INFO: Log in to your Red Hat account... INFO: Configure AWS Credentials... INFO: Logged in as 'konflux-ci-418295695583' on 'https://api.openshift.com' INFO: Create ROSA with HCP cluster... WARN: The version of Red Hat OpenShift Service on AWS that you are installing will no longer be supported after '2025-11-02'. Red Hat recommends selecting a newer version. For more information, see https://docs.openshift.com/rosa/rosa_policy/rosa-life-cycle.html time=2025-09-09T12:43:06Z level=info msg=Ignored check for policy key 'sts_hcp_ec2_registry_permission_policy' (zero egress feature toggle is not enabled) INFO: Creating cluster 'kx-f2100e6d9a' INFO: To view a list of clusters and their status, run 'rosa list clusters' INFO: Cluster 'kx-f2100e6d9a' has been created. INFO: Once the cluster is installed you will need to add an Identity Provider before you can login into the cluster. See 'rosa create idp --help' for more information. Name: kx-f2100e6d9a Domain Prefix: kx-f2100e6d9a Display Name: kx-f2100e6d9a ID: 2l6t5o62qja14gqc4ief2mg47puuj1rr External ID: 4168168f-7f66-49e3-b5ce-425c04800d1d Control Plane: ROSA Service Hosted OpenShift Version: 4.16.46 Channel Group: stable DNS: Not ready AWS Account: 418295695583 AWS Billing Account: 418295695583 API URL: Console URL: Region: us-east-1 Availability: - Control Plane: MultiAZ - Data Plane: MultiAZ Nodes: - Compute (desired): 3 - Compute (current): 0 Network: - Type: OVNKubernetes - Service CIDR: 172.30.0.0/16 - Machine CIDR: 10.0.0.0/16 - Pod CIDR: 10.128.0.0/14 - Host Prefix: /23 - Subnets: subnet-001fc23497e4a3aeb, subnet-00ffba09365a434bc, subnet-074cbf0329958194a, subnet-0689cd077699b690a, subnet-0f9f09e46f74cde64, subnet-033f48892ddbaa09d EC2 Metadata Http Tokens: optional Role (STS) ARN: arn:aws:iam::418295695583:role/ManagedOpenShift-HCP-ROSA-Installer-Role Support Role ARN: arn:aws:iam::418295695583:role/ManagedOpenShift-HCP-ROSA-Support-Role Instance IAM Roles: - Worker: arn:aws:iam::418295695583:role/ManagedOpenShift-HCP-ROSA-Worker-Role Operator IAM Roles: - arn:aws:iam::418295695583:role/rosa-hcp-kube-system-capa-controller-manager - arn:aws:iam::418295695583:role/rosa-hcp-kube-system-control-plane-operator - arn:aws:iam::418295695583:role/rosa-hcp-kube-system-kms-provider - arn:aws:iam::418295695583:role/rosa-hcp-openshift-image-registry-installer-cloud-credentials - arn:aws:iam::418295695583:role/rosa-hcp-openshift-ingress-operator-cloud-credentials - arn:aws:iam::418295695583:role/rosa-hcp-openshift-cluster-csi-drivers-ebs-cloud-credentials - arn:aws:iam::418295695583:role/rosa-hcp-openshift-cloud-network-config-controller-cloud-credent - arn:aws:iam::418295695583:role/rosa-hcp-kube-system-kube-controller-manager Managed Policies: Yes State: waiting (Waiting for user action) Private: No Delete Protection: Disabled Created: Sep 9 2025 12:43:16 UTC User Workload Monitoring: Enabled Details Page: https://console.redhat.com/openshift/details/s/32SlLA4SDGaUiQFzSAAFjRwEawv OIDC Endpoint URL: https://oidc.op1.openshiftapps.com/2du11g36ejmoo4624pofphlrgf4r9tf3 (Managed) Etcd Encryption: Disabled Audit Log Forwarding: Disabled External Authentication: Disabled Zero Egress: Disabled INFO: Preparing to create operator roles. INFO: Operator Roles already exists INFO: Preparing to create OIDC Provider. INFO: OIDC provider already exists INFO: To determine when your cluster is Ready, run 'rosa describe cluster -c kx-f2100e6d9a'. INFO: To watch your cluster installation logs, run 'rosa logs install -c kx-f2100e6d9a --watch'. INFO: Track the progress of the cluster creation... W: Region flag will be removed from this command in future versions INFO: Cluster 'kx-f2100e6d9a' is in waiting state waiting for