Azure ARO Deployment and Management Guide

Azure ARO is a fully managed service that automates the deployment and management of Azure Database for PostgreSQL, Azure Database for MySQL, and Azure Database for PostgreSQL Hyperscale.

You can deploy Azure ARO in a matter of minutes, with a few clicks in the Azure portal.

Azure ARO is built on top of Azure Kubernetes Service (AKS) and Azure Storage, providing a scalable and highly available infrastructure for your databases.

The service includes automatic patching, backups, and monitoring, reducing the administrative burden and ensuring your databases are always up-to-date and secure.

You can deploy an Azure Red Hat OpenShift (ARO) cluster across multiple availability zones, which is automatically done if you're in an Azure region that supports availability zones.

ARO cluster deployment is no longer a preview feature, so you don't need to enable it.

To deploy a cluster, use the Azure CLI with the --domain parameter if you're using a company domain, and be prepared for a 30-40 minute deployment time.

Deployment is a straightforward process with Azure Red Hat OpenShift. You can deploy and scale containers on managed Red Hat OpenShift using Azure Red Hat OpenShift, which provides a flexible, self-service deployment of fully managed OpenShift clusters.

ARO cluster deployment is also a simple process, and until recently, it was a preview feature that required enabling, but this is no longer necessary.

To deploy a cluster, you can use the Azure CLI, and deployment takes about 30-40 minutes. You'll get back some relevant information, including the API URL necessary to log in to the cluster.

You can customize the deployment by specifying a company domain using the --domain parameter, and the full list of parameters can be found in the Azure CLI documentation.

If a deployment fails, you can delete the cluster using a specific command, and the complete removal of a successfully deployed cluster can take about 30-40 minutes.

Azure Red Hat OpenShift clusters can be deployed across multiple availability zones automatically if your cluster is deployed to an Azure region that supports availability zones.

You can validate installable versions of Azure Red Hat OpenShift by using the Azure Red Hat OpenShift release calendar. This calendar outlines the available versions for you to choose from.

To check the available versions, you can also run an Azure CLI command. This command provides a quick and easy way to see which versions are available for installation.

The Azure CLI command can be used to check the install availability of Azure Red Hat OpenShift. This command is especially useful when planning a new cluster deployment.

Here are the two mechanisms through which an Azure Red Hat OpenShift release is available:

You can deploy a cluster across multiple availability zones if your Azure region supports it. This allows for greater flexibility and redundancy in your cluster deployment.

Azure ARO Configuration is a crucial step in setting up your Azure Arc-enabled Kubernetes (AKS) cluster. You can configure ARO using the Azure portal, Azure CLI, or Terraform.

To create an ARO cluster, you need to specify the resource group, location, and Kubernetes version. The Kubernetes version can be either 1.21 or 1.22, depending on your requirements.

When choosing the Kubernetes version, consider the compatibility with your existing workload and any potential upgrade or downgrade implications.

To access Red Hat container registries and other content, you need a Red Hat pull secret. This step is optional but recommended.

You can obtain a pull secret by navigating to your Red Hat OpenShift cluster manager portal and signing in. You'll need to log in to your Red Hat account or create a new one with your business email and accept the terms and conditions.

The pull secret is downloaded as a file named pull-secret.txt, which you should keep safe. You can use this file to create clusters that include samples or operators from Red Hat or certified partners.

To use the pull secret with the az aro create command, you can reference it using the --pull-secret @pull-secret.txt parameter. Make sure to execute the command from the directory where you stored the pull-secret.txt file.

If you're copying the pull secret or referencing it in other scripts, it should be formatted as a valid JSON string.

Control Plane Nodes are a crucial part of Azure ARO configuration, and they're responsible for managing the Kubernetes cluster.

Each Control Plane Node runs a single instance of the Kubernetes control plane, which includes the API server, controller manager, and scheduler.

Control Plane Nodes are typically deployed as a set of three or five nodes for high availability.

These nodes are usually deployed as VMs in an Availability Set to ensure high availability and minimize downtime.

The Control Plane Nodes are the only nodes in the cluster that are not part of a node pool.

Azure ARO is optimized for memory and compute, making it a great choice for resource-intensive workloads. This is reflected in its impressive specifications.

The M128ms instance, for example, comes with 128 vCPUs and 3,892 GiB of RAM, making it a beast of a machine. This level of performance is perfect for demanding applications that require a lot of computational power.

If you're looking to deploy your application on OpenShift, you'll be happy to know that the Linux VM price for the M128ms instance is $5.472. This is a significant cost savings compared to other cloud providers.

Optimized Performance is a key aspect of Azure ARO, and it's great to see the various options available to users. The M128ms instance is a prime example of this, with 128 vCPUs at its disposal.

This instance comes with a generous 3,892 GiB of RAM, making it well-suited for memory-intensive workloads. With a Linux VM price of $-, it's clear that cost-effectiveness is a priority.

The OpenShift price for this instance is $5.472, which is a significant factor to consider for users who rely on this platform. Pay As You Go and reserved pricing options are also available, but their prices are not specified in the provided data.

