Deploying a ROSA HCP cluster with Terraform
This content is authored by Red Hat experts, but has not yet been tested on every supported configuration.
This guide will walk you through deploying a ROSA HCP cluster using Terraform. This is a great way to get started with ROSA and to automate the deployment of your clusters.
Pre-requisites
You need the
git
binary installed on your machine. You can download it from the git website .You need to have the
terraform
binary installed on your machine. You can download it from the Terraform website .You need to have the
jq
binary installed on your machine. You can download it from the jq website .You need to have the
oc
binary installed on your machine. You can download it from the OpenShift website .You need to have the
rosa
binary installed on your machine. You can download it from the ROSA website .You need to have an OpenShift Cluster Manager (OCM) account. You can sign up for an account on the OCM website .
Get an OCM API token. You can do this by logging into OCM and going to the API tokens page .
You need to log in to OCM and create a refresh token. You can do this by running the following command:
rosa login
Use the OCM API token you created in the previous step to log in.
HCP ROSA Cluster
Clone down the terraform repository
git clone --depth=1 https://github.com/rh-mobb/terraform-rosa.git cd terraform-rosa
Save some environment variables
Mac
export TF_VAR_token="$(jq -r .refresh_token ~/Library/Application\ Support/ocm/ocm.json)"
Linux
export TF_VAR_token="$(jq -r .refresh_token ~/.config/ocm/ocm.json)"
Note: You may want to customize some of these settings to match your needs. see the
variables.tf
file for options.export TF_VAR_cluster_name="$(whoami)-hcp" export TF_VAR_admin_password='Passw0rd12345!' export TF_VAR_developer_password='' export TF_VAR_private=false export TF_VAR_ocp_version=4.15.11 export TF_VAR_hosted_control_plane=true export TF_VAR_multi_az=true
Create a Plan and Apply it
terraform init && \ terraform plan -out tf.plan && \ terraform apply tf.plan
If everything goes to plan, after about 20 minutes you should have a cluster available to use.
Apply complete! Resources: 0 added, 0 changed, 0 destroyed. Outputs: cluster_api_url = "https://api.pczarkow-virt.nga3.p3.openshiftapps.com:443" oidc_config_id = "2b607a5ufsjc51g41ul07k5vj12v7ivb" oidc_endpoint_url = "2b607a5ufsjc51g41ul07k5vj12v7ivb" private_subnet_azs = tolist([ "us-east-1a", ]) private_subnet_ids = tolist([ "subnet-09adee841dd979fdb", ]) public_subnet_azs = tolist([ "us-east-1a", ]) public_subnet_ids = tolist([ "subnet-0dca7ed3cddf65d87", ]) vpc_id = "vpc-0df19c93b93721ada"
Log into OpenShift
oc login $(terraform output -raw cluster_api_url) \ --username admin --password $TF_VAR_admin_password