diff --git a/modules/rosa-hcp-creating-account-wide-sts-roles-and-policies.adoc b/modules/rosa-hcp-creating-account-wide-sts-roles-and-policies.adoc index 3dd5019ffe..7a8aee341c 100644 --- a/modules/rosa-hcp-creating-account-wide-sts-roles-and-policies.adoc +++ b/modules/rosa-hcp-creating-account-wide-sts-roles-and-policies.adoc @@ -24,7 +24,7 @@ Before using the {product-title} (ROSA) CLI (`rosa`) to create {hcp-title-first} + [source,terminal] ---- -$ rosa create account-roles --hosted-cp +$ rosa create account-roles --hosted-cp --mode auto --yes ---- ** Optional: Set your prefix as an environmental variable by running the following command: + @@ -32,12 +32,5 @@ $ rosa create account-roles --hosted-cp ---- $ export ACCOUNT_ROLES_PREFIX="${ACCOUNT_ROLES_PREFIX}" ---- -+ -Then, run the following command to create your account roles with the environmental variable: -+ -[source,terminal] ----- -$ rosa create account-roles --hosted-cp --prefix $ACCOUNT_ROLES_PREFIX ----- -For more information regarding AWS managed IAM policies for ROSA, see link:https://docs.aws.amazon.com/ROSA/latest/userguide/security-iam-awsmanpol.html[AWS managed IAM policies for ROSA]. +For more information regarding AWS managed IAM policies for ROSA, see link:https://docs.aws.amazon.com/ROSA/latest/userguide/security-iam-awsmanpol.html[AWS managed IAM policies for ROSA]. \ No newline at end of file diff --git a/modules/rosa-hcp-vpc-manual.adoc b/modules/rosa-hcp-vpc-manual.adoc index b16daaa5a9..7199b93b43 100644 --- a/modules/rosa-hcp-vpc-manual.adoc +++ b/modules/rosa-hcp-vpc-manual.adoc @@ -23,7 +23,7 @@ If you choose to manually create your Virtual Private Cloud (VPC) instead of usi | You need one availability zone for a single zone, and you need three for availability zones for multi-zone. | Public subnet -| You must have one public subnet with a NAT gateway. +| You must have one public subnet with a NAT gateway for public clusters. Private clusters do not need a public subnet. | DNS hostname and resolution | You must ensure that the DNS hostname and resolution are enabled. diff --git a/modules/rosa-hcp-vpc-subnet-tagging.adoc b/modules/rosa-hcp-vpc-subnet-tagging.adoc new file mode 100644 index 0000000000..78a64e266a --- /dev/null +++ b/modules/rosa-hcp-vpc-subnet-tagging.adoc @@ -0,0 +1,81 @@ +// Module included in the following assemblies: +// +// * rosa_hcp/rosa-hcp-sts-creating-a-cluster-quickly.adoc +:_mod-docs-content-type: PROCEDURE +[id="rosa-hcp-vpc-subnet-tagging_{context}"] += Tagging your subnets + +Before you can use your VPC to create a {hcp-title} cluster, you must tag your VPC subnets. Automated service preflight checks verify that these resources are tagged correctly before you can use these resources. The following table shows how your resources should be tagged as the following: + +[cols="3a,8a,8a", options="header"] +|=== +| Resource +| Key +| Value + +| Public subnet +| `kubernetes.io/role/elb` +| `1` or no value + +| Private subnet +| `kubernetes.io/role/internal-elb` +| `1` or no value + +|=== + +[NOTE] +==== +You must tag at least one private subnet and, if applicable, and one public subnet. +==== + +.Prerequisites + +* You have created a VPC. +* You have installed the `aws` CLI. + +.Procedure + +. Verify the tags currently on your subnet by running the following command: ++ +[source,terminal] +---- +$ aws ec2 describe-tags --filters "Name=resource-id,Values=" +---- ++ +.Example output ++ +[source,text] +---- +TAGS Name subnet -subnet-public1-us-east-1a +---- + +. Tag your resources in your terminal by running the following commands: +.. For public subnets, run: ++ +[source,terminal] +---- +$ aws ec2 create-tags --resources --tags Key=kubernetes.io/role/elb,Value=1 +---- +.. For private subnets, run: ++ +[source,terminal] +---- +$ aws ec2 create-tags --resources --tags Key=kubernetes.io/role/internal-elb,Value=1 +---- + +.Verification + +. Verify that the tag is correctly applied by running the following command: ++ +[source,terminal] +---- +$ aws ec2 describe-tags --filters "Name=resource-id,Values=" +---- ++ +.Example output ++ +[source,text] +---- +TAGS Name subnet -subnet-public1-us-east-1a +TAGS kubernetes.io/role/elb subnet 1 +---- \ No newline at end of file diff --git a/rosa_hcp/rosa-hcp-sts-creating-a-cluster-quickly.adoc b/rosa_hcp/rosa-hcp-sts-creating-a-cluster-quickly.adoc index 2788090cb2..73f404a5ac 100644 --- a/rosa_hcp/rosa-hcp-sts-creating-a-cluster-quickly.adoc +++ b/rosa_hcp/rosa-hcp-sts-creating-a-cluster-quickly.adoc @@ -92,7 +92,9 @@ include::modules/rosa-hcp-vpc-terraform.adoc[leveloffset=+3] * See the link:https://github.com/openshift-cs/terraform-vpc-example[Terraform VPC] repository for a detailed list of all options available when customizing the VPC for your needs. [discrete] -include::modules/rosa-hcp-vpc-manual.adoc[leveloffset=+3] +include::modules/rosa-hcp-vpc-manual.adoc[leveloffset=+2] +[discrete] +include::modules/rosa-hcp-vpc-subnet-tagging.adoc[leveloffset=+2] [role="_additional-resources"] [id="additional-resources_rosa-hcp-vpc-aws"] @@ -100,6 +102,7 @@ include::modules/rosa-hcp-vpc-manual.adoc[leveloffset=+3] * link:https://docs.aws.amazon.com/vpc/latest/userguide/vpc-getting-started.html[Get Started with Amazon VPC] * link:https://developer.hashicorp.com/terraform[HashiCorp Terraform documentation] +* link:https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.2/deploy/subnet_discovery/[Subnet Auto Discovery] include::modules/rosa-hcp-creating-account-wide-sts-roles-and-policies.adoc[leveloffset=+2]