installation to begin. Logs will show up within 5 minutes 0001-01-01 00:00:00 +0000 UTC hostedclusters kx-f2100e6d9a Version 2025-09-09 12:46:59 +0000 UTC hostedclusters kx-f2100e6d9a ValidAWSIdentityProvider StatusUnknown 2025-09-09 12:47:00 +0000 UTC certificates cluster-api-cert Issuing certificate as Secret does not exist 2025-09-09 12:47:00 +0000 UTC certificates cluster-api-cert Issuing certificate as Secret does not exist 2025-09-09 12:47:02 +0000 UTC hostedclusters kx-f2100e6d9a The hosted control plane is not found 2025-09-09 12:47:02 +0000 UTC hostedclusters kx-f2100e6d9a Condition not found in the CVO. 2025-09-09 12:47:02 +0000 UTC hostedclusters kx-f2100e6d9a ValidConfiguration condition is false: NamedCertificates get secret: Invalid value: "cluster-api-cert": Secret "cluster-api-cert" not found 2025-09-09 12:47:02 +0000 UTC hostedclusters kx-f2100e6d9a The hosted control plane is not found 2025-09-09 12:47:02 +0000 UTC hostedclusters kx-f2100e6d9a The hosted control plane is not found 2025-09-09 12:47:02 +0000 UTC hostedclusters kx-f2100e6d9a Condition not found in the CVO. 2025-09-09 12:47:02 +0000 UTC hostedclusters kx-f2100e6d9a Condition not found in the CVO. 2025-09-09 12:47:02 +0000 UTC hostedclusters kx-f2100e6d9a Condition not found in the CVO. 2025-09-09 12:47:02 +0000 UTC hostedclusters kx-f2100e6d9a Condition not found in the CVO. 2025-09-09 12:47:02 +0000 UTC hostedclusters kx-f2100e6d9a The hosted control plane is not found 2025-09-09 12:47:02 +0000 UTC hostedclusters kx-f2100e6d9a Ignition server deployment not found 2025-09-09 12:47:02 +0000 UTC hostedclusters kx-f2100e6d9a NamedCertificates get secret: Invalid value: "cluster-api-cert": Secret "cluster-api-cert" not found 2025-09-09 12:47:02 +0000 UTC hostedclusters kx-f2100e6d9a HostedCluster is supported by operator configuration 2025-09-09 12:47:02 +0000 UTC hostedclusters kx-f2100e6d9a Release image is valid 2025-09-09 12:47:02 +0000 UTC hostedclusters kx-f2100e6d9a The hosted control plane is not found 2025-09-09 12:47:02 +0000 UTC hostedclusters kx-f2100e6d9a Reconciliation active on resource 2025-09-09 12:47:02 +0000 UTC hostedclusters kx-f2100e6d9a The hosted control plane is not found 2025-09-09 12:47:02 +0000 UTC hostedclusters kx-f2100e6d9a The hosted control plane is not found 2025-09-09 12:47:03 +0000 UTC hostedclusters kx-f2100e6d9a configuration is invalid: NamedCertificates get secret: Invalid value: "cluster-api-cert": Secret "cluster-api-cert" not found 2025-09-09 12:47:03 +0000 UTC hostedclusters kx-f2100e6d9a ValidConfiguration condition is false: NamedCertificates get secret: Invalid value: "cluster-api-cert": Secret "cluster-api-cert" not found 0001-01-01 00:00:00 +0000 UTC hostedclusters kx-f2100e6d9a Version 2025-09-09 12:46:59 +0000 UTC hostedclusters kx-f2100e6d9a ValidAWSIdentityProvider StatusUnknown 2025-09-09 12:47:02 +0000 UTC hostedclusters kx-f2100e6d9a The hosted control plane is not found 2025-09-09 12:47:02 +0000 UTC hostedclusters kx-f2100e6d9a Condition not found in the CVO. 2025-09-09 12:47:02 +0000 UTC hostedclusters kx-f2100e6d9a The hosted control plane is not found 2025-09-09 12:47:02 +0000 UTC hostedclusters kx-f2100e6d9a The hosted control plane is not found 2025-09-09 12:47:02 +0000 UTC hostedclusters kx-f2100e6d9a ValidConfiguration condition is false: NamedCertificates get secret: Invalid value: "cluster-api-cert": Secret "cluster-api-cert" not found 2025-09-09 12:47:02 +0000 UTC hostedclusters kx-f2100e6d9a The hosted control plane is not found 2025-09-09 12:47:02 +0000 UTC hostedclusters kx-f2100e6d9a The hosted control plane is not found 2025-09-09 12:47:02 +0000 UTC hostedclusters kx-f2100e6d9a Condition not found