|
| 1 | +:_mod-docs-content-type: ASSEMBLY |
| 2 | +[id="cloud-experts-getting-started-hcp-guide-for-classic"] |
| 3 | += Tutorial: Hosted control plane (HCP) guide |
| 4 | +include::_attributes/attributes-openshift-dedicated.adoc[] |
| 5 | +include::_attributes/common-attributes.adoc[] |
| 6 | +:context: cloud-experts-getting-started-hcp |
| 7 | + |
| 8 | +toc::[] |
| 9 | + |
| 10 | +//rosaworkshop.io content metadata |
| 11 | +//Brought into ROSA product docs 2023-11-21 |
| 12 | +//Updated for HCP 2024-07-01 |
| 13 | + |
| 14 | +Follow this workshop to deploy a sample {hcp-title-first} cluster. You can then use your cluster in the next tutorials. |
| 15 | + |
| 16 | +.Tutorial objectives |
| 17 | + |
| 18 | +* Learn to create your cluster prerequisites: |
| 19 | +** Create a sample virtual private cloud (VPC) |
| 20 | +** Create sample OpenID Connect (OIDC) resources |
| 21 | +* Create sample environment variables |
| 22 | +* Deploy a sample ROSA cluster |
| 23 | +
|
| 24 | +.Prerequisites |
| 25 | + |
| 26 | +* ROSA version 1.2.31 or later |
| 27 | +* Amazon Web Service (AWS) command line interface (CLI) |
| 28 | +* ROSA CLI (`rosa`) |
| 29 | +
|
| 30 | +== Creating your cluster prerequisites |
| 31 | + |
| 32 | +Before deploying a {hcp-title} cluster, you must have both a VPC and OIDC resources. We will create these resources first. ROSA uses the bring your own VPC (BYO-VPC) model. |
| 33 | + |
| 34 | +=== Creating a VPC |
| 35 | +. Make sure your AWS CLI (`aws`) is configured to use a region where ROSA is available. See the regions supported by the AWS CLI by running the following command: |
| 36 | ++ |
| 37 | +[source,terminal] |
| 38 | +---- |
| 39 | +$ rosa list regions --hosted-cp |
| 40 | +---- |
| 41 | + |
| 42 | +. Create the VPC. For this tutorial, the following link:https://github.com/openshift-cs/rosaworkshop/blob/master/rosa-workshop/rosa/resources/setup-vpc.sh[script] creates the VPC and its required components. It uses the region configured in your `aws` CLI. |
| 43 | ++ |
| 44 | +[source,bash] |
| 45 | +---- |
| 46 | +#!/bin/bash |
| 47 | +
|
| 48 | +set -e |
| 49 | +########## |
| 50 | +# This script will create the network requirements for a ROSA cluster. This will be |
| 51 | +# a public cluster. This creates: |
| 52 | +# - VPC |
| 53 | +# - Public and private subnets |
| 54 | +# - Internet Gateway |
| 55 | +# - Relevant route tables |
| 56 | +# - NAT Gateway |
| 57 | +# |
| 58 | +# This will automatically use the region configured for the aws cli |
| 59 | +# |
| 60 | +########## |
| 61 | +
|
| 62 | +VPC_CIDR=10.0.0.0/16 |
| 63 | +PUBLIC_CIDR_SUBNET=10.0.1.0/24 |
| 64 | +PRIVATE_CIDR_SUBNET=10.0.0.0/24 |
| 65 | +
|
| 66 | +# Create VPC |
| 67 | +echo -n "Creating VPC..." |
| 68 | +VPC_ID=$(aws ec2 create-vpc --cidr-block $VPC_CIDR --query Vpc.VpcId --output text) |
| 69 | +
|
| 70 | +# Create tag name |
| 71 | +aws ec2 create-tags --resources $VPC_ID --tags Key=Name,Value=$CLUSTER_NAME |
