Creating an Azure OpenShift Cluster
Prerequisites
Procedure
-
Log in to Azure:
az login
- Create a resource group for the key vault using the command:
- Create a key vault using the command:
-
Create an SSH key, without any password, using the command:
ssh-keygen -f ~/.ssh/openshift_rsa -t rsa -N
- Store the SSH private key in the Azure key vault that was created in step 3:
-
Get the resource group ID using the command:
az group show --name <groupName> --query <query>
where:
- <groupName> - The name of the resource group (created in step 2).
- <query> - A JMESPath query string. For more information, see http://jmespath.org/.
Example:
az group show --name mlrg --query id
The following is an example output string from the az group show command:
/subscriptions/1db82ccd-abfe-46ec-8ad2-7f2d8cf050d5/resourceGroups/mlrg
-
Create a service principal and assign it contributor permissions to the key vault resource group created in step 2, using the following command:
az ad sp create-for-rbac --name <name> --role <role> --password <password> --scopes <scopes>
where:
Example:
az ad sp create-for-rbac --name mlSP --role Contributor --password Ocazure@18 --scopes /subscriptions/1db82ccd-abfe-46ec-8ad2-7f2d8cf050d5/resourceGroups/mlrg
An error might be displayed if you do not have the appropriate permissions. When the command runs successfully, output similar to the following is displayed:
{ "appId": "31bf3682-39b6-4ba1-931d-6d66d8887ad0", "displayName": "mlSP", "name": "http://mlSP", "password": "Ocazure@18", "tenant": "cde6fa59-abb3-4971-be01-2443c417cbda" }Take note of appId, tenant, and password, those are needed later during the deployment process.
- Create a resource group for the OpenShift cluster using the following command:
- Assign the Contributor role to the appId (from step 7 output) for the resource group created in step 8.
- List the role assignments - this should list the assignments you created in the previous steps.
- Browse to the following website and click the Deploy to Azure link:
-
In the Azure portal, enter the require parameters, taking note of the Admin user name and password, as they will be needed to log into the OpenShift console after a successful deployment.
The following provides descriptions for some of the parameters that need to be specified:
- Resource Group: Select Use Existing radio button (the resource group was reated in step 8).
- Openshift Password: Enter a password of your choice.
- Key Vault Secret: Enter name you gave for the key in Step 5.
- Red Hat user name/organization and password/activation key: If you create your own account for OpenShift on the Red Hat portal, use that. You will need the Red Hat pool ID for the subscription.
- ssh public key: This is a public key you created in step 4. Content will be in the file ~/.ssh/openshift_rsa.pub.
- Select the VM size as Standard_E2s_V3.
- Storage kind should be 'managed'.
- Enable Azure: Select 'true'.
- Aad client id and secret: Use the appId received in step 7 and use the same password you used in step 7.
- masterInstanceCount: Choose 1.
- infraInstanceCount: Choose 1.
- nodeInstanceCount: Choose as desired.
-
Click the
Purchase link.
If everything goes well, it takes around 45 minutes to 1 hour to create the cluster. If the deployment is successful, go to the OpenShift cluster UI by accessing the successfully-deployed template details. When the deployment is complete, you can access the OpenShift using:
az group deployment show --name <name> --resource-group <group> | grep".azure.com:8443/console"
where:
Example:
az group deployment show --name Microsoft.Template --resource-group mlOSFTCluster | grep".azure.com:8443/console"
You can log into with the generated URL using ocpadmin as the user name, and the OpenShift password specified in step 12.
Copyright © Cloud Software Group, Inc. All rights reserved.