Creating a compute machine set on Azure

You can create a different compute machine set to serve a specific purpose in your OKD cluster on Microsoft Azure. For example, you might create infrastructure machine sets and related machines so that you can move supporting workloads to the new machines.

This process is not applicable for clusters with manually provisioned machines. You can use the advanced machine management and scaling capabilities only in clusters where the Machine API is operational.

Machine API overview

The Machine API is a combination of primary resources that are based on the upstream Cluster API project and custom OKD resources.

For OKD 4.12 clusters, the Machine API performs all node host provisioning management actions after the cluster installation finishes. Because of this system, OKD 4.12 offers an elastic, dynamic provisioning method on top of public or private cloud infrastructure.

The two primary resources are:

Machines

A fundamental unit that describes the host for a node. A machine has a providerSpec specification, which describes the types of compute nodes that are offered for different cloud platforms. For example, a machine type for a worker node on Amazon Web Services (AWS) might define a specific machine type and required metadata.

Machine sets

MachineSet resources are groups of compute machines. Compute machine sets are to compute machines as replica sets are to pods. If you need more compute machines or must scale them down, you change the replicas field on the MachineSet resource to meet your compute need.

Control plane machines cannot be managed by compute machine sets.

Control plane machine sets provide management capabilities for supported control plane machines that are similar to what compute machine sets provide for compute machines.

For more information, see “Managing control plane machines”.

The following custom resources add more capabilities to your cluster:

Machine autoscaler

The MachineAutoscaler resource automatically scales compute machines in a cloud. You can set the minimum and maximum scaling boundaries for nodes in a specified compute machine set, and the machine autoscaler maintains that range of nodes.

The MachineAutoscaler object takes effect after a ClusterAutoscaler object exists. Both ClusterAutoscaler and MachineAutoscaler resources are made available by the ClusterAutoscalerOperator object.

Cluster autoscaler

This resource is based on the upstream cluster autoscaler project. In the OKD implementation, it is integrated with the Machine API by extending the compute machine set API. You can use the cluster autoscaler to manage your cluster in the following ways:

  • Set cluster-wide scaling limits for resources such as cores, nodes, memory, and GPU

  • Set the priority so that the cluster prioritizes pods and new nodes are not brought online for less important pods

  • Set the scaling policy so that you can scale up nodes but not scale them down

Machine health check

The MachineHealthCheck resource detects when a machine is unhealthy, deletes it, and, on supported platforms, makes a new machine.

In OKD version 3.11, you could not roll out a multi-zone architecture easily because the cluster did not manage machine provisioning. Beginning with OKD version 4.1, this process is easier. Each compute machine set is scoped to a single zone, so the installation program sends out compute machine sets across availability zones on your behalf. And then because your compute is dynamic, and in the face of a zone failure, you always have a zone for when you must rebalance your machines. In global Azure regions that do not have multiple availability zones, you can use availability sets to ensure high availability. The autoscaler provides best-effort balancing over the life of a cluster.

Sample YAML for a compute machine set custom resource on Azure

This sample YAML defines a compute machine set that runs in the 1 Microsoft Azure zone in a region and creates nodes that are labeled with node-role.kubernetes.io/<role>: "".

In this sample, <infrastructure_id> is the infrastructure ID label that is based on the cluster ID that you set when you provisioned the cluster, and <role> is the node label to add.

