Red Hat SummitRed Hat Summit 2020 is fast approaching, and if you missed it last year, you would have also missed Microsoft CEO Satya Nadella and former Red Hat CEO Jim Whitehurst announcing Red Hat and Microsoft's first joint offering: Azure Red Hat OpenShift (ARO).
Azure Red Hat OpenShift (ARO) is a fully managed service of Red Hat OpenShift on Azure, jointly engineered, operated and supported by Microsoft and Red Hat.
Did you know that it is possible for both new and existing Red Hat customers to build Red Hat Enterprise Linux (RHEL) based container images on Azure Red Hat OpenShift?
In this blog I will demonstrate how to perform the following on Azure Red Hat OpenShift:
- Build a RHEL based container with a Dockerfile using your existing Red Hat subscription, and;
- Build a freely redistributable RHEL based container with a Dockerfile using the Red Hat Universal Base Image (UBI).
Both of these methods will work on the current Azure Red Hat OpenShift offering, the next iteration of which will be based on OpenShift 4.
Provisioning an Azure Red Hat OpenShift cluster
Let’s start with provisioning an Azure Red Hat OpenShift cluster. There are some prerequisites to complete. An existing Azure subscription is required, and users need to be created in Azure Active Directory. Follow the documentation to set environment variables and using the Azure cli create a resource group and provision the cluster.
$ az openshift create --resource-group $CLUSTER_NAME --name $CLUSTER_NAME -l $LOCATION --aad-client-app-id $APPID --aad-client-app-secret $SECRET --aad-tenant-id $TENANT --customer-admin-group-id $GROUPID
After about 10 - 15 minutes, the deployment process should have completed and the public URL for your fully managed Azure Red Hat OpenShift cluster is displayed. Log in to the console with your Active Directory credentials and copy the login command by clicking on your username and selecting “Copy login command.” This string will be used to login to the cluster using the command line.
Using an existing Red Hat subscription
For this section I highly recommend using an existing RHEL machine which holds a valid subscription. This will make creating the OpenShift prerequisites required for the Dockerfile build much easier. The OpenShift command line tool ‘oc’ is also required to be installed on this machine. For those without an existing subscription skip ahead to the section titled “Using the Universal Base Image (UBI)”.
Login to the ARO cluster using the copied login command. It will look similar to below.
$ oc login https://osa{ID}.{REGION}.cloudapp.azure.com --token={ARO TOKEN}
Create a new OpenShift project
$ oc new-project rhel-build
If you do not have one already, create a registry service account to ensure that you can pull a RHEL image from registry.redhat.io using your credentials. In a browser go to catalog.redhat.com, login and select “Service Accounts” and then “New Service Account”. Download the generated OpenShift secret. Create the secret in your OpenShift project.
$ oc create -f {SECRET_FILE}.yaml -n rhel-build
Create a secret that contains the entitlements
$ oc create secret generic etc-pki-entitlement --from-file /etc/pki/entitlement/{ID}.pem --from-file /etc/pki/entitlement/{ID}-key.pem -n rhel-build
Create a configmap that contains the subscription manager configuration.
$ oc create configmap rhsm-conf --from-file /etc/rhsm/rhsm.conf -n rhel-build
Create a configmap for the certificate authority.
$ oc create configmap rhsm-ca --from-file /etc/rhsm/ca/redhat-uep.pem -n rhel-build
Create a build configuration in the project.
$ oc new-build https://github.com/grantomation/rhel-build.git --context-dir sub-build --name rhel-build -n rhel-build
$ oc get buildconfig rhel-build -n rhel-build
NAME TYPE FROM LATEST
rhel-build Docker Git 1
List the secrets in the project
$ oc get secrets -n rhel-build
NAME TYPE DATA AGE
{SERVICE PULL SECRET} kubernetes.io/dockerconfigjson 1 2m
Set the registry pull credentials as a secret on the buildConfig
$ oc set build-secret --pull bc/rhel-build {SECRET CREATED BY REGISTRY SERVICE ACCOUNT FILE}
Patch the build configuration
$ oc patch buildconfig rhel-build -p '{"spec":{"source":{"configMaps":[{"configMap":{"name":"rhsm-conf"},"destinationDir":"rhsm-conf"},{"configMap":{"name":"rhsm-ca"},"destinationDir":"rhsm-ca"}],"secrets":[{"destinationDir":"etc-pki-entitlement","secret":{"name":"etc-pki-entitlement"}}]}}}' -n rhel-build
Start the Dockerfile build on OpenShift.
