openshift/openshift-docs
1
0
Fork 0
mirror of https://github.com/openshift/openshift-docs.git synced 2026-02-05 12:46:18 +01:00
Code Issues Releases Activity
Files
383e512d882950ab849cbdaed6f29b7f6b328797
openshift-docs/rosa_hcp/rosa-hcp-sts-creating-a-cluster-quickly.adoc
EricPonvelle 383e512d88 OSDOCS-14486: Pruning 'Prepare Your Environment' book
2025-08-27 22:03:56 +00:00

139 lines
7.0 KiB
Plaintext
Raw Blame History

:_mod-docs-content-type: ASSEMBLY
include::_attributes/attributes-openshift-dedicated.adoc[]
:context: rosa-hcp-sts-creating-a-cluster-quickly
[id="rosa-hcp-sts-creating-a-cluster-quickly"]
= Creating {product-title} clusters using the default options
toc::[]
{product-title} offers a more efficient and reliable architecture for creating {product-title} clusters. With {product-title}, each cluster has a dedicated control plane that is isolated in the ROSA service AWS account.
Create a {product-title} cluster quickly by using the default options and automatic AWS Identity and Access Management (IAM) resource creation. You can deploy your cluster by using the ROSA CLI (`rosa`).
[IMPORTANT]
====
Since it is not possible to upgrade or convert existing {rosa-classic-title} clusters to hosted control plane architecture, you must create a new cluster to use {product-title} functionality.
====
[NOTE]
====
{product-title} clusters only support AWS IAM Security Token Service (STS) authentication.
====
[discrete]
[id="hcp-considerations_{context}"]
=== Considerations regarding auto creation mode
The procedures in this document use the `auto` mode in the ROSA CLI to immediately create the required IAM resources using the current AWS account. The required resources include the account-wide IAM roles and policies, cluster-specific Operator roles and policies, and OpenID Connect (OIDC) identity provider.
Alternatively, you can use `manual` mode, which outputs the `aws` commands needed to create the IAM resources instead of deploying them automatically.
[id="next-steps-hcp_{context}"]
.Next steps
include::modules/rosa-sts-overview-of-the-default-cluster-specifications.adoc[leveloffset=+1]
//TODO OSDOCS-11789: Move these out of the deployment doc and into the prepare doc? Keep in both locations?
[id="rosa-hcp-prereqs"]
== {product-title} Prerequisites
To create a {product-title} cluster, you must have the following items:
* A configured virtual private cloud (VPC)
* Account-wide roles
* An OIDC configuration
* Operator roles
[id="rosa-hcp-creating-vpc"]
=== Creating a Virtual Private Cloud for your {product-title} clusters
You must have a Virtual Private Cloud (VPC) to create {product-title} cluster. You can use the following methods to create a VPC:
* Create a VPC using the ROSA CLI
* Create a VPC by using a Terraform template
* Manually create the VPC resources in the AWS console
[NOTE]
====
The Terraform instructions are for testing and demonstration purposes. Your own installation requires some modifications to the VPC for your own use. You should also ensure that when you use this Terraform configuration, it is in the same region that you intend to install your cluster. In these examples, `us-east-2` is used.
