Creating a compute machine set on Azure Stack Hub

    This sample YAML defines a compute machine set that runs in the 1 Microsoft Azure zone in a region and creates nodes that are labeled with node-role.kubernetes.io/<role>: "".

    In this sample, <infrastructure_id> is the infrastructure ID label that is based on the cluster ID that you set when you provisioned the cluster, and <role> is the node label to add.

    1. apiVersion: machine.openshift.io/v1beta1
    2. kind: MachineSet
    3. metadata:
    4.   labels:
    5.     machine.openshift.io/cluster-api-cluster: <infrastructure_id> (1)
    6.     machine.openshift.io/cluster-api-machine-role: <role> (2)
    7.     machine.openshift.io/cluster-api-machine-type: <role> (2)
    8.   name: <infrastructure_id>-<role>-<region> (3)
    9.   namespace: openshift-machine-api
    10. spec:
    11.   replicas: 1
    12.   selector:
    13.     matchLabels:
    14.       machine.openshift.io/cluster-api-cluster: <infrastructure_id> (1)
    15.       machine.openshift.io/cluster-api-machineset: <infrastructure_id>-<role>-<region> (3)
    16.   template:
    17.     metadata:
    18.       creationTimestamp: null
    19.       labels:
    20.         machine.openshift.io/cluster-api-cluster: <infrastructure_id> (1)
    21.         machine.openshift.io/cluster-api-machine-role: <role> (2)
    22.         machine.openshift.io/cluster-api-machine-type: <role> (2)
    23.         machine.openshift.io/cluster-api-machineset: <infrastructure_id>-<role>-<region> (3)
    24.     spec:
    25.       metadata:
    26.         creationTimestamp: null
    27.         labels:
    28.           node-role.kubernetes.io/<role>: "" (2)
    29.       providerSpec:
    30.         value:
    31.           apiVersion: machine.openshift.io/v1beta1
    32.           availabilitySet: <availability_set> (6)
    33.           credentialsSecret:
    34.             name: azure-cloud-credentials
    35.             namespace: openshift-machine-api
    36.           image:
    37.             offer: ""
    38.             publisher: ""
    39.             resourceID: /resourceGroups/<infrastructure_id>-rg/providers/Microsoft.Compute/images/<infrastructure_id> (1)
    40.             sku: ""
    41.             version: ""
    42.           internalLoadBalancer: ""
    43.           kind: AzureMachineProviderSpec
    44.           location: <region> (4)
    45.           managedIdentity: <infrastructure_id>-identity (1)
    46.           metadata:
    48.           networkResourceGroup: ""
    49.           osDisk:
    50.             diskSizeGB: 128
    51.             managedDisk:
    52.               storageAccountType: Premium_LRS
    53.             osType: Linux
    54.           publicIP: false
    55.           publicLoadBalancer: ""
    56.           resourceGroup: <infrastructure_id>-rg (1)
    57.           sshPrivateKey: ""
    58.           sshPublicKey: ""
    59.           subnet: <infrastructure_id>-<role>-subnet  (1) (2)
    60.           userDataSecret:
    61.             name: worker-user-data (2)
    62.           vmSize: Standard_DS4_v2
    63.           vnet: <infrastructure_id>-vnet (1)
    64.           zone: "1" (5)
    1Specify the infrastructure ID that is based on the cluster ID that you set when you provisioned the cluster. If you have the OpenShift CLI installed, you can obtain the infrastructure ID by running the following command:
    1. $ oc get -o jsonpath=’{.status.infrastructureName}{“\n”}’ infrastructure cluster

    You can obtain the subnet by running the following command:

    1. $  oc -n openshift-machine-api \
    2.     -o jsonpath=’{.spec.template.spec.providerSpec.value.subnet}{“\n”}’ \
    3.     get machineset/<infrastructure_id>-worker-centralus1

    You can obtain the vnet by running the following command:

    1. $  oc -n openshift-machine-api \
    2.     -o jsonpath=’{.spec.template.spec.providerSpec.value.vnet}{“\n”}’ \
    3.     get machineset/<infrastructure_id>-worker-centralus1
    2Specify the node label to add.
    3Specify the infrastructure ID, node label, and region.
    4Specify the region to place machines on.
    5Specify the zone within your region to place machines on. Be sure that your region supports the zone that you specify.
    6Specify the availability set for the cluster.

    In addition to the compute machine sets created by the installation program, you can create your own to dynamically manage the machine compute resources for specific workloads of your choice.

    Prerequisites

    • Deploy an OKD cluster.

    • Install the OpenShift CLI (oc).

    • Log in to oc as a user with cluster-admin permission.

    • Create an availability set in which to deploy Azure Stack Hub compute machines.

