Merge pull request #55565 from EricPonvelle/Rosa_HCP

[OSDOCS-3901] Created the topic map for ROSA HCP

Author: EricPonvelle

_attributes/attributes-openshift-dedicated.adoc

@@ -27,3 +27,4 @@
 //Formerly known as CodeReady Containers and CodeReady Workspaces
 :openshift-local-productname: Red Hat OpenShift Local
 :openshift-dev-spaces-productname: Red Hat OpenShift Dev Spaces
+:hcp: hosted control planes

_topic_maps/_topic_map_rosa.yml

@@ -102,7 +102,14 @@ Topics:
 - Name: Setting up your environment
   File: rosa-sts-setting-up-environment
 ---
-Name: Installing, accessing, and deleting ROSA clusters
+Name: Install hosted control plane for ROSA clusters
+Dir: rosa_hcp
+Distros: openshift-rosa
+Topics:
+- Name: Creating hosted control planes for ROSA clusters using the default options
+  File: rosa-hcp-sts-creating-a-cluster-quickly
+---
+Name: Install ROSA classic clusters
 Dir: rosa_install_access_delete_clusters
 Distros: openshift-rosa
 Topics:

modules/rosa-hcp-byo-oidc.adoc

@@ -0,0 +1,39 @@
+// Module included in the following assemblies:
+//
+// * rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-quickly.adoc
+// * rosa_getting_started/quickstart.adoc
+
+:_content-type: PROCEDURE
+[id="rosa-hcp-byo-oidc_{context}"]
+= Configuring your own OpenID Connect provider
+
+You can use your own OpenID Connect (OIDC) provider with {hcp} for {product-title} (ROSA).
+
+.Prerequisites
+
+* You have completed the AWS prerequisites for {hcp} for ROSA.
+* You have installed and configured the latest ROSA CLI (`rosa`) on your installation host.
+
+.Procedure
+
+* To create your OIDC configuration alongside the AWS resources, run the following command:
++
+[source,terminal]
+----
+$ rosa create oidc-config --mode auto
+----
++
+This command returns the following information.
++
+.Sample output
++
+[source,terminal]
+----
+I: This command will create a S3 bucket populating it with documents to be compliant with OIDC protocol. It will also create a Secret in Secrets Manager containing the private key.
+I: Please run command below to create a cluster with this oidc config:
+rosa create cluster --sts \
+ --oidc-endpoint-url https://oidc-l8c0.s3.us-east-1.amazonaws.com \
+ --oidc-private-key-secret-arn arn:aws:secretsmanager:us-east-1:269733383066:secret:rosa-private-key-oidc-l8c0-4vdMVv
+----
+
+When creating your cluster, you must supply the OIDC endpoint URL and secret manager secret ARN. The CLI output provides both values for `--mode auto`, otherwise you must to determine these values based on `aws` CLI output for `--mode manual`.

modules/rosa-hcp-creating-account-wide-sts-roles-and-policies.adoc

@@ -0,0 +1,50 @@
+// Module included in the following assemblies:
+//
+// * rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-quickly.adoc
+// * rosa_getting_started/quickstart.adoc
+
+:_content-type: PROCEDURE
+[id="rosa-sts-creating-account-wide-sts-roles-and-policies_{context}"]
+= Creating the account-wide STS roles and policies
+
+Before using the {cluster-manager-first} {hybrid-console-second} to create {hcp} for {product-title} (ROSA) clusters, create the required account-wide roles and policies, including the Operator policies.
+
+.Prerequisites
+
+* You have completed the AWS prerequisites for {hcp} for ROSA with STS.
+* You have available AWS service quotas.
+* You have enabled the ROSA service in the AWS Console.
+* You have installed and configured the latest ROSA CLI (`rosa`) on your installation host.
++
+[NOTE]
+====
+To successfully install {hcp} for ROSA clusters, use the latest version of the ROSA CLI (`rosa`).
+====
+* You have logged in to your Red Hat account by using the `rosa` CLI.
+
+.Procedure
+
+. Check your AWS account for existing roles and policies by running the following command:
++
+[source,terminal]
+----
+$ rosa list account-roles
+----
++
+.Sample output
+[source,terminal]
+----
+I: Fetching account roles
+ROLE NAME                           ROLE TYPE      ROLE ARN                                                   OPENSHIFT VERSION
+ManagedOpenShift-ControlPlane-Role  Control plane  arn:aws:iam::8744:role/ManagedOpenShift-ControlPlane-Role  4.12
+ManagedOpenShift-Installer-Role     Installer      arn:aws:iam::8744:role/ManagedOpenShift-Installer-Role     4.12
+ManagedOpenShift-Support-Role       Support        arn:aws:iam::8744:role/ManagedOpenShift-Support-Role       4.12
+ManagedOpenShift-Worker-Role        Worker         arn:aws:iam::8744:role/ManagedOpenShift-Worker-Role        4.12
+----
+
+. If they do not exist in your AWS account, create the required account-wide STS roles and policies by running the following command: 
++
+[source,terminal]
+----
+$ rosa create account-roles
+----

