Are private STS ROSA clusters supported?
Environment
- Red Hat OpenShift Service on AWS (ROSA)
- AWS security token service (STS)
Issue
- Is it supported to install private ROSA clusters in STS?
- After installing a private STS ROSA cluster, the API and the
appsare accessible from internet.
Resolution
Private ROSA clusters cannot be used with AWS security token service (STS).
It's possible to create ROSA clusters with AWS PrivateLink and STS instead.
The supported options for ROSA clusters are:
- For STS: Public cluster or PrivateLink cluster.
- For IAM: Public cluster, private cluster or PrivateLink cluster.
Root Cause
Only public and AWS PrivateLink ROSA clusters are supported with STS. Regular private clusters (non-PrivateLink) are not available for use with STS.
Refer to Configuring a private cluster and Creating a ROSA cluster with STS using customizations for additional information.
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Comments