20230328 ARO Technical Workshop

Slide 1

Slide 1 text

Technical Workshop Phil Huang Sr. Cloud Solution Architect 2023/3/28 Azure Red Hat OpenShift

Slide 2

Slide 2 text

Ref: https://microsoft.github.io/aroworkshop/

Slide 3

Slide 3 text

Create Azure Red Hat OpenShift

Slide 4

Slide 4 text

Create Azure Red Hat OpenShift Cluster (1/4)

Slide 5

Slide 5 text

Create Azure Red Hat OpenShift Cluster (2/4)

Slide 6

Slide 6 text

Create Azure Red Hat OpenShift Cluster (3/4) Azure Visual Subnet Calculator YouTube

Slide 7

Slide 7 text

Azure Red Hat OpenShift 網路參數 CIDR Design 預設子網段子網段可改? 預設遮罩 (Netmask) 備註 Master Node CIDR 跟隨初始設定 Yes 最小 /27 Worker Node CIDR 跟隨初始設定 Yes 最小 /27 Service CIDR 172.30.0.0/16 Yes 預設 /16，最小 /18 Pod CIDR 10.128.0.0/14 Yes 預設 /14，最小 /18 每一個 Node 預設分配 /23 網段，不可修改 Ref: https://docs.microsoft.com/zh-tw/azure/openshift/concepts-networking Netmask Usable Hosts /27 30 /24 254 /23 510 /18 16382 /16 65534 /14 262142

Slide 8

Slide 8 text

API Server Visibility Ingress Visibility Public Public

Slide 9

Slide 9 text

Create Azure Red Hat OpenShift Cluster (4/4)

Slide 10

Slide 10 text

Azure Portal 視野

Slide 11

Slide 11 text

獲得登入帳號密碼

Slide 12

Slide 12 text

獲得帳號密碼及開啟 OpenShift Console

Slide 13

Slide 13 text

可以使用 oc command 登入

Slide 14

Slide 14 text

請愛用 az aro Ref: https://learn.microsoft.com/en-us/cli/azure/aro?view=azure-cli-latest#az-aro-create az aro create --master-subnet --name --resource-group --worker-subnet [--apiserver-visibility {Private, Public}] [--client-id] [--client-secret] [--cluster-resource-group] [--disk-encryption-set] [--domain] [--fips {false, true}] [--ingress-visibility {Private, Public}] [--location] [--master-enc-host {false, true}] [--master-vm-size] [--no-wait] [--pod-cidr] [--pull-secret] [--service-cidr] [--tags] [--version] [--vnet] [--vnet-resource-group] [--worker-count] [--worker-enc-host {false, true}] [--worker-vm-disk-size-gb] [--worker-vm-size]

Slide 15

Slide 15 text

Extend Azure Red Hat OpenShift

Slide 16

Slide 16 text

Azure Red Hat OpenShift Landing Zone Accelerator Azure Red Hat OpenShift Reference Architecture Ref: https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/scenarios/app-platform/azure-red-hat-openshift/landing-zone-accelerator • 網路拓樸和連線能力 • 身分識別 • 安全性 • 平台自動化 • 維運管理

Slide 17

Slide 17 text

整合 Azure Services ARO Point of View Ref: https://learn.microsoft.com/zh-tw/azure/cloud-adoption-framework/scenarios/app-platform/azure-red-hat-openshift/landing-zone-accelerator

Slide 18

Slide 18 text

任何等級問題皆可問善用你的上班小助理 ChatGPT

Slide 19

Slide 19 text

Azure Private DNS Resolver and DNS Forwarder VM Azure Private DNS Resolver DNS Forwarder VM

Slide 20

Slide 20 text

Private DNS zone privatelink.database.windows.net Azure-provided DNS 168.63.129.16 azsql1.database.windows.net VPN / ExpressRoute snet-consumer Client VM 10.0.0.10 Private Link endpoint 10.5.0.5 DNS forwarder 10.5.0.254 Azure recursive resolvers 3 4 5 6 Virtual network link VNet-hub-001 10.5.0.0/24 On-premises network 10.0.0.0/24 2 7 DNS traffic Private connection Internal DNS 10.0.0.254 1 8 9 Conditional forwarder IP address 10.5.0.254 DNS vmdns Forward Lookup Zones Reverse Lookup Zones Trust Points Conditional Forwarders database.windows.net Microsoft Azure Use DNS Forwarder VM

Slide 21

Slide 21 text

On-premises server Windows desktops APP 2 APP 3 APP 1 Outbound endpoint 10.11.0.68 Inbound endpoint 10.11.0.84 DNS Query Spoke 1 Spoke 2 Peering (optional) 10.11.0.0/16 10.11.0.80/28 10.11.0.64/28 10.12.0.0/24 10.10.0.0/24 abc.privatelink.blob.core.windows.net – 10.11.0.5 abc.privatelink.azure-api.net - 10.11.0.6 192.168.78.100/24 Azure Private DNS Azure DNS VM 1 VM 2 Virtual network link App1.onprem.company.com - 192.168.78.1 App2.onprem.company.com - 192.168.79.1 blob.core.windows.net – 10.11.0.84 (via forwarder) azure-api.net – 10.11.0.84 (via forwarder) On-premises 1 3 4 5 5 Azure ExpressRoute 2 Site-to-site or Azure ExpressRoute gateway Azure Microsoft Azure Azure DNS Private Resolver Traffic flow for on-premise DNS Query https://learn.microsoft.com/en-us/azure/architecture/example-scenario/networking/azure-dns-private-resolver

Slide 22

Slide 22 text

Azure Portal 與 Azure Red Hat OpenShift 內外視野比較 VM and Node

Slide 23

Slide 23 text

Machine API Operator for Azure 基於 Kubernetes Cluster API 的 API Adopters

Slide 24

Slide 24 text

Machine API Operator for Azure 基於 Kubernetes Cluster API 的 API Adopters Ref: https://capz.sigs.k8s.io/ https://github.com/openshift/machine-api-provider-azure CRD API Group Default? 目的 Node v1 Yes 以 Kubernetes 角度描述，包含 CPU / Mem. / 可用 Pod 數量等 Machines machine.openshift.io Yes 描述 VM Instances 角度描述，如 SKU / osDisk / Zone / Images 名稱等 MachineSets machine.openshift.io Yes 負責維護 Machine 數量 MachineHealthChecks machine.openshift.io Yes 確認 Machine 健康與否 MachineAutoscalers autoscaling.openshift.io No 以單一叢集角度設定資源限制 / ScaleDown 的條件等 MachineConfigs machieconfiguration.ope nshift.io Yes 定義每個機器的設定，包含 Kernel 參數 / OS 相關設定 / SSH Key 等

Slide 25

Slide 25 text

Demo Azure Red Hat OpenShift

Slide 26

Slide 26 text

pichuang/debug-container 該 Container 包含常見的除錯工具 Ref: https://github.com/pichuang/debug-container

Slide 27

Slide 27 text

Invent with purpose.