Cloud Experts Documentation

ARO

ARO Quickstart

A Quickstart guide to deploying an Azure Red Hat OpenShift cluster. Video Walkthrough If you prefer a more visual medium, you can watch Paul Czarkowskiexternal link (opens in new tab) walk through this quickstart on YouTubeexternal link (opens in new tab) . Prerequisites Azure CLI Obviously you’ll need to have an Azure account to configure the CLI against. MacOS See Azure Docsexternal link (opens in new tab) for alternative install options.

Creating RAG Chatbot using TinyLlama and LangChain with Red Hat OpenShift AI on ARO

1. Introduction Retrieval-Augmented Generationexternal link (opens in new tab) (RAG) is a technique to enhance Large Language Models (LLMs) to retrieve relevant information from a knowledge base before generating responses, rather than relying solely on their training. LangChainexternal link (opens in new tab) is a framework for developing applications powered by language models. It provides tools and APIs that make it easier to create complex applications using LLMs, such as using RAG technique to enable the chatbot to answer questions based on the provided document.

Configuring Microsoft Entra ID to emit group names

In this guide, we will configure an existing Microsoft Entra ID (formerly Azure Active Directory) identity provider to emit the group name instead of the group ID for optional group claims. This will allow you to reference group names in your role bindings instead of the group ID. The ability to emit group names instead of group IDsexternal link (opens in new tab) is a preview feature made available by Microsoft and is subject to their terms and conditions around preview features of their services.

Maximo Application Suite on ARO ( Azure Red Hat OpenShift )

IBM Maximo Application Suite (MAS) is a set of applications for asset monitoring, management, predictive maintenance and reliability planning. When combined with Azure Red Hat OpenShift ( ARO ), this frees up your Maximo and operations team to focus on what is important to them ( Maximo ) rather than having to worry about managing and building clusters. This document outlines how to get quickly get started with ARO and installing Maximo all through automation.

Ansible Automation Platform (AAP) on ARO

Ansible Automation Platform (AAP)external link (opens in new tab) is a popular platform for centralizing and managing an organization’s automation content using Ansible as the engine for writing automation code. Prior to deployment, organizations are faced with the decision “where do I want to host this thing?”. In today’s landscape, there are several options between traditional Virtual Machines, running it on OpenShift, or even running it as a managed offering.

Setting custom domains for apps created via OpenShift Dev Spaces

Red Hat OpenShift Dev Spaces (formally CodeReady Workspaces) is an Operator available for OpenShift that allows users to create dynamic IDEs for developing and publishing code. When using OpenShift Dev Spaces, users can test their code and have the service automatically create a route for users to see their code in real time. By default, this route will use the default Ingress Controller, but it is possible to configure Dev Spaces to use a custom domain instead.

Prerequisites Checklist to Deploy ARO Cluster

Before deploying an ARO cluster, ensure you meet the following prerequisites: Setup Tools Install Azure CLI: Essential for managing Azure resources. Refer to the official documentationexternal link (opens in new tab) Verify Resources Core Quota: Confirm availability of at least 40 coresexternal link (opens in new tab) to create and run an OpenShift Cluster. Permissions RBAC Settings: Ensure you have Contributor and User Access Administrator roles on the cluster resource group.

Deploying Advanced Cluster Management and OpenShift Data Foundation for ARO Disaster Recovery

A guide to deploying Advanced Cluster Management (ACM) and OpenShift Data Foundation (ODF) for Azure Red hat OpenShift (ARO) Disaster Recovery Overview VolSync is not supported for ARO in ACM: https://access.redhat.com/articles/7006295 so if you run into issues and file a support ticket, you will receive the information that ARO is not supported. In today’s fast-paced and data-driven world, ensuring the resilience and availability of your applications and data has never been more critical.

Deploying Private ARO clusters with Custom Domains

Overview By default Azure Red Hat OpenShift uses self-signed certificates for all of the routes created on *.apps.<random>.<location>.aroapp.io. Many companies also seek to leverage the capabilities of Azure Red Hat OpenShift (ARO) to deploy their applications while using their own custom domain. By utilizing ARO’s custom domain feature, companies can ensure hosting their applications under their own domain name. If we choose to specify a custom domain, for example aro.myorg.com, the OpenShift console will be available at a URL such as https://console-openshift-console.

