검색

시작하기

download PDF
Red Hat OpenShift Service on AWS 4

초록


1장.

참고

Red Hat Openshift Service on AWS

1.1. 사전 요구 사항

1.2.

사전 요구 사항

  • 참고

절차

추가 리소스

절차

    1. 참고

    2. $ aws sts get-caller-identity

      출력 예

      <aws_account_id>    arn:aws:iam::<aws_account_id>:user/<username>  <aws_user_id>

    1. $ tar xvf rosa-linux.tar.gz
    2. $ sudo mv rosa /usr/local/bin/rosa
    3. $ rosa version

      출력 예

      1.2.8

    4. $ rosa login

      출력 예

      To login to your Red Hat account, get an offline access token at https://console.redhat.com/openshift/token/rosa
      ? Copy the token and paste it here:

      참고

    5. $ rosa whoami

      출력 예

      AWS Account ID:               <aws_account_number>
      AWS Default Region:           us-east-1
      AWS ARN:                      arn:aws:iam::<aws_account_number>:user/<aws_user_name>
      OCM API:                      https://api.openshift.com
      OCM Account ID:               <red_hat_account_id>
      OCM Account Name:             Your Name
      OCM Account Username:         you@domain.com
      OCM Account Email:            you@domain.com
      OCM Organization ID:          <org_id>
      OCM Organization Name:        Your organization
      OCM Organization External ID: <external_org_id>

1.3.

표 1.1.
구성 요소 

암호화

  • Machine CIDR: 10.0.0.0/16
  • Service CIDR: 172.30.0.0/16

  • 참고

절차

  1. 참고

    참고

    $ rosa create ocm-role

  2. $ rosa create user-role

    참고

절차

  1. $ rosa create account-roles

절차

  1. 참고

  2. 다음을 클릭합니다.

검증

  • 참고

1.4.

참고

절차

  1. $ rosa create admin --cluster=<cluster_name> 1
    1

    출력 예

    W: It is recommended to add an identity provider to login to this cluster. See 'rosa create idp --help' for more information.
    I: Admin account has been added to cluster '<cluster_name>'.
    I: Please securely store this generated password. If you lose this password you can delete and recreate the cluster admin user.
    I: To login, run the following command:
    
       oc login https://api.example-cluster.wxyz.p1.openshiftapps.com:6443 --username cluster-admin --password d7Rca-Ba4jy-YeXhs-WU42J
    
    I: It may take up to a minute for the account to become active.

    참고

추가 리소스

1.5.

중요

절차

    1. $ rosa create idp --cluster=<cluster_name> --interactive 1
      1

      출력 예

      I: Interactive mode enabled.
      Any optional fields can be left empty and a default will be selected.
      ? Type of identity provider: github
      ? Identity provider name: github-1
      ? Restrict to members of: organizations
      ? GitHub organizations: <github_org_name> 1
      ? To use GitHub as an identity provider, you must first register the application:
        - Open the following URL:
          https://github.com/organizations/<github_org_name>/settings/applications/new?oauth_application%5Bcallback_url%5D=https%3A%2F%2Foauth-openshift.apps.<cluster_name>/<random_string>.p1.openshiftapps.com%2Foauth2callback%2Fgithub-1&oauth_application%5Bname%5D=<cluster_name>&oauth_application%5Burl%5D=https%3A%2F%2Fconsole-openshift-console.apps.<cluster_name>/<random_string>.p1.openshiftapps.com
        - Click on 'Register application'
      ...

      1
    2. 참고

    3. ...
      ? Client ID: <github_client_id> 1
      ? Client Secret: [? for help] <github_client_secret> 2
      ? GitHub Enterprise Hostname (optional):
      ? Mapping method: claim 3
      I: Configuring IDP for cluster '<cluster_name>'
      I: Identity Provider 'github-1' has been created.
         It will take up to 1 minute for this configuration to be enabled.
         To add cluster administrators, see 'rosa grant user --help'.
         To login into the console, open https://console-openshift-console.apps.<cluster_name>.<random_string>.p1.openshiftapps.com and click on github-1.