$ oc start-build rhel-build --follow -n rhel-build
Following a successful build, the new image is pushed to the internal OpenShift registry and an image stream is created in the project. To confirm that the image build worked correctly, the imagestream can be used to create an OpenShift application.
$ oc new-app rhel -n rhel-build
Create an edge route which will use the digicert certificate included on ARO.
$ oc create route edge --port 8080 --service rhel-build -n rhel-build
Curl the route to the application
$ curl https://$(oc get route rhel -o go-template='{{.spec.host}}')
Azure Red Hat OpenShift
Using the Universal Base Image (UBI)
Red Hat UBI provides complementary runtime languages and packages that are freely redistributable. If you’re new to the UBI, you can check out Scott McCarty’s excellent blog and demo as a primer. Using the UBI as a base for your next containerised application is a great way to build and deploy on Azure Red Hat OpenShift. The following steps demonstrate how to use UBI based on RHEL 8.
Create a new OpenShift project.
$ oc new-project ubi-build
Create a build configuration in the project.
$ oc new-build https://github.com/grantomation/rhel-build.git --context-dir ubi-build --name ubi-build -n ubi-build
Follow the container build.
$ oc logs -f build/ubi-build-1
To confirm that the image build worked correctly, the generated imagestream can be used to create an OpenShift application.
$ oc new-app ubi
Create an edge route which will use the digicert certificate included on ARO.
$ oc create route edge --port 8080 --service ubi -n ubi-build
Curl the route to the application.
$ curl https://$(oc get route ubi -o go-template='{{.spec.host}}')
And with that done, you've got an OpenShift cluster up and running in Azure, running RHEL based containers.
Über den Autor
Nach Thema durchsuchen
Automatisierung
Das Neueste zum Thema IT-Automatisierung für Technologien, Teams und Umgebungen
Künstliche Intelligenz
Erfahren Sie das Neueste von den Plattformen, die es Kunden ermöglichen, KI-Workloads beliebig auszuführen
Open Hybrid Cloud
Erfahren Sie, wie wir eine flexiblere Zukunft mit Hybrid Clouds schaffen.
Sicherheit
Erfahren Sie, wie wir Risiken in verschiedenen Umgebungen und Technologien reduzieren
Edge Computing
Erfahren Sie das Neueste von den Plattformen, die die Operations am Edge vereinfachen
Infrastruktur
Erfahren Sie das Neueste von der weltweit führenden Linux-Plattform für Unternehmen
Anwendungen
Entdecken Sie unsere Lösungen für komplexe Herausforderungen bei Anwendungen
Original Shows
Interessantes von den Experten, die die Technologien in Unternehmen mitgestalten
Produkte
- Red Hat Enterprise Linux
- Red Hat OpenShift
- Red Hat Ansible Automation Platform
- Cloud-Services
- Alle Produkte anzeigen
Tools
- Training & Zertifizierung
- Eigenes Konto
- Kundensupport
- Für Entwickler
- Partner finden
- Red Hat Ecosystem Catalog
- Mehrwert von Red Hat berechnen
- Dokumentation
Testen, kaufen und verkaufen
Kommunizieren
Über Red Hat
Als weltweit größter Anbieter von Open-Source-Software-Lösungen für Unternehmen stellen wir Linux-, Cloud-, Container- und Kubernetes-Technologien bereit. Wir bieten robuste Lösungen, die es Unternehmen erleichtern, plattform- und umgebungsübergreifend zu arbeiten – vom Rechenzentrum bis zum Netzwerkrand.
Wählen Sie eine Sprache
Red Hat legal and privacy links
- Über Red Hat
- Jobs bei Red Hat
- Veranstaltungen
- Standorte
- Red Hat kontaktieren
- Red Hat Blog
- Diversität, Gleichberechtigung und Inklusion
- Cool Stuff Store
- Red Hat Summit