Cloud Experts Documentation

Red Hat OpenShift Service on AWS

Red Hat OpenShift Service on AWS (ROSA) is a fully-managed turnkey application platform that allows you to focus on what matters most, delivering value to your customers by building and deploying applications. Red Hat and AWS site reliability engineering (SRE) experts manage the underlying platform so you don’t have to worry about the complexity of infrastructure management.

Deploying ROSA in STS mode

This guide has been validated on OpenShift 4.20. Operator CRD names, API versions, and console paths may differ on other versions. Tip The official documentation for installing a ROSA cluster in STS mode can be found here . Quick Introduction by Ryan Niksch (AWS) and Shaozen Ding…

ECR Secret Operator

This guide has been validated on OpenShift 4.20. Operator CRD names, API versions, and console paths may differ on other versions. Amazon Elastic Container Registry Private Registry Authenticationexternal link (opens in new tab) provides a temporary authorization token valid only…

Configure Node Pool Scale-to-Zero on ROSA HCP

ROSA HCP supports setting min_replicas=0 on node pools with autoscaling enabled. This allows the cluster autoscaler to scale worker nodes down to zero when no workloads require them, and scale back up automatically when pods are scheduled. This is useful for cost optimization on…

Using AWS Secrets Manager with External Secrets Operator on ROSA HCP

This guide has been validated on OpenShift 4.20. Operator CRD names, API versions, and console paths may differ on other versions. Bridging the Security Gap with External Secrets Operator In the modern cloud-native landscape, managing sensitive credentials across distributed…

Automating ECR Pull Secrets on ROSA Using the External Secrets Operator and STS

This guide has been validated on OpenShift 4.20. Operator CRD names, API versions, and console paths may differ on other versions. Amazon Elastic Container Registry (ECR) issues short-lived authorization tokens that expire after 12 hours. On Red Hat OpenShift Service on AWS…

OpenShift Network Calculator

Calculate network sizing for your OpenShift cluster

Ingress to ROSA Virt VMs with Certificate-Based Site-to-Site (S2S) IPsec VPN and Libreswan

Introduction This solution uses a Site-to-Site (S2S) VPNexternal link (opens in new tab) as a mechanism in OpenShift Virtualization on ROSA to establish an IP route between the virtual overlay network that VMs are attached to, and the VPC outside your clusterexternal link (opens…

Deploy ROSA + Nvidia GPU + RHOAI with Automation

Getting Red Hat OpenShift AI up and running with NVIDIA GPUs on a Red Hat OpenShift Service on AWS (ROSA) cluster can involve a series of detailed steps, from installing various operators to managing dependencies. While manageable, this process can be time-consuming when…

Using a Private IngressController with CloudFront on a ROSA Cluster

AWS CloudFront is a great choice for a Content Delivery Network in front of your ROSA cluster. In many situations, it may be useful to ensure that traffic to Routes within your cluster must come from your CloudFront Distribution rather than being able to bypass it (for example,…

Accessing the ROSA HCP API Server from a Different AWS Account

Introduction You can create a ROSA HCP cluster in one AWS account and configure it to allow access from a different AWS account using the oc command. This guide walks you through the actual AWS setup. Note: AWS environments vary, so consider this as one possible setup.…

Deploy ROSA with Red Hat Advanced Cluster Management for Kubernetes

This guide has been validated on OpenShift 4.20. Operator CRD names, API versions, and console paths may differ on other versions. In the dynamic world of cloud-native development, efficiently managing Kubernetes clusters across diverse environments is paramount. This blog post…

Building LLM Cost and Performance Dashboard with Red Hat OpenShift AI on ROSA and Amazon Bedrock

1. Introduction As the LLM’s usage increases in the enterprise, not many realize that every LLM API call has two hidden costs: time and money. So while data scientists might argue about data accuracy, infrastructure engineers on the other hand, would need to know if that…

Creating Agentic AI to deploy ARO cluster using Terraform with Red Hat OpenShift AI on ROSA and Amazon Bedrock

