This tutorial will demonstrate how to install Red Hat OpenShift into Amazon Web Services (AWS). Red Hat OpenShift is a powerful and versatile platform for building, deploying, and scaling applications. It provides a complete container application platform that enables developers to build and deploy applications quickly and efficiently. By the end of this tutorial, you will have a fully functional enterprise OpenShift cluster running in AWS that you can use to deploy and scale your applications.
What You’ll Learn
- How to deploy Red Hat OpenShift Container Platform (OCP) into AWS
- How to configure an OpenShift cluster using the IPI installer method
- How to validate that your OpenShift cluster is successfully up and running
What You’ll Need
- AWS Account. There will be charges; we are deploying an enterprise-ready OpenShift cluster.
- You will need to increase your AWS Elastic IP quotas. You need a minimum of five free Elastic IPs to deploy OpenShift into AWS.
- AWS CLI setup for your laptop environment
- AWS Route 53 domain name. This is a yearly charge.
- Red Hat Partner/OpenShift account
- Preferably, you already have a Red Hat partner account. You can apply for a partner account here: https://connect.redhat.com/login.
- If you are not able to create a Red Hat partner account or only need to do a quick test or demo, you can get a 60-day trial as well.
- Laptop with SSH capability and a web browser
Some Tips to Remember
- Whenever you are navigating the AWS console, you can always use the search functionality to quickly navigate between the different objects that need to be created.
- This guide was written using macOS; it can easily be adopted to a Linux computer. macOS will use Homebrew, and Linux will typically use yum, apt, or snap as package managers that can be used to install OpenShift and Kubernetes CLI tools. Windows users will need to modify steps for their environment or use a Linux VM if they want to follow along closely.
- OCP = OpenShift cluster in the steps.
- Log in to the Red Hat OpenShift console using the account you created, and download the OpenShift install software, secret key, and OpenShift CLI tools.
- Create an OpenShift install directory in your desired directory.
aleccham@ALECCHAM-M-6D7G openshift-install-mac % ls
README.md openshift-client-mac.tar.gz
install-dir openshift-install
kubectl secret
oc
aleccham@ALECCHAM-M-6D7G openshift-install-mac %
You can move kubelet and oc binaries under your local machine path if you want or simply pre-append ./ to the start of the command in the directory where the programs are stored.
- Let’s examine the secret key. I copied it and created a file to refer to later, but you can simply copy it from the OCP WebUI console when it’s needed.
aleccham@ALECCHAM-M-6D7G openshift-install-mac % cat secret
