{"id":16179286,"url":"https://github.com/jonashackt/openshift-aws","last_synced_at":"2026-03-18T18:17:12.753Z","repository":{"id":147269993,"uuid":"406248892","full_name":"jonashackt/openshift-aws","owner":"jonashackt","description":"Evalutating the ROSA (Redhat OpenShift on AWS) service","archived":false,"fork":false,"pushed_at":"2021-10-12T12:25:05.000Z","size":3640,"stargazers_count":2,"open_issues_count":0,"forks_count":1,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-04-07T11:47:16.147Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jonashackt.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-09-14T06:20:30.000Z","updated_at":"2023-07-27T19:56:35.000Z","dependencies_parsed_at":null,"dependency_job_id":"8554b20d-571c-4dae-ad4a-26e9284050aa","html_url":"https://github.com/jonashackt/openshift-aws","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/jonashackt/openshift-aws","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jonashackt%2Fopenshift-aws","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jonashackt%2Fopenshift-aws/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jonashackt%2Fopenshift-aws/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jonashackt%2Fopenshift-aws/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jonashackt","download_url":"https://codeload.github.com/jonashackt/openshift-aws/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jonashackt%2Fopenshift-aws/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28602453,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-20T10:46:13.255Z","status":"ssl_error","status_checked_at":"2026-01-20T10:42:51.865Z","response_time":117,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-10-10T05:26:37.610Z","updated_at":"2026-01-20T11:32:12.778Z","avatar_url":"https://github.com/jonashackt.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# openshift-aws\nEvalutating the ROSA (Redhat OpenShift on AWS) service\n\n![openshift-on-aws](screenshots/openshift-on-aws.png)\n\nWhat is ROSA?\n\n\u003e Red Hat OpenShift Service on AWS (ROSA) is a fully-managed OpenShift service, jointly managed and supported by both Red Hat and Amazon Web Services (AWS). Having your clusters maintained by this service gives you the freedom to focus on deploying applications. (see https://docs.openshift.com/rosa/rosa_architecture/rosa-understanding.html)\n\n\n## Pricing\n\n`There's no free lunch` - so here's the pricing: https://aws.amazon.com/rosa/pricing/ \n\nAs of writing this is: \n\n1.) hourly fee for the cluster, which is $0.03/cluster/hour**\n\n2.) pricing per worker node, which is $0.171 per 4 vCPU / hour for On-demand consumption\n\n3.) EC2 pricing comes on top\n\n\n## Enable OpenShift inside your AWS account\n\n\u003e [To create a new cluster](https://docs.openshift.com/rosa/rosa_architecture/rosa-understanding.html#rosa-cluster-consoles_rosa-understanding), start from the AWS Management console using ROSA. This integrates with the new rosa CLI and API to provision clusters in your AWS account. The new API for cluster creation alleviates the burden of manually deploying the cluster in your existing VPC and account.\n\nSo let's have a look into the AWS console and search for `rosa`:\n\n![aws-console-rosa](screenshots/aws-console-rosa.png)\n\nNow in the ROSA AWS service overview we need to click on `Enable Red Hat OpenShift`:\n\n![aws-rosa-service](screenshots/aws-rosa-service.png)\n\nThis might take a while and will also share your contact information with Red Hat, since the cluster will be managed by Red Hat's SRE team.\n\n\n## Install rosa CLI \u0026 create Red Hat account\n\n![rosa-ready-download-cli](screenshots/rosa-ready-download-cli.png)\n\nNow when the ROSA service is enabled for our account, we need to install the rosa CLI:\n\n[The docs state](https://docs.openshift.com/rosa/rosa_getting_started/rosa-installing-rosa.html) in order to download the `rosa` CLI, we need to create a Red Hat account first.\n\nBut on a Mac we can simply use brew to install it:\n\n```\nbrew install rosa-cli\n```\n\nNow before proceeding with creating a offline access token we'll need for the `rosa login` command, we finally need a Red Hat account. Head over to https://console.redhat.com and create your account (or log in if you already have one). \n\nIf we have an account we can create the needed offline access token at https://console.redhat.com/openshift/token/rosa\n\nClick on `Load Token` to create one:\n\n![redhat-console-token](screenshots/redhat-console-token.png)\n\nNow head over to the `rosa` CLI and login with the token:\n\n```\nrosa login --token=\"yourTokenHere(multiplelines)\"\n```\n\nAfter running the command something like this should be printed out:\n```\n...