1. Introduction Agentic AI can be defined as systems that are capable of interpreting natural language instructions, in this case users’ prompts, making decisions based on those prompts, and then autonomously executing tasks on behalf of users. In this guide, we will create…

Integrating Service Mesh into a ROSA Cluster

This is a simple guide to integrate Red Hat OpenShift Service Mesh into your ROSA cluster. In this scenario, we will install Service Mesh using a custom domain (optional) and expose an app to test it. The first half of the guide will be integrating Service Mesh 2.x and second…

Adding a Private Ingress Controller and a Public ALB to a ROSA Cluster

Starting with OpenShift 4.14, Red Hat OpenShift Service on AWS (ROSA) supports adding additional Ingress Controllers which can be used to configure a custom domain on a ROSA cluster. This guide shows how to leverage this feature to create a complete routing solution with both a…

ROSA - Federating Metrics to AWS Prometheus

Federating Metrics from ROSA is a bit tricky as the cluster metrics require pulling from its /federated endpoint while the user workload metrics require using the prometheus remoteWrite configuration. This guide will walk you through using the MOBB Helm Chart to deploy the…

Using local-zones in ROSA Classic

This guide walks through setting up a local-zone in an existing ROSA Classic cluster. Use this approach when you have latency requirements that can be reduced when using a local zone. Since you are not using the default ingress, you will not be able to use the router strategy the…

Setting up Cross-Cluster PostgreSQL Replication with Skupper on ROSA and ARO

This guide demonstrates how to set up a highly available PostgreSQL database with cross-cluster replication between Red Hat OpenShift Service on AWS (ROSA) and Azure Red Hat OpenShift (ARO) using Skupper. This architecture enables disaster recovery capabilities and geographical…

Optimizing Costs with ROSA - Scheduled Cluster Scaling

One of the key benefits of Red Hat OpenShift Service on AWS (ROSA) is its ability to scale efficiently, ensuring you only pay for the resources you actually need. While ROSA includes autoscaling features that adjust cluster size based on demand, you can further optimize costs by…

Configuring Microsoft Entra ID as an external authentication provider

You can set up Red Hat OpenShift Service on AWS (ROSA) with hosted control planes (HCP) to use an external OpenID Connect (OIDC) identity provider for authentication instead of the built-in OpenShift OAuth server. While the built-in OAuth server supports various identity…

Securely exposing an application on a private ROSA cluser with an AWS Network Load Balancer

Overview Red Hat strongly recommends creating a private ROSA cluster with no inbound Internet connectivity, isolating both the cluster API and hosted applications from external access. This configuration is a key part of a multi-layered security strategy to protect clusters and…

Securely exposing an application on a private ROSA cluser with an AWS Network Load Balancer

Continuation of Securely exposing an application on a private ROSA cluser with an AWS Network Load Balancer These instructions go through setting up an additional VPC as part of the overall blog. If you already have a VPC that you would like to use, you can skip these…

Securely exposing an application on a private ROSA cluser with an AWS Network Load Balancer - Jump Host

Continuation of Securely exposing an application on a private ROSA cluser with an AWS Network Load Balancer These instructions go through setting up a jump host to connect to the private rosa cluster. Note: the guide assumes you have set envirionment variables as described in the…

Configuring Microsoft Entra ID to emit group names

In this guide, we will configure an existing Microsoft Entra ID (formerly Azure Active Directory) identity provider to emit the group name instead of the group ID for optional group claims. This will allow you to reference group names in your role bindings instead of the group…

Deploying and Running Ollama and Open WebUI in a ROSA Cluster with GPUs

Red Hat OpenShift Service on AWS (ROSA) provides a managed OpenShift environment that can leverage AWS GPU instances. This guide will walk you through deploying Ollama and OpenWebUI on ROSA using instances with GPU for inferences. Prerequisites A Red Hat OpenShift on AWS (ROSA…