      1
      2
      3
      참고

    4. $ rosa list idps --cluster=<cluster_name>

      출력 예

      NAME        TYPE      AUTH URL
      github-1    GitHub    https://oauth-openshift.apps.<cluster_name>.<random_string>.p1.openshiftapps.com/oauth2callback/github-1

추가 리소스

절차

절차

    1. $ rosa grant user cluster-admin --user=<idp_user_name> --cluster=<cluster_name> 1
      1

      출력 예

      I: Granted role 'cluster-admins' to user '<idp_user_name>' on cluster '<cluster_name>'

    2. $ rosa list users --cluster=<cluster_name>

      출력 예

      ID                 GROUPS
      <idp_user_name>    cluster-admins

    1. $ rosa grant user dedicated-admin --user=<idp_user_name> --cluster=<cluster_name>

      출력 예

      I: Granted role 'dedicated-admins' to user '<idp_user_name>' on cluster '<cluster_name>'

    2. $ rosa list users --cluster=<cluster_name>

      출력 예

      ID                 GROUPS
      <idp_user_name>    dedicated-admins

1.6.

절차

  1. $ rosa describe cluster -c <cluster_name> | grep Console 1
    1

    출력 예

    Console URL:                https://console-openshift-console.apps.example-cluster.wxyz.p1.openshiftapps.com

1.7.

사전 요구 사항

절차

  1. 참고

  2. 생성을 클릭하여 애플리케이션을 배포합니다.
  3. https://nodejs-<project>.<cluster_name>.<hash>.<region>.openshiftapps.com/

    Welcome to your Node.js application on OpenShift

1.8.

절차

    1. $ rosa revoke user cluster-admin --user=<idp_user_name> --cluster=<cluster_name> 1
      1

      출력 예

      ? Are you sure you want to revoke role cluster-admins from user <idp_user_name> in cluster <cluster_name>? Yes
      I: Revoked role 'cluster-admins' from user '<idp_user_name>' on cluster '<cluster_name>'

    2. $ rosa list users --cluster=<cluster_name>

      출력 예

      W: There are no users configured for cluster '<cluster_name>'

    1. $ rosa revoke user dedicated-admin --user=<idp_user_name> --cluster=<cluster_name>

      출력 예

      ? Are you sure you want to revoke role dedicated-admins from user <idp_user_name> in cluster <cluster_name>? Yes
      I: Revoked role 'dedicated-admins' from user '<idp_user_name>' on cluster '<cluster_name>'

    2. $ rosa list users --cluster=<cluster_name>

      출력 예

      W: There are no users configured for cluster '<cluster_name>'

절차

1.9.

중요

절차

  1. $ rosa delete cluster --cluster=<cluster_name> --watch
    중요

  2. $ rosa delete oidc-provider -c <cluster_id> --mode auto 1
    1
    참고

  3. $ rosa delete operator-roles -c <cluster_id> --mode auto 1
    1
  4. 중요

    $ rosa delete account-roles --prefix <prefix> --mode auto 1
    1

1.10. 다음 단계

1.11. 추가 리소스

2장.

참고

2.1. 사전 요구 사항

2.2.

2.2.1.

사전 요구 사항

  • 참고

절차

추가 리소스

2.2.2.

