Introduction to Red Hat OpenShift Service on AWS (ROSA)

Bookmark this page
P12
PreviousNext

Guided Exercise: Access a ROSA Cluster as an Administrator

Access a newly created managed cluster by using initial cluster administrator credentials.

Perform a smoke test by deploying and accessing an application.

Outcomes

  • Create a Red Hat OpenShift on AWS (ROSA) cluster administrator account.

  • Access the OpenShift web console.

  • Install the OpenShift CLI on your workstation.

  • Deploy an application on OpenShift and expose it on the internet.

To perform this exercise, ensure that you completed the section called “Guided Exercise: Create a ROSA Cluster.

Procedure 1.3. Instructions

  1. Verify that your ROSA CLI configuration is correct and that the ROSA cluster is ready.

    1. Open a command-line terminal on your system, and then run the rosa whoami command to confirm that the AWS and Red Hat OpenShift Cluster Manager (OCM) configuration is correct. Verify that the command lists your AWS account, the correct AWS Region, and your Red Hat customer portal account.

      $ rosa whoami
AWS ARN:                      arn:aws:iam::...:user/user1@example.com-fqppg-admin
AWS Account ID:               452954386616
AWS Default Region:           us-east-1
OCM API:                      https://api.openshift.com
OCM Account Email:            wlombardo@example.com
OCM Account ID:               1VhrXTjpDWnt4rfZvdgLj2fEcso
OCM Account Name:             Wilhelm Lombardo
OCM Account Username:         wlombardo
OCM Organization External ID: 15701801
OCM Organization ID:          1HMOv5QDUifj2g6Si1hyskyv2IP
OCM Organization Name:        Wilhelm Lombardo

      The credentials in the preceding output are different on your system. Your own credentials are displayed.

    2. Run the rosa describe cluster command to confirm that your ROSA cluster named do120-cluster is ready.

      $ rosa describe cluster --cluster do120-cluster
...output omitted...
State:                      ready
...output omitted...

  2. Create an administrator account so that you can access your cluster. The following command creates the cluster-admin account:

    $ rosa create admin --cluster do120-cluster
I: Admin account has been added to cluster 'do120-cluster'.
I: Please securely store this generated password. If you lose this password you can delete and recreate the cluster admin user.
I: To login, run the following command:

   oc login https://api.do120-cluster.jf96.p1.openshiftapps.com:6443
   --username cluster-admin --password 2XmXt-2Up7U-oqNTP-2Vw5y

I: It may take several minutes for this access to become active.

    In the preceding output, the URL and the password in the oc login command are different on your system. Note the password.

  3. Log in to the OpenShift web console by using the cluster-admin username and the password that the preceding command generated.

    1. Run the rosa describe cluster command again to retrieve the URL of the OpenShift web console.

      $ rosa describe cluster --cluster do120-cluster
...output omitted...
Console URL:     https://console-openshift-console.apps.do120-cluster.jf96.p1.openshiftapps.com
...output omitted...

      The URL in the preceding output is different on your system.

    2. Open a web browser, navigate to the OpenShift web console URL, click htpasswd, and then log in as the cluster-admin user with the password that the rosa create admin command returned.

      Note

      If a message indicates that the connection is not private or that the certificate is not valid, or if the htpasswd button is not displayed, then wait five minutes and load the OpenShift web console URL again. Do not use the reload function of your web browser to refresh the page. Instead, paste the OpenShift web console URL again until the htpasswd button is displayed.

    3. The Overview page is displayed, which confirms that you are connected to the OpenShift web console. Do not log out from the console, and do not close the web browser window. You use the console in a different step in this exercise.

  4. Install the OpenShift CLI (oc) and the Kubernetes CLI (kubectl), so that you can log in and then manage your OpenShift cluster from the command line.

    1. Use the rosa command to download the archive for your operating system.

      $ rosa download oc
I: Verifying whether OpenShift command-line tool is available...
W: OpenShift command-line tool is not installed.
Run 'rosa download oc' to download the latest version, then add it to your PATH.
I: Downloading https://mirror.openshift.com/pub/openshift-v4/clients/ocp/latest/openshift-client-linux.tar.gz
Downloading... 55 MB complete
I: Successfully downloaded openshift-client-linux.tar.gz

      Depending on your operating system, the archive name might be different.

