20230328 ARO Technical Workshop

Transcript

1. Technical Workshop Phil Huang <[email protected]> Sr. Cloud Solution Architect 2023/3/28

   Azure Red Hat OpenShift

2. Ref: https://microsoft.github.io/aroworkshop/

3. Create Azure Red Hat OpenShift

4. Create Azure Red Hat OpenShift Cluster (1/4)

5. Create Azure Red Hat OpenShift Cluster (2/4)

6. Create Azure Red Hat OpenShift Cluster (3/4) Azure Visual Subnet

   Calculator YouTube

7. Azure Red Hat OpenShift 網路參數 CIDR Design 預設子網段 子網段可改? 預設遮罩

   (Netmask) 備註 Master Node CIDR 跟隨初始設定 Yes 最小 /27 Worker Node CIDR 跟隨初始設定 Yes 最小 /27 Service CIDR 172.30.0.0/16 Yes 預設 /16，最小 /18 Pod CIDR 10.128.0.0/14 Yes 預設 /14，最小 /18 每一個 Node 預設分配 /23 網段， 不可修改 Ref: https://docs.microsoft.com/zh-tw/azure/openshift/concepts-networking Netmask Usable Hosts /27 30 /24 254 /23 510 /18 16382 /16 65534 /14 262142

8. API Server Visibility Ingress Visibility Public Public

9. Create Azure Red Hat OpenShift Cluster (4/4)

10. Azure Portal 視野

11. 獲得登入帳號密碼

12. 獲得帳號密碼及開啟 OpenShift Console

13. 可以使用 oc command 登入

14. 請愛用 az aro Ref: https://learn.microsoft.com/en-us/cli/azure/aro?view=azure-cli-latest#az-aro-create az aro create --master-subnet --name

    --resource-group --worker-subnet [--apiserver-visibility {Private, Public}] [--client-id] [--client-secret] [--cluster-resource-group] [--disk-encryption-set] [--domain] [--fips {false, true}] [--ingress-visibility {Private, Public}] [--location] [--master-enc-host {false, true}] [--master-vm-size] [--no-wait] [--pod-cidr] [--pull-secret] [--service-cidr] [--tags] [--version] [--vnet] [--vnet-resource-group] [--worker-count] [--worker-enc-host {false, true}] [--worker-vm-disk-size-gb] [--worker-vm-size]

15. Extend Azure Red Hat OpenShift

16. Azure Red Hat OpenShift Landing Zone Accelerator Azure Red Hat

    OpenShift Reference Architecture Ref: https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/scenarios/app-platform/azure-red-hat-openshift/landing-zone-accelerator • 網路拓樸和連線能力 • 身分識別 • 安全性 • 平台自動化 • 維運管理

17. 整合 Azure Services ARO Point of View Ref: https://learn.microsoft.com/zh-tw/azure/cloud-adoption-framework/scenarios/app-platform/azure-red-hat-openshift/landing-zone-accelerator

18. 任何等級問題皆可問 善用你的上班小助理 ChatGPT

19. Azure Private DNS Resolver and DNS Forwarder VM Azure Private

    DNS Resolver DNS Forwarder VM

20. Private DNS zone privatelink.database.windows.net Azure-provided DNS 168.63.129.16 azsql1.database.windows.net VPN /

    ExpressRoute snet-consumer Client VM 10.0.0.10 Private Link endpoint 10.5.0.5 DNS forwarder 10.5.0.254 Azure recursive resolvers 3 4 5 6 Virtual network link VNet-hub-001 10.5.0.0/24 On-premises network 10.0.0.0/24 2 7 DNS traffic Private connection Internal DNS 10.0.0.254 1 8 9 Conditional forwarder IP address 10.5.0.254 DNS vmdns Forward Lookup Zones Reverse Lookup Zones Trust Points Conditional Forwarders database.windows.net Microsoft Azure Use DNS Forwarder VM

21. On-premises server Windows desktops APP 2 APP 3 APP 1

    Outbound endpoint 10.11.0.68 Inbound endpoint 10.11.0.84 DNS Query Spoke 1 Spoke 2 Peering (optional) 10.11.0.0/16 10.11.0.80/28 10.11.0.64/28 10.12.0.0/24 10.10.0.0/24 abc.privatelink.blob.core.windows.net – 10.11.0.5 abc.privatelink.azure-api.net - 10.11.0.6 192.168.78.100/24 Azure Private DNS Azure DNS VM 1 VM 2 Virtual network link App1.onprem.company.com - 192.168.78.1 App2.onprem.company.com - 192.168.79.1 blob.core.windows.net – 10.11.0.84 (via forwarder) azure-api.net – 10.11.0.84 (via forwarder) On-premises 1 3 4 5 5 Azure ExpressRoute 2 Site-to-site or Azure ExpressRoute gateway Azure Microsoft Azure Azure DNS Private Resolver Traffic flow for on-premise DNS Query https://learn.microsoft.com/en-us/azure/architecture/example-scenario/networking/azure-dns-private-resolver

22. Azure Portal 與 Azure Red Hat OpenShift 內外視野比較 VM and

    Node

23. Machine API Operator for Azure 基於 Kubernetes Cluster API 的

    API Adopters

24. Machine API Operator for Azure 基於 Kubernetes Cluster API 的

    API Adopters Ref: https://capz.sigs.k8s.io/ https://github.com/openshift/machine-api-provider-azure CRD API Group Default? 目的 Node v1 Yes 以 Kubernetes 角度描述，包含 CPU / Mem. / 可用 Pod 數量等 Machines machine.openshift.io Yes 描述 VM Instances 角度描述，如 SKU / osDisk / Zone / Images 名稱等 MachineSets machine.openshift.io Yes 負責維護 Machine 數量 MachineHealthChecks machine.openshift.io Yes 確認 Machine 健康與否 MachineAutoscalers autoscaling.openshift.io No 以單一叢集角度設定 資源限制 / ScaleDown 的條件等 MachineConfigs machieconfiguration.ope nshift.io Yes 定義每個機器的設定，包含 Kernel 參數 / OS 相關設定 / SSH Key 等

25. Demo Azure Red Hat OpenShift

26. pichuang/debug-container 該 Container 包含常見的除錯工具 Ref: https://github.com/pichuang/debug-container

27. Invent with purpose.