Merge pull request #49293 from pneedle-rh/osdocs-3946-simplify-rosa-ui-install-procedure

OSDOCS-3958 - Updating the ROSA UI installation procedures

Author: pneedle-rh

modules/rosa-sts-associating-your-aws-account.adoc

@@ -0,0 +1,53 @@
+// Module included in the following assemblies:
+//
+// * rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-quickly.adoc
+
+:_content-type: PROCEDURE
+[id="rosa-sts-associating-your-aws-account_{context}"]
+= Associating your AWS account with your Red Hat organization
+
+Before using {cluster-manager-first} to create {product-title} (ROSA) clusters that use the AWS Security Token Service (STS), create an {cluster-manager} IAM role and link it to your Red Hat organization. Then, create a user IAM role and link it to your Red Hat user account in the same Red Hat organization.
+
+.Prerequisites
+
+* You have completed the AWS prerequisites for ROSA with STS.
+* You have available AWS service quotas.
+* You have enabled the ROSA service in the AWS Console.
+* You have installed and configured the latest ROSA CLI (`rosa`) on your installation host.
++
+[NOTE]
+====
+To successfully install ROSA clusters, use the latest version of the ROSA CLI.
+====
+* You have logged in to your Red Hat account by using the `rosa` CLI.
+* You have organization administrator privileges in your Red Hat organization.
+
+.Procedure
+
+. Create an {cluster-manager} role and link it to your Red Hat organization:
++
+[source,terminal]
+----
+$ rosa create ocm-role --admin
+----
++
+Select the default values at the prompts to quickly create and link the role.
++
+[NOTE]
+====
+If you want to enable automatic deployment of the cluster-specific Operator roles and the OpenID Connect (OIDC) provider using {cluster-manager}, you must apply the administrative privileges to the role. For more information about the basic and administrative privileges for the {cluster-manager} role, see _Understanding AWS account association_.
+====
+
+. Create a user role and link it to your {cluster-manager} user account:
++
+[source,terminal]
+----
+$ rosa create user-role
+----
++
+Select the default values at the prompts to quickly create and link the role
++
+[NOTE]
+====
+The Red Hat user account must exist in the Red Hat organization that is linked to your {cluster-manager} role.
+====

modules/rosa-sts-creating-a-cluster-quickly-cli.adoc

@@ -4,8 +4,8 @@
 // * rosa_getting_started/rosa-getting-started.adoc
 
 :_content-type: PROCEDURE
-[id="rosa-sts-creating-cluster-using-defaults-cli_{context}"]
-= Creating a cluster with the default options using the CLI
+[id="rosa-sts-creating-a-cluster-quickly-cli_{context}"]
+= Creating a cluster quickly using the CLI
 
 When using the {product-title} (ROSA) CLI (`rosa`) to create a cluster that uses the AWS Security Token Service (STS), you can select the default options to create the cluster quickly.
 
@@ -18,7 +18,7 @@ When using the {product-title} (ROSA) CLI (`rosa`) to create a cluster that uses
 +
 [NOTE]
 ====
-To successfully install ROSA 4.10 clusters, use the latest version of the ROSA CLI.
+To successfully install ROSA clusters, use the latest version of the ROSA CLI.
 ====
 * You have logged in to your Red Hat account by using the `rosa` CLI.
 * You have verified that the AWS Elastic Load Balancing (ELB) service role exists in your AWS account.

