Merge pull request #68177 from jneczypor/OSDOCS-8375

OSDOCS-8375: Migrate "Getting Started with Rosa - Deploy the Cluster (Detailed UI)"

Author: EricPonvelle

_topic_maps/_topic_map_rosa.yml

@@ -137,6 +137,8 @@ Topics:
       File: cloud-experts-getting-started-hcp
     - Name: Simple UI guide
       File: cloud-experts-getting-started-simple-ui-guide
+    - Name: Detailed UI guide
+      File: cloud-experts-getting-started-detailed-ui
   - Name: Creating an admin user
     File: cloud-experts-getting-started-admin
   - Name: Setting up an identity provider
@@ -145,7 +147,6 @@ Topics:
     File: cloud-experts-getting-started-admin-rights 
   - Name: Accessing your cluster
     File: cloud-experts-getting-started-accessing
-
 ---
 Name: Getting started
 Dir: rosa_getting_started

cloud_experts_tutorials/cloud-experts-getting-started/cloud-experts-getting-started-deploying/cloud-experts-getting-started-detailed-ui.adoc

@@ -0,0 +1,318 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="cloud-experts-getting-started-detailed-ui"]
+= Tutorial: Detailed UI guide
+include::_attributes/attributes-openshift-dedicated.adoc[]
+:context: cloud-experts-getting-started-detailed-ui
+
+toc::[]
+
+//rosaworkshop.io content metadata
+//Brought into ROSA product docs 2023-11-20
+
+This tutorial outlines the detailed steps to deploy a {product-title} (ROSA) cluster using the Red Hat OpenShift Cluster Manager user interface (UI).
+
+== Deployment workflow
+The overall deployment workflow follows these steps:
+
+. Create the account wide roles and policies.
+. Associate your AWS account with your Red Hat account.
+.. Create and link the Red Hat OpenShift Cluster Manager role.
+.. Create and link the user role.
+. Create the cluster.
+
+Step 1 only needs to be performed the *first time* you are deploying into an AWS account. Step 2 only needs to be performed the *first time* you are using the UI. For successive clusters of the same y-stream version, you only need to create the cluster.
+
+== Creating account wide roles
+
+[NOTE]
+====
+If you already have account roles from an earlier deployment, skip this step. The UI will detect your existing roles after you select an associated AWS account.
+====
+
+If this is the _first time_ you are deploying ROSA in this account and you have _not_ yet created the account roles, create the account-wide roles and policies, including the Operator policies.
+
+* In your terminal, run the following command to create the account-wide roles:
++
+[source,terminal]
+----
+$ rosa create account-roles --mode auto --yes
+----
++
+.Example output
++
+[source,terminal]
+----
+I: Creating roles using 'arn:aws:iam::000000000000:user/rosa-user'
+I: Created role 'ManagedOpenShift-ControlPlane-Role' with ARN 'arn:aws:iam::000000000000:role/ManagedOpenShift-ControlPlane-Role'
+I: Created role 'ManagedOpenShift-Worker-Role' with ARN 'arn:aws:iam::000000000000:role/ManagedOpenShift-Worker-Role'
+I: Created role 'ManagedOpenShift-Support-Role' with ARN 'arn:aws:iam::000000000000:role/ManagedOpenShift-Support-Role'
+I: Created role 'ManagedOpenShift-Installer-Role' with ARN 'arn:aws:iam::000000000000:role/ManagedOpenShift-Installer-Role'
+I: Created policy with ARN 'arn:aws:iam::000000000000:policy/ManagedOpenShift-openshift-machine-api-aws-cloud-credentials'
+I: Created policy with ARN 'arn:aws:iam::000000000000:policy/ManagedOpenShift-openshift-cloud-credential-operator-cloud-crede'
+I: Created policy with ARN 'arn:aws:iam::000000000000:policy/ManagedOpenShift-openshift-image-registry-installer-cloud-creden'
+I: Created policy with ARN 'arn:aws:iam::000000000000:policy/ManagedOpenShift-openshift-ingress-operator-cloud-credentials'
+I: Created policy with ARN 'arn:aws:iam::000000000000:policy/ManagedOpenShift-openshift-cluster-csi-drivers-ebs-cloud-credent'
+I: To create a cluster with these roles, run the following command:
+rosa create cluster --sts
+----
+
+== Associating your AWS account with your Red Hat account
+This step tells the OpenShift Cluster Manager what AWS account you want to use when deploying ROSA.
+
+[NOTE]
+====
+If you have already associated your AWS accounts, skip this step.
+====
+
+. Open the OpenShift Cluster Manager by visiting the Red Hat link:https://console.redhat.com/openshift[console] and logging in to your Red Hat account.
+
+. Click *Create Cluster*.
+
+. Scroll down to the {product-title} (ROSA) row and click *Create Cluster*.
++
+image::cloud-experts-getting-started-rosa-deployment-detailed-ui-create.png[]
+
+. A dropdown menu appears. Click *With web interface*.
++
+image::cloud-experts-getting-started-rosa-deployment-detailed-ui-web-interface.png[]
+
+. Under "Select an AWS control plane type," choose *Classic*. Then click *Next*.
++
+image::cloud-experts-getting-started-rosa-deployment-detailed-ui-classic.png[]
+
+. Click the dropbox under *Associated AWS infrastructure account*. If you have not yet associated any AWS accounts, the dropbox may be empty.
+
+. Click *How to associate a new AWS account*.
++
+image::cloud-experts-getting-started-rosa-deployment-detailed-ui-associate.png[]
+
+. A sidebar appears with instructions for associating a new AWS account.
++
+image::cloud-experts-getting-started-rosa-deployment-detailed-ui-associate2.png[]
+
+== Creating and associating an OpenShift Cluster Manager role
+
+. Run the following command to see if an OpenShift Cluster Manager role exists:
++
+[source,terminal]
+----
+$ rosa list ocm-role
+----
+
+. The UI displays the commands to create an OpenShift Cluster Manager role with two different levels of permissions:
++
+* *Basic OpenShift Cluster Manager role:* Allows the OpenShift Cluster Manager to have read-only access to the account to check if the roles and policies that are required by ROSA are present before creating a cluster. You will need to manually create the required roles, policies, and OIDC provider using the CLI.
+* *Admin OpenShift Cluster Manager role:* Grants the OpenShift Cluster Manager additional permissions to create the required roles, policies, and OIDC provider for ROSA. Using this makes the deployment of a ROSA cluster quicker since the OpenShift Cluster Manager will be able to create the required resources for you.
++
+To read more about these roles, see the xref:../../../rosa_architecture/rosa-sts-about-iam-resources.adoc#rosa-sts-ocm-roles-and-permissions_rosa-sts-about-iam-resources[OpenShift Cluster Manager roles and permissions] section of the documentation.
++
+For the purposes of this tutorial, use the *Admin OpenShift Cluster Manager role* for the simplest and quickest approach.
+
+. Copy the command to create the Admin OpenShift Cluster Manager role from the sidebar or switch to your terminal and enter the following command:
++
+[source,terminal]
+----
+$ rosa create ocm-role --mode auto --admin --yes
+----
++
+This command creates the OpenShift Cluster Manager role and associates it with your Red Hat account.
++
+.Example output
++
+[source,terminal]
+----
+I: Creating ocm role
+I: Creating role using 'arn:aws:iam::000000000000:user/rosa-user'
+I: Created role 'ManagedOpenShift-OCM-Role-12561000' with ARN 'arn:aws:iam::000000000000:role/ManagedOpenShift-OCM-Role-12561000'
+I: Linking OCM role
+I: Successfully linked role-arn 'arn:aws:iam::000000000000:role/ManagedOpenShift-OCM-Role-12561000' with organization account '1MpZfntsZeUdjWHg7XRgP000000'
+----
+
+. Click *Step 2: User role*.
+
+=== Other OpenShift Cluster Manager role creation options
+* *Manual mode:* If you prefer to run the AWS CLI commands yourself, you can define the mode as `manual` rather than `auto`. The CLI will output the AWS commands and the relevant JSON files are created in the current directory.
++
