Using the ROSA CLI to create an AWS VPC for ROSA HCP: the rosa create network command
Table of Contents
The rosa create network command is available in v.1.2.48 or later of the ROSA CLI. This command uses AWS CloudFormation to create a VPC and other networking components used to install a ROSA HCP cluster. CloudFormation is a native AWS infrastructure-as-code tool, compatible with the AWS CLI.
By default, a quickstart template is provided, however custom CloudFormation templates can also be used with the command.
For more information, please refer to the official documentation.
NOTE: This article follows the same sequence of steps for creating a ROSA cluster as in the ROSA documentation, with the added step of preparing the AWS VPC in advance.
How to use the default CloudFormation template to create a ROSA cluster
Step 1. Prerequisites
This article assumes you've already configured your AWS and Red Hat accounts, and that you are able to use the ROSA CLI.
For more information on preparing your environment to create a ROSA cluster, see the AWS User Guide.
A default template is provided for users that want to quickly create a ROSA HCP cluster from scratch. You can view the full template here.
If you need to customize this template or use your own custom template, please see the appropriate section below.
Step 2. Create an AWS VPC using the default template
Use the following command to create an AWS VPC using the default CloudFormations template:
rosa create network
To see a list of parameters available in the default template you can run:
rosa create network --help
If you want to modify a parameter, you can specify --param Param1=Value1 --param Param2=Value2 and so on. For example, if you wanted to modify the Region, Name, AvailabilityZoneCount, and VpcCidr parameters, you could run:
rosa create network --param Region=us-west-2 --param Name=quickstart-stack --param AvailabilityZoneCount=1 --param VpcCidr=10.0.0.0/16
The full list of parameters available in the default template:
Parameters:
AvailabilityZoneCount:
Type: Number
Description: "Number of Availability Zones to use"
Default: 1
MinValue: 1
MaxValue: 3
Region:
Type: String
Description: "AWS Region"
Default: "us-west-2"
Name:
Type: String
Description: "Name prefix for resources"
VpcCidr:
Type: String
Description: CIDR block for the VPC
Default: '10.0.0.0/16'
The command will take about 5 minutes to run, providing regular status updates from AWS as resources are created. If there is an issue with CloudFormation, a rollback will be attempted. If any other issues are encountered, please follow the error message instructions or contact AWS support.
Make note of the subnet ids created as a result of this command as you'll need them when creating the cluster. Replace $SUBNET_IDS in the rosa cluster create command below with these values in a comma-separated list, for example:
subnet-0a6a57e0f784171aa,subnet-078e84e5b10ecf5b0
Finally, if you would like to delete the Cloudformation stack that was created, you can simply run the following command:
aws cloudformation delete-stack --stack-name [Name]
Step 3: Create an oidc-provider
rosa create oidc-provider --mode=auto --yes
Make note of the oidc-provider id that is created. Replace $OIDC_ID in the rosa create cluster command below with that oidc-provider id.
Next, make sure you have run the rosa create operator-roles command as specified when creating the oidc-provider, as in the below example:
? Would you like to create a Managed (Red Hat hosted) OIDC Configuration Yes
I: Setting up managed OIDC configuration
I: To create Operator Roles for this OIDC Configuration, run the following command and remember to replace <user-defined> with a prefix of your choice:
rosa create operator-roles --prefix <user-defined> --oidc-config-id 13cdr6b
If you are going to create a Hosted Control Plane cluster please include '--hosted-cp'
I: Creating OIDC provider using 'arn:aws:iam::4540112244:user/userName'
? Create the OIDC provider? Yes
I: Created OIDC provider with ARN 'arn:aws:iam::4540112244:oidc-provider/dvbwgdztaeq9o.cloudfront.net/13cdr6b'
So in the above example, you'd want to run the following command:
rosa create operator-roles --hosted-cp --oidc-config-id 13cdr6b
Now that the VPC and roles are configured, you're ready to install a ROSA cluster.
Step 4: Create the ROSA Cluster
Make sure you have the $SUBNET_IDS and $OIDC_ID from steps 2 and 3 above. Then run the following command:
rosa create cluster --cluster-name=<cluster_name> --mode=auto --hosted-cp --oidc-config-id=$OIDC_ID --subnet-ids=$SUBNET_IDS
This will install ROSA using the VPC you created in step 2.
Alternatively, you can create the ROSA cluster using web console UI at https://console.redhat.com/openshift/create/rosa/wizard. Before using the wizard, you must have the proper OCM role and User role created and linked to your ARN.
How to configure and use custom CloudFormation templates
You can use a custom CloudFormation template by specifying a new directory with --template-dir, and then specifying a template name when you call rosa create network. You can also simply use the aws cloudformations command directly when using custom CloudFormation templates.
For example, if I have a CloudFormation template stored locally at /rosa/templates/customtemplatename/cloudformation.yaml, I can run the following command:
rosa create network customtemplatename --template-dir='/rosa/templates'
The default directory is /cmd/create/network/templates/rosa/.
Note: As with any VPC used for ROSA w/ HCP, the VPC created by this method is not managed by ROSA and ROSA is not aware of its dependency on this VPC. If you manipulate the VPC while a ROSA cluster is running within it, you could introduce risk to the cluster.
Comments