\nI: Logged in as 'jonashackt' on 'https://api.openshift.com'\n```\n\n\n## Initialize a ROSA on AWS\n\n\u003e See https://docs.openshift.com/rosa/rosa_getting_started/rosa-installing-rosa.html\n\nBe sure to have the AWS account configured in your `aws` CLI in which you enabled ROSA using the console. Therefore check your Access Key and Secret:\n\n```\naws configure\n```\n\nNow we need to check if our AWS account \u0026 Red Hat account are ready to run ROSA.\n\n```\nrosa whoami\n```\n\nFinally initalize the cluster with\n\n```\nrosa init\n```\n\nThat should output something like:\n\n```\n$ rosa init\nrosa init\nI: Logged in as 'jonashackt' on 'https://api.openshift.com'\nI: Validating AWS credentials...\nI: AWS credentials are valid!\nI: Validating SCP policies...\nI: AWS SCP policies ok\nI: Validating AWS quota...\nI: AWS quota ok. If cluster installation fails, validate actual AWS resource usage against https://docs.openshift.com/rosa/rosa_getting_started/rosa-required-aws-service-quotas.html\nI: Ensuring cluster administrator user 'osdCcsAdmin'...\nI: Admin user 'osdCcsAdmin' created successfully!\nI: Validating SCP policies for 'osdCcsAdmin'...\nI: AWS SCP policies ok\nI: Validating cluster creation...\nI: Cluster creation valid\nI: Verifying whether OpenShift command-line tool is available...\nW: OpenShift command-line tool is not installed.\nRun 'rosa download oc' to download the latest version, then add it to your PATH.\n```\n\n\n## Installing a current version OpenShift oc CLI\n\nSadly simply running `brew install openshift-cli` isn't enough, because this will result in `rosa` CLI complaining about the `oc` version like this:\n\n```\nrosa verify oc\n\nI: Verifying whether OpenShift command-line tool is available...\nW: Current OpenShift Client Version: v4.2.0-alpha.0-657-g51011e4\nW: Your version of the OpenShift command-line tool is not supported.\nRun 'rosa download oc' to download the latest version, then add it to your PATH.\n```\n\nAnd if we have a look at the brew formulae at https://formulae.brew.sh/formula/openshift-cli \u0026 https://formulae.brew.sh/api/formula/openshift-cli.json, we'll soon find the problem: The last release in the used repo is from June 2020: https://github.com/openshift/oc/releases :(((\n\nSo we have to do what the ROSA or [OpenShift docs](https://docs.openshift.com/container-platform/4.8/cli_reference/openshift_cli/getting-started-cli.html#installing-openshift-cli) tell us - we need to download the binary and add it to our `PATH` manually. There's a `rosa` CLI shortcut for downloading the latest and matching `oc` version:\n\n```\nrosa download oc\n```\n\nThis will download the `oc` binary inside a `tar.gz` from https://mirror.openshift.com/pub/openshift-v4/clients/ocp/latest/ into the current directory. Unpack it and put the `oc` binary somewhere your `$PATH` is configured to look into (run `echo $PATH` to see these folders). On a Mac I simply moved (only!) the `oc` binary to `/usr/local/bin`.\n\nIf everything went fine a `oc version` should print something and the `rosa verify oc` should stop complaining:\n\n```\n$ rosa verify oc\n\nI: Verifying whether OpenShift command-line tool is available...\nI: Current OpenShift Client Version: 4.8.11\n```\n\n## Create a ROSA cluster on AWS\n\n\u003e see https://docs.openshift.com/rosa/rosa_getting_started/rosa-creating-cluster.html\n\nFinally we're where we wanted to be in the first place. Let's create our cluster:\n\n```\nrosa create cluster --cluster-name=my-first-rosa\n```\n\n\nThis should print something like this:\n\n```\nrosa create cluster --cluster-name=my-first-rosa\nI: Creating cluster 'my-first-rosa'\nI: To view a list of clusters and their status, run 'rosa list clusters'\nI: Cluster 'my-first-rosa' has been created.\nI: Once the cluster is installed you will need to add an Identity Provider before you can login into the cluster. See 'rosa create idp --help' for more information.\nI: To determine when your cluster is Ready, run 'rosa describe cluster -c my-first-rosa'.\nI: To watch your cluster installation logs, run 'rosa logs install -c my-first-rosa --watch'.