| 72 | +
|
| 73 | +# Enable dns hostname |
| 74 | +aws ec2 modify-vpc-attribute --vpc-id $VPC_ID --enable-dns-hostnames |
| 75 | +echo "done." |
| 76 | +
|
| 77 | +# Create Public Subnet |
| 78 | +echo -n "Creating public subnet..." |
| 79 | +PUBLIC_SUBNET_ID=$(aws ec2 create-subnet --vpc-id $VPC_ID --cidr-block $PUBLIC_CIDR_SUBNET --query Subnet.SubnetId --output text) |
| 80 | +
|
| 81 | +aws ec2 create-tags --resources $PUBLIC_SUBNET_ID --tags Key=Name,Value=$CLUSTER_NAME-public |
| 82 | +echo "done." |
| 83 | +
|
| 84 | +# Create private subnet |
| 85 | +echo -n "Creating private subnet..." |
| 86 | +PRIVATE_SUBNET_ID=$(aws ec2 create-subnet --vpc-id $VPC_ID --cidr-block $PRIVATE_CIDR_SUBNET --query Subnet.SubnetId --output text) |
| 87 | +
|
| 88 | +aws ec2 create-tags --resources $PRIVATE_SUBNET_ID --tags Key=Name,Value=$CLUSTER_NAME-private |
| 89 | +echo "done." |
| 90 | +
|
| 91 | +# Create an internet gateway for outbound traffic and attach it to the VPC. |
| 92 | +echo -n "Creating internet gateway..." |
| 93 | +IGW_ID=$(aws ec2 create-internet-gateway --query InternetGateway.InternetGatewayId --output text) |
| 94 | +echo "done." |
| 95 | +
|
| 96 | +aws ec2 create-tags --resources $IGW_ID --tags Key=Name,Value=$CLUSTER_NAME |
| 97 | +
|
| 98 | +aws ec2 attach-internet-gateway --vpc-id $VPC_ID --internet-gateway-id $IGW_ID > /dev/null 2>&1 |
| 99 | +echo "Attached IGW to VPC." |
| 100 | +
|
| 101 | +# Create a route table for outbound traffic and associate it to the public subnet. |
| 102 | +echo -n "Creating route table for public subnet..." |
| 103 | +PUBLIC_ROUTE_TABLE_ID=$(aws ec2 create-route-table --vpc-id $VPC_ID --query RouteTable.RouteTableId --output text) |
| 104 | +
|
| 105 | +aws ec2 create-tags --resources $PUBLIC_ROUTE_TABLE_ID --tags Key=Name,Value=$CLUSTER_NAME |
| 106 | +echo "done." |
| 107 | +
|
| 108 | +aws ec2 create-route --route-table-id $PUBLIC_ROUTE_TABLE_ID --destination-cidr-block 0.0.0.0/0 --gateway-id $IGW_ID > /dev/null 2>&1 |
| 109 | +echo "Created default public route." |
| 110 | +
|
| 111 | +aws ec2 associate-route-table --subnet-id $PUBLIC_SUBNET_ID --route-table-id $PUBLIC_ROUTE_TABLE_ID > /dev/null 2>&1 |
| 112 | +echo "Public route table associated" |
| 113 | +
|
| 114 | +# Create a NAT gateway in the public subnet for outgoing traffic from the private network. |
| 115 | +echo -n "Creating NAT Gateway..." |
| 116 | +NAT_IP_ADDRESS=$(aws ec2 allocate-address --domain vpc --query AllocationId --output text) |
| 117 | +
|
| 118 | +NAT_GATEWAY_ID=$(aws ec2 create-nat-gateway --subnet-id $PUBLIC_SUBNET_ID --allocation-id $NAT_IP_ADDRESS --query NatGateway.NatGatewayId --output text) |
| 119 | +
|
| 120 | +aws ec2 create-tags --resources $NAT_IP_ADDRESS --resources $NAT_GATEWAY_ID --tags Key=Name,Value=$CLUSTER_NAME |
| 121 | +sleep 10 |
| 122 | +echo "done." |
| 123 | +
|