Creating Images using Stable Diffusion on Red Hat OpenShift AI on ROSA cluster with GPU enabled

1. Introduction Stable Diffusionexternal link (opens in new tab) is an AI model to generate images from text description. It uses a diffusion process to iteratively denoise random Gaussian noise into coherent images. This is a simple tutorial to create images using Stable…

Maximo Application Suite on ROSA ( Red Hat OpenShift on AWS )

IBM Maximo Application Suite (MAS) is a set of applications for asset monitoring, management, predictive maintenance and reliability planning. When combined with Red Hat OpenShift on AWS ( ROSA ), this frees up your Maximo and operations team to focus on what is important to them…

Configure Network Policies and Egress Firewalls for a ROSA Cluster

It’s common to want to restrict network access between namespaces, as well as restricting where traffic can go outside of the cluster. OpenShift achieves this with the Network Policy and Egress Firewall resources. It’s common to use these methods to restrict network…

Migrating EC2 Instances to OpenShift Virtualization

Red Hat OpenShift Service on AWS (ROSA) provides a managed OpenShift environment that can run virtualized workloads using OpenShift Virtualization. This guide will walk you through migrating an existing EC2 instance to OpenShift Virtualization by exporting it to S3, syncing to…

Creating a ROSA cluster in AWS GovCloud

This guide outlines the procedure for creating a ROSA cluster in AWS GovCloud. There are some key differences between the ROSA offerings in AWS GovCloud and AWS Commercial. They’re outlined in detail in the AWS documentation hereexternal link (opens in new tab) , but a few…

Running and Deploying LLMs using Red Hat OpenShift AI on ROSA cluster and Storing the Model in Amazon S3 Bucket

1. Introduction Large Language Models (LLMs)external link (opens in new tab) are a specific type of generative AI focused on processing and generating human language. They can understand, generate, and manipulate human language in response to various tasks and prompts. This guide…

Running and Deploying LLMs using Red Hat OpenShift AI on ROSA cluster and Storing the Model in Amazon S3 Bucket

1. Introduction Large Language Models (LLMs)external link (opens in new tab) are a specific type of generative AI focused on processing and generating human language. They can understand, generate, and manipulate human language in response to various tasks and prompts. This guide…

Deploying a ROSA Classic cluster with Terraform

This guide will walk you through deploying a ROSA cluster using Terraform. This is a great way to get started with ROSA and to automate the deployment of your clusters. Pre-requisites You need the git binary installed on your machine. You can download it from the git…

Deploying a ROSA HCP cluster with Terraform

This guide will walk you through deploying a ROSA HCP cluster using Terraform. This is a great way to get started with ROSA and to automate the deployment of your clusters. Pre-requisites You need the git binary installed on your machine. You can download it from the git…

Deploying and Managing Virtual Machines on ROSA with OpenShift GitOps

One of the great things about OpenShift Virtualization is that it brings new capabilities to run virtual machines alongside your containers AND using DevOps processes to manage them. This tutorial will show how to configure OpenShift GitOps ( based on ArgoCD ) to deploy and…

Deploying Openshift Virtualization on ROSA with NetApp FSx storage.

OpenShift Virtualization is a feature of OpenShift that allows you to run virtual machines alongside your containers. This is useful for running legacy applications that can’t be containerized, or for running applications that require special hardware or software that…

Deploying OpenShift Virtualization on ROSA (CLI)

OpenShift Virtualization is a feature of OpenShift that allows you to run virtual machines alongside your containers. This is useful for running legacy applications that can’t be containerized, or for running applications that require special hardware or software that…

Deploying OpenShift Virtualization on ROSA (GUI)

OpenShift Virtualization is a feature of OpenShift that allows you to run virtual machines alongside your containers. This is useful for running legacy applications that can’t be containerized, or for running applications that require special hardware or software that…

Install Portworx on Red Hat OpenShift Service on AWS (ROSA) with hosted control planes (HCP)