    Procedure

    1. Ensure that you set the <availabilitySet>, <clusterID>, and <role> parameter values.

    2. Optional: If you are not sure which value to set for a specific field, you can check an existing compute machine set from your cluster.

      1. To list the compute machine sets in your cluster, run the following command:

        Example output

        1. NAME                                DESIRED   CURRENT   READY   AVAILABLE   AGE
        2. agl030519-vplxk-worker-us-east-1a   1         1         1       1           55m
        3. agl030519-vplxk-worker-us-east-1b   1         1         1       1           55m
        4. agl030519-vplxk-worker-us-east-1c   1         1         1       1           55m
        5. agl030519-vplxk-worker-us-east-1d   0         0                             55m
        6. agl030519-vplxk-worker-us-east-1e   0         0                             55m
        7. agl030519-vplxk-worker-us-east-1f   0         0                             55m

      2. To view values of a specific compute machine set custom resource (CR), run the following command:

        1. $ oc get machineset <machineset_name> \
        2.   -n openshift-machine-api -o yaml

        Example output

        1. apiVersion: machine.openshift.io/v1beta1
        2. kind: MachineSet
        3. metadata:
        4.   labels:
        5.     machine.openshift.io/cluster-api-cluster: <infrastructure_id> (1)
        6.   name: <infrastructure_id>-<role> (2)
        7.   namespace: openshift-machine-api
        8. spec:
        9.   replicas: 1
        11.       machine.openshift.io/cluster-api-cluster: <infrastructure_id>
        12.       machine.openshift.io/cluster-api-machineset: <infrastructure_id>-<role>
        13.   template:
        14.     metadata:
        15.       labels:
        16.         machine.openshift.io/cluster-api-cluster: <infrastructure_id>
        17.         machine.openshift.io/cluster-api-machine-role: <role>
        18.         machine.openshift.io/cluster-api-machine-type: <role>
        19.         machine.openshift.io/cluster-api-machineset: <infrastructure_id>-<role>
        20.     spec:
        21.       providerSpec: (3)
        22.         ...

    3. Create a MachineSet CR by running the following command:

      1. $ oc create -f <file_name>.yaml

    Verification

    • View the list of compute machine sets by running the following command:

      Example output

      1. NAME                                DESIRED   CURRENT   READY   AVAILABLE   AGE
      2. agl030519-vplxk-infra-us-east-1a    1         1         1       1           11m
      3. agl030519-vplxk-worker-us-east-1a   1         1         1       1           55m
      4. agl030519-vplxk-worker-us-east-1b   1         1         1       1           55m
      5. agl030519-vplxk-worker-us-east-1c   1         1         1       1           55m
      6. agl030519-vplxk-worker-us-east-1d   0         0                             55m
      7. agl030519-vplxk-worker-us-east-1e   0         0                             55m
      8. agl030519-vplxk-worker-us-east-1f   0         0                             55m

      When the new compute machine set is available, the DESIRED and CURRENT values match. If the compute machine set is not available, wait a few minutes and run the command again.

    You can enable boot diagnostics on Azure machines that your machine set creates.

    Prerequisites

    • Have an existing Microsoft Azure Stack Hub cluster.

    • Add the diagnostics configuration that is applicable to your storage type to the providerSpec field in your machine set YAML file:

      • For an Azure Managed storage account:

        1. providerSpec:
        2.   diagnostics:
        3.     boot:
        4.       storageAccountType: AzureManaged (1)

      • For an Azure Unmanaged storage account:

        1. providerSpec:
        2.   diagnostics:
        3.     boot:
        4.       storageAccountType: CustomerManaged (1)
        5.       customerManaged:
        6.         storageAccountURI: https://<storage-account>.blob.core.windows.net (2)
        1Specifies an Azure Unmanaged storage account.
        2Replace <storage-account> with the name of your storage account.

    Verification

    • On the Microsoft Azure portal, review the Boot diagnostics page for a machine deployed by the machine set, and verify that you can see the serial logs for the machine.

    You can supply an encryption key to Azure to encrypt data on managed disks at rest. You can enable server-side encryption with customer-managed keys by using the Machine API.

    An Azure Key Vault, a disk encryption set, and an encryption key are required to use a customer-managed key. The disk encryption set must be in a resource group where the Cloud Credential Operator (CCO) has granted permissions. If not, an additional reader role is required to be granted on the disk encryption set.

    Prerequisites

    Procedure

    • Configure the disk encryption set under the providerSpec field in your machine set YAML file. For example:

      1. providerSpec:
      2.   value:
      3.     osDisk:
      4.       diskSizeGB: 128
      5.       managedDisk:
      6.         diskEncryptionSet:
      7.           id: /subscriptions/<subscription_id>/resourceGroups/<resource_group_name>/providers/Microsoft.Compute/diskEncryptionSets/<disk_encryption_set_name>

    Additional resources