| 124 | +# Create a route table for the private subnet to the NAT gateway. |
| 125 | +echo -n "Creating a route table for the private subnet to the NAT gateway..." |
| 126 | +PRIVATE_ROUTE_TABLE_ID=$(aws ec2 create-route-table --vpc-id $VPC_ID --query RouteTable.RouteTableId --output text) |
| 127 | +
|
| 128 | +aws ec2 create-tags --resources $PRIVATE_ROUTE_TABLE_ID $NAT_IP_ADDRESS --tags Key=Name,Value=$CLUSTER_NAME-private |
| 129 | + |
| 130 | +aws ec2 create-route --route-table-id $PRIVATE_ROUTE_TABLE_ID --destination-cidr-block 0.0.0.0/0 --gateway-id $NAT_GATEWAY_ID > /dev/null 2>&1 |
| 131 | +
|
| 132 | +aws ec2 associate-route-table --subnet-id $PRIVATE_SUBNET_ID --route-table-id $PRIVATE_ROUTE_TABLE_ID > /dev/null 2>&1 |
| 133 | +
|
| 134 | +echo "done." |
| 135 | +
|
| 136 | +# echo "***********VARIABLE VALUES*********" |
| 137 | +# echo "VPC_ID="$VPC_ID |
| 138 | +# echo "PUBLIC_SUBNET_ID="$PUBLIC_SUBNET_ID |
| 139 | +# echo "PRIVATE_SUBNET_ID="$PRIVATE_SUBNET_ID |
| 140 | +# echo "PUBLIC_ROUTE_TABLE_ID="$PUBLIC_ROUTE_TABLE_ID |
| 141 | +# echo "PRIVATE_ROUTE_TABLE_ID="$PRIVATE_ROUTE_TABLE_ID |
| 142 | +# echo "NAT_GATEWAY_ID="$NAT_GATEWAY_ID |
| 143 | +# echo "IGW_ID="$IGW_ID |
| 144 | +# echo "NAT_IP_ADDRESS="$NAT_IP_ADDRESS |
| 145 | +
|
| 146 | +echo "Setup complete." |
| 147 | +echo "" |
| 148 | +echo "To make the cluster create commands easier, please run the following commands to set the environment variables:" |
| 149 | +echo "export PUBLIC_SUBNET_ID=$PUBLIC_SUBNET_ID" |
| 150 | +echo "export PRIVATE_SUBNET_ID=$PRIVATE_SUBNET_ID" |
| 151 | +---- |
| 152 | ++ |
| 153 | +[role="_additional-resources"] |
| 154 | +.Additional resources |
| 155 | +* For more about VPC requirements, see the xref:../../../rosa_planning/rosa-sts-aws-prereqs.adoc#rosa-vpc_rosa-sts-aws-prereqs[VPC documentation]. |
| 156 | + |
| 157 | +. The script outputs commands. Set the commands as environment variables to store the subnet IDs for later use. Copy and run the commands: |
| 158 | ++ |
| 159 | +[source,terminal] |
| 160 | +---- |
| 161 | +$ export PUBLIC_SUBNET_ID=$PUBLIC_SUBNET_ID |
| 162 | +$ export PRIVATE_SUBNET_ID=$PRIVATE_SUBNET_ID |
| 163 | +---- |
| 164 | + |
| 165 | +. Confirm your environment variables by running the following command: |
| 166 | ++ |
| 167 | +[source,terminal] |
| 168 | +---- |
| 169 | +$ echo "Public Subnet: $PUBLIC_SUBNET_ID"; echo "Private Subnet: $PRIVATE_SUBNET_ID" |
| 170 | +---- |
| 171 | ++ |
| 172 | +.Example output |
| 173 | ++ |
| 174 | +[source,terminal] |
| 175 | +---- |
| 176 | +Public Subnet: subnet-0faeeeb0000000000 |
| 177 | +Private Subnet: subnet-011fe340000000000 |
| 178 | +---- |
| 179 | + |
| 180 | +=== Creating your OIDC configuration |
| 181 | +In this tutorial, we will use the automatic mode when creating the OIDC configuration. We will also store the OIDC ID as an environment variable for later use. The command uses the ROSA CLI to create your cluster's unique OIDC configuration. |