  1. apiVersion: machine.openshift.io/v1beta1
  2. kind: MachineSet
  3. metadata:
  4.   labels:
  5.     machine.openshift.io/cluster-api-cluster: <infrastructure_id> (1)
  6.     machine.openshift.io/cluster-api-machine-role: <role> (2)
  7.     machine.openshift.io/cluster-api-machine-type: <role> (2)
  8.   name: <infrastructure_id>-<role>-<region> (3)
  9.   namespace: openshift-machine-api
  10. spec:
  11.   replicas: 1
  12.   selector:
  13.     matchLabels:
  14.       machine.openshift.io/cluster-api-cluster: <infrastructure_id> (1)
  15.       machine.openshift.io/cluster-api-machineset: <infrastructure_id>-<role>-<region> (3)
  16.   template:
  17.     metadata:
  18.       creationTimestamp: null
  19.       labels:
  20.         machine.openshift.io/cluster-api-cluster: <infrastructure_id> (1)
  21.         machine.openshift.io/cluster-api-machine-role: <role> (2)
  22.         machine.openshift.io/cluster-api-machine-type: <role> (2)
  23.         machine.openshift.io/cluster-api-machineset: <infrastructure_id>-<role>-<region> (3)
  24.     spec:
  25.       metadata:
  26.         creationTimestamp: null
  27.         labels:
  28.           machine.openshift.io/cluster-api-machineset: <machineset_name> (4)
  29.           node-role.kubernetes.io/<role>: "" (2)
  30.       providerSpec:
  31.         value:
  32.           apiVersion: azureproviderconfig.openshift.io/v1beta1
  33.           credentialsSecret:
  34.             name: azure-cloud-credentials
  35.             namespace: openshift-machine-api
  36.           image: (5)
  37.             offer: ""
  38.             publisher: ""
  39.             resourceID: /resourceGroups/<infrastructure_id>-rg/providers/Microsoft.Compute/images/<infrastructure_id> (6)
  40.             sku: ""
  41.             version: ""
  42.           internalLoadBalancer: ""
  43.           kind: AzureMachineProviderSpec
  44.           location: <region> (7)
  45.           managedIdentity: <infrastructure_id>-identity (1)
  46.           metadata:
  47.             creationTimestamp: null
  48.           natRule: null
  49.           networkResourceGroup: ""
  50.           osDisk:
  51.             diskSizeGB: 128
  52.             managedDisk:
  53.               storageAccountType: Premium_LRS
  54.             osType: Linux
  55.           publicIP: false
  56.           publicLoadBalancer: ""
  57.           resourceGroup: <infrastructure_id>-rg (1)
  58.           sshPrivateKey: ""
  59.           sshPublicKey: ""
  60.           tags:
  61.             - name: <custom_tag_name> (9)
  62.               value: <custom_tag_value> (9)
  63.           subnet: <infrastructure_id>-<role>-subnet  (1) (2)
  64.           userDataSecret:
  65.             name: worker-user-data (2)
  66.           vmSize: Standard_D4s_v3
  67.           vnet: <infrastructure_id>-vnet (1)
  68.           zone: "1" (8)
1Specify the infrastructure ID that is based on the cluster ID that you set when you provisioned the cluster. If you have the OpenShift CLI installed, you can obtain the infrastructure ID by running the following command:
  1. $ oc get -o jsonpath=’{.status.infrastructureName}{“\n”}’ infrastructure cluster

You can obtain the subnet by running the following command:

  1. $  oc -n openshift-machine-api \
  2.     -o jsonpath=’{.spec.template.spec.providerSpec.value.subnet}{“\n”}’ \
  3.     get machineset/<infrastructure_id>-worker-centralus1

You can obtain the vnet by running the following command:

  1. $  oc -n openshift-machine-api \
  2.     -o jsonpath=’{.spec.template.spec.providerSpec.value.vnet}{“\n”}’ \
  3.     get machineset/<infrastructure_id>-worker-centralus1
2Specify the node label to add.
3Specify the infrastructure ID, node label, and region.
4Optional: Specify the compute machine set name to enable the use of availability sets. This setting only applies to new compute machines.
5Specify the image details for your compute machine set. If you want to use an Azure Marketplace image, see “Selecting an Azure Marketplace image”.
6Specify an image that is compatible with your instance type. The Hyper-V generation V2 images created by the installation program have a -gen2 suffix, while V1 images have the same name without the suffix.
7Specify the region to place machines on.
8Specify the zone within your region to place machines on. Be sure that your region supports the zone that you specify.
9Optional: Specify custom tags in your machine set. Provide the tag name in <custom_tag_name> field and the corresponding tag value in <custom_tag_value> field.

Creating a compute machine set

In addition to the ones created by the installation program, you can create your own compute machine sets to dynamically manage the machine compute resources for specific workloads of your choice.

Prerequisites

  • Deploy an OKD cluster.

  • Install the OpenShift CLI (oc).

  • Log in to oc as a user with cluster-admin permission.

Procedure

  1. Create a new YAML file that contains the compute machine set custom resource (CR) sample and is named <file_name>.yaml.

    Ensure that you set the <clusterID> and <role> parameter values.