ARO - Cross Tenant Provisioning

Summary There may be situations where you want to create an ARO cluster where the organization has a policy which has a central entity that controls things such as encryption keys or networking components. This is desirable in large enterprises due to separation of concerns and limiting areas of control for groups to a small scope. This does present challenges, as those different groups must be able to integrate with one another.

Use Azure Blob storage Container Storage Interface (CSI) driver on an ARO cluster

The Azure Blob Storage Container Storage Interface (CSI) is a CSI compliant driver that can be installed to an Azure Red Hat OpenShift (ARO) cluster to manage the lifecycle of Azure Blob storage. When you use this CSI driver to mount an Azure Blob storage into a pod, it allows you to use blob storage to work with massive amounts of data. You can refer also to the driver’s documentation hereexternal link (opens in new tab) .

Deploying OpenShift API for Data Protection on an ARO cluster

Prerequisites An ARO Cluster Getting Started Create the following environment variables, substituting appropriate values for your environment: export AZR_CLUSTER_NAME=oadp export AZR_SUBSCRIPTION_ID=$(az account show --query 'id' -o tsv) export AZR_TENANT_ID=$(az account show --query 'tenantId' -o tsv) export AZR_RESOURCE_GROUP=oadp export AZR_STORAGE_ACCOUNT_ID=oadp export AZR_STORAGE_CONTAINER=oadp export AZR_STORAGE_ACCOUNT_SP_NAME=oadp export AZR_IAM_ROLE=oadp export AZR_STORAGE_ACCOUNT_ACCESS=$(az storage account keys list --account-name $AZR_STORAGE_ACCOUNT_ID --query "[?keyName == 'key1'].value" -o tsv) Prepare Azure Account Create an Azure Storage Account as a backup target: az storage account create \ --name $AZR_STORAGE_ACCOUNT_ID \ --resource-group $AZR_RESOURCE_GROUP \ --sku Standard_GRS \ --encryption-services blob \ --https-only true \ --kind BlobStorage \ --access-tier Cool Create an Azure Blob storage container: az storage container create \ --name $AZR_STORAGE_CONTAINER \ --public-access off \ --account-name $AZR_STORAGE_ACCOUNT_ID Create a role definition that will allow the operator minimal permissions to access the storage account where the backups are stored: az role definition create --role-definition '{ "Name": "'$AZR_IAM_ROLE'", "Description": "OADP related permissions to perform backups, restores and deletions", "Actions": [ "Microsoft.

Configure a Private ARO cluster with Azure File via a Private Endpoint

There are two way to configure this set up Self provision the storage account and file share (static method) Requires pre-existing storage account and file share Auto provision the storage account and file share (dynamic method) CSI will create the storage account and file share WARNING please note that this approach does not work on FIPS-enabled clusters. This is due to the CIFS protocol being largely non-compliant with FIPS cryptographic requirements.

Using Azure Container Registry in Private ARO clusters

This guide describes how configure and deploy an Azure Container Registry, limiting the access to the registry and connecting privately from a Private ARO cluster, eliminating exposure from the public internet. You can limit access to the ACR by assigning virtual network private IP addresses to the registry endpoints and using Azure Private Linkexternal link (opens in new tab) . Network traffic between the Private ARO cluster and the registry’s private endpoints traverses the virtual network and a private link on the Microsoft backbone network, eliminating exposure from the public internet.

What to consider when using Azure AD as IDP?

Author: Ricardo Macedo Martinsexternal link (opens in new tab) May 24, 2023 In this guide, we will discuss key considerations when using Azure Active Directory (AAD) as the Identity Provider (IDP) for your ARO or ROSA cluster. Below are some helpful references: Configure ARO to Use Azure AD Configuring IDP for ROSA, OSD, and ARO Default Access for All Users in Azure Active Directory Once you set up AAD as the IDP for your cluster, it’s important to note that by default, all users in your Azure Active Directory instance will have access to the cluster.

Deploy ACM Submariner for connect overlay networks ARO - ROSA clusters

Submariner is an open source tool that can be used with Red Hat Advanced Cluster Management for Kubernetes to provide direct networking between pods and compatible multicluster service discovery across two or more Kubernetes clusters in your environment, either on-premises or in the cloud. This article describes how to deploy ACM Submariner for connecting overlay networks of ARO and ROSA clusters. NOTE: Submariner for connecting ARO and ROSA clusters only works from ACM 2.