Portworx storage is a built-for-Kubernetes service that offers flexible and scalable persistent storage for applications in production. In this tutorial we will look at installing Portworx Enterprise on ROSA-HCP. Prerequisites You must have a Red Hat OpenShift Service on AWS…

Migrating ROSA Ingress Controllers from a CLB to NLB

This guide will show you how to migrate the default Red Hat OpenShift Service on AWS (ROSA) IngressController from an AWS Classic Load Balancer to an AWS Network Load Balancer. In version 4.14 of ROSA, Red Hat introduced changes to IngressControllers to give customers more…

Configuring AWS CLB Access Logging

This guide will show you how to enable access logging on the default Classic Load Balancer ingress controller used in Red Hat OpenShift Service on AWS (ROSA) version 4.13 and earlier. Prerequisites A ROSA Cluster (Version 4.13 or earlier) A logged in oc CLI A logged in aws CLI S3…

Setting custom domains for apps created via OpenShift Dev Spaces

Red Hat OpenShift Dev Spaces (formally CodeReady Workspaces) is an Operator available for OpenShift that allows users to create dynamic IDEs for developing and publishing code. When using OpenShift Dev Spaces, users can test their code and have the service automatically create a…

Add an Ingress Controller to a ROSA Cluster and optionally with a custom domain.

Starting with OpenShift 4.14, ROSA supports adding additional Ingress Controllers which can use used to configure a custom domain on a ROSA cluster without having to use the now deprecated Custom Domain Operator. This guide shows how to add an additional Ingress Controller (…

Cross-account Access using Custom OIDC Provider

Access AWS Cross Account resources using OIDC When employing ROSA, a common enterprise pattern involves establishing a cluster in a centralized AWS account while enabling development teams to manage services in their respective AWS accounts. This necessitates granting the ROSA…

ROSA Break Glass Troubleshooting

Background WARNING: this procedure should only be initiated by a member of the Black Belt team or someone incredibly familiar with ROSA as a whole. THIS IS NOT COMMON!!! This guide shows how to access ROSA instances in the situation that a break glass scenario is required in the…

Patch token-refresher to use a cluster proxy

Currently, if you deploy a ROSA or OSD cluster with a proxy, the token-refresher pod in the openshift-monitoring namespace will be in crashloopbackoff. There is an RFE open to resolve this, but until then this can affect the ability of the cluster to report telemetry and…

Setup a VPN Connection into a PrivateLink ROSA Cluster with OpenVPN

When you configure a Red Hat OpenShift on AWS (ROSA) cluster with a private link configuration, you will need connectivity to this private network in order to access your cluster. This guide will show you how to configute an AWS Client VPN connection so you won’t need to…

Connect to RDS database with STS from ROSA

The Amazon Web Services Relational Database Service (AWS RDS) can be consumed from Red Hat OpenShift Service on AWS (ROSA) and authenticate to DB with Security Token Service (STS). This is a guide to quickly connect to RDS Database (Postgres engine) from ROSA. Amazon Web Services…

Deploying ROSA PrivateLink Cluster with Ansible

Background This guide shows an example of how to deploy a classic Red Hat OpenShift Services on AWS (ROSA) cluster with PrivateLinkexternal link (opens in new tab) with STSexternal link (opens in new tab) enabled using Ansibleexternal link (opens in new tab) playbook from our…

What to consider when using Azure AD as IDP?

Author: Ricardo Macedo Martinsexternal link (opens in new tab) May 24, 2023 In this guide, we will discuss key considerations when using Azure Active Directory (AAD) as the Identity Provider (IDP) for your ARO or ROSA cluster. Below are some helpful references: Configure ARO to…

Deploy ACM Submariner for connect overlay networks ARO - ROSA clusters

Submariner is an open source tool that can be used with Red Hat Advanced Cluster Management for Kubernetes to provide direct networking between pods and compatible multicluster service discovery across two or more Kubernetes clusters in your environment, either on-premises or in…