    2. Extract the archive and then move the executable files to a standard system directory so that you can run the commands. For example, on Linux and macOS systems, you can move the oc and kubectl binary files into the /usr/local/bin/ directory:

      $ sudo mv oc kubectl /usr/local/bin/

  5. Use the oc command to log in to your ROSA cluster. To do so, you can copy and paste the oc login command that the rosa create admin command returned in a preceding step. That oc login command uses the --username and the --password options to specify the username and the password.

    You can also use the oc login command with a token to avoid exposing your username. In this exercise, you use the OpenShift web console to generate a token, and then use it to log in from the command line.

    1. Switch to the OpenShift web console in your web browser. Select cluster-adminCopy login command.

    2. If the login page is displayed, then click htpasswd and use the cluster-admin username with the password that the rosa create admin command returned in a preceding step.

    3. Click Display Token and then copy the oc login --token command to the clipboard.

    4. Paste the command into the command-line terminal and then run the command.

      $ oc login --token=sha256~1NofZkVCi3qCBcBJGc6XiOJTK5SDXF2ZYwhAARx5yJg
  --server=https://api.do120-cluster.jf96.p1.openshiftapps.com:6443
Logged into "https://api.do120-cluster.jf96.p1.openshiftapps.com:6443" as "cluster-admin" using the token provided.

You have access to 101 projects, the list has been suppressed. You can list all projects with 'oc projects'

Using project "default".
Welcome! See 'oc help' to get started.

      In the preceding command, the token and the URL are different on your system.

  6. Create an OpenShift project and then deploy a test application.

    1. Create the hello-do120 project.

      $ oc new-project hello-do120
Now using project "hello-do120" on server "https://api.do120-cluster.jf96.p1.openshiftapps.com:6443".
...output omitted...

    2. Use the hello-world-nginx.yaml resource file at https://raw.githubusercontent.com/RedHatTraining/DO12X-apps/main/ROSA/provision-access/hello-world-nginx.yaml to deploy a NGINX web server with sample content. This file is stored in the https://github.com/RedHatTraining/DO12X-apps public GitHub repository that the Red Hat Training team prepared for this course.

      $ oc apply -f https://raw.githubusercontent.com/RedHatTraining/DO12X-apps/main/ROSA/provision-access/hello-world-nginx.yaml
deployment.apps/hello-world-nginx created
service/hello-world-nginx created

    3. Expose the application to the internet.

      $ oc expose service/hello-world-nginx
route.route.openshift.io/hello-world-nginx exposed

    4. Retrieve the application URL. To do so, you could use the oc get route command. For demonstration purposes, use the kubectl command instead. The Kubernetes CLI uses the same configuration as the OpenShift CLI. The kubectl command uses the same credentials that you configured when you ran the oc login command.

      $ kubectl get route/hello-world-nginx
NAME                HOST/PORT  ...
hello-world-nginx   hello-world-nginx-hello-do120.apps.do120-cluster.jf96.p1.openshiftapps.com ...

      The hostname in the preceding output might be different on your system.

    5. Open a web browser and then access the URL from the preceding output in HTTP (without SSL): http://hello-world-nginx-hello-do120.apps.do120-cluster.jf96.p1.openshiftapps.com. A Hello, world message is displayed. This message confirms that you successfully deployed your application on OpenShift.

  7. Clean up your work by deleting the hello-do120 project.

    $ oc delete project hello-do120
project.project.openshift.io "hello-do120" deleted

  8. Log out from the OpenShift web console and from the OpenShift CLI, and then remove the cluster-admin user. In another exercise, you create an identity provider and assign the cluster management role to a user.

    1. Log out from the OpenShift web console. To do so, click cluster-admin in the upper right corner of the web console, and then click Log out.

    2. Log out from the OpenShift CLI.

      $ oc logout
Logged "cluster-admin" out on "https://api.do120-cluster.jf96.p1.openshiftapps.com:6443"

    3. Delete the cluster-admin user account.

      $ rosa delete admin --cluster do120-cluster
? Are you sure you want to delete cluster-admin user on cluster do120-cluster? Yes
I: Admin user 'cluster-admin' has been deleted from cluster 'do120-cluster'

      Do not delete your ROSA cluster, because later exercises use it.

PreviousNext
Revision: do120-4.12-b978842