Hosted Control Planes
In this section we will deploy a ROSA cluster using Hosted Control Planes (HCP).
In short, with ROSA HCP you can decouple the control plane from the data plane (workers). This is a new deployment model for ROSA in which the control plane is hosted in a Red Hat owned AWS account. Therefore the control plane is no longer hosted in your AWS account thus reducing your AWS infrastructure expenses. The control plane is dedicated to a single cluster and is highly available. See the documentation for more about Hosted Control Planes.
Important
As of this writing Hosted Control Planes (HCP) is currently a Technology Preview feature only. Technology Preview features are not supported with Red Hat production service level agreements (SLAs) and might not be functionally complete.
Prerequisites#
ROSA HCP requires two things to be created before deploying the cluster:
- VPC - This is a "bring-your-own VPC" model (also referred to as BYO-VPC)
- OIDC configuration (and an OIDC provider with that specific configuration)
Let's create those first.
VPC#
-
Before creating your VPC ensure that your
awscli is configured to use a region where ROSA w/HCP is available. To find out which regions are supported run: -
Create the VPC. For this workshop, there is a script provided that will create the VPC and its required components for you. It will use the region configured for the
awscli.Please feel free to read it first, or live on the edge and just run it.
curl https://raw.githubusercontent.com/openshift-cs/rosaworkshop/master/rosa-workshop/rosa/resources/setup-vpc.sh | bashSee the documentation for more about VPC requirements.
-
There are two commands that are outputted from the script. Set those as environment variables to make running the create cluster command easier. Copy them from the output and run them.
-
Confirm that the environment variables are, in fact, set.
Sample Output:
OIDC Configuration#
To create the OIDC configuration to be used in this workshop, run the following command. We are opting for the automatic mode as this is simpler for the workshop purposes as well as for it to be Red Hat managed. We are also going to store the OIDC ID to an environment variable for later use. Notice that the following command uses the ROSA CLI to create your cluster’s unique OIDC configuration.
Helper environment variables#
Let's set up some environment variables so that it will be easier to run the command for creating the ROSA HCP cluster.
Create the cluster#
If this is the first time you are deploying ROSA in this account and have not yet created the account roles, then create the account-wide roles and policies, including Operator policies. Since ROSA makes use of AWS Security Token Service (STS), this step creates the AWS IAM roles and policies that are needed for ROSA to interact within your account.
-
Run the following command to create the account-wide roles:
-
Run the following command to create the cluster:
rosa create cluster --cluster-name $CLUSTER_NAME \ --subnet-ids ${PUBLIC_SUBNET_ID},${PRIVATE_SUBNET_ID} \ --hosted-cp \ --region $REGION \ --oidc-config-id $OIDC_ID \ --sts --mode auto --yesIn about 10 minutes the control plane and API will be up, and about 5-10 minutes after, the worker nodes will be up and the cluster will be completely usable. This cluster will have a control plane across three AWS availability zones in your selected region, in a Red Hat AWS account and will also create 2 worker nodes in your AWS account.
Check installation status#
-
You can run the following command to check the detailed status of the cluster:
or you can run the following for an abridged view of the status:
Lastly, you can also watch the logs as it progresses:
-
Once the state changes to “ready” your cluster is now installed. It may take a few more minutes for the worker nodes to come online.