Azure Service Operator V2 in ARO

The Azure Service Operator (ASO) provides Custom Resource Definitions (CRDs) for Azure resources that can be used to create, update, and delete Azure services from an OpenShift cluster.

This example uses ASO V2, which is a replacement for ASO V1. Equivalent documentation for ASO V1 can be found here . For new installs, V2 is recommended. MOBB has not tested running them in parallel.

Prerequisites

• Azure CLI
• An Azure Red Hat OpenShift (ARO) cluster
• The helm CLI tool

Prepare your Azure Account and ARO Cluster

1. Install cert-manager:

   ASO relies on having the CRDs provided by cert-manager so it can request self-signed certificates. By default, cert-manager creates an Issuer of type SelfSigned, so it will work for ASO out-of-the-box. On an OpenShift cluster, the easiest way to do this is by using the OCP console, navigating to ‘Operators | OperatorHub’ and installing it from there; both the Red Hat certified and community versions will work. It’s also possible to install by applying manifests directly as covered here .

2. Set the following environment variables:

   Note: modify the cluster name, region and resource group to match your cluster

3. Create a Service Principal with Contributor permissions to your subscription:

   Note: You may want to lock this down to a specific resource group.

   The result should look something like this:

   You’ll need two of these values for the Helm deploy of ASO:

4. Deploy the ASO Operator using Helm:

   First, add the ASO repo (this may already be present, Helm will thow a status message if so):

   Then install the operator itself:

   It will typically take 2-3 minutes for resources to converge and for the controller to be read to provision Azure resources. There will be one Pod created in the azureserviceoperator-system namespace with two containers, an oc -n azureserviceoperator-system logs <pod_name> manager will likely show a string of ‘TLS handshake error’ messages as the operator waits for a Certificate to be issued, but when they stop, the operator will be ready.

Deploy an Azure Redis Cache

1. Create a Project:

2. Allow the redis app to run as any user:

3. Create an Azure Resource Group to hold project resources. Make sure the namespace matches the project name, and that the location is in the same region the cluster is:

4. Deploy a Redis service using the ASO Operator. This also shows creating a random string as part of the hostname because the Azure DNS namespace is global, and a name like sampleredis is likely to be taken. Also make sure the location spec matches.

This will take a couple of minutes to complete as well. Also note that there is typically a bit of lag between a resource being created and showing up in the Azure Portal.

1. Deploy the sample application

This uses a published sample application from Microsoft:

1. Get the URL of the example app

2. Browse to the URL provided by the previous command and validate that the app is working

Cleanup

1. Delete the project containing the demo app

Further Resources

There is a library of examples for creating various Azure resource types here: https://github.com/Azure/azure-service-operator/tree/main/v2/config/samples