Jump To Close Expand all Collapse all Table of contents Tutorials 1. Tutorials overview 2. Tutorial: ROSA with HCP activation and account linking Expand section "2. Tutorial: ROSA with HCP activation and account linking" Collapse section "2. Tutorial: ROSA with HCP activation and account linking" 2.1. Prerequisites 2.2. Subscription enablement and AWS account setup 2.3. AWS and Red Hat account and subscription linking 2.4. ROSA with HCP cluster deployment using the CLI 2.5. ROSA with HCP cluster deployment using the web console 3. Tutorial: Verifying Permissions for a ROSA STS Deployment Expand section "3. Tutorial: Verifying Permissions for a ROSA STS Deployment" Collapse section "3. Tutorial: Verifying Permissions for a ROSA STS Deployment" 3.1. Prerequisites 3.2. Verifying ROSA permissions 3.3. Usage Instructions 4. Configuring log forwarding for CloudWatch logs and STS Expand section "4. Configuring log forwarding for CloudWatch logs and STS" Collapse section "4. Configuring log forwarding for CloudWatch logs and STS" 4.1. Setting up your environment 4.2. Preparing your AWS account 4.3. Deploying Operators 4.4. Configuring cluster logging 4.5. Checking CloudWatch for logs 4.6. Cleaning up your resources 5. Tutorial: Using AWS WAF and Amazon CloudFront to protect ROSA workloads Expand section "5. Tutorial: Using AWS WAF and Amazon CloudFront to protect ROSA workloads" Collapse section "5. Tutorial: Using AWS WAF and Amazon CloudFront to protect ROSA workloads" 5.1. Prerequisites Expand section "5.1. Prerequisites" Collapse section "5.1. Prerequisites" 5.1.1. Environment setup 5.2. Custom domain setup Expand section "5.2. Custom domain setup" Collapse section "5.2. Custom domain setup" 5.2.1. Configure the AWS WAF 5.3. Configure Amazon CloudFront 5.4. Deploy a sample application 5.5. Test the WAF 5.6. Additional resources 6. Tutorial: Using AWS WAF and AWS ALBs to protect ROSA workloads Expand section "6. Tutorial: Using AWS WAF and AWS ALBs to protect ROSA workloads" Collapse section "6. Tutorial: Using AWS WAF and AWS ALBs to protect ROSA workloads" 6.1. Prerequisites Expand section "6.1. Prerequisites" Collapse section "6.1. Prerequisites" 6.1.1. Environment setup 6.1.2. AWS VPC and subnets 6.2. Deploy the AWS Load Balancer Operator 6.3. Deploy a sample application Expand section "6.3. Deploy a sample application" Collapse section "6.3. Deploy a sample application" 6.3.1. Configure the AWS WAF 6.4. Additional resources 7. Tutorial: Deploying OpenShift API for Data Protection on a ROSA cluster Expand section "7. Tutorial: Deploying OpenShift API for Data Protection on a ROSA cluster" Collapse section "7. Tutorial: Deploying OpenShift API for Data Protection on a ROSA cluster" 7.1. Prepare AWS Account 7.2. Deploy OADP on the cluster 7.3. Perform a backup 7.4. Cleanup 8. Tutorial: AWS Load Balancer Operator on ROSA Expand section "8. Tutorial: AWS Load Balancer Operator on ROSA" Collapse section "8. Tutorial: AWS Load Balancer Operator on ROSA" 8.1. Prerequisites Expand section "8.1. Prerequisites" Collapse section "8.1. Prerequisites" 8.1.1. Environment 8.1.2. AWS VPC and subnets 8.2. Installation 8.3. Validating the deployment 8.4. Cleaning up 9. Tutorial: Configuring ROSA/OSD to use custom TLS ciphers on the Ingress Controller 10. Tutorial: Configuring Microsoft Entra ID (formerly Azure Active Directory) as an identity provider Expand section "10. Tutorial: Configuring Microsoft Entra ID (formerly Azure Active Directory) as an identity provider" Collapse section "10. Tutorial: Configuring Microsoft Entra ID (formerly Azure Active Directory) as an identity provider" 10.1. Prerequisites 10.2. Registering a new application in Entra ID for authentication 10.3. Configuring the application registration in Entra ID to include optional and group claims 10.4. Configuring the Red Hat OpenShift Service on AWS cluster to use Entra ID as the identity provider 10.5. Granting additional permissions to individual users and groups 10.6. Additional resources 11. Tutorial: Using AWS Secrets Manager CSI on ROSA with STS Expand section "11. Tutorial: Using AWS Secrets Manager CSI on ROSA with STS" Collapse section "11. Tutorial: Using AWS Secrets Manager CSI on ROSA with STS" 11.1. Prerequisites 11.2. Deploying the AWS Secrets and Configuration Provider 11.3. Creating a Secret and IAM Access Policies 11.4. Create an Application to use this secret 11.5. Clean up 12. Tutorial: Using AWS Controllers for Kubernetes on ROSA Expand section "12. Tutorial: Using AWS Controllers for Kubernetes on ROSA" Collapse section "12. Tutorial: Using AWS Controllers for Kubernetes on ROSA" 12.1. Prerequisites 12.2. Setting up your environment 12.3. Preparing your AWS Account 12.4. Installing the ACK S3 Controller 12.5. Validating the deployment 12.6. Cleaning up 13. Tutorial: Deploying the External DNS Operator on ROSA Expand section "13. Tutorial: Deploying the External DNS Operator on ROSA" Collapse section "13. Tutorial: Deploying the External DNS Operator on ROSA" 13.1. Prerequisites 13.2. Setting up your environment 13.3. Setting up your custom domain 13.4. Preparing your AWS account 13.5. Installing the External DNS Operator 13.6. Deploying a sample application 14. Tutorial: Dynamically issuing certificates using the cert-manager Operator on ROSA Expand section "14. Tutorial: Dynamically issuing certificates using the cert-manager Operator on ROSA" Collapse section "14. Tutorial: Dynamically issuing certificates using the cert-manager Operator on ROSA" 14.1. Prerequisites 14.2. Setting up your environment 14.3. Preparing your AWS account 14.4. Installing the cert-manager Operator 14.5. Creating a custom domain Ingress Controller 14.6. Configuring dynamic certificates for custom domain routes 14.7. Deploying a sample application 14.8. Troubleshooting dynamic certificate provisioning 15. Tutorial: Assigning consistent egress IP for external traffic Expand section "15. Tutorial: Assigning consistent egress IP for external traffic" Collapse section "15. Tutorial: Assigning consistent egress IP for external traffic" 15.1. Prerequisites Expand section "15.1. Prerequisites" Collapse section "15.1. Prerequisites" 15.1.1. Environment 15.2. Ensure capacity 15.3. Create the egress IP rule(s) Expand section "15.3. Create the egress IP rule(s)" Collapse section "15.3. Create the egress IP rule(s)" 15.3.1. Identify the egress IPs 15.3.2. Reserve the egress IPs 15.4. Deploy an egress IP to a namespace Expand section "15.4. Deploy an egress IP to a namespace" Collapse section "15.4. Deploy an egress IP to a namespace" 15.4.1. Assign an egress IP to a pod 15.4.2. Label the nodes 15.4.3. Review the egress IPs 15.5. Test the egress IP rule Expand section "15.5. Test the egress IP rule" Collapse section "15.5. Test the egress IP rule" 15.5.1. Deploy a sample