Azure on Ricardo Martins — Cloud Architecture, Azure, Kubernetes & AI

Private ARO Cluster with Access via JumpHost

Tue, 21 Jan 2025 10:00:00 -0400

This article was originally published at https://cloud.redhat.com/experts/aro/private-cluster/

A Quickstart guide to deploying a Private Azure Red Hat OpenShift cluster.

Prerequisites

Azure CLI

Obviously you’ll need to have an Azure account to configure the CLI against.

MacOS

See Azure Docs for alternative install options.

Install Azure CLI using homebrew

brew update && brew install azure-cli

Install sshuttle using homebrew

brew install sshuttle

Linux

See Azure Docs for alternative install options.

Import the Microsoft Keys

sudo rpm --import https://packages.microsoft.com/keys/microsoft.asc

Add the Microsoft Yum Repository

cat << EOF | sudo tee /etc/yum.repos.d/azure-cli.repo
[azure-cli]
name=Azure CLI
baseurl=https://packages.microsoft.com/yumrepos/azure-cli
enabled=1
gpgcheck=1
gpgkey=https://packages.microsoft.com/keys/microsoft.asc
EOF

Install Azure CLI

sudo dnf install -y azure-cli sshuttle

Prepare Azure Account for Azure OpenShift

Log into the Azure CLI by running the following and then authorizing through your Web Browser

az login

Make sure you have enough Quota (change the location if you’re not using East US)

az vm list-usage --location "East US" -o table

See Addendum – Adding Quota to ARO account if you have less than 36 Quota left for Total Regional CPUs

Creating a Lightweight Jump Host in Azure with sshuttle (No VPN Required)

Fri, 04 Oct 2024 10:00:00 -0400

When working with development or test environments in Azure, a common need is secure access to internal resources without exposing them directly to the internet. While VPN solutions are a robust way to achieve this, they can often be overkill for simple use cases, especially when you just want to access a few VMs or services for testing. A jump host combined with sshuttle offers a simple, VPN-like solution that can be quickly deployed and used to tunnel traffic to your Azure resources—without the overhead of setting up a full VPN.

Deploying Advanced Cluster Management and OpenShift Data Foundation for ARO Disaster Recovery

Fri, 04 Oct 2024 10:00:00 -0400

This article was originally published at https://cloud.redhat.com/experts/aro/acm-odf-aro/

A guide to deploying Advanced Cluster Management (ACM) and OpenShift Data Foundation (ODF) for Azure Red Hat OpenShift (ARO) Disaster Recovery.

Overview

VolSync is not supported for ARO in ACM: https://access.redhat.com/articles/7006295 so if you run into issues and file a support ticket, you will receive the information that ARO is not supported.

In today’s fast-paced and data-driven world, ensuring the resilience and availability of your applications and data has never been more critical. The unexpected can happen at any moment, and the ability to recover quickly and efficiently is paramount. That’s where OpenShift Advanced Cluster Management (ACM) and OpenShift Data Foundation (ODF) come into play. In this guide, we will explore the deployment of ACM and ODF for disaster recovery (DR) purposes, empowering you to safeguard your applications and data across multiple clusters.

Configure ARO to Use Microsoft Entra ID Group Claims

Thu, 03 Oct 2024 10:00:00 -0400

This article was originally published at Configure ARO to use Microsoft Entra ID Group Claims | Red Hat Cloud Experts

This guide demonstrates how to utilize the OpenID Connect group claim functionality implemented in OpenShift 4.10. This functionality allows an identity provider to provide a user’s group membership for use within OpenShift. This guide will walk through the creation of an Azure Active Directory (Azure AD) application, configure the necessary Azure AD groups, and configure Azure Red Hat OpenShift (ARO) to authenticate and manage authorization using Azure AD.

ARO with Nvidia GPU Workloads

Thu, 08 Aug 2024 10:00:00 -0400

This article was originally published at ARO with Nvidia GPU Workloads | Red Hat Cloud Experts

ARO guide to running Nvidia GPU workloads.

Prerequisites

oc cli
Helm
jq, moreutils, and gettext package
An ARO 4.14 cluster

Note: If you need to install an ARO cluster, please read our ARO Terraform Install Guide. Please be sure if you’re installing or using an existing ARO cluster that it is 4.14.x or higher.

Note: Please ensure your ARO cluster was created with a valid pull secret (to verify make sure you can see the Operator Hub in the cluster’s console). If not, you can follow these instructions.

