Problem

The following describes some lessons learned when trying out Red Hat OpenShift Container Platform on Microsoft Azure using an installation of RHEL/CentOS.

Solution

Here are a few things you should consider prior to going through it yourself.

  1. Azure free account

    Requires a valid credit card to sign register - gift cards not accepted #wompwomp

    Also, free trial subscriptions are not eligible for limit or quota increases.

  2. Create a resource group

    See post on not able to set same name for Azure key Vault in different subscription.

    The solution in my case was to register a missing resource provider.

      az provider register --namespace Microsoft.KeyVault

  3. Create a service principal

    Role assignment creation failed because the original scopes az group show --name keyvaultrg --query id command includes quotation marks.

    Also, there is no need to include the --password parameter if this is the first time you’re provisioning. As in, Azure will auto generate the password for you.

      az ad sp create-for-rbac --name openshift --role contributor --scopes $(az group show --name keyvaultrg --query id | sed -e 's/\"\(.*\)\"/\1/')

  4. Missing authorization to perform action

    I needed fix RBAC by adding Microsoft.Resources/subscriptions/resourcegroups/read to my account.

  5. Consider using a tool to generate Azure ARM templates

    The JSON templates provided out-of-the-box by Microsoft deploy 1x bastion, 3x master, 3x infra, 3x app nodes.

    But, for purposes of a small proof-of-concept (POC) environment I needed something a little smaller. So I began hacking away manually.

    Hindsight is 20/20, and if you are an OpenShift guru, but not an Azure expert… Expect to find post- deployment issues with things like storage provisioning.

    For instance, I didn’t understand the different Azure storage tiers at the time, and when I tried to deploy OpenShift… The pods backed by persistent storage failed since Premium_LRS is not supported for VM size Basic_A2. Basically, I needed to deploy nodes that support premium storage - doh.

    The point is, I could have saved myself some time if I had either broken the ARM template into multiple small subsections that got assembled post- modification, or Googled for a tool that I could use to update the template and redeploy from afterwards.

Summary

Let me start by saying I’ve found the experience of deploying OpenShift on Azure to be quite pleasurable.

But, in order to reduce the recommended deployment to a OCP proof-of-concept architecture I had to do some significant hacking when dealing with the Microsoft ARM templates.

So, if you don’t mind troubleshooting, or have some time on your hands… Please consider making a contribution to my github project, which is a result of the effort described above.