Red Hat Summit 2020 is fast approaching, and if you missed it last year, you would have also missed Microsoft CEO Satya Nadella and former Red Hat CEO Jim Whitehurst announcing Red Hat and Microsoft’s first joint offering: Azure Red Hat OpenShift (ARO).
Azure Red Hat OpenShift (ARO) is a fully managed service of Red Hat OpenShift on Azure, jointly engineered, operated and supported by Microsoft and Red Hat.
Did you know that it is possible for both new and existing Red Hat customers to build Red Hat Enterprise Linux (RHEL) based container images on Azure Red Hat OpenShift?
In this blog I will demonstrate how to perform the following on Azure Red Hat OpenShift:
Build a RHEL based container with a Dockerfile using your existing Red Hat subscription, and;
Build a freely redistributable RHEL based container with a Dockerfile using the Red Hat Universal Base Image (UBI).
Both of these methods will work on the current Azure Red Hat OpenShift offering, the next iteration of which will be based on OpenShift 4.
Provisioning an Azure Red Hat OpenShift cluster
Let’s start with provisioning an Azure Red Hat OpenShift cluster. There are some prerequisites to complete. An existing Azure subscription is required, and users need to be created in Azure Active Directory. Follow the documentation to set environment variables and using the Azure cli create a resource group and provision the cluster.
$ az openshift create –resource-group $CLUSTER_NAME –name $CLUSTER_NAME -l $LOCATION –aad-client-app-id $APPID –aad-client-app-secret $SECRET –aad-tenant-id $TENANT –customer-admin-group-id $GROUPID
After about 10 – 15 minutes, the deployment process should have completed and the public URL for your fully managed Azure Red Hat OpenShift cluster is displayed. Log in to the console with your Active Directory credentials and copy the login command by clicking on your username and selecting “Copy login command.” This string will be used to login to the cluster using the command line.
Using an existing Red Hat subscription
For this section I highly recommend using an existing RHEL machine which holds a valid subscription. This will make creating the OpenShift prerequisites required for the Dockerfile build much easier. The OpenShift command line tool ‘oc’ is also required to be installed on this machine. For those without an existing subscription skip ahead to the section titled “Using the Universal Base Image (UBI)”.
Login to the ARO cluster using the copied login command. It will look similar to below.
$ oc login https://osa{ID}.{REGION}.cloudapp.azure.com –token={ARO TOKEN}
Create a new OpenShift project
$ oc new-project rhel-build
If you do not have one already, create a registry service account to ensure that you can pull a RHEL image from registry.redhat.io using your credentials. In a browser go to catalog.redhat.com, login and select “Service Accounts” and then “New Service Account”. Download the generated OpenShift secret. Create the secret in your OpenShift project.
$ oc create -f {SECRET_FILE}.yaml -n rhel-build
Create a secret that contains the entitlements
$ oc create secret generic etc-pki-entitlement –from-file /etc/pki/entitlement/{ID}.pem –from-file /etc/pki/entitlement/{ID}-key.pem -n rhel-build
Create a configmap that contains the subscription manager configuration.
$ oc create configmap rhsm-conf –from-file /etc/rhsm/rhsm.conf -n rhel-build
Create a configmap for the certificate authority.
$ oc create configmap rhsm-ca –from-file /etc/rhsm/ca/redhat-uep.pem -n rhel-build
Create a build configuration in the project.
$ oc new-build https://github.com/grantomation/rhel-build.git –context-dir sub-build –name rhel-build -n rhel-build
$ oc get buildconfig rhel-build -n rhel-build
NAME TYPE FROM LATEST
rhel-build Docker Git 1
List the secrets in the project
$ oc get secrets -n rhel-build
NAME TYPE DATA AGE
{SERVICE PULL SECRET} kubernetes.io/dockerconfigjson 1 2m
Set the registry pull credentials as a secret on the buildConfig
$ oc set build-secret –pull bc/rhel-build {SECRET CREATED BY REGISTRY SERVICE ACCOUNT FILE}
Patch the build configuration
$ oc patch buildconfig rhel-build -p ‘{“spec”:{“source”:{“configMaps”:[{“configMap”:{“name”:”rhsm-conf”},”destinationDir”:”rhsm-conf”},{“configMap”:{“name”:”rhsm-ca”},”destinationDir”:”rhsm-ca”}],”secrets”:[{“destinationDir”:”etc-pki-entitlement”,”secret”:{“name”:”etc-pki-entitlement”}}]}}}’ -n rhel-build
Start the Dockerfile build on OpenShift.
$ oc start-build rhel-build –follow -n rhel-build
Following a successful build, the new image is pushed to the internal OpenShift registry and an image stream is created in the project. To confirm that the image build worked correctly, the imagestream can be used to create an OpenShift application.
$ oc new-app rhel -n rhel-build
Create an edge route which will use the digicert certificate included on ARO.
$ oc create route edge –port 8080 –service rhel-build -n rhel-build
Curl the route to the application
$ curl https://$(oc get route rhel -o go-template='{{.spec.host}}’)
Azure Red Hat OpenShift
Using the Universal Base Image (UBI)
Red Hat UBI provides complementary runtime languages and packages that are freely redistributable. If you’re new to the UBI, you can check out Scott McCarty’s excellent blog and demo as a primer. Using the UBI as a base for your next containerised application is a great way to build and deploy on Azure Red Hat OpenShift. The following steps demonstrate how to use UBI based on RHEL 8.
Create a new OpenShift project.
$ oc new-project ubi-build
Create a build configuration in the project.
$ oc new-build https://github.com/grantomation/rhel-build.git –context-dir ubi-build –name ubi-build -n ubi-build
Follow the container build.
$ oc logs -f build/ubi-build-1
To confirm that the image build worked correctly, the generated imagestream can be used to create an OpenShift application.
$ oc new-app ubi
Create an edge route which will use the digicert certificate included on ARO.
$ oc create route edge –port 8080 –service ubi -n ubi-build
Curl the route to the application.
$ curl https://$(oc get route ubi -o go-template='{{.spec.host}}’)
And with that done, you’ve got an OpenShift cluster up and running in Azure, running RHEL based containers.
The post Building RHEL based containers on Azure Red Hat OpenShift appeared first on Red Hat OpenShift Blog.
Quelle: OpenShift
Published by