{"auths":{"cloud.openshift.com":{"auth":"b3BlbnNoaWZ0LXJlbGVhc2UtZGV2K29jbV9hY2Nlc3NfNzY3ZWZjMDcxN2U1NDljMWFjZTY3N2JjZjI1MDgzYjU6OEFWSzc2TExNWk03QkNVMVpKMDgxNk5IUDBRVUxSOFE3NU1HMjYwWkxSTElYRE9WTUhHSkxPWkQ1RFNHMkdKRQ==","email":"aleccham@cisco.com"},"quay.io":{"auth":"b3BlbnNoaWZ0LXJlbGVhc2UtZGV2K29jbV9hY2Nlc3NfNzY3ZWZjMDcxN2U1NDljMWFjZTY3N2JjZjI1MDgzYjU6OEFWSzc2TExNWk03QkNVMVpKMDgxNk5IUDBRVUxSOFE3NU1HMjYwWkxSTElYRE9WTUhHSkxPWkQ1RFNHMkdKRQ==","email":"aleccham@cisco.com"},"registry.connect.redhat.com":{"auth":"fHVoYy0xZ0tXWnRjcnRZc1htZVd1a2RlNXUxUWhWa2o6ZXlKaGJHY2lPaUpTVXpVeE1pSjkuZXlKemRXSWlPaUkwTTJZME9HSmhOV1poTldNMFlqY3pZakl6TWpJMk5tSXlPVGc1TURnelpTSjkuUjZ2SlBsQVhkd2FwR0ROT0RPeXBZSXRjMXlaeUtoeDdiWTcwamk3SExINXAyNWlZTjRBMXB3OUJzVGtZRHRNNFFsV1lkdlZQR1RVREdKOEtwVWNFTWQxVUNibnR3eXpRZUI0TFY3eExyNHRSNDZZMlNfLTl3RUU0SHJFWUVtU1h1UnpVQVhVUlF1cGpLN1VDdW9uTmVJME1LY2thUTlGMDkwUTQxQzVMbVkyMnIzbE9CQ0F2U21NNkRuQldHTS13WEtGQVBPTTQtcmVlckRHMDdVVWxMekpUYVJNaWZBNkRwcDBiWFBDVHpDLWtnU0NDQTlzS25TR0VZc0ZFX3dlZW5LVnpCTHMtTi10ekpRNHFkVWZTM2FjSXVtVkZNeUhPd3hoaUc0WUtmTXpCa19jWWYtMm4xb0F2TU5tQ0FLaVR4a05scUp1MUw4ZDFxVjYydjAwLXhCcEktV1V2T2JDM1BzbndMankzdjl3UkZGaTJKRzN5dmZlU1pwa1VrY1l0dFhuSVNVenhrZWctQlVRUlZqdWdtLWhJbC1LUVRGSkM1QkRSb0hYTHNUNFlHM21QQkF2OGVsSkZqZU1sNGFkeThGczRISkRyQkZkNWVCRmw2Mi1HVXdXcWlCbUhHZTduU0c4RG9Ha0FlZHhLVXVDWFJWVURHMEtoV045c1pMZUFxd0xHeHQyWTdTQ09QLTZWc1haX2ZWRXVuZDd4WC1pSEpRTjhvOGxVRS00SVZ3em9yX0t5UVBJSFVBcW1GallZeXhQcTU5V09NTHpYMWhIOEcyVzFaOW0zR2NtLTRsNFpuZkd6Q0VhLWM3Z2t3aUw2SlRyY3B3X1Z3bG9NbXNTNjVRaElQNnEwMDVvcjVCOElaeUFRTmVzalY0ajk2cjlVdFNKNEw4ZHBkbWs=","email":"aleccham@cisco.com"},"registry.redhat.io":{"auth":"fHVoYy0xZ0tXWnRjcnRZc1htZVd1a2RlNXUxUWhWa2o6ZXlKaGJHY2lPaUpTVXpVeE1pSjkuZXlKemRXSWlPaUkwTTJZME9HSmhOV1poTldNMFlqY3pZakl6TWpJMk5tSXlPVGc1TURnelpTSjkuUjZ2SlBsQVhkd2FwR0ROT0RPeXBZSXRjMXlaeUtoeDdiWTcwamk3SExINXAyNWlZTjRBMXB3OUJzVGtZRHRNNFFsV1lkdlZQR1RVREdKOEtwVWNFTWQxVUNibnR3eXpRZUI0TFY3eExyNHRSNDZZMlNfLTl3RUU0SHJFWUVtU1h1UnpVQVhVUlF1cGpLN1VDdW9uTmVJME1LY2thUTlGMDkwUTQxQzVMbVkyMnIzbE9CQ0F2U21NNkRuQldHTS13WEtGQVBPTTQtcmVlckRHMDdVVWxMekpUYVJNaWZBNkRwcDBiWFBDVHpDLWtnU0NDQTlzS25TR0VZc0ZFX3dlZW5LVnpCTHMtTi10ekpRNHFkVWZTM2FjSXVtVkZNeUhPd3hoaUc0WUtmTXpCa19jWWYtMm4xb0F2TU5tQ0FLaVR4a05scUp1MUw4ZDFxVjYydjAwLXhCcEktV1V2T2JDM1BzbndMankzdjl3UkZGaTJKRzN5dmZlU1pwa1VrY1l0dFhuSVNVenhrZWctQlVRUlZqdWdtLWhJbC1LUVRGSkM1QkRSb0hYTHNUNFlHM21QQkF2OGVsSkZqZU1sNGFkeThGczRISkRyQkZkNWVCRmw2Mi1HVXdXcWlCbUhHZTduU0c4RG9Ha0FlZHhLVXVDWFJWVURHMEtoV045c1pMZUFxd0xHeHQyWTdTQ09QLTZWc1haX2ZWRXVuZDd4WC1pSEpRTjhvOGxVRS00SVZ3em9yX0t5UVBJSFVBcW1GallZeXhQcTU5V09NTHpYMWhIOEcyVzFaOW0zR2NtLTRsNFpuZkd6Q0VhLWM3Z2t3aUw2SlRyY3B3X1Z3bG9NbXNTNjVRaElQNnEwMDVvcjVCOElaeUFRTmVzalY0ajk2cjlVdFNKNEw4ZHBkbWs=","email":"aleccham@cisco.com"}}}
aleccham@ALECCHAM-M-6D7G openshift-install-mac %
In order to access the OCP cluster, we must create an SSH key that will be used instead of logging in via username and password. You cannot use an AWS-created key pair.
