openshift-docs/modules/rosa-hcp-sts-creating-a-cluster-egress-lockdown-cli.adoc

// Module included in the following assemblies:
//
// * rosa_hcp/rosa-hcp-egress-zero-install.adoc

:_mod-docs-content-type: PROCEDURE
[id="rosa-hcp-sts-creating-a-cluster-egress-lockdown-cli_{context}"]
= Creating {egress-zero-title} using the CLI

When using the {product-title} (ROSA) command-line interface (CLI), `rosa`, to create a cluster, you can select the default options to create the cluster quickly.

.Prerequisites

* You have completed the AWS prerequisites for {hcp-title}.
* You have available AWS service quotas.
* You have enabled the ROSA service in the AWS Console.
* You have installed and configured the latest ROSA CLI (`rosa`) on your installation host. Run `rosa version` to see your currently installed version of the ROSA CLI. If a newer version is available, the CLI provides a link to download this upgrade.
* You have logged in to your Red{nbsp}Hat account by using the ROSA CLI.
* You have created an OIDC configuration.
* You have verified that the AWS Elastic Load Balancing (ELB) service role exists in your AWS account.

.Procedure

. Use one of the following commands to create your {hcp-title} cluster:
+
[NOTE]
====
When creating a {hcp-title} cluster, the default machine Classless Inter-Domain Routing (CIDR) is `10.0.0.0/16`. If this does not correspond to the CIDR range for your VPC subnets, add `--machine-cidr <address_block>` to the following commands. To learn more about the default CIDR ranges for {product-title}, see the CIDR range definitions.
====
+
* If you did not set environment variables, run the following command:
+
[source,terminal]
----
$ rosa create cluster --cluster-name=<cluster_name> \ <1>
     --mode=auto --hosted-cp [--private] \
     --operator-roles-prefix <operator-role-prefix> \ <2>
     --oidc-config-id <id-of-oidc-configuration> \
     --subnet-ids=<private-subnet-id> --region <region> \
     --machine-cidr 10.0.0.0/16 --service-cidr 172.30.0.0/16 \
     --pod-cidr 10.128.0.0/14 --host-prefix 23 \
     --billing-account <root-acct-id> \ <3>
     --properties zero_egress:true
----
+
--
<1> Specify the name of your cluster. If your cluster name is longer than 15 characters, it will contain an autogenerated domain prefix as a subdomain for your provisioned cluster on openshiftapps.com. To customize the subdomain, use the `--domain-prefix` flag. The domain prefix cannot be longer than 15 characters, must be unique, and cannot be changed after cluster creation.
<2> By default, the cluster-specific Operator role names are prefixed with the cluster name and a random 4-digit hash. You can optionally specify a custom prefix to replace `<cluster_name>-<hash>` in the role names. The prefix is applied when you create the cluster-specific Operator IAM roles. For information about the prefix, see _About custom Operator IAM role prefixes_.
+
[NOTE]
====
If you specified custom ARN paths when you created the associated account-wide roles, the custom path is automatically detected. The custom path is applied to the cluster-specific Operator roles when you create them in a later step.
====
<3> If your billing account is different from your user account, add this argument and specify the AWS account that is responsible for all billing.
--

* If you set the environment variables, create a cluster with {egress-zero} that has a single, initial machine pool, using a privately available API, and a privately available Ingress by running the following command:
+
[source,terminal]
----
$ rosa create cluster --private --cluster-name=$CLUSTER_NAME \
    --mode=auto --hosted-cp --operator-roles-prefix=$OPERATOR_ROLES_PREFIX \
    --oidc-config-id=$OIDC_ID --subnet-ids=$SUBNET_IDS \
    --region $REGION --machine-cidr 10.0.0.0/16 --service-cidr 172.30.0.0/16 \
    --pod-cidr 10.128.0.0/14 --host-prefix 23 \ 
    --private --properties zero_egress:true
----
+
. Check the status of your cluster by running the following command:
+
[source,terminal]
----
$ rosa describe cluster --cluster=<cluster_name>
----
+
The following `State` field changes are listed in the output as cluster installation progresses:
+
* `pending (Preparing account)`
* `installing (DNS setup in progress)`
* `installing`
* `ready`
+
[NOTE]
====
If the installation fails or the `State` field does not change to `ready` after more than 10 minutes, check the installation troubleshooting documentation for details. For more information, see _Troubleshooting installations_. For steps to contact Red{nbsp}Hat Support for assistance, see _Getting support for Red{nbsp}Hat OpenShift Service on AWS_.
====
+
. Track the cluster creation progress by watching the {product-title} installation program logs. To check the logs, run the following command:
+
[source,terminal]
----
$ rosa logs install --cluster=<cluster_name> --watch \ <1>
----
<1> Optional: To watch for new log messages as the installation progresses, use the `--watch` argument.