    1. If you are not sure which value to set for a specific field, you can check an existing compute machine set from your cluster:

      1. $ oc get machinesets -n openshift-machine-api

      Example output

      1. NAME                                DESIRED   CURRENT   READY   AVAILABLE   AGE
      2. agl030519-vplxk-worker-us-east-1a   1         1         1       1           55m
      3. agl030519-vplxk-worker-us-east-1b   1         1         1       1           55m
      4. agl030519-vplxk-worker-us-east-1c   1         1         1       1           55m
      5. agl030519-vplxk-worker-us-east-1d   0         0                             55m
      6. agl030519-vplxk-worker-us-east-1e   0         0                             55m
      7. agl030519-vplxk-worker-us-east-1f   0         0                             55m

    2. Check values of a specific compute machine set:

      1. $ oc get machineset <machineset_name> -n \
      2.      openshift-machine-api -o yaml

      Example output

      1. ...
      2. template:
      3.     metadata:
      4.       labels:
      5.         machine.openshift.io/cluster-api-cluster: agl030519-vplxk (1)
      6.         machine.openshift.io/cluster-api-machine-role: worker (2)
      7.         machine.openshift.io/cluster-api-machine-type: worker
      8.         machine.openshift.io/cluster-api-machineset: agl030519-vplxk-worker-us-east-1a
      1The cluster ID.
      2A default node label.

  2. Create the new MachineSet CR:

    1. $ oc create -f <file_name>.yaml

  3. View the list of compute machine sets:

    1. $ oc get machineset -n openshift-machine-api

    Example output

    1. NAME                                DESIRED   CURRENT   READY   AVAILABLE   AGE
    2. agl030519-vplxk-infra-us-east-1a    1         1         1       1           11m
    3. agl030519-vplxk-worker-us-east-1a   1         1         1       1           55m
    4. agl030519-vplxk-worker-us-east-1b   1         1         1       1           55m
    5. agl030519-vplxk-worker-us-east-1c   1         1         1       1           55m
    6. agl030519-vplxk-worker-us-east-1d   0         0                             55m
    7. agl030519-vplxk-worker-us-east-1e   0         0                             55m
    8. agl030519-vplxk-worker-us-east-1f   0         0                             55m

    When the new compute machine set is available, the DESIRED and CURRENT values match. If the compute machine set is not available, wait a few minutes and run the command again.

Selecting an Azure Marketplace image

You can create a machine set running on Azure that deploys machines that use the Azure Marketplace offering. To use this offering, you must first obtain the Azure Marketplace image. When obtaining your image, consider the following:

  • While the images are the same, the Azure Marketplace publisher is different depending on your region. If you are located in North America, specify redhat as the publisher. If you are located in EMEA, specify redhat-limited as the publisher.

  • The offer includes a rh-ocp-worker SKU and a rh-ocp-worker-gen1 SKU. The rh-ocp-worker SKU represents a Hyper-V generation version 2 VM image. The default instance types used in OKD are version 2 compatible. If you plan to use an instance type that is only version 1 compatible, use the image associated with the rh-ocp-worker-gen1 SKU. The rh-ocp-worker-gen1 SKU represents a Hyper-V version 1 VM image.

Installing images with the Azure marketplace is not supported on clusters with arm64 instances.

Prerequisites

  • You have installed the Azure CLI client (az).

  • Your Azure account is entitled for the offer and you have logged into this account with the Azure CLI client.

Procedure

  1. Display all of the available OKD images by running one of the following commands:

    • North America:

      1. $  az vm image list --all --offer rh-ocp-worker --publisher redhat -o table

      Example output

      1. Offer          Publisher       Sku                 Urn                                                             Version
      2. -------------  --------------  ------------------  --------------------------------------------------------------  --------------
      3. rh-ocp-worker  RedHat          rh-ocp-worker       RedHat:rh-ocp-worker:rh-ocpworker:4.8.2021122100               4.8.2021122100
      4. rh-ocp-worker  RedHat          rh-ocp-worker-gen1  RedHat:rh-ocp-worker:rh-ocp-worker-gen1:4.8.2021122100         4.8.2021122100

    • EMEA:

      1. $  az vm image list --all --offer rh-ocp-worker --publisher redhat-limited -o table

      Example output

      1. Offer          Publisher       Sku                 Urn                                                             Version
      2. -------------  --------------  ------------------  --------------------------------------------------------------  --------------
      3. rh-ocp-worker  redhat-limited  rh-ocp-worker       redhat-limited:rh-ocp-worker:rh-ocp-worker:4.8.2021122100       4.8.2021122100
      4. rh-ocp-worker  redhat-limited  rh-ocp-worker-gen1  redhat-limited:rh-ocp-worker:rh-ocp-worker-gen1:4.8.2021122100  4.8.2021122100

    Regardless of the version of OKD that you install, the correct version of the Azure Marketplace image to use is 4.8. If required, your VMs are automatically upgraded as part of the installation process.

