Using Azure OpenShift
Guide to OpenShift Tutorial
September 14, 2022 OpenShift is a cloud-based Kubernetes service by Red Hat. Azure Red Hat OpenShift, a.k.a. Azure
OpenShift, is a product jointly developed by Red Hat and Azure to offer a seamless integration of
OpenShift on the Azure platform.
In this article, we’ll cover:
- Azure OpenShift benefits
- Azure OpenShift cost
- How to deploy Azure OpenShift
- Monitoring an OpenShift container with a monitoring script from Microsoft
Benefits of using Azure OpenShift
Red Hat and Microsoft jointly engineer, operate, and support Azure Red Hat OpenShift. The table below
summarizes the key benefits of Azure Red Hat OpenShift over OpenShift as IaaS.
Azure OpenShift Benefits
| Benefit | Description |
|---|---|
| Security | Enterprise-grade operations, security, and compliance. With SLA of 99.95% availability and PCI DSS, ISO 27001, HITRUST, SOC 2 Type II, and FedRAMP certifications. |
| Cloud-native Integrations | Promotes developer productivity with built-in CI/CD pipelines and effortlessly connects applications to hundreds of Azure services such as MySQL, PostgreSQL, Redis, Cosmos DB, etc. |
| Quick Startup | Start a highly available cluster quickly and scale your application demand changes. |
| Flexible Instance Types | Choice between standard, memory-optimized, and CPU-optimized application nodes. |
| Convenient Billing | Pay through an already configured Azure subscription. |
| Vertical Integration | A vertically integrated product with a core OS, so any updates or security vulnerabilities are addressed sooner and faster. |
Azure OpenShift Cost
Azure OpenShift 4 has a minimum cluster size of three master nodes and three worker nodes. Both node
types use Linux Azure VM pricing. Additionally, worker nodes have OpenShift license costs as well.
With Azure OpenShift, these VM sizes are billed as part of the standard Azure subscription. Both master
and worker nodes can use Azure’s reduced on-demand and reserved instance pricing.
For a complete list of supported VM sizes, see
Azure Red Hat OpenShift pricing
Azure OpenShift Deployment Options
There are two ways to run OpenShift on Azure:
- OpenShift Container Platform (OCP) deployed on a virtual machine
- Azure Red Hat OpenShift deployed through Azure portal or Azure CLI.
OpenShift running on an Azure VM
OpenShift Container Platform on virtual machines is deployed through cloud.redhat.com/openshift. With this deployment
model, OpenShift must be installed and set up on a VM, and you must bring your own license.
There are no Azure-specific operations, integrations, or billing benefits in this case. With this option,
using OpenShift on Azure is the same as running it on your own hardware or another infrastructure as a
service (IaaS) platform like GCP or AWS.
Azure OpenShift
With this deployment model, you can deploy Azure Red Hat OpenShift through the Azure portal or the Azure
CLI. It is fully managed and supported by both Red Hat and Azure. Since this is part of the Azure
service stack, the billing integrates into your Azure subscription, including a license.
How to Deploy Azure OpenShift
Now, let’s walk through how you can deploy Azure Red Hat OpenShift using the Azure portal and Azure
CLI.
Spend less time optimizing Kubernetes Resources. Rely on AI-powered Kubex - an automated Kubernetes optimization platform
Free 60-day TrialPrerequisites
Before we get started, you’ll need to:
- Ensure Azure Red Hat is available in your region.
- Make sure you have a pay-as-you-go Azure account, not a free entry-level account. The free version
does not cover third-party license costs. - Have enough Azure quota for the standard dsv3 family of vCPUs.
Note that the initial quota allowed is ten vCPUs. You’ll need at least 40. Use the normal Azure process
to request a large quota by going to the “Usage + quotas” option available under the Azure portal and
requesting an additional quota for the instance type you will use to deploy the Azure OpenShift
cluster.
You can find a list of supported Quotas and other requirements for Azure OpenShift here.