Configure Microsoft Entra ID as an OIDC identity provider for ARO with cli

The steps to add Azure AD as an identity provider for Azure Red Hat OpenShift (ARO) via cli are: Prerequisites Have Azure cli installed Login to Azure Azure Define needed variables Get oauthCallbackURL Create manifest.json file to configure the Azure Active Directory application Register/create app Add Service Principal for the new app Make Service Principal an Enterprise Application Create the client secret Update the Azure AD application scope permissions Get Tenant ID OpenShift Login to OpenShift as kubeadmin Create an OpenShift secret### Apply OpenShift OpenID authentication Wait for authentication operator to roll out Verify login through Azure Active Directory Last steps Prerequisites Have Azure cli installed Follow the Microsoft instuctions: https://docs.

Red Hat Cost Management for Cloud Services

Adopted from Official Documentation for Cost Management Service Red Hat Cost Management is a software as a service (SaaS) offering available free of charge as part of your Red Hat subscriptions. Cost management helps you monitor and analyze your OpenShift Container Platform and Public cloud costs in order to improve the management of your business. Some capabilities of cost management are : Visualize costs across hybrid cloud infrastructure Track cost trends Map charges to projects and organizations Normalize data and add markups with cost models Generate showback and chargeback information In this document, I will show you how to connect your OpenShift and Cloud provider sources to Cost Management in order to collect cost and usage.

Azure Front Door with ARO ( Azure Red Hat OpenShift )

Securing exposing an Internet facing application with a private ARO Cluster. When you create a cluster on ARO you have several options in making the cluster public or private. With a public cluster you are allowing Internet traffic to the api and *.apps endpoints. With a private cluster you can make either or both the api and .apps endpoints private. How can you allow Internet access to an application running on your private cluster where the .

Setup a VPN Connection into an ARO Cluster with OpenVPN

When you configure an Azure Red Hat OpenShift (ARO) cluster with a private only configuration, you will need connectivity to this private network in order to access your cluster. This guide will show you how to configute a point-to-site VPN connection so you won’t need to setup and configure Jump Boxes. Prerequisites a private ARO Cluster git openssl Create certificates to use for your VPN Connection There are many ways and methods to create certificates for VPN, the guide below is one of the ways that works well.

Using Cluster Logging Forwarder in ARO with Azure Monitor (<=4.12)

NOTE: These instructions are now only necessary for clusters on verions less than or equal to 4.12. The OpenShift Cluster Logging Operator supports a simplified configuration with Azure Monitor as of verison 5.9, which is available on clusters of version 4.13 or greater. Ideally, clusters should be ugpraded to keep them in support, so that’s a good first step to consider. If you ultimately still need the older procedure, see the setup document here .

Using Cluster Logging Forwarder in ARO with Azure Monitor (>=4.13)

NOTE: Starting from version 5.9, OpenShift Logging supports native forwarding to Azure Monitor and Azure Log Analytics, which is available on clusters running OpenShift 4.13 or higher. Please note that apiVersion was changed from logging.openshift.io/v1 to observability.openshift.io/v1 on OpenShift Logging 6.0, which is the version used on this guide. For clusters running OpenShift 4.12 or earlier, see the legacy setup document here for help with configuration. If you’re running Azure Red Hat OpenShift (ARO), you may want to be able to view and query the logs the platform and your workloads generate in Azure Monitor.

Azure DevOps with Managed OpenShift

Author: Kevin Collins Last edited: 03/14/2023 Adopted from Hosting an Azure Pipelines Build Agent in OpenShift and Kevin Chung Azure Pipelines OpenShift exampleexternal link (opens in new tab) Azure DevOps is a very popular DevOps tool that has a host of features including the ability for developers to create CI/CD pipelines. In this document, I will show you how to connect your Managed OpenShift Cluster to Azure DevOps end-to-end including running the pipeline build process in the cluster, setting up the OpenShift internal image registry to store the images, and then finally deploy a sample application.

Upgrade a disconnected ARO cluster

Background One of the great features of ARO is that you can create ‘disconnected’ clusters with no connectivity to the Internet. Out of the box, the ARO service mirrors all the code repositories to build OpenShift clusters to Azure Container Registry. This means ARO is built without having to reach out to the Internet as the images to build OpenShift are pulled via the Azure private network. When you upgrade a cluster, OpenShift needs to call out to the Internet to get an upgrade graph to see what options you have to upgrade the cluster.

