| page_title | subcategory | description |
|---|---|---|
Red Hat Cloud Services Provider |
Please note that this Terraform provider and its modules are open source and will continue to iterate features, gradually maturing this code. If you encounter any issues, please report them in this repo.
The Red Hat OCM provider allows Terraform to manage Red Hat OpenShift Service on AWS (ROSA) clusters, machine pools, and an identity provider.
For more information about ROSA, see the Red Hat documentation here.
- GoLang version 1.20 or newer
- Terraform version 1.4.6 or newer
- An offline OCM token
- AWS account
- Completed the ROSA getting started requirements
- ROSA CLI
- Optional: A configured
*.tfvarsfile.
See the Terraform Registry documentation for instructions on using this provider.
The following items are limitations with the current release of the OCM Terraform provider:
- The latest version is not backward compatible with version 1.0.1.
- When creating a cluster, the cluster uses AWS credentials configured on your local machine. These credentials provide access to the AWS API for validating your account.
- When creating a machine pool, you need to specify your replica count. You must define either the
replicas= "<count>"variable or provide values for the following variables to build the machine pool:min_replicas = "<count>"max_replicas="<count>"autoscaling_enabled=true
- The htpasswd identity provider does not support creating the identity provider with multiple users or adding additional users to the existing identity provider.
- The S3 bucket that is created as part of the OIDC configuration must be created in the same region as your OIDC provider.
- The Terraform provider does not support auto-generated
operator_role_prefix. You must provide youroperator_role_prefixwhen creating the account roles.
The example Terraform files are all considered in development:
- Create a ROSA cluster that usess STS and has a managed OIDC configuration
- Create a ROSA cluster that uses STS and has an unmanaged OIDC configuration
- Modifying default machine pools
- Identity provider. The following identity providers are supported:
- Upgrading or Updating your cluster
If you want to build a local RHCS provider to develop improvements for the Red Hat RHCS provider, you can run terraform plan against your local build with:
-
Run
make installin the repository root directory. After runningmake installyou will find the rhcs provider binary file in the directory:<HOME>/.terraform.d/plugins/terraform.local/local/rhcs/<VERSION>/<TARGET_ARCH>For example, the following location would contain the
terraform-rhcs-providerbinary file:~/.terraform.d/plugins/terraform.local/local/rhcs/0.0.1/linux_amd64 -
You now need to update your
main.tfto the location of the local provider by pointing the required_providers rhcs to the local terraform directory.terraform { required_providers { rhcs = { source = "terraform.local/local/rhcs" version = ">=0.0.1" } } } provider "rhcs" { token = var.token url = var.url }
If you want to locally test the provider binary without building from sources, you can pull the latest container image and copy the binary from the directory :
<HOME>/.terraform.d/plugins/terraform.local/local/rhcs/<VERSION>/<TARGET_ARCH>
to your local using the following example:
podman run --pull=always --rm registry.ci.openshift.org/ci/rhcs-tf-e2e:latest cat /root/.terraform.d/plugins/terraform.local/local/rhcs/1.0.1/linux_amd64/terraform-provider-rhcs > ~/terraform-provider-rhcs && chmod +x ~/terraform-provider-rhcs
can also use specific commit images by substituting `latest` for the desired commit SHA.