- Let’s create the key with the following command:
aleccham@ALECCHAM-M-6D7G openshift-install-mac % ssh-keygen -t rsa -N '' -f ocp-
key
Generating public/private rsa key pair.
Your identification has been saved in ocp-key
Your public key has been saved in ocp-key.pub
The key fingerprint is:
SHA256:zJGTyvdfqiT0SyqHzG8B604uXiBNlZe325mvB2czsGU aleccham@ALECCHAM-M-6D7G
The key's randomart image is:
+---[RSA 3072]----+
| .. . |
| .. oo. |
| . .=. . |
| o ..+ o. . E |
| . o ooS o B |
| . ..o.o. * = |
| +o...= =.o |
| .+* o= o oo |
| ..oo=o o.+o |
+----[SHA256]-----+
- Check the files that we created:
aleccham@ALECCHAM-M-6D7G openshift-install-mac % ls
README.md ocp-key.pub <-
install-dir openshift-client-mac.tar.gz
kubectl openshift-install
oc secret
ocp-key <-
aleccham@ALECCHAM-M-6D7G openshift-install-mac %
Here is your public key; this can be shared:
aleccham@ALECCHAM-M-6D7G openshift-install-mac % cat ocp-key.pub
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDMWm2OKc/SPEREA/F/Xlyszz4xPZuXWxaIHL8K2OsX2l+/HIR4APy/3oTrCk5TwkmPNJ42+KTmx6DEGb4kdlepXqknbqHspGLt0JnMnkU2PpQM26Wratc2izsqfSYcl3S6APMeWsgEqfMT+OadhXS3hGa7IOKiljGpszH06UXkxace6XvIVrBavDnAfKxftHbGSkMd9vTKVhfGiDbpvKsnMPyKTxGSh08aavmOwp1tTUFLP2h4Px8BhRTvksIxXzI8Mx7cOEFJlJyi2Nleuy5//DPKIARZn0FPIoe8xut5iER15uMQInWS5x2ZXKiqQ9zDkart0rFtYEByTRMpmWOItSvFqynVGAFtpRtexSFyhRflSU5M3J7OE9vb+QTQuVos7EHNyTgouAp3Vt5ggqjgY0Tw9NGkcbnZxfq5C0S4XYG3piCFhvfrZl3TcZyHLUHjsmuspNEw5rSXYHqRJRets0YYzepcZsTWQoBmAkLgxIp3Tp15ZuDMHMovr10iPlk= aleccham@ALECCHAM-M-6D7G
This is your private key. You shouldn’t share this key because doing so will leave you vulnerable to an attack. Don’t worry; the cluster I wrote for this tutorial is no longer active.
aleccham@ALECCHAM-M-6D7G openshift-install-mac % cat ocp-key
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn
NhAAAAAwEAAQAAAYEAzFptjinP0jxERAPxf15crM8+MT2bl1sWiBy/CtjrF9pfvxyEeAD8
v96E6wpOU8JJjzSeNvik5segxBm+JHZXqV6pJ26h7KRi7dCZzJ5FNj6UDNulq2rXNos7Kn
0mHJd0ugDzHlrIBKnzE/jmnYV0t4RmuyDiopYxqbMx9OlF5MWnHul7yFawWrw5wHysX7R2
xkpDHfb0ylYXxog26byrJzD8ik8RkodPGmr5jsKdbU1BSz9oeD8fAYUU75LCMV8yPDMe3D
hBSZScotjZXrsuf/wzyiAEWZ9BTyKHvMbreYhEdebjECJ1kucdmVyoqkPcw5Gq7dKxbWBA
ck0TKZljiLUrxasp1RgBbaUbXsUhcoUX5UlOTNyezhPb2/kE0LlaLOxBzck4KLgKd1beYI
Ko4GNE8PTRpHG52cX6uQtEuF2Bt6YghYb362Zd03Gchy1B47JrrKTRMOa0l2B6kSUXrbNG
