Red Hat OpenShift Service on AWS (ROSA) — getting started, an unofficial cheat sheet ..

Mani
5 min readApr 2, 2021

--

ROSA is a fully managed OpenShift service with joint support from AWS and Red Hat. It became generally available on 24th March 2021 — https://aws.amazon.com/blogs/aws/red-hat-openshift-service-on-aws-now-generally-availably/

Note: I am a newbie to OpenShift/ROSA, these are the steps that enabled me to get a cluster running on ROSA. If you are an expert on OpenShift, these instructions can look underwhelming ;-)

The objective of this unofficial guide is for newbies to OpenShift like me, to create an ROSA cluster, checkout some of the tools available with ROSA/OpenShift— CLI/Console, deploy a sample Kubernetes service with a simple AWS integration like a AWS LoadBalancer to this Kubernetes service.

Official resources:

Please refer to the following documentation for more details:

  1. AWS ROSA home page — https://aws.amazon.com/rosa/
  2. Documentation — https://access.redhat.com/documentation/en-us/red_hat_openshift_service_on_aws/4/html/setting_up_clusters_and_accounts/rosa-quickstart
  3. https://developers.redhat.com/products/openshift/getting-started
  4. https://access.redhat.com/documentation/en-us/red_hat_openshift_service_on_aws/4/pdf/setting_up_clusters_and_accounts/Red_Hat_OpenShift_Service_on_AWS-4-Setting_up_clusters_and_accounts-en-US.pdf
  5. Hands-on demo of ROSA on YouTube from Red Hat — https://www.youtube.com/watch?v=MFcbuxkP3C4

Instructions

Step 1:

Please make sure that the AWS credentials are set before hand (using aws CLI and aws configure ) and that they have the right AWS IAM policies attached to them as per https://docs.openshift.com/rosa/rosa_getting_started/rosa-aws-prereqs.html

Step 2

Step 3

Create a Red hat account at https://cloud.redhat.com/openshift/token/rosa using your email id and other details ..

rosa verify permissionsrosa login (or if you have already logged in, do rosa logout and rosa login)rosa whoami (should display the AWS account details ..)rosa init (I had some issues related to some older failed installations, and hence I first did a rosa init --delete-stack to delete the old stack)

Step 4

Create a cluster called manirosa1 [note there is limitation of 15 characters for the cluster name].

The command used below creates a cluster with default settings, make sure you read the documentation at https://docs.openshift.com/rosa/rosa_getting_started/rosa-creating-cluster.html for a production ready cluster. The cluster creation should take upwards of 40+ minutes ..

$ rosa create cluster --cluster-name=manirosa1I: Creating cluster ‘manirosa1’
I: To view a list of clusters and their status, run ‘rosa list clusters’
I: Cluster ‘manirosa1’ has been created.
I: Once the cluster is installed you will need to add an Identity Provider before you can login into the cluster. See ‘rosa create idp — help’ for more information.
I: To determine when your cluster is Ready, run ‘rosa describe cluster -c manirosa1’.
I: To watch your cluster installation logs, run ‘rosa logs install -c manirosa1 — watch’.
Name: manirosa1
ID: xxxx
External ID:
OpenShift Version:
Channel Group: stable
DNS: manirosa1.xxx.p1.openshiftapps.com
AWS Account: xxxxxxx6
API URL:
Console URL:
Region: us-west-2
Multi-AZ: false
Nodes:
- Master: 3
- Infra: 2
- Compute: 2 (m5.xlarge)
Network:
- Service CIDR: 172.30.0.0/16
- Machine CIDR: 10.0.0.0/16
- Pod CIDR: 10.128.0.0/14
- Host Prefix: /23
State: pending (Preparing account)
Private: No
Created: Mar 28 2021 14:59:55 UTC
Details Page: https://cloud.redhat.com/openshift/details/1jn4nprrf1xxxxxxxxx

Other useful commands

rosa list clusters
rosa describe cluster -c manirosa1
rosa logs install -c manirosa1 --watch

Step 5

Once the cluster is created, login to the Red Hat OpenShift console .. using your Red Hat credentials that you had created earlier in Step 3 — https://cloud.redhat.com/openshift/

OpenShift Cluster Manager

Also note, that ROSA seems to create a bunch of IAM users, around 13 users in my case, some with the <clustername>prefix and three users with osd* prefix.

Create an admin user:

rosa create admin -c manirosa1 [the user name and password will be displayed on the CLI window]

Note: Please note that there is an important section on integrating an identity provider with OpenShift, which should be done in the real world — https://docs.openshift.com/rosa/rosa_getting_started/rosa-config-identity-providers.html

Download the OpenShift client, oc CLI and add it to your path. oc is similar to kubectl, that we use with Kubernetes services like Amazon EKS.

rosa download oc

Login to the cluster using oc [you will have connectivity issues, if you have your vpn connected]

oc login https://api.xx.xx.p1.openshiftapps.com:6443 --username cluster-admin --password xxxxx

Get the URL to the OpenShift console — something like https://console-openshift-console.apps.manirosa1.xxx.p1.openshiftapps.com

rosa describe cluster –c manirosa1

Login to the OpenShift console with the username, you had previously used for login.

OpenShift console

Step 6

Time to deploy a sample app. I used the sample app in our Amazon EKS documentation at https://docs.aws.amazon.com/eks/latest/userguide/load-balancing.html — the nginx image is being pulled from the Amazon ECR public repository and a AWS Classic ELB will be provisioned ..

nginx-service.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
name: sample-app
spec:
replicas: 3
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: public.ecr.aws/nginx/nginx:1.19.6
ports:
- name: http
containerPort: 80
--
apiVersion: v1
kind: Service
metadata:
name: sample-service
spec:
ports:
- port: 80
targetPort: 80
protocol: TCP
type: LoadBalancer
selector:
app: nginx

Deploy the service:

oc apply -f nginx-service.yamloc get podsoc get svc sample-service
OpenShift console

Access the Kubernetes service endpoint via the AWS Classic Loadbalancer URL via curl or a browser, and you will get the nginx homepage ..

nginx sample deployment

Note: Don’t forget to clean up after your tests are done — pods, services, the ROSA cluster and other resources that got provisioned on AWS, else you will incur unnecessary charges ..

That’s it, thanks and welcome to the Red Hat OpenShift service on AWS [ROSA] !!

--

--

Mani
Mani

Written by Mani

Principal Solutions Architect at AWS India, and I blog/post about interesting stuff that I am curious about and which is relevant to developers & customers.

No responses yet