modules/rosa-sts-creating-a-cluster-quickly-ocm.adoc

@@ -0,0 +1,56 @@
+// Module included in the following assemblies:
+//
+// * rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-quickly.adoc
+
+:_content-type: PROCEDURE
+[id="rosa-sts-creating-a-cluster-using-defaults-ocm_{context}"]
+= Creating a cluster with the default options using {cluster-manager}
+
+When using {cluster-manager-first} to create a {product-title} (ROSA) cluster that uses the AWS Security Token Service (STS), you can select the default options to create the cluster quickly. You can also use the admin {cluster-manager} IAM role to enable automatic deployment of the cluster-specific Operator roles and the OpenID Connect (OIDC) provider.
+
+.Prerequisites
+
+* You have completed the AWS prerequisites for ROSA with STS.
+* You have available AWS service quotas.
+* You have enabled the ROSA service in the AWS Console.
+* You have installed and configured the latest ROSA CLI (`rosa`) on your installation host.
++
+[NOTE]
+====
+To successfully install ROSA clusters, use the latest version of the ROSA CLI.
+====
+* You have verified that the AWS Elastic Load Balancing (ELB) service role exists in your AWS account.
+* You have associated your AWS account with your Red Hat organization. When you associated your account, you applied the administrative permissions to the {cluster-manager} role. For detailed steps, see _Associating your AWS account with your Red Hat organization_.
+* You have created the required account-wide STS roles and policies, including the Operator policies. For detailed steps, see _Creating the account-wide STS roles and policies_.
+
+.Procedure
+
+. Navigate to {cluster-manager-url} and select *Create cluster*.
+
+. On the *Create an OpenShift cluster* page, select *Create cluster* in the *{product-title} (ROSA)* row.
+
+. Review and complete the *Prerequisites* listed on the *Accounts and roles* page. Select the checkbox to acknowledge that you have read and completed all of the prerequisites.
+
+. Verify that your AWS account ID is listed in the *Associated AWS accounts* drop-down menu and that the installer, support, worker, and control plane account role Amazon Resource Names (ARNs) are listed on the *Accounts and roles* page. 
++
+[NOTE]
+====
+If your AWS account ID is not listed, check that you have successfully associated your AWS account with your Red Hat organization. If your account role ARNs are not listed, check that the required account-wide STS roles exist in your AWS account.
+====
+
+. Click *Next*.
+
+. On the *Cluster details* page, provide a *Cluster name*. Leave the default values in the remaining fields and click *Next*.
+
+. To deploy a cluster quickly, leave the default options in the *Cluster settings*, *Networking*, *Cluster roles and policies*, and *Cluster updates* pages and click *Next* on each page.
+
+. On the *Review your ROSA cluster* page, review the summary of your selections and click *Create cluster* to start the installation.
+
+.Verification
+
+* You can monitor the progress of the installation in the *Overview* page for your cluster. You can view the installation logs on the same page. Your cluster is ready when the *Status* in the *Details* section of the page is listed as *Ready*.
++
+[NOTE]
+====
+If the installation fails or the cluster *State* does not change to *Ready* after about 40 minutes, check the installation troubleshooting documentation for details. For more information, see _Troubleshooting installations_. For steps to contact Red Hat Support for assistance, see _Getting support for Red Hat OpenShift Service on AWS_.
+====

modules/rosa-sts-creating-a-cluster-quickly.adoc

@@ -31,7 +31,7 @@ link:https://docs.aws.amazon.com/vpc/latest/userguide/vpc-sharing.html[AWS Share
 +
 [NOTE]
 ====
-To successfully install ROSA 4.10 clusters, use latest version of the ROSA CLI.
+To successfully install ROSA clusters, use latest version of the ROSA CLI.
 ====
 * If you are using a customer-managed AWS Key Management Service (KMS) key for encryption, you have created a symmetric KMS key and you have the key ID and Amazon Resource Name (ARN). For more information about creating AWS KMS keys, see link:https://docs.aws.amazon.com/kms/latest/developerguide/create-keys.html[the AWS documentation].
 

modules/rosa-sts-creating-a-cluster-using-defaults-ocm.adoc

@@ -1,6 +1,6 @@
 // Module included in the following assemblies:
 //
-// * rosa_getting_started/rosa-getting-started.adoc
+// * rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-with-customizations.adoc
 
 :_content-type: PROCEDURE
 [id="rosa-sts-creating-cluster-customizations-ocm_{context}"]
@@ -27,9 +27,8 @@ link:https://docs.aws.amazon.com/vpc/latest/userguide/vpc-sharing.html[AWS Share
 +
 [NOTE]
 ====
-To successfully install ROSA 4.10 clusters, use the latest version of the ROSA CLI.
+To successfully install ROSA clusters, use the latest version of the ROSA CLI.
 ====
-* You have logged in to your Red Hat account by using the `rosa` CLI.
 * You have verified that the AWS Elastic Load Balancing (ELB) service role exists in your AWS account.
 