Deploy ACM Submariner for connect overlay networks of ROSA clusters

Submariner is an open source tool that can be used with Red Hat Advanced Cluster Management for Kubernetes to provide direct networking between pods and compatible multicluster service discovery across two or more Kubernetes clusters in your environment, either on-premises or in…

Enabling cross account EFS mounting

The Amazon Web Services Elastic File System (AWS EFS) is a Network File System (NFS) that can be provisioned on Red Hat OpenShift Service on AWS clusters. With the release of OpenShift 4.10 the EFS CSI Driver is now GA and available. This is a guide to enable cross-account EFS…

Enabling the AWS EFS CSI Driver Operator on ROSA

The Amazon Web Services Elastic File System (AWS EFS) is a Network File System (NFS) that can be provisioned on Red Hat OpenShift Service on AWS clusters. With the release of OpenShift 4.10 the EFS CSI Driver is now GA and available. This is a guide to quickly enable the EFS…

Azure DevOps with Managed OpenShift

Author: Kevin Collins Last edited: 03/14/2023 Adopted from Hosting an Azure Pipelines Build Agent in OpenShift and Kevin Chung Azure Pipelines OpenShift exampleexternal link (opens in new tab) Azure DevOps is a very popular DevOps tool that has a host of features including the…

Assign Consistent Egress IP for External Traffic

It may be desirable to assign a consistent IP address for traffic that leaves the cluster when configuring items such as security groups or other sorts of security controls which require an IP-based configuration. By default, Kubernetes via the OVN-Kubernetes CNI will assign…

ROSA with Nvidia GPU Workloads

ROSA guide to running Nvidia GPU workloads. Prerequisites ROSA Cluster (4.14+) rosa cli #logged-in oc cli #logged-in-cluster-admin jq If you need to install a ROSA cluster, please read our ROSA Quickstart Guide , or better yet Use Terraform to create an HCP Cluster . Enter the oc…

ROSA with Nvidia GPU Workloads - Manual

This is a guide to install GPU on ROSA cluster manually, which is an alternative to our Helm chart guide . Prerequisites ROSA cluster (4.14+) You can install a Classic version using CLI or an HCP one using Terraform . Please be sure you are logged in to the cluster with a cluster…

External DNS for ROSA Custom Domain

Configuring the Custom Domain Operator requires a wildcard CNAME DNS record in your Route53 Hosted Zone. If you do not wish to use a wildcard record, you can use the External DNS Operator to create individual entries for routes. This document will guide you through deploying and…

VPC and Subnet IP Address Considerations with ROSA

VPC and Subnet IP Address Considerations with ROSA ROSA clusters can be built to be highly available using the fundamental capability that underlies most HA configurations on AWS: Availability Zones. By spreading the resources of a cluster across three separate (but regionally…

AWS Load Balancer Operator On ROSA

AWS Load Balancer Controllerexternal link (opens in new tab) is a controller to help manage Elastic Load Balancers for a Kubernetes cluster. It satisfies Kubernetes Ingress resourcesexternal link (opens in new tab) by provisioning Application Load Balancersexternal link (opens in…

Dynamic Certificates for ROSA Custom Domain

There may be situations when you prefer not to use wild-card certificates. This ROSA guide talks about certificate management with cert-manager and letsencrypt, to dynamically issue certificates to routes created on a custom domain that’s hosted on AWS Route53.…

Deploying Red Hat Advanced Cluster Security in ARO/ROSA

This document is based in the RHACS workshopexternal link (opens in new tab) and in the RHACS official documentation . Prerequisites An ARO cluster or a ROSA cluster . Set up the OpenShift CLI (oc) Download the OS specific OpenShift CLI from Red Hat Unzip the downloaded file on…

Configure a load balancer service to use a static public IP

This guide has been validated on OpenShift 4.20. Operator CRD names, API versions, and console paths may differ on other versions. This guide demonstrates how to create and assign a static public IP address to an OpenShift service in Azure Red Hat OpenShift (ARO). By default, the…

STS OIDC in ROSA : How it works!