Begin the process in the Red Hat OpenShift management console
- First, log in to your Red Hat OpenShift console using your Red Hat account at https://console.redhat.com/. Once logged in, you will
find many options to interact with Red Hat software. The RedHat OpenShift console displays a variety
of submenus.
The RedHat OpenShift console displays a variety of submenus. - Select Red Hat OpenShift Cluster Manager.
- Then click the “Create Cluster” which will display many different options to create a new
cluster. - Click “Try it on Azure” for the Azure Red Hat OpenShift offering. You will see detailed instructions
for quickly deploying a production-grade OpenShift cluster standing up on Azure. We’ll follow these
instructions here. - Get your pull secret from the Red Hat management console for Azure to begin deployment. It is
located under “Run it yourself” below the Managed services offering.
The Red Hat management console displays several options for deploying OpenShift on
different IaaS platforms. - Choose the “Installer-provisioned infrastructure” option.
The Red Hat management console provides two options for Azure OpenShift
- Click “Download pull secret” to download the pull secret. This step will save the pull secret to
your local machine.
The Red Hat management console allows users to download their pull secret.
Prep Azure for installation
Next, we’ll prep Azure for installation. We can also do this through the Azure portal, but for this
article, we’ll use the Azure CLI as it makes deployment easier.
- First, we need to register the Red Hat OpenShift resource on our subscription along with Microsoft’s
compute, storage, and authorization resource providers.Run the following commands to register required resources:
az provider register -n Microsoft.RedHatOpenShift –wait az provider register -n Microsoft.Compute –wait az provider register -n Microsoft.Storage –wait az provider register -n Microsoft.Authorization –wait - Next, run these commands to configure environment variables:
LOCATION=eastus #location of your cluster RESOURCEGROUP=arorg #name of the resource group where you want to create your cluster CLUSTER=cluster #name of your cluster - Now, we’ll create a resource group with a location. Use these commands to create the group:
az group create --name $RG --location $LOCATIONYou should see output similar to this:
{ "id": "/subscriptions/<guid>/resourceGroups/aro-rg", "location": "eastus", "name": "aro-rg", "properties": { "provisioningState": "Succeeded" }, "type": "Microsoft.Resources/resourceGroups" }Note that in Azure, a resource group is a logical group in which Azure resources are deployed and
managed.
We have to set a location for this. This location is where the resource group metadata is stored and
sets the default location for the
resources created in this resource group. The resource created in a resource group is not limited to
the location of the resource group. - Next, we’ll configure networking for our cluster. We will create a virtual network that will have
two empty subnets. The first subnet will be
for the control pane, and the other for the workers. We will build all this networking inside the
resource group we created earlier. Run these commands to configure the cluster networking:az network vnet create --resource-group $RG --name arovnet --address-prefixes 20.0.0.0/22You should see output similar to:
{ "newVNet": { "addressSpace": { "addressPrefixes": [ "20.0.0.0/22" ] }, "dhcpOptions": { "dnsServers": [] }, "id": "/subscriptions/<guid>/resourceGroups/aro-rg/providers/Microsoft.Network/virtualNetworks/aro-vnet", "location": "eastus", "name": "arovnet", "provisioningState": "Succeeded", "resourceGroup": "arorg", "type": "Microsoft.Network/virtualNetworks" } - After creating the virtual network, we need to create the two subnets we discussed earlier. We’ll
also explicitly set a service endpoint,
and that’s because Azure guarantees a secure and direct route when we do that. Use this command to
create the master subnet:az network vnet subnet create --resource-group $RG --vnet-name arovnet --name master-subnet --address-prefixes 20.0.0.0/23 --service-endpoints Microsoft.ContainerRegistry - Next, use the following command to create the worker subnet:
az network vnet subnet create --resource-group $RG --vnet-name arovnet --name workersubnet --address-prefixes 20.0.2.0/23 --service-endpoints Microsoft.ContainerRegistry - Now, disable the subnet private endpoint policies for that master subnet. It is required for the
service to be able to connect to and manage
the cluster, and if we’re using the portal to do it, it would be the default. These are the CLI
commands required.az network vnet subnet update --name mastersubnet --resource-group $RG --vnet-name arovnet --disable-private-link-service-network-policies true - Create a cluster using the
aro createcommand. You can run this command to see the
options available for thearo createcommand.aro create –help | moreThere are plenty of options available, including the ability to set the VM sizes, set up advanced
network configuration, worker sizing, etc., to name a few.To create the cluster, run the commands below. It references the pull secret we downloaded earlier
through the Red Hat management console.az network vnet subnet update --name mastersubnet --resource-group $RG --vnet-name arovnet --disable-private-link-service-network-policies trueaz aro create --resource-group $RESOURCEGROUP --name $CLUSTER --vnet arovnet --master-subnet mastersubnet --worker-subnet workersubnet --pull-secret @pull-secret.txtInstallation typically takes around 30-35 minutes, depending on your region. You can watch the
deployment progress on the Azure portal or through the debug command in CLI.
