Skip to main content

Prerequisites

This page covers ROSA/AWS-specific prerequisites only. If you are deploying on self-managed OpenShift on-premises or on another cloud provider, skip to Deploy Argo Workflows. You will need to provide credentials to the Collate pod through your own mechanism (e.g. a static Secret mounted as envFrom, HashiCorp Vault, or your cloud’s workload identity).

Get the ROSA OIDC Endpoint

ROSA clusters include a built-in OIDC provider — no manual creation needed. Retrieve its endpoint: 
CLUSTER_NAME="<your-rosa-cluster-name>"

OIDC_ENDPOINT=$(rosa describe cluster -c "$CLUSTER_NAME" -o json \
  | jq -r .aws.sts.oidc_endpoint_url | sed 's|https://||')

echo "OIDC Endpoint: $OIDC_ENDPOINT"
The format is oidc.op1.openshiftapps.com/<cluster-id>. Use this value wherever OIDC_ENDPOINT appears in subsequent steps.

S3 Bucket

Argo Workflows archives ingestion logs to object storage. The same bucket is used for Collate asset uploads. On AWS this is S3; on other platforms any S3-compatible store (MinIO, GCS via S3 API, Azure Blob via gateway) can be used by adjusting the artifactRepository values in the Argo Workflows Helm release. 
AWS_REGION="<your-aws-region>"
BUCKET_NAME="collate-<aws-region>"

aws s3 mb s3://$BUCKET_NAME --region $AWS_REGION

Next Steps

With the OIDC endpoint and S3 bucket in place, proceed to deploy the components:

Deploy Argo Workflows

Create IAM roles for Argo, configure SCCs, and install Argo Workflows.

Deploy Collate

Create the Collate IAM role, configure ECR credentials, and install Collate.