaults, the latest stable OpenShift version is installed: | ||
| + | ||
| [source,terminal] | ||
| ---- | ||
| $ rosa create cluster --cluster-name <cluster_name> --sts --mode auto <1> | ||
| ---- | ||
| <1> Replace `<cluster_name>` with the name of your cluster. | ||
| + | ||
| [NOTE] | ||
| ==== | ||
| When you specify `--mode auto`, the `rosa create cluster` command creates the cluster-specific Operator IAM roles and the OIDC provider automatically. The Operators use the OIDC provider to authenticate. | ||
| ==== | ||
|
|
||
| . Check the status of your cluster: | ||
| + | ||
| [source,terminal] | ||
| ---- | ||
| $ rosa describe cluster --cluster <cluster_name|cluster_id> | ||
| ---- | ||
| + | ||
| The following `State` field changes are listed in the output as the cluster installation progresses: | ||
| + | ||
| * `waiting (Waiting for OIDC configuration)` | ||
| * `pending (Preparing account)` | ||
| * `installing (DNS setup in progress)` | ||
| * `installing` | ||
| * `ready` | ||
| + | ||
| [NOTE] | ||
| ==== | ||
| If the installation fails or the `State` field does not change to `ready` after about 40 minutes, check the installation troubleshooting documentation for details. For more information, see _Troubleshooting installations_. For steps to contact Red Hat Support for assistance, see _Getting support for Red Hat OpenShift Service on AWS_. | ||
| ==== | ||
|
|
||
| . Track the progress of the cluster creation by watching the OpenShift installer logs: | ||
| + | ||
| [source,terminal] | ||
| ---- | ||
| $ rosa logs install --cluster <cluster_name|cluster_id> --watch <1> | ||
| ---- | ||
| <1> Specify the `--watch` flag to watch for new log messages as the installation progresses. This argument is optional. |
Oops, something went wrong.