 .Procedure
@@ -40,8 +39,9 @@ To successfully install ROSA 4.10 clusters, use the latest version of the ROSA C
 
 . Review and complete the *Prerequisites* listed on the *Accounts and roles* page. Select the checkbox to acknowledge that you have read and completed all of the prerequisites.
 
-. Select an AWS account from the *Associated AWS account* drop-down menu. If no associated AWS accounts are found, click *Associate AWS account* and follow these steps:
-.. On the *Authenticate* page, click the copy button next to the `rosa login` command. The provided command includes your ROSA API login token.
+. If an AWS account is automatically detected, the account ID is listed in the *Associated AWS accounts* drop-down menu. If no AWS accounts are automatically detected, click *Select an account* -> *Associate AWS account* and follow these steps:
++
+.. On the *Authenticate* page, click the copy button next to the `rosa login` command. The command includes your {cluster-manager} API login token.
 +
 [NOTE]
 ====
@@ -61,7 +61,7 @@ $ rosa login --token=<api_login_token> <1>
 ----
 I: Logged in as '<username>' on 'https://api.openshift.com'
 ----
-.. On the *Authenticate page* in {cluster-manager}, click *Next*.
+.. On the *Authenticate* page in {cluster-manager}, click *Next*.
 .. On the *OCM role* page, click the copy button next to the *Basic OCM role* or the *Admin OCM role* commands.
 +
 The basic role enables {cluster-manager} to detect the AWS IAM roles and policies required by ROSA. The admin role also enables the detection of the roles and policies. In addition, the admin role enables automatic deployment of the cluster-specific Operator roles and the OpenID Connect (OIDC) provider by using {cluster-manager}.
@@ -101,7 +101,9 @@ $ rosa link ocm-role <arn> <1>
 ----
 <1> Replace `<arn>` with the ARN of the {cluster-manager} IAM role that is included in the output of the preceding command.
 .. Select *Next* on the {cluster-manager} *OCM role* page.
-.. On the *User role* page, click the copy button for the *User role* command and run the command in the CLI. Follow the prompts to create the user role:
+.. On the *User role* page, click the copy button for the *User role* command and run the command in the CLI. Red Hat uses the user role to verify your AWS identity when you install a cluster and the required resources with {cluster-manager}.
++
+Follow the prompts to create the user role:
 +
 [source,terminal]
 ----
@@ -134,11 +136,9 @@ I: Successfully linked role ARN 'arn:aws:iam::<aws_account_id>:role/ManagedOpenS
 $ rosa link user-role <arn> <1>
 ----
 <1> Replace `<arn>` with the ARN of the user role that is included in the output of the preceding command.
-.. On the {cluster-manager} *User role* page, select *Ok*.
-.. Under the *Accounts and roles* page, verify that your AWS account is listed as an *Associated AWS account*. 
-
-. If the required AWS IAM *Account roles* are not automatically detected and listed on the *Accounts and roles* page, create the roles and policies:
-.. Click the copy buffer next to the `rosa create account-roles` command. Run the command in the CLI to create the required AWS account-wide roles and policies, including the Operator policies::
+.. On the {cluster-manager} *User role* page, click *Ok*.
+.. Verify that the AWS account ID is listed in the *Associated AWS accounts* drop-down menu on the *Accounts and roles* page.
+.. If the required account roles do not exist, a notification is provided stating that *Some account roles ARNs were not detected*. You can create the AWS account-wide roles and policies, including the Operator policies, by clicking the copy buffer next to the `rosa create account-roles` command and running the command in the CLI:
 +
 [source,terminal]
 ----
@@ -183,9 +183,14 @@ rosa create cluster --sts
 <3> Selects the role creation mode. You can use `auto` mode to automatically create the account wide roles and policies. In `manual` mode, the `rosa` CLI generates the `aws` commands needed to create the roles and policies. In `manual` mode, the corresponding policy JSON files are also saved to the current directory. `manual` mode enables you to review the details before running the `aws` commands manually.
 <4> Creates the account-wide installer, control plane, worker and support roles and corresponding IAM policies. For more information, see _Account-wide IAM role and policy reference_.
 <5> Creates the cluster-specific Operator IAM roles that permit the ROSA cluster Operators to carry out core OpenShift functionality. For more information, see _Account-wide IAM role and policy reference_.
-.. On the *Accounts and roles* page, click *Refresh ARNs* and verify that the installer, support, worker, and control plane account roles are detected.
+.. On the *Accounts and roles* page, click *Refresh ARNs* and verify that the installer, support, worker, and control plane account role ARNs are listed.
 
