CS221

Integrate applications on ROSA with AWS services while keeping a good security posture.

Course Description

• Integrate applications deployed on ROSA with AWS services in a way that cluster administrators and platform engineers retain control of credentials and roles required by applications to access AWS services instead of exposing those credentials to application developers.

• Note: This course is offered as a two day in person class, a three day virtual class or is self-paced. Durations may vary based on the delivery. For full course details, scheduling, and pricing, select your location then “get started” on the right hand menu.

Course Content Summary

• Integrate with external container registries such as ECR and Quay.io to deploy applications from private image repositories

• Configure storage classes to enable application access to different EBS volume types

• Configure storage classes and security contexts to enable application access to shared EFS storage volumes

• Configure pod identity using STS/IRSA to enable application access to AWS services such as database (Aurora), integration (SQS), and object storage (S3)

• Provision AWS services for applications using the AWS Controllers for Kubernetes (ACK)

• Federate and query application metrics (application workload monitoring) with Amazon Managed Prometheus Service

• Aggregate and query structured application logs with Amazon CloudWatch

• Configure custom domains and TLS certificates for secure public access to applications

Target Audience

• Primary: ROSA Administrators, Platform Engineers, Cloud Administrators, System Administrators and other infrastructure-related IT roles who are responsible for providing and supporting infrastructure for applications deployed on AWS

• Secondary: Enterprise Architects, Site Reliability Engineers, DevOps Engineers, and other application-related IT roles who are responsible for designing infrastructure for applications deployed on AWS

Recommended training

• CS220 - Create and Configure Production Red Hat OpenShift on AWS (ROSA) Clusters or equivalent experience: “I know how to create and access a private ROSA cluster”

• AWS administration at the level of either AWS Certified SysOps Administrator - Associate or AWS Certified Solutions Architect - Associate, or equivalent experience: “I know how to manage AWS infrastructure services”

• Basic knowledge of OpenShift from DO080 Technical Overview: “I know basic concepts of OpenShift and containers”

• It is recommended that learners also enroll in the Red Hat Certified OpenShift Administration certification courses in addition to taking CS220 and CS221

Technology considerations

• Internet access is required to access AWS services by using the AWS console and the AWS CLI. It is also required to access the Red Hat Hybrid Cloud Console and associated Red Hat cloud services.

• Students must possess an active Red Hat customer portal account or a free Red Hat Developer program membership.

• This course assumes a PrivateLink STS ROSA cluster and a bastion host to access the cluster, as configured in Chapter 01 of CS220: Creating and Configuring Production Red Hat OpenShift on AWS (ROSA) Clusters. Students must either perform these activities from CS220 prior to starting CS221. Ch0 in the CS221 course book covers these activities and provides links to cloud formation templates.

Deploy Applications From External Registries

Deploy applications on Red Hat OpenShift Service on AWS (ROSA) from private container image repositories in external centralized container image registries.

Provide Amazon Storage Volumes for Applications

Configure Amazon Elastic Block Storage (EBS) or Amazon Elastic File System (EFS) volumes that meet the cost, performance, and sharing requirements of their applications.

Configure Application Access to AWS Services

Configure applications for access to shared AWS services by using Kubernetes service accounts, and provision dedicated AWS services by using Kubernetes custom resources.

OpenShift and AWS Application Observability

Configure ROSA clusters to forward application logs to Amazon CloudWatch and application metrics to Amazon Managed Service for Prometheus.

Custom Domains for ROSA Applications

Expose applications to internet users with secure URLs by using human-readable DNS domains.

Impact on the Organization

• Red Hat OpenShift Service on AWS (ROSA) is a turnkey application platform that provides a managed Red Hat OpenShift service that runs natively on Amazon Web Services (AWS) to enable organizations to increase operational efficiency, refocus on innovation, and quickly build, deploy, and scale applications. Red Hat OpenShift is the hybrid cloud platform that brings operational consistency to on-premise and different cloud environments.

• Organizations adopting ROSA are typically existing AWS customers with skills on using AWS services for a variety of business scenarios and need to integrate managed OpenShift clusters with their pre-existing AWS environments. These organizations are usually very security-conscious and require strong access controls and network security for all of their AWS services, including their ROSA clusters.

Impact on the Individual

• After completing CS221, students can integrate applications deployed on a private ROSA cluster in a way that cluster administrators and platform engineers retain control of credentials and roles required by applications to access AWS services, instead of exposing those credentials to application developers.

Recommended next course or exam

• For students who are new to Red Hat OpenShift, it is recommended that you learn the fundamental skills of managing Red Hat OpenShift clusters from the following courses:

  • Red Hat OpenShift I: Operating a Production Cluster (DO180)

  • Red Hat OpenShift Administration II: Configuring a Production Cluster (DO280)

  • Red Hat OpenShift Administration III: Scaling Deployments in the Enterprise (DO380)