Course Overview
Create and configure production-grade ROSA clusters as part of a larger AWS customer’s footprint and then integrate applications on ROSA with AWS services while keeping a good security posture.
Deploying Production AWS ROSA Clusters: Creation, Configuration, and Application Integration (CS229) teaches how to configure ROSA clusters as part of pre-existing AWS environments and how to integrate ROSA with AWS services commonly used by IT operations teams, such as Amazon CloudWatch. This course also teaches how to integrate applications deployed on ROSA with AWS services in a way that cluster administrators and platform engineers retain control of credentials and roles required by applications to access AWS services instead of exposing those credentials to application developers.
Who should attend
- Primary: ROSA Administrators, Platform Engineers, Cloud Administrators, System Administrators and other infrastructure-related IT roles who are responsible for providing and supporting infrastructure for applications deployed on AWS
- Secondary: Enterprise Architects, Site Reliability Engineers, DevOps Engineers, and other application-related IT roles who are responsible for designing infrastructure for applications deployed on AWS
Prerequisites
- Take our free assessment to gauge whether this offering is the best fit for your skills.
- DO120 - Introduction to Red Hat OpenShift on AWS (ROSA) or equivalent experience: “I know how to create and access a public ROSA cluster.”
- AWS administration at the level of either AWS Certified SysOps Administrator - Associate or AWS Certified Solutions Architect - Associate, or equivalent experience: “I know how to manage AWS infrastructure services.”
- Basic knowledge of OpenShift from DO080 Technical Overview: “I know basic concepts of OpenShift and containers.”
- It is recommended that learners also enroll in the Red Hat Certified OpenShift Administration certification courses in addition to taking CS220 and CS221.
Course Objectives
Impact on the Organization
Red Hat OpenShift Service on AWS (ROSA) is a turnkey application platform that provides a managed Red Hat OpenShift service that runs natively on Amazon Web Services (AWS) to enable organizations to increase operational efficiency, refocus on innovation, and quickly build, deploy, and scale applications. Red Hat OpenShift is the hybrid cloud platform that brings operational consistency to on-premise and different cloud environments. Organizations adopting ROSA are typically existing AWS customers with skills on using AWS services for a variety of business scenarios and need to integrate managed OpenShift clusters with their pre-existing AWS environments. These organizations are usually very security-conscious and require strong access controls and network security for all of their AWS services, including their ROSA clusters.
Impact on the Individual
After completing CS229, students can create private ROSA clusters which are integrated with AWS infrastructure services typically employed by IT operations teams and ready to start onboarding applications and developers. Students can also integrate applications deployed on a private ROSA cluster in a way that cluster administrators and platform engineers retain control of credentials and roles required by applications to access AWS services, instead of exposing those credentials to application developers.
Course Content
- Create ROSA STS PrivateLink clusters
- Connect PrivateLink ROSA clusters to existing VPCs and enable administrators and developers to access those clusters
- Configure dedicated machine pools and node/pod autoscaling
- Configure node, cluster, and audit log forwarding to Amazon CloudWatch
- Configure authentication and group sync with Amazon Cognito
- Integrate with external container registries such as ECR and Quay.io to deploy applications from private image repositories
- Configure storage classes to enable application access to different EBS volume types
- Configure storage classes and security contexts to enable application access to shared EFS storage volumes
- Configure pod identity using STS/IRSA to enable application access to AWS services such as database (Aurora), integration (SQS), and object storage (S3)
- Provision AWS services for applications using the AWS Controllers for Kubernetes (ACK)
- Federate and query application metrics (application workload monitoring) with Amazon Managed Prometheus Service
- Aggregate and query structured application logs with Amazon CloudWatch
- Configure custom domains and TLS certificates for secure public access to applications