application 15.5.2. Test namespace egress 15.5.3. Test pod egress 15.5.4. Test blocked egress 15.6. Clean up 16. Getting started with ROSA Expand section "16. Getting started with ROSA" Collapse section "16. Getting started with ROSA" 16.1. Tutorial: What is ROSA Expand section "16.1. Tutorial: What is ROSA" Collapse section "16.1. Tutorial: What is ROSA" 16.1.1. Key features of ROSA 16.1.2. ROSA and Kubernetes 16.1.3. Basic responsibilities 16.1.4. Roadmap and feature requests 16.1.5. AWS region availability 16.1.6. Compliance certifications 16.1.7. Nodes Expand section "16.1.7. Nodes" Collapse section "16.1.7. Nodes" 16.1.7.1. Worker nodes across multiple AWS regions 16.1.7.2. Minimum number of worker nodes 16.1.7.3. Underlying node operating system 16.1.7.4. Node hibernation or shut-down 16.1.7.5. Supported instances for worker nodes 16.1.7.6. Node autoscaling 16.1.7.7. Maximum number of worker nodes 16.1.8. Administrators 16.1.9. OpenShift versions and upgrades 16.1.10. Support Expand section "16.1.10. Support" Collapse section "16.1.10. Support" 16.1.10.1. Limited support 16.1.11. Service-level agreement (SLA) 16.1.12. Notifications and communication 16.1.13. Open Service Broker for AWS (OBSA) 16.1.14. Offboarding 16.1.15. Authentication 16.1.16. SRE cluster access 16.1.17. Encryption Expand section "16.1.17. Encryption" Collapse section "16.1.17. Encryption" 16.1.17.1. Encryption keys 16.1.17.2. KMS keys 16.1.17.3. Data encryption 16.1.17.4. etcd encryption 16.1.17.5. etcd encryption configuration 16.1.17.6. Multi-region KMS keys for EBS encryption 16.1.18. Infrastructure 16.1.19. Credential methods 16.1.20. Prerequisite permission or failure errors 16.1.21. Storage 16.1.22. Using a VPC 16.1.23. Network plugin 16.1.24. Cross-namespace networking 16.1.25. Using Prometheus and Grafana 16.1.26. Audit logs output from the cluster control-plane 16.1.27. AWS Permissions Boundary 16.1.28. AMI 16.1.29. Cluster backups 16.1.30. Custom domain 16.1.31. ROSA domain certificates 16.1.32. Disconnected environments 16.2. Tutorial: ROSA with AWS STS explained Expand section "16.2. Tutorial: ROSA with AWS STS explained" Collapse section "16.2. Tutorial: ROSA with AWS STS explained" 16.2.1. Different credential methods to deploy ROSA Expand section "16.2.1. Different credential methods to deploy ROSA" Collapse section "16.2.1. Different credential methods to deploy ROSA" 16.2.1.1. Rosa with IAM Users 16.2.1.2. ROSA with STS 16.2.2. ROSA with STS security 16.2.3. AWS STS explained 16.2.4. Components specific to ROSA with STS 16.2.5. Deploying a ROSA STS cluster 16.2.6. ROSA with STS workflow 16.2.7. ROSA with STS use cases 16.3. Deploying a cluster Expand section "16.3. Deploying a cluster" Collapse section "16.3. Deploying a cluster" 16.3.1. Tutorial: Choosing a deployment method Expand section "16.3.1. Tutorial: Choosing a deployment method" Collapse section "16.3.1. Tutorial: Choosing a deployment method" 16.3.1.1. Deployment options 16.3.2. Tutorial: Simple CLI guide Expand section "16.3.2. Tutorial: Simple CLI guide" Collapse section "16.3.2. Tutorial: Simple CLI guide" 16.3.2.1. Prerequisites 16.3.2.2. Creating account roles 16.3.2.3. Deploying the cluster 16.3.3. Tutorial: Detailed CLI guide Expand section "16.3.3. Tutorial: Detailed CLI guide" Collapse section "16.3.3. Tutorial: Detailed CLI guide" 16.3.3.1. CLI deployment modes 16.3.3.2. Deployment workflow 