modules/rosa-hcp-sts-creating-a-cluster-cli.adoc

@@ -0,0 +1,91 @@
+// Module included in the following assemblies:
+//
+// * rosa_getting_started_sts/rosa_creating_a_cluster_with_sts/rosa-sts-creating-a-cluster-quickly.adoc
+// * rosa_getting_started/rosa-getting-started.adoc
+// * rosa_getting_started/quickstart.adoc
+
+:_content-type: PROCEDURE
+[id="rosa-hcp-sts-creating-a-cluster-cli_{context}"]
+= Creating a {hcp} for ROSA cluster using the CLI
+
+When using {product-title} (ROSA) CLI (`rosa`) to create a cluster, you can select the default options to create the cluster quickly.
+
+.Prerequisites
+
+* You have completed the AWS prerequisites for {hcp} for ROSA.
+* You have available AWS service quotas.
+* You have enabled the ROSA service in the AWS Console.
+* You have installed and configured the latest ROSA CLI (`rosa`) on your installation host.
++
+[NOTE]
+====
+To successfully install ROSA clusters, use the latest version of the ROSA CLI (`rosa`).
+====
+* You have logged in to your Red Hat account by using the `rosa` CLI.
+* You have verified that the AWS Elastic Load Balancing (ELB) service role exists in your AWS account.
+
+.Procedure
+
+//. Create environmental variables for your region and cluster name.
+//+
+//[source,terminal]
+//----
+//CLUSTER_NAME="<cluster-name>"
+//REGION="<region>"
+//----
+
+. You can create your {hcp} for ROSA cluster with one of the following commands. 
++
+[NOTE]
+====
+If you are using your own OIDC provider, you must include the endpoint URL and ARN arguments, such as `--oidc-endpoint-url <oidc_endpoint_url> --oidc-private-key-secret-arn <oidc_private_key_secret_arn>`.
+====
+
+** Create a cluster with a single, initial machine pool, publicly available API, and publicly available Ingress by running the following command:
++
+[source,terminal]
+----
+$ rosa create cluster --cluster-name=<cluster_name> \
+    --sts --mode=auto --hosted-cp --subnet-ids=<public-subnet-id>,<private-subnet-id>
+----
+
+** Create a cluster with a single, initial machine pool, privately available API, and privately available Ingress by running the following command:
++
+[source,terminal]
+----
+$ rosa create cluster --private --cluster-name=<cluster_name> \
+    --sts --mode=auto --hosted-cp --subnet-ids=<private-subnet-id>
+----
++
+[NOTE]
+====
+When you specify `--mode auto`, the `rosa create cluster` command creates the cluster-specific Operator IAM roles and the OIDC provider automatically. The Operators use the OIDC provider to authenticate.
+====
+
+. Check the status of your cluster by running the following command:
++
+[source,terminal]
+----
+$ rosa describe cluster --cluster=<cluster_name>
+----
++
+The following `State` field changes are listed in the output as the cluster installation progresses:
++
+* `waiting (Waiting for OIDC configuration)`
+* `pending (Preparing account)`
+* `installing (DNS setup in progress)`
+* `installing`
+* `ready`
++
+[NOTE]
+====
+If the installation fails or the `State` field does not change to `ready` after more than 10 minutes, check the installation troubleshooting documentation for details. For more information, see _Troubleshooting installations_. For steps to contact Red Hat Support for assistance, see _Getting support for Red Hat OpenShift Service on AWS_.
+====
+
+. Track the progress of the cluster creation by watching the {product-title} installation program logs. To check the logs, run the following command:
++
+[source,terminal]
+----
+$ rosa logs install --cluster=<cluster_name> --watch <1>
+----
+<1> Optional: To watch for new log messages as the installation progresses, use the `--watch` argument.