사전 요구 사항

  • 참고

절차

    1. 참고

    2. $ aws sts get-caller-identity

      출력 예

      <aws_account_id>    arn:aws:iam::<aws_account_id>:user/<username>  <aws_user_id>

    1. $ tar xvf rosa-linux.tar.gz
    2. $ sudo mv rosa /usr/local/bin/rosa
    3. $ rosa version

      출력 예

      1.2.8

    4. # rosa completion bash > /etc/bash_completion.d/rosa

      참고

    5. $ rosa login

      출력 예

      To login to your Red Hat account, get an offline access token at https://console.redhat.com/openshift/token/rosa
      ? Copy the token and paste it here:

      참고

    6. $ rosa whoami

      출력 예

      AWS Account ID:               <aws_account_number>
      AWS Default Region:           us-east-1
      AWS ARN:                      arn:aws:iam::<aws_account_number>:user/<aws_user_name>
      OCM API:                      https://api.openshift.com
      OCM Account ID:               <red_hat_account_id>
      OCM Account Name:             Your Name
      OCM Account Username:         you@domain.com
      OCM Account Email:            you@domain.com
      OCM Organization ID:          <org_id>
      OCM Organization Name:        Your organization
      OCM Organization External ID: <external_org_id>

    1. $ rosa download openshift-client
    2. $ tar xvf openshift-client-linux.tar.gz
    3. $ sudo mv oc /usr/local/bin/oc
    4. $ rosa verify openshift-client

      출력 예

      I: Verifying whether OpenShift command-line tool is available...
      I: Current OpenShift Client Version: 4.9.12

2.3.

추가 리소스

2.4.

참고

사전 요구 사항

절차

  1. $ rosa create admin --cluster=<cluster_name> 1
    1

    출력 예

    W: It is recommended to add an identity provider to login to this cluster. See 'rosa create idp --help' for more information.
    I: Admin account has been added to cluster '<cluster_name>'.
    I: Please securely store this generated password. If you lose this password you can delete and recreate the cluster admin user.
    I: To login, run the following command:
    
       oc login https://api.example-cluster.wxyz.p1.openshiftapps.com:6443 --username cluster-admin --password d7Rca-Ba4jy-YeXhs-WU42J
    
    I: It may take up to a minute for the account to become active.

    참고

    1. $ oc login <api_url> --username cluster-admin --password <cluster_admin_password> 1
      1
    2. $ oc whoami

      출력 예

      cluster-admin

추가 리소스

2.5.

2.5.1.

중요

사전 요구 사항

절차

    1. $ rosa create idp --cluster=<cluster_name> --interactive 1
      1

      출력 예

      I: Interactive mode enabled.
      Any optional fields can be left empty and a default will be selected.
      ? Type of identity provider: github
      ? Identity provider name: github-1
      ? Restrict to members of: organizations
      ? GitHub organizations: <github_org_name> 1
      ? To use GitHub as an identity provider, you must first register the application:
        - Open the following URL:
          https://github.com/organizations/<github_org_name>/settings/applications/new?oauth_application%5Bcallback_url%5D=https%3A%2F%2Foauth-openshift.apps.<cluster_name>/<random_string>.p1.openshiftapps.com%2Foauth2callback%2Fgithub-1&oauth_application%5Bname%5D=<cluster_name>&oauth_application%5Burl%5D=https%3A%2F%2Fconsole-openshift-console.apps.<cluster_name>/<random_string>.p1.openshiftapps.com
        - Click on 'Register application'
      ...

      1
    2. 참고

    3. ...
      ? Client ID: <github_client_id> 1
      ? Client Secret: [? for help] <github_client_secret> 2
      ? GitHub Enterprise Hostname (optional):
      ? Mapping method: claim 3
      I: Configuring IDP for cluster '<cluster_name>'
      I: Identity Provider 'github-1' has been created.
         It will take up to 1 minute for this configuration to be enabled.
         To add cluster administrators, see 'rosa grant user --help'.
         To login into the console, open https://console-openshift-console.apps.<cluster_name>.<random_string>.p1.openshiftapps.com and click on github-1.

      1
      2
      3
      참고

    4. $ rosa list idps --cluster=<cluster_name>

      출력 예

      NAME        TYPE      AUTH URL
      github-1    GitHub    https://oauth-openshift.apps.<cluster_name>.<random_string>.p1.openshiftapps.com/oauth2callback/github-1

추가 리소스

2.5.2.