  2. Inspect the image for your offer by running one of the following commands:

    • North America:

      1. $ az vm image show --urn redhat:rh-ocp-worker:rh-ocp-worker:<version>

    • EMEA:

      1. $ az vm image show --urn redhat-limited:rh-ocp-worker:rh-ocp-worker:<version>

  3. Review the terms of the offer by running one of the following commands:

    • North America:

      1. $ az vm image terms show --urn redhat:rh-ocp-worker:rh-ocp-worker:<version>

    • EMEA:

      1. $ az vm image terms show --urn redhat-limited:rh-ocp-worker:rh-ocp-worker:<version>

  4. Accept the terms of the offering by running one of the following commands:

    • North America:

      1. $ az vm image terms accept --urn redhat:rh-ocp-worker:rh-ocp-worker:<version>

    • EMEA:

      1. $ az vm image terms accept --urn redhat-limited:rh-ocp-worker:rh-ocp-worker:<version>

  5. Record the image details of your offer, specifically the values for publisher, offer, sku, and version.

  6. Add the following parameters to the providerSpec section of your machine set YAML file using the image details for your offer:

    Sample providerSpec image values for Azure Marketplace machines

    1. providerSpec:
    2.   value:
    3.     image:
    4.       offer: rh-ocp-worker
    5.       publisher: redhat
    6.       resourceID: ""
    7.       sku: rh-ocp-worker
    8.       type: MarketplaceWithPlan
    9.       version: 4.8.2021122100

Enabling Azure boot diagnostics

You can enable boot diagnostics on Azure machines that your machine set creates.

Prerequisites

  • Have an existing Microsoft Azure cluster.

Procedure

  • Add the diagnostics configuration that is applicable to your storage type to the providerSpec field in your machine set YAML file:

    • For an Azure Managed storage account:

      1. providerSpec:
      2.   diagnostics:
      3.     boot:
      4.       storageAccountType: AzureManaged (1)
      1Specifies an Azure Managed storage account.

    • For an Azure Unmanaged storage account:

      1. providerSpec:
      2.   diagnostics:
      3.     boot:
      4.       storageAccountType: CustomerManaged (1)
      5.       customerManaged:
      6.         storageAccountURI: https://<storage-account>.blob.core.windows.net (2)
      1Specifies an Azure Unmanaged storage account.
      2Replace <storage-account> with the name of your storage account.

      Only the Azure Blob Storage data service is supported.

Verification

  • On the Microsoft Azure portal, review the Boot diagnostics page for a machine deployed by the machine set, and verify that you can see the serial logs for the machine.

Machine sets that deploy machines as Spot VMs

You can save on costs by creating a compute machine set running on Azure that deploys machines as non-guaranteed Spot VMs. Spot VMs utilize unused Azure capacity and are less expensive than standard VMs. You can use Spot VMs for workloads that can tolerate interruptions, such as batch or stateless, horizontally scalable workloads.

Azure can terminate a Spot VM at any time. Azure gives a 30-second warning to the user when an interruption occurs. OKD begins to remove the workloads from the affected instances when Azure issues the termination warning.

Interruptions can occur when using Spot VMs for the following reasons:

  • The instance price exceeds your maximum price

  • The supply of Spot VMs decreases

  • Azure needs capacity back

When Azure terminates an instance, a termination handler running on the Spot VM node deletes the machine resource. To satisfy the compute machine set replicas quantity, the compute machine set creates a machine that requests a Spot VM.

Creating Spot VMs by using compute machine sets

You can launch a Spot VM on Azure by adding spotVMOptions to your compute machine set YAML file.

Procedure

  • Add the following line under the providerSpec field:

    1. providerSpec:
    2.   value:
    3.     spotVMOptions: {}

    You can optionally set the spotVMOptions.maxPrice field to limit the cost of the Spot VM. For example you can set maxPrice: '0.98765'. If the maxPrice is set, this value is used as the hourly maximum spot price. If it is not set, the maximum price defaults to -1 and charges up to the standard VM price.