-. Select *Next*.
+. Click *Next*.
++
+[NOTE]
+====
+If the *Accounts and roles* page was refreshed, you might need to select the checkbox again to acknowledge that you have read and completed all of the prerequisites.
+====
 
 . On the *Cluster details* page, provide a name for your cluster and specify the cluster details:
 .. Add a *Cluster name*.
@@ -244,7 +249,7 @@ Alternatively, you can set your autoscaling preferences for the default machine
 If you are using private API endpoints, you cannot access your cluster until you update the network settings in your cloud provider account.
 ====
 
-. Optional: If you opted to use public API endpoints, you can select *Install into an existing VPC* to install your cluster into an existing VPC.
+. Optional: If you opted to use public API endpoints, by default a new VPC is created for your cluster. If you want to install your cluster in an existing VPC instead, select *Install into an existing VPC*.
 +
 [NOTE]
 ====

modules/rosa-sts-creating-a-cluster-with-customizations-cli.adoc

@@ -0,0 +1,33 @@
+// Module included in the following assemblies:
+//
+// * rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-quickly.adoc
+
+:_content-type: PROCEDURE
+[id="rosa-sts-creating-account-wide-sts-roles-and-policies_{context}"]
+= Creating the account-wide STS roles and policies
+
+Before using {cluster-manager-first} to create {product-title} (ROSA) clusters that use the AWS Security Token Service (STS), create the required account-wide STS roles and policies, including the Operator policies.
+
+.Prerequisites
+
+* You have completed the AWS prerequisites for ROSA with STS.
+* You have available AWS service quotas.
+* You have enabled the ROSA service in the AWS Console.
+* You have installed and configured the latest ROSA CLI (`rosa`) on your installation host.
++
+[NOTE]
+====
+To successfully install ROSA clusters, use the latest version of the ROSA CLI.
+====
+* You have logged in to your Red Hat account by using the `rosa` CLI.
+
+.Procedure
+
+. If they do not exist in your AWS account, create the required account-wide STS roles and policies, including the Operator policies:
++
+[source,terminal]
+----
+$ rosa create account-roles
+----
++
+Select the default values at the prompts to quickly create the roles and policies.