Assign Consistent Egress IP for External Traffic

It may be desirable to assign a consistent IP address for traffic that leaves the cluster when configuring items such as security groups or other sorts of security controls which require an IP-based configuration. By default, Kubernetes via the OVN-Kubernetes CNI will assign random IP addresses from a pool which will make configuring security lockdowns unpredictable or unnecessarily open. This guide shows you how to configure a set of predictable IP addresses for egress cluster traffic to meet common security standards and guidance and other potential use cases.

Helm Chart to set up extra MachineSets on ARO clusters

Please refer to the The Managed OpenShift Black Belt team maintained Helm chart at hereexternal link (opens in new tab) .

Integrating Azure ARC with ARO

This document explain how to integrate ARO cluster with Azure Arc-enabled Kubernetes. When you connect a Kubernetes/OpenShift cluster with Azure Arc, it will: Be represented in Azure Resource Manager with a unique ID Be placed in an Azure subscription and resource group Receive tags just like any otherAzure resource Azure Arc-enabled Kubernetes supports the following scenarios for connected clusters: Connect Kubernetes running outside of Azure for inventory, grouping, and tagging. Deploy applications and apply configuration using GitOps-based configuration management.

Deploying Red Hat Advanced Cluster Security in ARO/ROSA

This document is based in the RHACS workshopexternal link (opens in new tab) and in the RHACS official documentation . Prerequisites An ARO cluster or a ROSA cluster . Set up the OpenShift CLI (oc) Download the OS specific OpenShift CLI from Red Hat Unzip the downloaded file on your local machine Place the extracted oc executable in your OS path or local directory Login to ARO / ROSA Login to your ARO / ROSA clusters with user with cluster-admin privileges.

Shipping logs and metrics to Azure Blob storage

Azure Red Hat Openshiftexternal link (opens in new tab) clusters have built in metrics and logs that can be viewed by both Administrators and Developers via the OpenShift Console. But there are many reasons you might want to store and view these metrics and logs from outside of the cluster. The OpenShift developers have anticipated this needs and have provided ways to ship both metrics and logs outside of the cluster.

Configure ARO to use Microsoft Entra ID

This guide demonstrates how to configure Azure AD as the cluster identity provider in Azure Red Hat OpenShift. This guide will walk through the creation of an Azure Active Directory (Azure AD) application and configure Azure Red Hat OpenShift (ARO) to authenticate using Azure AD. This guide will walk through the following steps: Register a new application in Azure AD for authentication. Configure the application registration in Azure AD to include optional claims in tokens.

Azure Service Operator V1 in ARO

The Azure Service Operator (ASO) provides Custom Resource Definitions (CRDs) for Azure resources that can be used to create, update, and delete Azure services from an OpenShift cluster. This example uses ASO V1, which has now been replaced by ASO V2. ASO V2 does not (as of 5/19/2022) yet have an entry in the OCP OperatorHub, but is functional and should be preferred for use, especially if V1 isn’t already installed on a cluster.

Azure Service Operator V2 in ARO

The Azure Service Operator (ASO) provides Custom Resource Definitions (CRDs) for Azure resources that can be used to create, update, and delete Azure services from an OpenShift cluster. This example uses ASO V2, which is a replacement for ASO V1. Equivalent documentation for ASO V1 can be found here . For new installs, V2 is recommended. MOBB has not tested running them in parallel. Prerequisites Azure CLIexternal link (opens in new tab) An Azure Red Hat OpenShift (ARO) cluster The helm CLI tool Prepare your Azure Account and ARO Cluster Install cert-manager:

Setting up Quay on an ARO cluster via Console

Red Hat Quay setup on ARO (Azure Openshift) A guide to deploying an Azure Red Hat OpenShift Cluster with Red Hat Quay. Author: [Kristopher White x Connor Wooley] Video Walkthrough If you prefer a more visual medium, you can watch [Kristopher White] walk through Quay Registry Storage Setup on YouTubeexternal link (opens in new tab) . Red Hat Quay Setup Backend Storage Setup Login to Azureexternal link (opens in new tab) Search/Click Create Resource Groups

Adding infrastructure nodes to an ARO cluster

This document shows how to set up infrastructure nodes in an ARO cluster and move infrastructure related workloads to them. This can help with larger clusters that have resource contention between user workloads and infrastructure workloads such as Prometheus. Important note: Infrastructure nodes are billed at the same rates as your existing ARO worker nodes. You can find the original (and more detailed) document describing the process for a self-managed OpenShift Container Platform cluster here Prerequisites Azure Red Hat OpenShift cluster Helm CLIexternal link (opens in new tab) Create Infra Nodes We’ll use the MOBB Helm Chart for adding ARO machinesets which parameters for creating infra nodes, it looks up an existing machineset to collect cluster specific settings and then creates a new machineset specific for infra nodes with the same settings.

