Creating a compute machine set on Azure Stack Hub

You can create a different compute machine set to serve a specific purpose in your OKD cluster on Microsoft Azure Stack Hub. For example, you might create infrastructure machine sets and related machines so that you can move supporting workloads to the new machines.

You can use the advanced machine management and scaling capabilities only in clusters where the Machine API is operational. Clusters with user-provisioned infrastructure require additional validation and configuration to use the Machine API.

Clusters with the infrastructure platform type none cannot use the Machine API. This limitation applies even if the compute machines that are attached to the cluster are installed on a platform that supports the feature. This parameter cannot be changed after installation.

To view the platform type for your cluster, run the following command:

  1. $ oc get infrastructure cluster -o jsonpath=’{.status.platform}’

Sample YAML for a compute machine set custom resource on Azure Stack Hub

This sample YAML defines a compute machine set that runs in the 1 Microsoft Azure zone in a region and creates nodes that are labeled with node-role.kubernetes.io/<role>: "".

In this sample, <infrastructure_id> is the infrastructure ID label that is based on the cluster ID that you set when you provisioned the cluster, and <role> is the node label to add.

  1. apiVersion: machine.openshift.io/v1beta1
  2. kind: MachineSet
  3. metadata:
  4. labels:
  5. machine.openshift.io/cluster-api-cluster: <infrastructure_id> (1)
  6. machine.openshift.io/cluster-api-machine-role: <role> (2)
  7. machine.openshift.io/cluster-api-machine-type: <role> (2)
  8. name: <infrastructure_id>-<role>-<region> (3)
  9. namespace: openshift-machine-api
  10. spec:
  11. replicas: 1
  12. selector:
  13. matchLabels:
  14. machine.openshift.io/cluster-api-cluster: <infrastructure_id> (1)
  15. machine.openshift.io/cluster-api-machineset: <infrastructure_id>-<role>-<region> (3)
  16. template:
  17. metadata:
  18. creationTimestamp: null
  19. labels:
  20. machine.openshift.io/cluster-api-cluster: <infrastructure_id> (1)
  21. machine.openshift.io/cluster-api-machine-role: <role> (2)
  22. machine.openshift.io/cluster-api-machine-type: <role> (2)
  23. machine.openshift.io/cluster-api-machineset: <infrastructure_id>-<role>-<region> (3)
  24. spec:
  25. metadata:
  26. creationTimestamp: null
  27. labels:
  28. node-role.kubernetes.io/<role>: "" (2)
  29. providerSpec:
  30. value:
  31. apiVersion: machine.openshift.io/v1beta1
  32. availabilitySet: <availability_set> (6)
  33. credentialsSecret:
  34. name: azure-cloud-credentials
  35. namespace: openshift-machine-api
  36. image:
  37. offer: ""
  38. publisher: ""
  39. resourceID: /resourceGroups/<infrastructure_id>-rg/providers/Microsoft.Compute/images/<infrastructure_id> (1)
  40. sku: ""
  41. version: ""
  42. internalLoadBalancer: ""
  43. kind: AzureMachineProviderSpec
  44. location: <region> (4)
  45. managedIdentity: <infrastructure_id>-identity (1)
  46. metadata:
  47. creationTimestamp: null
  48. natRule: null
  49. networkResourceGroup: ""
  50. osDisk:
  51. diskSizeGB: 128
  52. managedDisk:
  53. storageAccountType: Premium_LRS
  54. osType: Linux
  55. publicIP: false
  56. publicLoadBalancer: ""
  57. resourceGroup: <infrastructure_id>-rg (1)
  58. sshPrivateKey: ""
  59. sshPublicKey: ""
  60. subnet: <infrastructure_id>-<role>-subnet (1) (2)
  61. userDataSecret:
  62. name: worker-user-data (2)
  63. vmSize: Standard_DS4_v2
  64. vnet: <infrastructure_id>-vnet (1)
  65. zone: "1" (5)
1Specify the infrastructure ID that is based on the cluster ID that you set when you provisioned the cluster. If you have the OpenShift CLI installed, you can obtain the infrastructure ID by running the following command:
  1. $ oc get -o jsonpath=’{.status.infrastructureName}{“\n”}’ infrastructure cluster

You can obtain the subnet by running the following command:

  1. $ oc -n openshift-machine-api \
  2. -o jsonpath=’{.spec.template.spec.providerSpec.value.subnet}{“\n”}’ \
  3. get machineset/<infrastructure_id>-worker-centralus1

You can obtain the vnet by running the following command:

  1. $ oc -n openshift-machine-api \
  2. -o jsonpath=’{.spec.template.spec.providerSpec.value.vnet}{“\n”}’ \
  3. get machineset/<infrastructure_id>-worker-centralus1
2Specify the node label to add.
3Specify the infrastructure ID, node label, and region.
4Specify the region to place machines on.
5Specify the zone within your region to place machines on. Be sure that your region supports the zone that you specify.
6Specify the availability set for the cluster.

Creating a compute machine set

In addition to the compute machine sets created by the installation program, you can create your own to dynamically manage the machine compute resources for specific workloads of your choice.

Prerequisites

  • Deploy an OKD cluster.

  • Install the OpenShift CLI (oc).

  • Log in to oc as a user with cluster-admin permission.

  • Create an availability set in which to deploy Azure Stack Hub compute machines.

Procedure

  1. Create a new YAML file that contains the compute machine set custom resource (CR) sample and is named <file_name>.yaml.