When the installation completes, you’ll see the following list of resources deployed on your Azure,
as shown in the screenshot below.
Resources displayed in the Azure portal.
- Once the cluster is reporting complete, we need to connect to it. Use this command to retrieve the
credentials for the cluster:az aro list-credentials \ --name $CLUSTER --resource-group $RG - Running this command retrieves the details for the cluster.
az aro show --name $CLUSTER --resource-group $RG --query “consoleProfile.url” -o tsvThe output will include a URL to connect to the cluster we created.
- Use the credentials extracted from the list-credentials command to log in to the Red Hat Management
portal.
Spend less time optimizing Kubernetes Resources. Rely on AI-powered Kubex - an automated Kubernetes optimization platform
Free 60-day Trial Now you have full cluster access for advanced customization and management. It also gives you complete
control over upgrades and life cycle management.
You also get direct access to Azure storage, compute, and auto-scaling options, among others.
How to Configure Azure OpenShift Monitoring
Another excellent integration with Azure is being able to configure Azure RedHat OpenShift version 4 with
container insight. After deployment,
Azure Insights automatically displays the container. It is displayed under “Unmonitored clusters”, as shown
in the screenshot below.
Prerequisites
Before we proceed, make sure:
Spend less time optimizing Kubernetes Resources. Rely on AI-powered Kubex - an automated Kubernetes optimization platform
Free 60-day TrialRunning the install script and configuring monitoring
- Microsoft provides a monitoring script that makes it very easy to enable monitoring. We start by
setting up the resource id, resource group, and cluster name, with the command below:export ResourceId=”subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroup/rg-name/providers/Microsoft.RedHatOpenShift/OpenShiftClusters/clustername” bash enable-monitoring.sh -- resource-id $ResourceId - After running the script, CLI will prompt you to grant access by authentication.
- Go to the highlighted URL and enter the provided authentication code
- Once the script runs, the cluster will be under monitored clusters.
A container is displayed in the “Monitored clusters” section of the Azure portal.
- Click on the cluster name to access all the various configured dashboards. Depending on the
deployment region, it will take around 5-10 minutes for the data to become available.
The Azure portal displays statistics on deployed clusters.
That’s it! Now you can monitor your cluster, nodes, controllers, and containers and run detailed reports.
Spend less time optimizing Kubernetes Resources. Rely on AI-powered Kubex - an automated Kubernetes optimization platform
Free 60-day TrialConclusion
Azure OpenShift is an excellent choice for OpenShift deployment. The joint support and ease of deployment
and use make it one of the best OpenShift deployment platforms available.
It offers all the in-demand industry certifications for compliance out of the box. Joint support also makes
troubleshooting issues far less complicated. Azure also provides comprehensive
monitoring through Azure insights with a prebuilt script from Microsoft.
Continue Reading this Series
Solutions
Company
AVAILABLE ON
PROUD MEMBER OF
