Merge pull request #106656 from sakthi-vetrivel/aro-4.3

v-albemi · web-flow · commit 5e4413706bd9 · 2020-03-06T10:40:44.000-08:00
Adding docs for ARO 4.3 preview
diff --git a/articles/openshift/howto-azure-monitor-v4.md b/articles/openshift/howto-azure-monitor-v4.md
@@ -0,0 +1,92 @@
+---
+title: Azure Monitor integration for Azure Red Hat OpenShift 4.3
+description:  Learn how to enable Azure Monitor on your Microsoft Azure Red Hat OpenShift cluster.
+author: sakthi-vetrivel
+ms.author: suvetriv
+ms.service: container-service
+ms.topic: conceptual
+ms.date: 03/06/2020
+---
+
+# Azure Monitor integration for Azure Red Hat OpenShift 4.3
+
+> [!IMPORTANT]
+> Azure Red Hat OpenShift 4.3 is offered in preview. Preview features are self-service and are provided as is and as available and are excluded from the service-level agreement (SLA) and limited warranty. Therefore, the features aren't meant for production use. 
+
+This article describes how to enable the private preview of Azure Monitor for containers for OpenShift 4.3 clusters hosted on-prem or in any cloud environment. The same instructions also apply to enable monitoring for Azure Red Hat OpenShift (ARO) 4.3 clusters.  
+
+## Prerequisites
+
+- [Azure CLI](https://docs.microsoft.com/cli/azure/install-azure-cli?view=azure-cli-latest)
+- [Helm 3](https://helm.sh/docs/intro/install/)
+- Access to kubeconfig of the kubernetes cluster
+- Access to an Azure subscription
+- Access to the OpenShift 4.3 cluster to install the Azure Monitor for Containers Helm chart
+- Minimum Contributor RBAC role permission on the Azure Subscription  
+- Monitoring Agent requires the following outbound ports - and domains to send the monitoring data to the Azure Monitor backend (If blocked by proxy/firewall):
+  - *.ods.opinsights.azure.com 443
+  - *.oms.opinsights.azure.com 443
+  - *.blob.core.windows.net 443
+  - dc.services.visualstudio.com 443
+
+## Onboarding
+
+> [!TIP]
+> The script uses bash 4 features, so make sure your bash is up to date. You can check your current version with `bash --version`.
+
+### Download the onboarding script
+
+```bash
+curl -LO  https://raw.githubusercontent.com/microsoft/OMS-docker/ci_feature/docs/openshiftV4/onboarding_azuremonitor_for_containers.sh
+```
+
+Execute the following script with azureSubscriptionId, workspace Region, clusterName, and context of the Kubernetes cluster.
+
+```bash
+bash onboarding_azuremonitor_for_containers.sh <azureSubscriptionId> <azureRegionforLogAnalyticsWorkspace> <clusterName> <kubeconfigContextNameOftheCluster>
+```
+
+For example:
+
+```bash
+ bash onboarding_azuremonitor_for_containers.sh 27ac26cf-a9f0-4908-b300-9a4e9a0fb205 eastus myocp42 admin 
+```
+
+## Configure agent data collection
+
+By default, Monitoring Agent collects the {stdout; stderr} container logs of all the containers running in all the namespaces except kube-system.  If you want to configure the container log collection specific to particular namespace or namespaces, you can  refer to [Container Insights agent configuration](../azure-monitor/insights/container-insights-agent-config.md). Here, you can configure Monitoring agent with desired data collection settings using config map.
+
+## Configure scraping of Prometheus metrics
+
+Azure Monitor for containers scrapes the Prometheus metrics and ingest to the Azure Monitor backend. Refer to [Container Insights Prometheus configuration](../azure-monitor/insights/container-insights-prometheus-integration.md) for the instructions how to configure Prometheus scraping.
+
+After successful onboarding, navigate to [Hybrid Monitoring](https://aka.ms/azmon-containers-hybrid) and select Environment as **"All"** to view your newly onboarded OpenShift v4 cluster.
+
+## Disable monitoring
+
+If you would like to disable monitoring, you can delete the Azure Monitor for Containers Helm chart using the following command to stop collecting and ingesting monitoring data to Azure Monitor for containers backend.
+
+``` bash
+helm del azmon-containers-release-1
+```
+
+## Update monitoring
+
+Rerun the onboarding script as described in the [Onboarding](#onboarding) section with the same parameter to update to latest Helm chart.
+
+## After successful onboarding
+
+Navigate to [Hybrid Monitoring](https://aka.ms/azmon-containers-hybrid), and you can see your newly enabled OpenShift/ARO v4 cluster with health status in the **Monitored Clusters** tab. There, you can get into deeper insights such as metrics, inventory, and logs by clicking the **Cluster** column.