modules/rosa-hcp-vpc-manual.adoc

@@ -0,0 +1,31 @@
+// Module included in the following assemblies:
+//
+// * rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-quickly.adoc
+// * rosa_getting_started/quickstart.adoc
+
+:_content-type: PREFERENCE
+[id="rosa-hcp-vpc-manual_{context}"]
+= Creating a Virtual Private Cloud manually
+
+To manually create your Virtual Private Cloud (VPC), go to link:https://us-east-1.console.aws.amazon.com/vpc/[the VPC page in the AWS console]. Your VPC must have the following details.
+
+.Requirements for your VPC
+[options="header",cols="50,50"]
+|===
+| Requirement | Details
+
+| VPC name
+| You need to have the specific VPC name and ID when creating your cluster.
+
+| CIDR range
+| Your VPC CIDR range should match your machine CIDR.
+
+| Availability Zone
+| You need 1 Availability Zone for a single zone, and you need 3 for Availability Zones for multi-zone.
+
+| Public subnet 
+| You must have one public subnet with a NAT gateway.
+
+| DNS hostname and resolution
+| You must ensure that the DNS hostname and resolution are enabled.
+|===

modules/rosa-hcp-vpc-terraform.adoc

@@ -0,0 +1,81 @@
+// Module included in the following assemblies:
+//
+// * rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-quickly.adoc
+// * rosa_getting_started/quickstart.adoc
+
+:_content-type: PROCEDURE
+[id="rosa-hcp-vpc-terraform_{context}"]
+= Creating an AWS Virtual Private Cloud using Terraform
+
+Terraform is a tool that allows you to create various resources using an established template. The following process uses the default options as required to create a {hcp} for ROSA cluster. For more information about using Terraform, see the additional resources.
+
+.Prerequisites
+
+* You have installed Terraform on your machine.
+
+.Procedure
+
+. Open a shell prompt and create a directory for your Terraform files by running the following command:
++
+[source,terminal]
+----
+$ mkdir hypershift-tf
+----
+
+. Navigate to the created directory by running the following command:
++
+[source,terminal]
+----
+$ cd hypershift-tf
+----
+
+. Download the VPC setup Terraform file by running the following command:
++
+[source,terminal]
+----
+$ curl -s -o setup-vpc.tf https://raw.githubusercontent.com/openshift-cs/OpenShift-Troubleshooting-Templates/master/rosa-hcp-terraform/setup-vpc.tf
+----
+
+. After the template has downloaded, initiate the Terraform file by running the following command: 
++
+[source,terminal]
+----
+$ terraform init
+----
++
+A message confirming the initialization appears when this process completes.
+
+. To build your VPC Terraform plan based off of the downloaded template, run the `plan` command. You can specify a cluster name and your AWS region.
++
+[source,terminal]
+----
+$ terraform plan -out rosa.plan [-var aws_region=<region>] [-var cluster_name=<cluster_name>]
+----
+
+. You should have a `rosa.plan` file in the directory that you created in the first step. Apply this plan file to build your VPC by running the following command:
++
+[source,terminal]
+----
+$ terraform apply rosa.plan
+----
+
+. Optional: You can capture the values of the Terraform-provisioned private, public, and machinepool subnet IDs as environment variables to use when creating your {hcp} for ROSA cluster by running the following commands:
++
+** For the private subnet ID:
++
+[source,terminal]
+----
+$ PRIVATE_SUBNET=`terraform output -raw cluster-private-subnet`
+----
+** For the public subnet ID:
++
+[source,terminal]
+----
+$ PUBLIC_SUBNET=`terraform output -raw cluster-public-subnet`
+----
+** For the machinepool subnet ID:
++
+[source,terminal]
+----
+$ MACHINEPOOL_SUBNET=`terraform output -raw node-private-subnet`
+----