mirror of
https://github.com/openshift/openshift-docs.git
synced 2026-02-05 12:46:18 +01:00
87 lines
5.0 KiB
Plaintext
87 lines
5.0 KiB
Plaintext
:_mod-docs-content-type: ASSEMBLY
|
|
[id="rosa-hcp-creating-cluster-with-aws-kms-key"]
|
|
= Creating ROSA with HCP clusters using a custom AWS KMS encryption key
|
|
include::_attributes/attributes-openshift-dedicated.adoc[]
|
|
:context: rosa-hcp-creating-cluster-with-aws-kms-key
|
|
|
|
toc::[]
|
|
|
|
Create a {product-title} (ROSA) with a {hcp} (HCP) cluster using a custom AWS Key Management Service (KMS) key.
|
|
|
|
//include::modules/rosa-sts-creating-a-cluster-quickly-ocm.adoc[leveloffset=+1]
|
|
//include::modules/rosa-sts-associating-your-aws-account.adoc[leveloffset=+2]
|
|
|
|
[id="rosa-hcp-creating-cluster-with-aws-kms-key-prereqs"]
|
|
== {hcp-title} Prerequisites
|
|
|
|
To create a {hcp-title} cluster, you must have the following items:
|
|
|
|
* A configured virtual private cloud (VPC)
|
|
* Account-wide roles
|
|
* An OIDC configuration
|
|
* Operator roles
|
|
|
|
[id="rosa-hcp-creating-cluster-with-aws-kms-key-creating-vpc"]
|
|
=== Creating a Virtual Private Cloud for your {hcp-title} clusters
|
|
|
|
You must have a Virtual Private Cloud (VPC) to create {hcp-title} cluster. You can use the following methods to create a VPC:
|
|
|
|
* Create a VPC by using a Terraform template
|
|
* Manually create the VPC resources in the AWS console
|
|
|
|
[NOTE]
|
|
====
|
|
The Terraform instructions are for testing and demonstration purposes. Your own installation requires some modifications to the VPC for your own use. You should also ensure that when you use this Terraform script it is in the same region that you intend to install your cluster. In these examples, use `us-east-2`.
|
|
====
|
|
|
|
include::snippets/imp-rosa-hcp-no-shared-vpc-support.adoc[leveloffset=+0]
|
|
|
|
[discrete]
|
|
include::modules/rosa-hcp-vpc-terraform.adoc[leveloffset=+3]
|
|
|
|
[role="_additional-resources"]
|
|
.Additional resources
|
|
|
|
* See the link:https://github.com/openshift-cs/terraform-vpc-example[Terraform VPC] repository for a detailed list of all options available when customizing the VPC for your needs.
|
|
|
|
[discrete]
|
|
include::modules/rosa-hcp-vpc-manual.adoc[leveloffset=+3]
|
|
|
|
[role="_additional-resources"]
|
|
.Additional resources
|
|
|
|
* link:https://docs.aws.amazon.com/vpc/latest/userguide/vpc-getting-started.html[Get Started with Amazon VPC]
|
|
* link:https://developer.hashicorp.com/terraform[HashiCorp Terraform documentation]
|
|
|
|
include::modules/rosa-hcp-creating-account-wide-sts-roles-and-policies.adoc[leveloffset=+2]
|
|
|
|
include::modules/rosa-sts-byo-oidc.adoc[leveloffset=+2]
|
|
|
|
include::modules/rosa-operator-config.adoc[leveloffset=+2]
|
|
|
|
include::modules/creating-cluster-with-aws-kms-key.adoc[leveloffset=+2]
|
|
|
|
[role="_additional-resources"]
|
|
[id="additional-resources_rosa-hcp-operator-prefix"]
|
|
|
|
ifndef::openshift-rosa-hcp[]
|
|
[id="next-steps-2_{context}"]
|
|
== Next steps
|
|
|
|
* xref:../rosa_install_access_delete_clusters/rosa-sts-accessing-cluster.adoc#rosa-sts-accessing-cluster[Accessing a ROSA cluster]
|
|
|
|
[role="_additional-resources"]
|
|
[id="additional-resources_rosa-hcp-creating-cluster-with-aws-kms-key"]
|
|
== Additional resources
|
|
|
|
* For information on using the CLI to create a cluster, see xref:../rosa_hcp/rosa-hcp-sts-creating-a-cluster-quickly.adoc#rosa-hcp-sts-creating-a-cluster-cli_rosa-hcp-sts-creating-a-cluster-quickly[Creating a ROSA with HCP cluster using the CLI].
|
|
* For steps to deploy a ROSA cluster using manual mode, see xref:../rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-with-customizations.adoc#rosa-sts-creating-cluster-using-customizations_rosa-sts-creating-a-cluster-with-customizations[Creating a cluster using customizations].
|
|
* For more information about the AWS Identity Access Management (IAM) resources required to deploy {product-title} with STS, see xref:../rosa_architecture/rosa-sts-about-iam-resources.adoc#rosa-sts-about-iam-resources[About IAM resources for clusters that use STS].
|
|
* For details about optionally setting an Operator role name prefix, see xref:../rosa_architecture/rosa-sts-about-iam-resources.adoc#rosa-sts-about-operator-role-prefixes_rosa-sts-about-iam-resources[About custom Operator IAM role prefixes].
|
|
* For information about the prerequisites to installing ROSA with STS, see xref:../rosa_planning/rosa-sts-aws-prereqs.adoc#rosa-sts-aws-prereqs[AWS prerequisites for ROSA with STS].
|
|
* For details about using the `auto` and `manual` modes to create the required STS resources, see xref:../rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-with-customizations.adoc#rosa-understanding-deployment-modes_rosa-sts-creating-a-cluster-with-customizations[Understanding the auto and manual deployment modes].
|
|
* For more information about using OpenID Connect (OIDC) identity providers in AWS IAM, see link:https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_oidc.html[Creating OpenID Connect (OIDC) identity providers].
|
|
* For more information about troubleshooting ROSA cluster installations, see xref:../support/troubleshooting/rosa-troubleshooting-installations.adoc#rosa-troubleshooting-installations[Troubleshooting installations].
|
|
* For steps to contact Red{nbsp}Hat Support for assistance, see xref:../support/getting-support.adoc#getting-support[Getting support for Red{nbsp}Hat OpenShift Service on AWS].
|
|
endif::openshift-rosa-hcp[]
|