Apply Azure Policy to Azure Policy

Azure Policyexternal link (opens in new tab) helps to enforce organizational standards and to assess compliance at-scale. Azure Policy supports arc enabled kubernetes clusterexternal link (opens in new tab) with both build-in and custom policies to ensure kubernetes resources are compliant. This article demonstrates how to make Azure Redhat Openshift cluster compliant with azure policy. Prerequisites Azure CLI Openshift CLI Azure Openshift Cluster (ARO Cluster) Deploy Azure Policy Deploy Azure Arc and Enable Azure Policy Add-on az connectedk8s connect -n [Cluster_Name] -g [Resource_Group_Name] az k8s-extension create --cluster-type connectedClusters --cluster-name [Cluster_Name] --resource-group [Resource_Group_Name] --extension-type Microsoft.

Setting up Quay on an ARO cluster via CLI

Pre Requisites An ARO cluster oc cli azure cli Steps Create Azure Resources Create Storage Account az login az group create --name <resource-group> --location <location> az storage account create --name <storage-account> --resource-group <resource-group> \ --location eastus --sku Standard_LRS --kind StorageV2 Create Storage Container az storage account keys list --account-name <storage_account_name> --resource-group <resource_group> --output yaml Note: this command returns a json by default with your keyName and Values, command above specifies yaml

Accessing the Internal Registry from ARO

Kevin Collins 06/28/2022 One of the advantages of using OpenShift is the internal registry that comes with OpenShfit to build, deploy and manage container images locally. By default, access to the registry is limited to the cluster ( by design ) but can be extended to usage outside of the cluster. This guide will go through the steps required to access the OpenShift Registry on an ARO cluster outside of the cluster.

Configure ARO with OpenShift Data Foundation

NOTE: This guide demonstrates how to setup and configure self-managed OpenShift Data Foundation in Internal Mode on an ARO Cluster and test it out. Prerequisites An Azure Red Hat OpenShift cluster ( verion 4.10+ ) kubectl cliexternal link (opens in new tab) oc cli moreutils (sponge) jq Install compute nodes for ODF A best practice for optimal performance is to run ODF on dedicated nodes with a minimum of one per zone.

ARO with Nvidia GPU Workloads

ARO guide to running Nvidia GPU workloads. Prerequisites oc cli Helm jq, moreutils, and gettext package An ARO 4.14 cluster Note: If you need to install an ARO cluster, please read our ARO Terraform Install Guide . Please be sure if you’re installing or using an existing ARO cluster that it is 4.14.x or higher. Note: Please ensure your ARO cluster was created with a valid pull secret (to verify make sure you can see the Operator Hub in the cluster’s console).

ARO Custom domain with cert-manager and LetsEncrypt

ARO guide to deploying an ARO cluster with custom domain and automating certificate management with cert-manager and letsencrypt certificates to manage the *.apps and api endpoints. Prerequisites az cli (already installed in Azure Cloud Shell) oc cli jq (already installed in Azure Cloud Shell) OpenShift 4.10+ domain name to use (we will create zones for this domain name during this guide) I’m going to be running this setup through Bash on the Azure Cloud Shell.

ARO IBM Cloud Paks 4 Data

A Quickstart guide to deploying an Azure Red Hat OpenShift cluster with IBM Cloud Paks 4 Data. Video Walkthrough If you prefer a more visual medium, you can watch [Kristopher White] walk through this quickstart on YouTubeexternal link (opens in new tab) . Prerequisites Azure CLI Obviously you’ll need to have an Azure account to configure the CLI against. MacOS See Azure Docsexternal link (opens in new tab) for alternative install options.

Trident NetApp operator setup for Azure NetApp files

Note: This guide a simple “happy path” to show the path of least friction to showcasing how to use NetApp files with Azure Red Hat OpenShift. This may not be the best behavior for any system beyond demonstration purposes. Prerequisites An Azure Red Hat OpenShift cluster installed with Service Principal role/credentials. kubectl cliexternal link (opens in new tab) oc cli helm 3 cliexternal link (opens in new tab) Review official trident documentationexternal link (opens in new tab) In this guide, you will need service principal and region details.