modules/rosa-sts-creating-a-cluster-with-customizations-ocm.adoc

@@ -0,0 +1,71 @@
+// Module included in the following assemblies:
+//
+// * rosa_getting_started_sts/rosa_creating_a_cluster_with_sts/rosa-sts-interactive-mode-reference.adoc
+
+:_content-type: CONCEPT
+[id="rosa-sts-overview-of-the-default-cluster-specifications_{context}"]
+= Overview of the default cluster specifications
+
+You can quickly create a {product-title} (ROSA) cluster with the AWS Security Token Service (STS) by using the default installation options. The following summary describes the default cluster specifications.
+
+.Default ROSA with STS cluster specifications
+[cols=".^1,.^3a",options="header"]
+|===
+
+|Component
+|Default specifications
+
+|Accounts and roles
+|* Default IAM role prefix: `ManagedOpenShift`
+
+|Cluster settings
+|* Default cluster version: Latest
+* Default AWS region for installations using {cluster-manager}: us-east-1 (US East, North Virginia)
+* Default AWS region for installations using the `rosa` CLI: Defined by your `aws` CLI configuration
+* Availability: Single zone
+* Monitoring for user-defined projects: Enabled
+
+|Encryption
+|* Cloud storage is encrypted at rest
+* Additional etcd encryption is not enabled
+* The default AWS Key Management Service (KMS) key is used as the encryption key for persistent data
+
+|Control plane node configuration
+|* Control plane node instance type: m5.x2large (8 vCPU, 32 GiB RAM)
+* Control plane node count: 3
+
+|Infrastructure node configuration
+|* Infrastructure node instance type: r5.xlarge (4 vCPU, 32 GiB RAM)
+* Infrastructure node count: 2
+
+|Compute node machine pool
+|* Compute node instance type: m5.xlarge (4 vCPU 16, GiB RAM)
+* Compute node count: 2
+* Autoscaling: Not enabled
+* No additional node labels
+
+|Networking configuration
+|* Cluster privacy: Public
+* A new VPC is created for your cluster
+* No cluster-wide proxy is configured
+
+|Classless Inter-Domain Routing (CIDR) ranges
+|* Machine CIDR: 10.0.0.0/16
+* Service CIDR: 172.30.0.0/16
+* Pod CIDR: 10.128.0.0/16
+* Host prefix: /23
+
+|Cluster roles and policies
+|* Mode used to create the Operator roles and the OpenID Connect (OIDC) provider: `auto`
++
+[NOTE]
+====
+For installations using {cluster-manager}, the `auto` mode requires an admin-privileged {cluster-manager} role.
+====
+* Default Operator role prefix: `<cluster_name>-<4_digit_random_string>`
+
+|Cluster update strategy
+|* Individual updates
+* 1 hour grace period for node draining
+
+|===

modules/rosa-sts-creating-account-wide-sts-roles-and-policies.adoc

@@ -0,0 +1,35 @@
+// Module included in the following assemblies:
+//
+// * rosa_install_access_delete_clusters/rosa-sts-creating-a-cluster-quickly.adoc
+
+ifeval::["{context}" == "rosa-sts-creating-a-cluster-quickly"]
+:quick-install:
+endif::[]
+ifeval::["{context}" == "rosa-sts-creating-a-cluster-with-customization"]
+:custom-install:
+endif::[]
+
+:_content-type: PROCEDURE
+[id="rosa-sts-understanding-aws-account-association_{context}"]
+= Understanding AWS account association
+
+Before you can use {cluster-manager-first} to create {product-title} (ROSA) clusters that use the AWS Security Token Service (STS), you must associate your AWS account with your Red Hat organization. You can associate your account by creating and linking the following IAM roles.
+
+{cluster-manager} role:: Create an {cluster-manager} IAM role and link it to your Red Hat organization.
++
+You can apply basic or administrative permissions to the {cluster-manager} role. The basic permissions enable cluster maintenance using {cluster-manager}. The administrative permissions enable automatic deployment of the cluster-specific Operator roles and the OpenID Connect (OIDC) provider using {cluster-manager}.
+ifdef::quick-install[]
++
+You can use the administrative permissions with the {cluster-manager} role to deploy a cluster quickly.
+endif::quick-install[]
+
+User role:: Create a user IAM role and link it to your Red Hat user account. The Red Hat user account must exist in the Red Hat organization that is linked to your {cluster-manager} role.
++
+The user role is used by Red Hat to verify your AWS identity when you use {cluster-manager} to install a cluster and the required STS resources.
+
+ifeval::["{context}" == "rosa-sts-creating-a-cluster-quickly"]
+:!quick-install:
+endif::[]
+ifeval::["{context}" == "rosa-sts-creating-a-cluster-with-customization"]
+:!custom-install:
+endif::[]