====
[discrete]
include::modules/rosa-hcp-create-network.adoc[leveloffset=+3]
[role="_additional-resources"]
[id="additional-resources_rosa-hcp-create-network"]
.Additional resources
* link:https://aws.amazon.com/cloudformation/[AWS CloudFormation documentation]
* link:https://github.com/openshift/rosa/blob/master/cmd/create/network/templates/rosa-quickstart-default-vpc/cloudformation.yaml[Default VPC AWS CloudFormation template]
[discrete]
include::modules/rosa-hcp-vpc-terraform.adoc[leveloffset=+3]
[role="_additional-resources"]
[id="additional-resources_rosa-hcp-vpc-terraform"]
.Additional resources
* link:https://github.com/openshift-cs/terraform-vpc-example[Terraform VPC repository]
[discrete]
include::modules/rosa-hcp-vpc-manual.adoc[leveloffset=+2]
include::snippets/vpc-troubleshooting.adoc[leveloffset=+2]
[discrete]
include::modules/rosa-hcp-vpc-subnet-tagging.adoc[leveloffset=+3]
[role="_additional-resources"]
[id="additional-resources_rosa-hcp-vpc-aws"]
.Additional resources
* link:https://docs.aws.amazon.com/vpc/latest/userguide/vpc-getting-started.html[Get Started with Amazon VPC]
* link:https://developer.hashicorp.com/terraform[HashiCorp Terraform documentation]
* link:https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.2/deploy/subnet_discovery/[Subnet Auto Discovery]
include::modules/rosa-hcp-creating-account-wide-sts-roles-and-policies.adoc[leveloffset=+2]
include::modules/rosa-sts-byo-oidc.adoc[leveloffset=+2]
include::modules/rosa-operator-config.adoc[leveloffset=+2]
ifndef::openshift-rosa,openshift-rosa-hcp[]
[role="_additional-resources"]
[id="additional-resources_rosa-hcp-operator-prefix"]
.Additional resources
* See xref:../rosa_architecture/rosa-sts-about-iam-resources.adoc#rosa-sts-about-operator-role-prefixes_rosa-sts-about-iam-resources[About custom Operator IAM role prefixes] for information on the Operator prefixes.
endif::openshift-rosa,openshift-rosa-hcp[]
include::modules/rosa-hcp-sts-creating-a-cluster-cli.adoc[leveloffset=+1]
ifndef::openshift-rosa,openshift-rosa-hcp[]
[id="next-steps-2_{context}"]
== Next steps
* xref:../rosa_install_access_delete_clusters/rosa-sts-accessing-cluster.adoc#rosa-sts-accessing-cluster[Accessing a ROSA cluster]
* xref:../rosa_cluster_admin/rosa-cluster-notifications.adoc#add-notification-contact_rosa-cluster-notifications[Adding notification contacts]
endif::openshift-rosa,openshift-rosa-hcp[]
[role="_additional-resources"]
[id="additional-resources_rosa-sts-creating-a-cluster-quickly"]
== Additional resources
ifndef::openshift-rosa,openshift-rosa-hcp[]
* xref:../rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-with-customizations.adoc#rosa-sts-creating-cluster-using-customizations_rosa-sts-creating-a-cluster-with-customizations[Creating a cluster using customizations]
* xref:../rosa_architecture/rosa-sts-about-iam-resources.adoc#rosa-sts-about-iam-resources[About IAM resources for clusters that use STS]
* xref:../rosa_install_access_delete_clusters/rosa_getting_started_iam/rosa-aws-prereqs.adoc#rosa-security-groups_prerequisites[Additional custom security groups]
* xref:../rosa_architecture/rosa-sts-about-iam-resources.adoc#rosa-sts-about-operator-role-prefixes_rosa-sts-about-iam-resources[About custom Operator IAM role prefixes]
* xref:../rosa_planning/rosa-hcp-aws-prereqs.adoc#rosa-hcp-aws-prereqs[AWS prerequisites for ROSA with STS]
endif::openshift-rosa,openshift-rosa-hcp[]
// This link needs to be hidden until HCP migration is published
// * xref:../rosa_planning/rosa-sts-aws-prereqs.adoc#rosa-sts-aws-prereqs[AWS prerequisites for ROSA with STS]
ifndef::openshift-rosa,openshift-rosa-hcp[]
* xref:../rosa_planning/rosa-sts-aws-prereqs.adoc#rosa-sts-aws-prereqs[AWS prerequisites for ROSA with STS]
* xref:../rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-with-customizations.adoc#rosa-understanding-deployment-modes_rosa-sts-creating-a-cluster-with-customizations[Understanding the auto and manual deployment modes]
* link:https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_providers_create_oidc.html[Creating OpenID Connect (OIDC) identity providers]
* xref:../support/troubleshooting/rosa-troubleshooting-installations-hcp.adoc#rosa-troubleshooting-installations-hcp[Troubleshooting {product-title} installations]
* xref:../support/getting-support.adoc#getting-support[Getting support for Red{nbsp}Hat OpenShift Service on AWS]
View Git Blame Copy Permalink