You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I: To view a list of clusters and their status, run 'rosa list clusters'
258
258
I: Cluster '<cluster_name>' has been created.
259
259
I: Once the cluster is installed you will need to add an Identity Provider before you can login into the cluster. See 'rosa create idp --help' for more information.
@@ -268,13 +268,14 @@ I: Once the cluster is installed you will need to add an Identity Provider befor
268
268
The Instance Metadata Service settings cannot be changed after your cluster is created.
269
269
====
270
270
<4> If you have more than one set of account roles for your cluster version in your AWS account, an interactive list of options is provided.
271
-
<5> By default, the cluster-specific Operator role names are prefixed with the cluster name and a random 4-digit hash. You can optionally specify a custom prefix to replace `<cluster_name>-<hash>` in the role names. The prefix is applied when you create the cluster-specific Operator IAM roles. For information about the prefix, see _Defining an Operator IAM role prefix_.
271
+
<5> Optional: Specify an unique identifier that is passed by {product-title} and the OpenShift installer when an account role is assumed. This option is only required for custom account roles that expect an external ID.
272
+
<6> By default, the cluster-specific Operator role names are prefixed with the cluster name and a random 4-digit hash. You can optionally specify a custom prefix to replace `<cluster_name>-<hash>` in the role names. The prefix is applied when you create the cluster-specific Operator IAM roles. For information about the prefix, see _Defining an Operator IAM role prefix_.
272
273
+
273
274
[NOTE]
274
275
====
275
276
If you specified custom ARN paths when you created the associated account-wide roles, the custom path is automatically detected. The custom path is applied to the cluster-specific Operator roles when you create them in a later step.
276
277
====
277
-
<6> Optional: Specify a tag that is used on all resources created by {product-title} in AWS. Tags can help you manage, identify, organize, search for, and filter resources within AWS. Tags are comma separated, for example: "key value, foo bar".
278
+
<7> Optional: Specify a tag that is used on all resources created by {product-title} in AWS. Tags can help you manage, identify, organize, search for, and filter resources within AWS. Tags are comma separated, for example: "key value, foo bar".
278
279
+
279
280
[IMPORTANT]
280
281
====
@@ -283,16 +284,16 @@ Tags that are added by Red Hat are required for clusters to stay in compliance w
283
284
284
285
{product-title} does not support adding additional tags outside of ROSA cluster-managed resources. These tags can be lost when AWS resources are managed by the ROSA cluster. In these cases, you might need custom solutions or tools to reconcile the tags and keep them intact.
285
286
====
286
-
<7> Optional: Multiple availability zones are recommended for production workloads. The default is a single availability zone.
287
-
<8> Optional: You can create a cluster in an existing VPC, or ROSA can create a new VPC to use.
287
+
<8> Optional: Multiple availability zones are recommended for production workloads. The default is a single availability zone.
288
+
<9> Optional: You can create a cluster in an existing VPC, or ROSA can create a new VPC to use.
288
289
+
289
290
[WARNING]
290
291
====
291
292
You cannot install a ROSA cluster into an existing VPC that was created by the OpenShift installer. These VPCs are created during the cluster deployment process and must only be associated with a single cluster to ensure that cluster provisioning and deletion operations work correctly.
292
293
293
294
To verify whether a VPC was created by the OpenShift installer, check for the `owned` value on the `kubernetes.io/cluster/<infra-id>` tag. For example, when viewing the tags for the VPC named `mycluster-12abc-34def`, the `kubernetes.io/cluster/mycluster-12abc-34def` tag has a value of `owned`. Therefore, the VPC was created by the installer and must not be modified by the administrator.
294
295
====
295
-
<9> Optional: Enable this option if you are using your own AWS KMS key to encrypt the control plane, infrastructure, worker node root volumes, and PVs. Specify the ARN for the KMS key that you added to the account-wide role ARN in the preceding step.
296
+
<10> Optional: Enable this option if you are using your own AWS KMS key to encrypt the control plane, infrastructure, worker node root volumes, and PVs. Specify the ARN for the KMS key that you added to the account-wide role ARN in the preceding step.
296
297
+
297
298
[IMPORTANT]
298
299
====
@@ -301,15 +302,15 @@ Only persistent volumes (PVs) created from the default storage class are encrypt
301
302
PVs created by using any other storage class are still encrypted, but the PVs are not encrypted with this key unless the storage class is specifically configured to use this key.
302
303
====
303
304
304
-
<10> Optional: You can select additional custom security groups to use in each of the cluster nodes, compute, infra and control plane. You must have already created the security groups and associated them with the VPC you selected for this cluster. You cannot add or edit security groups for the default machine pools after you create the machine pool. For more information, see the requirements for _Security groups_ under _Additional resources_.
305
-
<11> Optional: Enable this option only if your use case requires etcd key value encryption in addition to the control plane storage encryption that encrypts the etcd volumes by default. With this option, the etcd key values are encrypted but not the keys.
305
+
<11> Optional: You can select additional custom security groups to use in your cluster. You must have already created the security groups and associated them with the VPC you selected for this cluster. You cannot add or edit security groups for the default machine pools after you create the machine pool. For more information, see the requirements for _Security groups_ under _Additional resources_.
306
+
<12> Optional: Enable this option only if your use case requires etcd key value encryption in addition to the control plane storage encryption that encrypts the etcd volumes by default. With this option, the etcd key values are encrypted but not the keys.
306
307
+
307
308
[IMPORTANT]
308
309
====
309
310
By enabling etcd encryption for the key values in etcd, you will incur a performance overhead of approximately 20%. The overhead is a result of introducing this second layer of encryption, in addition to the default control plane storage encryption that encrypts the etcd volumes. Red Hat recommends that you enable etcd encryption only if you specifically require it for your use case.
310
311
====
311
312
+
312
-
<12> The output includes a custom command that you can run to create a cluster with the same configuration in the future.
313
+
<13> The output includes a custom command that you can run to create a cluster with the same configuration in the future.
313
314
--
314
315
+
315
316
As an alternative to using the `--interactive` mode, you can specify the customization options directly when you run the `rosa create cluster` command. Run the `rosa create cluster --help` command to view a list of available CLI options, or see _create cluster_ in _Managing objects with the ROSA CLI_.
0 commit comments