If you prefer a more visual medium, you can watch this video on YouTubeexternal link (opens in new tab) . This short video talks about how the STSexternal link (opens in new tab) OIDC flow work in ROSA (Red Hat OpenShift Service on AWS).

Security Reference Architecture for ROSA

The Security Reference Architecture for ROSA is a set of guidelines for deploying Red Hat OpenShift on AWS (ROSA) clusters to support high-security production workloads that align with Red Hat and AWS best practices. This overall architectural guidance compliments detailed,…

Custom AlertManager in ROSA 4.9.x

This page is deprecated. In order to get the best experience for custom alerting in ROSA, please upgrade your cluster to to 4.12 and follow the newer documentation. ROSA 4.9.x introduces a new way to provide custom AlertManager configuration to receive alerts from User Workload…

Stop default router from serving custom domain routes

Note: This page is only valid for clusters using the Custom Domain Operator (CDO), which are ROSA clusters prior to version 4.14 OSD and ROSA supports custom domain operator to serve application custom domain, which provisions openshift ingress controller and cloud load…

Create IAM user and Policy

Notes: These are sample commands. Please fill in your own resource parameters E.g. ARN Create the policy Create a user and access key and attach the policy Notes: Save access key id and key for later usage

Create STS Assume Role

About AWS STS and Assume Roleexternal link (opens in new tab) Notes: These are sample commands. Please fill in your own resource parameters E.g. ARN Prequisites An STS Openshift Cluster Setup Environment Variables Create the policy

Adding a Public Ingress endpoint to a ROSA PrivateLink Cluster

This is an example guide for creating a public ingress endpoint for a ROSA Private-Link cluster. Be aware of the security implications of creating a public subnet in your ROSA VPC this way. Refer to the blog “How to add public Ingress to a PrivateLink ROSA cluster” ,…

Configuring a ROSA cluster to pull images from AWS Elastic Container Registry (ECR)

Prerequisites AWS CLIexternal link (opens in new tab) Openshift CLI 4.11+ Podman Desktopexternal link (opens in new tab) ROSA Clusterexternal link (opens in new tab) Note your ROSA cluster must be a classic STS cluster

Creating a ROSA cluster in STS mode with custom KMS key

Tip Official Documentation ROSA STS with custom KMS key This guide will walk you through installing ROSA (Red Hat OpenShift Service on AWS) with a customer-provided KMS key that will be used to encrypt both the root volumes of nodes as well as persistent volumes for mounted EBS…

Deploying 3scale API Management to ROSA and OSD

This document will take you through deploying 3scale in any OSD or ROSA cluster. Review the official documentation here for more information or how to further customize or use 3scale. Prerequisites An existing ROSA or OSD cluster Access to an AWS account with permissions to…

Advanced Cluster Management Observability on ROSA

This document will take you through deploying ACM Observability on a ROSA cluster. see here for the original documentation. Prerequisites An existing ROSA cluster An Advanced Cluster Management (ACM) deployment Set up environment Set environment variables

Using Group Sync Operator with Azure Active Directory and ROSA

This guide focuses on how to synchronize Identity Provider (IDP) groups and users after configuring authentication in OpenShift Cluster Manager (OCM). For an IDP configuration example, please reference the Configure Azure AD as an OIDC identity provider for ROSA/OSD guide. To set…

Configuring IDP for ROSA, OSD and ARO

Red Hat OpenShift on AWS (ROSA) and OpenShift Dedicated (OSD) provide a simple way for the cluster administrator to configure one or more identity providers for their cluster[s] via the OpenShift Cluster Manager (OCM) , while Azure Red Hat OpenShift relies on the internal cluster…

Federating Metrics to a centralized Prometheus Cluster

This document has been removed as it was written for older ROSA clusters which did not allow for custom Alert Manager configs as a way to provide a second Prometheus with a configurable Alert Manager. If you want to configure custom Alerts, you can upgrade your cluster and follow…