| 182 | + |
| 183 | +* Create the OIDC configuration by running the following command: |
| 184 | ++ |
| 185 | +[source,terminal] |
| 186 | +---- |
| 187 | +$ export OIDC_ID=$(rosa create oidc-config --mode auto --managed --yes -o json | jq -r '.id') |
| 188 | +---- |
| 189 | + |
| 190 | +== Creating additional environment variables |
| 191 | + |
| 192 | +* Run the following command to set up environment variables. These variables make it easier to run the command to create a ROSA cluster: |
| 193 | ++ |
| 194 | +[source,terminal] |
| 195 | +---- |
| 196 | +$ export CLUSTER_NAME=<cluster_name> |
| 197 | +$ export REGION=<VPC_region> |
| 198 | +---- |
| 199 | ++ |
| 200 | +[TIP] |
| 201 | +==== |
| 202 | +Run `rosa whoami` to find the VPC region. |
| 203 | +==== |
| 204 | + |
| 205 | +== Creating a cluster |
| 206 | + |
| 207 | +. *Optional:* Run the following command to create the account-wide roles and policies, including the Operator policies and the AWS IAM roles and policies: |
| 208 | ++ |
| 209 | +[IMPORTANT] |
| 210 | +==== |
| 211 | +Only complete this step if this is the _first time_ you are deploying ROSA in this account and you have _not_ yet created your account roles and policies. |
| 212 | +==== |
| 213 | ++ |
| 214 | +[source,terminal] |
| 215 | +---- |
| 216 | +$ rosa create account-roles --mode auto --yes |
| 217 | +---- |
| 218 | + |
| 219 | +. Run the following command to create the cluster: |
| 220 | ++ |
| 221 | +[source,terminal] |
| 222 | +---- |
| 223 | +$ rosa create cluster --cluster-name $CLUSTER_NAME \ |
| 224 | +--subnet-ids ${PUBLIC_SUBNET_ID},${PRIVATE_SUBNET_ID} \ |
| 225 | +--hosted-cp \ |
| 226 | +--region $REGION \ |
| 227 | +--oidc-config-id $OIDC_ID \ |
| 228 | +--sts --mode auto --yes |
| 229 | +---- |
| 230 | + |
| 231 | +The cluster is ready after about 10 minutes. The cluster will have a control plane across three AWS availability zones in your selected region and create two worker nodes in your AWS account. |
| 232 | + |
| 233 | +== Checking the installation status |
| 234 | +. Run one of the following commands to check the status of the cluster: |
| 235 | ++ |
| 236 | +* For a detailed view of the cluster status, run: |
| 237 | ++ |
| 238 | +[source,terminal] |
| 239 | +---- |
| 240 | +$ rosa describe cluster --cluster $CLUSTER_NAME |
| 241 | +---- |
| 242 | ++ |
| 243 | +* For an abridged view of the cluster status, run: |
| 244 | ++ |
| 245 | +[source,terminal] |
| 246 | +---- |
| 247 | +$ rosa list clusters |
| 248 | +---- |
| 249 | ++ |
| 250 | +* To watch the log as it progresses, run: |
| 251 | ++ |
| 252 | +[source,terminal] |
| 253 | +---- |
| 254 | +$ rosa logs install --cluster $CLUSTER_NAME --watch |
| 255 | +---- |
| 256 | + |
| 257 | +. Once the state changes to “ready” your cluster is installed. It might take a few more minutes for the worker nodes to come online. |
0 commit comments