In terms of reserved pricing, users have the option to choose between 1 year and 3 year terms, but the prices for these options are not disclosed.

Large Scale Azure Red Hat OpenShift clusters can be deployed with more than 100 worker nodes. This is a significant advantage for businesses with large-scale workloads.

If you're planning to deploy a large ARO cluster, you'll need to consider the costs involved. The Linux VM pricing model applies to master nodes, infrastructure nodes, and application nodes, which are all run on Azure Virtual Machines.

The costs for large-scale clusters can add up quickly. However, Azure Red Hat OpenShift provides flexibility in pricing options, including on-demand pricing and reserved instances.

Here's a brief summary of the pricing options for large-scale clusters:

In addition to compute and infrastructure costs, application nodes have an additional cost for the OpenShift license component. This is billed based on the number of application nodes and the instance type.

You can get a walkthrough of Azure pricing to understand how it works for your cloud solution.

Get a custom proposal for your cloud solution by requesting one from Azure.

Azure pricing is all about finding the right fit for your budget, and they offer various options to help you optimize costs.

Azure offers a walkthrough of its pricing, which is essential for understanding the costs associated with your cloud solution.

You can learn about cost optimization to make the most of your Azure expenses.

Azure provides pricing for various cloud solutions, and it's crucial to understand these costs to make informed decisions.

To get a better grasp of Azure pricing, you can request a custom proposal that suits your specific needs.

This approach allows you to tailor your cloud solution to your budget and requirements.

A cluster transitions to a Limited Support status if you don't update it to a supported version before the end-of-life date.

This can have significant implications for your cluster's maintenance and support. You'll no longer receive proactive monitoring from Azure Red Hat OpenShift SREs.

If your cluster is in a Limited Support status, you won't be eligible for credits under the SLA. However, you still have access to product support.

A cluster might also enter Limited Support status if you remove or replace native Azure Red Hat OpenShift components or other components managed by the service. This can happen if you're trying to customize your cluster or troubleshoot issues.

Azure ARO Networking is a critical component of setting up a successful Azure Red Hat OpenShift (ARO) cluster. Cross-namespace networking is supported, allowing customer and individual project admins to customize it on a per-project basis using NetworkPolicy objects.

To create a virtual network for your ARO cluster, you'll need to create a resource group and a virtual network with two empty subnets. This can be done using the Azure CLI with commands like `az group create` and `az network vnet create`.

Here are the specific steps to create a virtual network:

Note that Azure Red Hat OpenShift clusters running OpenShift 4 require a virtual network with two empty subnets for the control plane and worker nodes.

Customer and individual project admins can customize cross-namespace networking on a per-project basis using NetworkPolicy objects.

You can deny cross-namespace networking if needed, giving you more control over your network settings.

In some cases, you might need to disable self-provisioning in 4.6 clusters, which is a specific consideration when working with cross-namespace networking.

Disabling self-provisioning can help prevent unauthorized changes to your network configuration.

To create a virtual network with two empty subnets, you need to set up the following variables in your shell environment: LOCATION=eastus, RESOURCEGROUP=aro-rg, and CLUSTER=cluster.

The LOCATION variable specifies the location of your cluster, and in this case, it's set to eastus. This means that your resources will be deployed and managed in the eastus region.

You'll also need to create a resource group using the az group create command. This will create a logical group in which your Azure resources are deployed and managed. The resource group name is aro-rg, and it's created in the eastus location.

To create a virtual network, you can either use an existing one or create a new one. In this case, we're creating a new virtual network in the same resource group we just created. The virtual network is named aro-vnet, and it has an address prefix of 10.0.0.0/22.

To add an empty subnet for the master nodes, you'll need to create a subnet with the name master-subnet and an address prefix of 10.0.0.0/23. Similarly, to add an empty subnet for the worker nodes, you'll need to create a subnet with the name worker-subnet and an address prefix of 10.0.0.2.0/23.

Here's a summary of the steps to create a virtual network with two empty subnets:

To deploy an ARO cluster, several Azure providers need to be enabled first. This is a crucial step that sets the stage for a successful ARO networking setup.

Azure API providers play a vital role in this process. They are the gatekeepers that allow us to access the necessary resources and features for ARO deployment.

To be able to deploy an ARO cluster, several Azure providers need to be enabled first. This includes enabling the providers that will manage our ARO resources and configurations.

Enabling these providers is a straightforward process that can be done through the Azure portal. It's a simple step, but one that's essential for getting started with ARO networking.

Integration is a straightforward process that allows you to leverage your existing team structures and groups from your Active Directory. To start, create a few environment variables to support the implementation.

You'll need to create an Azure AD Application to integrate OpenShift authentication with Azure AD, which requires an Azure Active Directory Graph scope permission. This permission is specifically Azure Active Directory Graph.User.Read.

Optional claims can be configured to use email with a UPN fallback authentication, and you'll also need to create an OpenShift OAuth resource object to connect the cluster with the AAD. This object can be created by applying a YAML file, which requires you to be logged in as the kubeadmin user.

The reply URL in the AAD application needs to point to the oauthCallbackURL, which can be changed through the portal. This is an important step, as it allows users to log in with their AAD credentials and start working.