GM3qXGbE1kKAZgJC4MSKd06deWbgzBzKL69dIj5ZAAAFkLOW3rOzlt6zAAAAB3NzaC1yc2
EAAAGBAMxabY4pz9I8REQD8X9eXKzPPjE9m5dbFogcvwrY6xfaX78chHgA/L/ehOsKTlPC
SY80njb4pObHoMQZviR2V6leqSduoeykYu3QmcyeRTY+lAzbpatq1zaLOyp9JhyXdLoA8x
5ayASp8xP45p2FdLeEZrsg4qKWMamzMfTpReTFpx7pe8hWsFq8OcB8rF+0dsZKQx329MpW
F8aINum8qycw/IpPEZKHTxpq+Y7CnW1NQUs/aHg/HwGFFO+SwjFfMjwzHtw4QUmUnKLY2V
67Ln/8M8ogBFmfQU8ih7zG63mIRHXm4xAidZLnHZlcqKpD3MORqu3SsW1gQHJNEymZY4i1
K8WrKdUYAW2lG17FIXKFF+VJTkzcns4T29v5BNC5WizsQc3JOCi4CndW3mCCqOBjRPD00a
RxudnF+rkLRLhdgbemIIWG9+tmXdNxnIctQeOya6yk0TDmtJdgepElF62zRhjN6lxmxNZC
gGYCQuDEindOnXlm4Mwcyi+vXSI+WQAAAAMBAAEAAAGAFF7rTuGiIt35HCKcf0rjyCI8m+
H9UaA15cmfzbAD93PAWae5GNFYYLQI4fk8B6N1e74OC4LLxWmfAA1k4/OcF3klOZYQtCtK
5VQHENuyII8qaQG4SRc0bu6ALmMdWnpKm4QeuCbqi3R5k8MbEhbMpMKhDwRfMz/voXAIid
Z7Liv51d4GhdkGaXUb+LE06bFuqaObfzAwBL+CTTsk5jX1hcmfUxZAtS+h1gtV50JFOTEb
Uin2+w2nxJoElUE29H79sEjmLFLItT36cUDUceYM/C0usagPehZ4alOyD0HAI2sEIGnc1K
Vzo9ZmOLGFMD8k4SG0g1wXfecuYslLlFa8AqTqLFEa84x2osl6euFREtSVUw06qi/9j3uq
JOCyk+cfwUd7lZLrJJWD6AHCZKf1HcNzzoiCIQnC1QfnNCTssUlW+z1DKyrDGsWPkQwgd5
tElmULVtPl8T3BESsLBb/6aAI3x81NxfqedZbG49XdoIPGUZGUhJjPiMn/uX8PrEURAAAA
wGTVj/tASG6vZJQC2yinnp2tnqDlO1H6LQO7HYZuUliXih7O8qq0ndL13OgvJGOTOhGybo
bEOUKVa03oP9YZ/XUUU3Pz6LRypG6tSFq1LubYG+/X4PjWoQlg1m4pFiXXwLq4Tzo2may5
HLRfSyEcV/3zvGqWFTcvOaAQw+uhuLyW6fazXe0rt96YAjNxlammrFjRRZ5fHzTVSNTbNR
ntj9oaXVxP10Yfj8R7a+q/0lDUihTqGkRAO1ws9QK+cb8VpwAAAMEA9HWGs9Bb/uNSnINF
XeeJHSMOrVQxDVcPg16UHmG0dzIvqEOKxQ/2SaCtyamSZv+CnM1cIVMs6pzSHE1vtLP0K5
4onFY8TrC1ZSQlRI+DiqlTgGsZqpO/sjgpzqTznsFi5SxDBLhpB13dDiYKTAezJqflEx/M
fETOcRDBImCcc6L3A0wQCf2HAuGcWl9r2/EeNOuA6i7eI0yjtSBTvbFK/b8KaLcQK0Ul2A
Id7J1cQNiXkn9XO5Z0i4hOIZ6xx8sNAAAAwQDWADErTqirpnJ0jYwPJjb9vhynmfnZ0p4m
/D8NkpOPH9Oy8/q8sxuqOA2lx/A4/MFG/mUXyg35bjDa2btLvS16SUFrHRPmvqx/n6wlHG
wYTi7qO/zvTEphcXBG+goyVT3CblZxCPGiFzCaieG9UVB9j0SsF9hOnvR4FD2zgJQKVzwd
Uhf9SIn3WAgZ0pxcj3rOQe5orVPqJpLdn1OBedP584k8StRDiIFmW8u9+ohoTSzL+Exi/Q
zZ0HUtlCt6PX0AAAAYYWxlY2NoYW1AQUxFQ0NIQU0tTS02RDdHAQID
-----END OPENSSH PRIVATE KEY-----
- We need to start the ssh-agent process for the local user and do that using the following command. You may ask: Why isn’t the ssh-agent running? I can successfully SSH from my laptop already. The issue is that the ssh-agent is not running for the local user. This is a Linux complexity.