    Azure caps Spot VM prices at the standard price. Azure will not evict an instance due to pricing if the instance is set with the default maxPrice. However, an instance can still be evicted due to capacity restrictions.

It is strongly recommended to use the default standard VM price as the maxPrice value and to not set the maximum price for Spot VMs.

Machine sets that deploy machines on Ephemeral OS disks

You can create a compute machine set running on Azure that deploys machines on Ephemeral OS disks. Ephemeral OS disks use local VM capacity rather than remote Azure Storage. This configuration therefore incurs no additional cost and provides lower latency for reading, writing, and reimaging.

Additional resources

Creating machines on Ephemeral OS disks by using compute machine sets

You can launch machines on Ephemeral OS disks on Azure by editing your compute machine set YAML file.

Prerequisites

  • Have an existing Microsoft Azure cluster.

Procedure

  1. Edit the custom resource (CR) by running the following command:

    1. $ oc edit machineset <machine-set-name>

    where <machine-set-name> is the compute machine set that you want to provision machines on Ephemeral OS disks.

  2. Add the following to the providerSpec field:

    1. providerSpec:
    2.   value:
    3.     ...
    4.     osDisk:
    5.        ...
    6.        diskSettings: (1)
    7.          ephemeralStorageLocation: Local (1)
    8.        cachingType: ReadOnly (1)
    9.        managedDisk:
    10.          storageAccountType: Standard_LRS (2)
    11.        ...
    1These lines enable the use of Ephemeral OS disks.
    2Ephemeral OS disks are only supported for VMs or scale set instances that use the Standard LRS storage account type.

    The implementation of Ephemeral OS disk support in OKD only supports the CacheDisk placement type. Do not change the placement configuration setting.

  3. Create a compute machine set using the updated configuration:

    1. $ oc create -f <machine-set-config>.yaml

Verification

  • On the Microsoft Azure portal, review the Overview page for a machine deployed by the compute machine set, and verify that the Ephemeral OS disk field is set to OS cache placement.

Machine sets that deploy machines with ultra disks as data disks

You can create a machine set running on Azure that deploys machines with ultra disks. Ultra disks are high-performance storage that are intended for use with the most demanding data workloads.

You can also create a persistent volume claim (PVC) that dynamically binds to a storage class backed by Azure ultra disks and mounts them to pods.

Data disks do not support the ability to specify disk throughput or disk IOPS. You can configure these properties by using PVCs.

Additional resources

Creating machines with ultra disks by using machine sets

You can deploy machines with ultra disks on Azure by editing your machine set YAML file.

Prerequisites

  • Have an existing Microsoft Azure cluster.

Procedure

  1. Create a custom secret in the openshift-machine-api namespace using the worker data secret by running the following command:

    1. $ oc -n openshift-machine-api \
    2. get secret <role>-user-data \ (1)
    3. --template='{{index .data.userData | base64decode}}' | jq > userData.txt (2)
    1Replace <role> with worker.
    2Specify userData.txt as the name of the new custom secret.