What to Consider When Using Azure AD as IDP

Fri, 24 May 2024 10:00:00 -0400

This article was originally published at What to consider when using Azure AD as IDP? | Red Hat Cloud Experts

In this guide, we will discuss key considerations when using Azure Active Directory (AAD) as the Identity Provider (IDP) for your ARO or ROSA cluster. Below are some helpful references:

Default Access for All Users in Azure Active Directory

Once you set up AAD as the IDP for your cluster, it’s important to note that by default, all users in your Azure Active Directory instance will have access to the cluster. They can log in using their AAD credentials through the OpenShift Web Console endpoint:

Building a Secure and Scalable Foundation for Your Environment on Azure

Mon, 20 May 2024 10:00:00 -0400

Great! You just started your Azure journey and now it’s time to scale your infrastructure to meet the growing demands of your business. Microsoft Azure offers a robust cloud platform that can grow with you, but where do you begin? This article will introduce you to three fundamental building blocks for your Azure journey: Azure Subscriptions, Microsoft Entra ID (formerly Azure Active Directory), and Azure Enterprise Scale Landing Zones.

Understanding the Basics

Microsoft Entra ID (Former Azure Active Directory)

Microsoft Entra ID, previously known as Azure Active Directory (Azure AD), is the backbone of identity and access management in Azure. It is a cloud-based identity and access management service that provides:

Maximizing Cost Efficiency in Azure: Navigating Azure Reservations and Savings Plans

Wed, 15 May 2024 10:00:00 -0400

Introduction:

In the realm of cloud computing, optimizing costs is paramount for businesses leveraging Microsoft Azure. Azure offers two primary cost-saving mechanisms: Azure Reservations and Azure Savings Plans. Both options come with distinct advantages, disadvantages, and usage scenarios. In this comprehensive guide, we’ll explore these features, penalties, and ideal use cases to empower you in making informed decisions tailored to your business needs.

Understanding Azure Reservations:

Azure Reservations provide businesses the opportunity to commit to one-year or three-year plans for various products within the Azure ecosystem. The commitment entails a promise of usage, enabling significant discounts of up to 72% off pay-as-you-go prices.

Azure Front Door with ARO (Azure Red Hat OpenShift)

Tue, 09 Apr 2024 10:00:00 -0400

This article was originally published at Azure Front Door with ARO ( Azure Red Hat OpenShift ) | Red Hat Cloud Experts

Securing exposing an Internet facing application with a private ARO Cluster.

When you create a cluster on ARO you have several options in making the cluster public or private. With a public cluster you are allowing Internet traffic to the api and *.apps endpoints. With a private cluster you can make either or both the api and .apps endpoints private.

Prerequisites Checklist to Deploy ARO Cluster

Thu, 30 Nov 2023 10:00:00 -0400

This article was originally published at https://cloud.redhat.com/experts/aro/prereq-list/

Before deploying an ARO cluster, ensure you meet the following prerequisites:

Setup Tools

Install Azure CLI: Essential for managing Azure resources. Refer to the official documentation

Verify Resources

Core Quota: Confirm availability of at least 40 cores to create and run an OpenShift Cluster.

Permissions

RBAC Settings:
- Ensure you have Contributor and User Access Administrator roles on the cluster resource group.
- Assign Network Contributor role on the virtual network, if using a separate resource group.
- For stricter security policies, create a custom role with necessary permissions. Reference link.
Microsoft Entra (Former Azure AD):
- Have a member user of the tenant or a guest with Application administrator role for the tooling to create an application and service principal on your behalf for the cluster.
Terraform: If you plan to use Terraform for the deployment of the cluster, see here the required permissions.

Azure Integration

Resource Provider:
- Register the Microsoft.RedHatOpenshift resource provider. Reference link.
Red Hat Integration:
- Obtain a Red Hat pull secret (Recommended for access to additional content like Operators and Container Registries).

Domain Configuration

This step is optional since you can use the built-in domain.

Setup a VPN Connection into an ARO Cluster with OpenVPN

Wed, 29 Mar 2023 10:00:00 -0400

This article was originally published at Setup a VPN Connection into an ARO Cluster with OpenVPN | Red Hat Cloud Experts

When you configure an Azure Red Hat OpenShift (ARO) cluster with a private only configuration, you will need connectivity to this private network in order to access your cluster. This guide will show you how to configure a point-to-site VPN connection so you won’t need to setup and configure Jump Boxes.