16.3.3.3. Automatic mode Expand section "16.3.3.3. Automatic mode" Collapse section "16.3.3.3. Automatic mode" 16.3.3.3.1. Creating account roles 16.3.3.3.2. Creating a cluster Expand section "16.3.3.3.2. Creating a cluster" Collapse section "16.3.3.3.2. Creating a cluster" 16.3.3.3.2.1. Default configuration 16.3.3.3.3. Checking the installation status 16.3.3.4. Manual Mode Expand section "16.3.3.4. Manual Mode" Collapse section "16.3.3.4. Manual Mode" 16.3.3.4.1. Creating account roles 16.3.3.4.2. Creating a cluster 16.3.3.4.3. Creating Operator roles 16.3.3.4.4. Creating the OIDC provider 16.3.3.4.5. Checking the installation status 16.3.3.5. Obtaining the Red Hat Hybrid Cloud Console URL 16.3.4. Tutorial: Hosted Control Planes guide Expand section "16.3.4. Tutorial: Hosted Control Planes guide" Collapse section "16.3.4. Tutorial: Hosted Control Planes guide" 16.3.4.1. Prerequisites Expand section "16.3.4.1. Prerequisites" Collapse section "16.3.4.1. Prerequisites" 16.3.4.1.1. Creating a VPC 16.3.4.1.2. Creating your OIDC configuration 16.3.4.1.3. Creating additional environment variables 16.3.4.2. Creating the cluster 16.3.4.3. Checking the installation status 16.3.5. Tutorial: Simple UI guide Expand section "16.3.5. Tutorial: Simple UI guide" Collapse section "16.3.5. Tutorial: Simple UI guide" 16.3.5.1. Prerequisites 16.3.5.2. Creating account roles 16.3.5.3. Creating Red Hat OpenShift Cluster Manager roles 16.3.6. Tutorial: Detailed UI guide Expand section "16.3.6. Tutorial: Detailed UI guide" Collapse section "16.3.6. Tutorial: Detailed UI guide" 16.3.6.1. Deployment workflow 16.3.6.2. Creating account wide roles 16.3.6.3. Associating your AWS account with your Red Hat account 16.3.6.4. Creating and associating an OpenShift Cluster Manager role Expand section "16.3.6.4. Creating and associating an OpenShift Cluster Manager role" Collapse section "16.3.6.4. Creating and associating an OpenShift Cluster Manager role" 16.3.6.4.1. Other OpenShift Cluster Manager role creation options 16.3.6.5. Creating an OpenShift Cluster Manager user role 16.3.6.6. Creating account roles 16.3.6.7. Confirming successful account association 16.3.6.8. Creating the cluster Expand section "16.3.6.8. Creating the cluster" Collapse section "16.3.6.8. Creating the cluster" 16.3.6.8.1. Networking 16.3.6.8.2. Cluster roles and policies 16.3.6.8.3. Cluster updates 16.3.6.8.4. Reviewing and creating your cluster 16.3.6.8.5. Monitoring the installation progress 16.3.6.9. Basic OpenShift Cluster Manager Role Expand section "16.3.6.9. Basic OpenShift Cluster Manager Role" Collapse section "16.3.6.9. Basic OpenShift Cluster Manager Role" 16.3.6.9.1. Creating Operator roles 16.3.6.9.2. Creating the OIDC provider 16.4. Tutorial: Creating an admin user 16.5. Tutorial: Setting up an identity provider Expand section "16.5. Tutorial: Setting up an identity provider" Collapse section "16.5. Tutorial: Setting up an identity provider" 16.5.1. Setting up an IDP with GitHub 16.5.2. Granting other users access to the cluster 16.6. Tutorial: Granting admin privileges Expand section "16.6. Tutorial: Granting admin privileges" Collapse section "16.6. Tutorial: Granting admin privileges" 16.6.1. Using the ROSA CLI 16.6.2. Using the Red Hat OpenShift Cluster Manager UI 16.7. Tutorial: Accessing your cluster Expand section "16.7. Tutorial: Accessing your cluster" Collapse section "16.7. Tutorial: Accessing your cluster" 16.7.1. Accessing your cluster using the CLI 16.7.2. Accessing the cluster via the Hybrid Cloud Console 16.8. Tutorial: Managing worker nodes Expand section "16.8. Tutorial: Managing worker nodes" Collapse section "16.8. Tutorial: Managing worker nodes" 16.8.1. Creating a machine pool Expand section "16.8.1. Creating a machine pool" Collapse section "16.8.1. Creating a machine pool" 16.8.1.1. Creating a machine pool with the CLI 16.8.1.2. Creating a machine pool with the UI 16.8.2. Scaling worker nodes Expand section "16.8.2. Scaling worker nodes" Collapse section "16.8.2. Scaling worker nodes" 16.8.2.1. Scaling worker nodes using the CLI 16.8.2.2. Scaling worker nodes using the UI 16.8.2.3. Adding node labels 16.8.3. Mixing node types 16.9. Tutorial: Autoscaling Expand section "16.9. Tutorial: Autoscaling" Collapse section "16.9. Tutorial: Autoscaling" 16.9.1. Enabling autoscaling for an existing machine pool using the CLI 16.9.2. Enabling autoscaling for an existing machine pool using the UI 16.10. Tutorial: Upgrading your cluster Expand section "16.10. Tutorial: Upgrading your cluster" Collapse section "16.10. Tutorial: Upgrading your cluster" 16.10.1. Manually upgrading your cluster using the CLI 16.10.2. Manually upgrading your cluster using the UI 16.10.3. Setting up automatic recurring upgrades 16.11. Tutorial: Deleting your cluster Expand section "16.11. Tutorial: Deleting your cluster" Collapse section "16.11. Tutorial: Deleting your cluster" 16.11.1. Deleting a ROSA cluster using the CLI 16.11.2. Deleting a ROSA cluster using the UI 16.12. Tutorial: Obtaining support Expand section "16.12. Tutorial: Obtaining support" Collapse section "16.12. Tutorial: Obtaining support" 16.12.1. Adding support contacts 16.12.2. Contacting Red Hat for support using the UI 16.12.3. Contacting Red Hat for support using the support page 17. Deploying an application Expand section "17. Deploying an application" Collapse section "17. Deploying an application" 17.1. Tutorial: Deploying an application Expand section "17.1. Tutorial: Deploying an application" Collapse section "17.1. Tutorial: Deploying an application" 17.1.1. Introduction Expand section "17.1.1. Introduction" Collapse section "17.1.1. Introduction" 17.1.1.1. Lab overview 17.2. Tutorial: Deploying an application Expand section "17.2. Tutorial: Deploying an application" Collapse section "17.2. Tutorial: Deploying an application" 17.2.1. Prerequisites 17.3. Tutorial: Deploying an application Expand section "17.3. Tutorial: Deploying an application" Collapse section "17.3. Tutorial: Deploying an application" 17.3.1. Lab overview Expand section "17.3.1. Lab overview" Collapse section "17.3.1. Lab overview" 17.3.1.1. Lab resources 17.3.1.2. About the OSToy application 17.3.1.3. OSToy Application Diagram 17.3.1.4. Understanding the OSToy UI Legal Notice Settings Close Language: English 日本語 한국어 简体中文 Language: English 日本語 한국어 简体中文 Format: Multi-page Single-page PDF Format: Multi-page Single-page PDF Language and Page Formatting Options Language: English 日本語 한국어 简体中文 Language: English 日本語 한국어 简体中文 Format: Multi-page Single-page PDF Format: Multi-page Single-page PDF Tutorials Red Hat OpenShift Service on AWS 4Red Hat OpenShift Service on AWS tutorials Red Hat OpenShift Documentation TeamLegal NoticeAbstract Tutorials on creating your first Red Hat OpensShift Service on AWS (ROSA) cluster. Next