Enable the Managed Upgrade Operator in ARO and schedule Upgrades

THIS DOCUMENT IS OUTDATED, please reference the official MUO documentation hereexternal link (opens in new tab) Prerequisites an Azure Red Hat OpenShift cluster Get Started Run this oc command to enable the Managed Upgrade Operator (MUO) oc patch cluster.aro.openshift.io cluster --patch \ '{"spec":{"operatorflags":{"rh.srep.muo.enabled": "true","rh.srep.muo.managed": "true","rh.srep.muo.deploy.pullspec":"arosvc.azurecr.io/managed-upgrade-operator@sha256:f57615aa690580a12c1e5031ad7ea674ce249c3d0f54e6dc4d070e42a9c9a274"}}}' \ --type=merge Wait a few moments to ensure the Management Upgrade Operator is ready oc -n openshift-managed-upgrade-operator \ get deployment managed-upgrade-operator NAME READY UP-TO-DATE AVAILABLE AGE managed-upgrade-operator 1/1 1 1 2m2s Configure the Managed Upgrade Operator

Adding an additional ingress controller to an ARO cluster

Prerequisites an Azure Red Hat OpenShift cluster a DNS zone that you can easily modify Get Started Create some environment variables DOMAIN=custom.azure.mobb.ninja EMAIL=example@email.com SCRATCH_DIR=/tmp/aro Create a certificate for the ingress controller certbot certonly --manual \ --preferred-challenges=dns \ --email $EMAIL \ --server https://acme-v02.api.letsencrypt.org/directory \ --agree-tos \ --manual-public-ip-logging-ok \ -d "*.$DOMAIN" \ --config-dir "$SCRATCH_DIR/config" \ --work-dir "$SCRATCH_DIR/work" \ --logs-dir "$SCRATCH_DIR/logs" Create a secret for the certificate oc create secret tls custom-tls \ -n openshift-ingress \ --cert=$SCRATCH_DIR/config/live/$DOMAIN/fullchain.

Configuring IDP for ROSA, OSD and ARO

Red Hat OpenShift on AWS (ROSA) and OpenShift Dedicated (OSD) provide a simple way for the cluster administrator to configure one or more identity providers for their cluster[s] via the OpenShift Cluster Manager (OCM) , while Azure Red Hat OpenShift relies on the internal cluster authentication operatorexternal link (opens in new tab) . The identity providers available for use are: GitHub GitLab Google LDAP OpenID HTPasswd Configuring Specific Identity Providers ARO GitLab Azure AD Azure AD with Group Claims Azure AD via CLI Azure AD with Red Hat SSO ROSA/OSD GitLab Azure AD Azure AD with Group Claims (ROSA Only) Configuring Group Synchronization Using Group Sync Operator with Azure Active Directory and ROSA/OSD Using Group Sync Operator with Okta and ROSA/OSD

Registering an ARO cluster to OpenShift Cluster Manager

Registering an ARO cluster to OpenShift Cluster Manager ARO clusters do not come connected to OpenShift Cluster Manager by default, because Azure would like customers to specifically opt-in to connections / data sent outside of Azure. This is the case with registering to OpenShift cluster manager, which enables a telemetry service in ARO. Prerequisites An Red Hat account. If you have any subscriptions with Red Hat, you will have a Red Hat account.

Installing the HashiCorp Vault Secret CSI Driver

The HashiCorp Vault Secret CSI Driver allows you to access secrets stored in HashiCorp Vault as Kubernetes Volumes. Prerequisites An OpenShift Cluster (ROSA, ARO, OSD, and OCP 4.x all work) oc helm v3 Installing the Kubernetes Secret Store CSI Create an OpenShift Project to deploy the CSI into oc new-project k8s-secrets-store-csi Set SecurityContextConstraints to allow the CSI driver to run (otherwise the DaemonSet will not be able to create Pods)

Installing the Kubernetes Secret Store CSI on OpenShift

The Kubernetes Secret Store CSI is a storage driver that allows you to mount secrets from external secret management systems like HashiCorp Vault and AWS Secrets. It comes in two parts, the Secret Store CSI, and a Secret provider driver. This document covers just the CSI itself. Prerequisites An OpenShift Cluster (ROSA, ARO, OSD, and OCP 4.x all work) kubectl helm v3 Installing the Kubernetes Secret Store CSI Create an OpenShift Project to deploy the CSI into

Azure Key Vault CSI on Azure Red Hat OpenShift

This document is adapted from the Azure Key Vault CSI Walkthroughexternal link (opens in new tab) specifically to run with Azure Red Hat OpenShift (ARO). Prerequisites An ARO cluster The AZ CLI (logged in) The OC CLI (logged in) Helm 3.x CLI Environment Variables Run this command to set some environment variables to use throughout Note if you created the cluster from the instructions linked above these will re-use the same environment variables, or default them to openshift and eastus.