Custom Alerts in ROSA 4.11.x

Starting with OpenShift 4.11 it is possible to manage alerting rules for user-defined projects . Similarly, in ROSA clusters the OpenShift Administrator can enable a second AlertManager instance in the user workload monitoring namespace which can be used to create such alerts.…

Extending ROSA STS to include authentication with AWS Services

In this example we will deploy the Amazon Ingress Controller that uses ALBs, and configure it to use STS authentication. Deployment Configure STS Make sure your cluster has the pod identity webhook Download the IAM Policy for the AWS Load Balancer Hooks Create AWS Role with…

Integrating with AWS resources using Pod Identity

Prerequisites ROSA CLI AWS CLI ROSA Cluster with STS

Using the AWS Cloud Watch agent to publish metrics to CloudWatch in ROSA

This document shows how you can use the AWS CloudWatch Agent to scrape Prometheus endpoints and publish metrics to CloudWatch in a Red Hat OpenShift Service on AWS (ROSA) cluster. It pulls from the AWS documentation for installing the CloudWatch Agent to Kubernetes and publishes…

Installing the HashiCorp Vault Secret CSI Driver

The HashiCorp Vault Secret CSI Driver allows you to access secrets stored in HashiCorp Vault as Kubernetes Volumes. Prerequisites An OpenShift Cluster (ROSA, ARO, OSD, and OCP 4.x all work) oc helm v3 Installing the Kubernetes Secret Store CSI Create an OpenShift Project to…

Installing the Kubernetes Secret Store CSI on OpenShift

The Kubernetes Secret Store CSI is a storage driver that allows you to mount secrets from external secret management systems like HashiCorp Vault and AWS Secrets. It comes in two parts, the Secret Store CSI, and a Secret provider driver. This document covers just the CSI itself.…

Creating a ROSA cluster with PrivateLink enabled (custom VPC) and STS

This is a combination of the private-link and sts setup documents to show the full picture Prerequisites AWS CLIexternal link (opens in new tab) Rosa CLIexternal link (opens in new tab) v1.1.7 jqexternal link (opens in new tab) AWS Preparation If this is a brand new AWS account…

Demonstrate GitOps on Managed OpenShift with ArgoCD

Author: Steve Mirmanexternal link (opens in new tab) Video Walkthrough If you prefer a more visual medium, you can watch Steve Mirmanexternal link (opens in new tab) walk through this quickstart on YouTubeexternal link (opens in new tab) .

Examples of using a WAF in front of ROSA / OSD on AWS / OCP on AWS

Problem Statement Operator requires WAF (Web Application Firewall) in front of their workloads running on OpenShift (ROSA) Operator does not want WAF running on OpenShift to ensure that OCP resources do not experience Denial of Service through handling the WAF Quick Introduction…

Creating a ROSA cluster with PrivateLink enabled

Prerequisites AWS CLIexternal link (opens in new tab) Rosa CLIexternal link (opens in new tab) v1.0.8 jqexternal link (opens in new tab) Create VPC and Subnets The following instructions use the AWS CLI to create the necessary networking to deploy a PrivateLink ROSA cluster into…

Federating System and User metrics to S3 in Red Hat OpenShift for AWS

This guide walks through setting up federating Prometheus metrics to S3 storage. ToDo - Add Authorization in front of Thanos APIs Prerequisites A ROSA cluster deployed with STS aws CLI Set up environment Create environment variables Create namespace

Back to top

Interested in contributing to these docs?

Collaboration drives progress. Help improve our documentation The Red Hat Way.

GitHub Edit this page
Red Hat logo LinkedIn YouTube Facebook Twitter

Products

Tools

Try, buy & sell

Communicate

About Red Hat

We’re the world’s leading provider of enterprise open source solutions—including Linux, cloud, container, and Kubernetes. We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

Subscribe to our newsletter, Red Hat Shares

Sign up now © 2026 Red Hat