  2. In a text editor, open the userData.txt file and locate the final } character in the file.

    1. On the immediately preceding line, add a ,.

    2. Create a new line after the , and add the following configuration details:

      1. "storage": {
      2.   "disks": [ (1)
      3.     {
      4.       "device": "/dev/disk/azure/scsi1/lun0", (2)
      5.       "partitions": [ (3)
      6.         {
      7.           "label": "lun0p1", (4)
      8.           "sizeMiB": 1024, (5)
      9.           "startMiB": 0
      10.         }
      11.       ]
      12.     }
      13.   ],
      14.   "filesystems": [ (6)
      15.     {
      16.       "device": "/dev/disk/by-partlabel/lun0p1",
      17.       "format": "xfs",
      18.       "path": "/var/lib/lun0p1"
      19.     }
      20.   ]
      21. },
      22. "systemd": {
      23.   "units": [ (7)
      24.     {
      25.       "contents": "[Unit]\nBefore=local-fs.target\n[Mount]\nWhere=/var/lib/lun0p1\nWhat=/dev/disk/by-partlabel/lun0p1\nOptions=defaults,pquota\n[Install]\nWantedBy=local-fs.target\n", (8)
      26.       "enabled": true,
      27.       "name": "var-lib-lun0p1.mount"
      28.     }
      29.   ]
      30. }
      1The configuration details for the disk that you want to attach to a node as an ultra disk.
      2Specify the lun value that is defined in the dataDisks stanza of the machine set you are using. For example, if the machine set contains lun: 0, specify lun0. You can initialize multiple data disks by specifying multiple “disks” entries in this configuration file. If you specify multiple “disks” entries, ensure that the lun value for each matches the value in the machine set.
      3The configuration details for a new partition on the disk.
      4Specify a label for the partition. You might find it helpful to use hierarchical names, such as lun0p1 for the first partition of lun0.
      5Specify the total size in MiB of the partition.
      6Specify the filesystem to use when formatting a partition. Use the partition label to specify the partition.
      7Specify a systemd unit to mount the partition at boot. Use the partition label to specify the partition. You can create multiple partitions by specifying multiple “partitions” entries in this configuration file. If you specify multiple “partitions” entries, you must specify a systemd unit for each.
      8For Where, specify the value of storage.filesystems.path. For What, specify the value of storage.filesystems.device.

  3. Extract the disabling template value to a file called disableTemplating.txt by running the following command:

    1. $ oc -n openshift-machine-api get secret <role>-user-data \ (1)
    2. --template='{{index .data.disableTemplating | base64decode}}' | jq > disableTemplating.txt
    1Replace <role> with worker.

  4. Combine the userData.txt file and disableTemplating.txt file to create a data secret file by running the following command:

    1. $ oc -n openshift-machine-api create secret generic <role>-user-data-x5 \ (1)
    2. --from-file=userData=userData.txt \
    3. --from-file=disableTemplating=disableTemplating.txt
    1For <role>-user-data-x5, specify the name of the secret. Replace <role> with worker.

  5. Copy an existing Azure MachineSet custom resource (CR) and edit it by running the following command:

    1. $ oc edit machineset <machine-set-name>

    where <machine-set-name> is the machine set that you want to provision machines with ultra disks.

  6. Add the following lines in the positions indicated:

    1. apiVersion: machine.openshift.io/v1beta1
    2. kind: MachineSet
    3. spec:
    4.   template:
    5.     spec:
    6.       metadata:
    7.         labels:
    8.           disk: ultrassd (1)
    9.       providerSpec:
    10.         value:
    11.           ultraSSDCapability: Enabled (2)
    12.           dataDisks: (2)
    13.           - nameSuffix: ultrassd
    14.             lun: 0
    15.             diskSizeGB: 4
    16.             deletionPolicy: Delete
    17.             cachingType: None
    18.             managedDisk:
    19.               storageAccountType: UltraSSD_LRS
    20.           userDataSecret:
    21.             name: <role>-user-data-x5 (3)
    1Specify a label to use to select a node that is created by this machine set. This procedure uses disk.ultrassd for this value.
    2These lines enable the use of ultra disks. For dataDisks, include the entire stanza.
    3Specify the user data secret created earlier. Replace <role> with worker.

  7. Create a machine set using the updated configuration by running the following command:

    1. $ oc create -f <machine-set-name>.yaml

Verification

  1. Validate that the machines are created by running the following command:

    1. $ oc get machines

    The machines should be in the Running state.

  2. For a machine that is running and has a node attached, validate the partition by running the following command:

    1. $ oc debug node/<node-name> -- chroot /host lsblk

    In this command, oc debug node/<node-name> starts a debugging shell on the node <node-name> and passes a command with --. The passed command chroot /host provides access to the underlying host OS binaries, and lsblk shows the block devices that are attached to the host OS machine.

Next steps

  • To use an ultra disk from within a pod, create a workload that uses the mount point. Create a YAML file similar to the following example:

    1. apiVersion: v1
    2. kind: Pod
    3. metadata:
    4.   name: ssd-benchmark1
    5. spec:
    6.   containers:
    7.   - name: ssd-benchmark1
    8.     image: nginx
    9.     ports:
    10.       - containerPort: 80
    11.         name: "http-server"
    12.     volumeMounts:
    13.     - name: lun0p1
    14.       mountPath: "/tmp"
    15.   volumes:
    16.     - name: lun0p1
    17.       hostPath:
    18.         path: /var/lib/lun0p1
    19.         type: DirectoryOrCreate
    20.   nodeSelector:
    21.     disktype: ultrassd

Troubleshooting resources for machine sets that enable ultra disks

Use the information in this section to understand and recover from issues you might encounter.

