Creating a cluster

OpenShift Dedicated 4

Learn to create your OpenShift Dedicated cluster

Red Hat OpenShift Documentation Team

Abstract

After you have an OpenShift Dedicated subscription, you can access your services and create your cluster.

Chapter 1. Creating your cluster

After you have an OpenShift Dedicated subscription, you can access your services and create your cluster.

1.1. Understanding your cluster cloud options

OpenShift Dedicated offers OpenShift Container Platform clusters as a managed service on Amazon Web Services (AWS) or Google Cloud Platform (GCP). You can purchase a standard cluster through Red Hat. Alternatively, you can use your existing cloud account through the Customer Cloud Subscription (CCS) model to leverage discounts.

1.1.1. Standard clusters

Standard OpenShift Dedicated clusters are deployed into their own AWS or GCP infrastructure accounts, each owned by Red Hat. Red Hat is responsible for the account, and the cloud infrastructure costs are paid directly by Red Hat. The customer only pays the Red Hat subscription costs.

1.1.2. Customer Cloud Subscription (CCS)

The Customer Cloud Subscription (CCS) model enables Red Hat to deploy and manage OpenShift Dedicated clusters in an existing AWS or GCP account owned by the customer. Red Hat requires several prerequisites be met in order to provide this service, and this service is supported by Red Hat Site Reliability Engineers (SRE).

In the CCS model, the customer pays the cloud infrastructure provider directly for cloud costs, and the cloud infrastructure account is part of a customer’s organization, with specific access granted to Red Hat. In this model, the customer pays Red Hat for the CCS subscription and pays the cloud provider for the cloud costs.

1.2. Creating a cluster on AWS

You can create an OpenShift Dedicated cluster on Amazon Web Services (AWS) using a standard cloud account owned by Red Hat or with your own cloud account using the Customer Cloud Subscription (CCS) model.

Using the CCS model to deploy and manage OpenShift Dedicated into your AWS account requires several prerequisites to be met.

Prerequisites

  • Your AWS account is configured for use with OpenShift Dedicated.
  • No services are deployed in your AWS account.
  • The necessary quotas and limits needed to support the desired cluster size are available in your AWS account.
  • An IAM user called osdCcsAdmin exists with the AdministratorAccess policy attached.
  • An Organization Service Control Policy (SCP) is set up.
  • It is recommended that you have at least Business Support from AWS.

Procedure

  1. Log in to OpenShift Cluster Manager (OCM).
  2. Click Create ClusterRed Hat OpenShift DedicatedCreate Cluster.
  3. Select AWS as your infrastructure provider.
  4. Select your billing model.

    • Standard is selected by default.
    • If you select the Customer cloud subscription model, an informational dialogue window will open. Review the prerequisites for installing an AWS CCS cluster and click Close. You must provide the following AWS account details before continuing with your cluster creation:

      1. Enter your AWS account ID.
      2. Enter your AWS access key ID and AWS secret access key to input your AWS IAM user credentials.

        Note

        Revoking these credentials in AWS will result in a loss of access to any cluster created with these credentials.

      3. Optional: You can select Bypass AWS Service Control Policy (SCP) checks. Some AWS SCPs will cause the installation to fail, even if the credentials have the correct permissions. Disabling SCP checks allows installation to proceed. The SCP will still be enforced even if the checks are bypassed.
  5. Enter your Cluster name.
  6. Select a Region and choose either a Single zone or Multizone availability.
  7. Select your Compute node instance type and the Compute node count (per zone). After your cluster is created, you can change the number of compute nodes in your cluster, but you can not change the worker node instance type. The number and types of nodes available to you depend on your OpenShift Dedicated subscription.
  8. Optional: Expand Edit node labels to add labels to your nodes. Click Add label to add more node labels.
  9. If you are creating a standard OpenShift Dedicated cluster, select the amount of Persistent storage and Load balancers you want to set on the deployed cluster. You can also accept the provided defaults.
  10. Select your preferred network configuration.

    • Basic is selected by default. This setting creates a new VPC for your cluster using the default values.
    • Select Advanced if you want to install into an existing VPC (CCS clusters only), configure your networking IP ranges, or set your cluster privacy.

      1. Enter the Availability zone, Private subnet ID, and the Public subnet ID to install into an existing VPC.
      2. Enter the desired values to configure your network IP ranges or enter the following defaults:

        1. Node CIDR: 10.0.0.0/16
        2. Service CIDR: 172.30.0.0/16
        3. Pod CIDR: 10.128.0.0/14
        4. Host Prefix: /23
      3. Select your preferred cluster privacy. Private is selected by default.
    Important

    CIDR configurations cannot be changed later. Confirm your selections with your network administrator before proceeding.

    If the cluster privacy is set to Private, you will not be able to access your cluster until you configure private connections in your cloud provider.

  11. Select your cluster update method.

    • Manual is selected by default. With this option, you are responsible for updating your cluster. If your cluster version falls too far behind, it will be automatically updated.
    • Select Automatic if you want your cluster to be automatically upgraded when new versions are available. If you opt for automatic upgrades, you must specify the preferred day of the week and the time (UTC) for the upgrade to start.