    Ensure that you set the <availabilitySet>, <clusterID>, and <role> parameter values.

  2. Optional: If you are not sure which value to set for a specific field, you can check an existing compute machine set from your cluster.

    1. To list the compute machine sets in your cluster, run the following command:

      1. $ oc get machinesets -n openshift-machine-api

      Example output

      1. NAME DESIRED CURRENT READY AVAILABLE AGE
      2. agl030519-vplxk-worker-us-east-1a 1 1 1 1 55m
      3. agl030519-vplxk-worker-us-east-1b 1 1 1 1 55m
      4. agl030519-vplxk-worker-us-east-1c 1 1 1 1 55m
      5. agl030519-vplxk-worker-us-east-1d 0 0 55m
      6. agl030519-vplxk-worker-us-east-1e 0 0 55m
      7. agl030519-vplxk-worker-us-east-1f 0 0 55m
    2. To view values of a specific compute machine set custom resource (CR), run the following command:

      1. $ oc get machineset <machineset_name> \
      2. -n openshift-machine-api -o yaml

      Example output

      1. apiVersion: machine.openshift.io/v1beta1
      2. kind: MachineSet
      3. metadata:
      4. labels:
      5. machine.openshift.io/cluster-api-cluster: <infrastructure_id> (1)
      6. name: <infrastructure_id>-<role> (2)
      7. namespace: openshift-machine-api
      8. spec:
      9. replicas: 1
      10. selector:
      11. matchLabels:
      12. machine.openshift.io/cluster-api-cluster: <infrastructure_id>
      13. machine.openshift.io/cluster-api-machineset: <infrastructure_id>-<role>
      14. template:
      15. metadata:
      16. labels:
      17. machine.openshift.io/cluster-api-cluster: <infrastructure_id>
      18. machine.openshift.io/cluster-api-machine-role: <role>
      19. machine.openshift.io/cluster-api-machine-type: <role>
      20. machine.openshift.io/cluster-api-machineset: <infrastructure_id>-<role>
      21. spec:
      22. providerSpec: (3)
      23. ...
      1The cluster infrastructure ID.
      2A default node label.

      For clusters that have user-provisioned infrastructure, a compute machine set can only create worker and infra type machines.

      3The values in the <providerSpec> section of the compute machine set CR are platform-specific. For more information about <providerSpec> parameters in the CR, see the sample compute machine set CR configuration for your provider.
  3. Create a MachineSet CR by running the following command:

    1. $ oc create -f <file_name>.yaml

Verification

  • View the list of compute machine sets by running the following command:

    1. $ oc get machineset -n openshift-machine-api

    Example output

    1. NAME DESIRED CURRENT READY AVAILABLE AGE
    2. agl030519-vplxk-infra-us-east-1a 1 1 1 1 11m
    3. agl030519-vplxk-worker-us-east-1a 1 1 1 1 55m
    4. agl030519-vplxk-worker-us-east-1b 1 1 1 1 55m
    5. agl030519-vplxk-worker-us-east-1c 1 1 1 1 55m
    6. agl030519-vplxk-worker-us-east-1d 0 0 55m
    7. agl030519-vplxk-worker-us-east-1e 0 0 55m
    8. agl030519-vplxk-worker-us-east-1f 0 0 55m

    When the new compute machine set is available, the DESIRED and CURRENT values match. If the compute machine set is not available, wait a few minutes and run the command again.

Enabling Azure boot diagnostics

You can enable boot diagnostics on Azure machines that your machine set creates.

Prerequisites

  • Have an existing Microsoft Azure Stack Hub cluster.

Procedure

  • Add the diagnostics configuration that is applicable to your storage type to the providerSpec field in your machine set YAML file:

    • For an Azure Managed storage account:

      1. providerSpec:
      2. diagnostics:
      3. boot:
      4. storageAccountType: AzureManaged (1)
      1Specifies an Azure Managed storage account.
    • For an Azure Unmanaged storage account:

      1. providerSpec:
      2. diagnostics:
      3. boot:
      4. storageAccountType: CustomerManaged (1)
      5. customerManaged:
      6. storageAccountURI: https://<storage-account>.blob.core.windows.net (2)
      1Specifies an Azure Unmanaged storage account.
      2Replace <storage-account> with the name of your storage account.

      Only the Azure Blob Storage data service is supported.

Verification

  • On the Microsoft Azure portal, review the Boot diagnostics page for a machine deployed by the machine set, and verify that you can see the serial logs for the machine.

Enabling customer-managed encryption keys for a machine set

You can supply an encryption key to Azure to encrypt data on managed disks at rest. You can enable server-side encryption with customer-managed keys by using the Machine API.

An Azure Key Vault, a disk encryption set, and an encryption key are required to use a customer-managed key. The disk encryption set must be in a resource group where the Cloud Credential Operator (CCO) has granted permissions. If not, an additional reader role is required to be granted on the disk encryption set.

Prerequisites

Procedure

  • Configure the disk encryption set under the providerSpec field in your machine set YAML file. For example:

    1. providerSpec:
    2. value:
    3. osDisk:
    4. diskSizeGB: 128
    5. managedDisk:
    6. diskEncryptionSet:
    7. id: /subscriptions/<subscription_id>/resourceGroups/<resource_group_name>/providers/Microsoft.Compute/diskEncryptionSets/<disk_encryption_set_name>
    8. storageAccountType: Premium_LRS

Additional resources