사전 요구 사항

절차

2.5.3.

사전 요구 사항

절차

    1. $ rosa grant user cluster-admin --user=<idp_user_name> --cluster=<cluster_name> 1
      1

      출력 예

      I: Granted role 'cluster-admins' to user '<idp_user_name>' on cluster '<cluster_name>'

    2. $ rosa list users --cluster=<cluster_name>

      출력 예

      ID                 GROUPS
      <idp_user_name>    cluster-admins

    1. $ rosa grant user dedicated-admin --user=<idp_user_name> --cluster=<cluster_name>

      출력 예

      I: Granted role 'dedicated-admins' to user '<idp_user_name>' on cluster '<cluster_name>'

    2. $ rosa list users --cluster=<cluster_name>

      출력 예

      ID                 GROUPS
      <idp_user_name>    dedicated-admins

2.6.

사전 요구 사항

절차

  1. $ rosa describe cluster -c <cluster_name> | grep Console 1
    1

    출력 예

    Console URL:                https://console-openshift-console.apps.example-cluster.wxyz.p1.openshiftapps.com

2.7.

사전 요구 사항

절차

  1. 참고

  2. 생성을 클릭하여 애플리케이션을 배포합니다.
  3. https://nodejs-<project>.<cluster_name>.<hash>.<region>.openshiftapps.com/

    Welcome to your Node.js application on OpenShift

2.8.

2.8.1.

사전 요구 사항

절차

    1. $ rosa revoke user cluster-admin --user=<idp_user_name> --cluster=<cluster_name> 1
      1

      출력 예

      ? Are you sure you want to revoke role cluster-admins from user <idp_user_name> in cluster <cluster_name>? Yes
      I: Revoked role 'cluster-admins' from user '<idp_user_name>' on cluster '<cluster_name>'

    2. $ rosa list users --cluster=<cluster_name>

      출력 예

      W: There are no users configured for cluster '<cluster_name>'

    1. $ rosa revoke user dedicated-admin --user=<idp_user_name> --cluster=<cluster_name>

      출력 예

      ? Are you sure you want to revoke role dedicated-admins from user <idp_user_name> in cluster <cluster_name>? Yes
      I: Revoked role 'dedicated-admins' from user '<idp_user_name>' on cluster '<cluster_name>'

    2. $ rosa list users --cluster=<cluster_name>

      출력 예

      W: There are no users configured for cluster '<cluster_name>'

2.8.2.

사전 요구 사항

절차

2.9.

중요

사전 요구 사항

절차

  1. $ rosa delete cluster --cluster=<cluster_name> --watch
    중요

  2. $ rosa delete oidc-provider -c <cluster_id> --mode auto 1
    1
    참고

  3. $ rosa delete operator-roles -c <cluster_id> --mode auto 1
    1
  4. 중요

    $ rosa delete account-roles --prefix <prefix> --mode auto 1
    1

2.10. 다음 단계

2.11. 추가 리소스

3장.

3.1.

3.2. 추가 리소스

Red Hat logoGithubRedditYoutubeTwitter

자세한 정보

평가판, 구매 및 판매

커뮤니티

Red Hat 문서 정보

Red Hat을 사용하는 고객은 신뢰할 수 있는 콘텐츠가 포함된 제품과 서비스를 통해 혁신하고 목표를 달성할 수 있습니다.

보다 포괄적 수용을 위한 오픈 소스 용어 교체

Red Hat은 코드, 문서, 웹 속성에서 문제가 있는 언어를 교체하기 위해 최선을 다하고 있습니다. 자세한 내용은 다음을 참조하세요.Red Hat 블로그.

Red Hat 소개

Red Hat은 기업이 핵심 데이터 센터에서 네트워크 에지에 이르기까지 플랫폼과 환경 전반에서 더 쉽게 작업할 수 있도록 강화된 솔루션을 제공합니다.

© 2024 Red Hat, Inc.