aleccham@ALECCHAM-M-6D7G openshift-install-mac % eval "$(ssh-agent -s)"
Agent pid 5436
- Now let’s add the key to our locally running ssh-agent. Note: We are adding the PRIVATE key to the ssh-agent.
aleccham@ALECCHAM-M-6D7G openshift-install-mac % ssh-add ocp-key
Identity added: ocp-key (aleccham@ALECCHAM-M-6D7G)
aleccham@ALECCHAM-M-6D7G openshift-install-mac %
- Because I am using macOS on my laptop, I also moved the keys into the
.sshdirectory of my local user.
aleccham@ALECCHAM-M-6D7G openshift-install-mac % cp ocp-key* ~/.ssh
- Create an installation directory. We can then view and edit the OpenShift cluster configuration files.
aleccham@ALECCHAM-M-6D7G openshift-install-mac % mkdir install-dir
- Now that the directory is created, we can create the OCP configuration files:
./openshift-install create install-config --dir install-dir
- Select the SSH key that was created in the previous step:
aleccham@ALECCHAM-M-6D7G openshift-install-mac % ./openshift-install create install-config --dir install-dir
? SSH Public Key [Use arrows to move, type to filter, ? for more help]
> /Users/aleccham/.ssh/ocp-key.pub
<none>
- Entering the command above will start an interactive CLI wizard to create your AWS OCP cluster. Select AWS. Note where the arrow (>) is in the menu selections.
aleccham@ALECCHAM-M-6D7G openshift-install-mac % ./openshift-install create install-config --dir install-dir
? Platform [Use arrows to move, type to filter, ? for more help]
alibabacloud
> aws
azure
gcp
ibmcloud
nutanix
openstack
- Select the region you want to install your OCP cluster into:
aleccham@ALECCHAM-M-6D7G openshift-install-mac % ./openshift-install create install-config --dir install-dir
? Platform aws
INFO Credentials loaded from the "default" profile in file "/Users/aleccham/.aws/credentials"
? Region [Use arrows to move, type to filter, ? for more help]
eu-west-3 (Europe (Paris))
me-south-1 (Middle East (Bahrain))
sa-east-1 (South America (Sao Paulo))
> us-east-1 (US East (N. Virginia))
us-east-2 (US East (Ohio))
us-west-1 (US West (N. California))
us-west-2 (US West (Oregon))
- Select your Route 53 domain name:
aleccham@ALECCHAM-M-6D7G openshift-install-mac % ./openshift-install create install-config --dir install-dir
? Platform aws
INFO Credentials loaded from the "default" profile in file "/Users/aleccham/.aws/credentials"
? Region us-east-1
? Base Domain [Use arrows to move, type to filter, ? for more help]
> cvf.solutions
- Provide a cluster name:
aleccham@ALECCHAM-M-6D7G openshift-install-mac % ./openshift-install create install-config --dir install-dir
? Platform aws
INFO Credentials loaded from the "default" profile in file "/Users/aleccham/.aws/credentials"
? Region us-east-1
? Base Domain cvf.solutions
? Cluster Name cvf-ocp
- Input the “Pull Secret” that Red Hat provides in its OpenShift web portal. You MUST copy and paste into the wizard. I found it easiest to just copy from the Red Hat web portal:
aleccham@ALECCHAM-M-6D7G openshift-install-mac % ./openshift-install create install-config --dir install-dir
? Platform aws