+Use the following command to create the OpenShift Cluster Manager role in manual mode:
++
+[source,terminal]
+----
+$ rosa create ocm-role --mode manual --admin --yes
+----
+* *Basic OpenShift Cluster Manager role:* If you prefer that the OpenShift Cluster Manager has read only access to the account, create a basic OpenShift Cluster Manager role. You will then need to manually create the required roles, policies, and OIDC provider using the CLI.
++
+Use the following command to create a Basic OpenShift Cluster Manager role:
++
+[source,terminal]
+----
+$ rosa create ocm-role --mode auto --yes
+----
+
+== Creating an OpenShift Cluster Manager user role
+
+As defined in the xref:../../../rosa_architecture/rosa-sts-about-iam-resources.adoc#rosa-sts-understanding-user-role_rosa-sts-about-iam-resources[user role documentation], the user role needs to be created so that ROSA can verify your AWS identity. This role has no permissions, and it is only used to create a trust relationship between the installation program account and your OpenShift Cluster Manager role resources.
+
+. Check if a user role already exists by running the following command:
++
+[source,terminal]
+----
+$ rosa list user-role
+----
+
+. Run the following command to create the user role and to link it to your Red Hat account:
++
+[source,terminal]
+----
+$ rosa create user-role --mode auto --yes
+----
++
+.Example output
++
+[source,terminal]
+----
+I: Creating User role
+I: Creating ocm user role using 'arn:aws:iam::000000000000:user/rosa-user'
+I: Created role 'ManagedOpenShift-User-rosa-user-Role' with ARN 'arn:aws:iam::000000000000:role/ManagedOpenShift-User-rosa-user-Role'
+I: Linking User role
+I: Successfully linked role ARN 'arn:aws:iam::000000000000:role/ManagedOpenShift-User-rosa-user-Role' with account '1rbOQez0z5j1YolInhcXY000000'
+----
++
+[NOTE]
+====
+As before, you can define `--mode manual` if you'd prefer to run the AWS CLI commands yourself. The CLI outputs the AWS commands and the relevant JSON files are created in the current directory. Make sure to link the role.
+====
+
+. Click *Step 3: Account roles*.
+
+== Creating account roles
+. Create your account roles by running the following command:
++
+[source,terminal]
+----
+$ rosa create account-roles --mode auto
+----
+
+. Click *OK* to close the sidebar.
+
+== Confirming successful account association
+
+. You should now see your AWS account in the *Associated AWS infrastructure account* dropdown menu. If you see your account, account association was successful.
+
+. Select the account.
+
+. You will see the account role ARNs populated below.
++
+image::cloud-experts-getting-started-rosa-deployment-detailed-ui-account-roles.png[]
+
+. Click *Next*.
+
+== Creating the cluster
+
+. For the purposes of this tutorial make the following selections:
++
+.Cluster settings
++
+* Cluster name: **<pick a name\>**
+* Version: **<select latest version\>**
+* Region: **<select region\>**
+* Availability: **Single zone**
+* Enable user workload monitoring: **leave checked**
+* Enable additional etcd encryption: **leave unchecked**
+* Encrypt persistent volumes with customer keys: **leave unchecked**
+
+. Click *Next*.
+
+. Leave the default settings on for the machine pool:
++
+.Default machine pool settings
++
+* Compute node instance type: **m5.xlarge - 4 vCPU 16 GiB RAM**
+* Enable autoscaling: **unchecked**
+* Compute node count: **2**
+* Leave node labels blank
+
+. Click *Next*.
+
+=== Networking
+
+. Leave all the default values for configuration.
+
+. Click *Next*.
+
+. Leave all the default values for CIDR ranges.
+
+. Click *Next*.
+
+=== Cluster roles and policies
+For this tutorial, leave *Auto* selected. It will make the cluster deployment process simpler and quicker.
+
+[NOTE]
+====
