Skip to content

Instantly share code, notes, and snippets.

@rcarrata

rcarrata/hcp-rosa.md

Last active April 16, 2024 21:14
Show Gist options
  • Save rcarrata/268381649c82fd156953ba610863d0f4 to your computer and use it in GitHub Desktop.
Save rcarrata/268381649c82fd156953ba610863d0f4 to your computer and use it in GitHub Desktop.
Download ZIP
Hosted Control Planes for ROSA HCP
Raw
hcp-rosa.md

HyperShift

  • Set environment variables
CLUSTER_NAME="rosa-hcp-rcs"
PREFIX_NAME="hcp-rcs"
REGION="us-east-1"
VERSION="4.14.9"
USER=rcarrata
  • Retrieve the AWS Installer Role ARN
USER_ARN=$(aws iam get-user --user-name $USER --query 'User.Arn' --output text)
  • Create Networking Infrastructure for HCP
mkdir hypershift-tf
cd hypershift-tf
curl -s -o setup-vpc.tf https://raw.githubusercontent.com/openshift-cs/OpenShift-Troubleshooting-Templates/master/rosa-hcp-terraform/setup-vpc.tf

terraform init
terraform plan -out rosa.plan -var aws_region=$REGION -var cluster_name=$CLUSTER_NAME
terraform apply rosa.plan
  • Grab the Networking Infrastructure subnets
PRIVATE_SUBNET=`terraform output -raw cluster-private-subnet`
PUBLIC_SUBNET=`terraform output -raw cluster-public-subnet`
echo $PRIVATE_SUBNET
echo $PUBLIC_SUBNET
  • Create Account Roles
rosa create account-roles --force-policy-creation --mode auto --prefix $PREFIX_NAME
  • Build Installer, Support and Worker roles to be used afterwards
INSTALLER_ROLE=$(echo $USER_ARN | sed "s/user\/$USER/role\/$PREFIX_NAME-HCP-ROSA-Installer-Role/")
echo $INSTALLER_ROLE
SUPPORT_ROLE=$(echo $USER_ARN | sed "s/user\/$USER/role\/$PREFIX_NAME-HCP-ROSA-Support-Role/")
echo $SUPPORT_ROLE
WORKER_ROLE=$(echo $USER_ARN | sed "s/user\/$USER/role\/$PREFIX_NAME-HCP-ROSA-Worker-Role/")
echo $WORKER_ROLE
  • Configure STS OIDC
rosa create oidc-config --mode=auto -y
  • Set environment variable for cluster-name
OIDC_ID=$(rosa list oidc-config -o json | jq -r '[.[] | select(.last_used_timestamp == null)] | sort_by(.creation_timestamp) | last | .id')
echo $OIDC_ID
  • Create the required IAM operator roles
rosa create operator-roles --prefix $PREFIX_NAME --oidc-config-id $OIDC_ID --hosted-cp --installer-role-arn $INSTALLER_ROLE --mode auto
  • Provision Cluster
rosa create cluster --hosted-cp --sts --cluster-name $CLUSTER_NAME  --subnet-ids $PUBLIC_SUBNET,$PRIVATE_SUBNET --mode auto  --region $REGION --oidc-config-id $OIDC_ID --version $VERSION --operator-roles-prefix $PREFIX_NAME -y
  • Watch Provisioning Logs
rosa logs install -c $CLUSTER_NAME --region $REGION --watch
  • Generate a Cluster Admin user
rosa create admin -c $CLUSTER_NAME
  • Obtain the API_URL
API_URL=$(rosa describe cluster -c $CLUSTER_NAME -o json | jq -r '.api.url')
echo $API_URL
  • Obtain the Console URL
CONSOLE_URL=$(oc get route -n openshift-console console -o jsonpath='{.spec.host}')
echo $CONSOLE_URL
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment