Planning and Configuring a New Cluster on Azure using OpenShift

Follow the steps below to configure an OpenShift cluster on Azure:
  1. Sign in to Azure. Follow the instructions for signing.
    CMD: 
    az login
  2. Create a resource group for a key vault. The following example command creates a resource group named suneelrg.
    CMD: 
    az group create --name suneelrg --location eastus
  3. Create a key vault. The following example command creates a key vault named suneelvault.
    CMD: 
    az keyvault create --resource-group suneelrg --name suneelvault  --enabled-for-template-deployment true --location eastus
  4. Create an SSH key without any password.
    CMD: 
    ssh-keygen -f ~/.ssh/openshift_rsa -t rsa -N ''
  5. Store the SSH private key in the Azure key vault that was created in step 3.
    CMD: 
    az keyvault secret set --vault-name suneelvault --name keysecret --file ~/.ssh/openshift_rsa

  6. Get suneelrg id. Sample output string for the id: /subscriptions/1db82ccd-abfe-46ec-8ad2-7f2d8cf050d5/resourceGroups/suneelrg.

    CMD: 
    az group show --name suneelrg --query id
  7. Create a service principal and assign it contributor permissions to the key vault resource group created in step 2. Use the output string in step 6 for the --scopes option in the below command.
    CMD: 
    az ad sp create-for-rbac --name suneelSP --role Contributor
--password Ocazure@18 --scopes
/subscriptions/1db82ccd-abfe-46ec-8ad2-7f2d8cf050d5/resourceGroups/suneelrg
    You might get an error if you do not have appropriate permission. If the above command runs successfully, you will get output similar to below. Take note of appId, tenant, and password. These are needed for deployment later on. 
    {

  "appId": "31bf3682-39b6-4ba1-931d-6d66d8887ad0",

  "displayName": "suneelSP",

  "name": "http://suneelsp",

  "password": "Ocazure@18",

  "tenant": "cde6fa59-abb3-4971-be01-2443c417cbda"

}
  8. Create a resource group for the OpenShift cluster. The following example command created a resource group named suneelOSFTCluster.
    CMD: 
    az group create --name suneelOSFTCluster --location eastus
  9. Assign contributor role to appId (received in step 7) for the above resource group.
    CMD: 
    az role assignment create --assignee 31bf3682-39b6-4ba1-931d-6d66d8887ad0 --resource-group suneelOSFTCluster --role Contributor
  10. Output of the following command should not be blank.
    CMD: 
    az role assignment list --resource-group suneelOSFTCluster
    Go to the page https://github.com/Microsoft/openshift-container-platform/tree/release-3.10 and click the Deploy to Azure link. It will take you to the Azure portal. Fill in all the required parameters. Make sure you take note of your OpenShift admin user name and password. That is required when you log into the OpenShift console, once it is successfully deployed. The following are descriptions of some important parameters:
    • Resource Group: Select "Use Existing" radio button. (Created in step 8)
    • Openshift Password: Enter password of your choice.
    • Key Vault Secret: The name you gave for the key in Step 5 ("keysecret" in Step 5 here).
    • Red Hat user name/organization and password/activation key: If you create your own account for OpenShift on Red Hat portal, use that. You will need the Red Hat pool id for the subscription.
    • ssh public key: This is a public key you created in step 4. Content will be in the file ~/.ssh/openshift_rsa.pub
    • Select the VM size as Standard_E2s_V3. Storage kind should be 'undamaged".
    • Select 'true' in Enable Azure field.
    • Aad client id and secret: Use appId received in step 7 and use the same password you used in step 7.
    • masterInstanceCount field value: select 1.
    • infraInstanceCount field value: select 1.
    • nodeInstanceCount field value: select 3.
    Click 'Purchase' link. If everything goes well, it takes around 45 minutes to 1 hour to create the cluster. If the deployment is successful, then go to the OpenShift cluster UI by accessing the successfully-deployed template details.
    Once deployment is complete, you get the Openshift Console by accessing: 
    az group deployment show --name Microsoft.Template --resource-group suneelOSFTCluster | grep ".azure.com:8443/console"
    You can login into the above url using the user name ocpadmin and password you have given in the above for Openshift password.