/terraform-aro

Terraform script for ARO clusters

Primary LanguageHCLApache License 2.0Apache-2.0

Using Terraform to build an ARO cluster

Azure Red Hat OpenShift (ARO) is a fully-managed turnkey application platform.

Supports Public ARO clusters and Private ARO clusters.

Setup

Using the code in the repo will require having the following tools installed:

  • The Terraform CLI
  • The OC CLI

Create the ARO cluster and required infrastructure

Public ARO cluster

  1. Modify the variable.tf var file, or modify the following command to customize your cluster.

    terraform init
terraform plan -var "cluster_name=my-tf-cluster" -out aro.plan
terraform apply aro.plan

Private ARO cluster

  1. Modify the variable.tf var file, or modify the following command to customize your cluster.

    terraform init
terraform plan -var "cluster_name=my-tf-cluster" -var "aro_private=true" -var "restrict_egress_traffic=true"  -out aro.plan
terraform apply aro.plan

    NOTE: restrict_egress_traffic=true will secure ARO cluster by routing Egress traffic through an Azure Firewall.

Test Connectivity

  1. Get the ARO cluster's console URL.

    ARO_URL=$(az aro show -n $AZR_CLUSTER -g $AZR_RESOURCE_GROUP -o json | jq -r '.apiserverProfile.url')
echo $ARO_URL

  2. Get the ARO cluster's credentials.

    ARO_USERNAME=$(az aro list-credentials -n $AZR_CLUSTER -g $AZR_RESOURCE_GROUP -o json | jq -r '.kubeadminUsername')
ARO_PASSWORD=$(az aro list-credentials -n $AZR_CLUSTER -g $AZR_RESOURCE_GROUP -o json | jq -r '.kubeadminPassword')
echo $ARO_PASSWORD
echo $ARO_USERNAME

Public Test Connectivity

  1. Log into the cluster using oc login command from the create admin command above. ex.

    oc login $ARO_URL -u $ARO_USERNAME -p $ARO_PASSWORD

  2. Check that you can access the Console by opening the console url in your browser.

Private Test Connectivity

  1. Save the jump host public IP address

    JUMP_IP=$(az vm list-ip-addresses -g $AZR_RESOURCE_GROUP -n $AZR_CLUSTER-jumphost -o tsv \
--query '[].virtualMachine.network.publicIpAddresses[0].ipAddress')
echo $JUMP_IP

  2. update /etc/hosts to point the openshift domains to localhost. Use the DNS of your openshift cluster as described in the previous step in place of $YOUR_OPENSHIFT_DNS below

    127.0.0.1 api.$YOUR_OPENSHIFT_DNS
127.0.0.1 console-openshift-console.apps.$YOUR_OPENSHIFT_DNS
127.0.0.1 oauth-openshift.apps.$YOUR_OPENSHIFT_DNS

  3. SSH to that instance, tunneling traffic for the appropriate hostnames. Be sure to use your new/existing private key, the OpenShift DNS for $YOUR_OPENSHIFT_DNS and your Jumphost IP

    sudo ssh -L 6443:api.$YOUR_OPENSHIFT_DNS:6443 \
-L 443:console-openshift-console.apps.$YOUR_OPENSHIFT_DNS:443 \
-L 80:console-openshift-console.apps.$YOUR_OPENSHIFT_DNS:80 \
aro@$JUMP_IP

  4. Log in using oc login

    oc login $ARO_URL -u $ARO_USERNAME -p $ARO_PASSWORD

Cleanup

  1. Delete Cluster and Resources

    terraform destroy -auto-approve "aro.plan"