in the CVO. 2025-09-09 12:47:02 +0000 UTC hostedclusters kx-f2100e6d9a Condition not found in the CVO. 2025-09-09 12:47:02 +0000 UTC hostedclusters kx-f2100e6d9a Ignition server deployment not found 2025-09-09 12:47:02 +0000 UTC hostedclusters kx-f2100e6d9a The hosted control plane is not found 2025-09-09 12:47:02 +0000 UTC hostedclusters kx-f2100e6d9a Condition not found in the CVO. 2025-09-09 12:47:02 +0000 UTC hostedclusters kx-f2100e6d9a Condition not found in the CVO. 2025-09-09 12:47:02 +0000 UTC hostedclusters kx-f2100e6d9a Reconciliation active on resource 2025-09-09 12:47:02 +0000 UTC hostedclusters kx-f2100e6d9a HostedCluster is supported by operator configuration 2025-09-09 12:47:02 +0000 UTC hostedclusters kx-f2100e6d9a Release image is valid 2025-09-09 12:47:02 +0000 UTC hostedclusters kx-f2100e6d9a The hosted control plane is not found 2025-09-09 12:47:03 +0000 UTC hostedclusters kx-f2100e6d9a configuration is invalid: NamedCertificates get secret: Invalid value: "cluster-api-cert": Secret "cluster-api-cert" not found 2025-09-09 12:47:03 +0000 UTC hostedclusters kx-f2100e6d9a HostedCluster is at expected version 2025-09-09 12:48:27 +0000 UTC certificates cluster-api-cert Certificate is up to date and has not expired 2025-09-09 12:48:31 +0000 UTC hostedclusters kx-f2100e6d9a Configuration passes validation 2025-09-09 12:48:33 +0000 UTC hostedclusters kx-f2100e6d9a Required platform credentials are found 2025-09-09 12:48:40 +0000 UTC hostedclusters kx-f2100e6d9a OIDC configuration is valid 2025-09-09 12:48:40 +0000 UTC hostedclusters kx-f2100e6d9a Reconciliation completed successfully 2025-09-09 12:48:42 +0000 UTC hostedclusters kx-f2100e6d9a AWS KMS is not configured 2025-09-09 12:48:42 +0000 UTC hostedclusters kx-f2100e6d9a capi-provider deployment has 2 unavailable replicas 2025-09-09 12:48:42 +0000 UTC hostedclusters kx-f2100e6d9a lookup api.kx-f2100e6d9a.tqau.p3.openshiftapps.com on 172.30.0.10:53: no such host 2025-09-09 12:48:42 +0000 UTC hostedclusters kx-f2100e6d9a Configuration passes validation 2025-09-09 12:48:42 +0000 UTC hostedclusters kx-f2100e6d9a Waiting for etcd to reach quorum 2025-09-09 12:48:42 +0000 UTC hostedclusters kx-f2100e6d9a Kube APIServer deployment not found 2025-09-09 12:49:08 +0000 UTC hostedclusters kx-f2100e6d9a All is well 2025-09-09 12:49:08 +0000 UTC hostedclusters kx-f2100e6d9a All is well 2025-09-09 12:49:11 +0000 UTC hostedclusters kx-f2100e6d9a WebIdentityErr 2025-09-09 12:49:41 +0000 UTC hostedclusters kx-f2100e6d9a EtcdAvailable QuorumAvailable 2025-09-09 12:50:07 +0000 UTC hostedclusters kx-f2100e6d9a Kube APIServer deployment is available 2025-09-09 12:50:33 +0000 UTC hostedclusters kx-f2100e6d9a Ignition server deployment is available 2025-09-09 12:50:41 +0000 UTC hostedclusters kx-f2100e6d9a All is well 2025-09-09 12:50:43 +0000 UTC hostedclusters kx-f2100e6d9a All is well 2025-09-09 12:51:16 +0000 UTC hostedclusters kx-f2100e6d9a Working towards 4.16.46: 530 of 624 done (84% complete) 2025-09-09 12:51:16 +0000 UTC hostedclusters kx-f2100e6d9a ClusterVersionSucceeding FromClusterVersion 2025-09-09 12:51:16 +0000 UTC hostedclusters kx-f2100e6d9a Condition not found in the CVO. 2025-09-09 12:51:16 +0000 UTC hostedclusters kx-f2100e6d9a Payload loaded version="4.16.46" image="quay.io/openshift-release-dev/ocp-release@sha256:780ccd5a4423950437914126ce959bab4cf9e422ca5167609b32e06d31280d8a" architecture="Multi" 2025-09-09 12:51:16 +0000 UTC hostedclusters kx-f2100e6d9a ClusterVersionAvailable FromClusterVersion 2025-09-09 12:52:06 +0000 UTC hostedclusters kx-f2100e6d9a The hosted control plane is available INFO: Cluster 'kx-f2100e6d9a' is now ready INFO: ROSA with HCP cluster is ready, create a cluster admin account for accessing the cluster INFO: Storing login command... INFO: Check if it's able to login to OCP cluster... Retried 1 times... INFO: Check if apiserver is ready... Waiting for cluster operators to be accessible for 2m... NAME VERSION AVAILABLE PROGRESSING DEGRADED SINCE MESSAGE console csi-snapshot-controller 4.16.46 True False False 3m4s dns 4.16.46 False False True 3m5s DNS "default" is unavailable. image-registry False True True 2m18s Available: The deployment does not have available replicas... ingress False True True 2m45s The "default" ingress controller reports Available=False: IngressControllerUnavailable: One or more status conditions indicate unavailable: DeploymentAvailable=False (DeploymentUnavailable: The deployment has Available status condition set to False (reason: MinimumReplicasUnavailable) with message: Deployment does not have minimum availability.) insights kube-apiserver 4.16.46 True False False 3m kube-controller-manager 4.16.46 True False False 3m kube-scheduler 4.16.46 True False False 3m kube-storage-version-migrator monitoring network 4.16.46 True True False 2m46s DaemonSet "/openshift-network-operator/iptables-alerter" is waiting for other operators to become ready... node-tuning False True False 2m34s DaemonSet "tuned" has no available Pod(s) openshift-apiserver 4.16.46 True False False 3m openshift-controller-manager 4.16.46 True False False 3m openshift-samples operator-lifecycle-manager 4.16.46 True False False 3m1s operator-lifecycle-manager-catalog 4.16.46 True False False 3m2s operator-lifecycle-manager-packageserver 4.16.46 True False False 3m service-ca storage 4.16.46 False False False 2m56s AWSEBSCSIDriverOperatorCRAvailable: AWSEBSDriverNodeServiceControllerAvailable: Waiting for the DaemonSet to deploy the CSI Node Service cluster operators to be accessible finished! [INFO] Cluster operators are accessible. Waiting for cluster to be reported as healthy for 60m... NAME VERSION AVAILABLE PROGRESSING DEGRADED SINCE MESSAGE console csi-snapshot-controller 4.16.46 True False False 3m4s dns 4.16.46 False False True 3m5s DNS "default" is unavailable. image-registry False True True 2m18s Available: The deployment does not have available replicas... ingress False True True 2m45s The "default" ingress controller reports Available=False: IngressControllerUnavailable: One or more status conditions indicate unavailable: DeploymentAvailable=False (DeploymentUnavailable: The deployment has Available status condition set to False (reason: MinimumReplicasUnavailable) with message: Deployment does not have minimum availability.) insights kube-apiserver 4.16.46 True False False 3m kube-controller-manager 4.16.46 True False False 3m kube-scheduler 4.16.46 True False False 3m kube-storage-version-migrator monitoring network 4.16.46 True True False 2m46s DaemonSet "/openshift-network-operator/iptables-alerter" is waiting for other operators to become ready... node-tuning False True False 2m34s DaemonSet "tuned" has no available Pod(s) openshift-apiserver 4.16.46 True False False 3m openshift-controller-manager 4.16.46 True False False 3m openshift-samples operator-lifecycle-manager 4.16.46 True False False 3m1s operator-lifecycle-manager-catalog 4.16.46 True False False 3m2s operator-lifecycle-manager-packageserver 4.16.46 True False False 3m service-ca storage 4.16.46 False False False 2m56s AWSEBSCSIDriverOperatorCRAvailable: AWSEBSDriverNodeServiceControllerAvailable: Waiting for the DaemonSet to deploy the CSI Node Service Waiting for cluster to be reported as healthy... Trying again in 60s NAME VERSION AVAILABLE PROGRESSING DEGRADED SINCE MESSAGE console csi-snapshot-controller 4.16.46 True False False 4m5s dns 4.16.46 False False True 4m6s DNS "default" is unavailable. image-registry False True True 3m19s Available: The deployment does not have available replicas... ingress False True True 3m46s The "default" ingress controller reports Available=False: IngressControllerUnavailable: One or more status conditions indicate unavailable: DeploymentAvailable=False (DeploymentUnavailable: The deployment has Available status condition set to False (reason: MinimumReplicasUnavailable) with message: Deployment does not have minimum availability.) insights kube-apiserver 4.16.46 True False False 4m1s kube-controller-manager 4.16.46 True False False 4m1s kube-scheduler 4.16.46 True False False 4m1s kube-storage-version-migrator monitoring network 4.16.46 True True False 3m47s DaemonSet "/openshift-network-operator/iptables-alerter" is waiting for other operators to become ready... node-tuning False True False 3m35s DaemonSet "tuned" has no available Pod(s) openshift-apiserver 4.16.46 True False False 4m1s openshift-controller-manager 4.16.46 True False False 4m1s openshift-samples operator-lifecycle-manager 4.16.46 True False False 4m2s operator-lifecycle-manager-catalog 4.16.46 True False False 4m3s operator-lifecycle-manager-packageserver 4.16.46 True False False 4m1s service-ca storage 4.16.46 False False False 3m57s AWSEBSCSIDriverOperatorCRAvailable: AWSEBSDriverNodeServiceControllerAvailable: Waiting for the DaemonSet to deploy the CSI Node Service Waiting for cluster to be reported as healthy... Trying again in 60s NAME VERSION AVAILABLE PROGRESSING DEGRADED SINCE MESSAGE console csi-snapshot-controller 4.16.46 True False False 5m5s dns 4.16.46 False True True 5m6s DNS "default" is unavailable. image-registry False True True 4m19s Available: The deployment does not have available replicas... ingress False True True 4m46s The "default" ingress controller reports Available=False: IngressControllerUnavailable: One or more status conditions indicate unavailable: DeploymentAvailable=False (DeploymentUnavailable: The deployment has Available status condition set to False (reason: MinimumReplicasUnavailable) with message: Deployment does not have minimum availability.) insights kube-apiserver 4.16.46 True False False 5m1s kube-controller-manager 4.16.46 True False False 5m1s kube-scheduler 4.16.46 True False False 5m1s kube-storage-version-migrator monitoring network 4.16.46 True True False 4m47s DaemonSet "/openshift-multus/network-metrics-daemon" is waiting for other operators to become ready... node-tuning False True False 4m35s DaemonSet "tuned" has no available Pod(s) openshift-apiserver 4.16.46 True False False 5m1s openshift-controller-manager 4.16.46 True False False 5m1s openshift-samples operator-lifecycle-manager 4.16.46 True False False 5m2s operator-lifecycle-manager-catalog 4.16.46 True False False 5m3s operator-lifecycle-manager-packageserver 4.16.46 True False False 5m1s service-ca storage 4.16.46 False True False 4m57s AWSEBSCSIDriverOperatorCRAvailable: AWSEBSDriverNodeServiceControllerAvailable: Waiting for the DaemonSet to deploy the CSI Node Service Waiting for cluster to be reported as healthy... Trying again in 60s NAME VERSION AVAILABLE PROGRESSING DEGRADED SINCE MESSAGE console csi-snapshot-controller 4.16.46 True False False 6m5s dns 4.16.46 False True True 6m6s DNS "default" is unavailable. image-registry False True True 5m19s Available: The deployment does not have available replicas... ingress False True True 5m46s The "default" ingress controller reports Available=False: IngressControllerUnavailable: One or more status conditions indicate unavailable: DeploymentAvailable=False (DeploymentUnavailable: The deployment has Available status condition set to False (reason: MinimumReplicasUnavailable) with message: Deployment does not have minimum availability.) insights 4.16.46 True False False 33s kube-apiserver 4.16.46 True False False 6m1s kube-controller-manager 4.16.46 True False False 6m1s kube-scheduler 4.16.46 True False False 6m1s kube-storage-version-migrator 4.16.46 True False False 28s monitoring Unknown True Unknown 3s Rolling out the stack. network 4.16.46 True False False 5m47s node-tuning 4.16.46 True False False 59s openshift-apiserver 4.16.46 True False False 6m1s openshift-controller-manager 4.16.46 True False False 6m1s openshift-samples operator-lifecycle-manager 4.16.46 True False False 6m2s operator-lifecycle-manager-catalog 4.16.46 True False False 6m3s operator-lifecycle-manager-packageserver 4.16.46 True False False 6m1s service-ca 4.16.46 True False False 30s storage 4.16.46 True False False 56s Waiting for cluster to be reported as healthy... Trying again in 60s NAME VERSION AVAILABLE PROGRESSING DEGRADED SINCE MESSAGE console 4.16.46 True True False 22s SyncLoopRefreshProgressing: working toward version 4.16.46, 1 replicas available csi-snapshot-controller 4.16.46 True False False 7m5s dns 4.16.46 True False False 50s image-registry 4.16.46 True True False 48s Progressing: The deployment has not completed... ingress 4.16.46 True False False 33s insights 4.16.46 True False False 93s kube-apiserver 4.16.46 True False False 7m1s kube-controller-manager 4.16.46 True False False 7m1s kube-scheduler 4.16.46 True False False 7m1s kube-storage-version-migrator 4.16.46 True False False 88s monitoring Unknown True Unknown 63s Rolling out the stack. network 4.16.46 True True False 6m47s DaemonSet "/openshift-multus/network-metrics-daemon" is not available (awaiting 1 nodes)... node-tuning 4.16.46 True True False 11s Waiting for 1/3 Profiles to be applied openshift-apiserver 4.16.46 True False False 7m1s openshift-controller-manager 4.16.46 True False False 7m1s openshift-samples 4.16.46 True False False 27s operator-lifecycle-manager 4.16.46 True False False 7m2s operator-lifecycle-manager-catalog 4.16.46 True False False 7m3s operator-lifecycle-manager-packageserver 4.16.46 True False False 7m1s service-ca 4.16.46 True False False 90s storage 4.16.46 True True False 116s AWSEBSCSIDriverOperatorCRProgressing: AWSEBSDriverNodeServiceControllerProgressing: Waiting for DaemonSet to deploy node pods Waiting for cluster to be reported as healthy... Trying again in 60s NAME VERSION AVAILABLE PROGRESSING DEGRADED SINCE MESSAGE console 4.16.46 True False False 83s csi-snapshot-controller 4.16.46 True False False 8m6s dns 4.16.46 True False False 111s image-registry 4.16.46 True False False 109s ingress 4.16.46 True False False 94s insights 4.16.46 True False False 2m34s kube-apiserver 4.16.46 True False False 8m2s kube-controller-manager 4.16.46 True False False 8m2s kube-scheduler 4.16.46 True False False 8m2s kube-storage-version-migrator 4.16.46 True False False 2m29s monitoring Unknown True Unknown 2m4s Rolling out the stack. network 4.16.46 True False False 7m48s node-tuning 4.16.46 True False False 72s openshift-apiserver 4.16.46 True False False 8m2s openshift-controller-manager 4.16.46 True False False 8m2s openshift-samples 4.16.46 True False False 88s operator-lifecycle-manager 4.16.46 True False False 8m3s operator-lifecycle-manager-catalog 4.16.46 True False False 8m4s operator-lifecycle-manager-packageserver 4.16.46 True False False 8m2s service-ca 4.16.46 True False False 2m31s storage 4.16.46 True False False 2m57s Waiting for cluster to be reported as healthy... Trying again in 60s healthy cluster to be reported as healthy finished!