|
| 1 | +// Module included in the following assemblies: |
| 2 | +// |
| 3 | +// * rosa_hcp/rosa-hcp-disconnected-install.adoc |
| 4 | + |
| 5 | +:_mod-docs-content-type: PROCEDURE |
| 6 | +[id="rosa-hcp-sts-creating-a-cluster-egress-lockdown-cli_{context}"] |
| 7 | += Creating a {hcp-title} cluster with egress lockdown using the CLI |
| 8 | + |
| 9 | +When using the {product-title} (ROSA) command-line interface (CLI), `rosa`, to create a cluster, you can select the default options to create the cluster quickly. |
| 10 | + |
| 11 | +.Prerequisites |
| 12 | + |
| 13 | +* You have completed the AWS prerequisites for {hcp-title}. |
| 14 | +* You have available AWS service quotas. |
| 15 | +* You have enabled the ROSA service in the AWS Console. |
| 16 | +* You have installed and configured the latest ROSA CLI (`rosa`) on your installation host. Run `rosa version` to see your currently installed version of the ROSA CLI. If a newer version is available, the CLI provides a link to download this upgrade. |
| 17 | +* You have logged in to your Red{nbsp}Hat account by using the ROSA CLI. |
| 18 | +* You have created an OIDC configuration. |
| 19 | +* You have verified that the AWS Elastic Load Balancing (ELB) service role exists in your AWS account. |
| 20 | +
|
| 21 | +.Procedure |
| 22 | + |
| 23 | +. Use one of the following commands to create your {hcp-title} cluster: |
| 24 | ++ |
| 25 | +[NOTE] |
| 26 | +==== |
| 27 | +When creating a {hcp-title} cluster, the default machine Classless Inter-Domain Routing (CIDR) is `10.0.0.0/16`. If this does not correspond to the CIDR range for your VPC subnets, add `--machine-cidr <address_block>` to the following commands. To learn more about the default CIDR ranges for {product-title}, see the CIDR range definitions. |
| 28 | +==== |
| 29 | ++ |
| 30 | +* If you did not set environment variables, run the following command: |
| 31 | ++ |
| 32 | +[source,terminal] |
| 33 | +---- |
| 34 | +$ rosa create cluster --cluster-name=<cluster_name> \ <.> |
| 35 | + --mode=auto --hosted-cp [--private] \ <.> |
| 36 | + --operator-roles-prefix <operator-role-prefix> \ <.> |
| 37 | + --oidc-config-id <id-of-oidc-configuration> \ |
| 38 | + --subnet-ids=<private-subnet-id> --region <region> \ |
| 39 | + --machine-cidr 10.0.0.0/16 --service-cidr 172.30.0.0/16 \ |
| 40 | + --pod-cidr 10.128.0.0/14 --host-prefix 23 \ |
| 41 | + --billing-account <root-acct-id> \ <.> |
| 42 | + --properties zero_egress:true |
| 43 | +---- |
| 44 | ++ |
| 45 | +-- |
| 46 | +<.> Specify the name of your cluster. If your cluster name is longer than 15 characters, it will contain an autogenerated domain prefix as a subdomain for your provisioned cluster on openshiftapps.com. To customize the subdomain, use the `--domain-prefix` flag. The domain prefix cannot be longer than 15 characters, must be unique, and cannot be changed after cluster creation. |
| 47 | +<.> By default, the cluster-specific Operator role names are prefixed with the cluster name and a random 4-digit hash. You can optionally specify a custom prefix to replace `<cluster_name>-<hash>` in the role names. The prefix is applied when you create the cluster-specific Operator IAM roles. For information about the prefix, see _About custom Operator IAM role prefixes_. |
| 48 | ++ |
| 49 | +[NOTE] |
| 50 | +==== |
| 51 | +If you specified custom ARN paths when you created the associated account-wide roles, the custom path is automatically detected. The custom path is applied to the cluster-specific Operator roles when you create them in a later step. |
| 52 | +==== |
| 53 | +<.> Provide the AWS account that is responsible for all billing. |
| 54 | +-- |
| 55 | +
|
| 56 | +* If you set the environment variables, create a cluster with egress lockdown that has a single, initial machine pool, using a privately available API, and a privately available Ingress by running the following command: |
| 57 | ++ |
| 58 | +[source,terminal] |
| 59 | +---- |
| 60 | +$ rosa create cluster --private --cluster-name=<cluster_name> \ |
| 61 | + --mode=auto --hosted-cp --operator-roles-prefix=$OPERATOR_ROLES_PREFIX \ |
| 62 | + --oidc-config-id=$OIDC_ID --subnet-ids=$SUBNET_IDS \ |
| 63 | + --region <region> --machine-cidr 10.0.0.0/16 --service-cidr 172.30.0.0/16 \ |
| 64 | + --pod-cidr 10.128.0.0/14 --host-prefix 23 --billing-account <root-acct-id> \ |
| 65 | + --private --properties zero_egress:true |
| 66 | +---- |
| 67 | ++ |
| 68 | +. Check the status of your cluster by running the following command: |
| 69 | ++ |
| 70 | +[source,terminal] |
| 71 | +---- |
| 72 | +$ rosa describe cluster --cluster=<cluster_name> |
| 73 | +---- |
| 74 | ++ |
| 75 | +The following `State` field changes are listed in the output as cluster installation progresses: |
| 76 | ++ |
| 77 | +* `pending (Preparing account)` |
| 78 | +* `installing (DNS setup in progress)` |
| 79 | +* `installing` |
| 80 | +* `ready` |
| 81 | ++ |
| 82 | +[NOTE] |
| 83 | +==== |
| 84 | +If the installation fails or the `State` field does not change to `ready` after more than 10 minutes, check the installation troubleshooting documentation for details. For more information, see _Troubleshooting installations_. For steps to contact Red{nbsp}Hat Support for assistance, see _Getting support for Red{nbsp}Hat OpenShift Service on AWS_. |
| 85 | +==== |
| 86 | ++ |
| 87 | +. Track the cluster creation progress by watching the {product-title} installation program logs. To check the logs, run the following command: |
| 88 | ++ |
| 89 | +[source,terminal] |
| 90 | +---- |
| 91 | +$ rosa logs install --cluster=<cluster_name> --watch \ <.> |
| 92 | +---- |
| 93 | +<.> Optional: To watch for new log messages as the installation progresses, use the `--watch` argument. |
0 commit comments