INFO Credentials loaded from the "default" profile in file "/Users/aleccham/.aws/credentials"
? SSH Public Key /Users/aleccham/.ssh/ocp-key.pub
? Region us-east-1
? Base Domain cvf.solutions
? Cluster Name cvf-ocp
? Pull Secret [? for help] ******************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************
- After inputting the Pull Secret, your install configuration files have been created successfully. You will see the following output:
aleccham@ALECCHAM-M-6D7G openshift-install-mac % ./openshift-install create install-config --dir install-dir
? SSH Public Key /Users/aleccham/.ssh/ocp-key.pub
? Platform aws
INFO Credentials loaded from the "default" profile in file "/Users/aleccham/.aws/credentials"
? Region us-east-1
? Base Domain cvf.solutions
? Cluster Name cvf-ocp
? Pull Secret [? for help] *****************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************************
INFO Install-Config created in: install-dir
aleccham@ALECCHAM-M-6D7G openshift-install-mac %
aleccham@ALECCHAM-M-6D7G openshift-install-mac %
- Let’s view the OCP configuration files:
aleccham@ALECCHAM-M-6D7G openshift-install-mac % cd install-dir
aleccham@ALECCHAM-M-6D7G install-dir % ls
install-config.yaml
In the install-config.yaml file, we can see that there are many configuration options. I wouldn’t suggest making any changes to this file unless you understand the configuration that you may be changing. One change that might interest you would be to reduce AWS use charges by decreasing the number of workers or changing the instance size. Unfortunately, many of the smaller-size AWS instances are NOT supported for use with OCP. Remember, this is an enterprise-ready OCP cluster. If you wish to make those changes, use the following link to make changes to your install-config.yaml:
aleccham@ALECCHAM-M-6D7G openshift-install-mac % cat install-dir/install-config.yaml
additionalTrustBundlePolicy: Proxyonly
apiVersion: v1
baseDomain: cvf.solutions
compute:
- architecture: amd64
hyperthreading: Enabled
name: worker
platform: {}
replicas: 3
controlPlane:
architecture: amd64
hyperthreading: Enabled
name: master
platform: {}
replicas: 3
metadata:
creationTimestamp: null
name: cvf-ocp
networking:
clusterNetwork:
- cidr: 10.128.0.0/14
hostPrefix: 23
machineNetwork:
- cidr: 10.0.0.0/16
networkType: OVNKubernetes
serviceNetwork:
- 172.30.0.0/16
platform:
aws:
region: us-east-1
publish: External
pullSecret: '{"auths":{"cloud.openshift.com":{"auth":"b3BlbnNoaWZ0LXJlbGVhc2UtZGV2K29jbV9hY2Nlc3NfNzY3ZWZjMDcxN2U1NDljMWFjZTY3N2JjZjI1MDgzYjU6OEFWSzc2TExNWk03QkNVMVpKMDgxNk5IUDBRVUxSOFE3NU1HMjYwWkxSTElYRE9WTUhHSkxPWkQ1RFNHMkdKRQ==","email":"aleccham@cisco.com"},"quay.io":{"auth":"b3BlbnNoaWZ0LXJlbGVhc2UtZGV2K29jbV9hY2Nlc3NfNzY3ZWZjMDcxN2U1NDljMWFjZTY3N2JjZjI1MDgzYjU6OEFWSzc2TExNWk03QkNVMVpKMDgxNk5IUDBRVUxSOFE3NU1HMjYwWkxSTElYRE9WTUhHSkxPWkQ1RFNHMkdKRQ==","email":"aleccham@cisco.com"},"registry.connect.redhat.com":{"auth":"fHVoYy0xZ0tXWnRjcnRZc1htZVd1a2RlNXUxUWhWa2o6ZXlKaGJHY2lPaUpTVXpVeE1pSjkuZXlKemRXSWlPaUkwTTJZME9HSmhOV1poTldNMFlqY3pZakl6TWpJMk5tSXlPVGc1TURnelpTSjkuUjZ2SlBsQVhkd2FwR0ROT0RPeXBZSXRjMXlaeUtoeDdiWTcwamk3SExINXAyNWlZTjRBMXB3OUJzVGtZRHRNNFFsV1lkdlZQR1RVREdKOEtwVWNFTWQxVUNibnR3eXpRZUI0TFY3eExyNHRSNDZZMlNfLTl3RUU0SHJFWUVtU1h1UnpVQVhVUlF1cGpLN1VDdW9uTmVJME1LY2thUTlGMDkwUTQxQzVMbVkyMnIzbE9CQ0F2U21NNkRuQldHTS13WEtGQVBPTTQtcmVlckRHMDdVVWxMekpUYVJNaWZBNkRwcDBiWFBDVHpDLWtnU0NDQTlzS25TR0VZc0ZFX3dlZW5LVnpCTHMtTi10ekpRNHFkVWZTM2FjSXVtVkZNeUhPd3hoaUc0WUtmTXpCa19jWWYtMm4xb0F2TU5tQ0FLaVR4a05scUp1MUw4ZDFxVjYydjAwLXhCcEktV1V2T2JDM1BzbndMankzdjl3UkZGaTJKRzN5dmZlU1pwa1VrY1l0dFhuSVNVenhrZWctQlVRUlZqdWdtLWhJbC1LUVRGSkM1QkRSb0hYTHNUNFlHM21QQkF2OGVsSkZqZU1sNGFkeThGczRISkRyQkZkNWVCRmw2Mi1HVXdXcWlCbUhHZTduU0c4RG9Ha0FlZHhLVXVDWFJWVURHMEtoV045c1pMZUFxd0xHeHQyWTdTQ09QLTZWc1haX2ZWRXVuZDd4WC1pSEpRTjhvOGxVRS00SVZ3em9yX0t5UVBJSFVBcW1GallZeXhQcTU5V09NTHpYMWhIOEcyVzFaOW0zR2NtLTRsNFpuZkd6Q0VhLWM3Z2t3aUw2SlRyY3B3X1Z3bG9NbXNTNjVRaElQNnEwMDVvcjVCOElaeUFRTmVzalY0ajk2cjlVdFNKNEw4ZHBkbWs=","email":"aleccham@cisco.com"},"registry.redhat.io":{"auth":"fHVoYy0xZ0tXWnRjcnRZc1htZVd1a2RlNXUxUWhWa2o6ZXlKaGJHY2lPaUpTVXpVeE1pSjkuZXlKemRXSWlPaUkwTTJZME9HSmhOV1poTldNMFlqY3pZakl6TWpJMk5tSXlPVGc1TURnelpTSjkuUjZ2SlBsQVhkd2FwR0ROT0RPeXBZSXRjMXlaeUtoeDdiWTcwamk3SExINXAyNWlZTjRBMXB3OUJzVGtZRHRNNFFsV1lkdlZQR1RVREdKOEtwVWNFTWQxVUNibnR3eXpRZUI0TFY3eExyNHRSNDZZMlNfLTl3RUU0SHJFWUVtU1h1UnpVQVhVUlF1cGpLN1VDdW9uTmVJME1LY2thUTlGMDkwUTQxQzVMbVkyMnIzbE9CQ0F2U21NNkRuQldHTS13WEtGQVBPTTQtcmVlckRHMDdVVWxMekpUYVJNaWZBNkRwcDBiWFBDVHpDLWtnU0NDQTlzS25TR0VZc0ZFX3dlZW5LVnpCTHMtTi10ekpRNHFkVWZTM2FjSXVtVkZNeUhPd3hoaUc0WUtmTXpCa19jWWYtMm4xb0F2TU5tQ0FLaVR4a05scUp1MUw4ZDFxVjYydjAwLXhCcEktV1V2T2JDM1BzbndMankzdjl3UkZGaTJKRzN5dmZlU1pwa1VrY1l0dFhuSVNVenhrZWctQlVRUlZqdWdtLWhJbC1LUVRGSkM1QkRSb0hYTHNUNFlHM21QQkF2OGVsSkZqZU1sNGFkeThGczRISkRyQkZkNWVCRmw2Mi1HVXdXcWlCbUhHZTduU0c4RG9Ha0FlZHhLVXVDWFJWVURHMEtoV045c1pMZUFxd0xHeHQyWTdTQ09QLTZWc1haX2ZWRXVuZDd4WC1pSEpRTjhvOGxVRS00SVZ3em9yX0t5UVBJSFVBcW1GallZeXhQcTU5V09NTHpYMWhIOEcyVzFaOW0zR2NtLTRsNFpuZkd6Q0VhLWM3Z2t3aUw2SlRyY3B3X1Z3bG9NbXNTNjVRaElQNnEwMDVvcjVCOElaeUFRTmVzalY0ajk2cjlVdFNKNEw4ZHBkbWs=","email":"aleccham@cisco.com"}}}'
sshKey: |
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDMWm2OKc/SPEREA/F/Xlyszz4xPZuXWxaIHL8K2OsX2l+/HIR4APy/3oTrCk5TwkmPNJ42+KTmx6DEGb4kdlepXqknbqHspGLt0JnMnkU2PpQM26Wratc2izsqfSYcl3S6APMeWsgEqfMT+OadhXS3hGa7IOKiljGpszH06UXkxace6XvIVrBavDnAfKxftHbGSkMd9vTKVhfGiDbpvKsnMPyKTxGSh08aavmOwp1tTUFLP2h4Px8BhRTvksIxXzI8Mx7cOEFJlJyi2Nleuy5//DPKIARZn0FPIoe8xut5iER15uMQInWS5x2ZXKiqQ9zDkart0rFtYEByTRMpmWOItSvFqynVGAFtpRtexSFyhRflSU5M3J7OE9vb+QTQuVos7EHNyTgouAp3Vt5ggqjgY0Tw9NGkcbnZxfq5C0S4XYG3piCFhvfrZl3TcZyHLUHjsmuspNEw5rSXYHqRJRets0YYzepcZsTWQoBmAkLgxIp3Tp15ZuDMHMovr10iPlk= aleccham@ALECCHAM-M-6D7G
aleccham@ALECCHAM-M-6D7G openshift-install-mac %
- Let’s kick off the installation process. This will take up to 45 minutes; it is automated, so go grab a coffee and wait. Here is a snippet to show what running the command will look like:
aleccham@ALECCHAM-M-6D7G openshift-install-mac % ./openshift-install create cluster --dir install-dir --log-level=info
INFO Credentials loaded from the "default" profile in file "/Users/aleccham/.aws/credentials"
WARNING failed to find default instance type: no instance type found for the zone constraint