      Warning

      High and Critical security concerns (CVEs) will be patched automatically within 48 hours, regardless of your chosen update strategy.

  12. Optional: You can set a grace period for Node Draining during cluster upgrades. A 1 hour grace period is set by default.
  13. Click Create cluster. The cluster creation process begins and takes about 30-40 minutes to complete.

Verification

  • The Installing cluster heading, under the Overview tab, indicates that the cluster is installing and you can view the installation logs from this heading. The Status indicator under the Details heading indicates when your cluster is Ready for use.

1.3. Creating a cluster on GCP

You can create an OpenShift Dedicated cluster on Google Cloud Platform (GCP) using a standard cloud account owned by Red Hat or with your own cloud account using the Customer Cloud Subscription (CCS) model.

Using the CCS model to deploy and manage OpenShift Dedicated into your GCP account requires several prerequisites to be met.

Prerequisites

  • Your GCP account has been configured for use with OpenShift Dedicated.
  • The necessary resource quotas and limits needed to support the desired cluster size are available in your GCP account.
  • A GCP project has already been created.

    Note

    The project name must be 10 characters or less.

  • An IAM service account in GCP called osd-ccs-admin with the following roles attached:

    • DNS Administrator
    • Organization Policy Viewer Owner
    • Project IAM Admin
    • Service Management Administrator
    • Service Usage Admin
    • Storage Admin
  • A key has been created for your GCP service account and exported to a file named osServiceAccount.json.
  • It is recommended that you have at least Production Support from GCP.
  • To prevent potential conflicts, it is recommended that no other resources are provisioned in the project prior to provisioning OpenShift Dedicated.

Procedure

  1. Log in to OpenShift Cluster Manager (OCM).
  2. Click Create ClusterRed Hat OpenShift DedicatedCreate cluster.
  3. Select Google Cloud as your infrastructure provider.
  4. Select your billing model.

    • Standard is selected by default.
    • If you select the Customer cloud subscription model, an informational dialogue window will open. Review the prerequisites for installing a GCP CCS cluster and click Close. You must provide your GCP service account information with a JSON file. Click Browse to locate and attach the Service account JSON file to your cluster.
  5. Enter your Cluster name.
  6. Select a Region and choose either a Single zone or Multizone availability.
  7. Select your Compute node instance type and the Compute node count (per zone). After your cluster is created, you can change the number of compute nodes in your cluster, but you can not change the worker node instance type. The number and types of nodes available to you depend on your OpenShift Dedicated subscription.
  8. Optional: Expand Edit node labels to add labels to your nodes. Click Add label to add more node labels.
  9. If you are creating a standard OpenShift Dedicated cluster, select the amount of Persistent storage and Load balancers you want to set on the deployed cluster. You can also accept the provided defaults.
  10. Select your preferred network configuration.

    • Basic is selected by default. This setting creates a new VPC for your cluster using the default values.
    • Select Advanced if you want to configure your networking IP ranges or set your cluster privacy.

      1. Enter the desired values to configure your network IP ranges or enter the following defaults:

        1. Node CIDR: 10.0.0.0/16
        2. Service CIDR: 172.30.0.0/16
        3. Pod CIDR: 10.128.0.0/14
        4. Host Prefix: /23
      2. If you are creating a CCS OpenShift Dedicated cluster, you can enable private clusters. This option is not available for standard clusters. Select your preferred cluster privacy. Private is selected by default.
    Important

    CIDR configurations cannot be changed later. Confirm your selections with your network administrator before proceeding.

    If the cluster privacy is set to Private, you will not be able to access your cluster until you configure private connections in your cloud provider.

  11. Select your cluster update method.

    • Manual is selected by default. With this option, you are responsible for updating your cluster. If your cluster version falls too far behind, it will be automatically updated.
    • Select Automatic if you want your cluster to be automatically upgraded when new versions are available. If you opt for automatic upgrades, you must specify the preferred day of the week and the time (UTC) for the upgrade to start.
    Warning

    High and Critical security concerns (CVEs) are patched automatically within 48 hours, regardless of your chosen update strategy.

  12. Optional: You can set a grace period for Node Draining during cluster upgrades. A 1 hour grace period is set by default.
  13. Click Create cluster. The cluster creation process begins and takes about 30-40 minutes to complete.

Verification

  • The Installing cluster heading, under the Overview tab, indicates that the cluster is installing and you can view the installation logs from this heading. The Status indicator under the Details heading indicates when your cluster is Ready for use.

Legal Notice

Copyright © 2021 Red Hat, Inc.
The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, Red Hat Enterprise Linux, the Shadowman logo, the Red Hat logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
Linux® is the registered trademark of Linus Torvalds in the United States and other countries.
Java® is a registered trademark of Oracle and/or its affiliates.
XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.
MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other countries.
Node.js® is an official trademark of Joyent. Red Hat is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.
The OpenStack® Word Mark and OpenStack logo are either registered trademarks/service marks or trademarks/service marks of the OpenStack Foundation, in the United States and other countries and are used with the OpenStack Foundation's permission. We are not affiliated with, endorsed or sponsored by the OpenStack Foundation, or the OpenStack community.
All other trademarks are the property of their respective owners.