ARO - Considerations for Disaster Recovery

This is a high level overview of disaster recovery options for Azure Red Hat OpenShift. It is not a detailed design, but rather a starting point for a more detailed design. What is Disaster Recovery (DR) Disaster Recovery is an umbrella term that includes the following: Backup (and restore!) Failover (and failback!) High Availability Disaster Avoidence The most important part of Disaster Recovery is the “Recovery”. Whatever your DR plan it must be tested and ideally performed on a semi-regular basis.

Private ARO Cluster with access via JumpHost

A Quickstart guide to deploying a Private Azure Red Hat OpenShift cluster. Once the cluster is running you will need a way to access the private network that ARO is deployed into. Authors: Paul Czarkowskiexternal link (opens in new tab) , Ricardo Macedo Martinsexternal link (opens in new tab) Prerequisites Azure CLI Obviously you’ll need to have an Azure account to configure the CLI against. MacOS See Azure Docsexternal link (opens in new tab) for alternative install options.

Using the Egressip Ipam Operator with a Private ARO Cluster

This guide is only valid for ARO clusters created on version 4.10 or earlier. Clusters created on version 4.11 and later use OVNKubernetes as their Container Network Interface, and egressip-ipam-operator does not support OVNKubernetes. In addition, please refer hereexternal link (opens in new tab) to create a private ARO cluster without using public IP address. This way, you will be using UserDefinedRouting for egressexternal link (opens in new tab) .

Demonstrate GitOps on Managed OpenShift with ArgoCD

Author: Steve Mirmanexternal link (opens in new tab) Video Walkthrough If you prefer a more visual medium, you can watch Steve Mirmanexternal link (opens in new tab) walk through this quickstart on YouTubeexternal link (opens in new tab) . The purpose of this document is to help you get OpenShift GitOps running in your cluster, including deploying a sample application and demonstrating how ArgoCD ensures environment consistency. This demo assumes you have a Managed OpenShift Cluster available and cluster-admin rights.

Federating System and User metrics to Azure Blob storage in Azure Red Hat OpenShift

By default Azure Red Hat OpenShift (ARO) stores metrics in Ephemeral volumes, and its advised that users do not change this setting. However its not unreasonable to expect that metrics should be persisted for a set amount of time. This guide shows how to set up Thanos to federate both System and User Workload Metrics to a Thanos gateway that stores the metrics in Azure Blob Container and makes them available via a Grafana instance (managed by the Grafana Operator).

Installing Astronomer on a private ARO cluster

see here for public clusters. This assumes you’ve already got a private ARO cluster installed. You could also follow the same instructions to create a public Astronomer, just use a regular DNS zone and skip the private parts. A default 3-node cluster is a bit small for Astronomer, If you have a three node cluster you can increase it by updating the replicas count machinesets in the openshift-machine-api namespace.

Deploying ARO using azurerm Terraform Provider

Overview Infrastructure as Code has become one of the most prevalent ways in which to deploy and install code for good reason, especially on the cloud. This lab will use the popular tool Terraform in order to create a clear repeatable process in which to install an Azure Managed Openshift(ARO) cluster and all the required components. Terraform Terraform is an open-source IaC tool developed by HashiCorp. It provides a consistent and unified language to describe infrastructure across various cloud providers such as AWS, Azure, Google Cloud, and many others.

Interested in contributing to these docs?

Collaboration drives progress. Help improve our documentation The Red Hat Way.

Red Hat logo LinkedIn YouTube Facebook Twitter

Products

Tools

Try, buy & sell

Communicate

About Red Hat

We’re the world’s leading provider of enterprise open source solutions—including Linux, cloud, container, and Kubernetes. We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

Subscribe to our newsletter, Red Hat Shares

Sign up now
© 2023 Red Hat, Inc.