+If you selected a *Basic OpenShift Cluster Manager role* earlier, you can only use manual mode. You must manually create the operator roles and OIDC provider. See the "Basic OpenShift Cluster Manager role" section below after you have completed the "Cluster updates" section and started cluster creation.
+====
+
+=== Cluster updates
+* Leave all the options at default in this section.
+
+=== Reviewing and creating your cluster
+. Review the content for the cluster configuration.
+. Click *Create cluster*.
+
+=== Monitoring the installation progress
+* Stay on the current page to monitor the installation progress. It should take about 40 minutes.
++
+image::cloud-experts-getting-started-rosa-deployment-detailed-ui-cluster-create.png[]
+
+== Basic OpenShift Cluster Manager Role
+
+[NOTE]
+If you created an *Admin OpenShift Cluster Manager role* as directed above *ignore* this entire section. The OpenShift Cluster Manager will create the resources for you.
+
+If you created a *Basic OpenShift Cluster Manager role* earlier, you will need to manually create two more elements before cluster installation can continue:
+
+* Operator roles
+* OIDC provider
+
+//To understand what these do, please see the ROSA with AWS STS Explained tutorial section. xref needed
+
+=== Creating Operator roles
+. A pop up window will show you the commands to run.
++
+image::cloud-experts-getting-started-rosa-deployment-detailed-ui-create-cmds.png[]
+
+. Run the commands from the window in your terminal to launch interactive mode. Or, for simplicity, run the following command to create the Operator roles:
++
+[source,terminal]
+----
+$ rosa create operator-roles --mode auto --cluster <cluster-name> --yes
+----
++
+.Example output
++
+[source,terminal]
+----
+I: Creating roles using 'arn:aws:iam::000000000000:user/rosauser'
+I: Created role 'rosacluster-b736-openshift-ingress-operator-cloud-credentials' with ARN 'arn:aws:iam::000000000000:role/rosacluster-b736-openshift-ingress-operator-cloud-credentials'
+I: Created role 'rosacluster-b736-openshift-cluster-csi-drivers-ebs-cloud-credent' with ARN 'arn:aws:iam::000000000000:role/rosacluster-b736-openshift-cluster-csi-drivers-ebs-cloud-credent'
+I: Created role 'rosacluster-b736-openshift-cloud-network-config-controller-cloud' with ARN 'arn:aws:iam::000000000000:role/rosacluster-b736-openshift-cloud-network-config-controller-cloud'
+I: Created role 'rosacluster-b736-openshift-machine-api-aws-cloud-credentials' with ARN 'arn:aws:iam::000000000000:role/rosacluster-b736-openshift-machine-api-aws-cloud-credentials'
+I: Created role 'rosacluster-b736-openshift-cloud-credential-operator-cloud-crede' with ARN 'arn:aws:iam::000000000000:role/rosacluster-b736-openshift-cloud-credential-operator-cloud-crede'
+I: Created role 'rosacluster-b736-openshift-image-registry-installer-cloud-creden' with ARN 'arn:aws:iam::000000000000:role/rosacluster-b736-openshift-image-registry-installer-cloud-creden'
+----
+
+=== Creating the OIDC provider
+
+* In your terminal, run the following command to create the OIDC provider:
++
+[source,terminal]
+----
+$ rosa create oidc-provider --mode auto --cluster <cluster-name> --yes
+----
++
+.Example output
++
+[source,terminal]
+----
+I: Creating OIDC provider using 'arn:aws:iam::000000000000:user/rosauser'
+I: Created OIDC provider with ARN 'arn:aws:iam::000000000000:oidc-provider/rh-oidc.s3.us-east-1.amazonaws.com/1tt4kvrr2kha2rgs8gjfvf0000000000'
+----

cloud_experts_tutorials/cloud-experts-getting-started/cloud-experts-getting-started-deploying/cloud-experts-getting-started-simple-cli-guide.adoc

@@ -13,7 +13,7 @@ This page outlines the minimum list of commands to deploy a {product-title} (ROS
 
 [NOTE]
 ====
-While this simple deployment works well for a workshop setting, clusters used in production should be deployed with a more detailed method.
+While this simple deployment works well for a tutorial setting, clusters used in production should be deployed with a more detailed method.
 ====
 
 == Prerequisites