Incorrect ultra disk configuration

If an incorrect configuration of the ultraSSDCapability parameter is specified in the machine set, the machine provisioning fails.

For example, if the ultraSSDCapability parameter is set to Disabled, but an ultra disk is specified in the dataDisks parameter, the following error message appears:

  1. StorageAccountType UltraSSD_LRS can be used only when additionalCapabilities.ultraSSDEnabled is set.
  • To resolve this issue, verify that your machine set configuration is correct.

Unsupported disk parameters

If a region, availability zone, or instance size that is not compatible with ultra disks is specified in the machine set, the machine provisioning fails. Check the logs for the following error message:

  1. failed to create vm <machine_name>: failure sending request for machine <machine_name>: cannot create vm: compute.VirtualMachinesClient#CreateOrUpdate: Failure sending request: StatusCode=400 -- Original Error: Code="BadRequest" Message="Storage Account type 'UltraSSD_LRS' is not supported <more_information_about_why>."
  • To resolve this issue, verify that you are using this feature in a supported environment and that your machine set configuration is correct.

Unable to delete disks

If the deletion of ultra disks as data disks is not working as expected, the machines are deleted and the data disks are orphaned. You must delete the orphaned disks manually if desired.

Enabling customer-managed encryption keys for a machine set

You can supply an encryption key to Azure to encrypt data on managed disks at rest. You can enable server-side encryption with customer-managed keys by using the Machine API.

An Azure Key Vault, a disk encryption set, and an encryption key are required to use a customer-managed key. The disk encryption set must be in a resource group where the Cloud Credential Operator (CCO) has granted permissions. If not, an additional reader role is required to be granted on the disk encryption set.

Prerequisites

Procedure

  • Configure the disk encryption set under the providerSpec field in your machine set YAML file. For example:

    1. providerSpec:
    2.   value:
    3.     osDisk:
    4.       diskSizeGB: 128
    5.       managedDisk:
    6.         diskEncryptionSet:
    7.           id: /subscriptions/<subscription_id>/resourceGroups/<resource_group_name>/providers/Microsoft.Compute/diskEncryptionSets/<disk_encryption_set_name>
    8.         storageAccountType: Premium_LRS

Additional resources

Accelerated Networking for Microsoft Azure VMs

Accelerated Networking uses single root I/O virtualization (SR-IOV) to provide Microsoft Azure VMs with a more direct path to the switch. This enhances network performance. This feature can be enabled during or after installation.

Limitations

Consider the following limitations when deciding whether to use Accelerated Networking:

  • Accelerated Networking is only supported on clusters where the Machine API is operational.

  • Although the minimum requirement for an Azure worker node is two vCPUs, Accelerated Networking requires an Azure VM size that includes at least four vCPUs. To satisfy this requirement, you can change the value of vmSize in your machine set. For information about Azure VM sizes, see Microsoft Azure documentation.

  • When this feature is enabled on an existing Azure cluster, only newly provisioned nodes are affected. Currently running nodes are not reconciled. To enable the feature on all nodes, you must replace each existing machine. This can be done for each machine individually, or by scaling the replicas down to zero, and then scaling back up to your desired number of replicas.

Additional resources

Enabling Accelerated Networking on an existing Microsoft Azure cluster

You can enable Accelerated Networking on Azure by adding acceleratedNetworking to your machine set YAML file.

Prerequisites

  • Have an existing Microsoft Azure cluster where the Machine API is operational.

Procedure

  • Add the following to the providerSpec field:

    1. providerSpec:
    2.   value:
    3.     acceleratedNetworking: true (1)
    4.     vmSize: <azure-vm-size> (2)
    1This line enables Accelerated Networking.
    2Specify an Azure VM size that includes at least four vCPUs. For information about VM sizes, see Microsoft Azure documentation.

Next steps

  • To enable the feature on currently running nodes, you must replace each existing machine. This can be done for each machine individually, or by scaling the replicas down to zero, and then scaling back up to your desired number of replicas.

Verification

  • On the Microsoft Azure portal, review the Networking settings page for a machine provisioned by the machine set, and verify that the Accelerated networking field is set to Enabled.

Additional resources