WARNING failed to find default instance type: no instance type found for the zone constraint
INFO Consuming Install Config from target directory
INFO Creating infrastructure resources...
- Upon the wizard’s completion, you will be provided with a URL (
https://console-openshift-console.apps.ocp-cvf.cvf.solutions), username (kubeadmin), and a password (GAWv7-S7uTz-7qJsK-BY8Be). You will use this information to log in to the OCP WebUI, which is the URL the wizard provided.
aleccham@ALECCHAM-M-6D7G openshift-install-mac % ./openshift-install create cluster --dir install-dir --log-level=info
INFO Credentials loaded from the "default" profile in file "/Users/aleccham/.aws/credentials"
WARNING failed to find default instance type: no instance type found for the zone constraint
WARNING failed to find default instance type: no instance type found for the zone constraint
INFO Consuming Install Config from target directory
INFO Creating infrastructure resources...
INFO Waiting up to 20m0s (until 3:24PM) for the Kubernetes API at https://api.ocp-cvf.cvf.solutions:6443...
INFO API v1.25.4+a34b9e9 up
INFO Waiting up to 30m0s (until 3:36PM) for bootstrapping to complete...
INFO Destroying the bootstrap resources...
INFO Waiting up to 40m0s (until 3:58PM) for the cluster at https://api.ocp-cvf.cvf.solutions:6443 to initialize...
INFO Checking to see if there is a route at openshift-console/console...
INFO Install complete!
INFO To access the cluster as the system:admin user when using 'oc', run 'export KUBECONFIG=/Users/aleccham/Desktop/CVF/openshift-install-mac/install-dir/auth/kubeconfig'
INFO Access the OpenShift web-console here: https://console-openshift-console.apps.ocp-cvf.cvf.solutions
INFO Login to the console with user: "kubeadmin", and password: "GAWv7-S7uTz-7qJsK-BY8Be"
INFO Time elapsed: 47m38s
aleccham@ALECCHAM-M-6D7G openshift-install-mac %
- Let’s navigate to the newly created OCP user interface. Copy the URL from the output above. You should consider creating a file with the URL, username, and password saved within.
Congratulations! You have finished deploying Red Hat OpenShift on AWS. It provides a powerful platform for building, deploying, and managing containerized applications. The process of installation can be done with ease by following the steps outlined in this tutorial. By using AWS, organizations can benefit from the scalability and flexibility of cloud computing while also leveraging the capabilities of OpenShift for container orchestration. With its intuitive interface, robust security features, and extensive integrations, OpenShift on AWS is an excellent choice for enterprises looking to streamline their application development and deployment processes.
Learn More
- https://connect.redhat.com/login
- https://docs.openshift.com/container-platform/4.12/installing/installing_aws/preparing-to-install-on-aws.html
- https://docs.openshift.com/container-platform/4.12/installing/installing_aws/installing-aws-customizations.html#installing-aws-customizations
- https://www.redhat.com/en/partners/cisco-systems