\nName:                       my-first-rosa\nID:                         somecoolidhere\nExternal ID:\nOpenShift Version:\nChannel Group:              stable\nDNS:                        my-first-rosa.dt1y.p1.openshiftapps.com\nAWS Account:                12345678\nAPI URL:\nConsole URL:\nRegion:                     eu-central-1\nMulti-AZ:                   false\nNodes:\n - Master:                  3\n - Infra:                   2\n - Compute:                 2\nNetwork:\n - Service CIDR:            172.30.0.0/16\n - Machine CIDR:            10.0.0.0/16\n - Pod CIDR:                10.128.0.0/14\n - Host Prefix:             /23\nState:                      pending (Preparing account)\nPrivate:                    No\nCreated:                    Sep 14 2021 08:16:54 UTC\nDetails Page:               https://console.redhat.com/openshift/details/s/9827354903759375\n```\n\nShow the status of the cluster with\n\n```\nrosa list clusters\n```\n\nWe can also use the link from the output presented in `Details Page` to watch the cluster creation process inside the RedHat console:\n\n![redhat-console-cluster-creation](screenshots/redhat-console-cluster-creation.png)\n\nAlso checking back into our AWS account at https://eu-central-1.console.aws.amazon.com/ec2/v2/home we can see the EC2 instances beeing prepared:\n\n![aws-ec2-console](screenshots/aws-ec2-console.png)\n\nThe cluster creation process will take it's time. My cluster needed around 30min+ to be ready. We can also follow the OpenShift installer logs using rosa CLI:\n\n```\nrosa logs install --cluster=my-first-rosa --watch\n```\n\n\nYou will see if the installation has finised if `rosa list clusters` gives a `ready` state. Also the RedHat console switches the view like this:\n\n![redhat-console-cluster-installed](screenshots/redhat-console-cluster-installed.png)\n\n\n## Access the ROSA cluster as administrator\n\n\u003e See https://docs.openshift.com/rosa/rosa_getting_started/rosa-accessing-cluster.html\n\n\u003e As a best practice, access your Red Hat OpenShift Service on AWS (ROSA) cluster using an identity provider (IDP) account. However, the cluster administrator who created the cluster can access it using the quick access procedure.\n\nSo let's create a cluster admin for conveniance:\n\n```\nrosa create admin --cluster=my-first-rosa\n```\n\nThis will output a `oc` command to login to our new ROSA cluster with the admin user:\n\n```\nW: It is recommended to add an identity provider to login to this cluster. See 'rosa create idp --help' for more information.\nI: Admin account has been added to cluster 'my-first-rosa'.\nI: Please securely store this generated password. If you lose this password you can delete and recreate the cluster admin user.\nI: To login, run the following command:\n\n   oc login https://api.my-first-rosa.dt1y.p1.openshiftapps.com:6443 --username cluster-admin --password nice-password-here\n\nI: It may take up to a minute for the account to become active.\n```\n\nNote this password - you'll need it later :)\n\nWith that we can access our new ROSA cluster via `oc` or `kubectl` CLIs as we're used to from any other cluster. \n\nWe can also open our Browser to have a look into the cluster dashboard at https://console-openshift-console.apps.my-first-rosa.dt1y.p1.openshiftapps.com/\n\n![openshift-dashboard](screenshots/openshift-dashboard.png)\n\n\n## Rosa Architecture\n\nIf you wonder, which types of nodes the rosa CLI installes - here a good overview blog post: https://aws.amazon.com/blogs/containers/red-hat-openshift-service-on-aws-architecture-and-networking/\n\nThe diagram tells us, that `infrastructure` nodes provide \"Registry, Router \u0026 Monitoring\":\n\n![aws-rosa-architecture](screenshots/aws-rosa-architecture.png)\n\n\n## Delete the ROSA cluster\n\n```\nrosa delete cluster --cluster=my-first-rosa --watch\n```\n\n\n## Links\n\nROSA docs: https://docs.openshift.com/rosa/welcome/index.html\n\nhttps://aws.amazon.com/blogs/containers/announcing-red-hat-openshift-service-on-aws/\n\nhttps://aws.amazon.com/quickstart/architecture/openshift/\n\nEvery step with rosa CLI https://docs.openshift.com/rosa/rosa_cli/rosa-get-started-cli.html#rosa-using-bash-script_rosa-getting-started-cli\n\n\nhttps://aws.amazon.com/blogs/containers/red-hat-openshift-service-on-aws-architecture-and-networking/","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjonashackt%2Fopenshift-aws","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjonashackt%2Fopenshift-aws","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjonashackt%2Fopenshift-aws/lists"}