Red Hat Summit 2020 is fast approaching, and if you missed it last year, you would have also missed Microsoft CEO Satya Nadella and former Red Hat CEO Jim Whitehurst announcing Red Hat and Microsoft's first joint offering: Azure Red Hat OpenShift (ARO).
Azure Red Hat OpenShift (ARO) is a fully managed service of Red Hat OpenShift on Azure, jointly engineered, operated and supported by Microsoft and Red Hat.
Did you know that it is possible for both new and existing Red Hat customers to build Red Hat Enterprise Linux (RHEL) based container images on Azure Red Hat OpenShift?
In this blog I will demonstrate how to perform the following on Azure Red Hat OpenShift:
- Build a RHEL based container with a Dockerfile using your existing Red Hat subscription, and;
- Build a freely redistributable RHEL based container with a Dockerfile using the Red Hat Universal Base Image (UBI).
Both of these methods will work on the current Azure Red Hat OpenShift offering, the next iteration of which will be based on OpenShift 4.
Provisioning an Azure Red Hat OpenShift cluster
Let’s start with provisioning an Azure Red Hat OpenShift cluster. There are some prerequisites to complete. An existing Azure subscription is required, and users need to be created in Azure Active Directory. Follow the documentation to set environment variables and using the Azure cli create a resource group and provision the cluster.
$ az openshift create --resource-group $CLUSTER_NAME --name $CLUSTER_NAME -l $LOCATION --aad-client-app-id $APPID --aad-client-app-secret $SECRET --aad-tenant-id $TENANT --customer-admin-group-id $GROUPID
After about 10 - 15 minutes, the deployment process should have completed and the public URL for your fully managed Azure Red Hat OpenShift cluster is displayed. Log in to the console with your Active Directory credentials and copy the login command by clicking on your username and selecting “Copy login command.” This string will be used to login to the cluster using the command line.
Using an existing Red Hat subscription
For this section I highly recommend using an existing RHEL machine which holds a valid subscription. This will make creating the OpenShift prerequisites required for the Dockerfile build much easier. The OpenShift command line tool ‘oc’ is also required to be installed on this machine. For those without an existing subscription skip ahead to the section titled “Using the Universal Base Image (UBI)”.
Login to the ARO cluster using the copied login command. It will look similar to below.
$ oc login https://osa{ID}.{REGION}.cloudapp.azure.com --token={ARO TOKEN}
Create a new OpenShift project
$ oc new-project rhel-build
If you do not have one already, create a registry service account to ensure that you can pull a RHEL image from registry.redhat.io using your credentials. In a browser go to catalog.redhat.com, login and select “Service Accounts” and then “New Service Account”. Download the generated OpenShift secret. Create the secret in your OpenShift project.
$ oc create -f {SECRET_FILE}.yaml -n rhel-build
Create a secret that contains the entitlements
$ oc create secret generic etc-pki-entitlement --from-file /etc/pki/entitlement/{ID}.pem --from-file /etc/pki/entitlement/{ID}-key.pem -n rhel-build
Create a configmap that contains the subscription manager configuration.
$ oc create configmap rhsm-conf --from-file /etc/rhsm/rhsm.conf -n rhel-build
Create a configmap for the certificate authority.
$ oc create configmap rhsm-ca --from-file /etc/rhsm/ca/redhat-uep.pem -n rhel-build
Create a build configuration in the project.
$ oc new-build https://github.com/grantomation/rhel-build.git --context-dir sub-build --name rhel-build -n rhel-build
$ oc get buildconfig rhel-build -n rhel-build
NAME TYPE FROM LATEST
rhel-build Docker Git 1
List the secrets in the project
$ oc get secrets -n rhel-build
NAME TYPE DATA AGE
{SERVICE PULL SECRET} kubernetes.io/dockerconfigjson 1 2m
Set the registry pull credentials as a secret on the buildConfig
$ oc set build-secret --pull bc/rhel-build {SECRET CREATED BY REGISTRY SERVICE ACCOUNT FILE}
Patch the build configuration
$ oc patch buildconfig rhel-build -p '{"spec":{"source":{"configMaps":[{"configMap":{"name":"rhsm-conf"},"destinationDir":"rhsm-conf"},{"configMap":{"name":"rhsm-ca"},"destinationDir":"rhsm-ca"}],"secrets":[{"destinationDir":"etc-pki-entitlement","secret":{"name":"etc-pki-entitlement"}}]}}}' -n rhel-build
Start the Dockerfile build on OpenShift.
$ oc start-build rhel-build --follow -n rhel-build
Following a successful build, the new image is pushed to the internal OpenShift registry and an image stream is created in the project. To confirm that the image build worked correctly, the imagestream can be used to create an OpenShift application.
$ oc new-app rhel -n rhel-build
Create an edge route which will use the digicert certificate included on ARO.
$ oc create route edge --port 8080 --service rhel-build -n rhel-build
Curl the route to the application
$ curl https://$(oc get route rhel -o go-template='{{.spec.host}}')
Azure Red Hat OpenShift
Using the Universal Base Image (UBI)
Red Hat UBI provides complementary runtime languages and packages that are freely redistributable. If you’re new to the UBI, you can check out Scott McCarty’s excellent blog and demo as a primer. Using the UBI as a base for your next containerised application is a great way to build and deploy on Azure Red Hat OpenShift. The following steps demonstrate how to use UBI based on RHEL 8.
Create a new OpenShift project.
$ oc new-project ubi-build
Create a build configuration in the project.
$ oc new-build https://github.com/grantomation/rhel-build.git --context-dir ubi-build --name ubi-build -n ubi-build
Follow the container build.
$ oc logs -f build/ubi-build-1
To confirm that the image build worked correctly, the generated imagestream can be used to create an OpenShift application.
$ oc new-app ubi
Create an edge route which will use the digicert certificate included on ARO.
$ oc create route edge --port 8080 --service ubi -n ubi-build
Curl the route to the application.
$ curl https://$(oc get route ubi -o go-template='{{.spec.host}}')
And with that done, you've got an OpenShift cluster up and running in Azure, running RHEL based containers.
About the author
Browse by channel
Automation
The latest on IT automation that spans tech, teams, and environments
Artificial intelligence
Explore the platforms and partners building a faster path for AI
Open hybrid cloud
Explore how we build a more flexible future with hybrid cloud
Security
Explore how we reduce risks across environments and technologies
Edge computing
Updates on the solutions that simplify infrastructure at the edge
Infrastructure
Stay up to date on the world’s leading enterprise Linux platform
Applications
The latest on our solutions to the toughest application challenges
Original shows
Entertaining stories from the makers and leaders in enterprise tech
Products
- Red Hat Enterprise Linux
- Red Hat OpenShift
- Red Hat Ansible Automation Platform
- Cloud services
- See all products
Tools
- Training and certification
- My account
- Developer resources
- Customer support
- Red Hat value calculator
- Red Hat Ecosystem Catalog
- Find a partner
Try, buy, & sell
Communicate
About Red Hat
We’re the world’s leading provider of enterprise open source solutions—including Linux, cloud, container, and Kubernetes. We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.
Select a language
Red Hat legal and privacy links
- About Red Hat
- Jobs
- Events
- Locations
- Contact Red Hat
- Red Hat Blog
- Diversity, equity, and inclusion
- Cool Stuff Store
- Red Hat Summit