+
+## Supported features
+
+For more on the supported features and functionality, see [Container Insights overview](../azure-monitor/insights/container-insights-overview.md).
+
+Contact us via askcoin@microsoft.com for feedback and questions.
+
+## Next steps
+
+To learn more about monitoring, see:
+- [Container Insights overview](../azure-monitor/insights/container-insights-overview.md)
+
+- [Log Query overview](../azure-monitor/log-query/log-query-overview.md)
diff --git a/articles/openshift/howto-using-azure-redhat-openshift.md b/articles/openshift/howto-using-azure-redhat-openshift.md
@@ -0,0 +1,159 @@
+---
+title: Create an Azure Red Hat OpenShift 4.3 Cluster | Microsoft Docs
+description: Create a cluster with Azure Red Hat OpenShift 3.11
+author: lamek
+ms.author: suvetriv
+ms.service: container-service
+ms.topic: conceptual
+ms.date: 03/06/2020
+keywords: aro, openshift, az aro, red hat, cli
+#Customer intent: As a customer, I want to create an ARO custer using the command line.
+---
+
+# Create, access, and manage an Azure Red Hat OpenShift 4.3 Cluster
+
+> [!IMPORTANT]
+> Azure Red Hat OpenShift (ARO) 4.3 is offered in preview. Preview features are self-service and are provided as is and as available and are excluded from the service-level agreement (SLA) and limited warranty. Therefore, the features aren't meant for production use.
+
+## Prerequisites
+
+You'll need the following to create an Azure Red Hat OpenShift 4.3 cluster:
+
+- Azure CLI version 2.0.72 or greater
+  
+- The 'az aro' extension
+
+- A virtual network containing two empty subnets, each with no network security group attached.  Your cluster will be deployed into these subnets.
+
+- A cluster AAD application (client ID and secret) and service principal, or sufficient AAD permissions for `az aro create` to create an AAD application and service principal for you automatically.
+
+- The RP service principal and cluster service principal must each have the Contributor role on the cluster virtual network.  If you have the "User Access Administrator" role on the virtual network, `az aro create` will set up the role assignments for you automatically.
+
+### Install the 'az aro' extension
+The `az aro` extension allows you to create, access, and delete Azure Red Hat OpenShift clusters directly from the command line using the Azure CLI.
+
+> [!Note] 
+> The `az aro` extension is currenty in preview. It may be changed or removed in a future release.
+> To opt-in for the `az aro` extension preview you need to register the `Microsoft.RedHatOpenShift` resource provider.
+> 
+>    ```console
+>    az provider register -n Microsoft.RedHatOpenShift --wait
+>    ```
+
+1. Log in to Azure.
+
+   ```console
+   az login
+   ```
+
+2. Run the following command to install the `az aro` extension:
+
+   ```console
+   az extension add --source https://arosvc.blob.core.windows.net/az-preview/aro-0.1.0-py2.py3-none-any.whl
+   ```
+
+3. Verify the ARO extension is registered.
+
+   ```console
+   az -v
+   ...
+   Extensions:
+   aro                                0.1.0
+   ...
+   ```
+  
+### Create a virtual network containing two empty subnets
+
+Follow these steps to create a virtual network containing two empty subnets.
+
+1. Set the following variables.
+
+   ```console
+   LOCATION=eastus        #the location of your cluster
+   RESOURCEGROUP="v4-$LOCATION"    #the name of the resource group where you want to create your cluster
+   CLUSTER=cluster        #the name of your cluster
+   ```
+
+2. Create a resource group for your cluster.
+
+   ```console
+   az group create -g "$RESOURCEGROUP" -l $LOCATION
+   ```
+
+3. Create the virtual network.
+
+   ```console
+   az network vnet create \
+     -g "$RESOURCEGROUP" \
+     -n vnet \
+     --address-prefixes 10.0.0.0/9 \
+     >/dev/null
+   ```
+
+4. Add two empty subnets to your virtual network.
+
+   ```console
+    for subnet in "$CLUSTER-master" "$CLUSTER-worker"; do
+     az network vnet subnet create \
+       -g "$RESOURCEGROUP" \
+       --vnet-name vnet \
+       -n "$subnet" \
+       --address-prefixes 10.$((RANDOM & 127)).$((RANDOM & 255)).0/24 \
+       --service-endpoints Microsoft.ContainerRegistry \
+       >/dev/null
+   done
+   ```
+
+5. Disable network policies for Private Link Service on your virtual network and subnets. This is a requirement for the ARO service to access and manage the cluster.
+
+   ```console
+   az network vnet subnet update \
+     -g "$RESOURCEGROUP" \
+     --vnet-name vnet \
+     -n "$CLUSTER-master" \
+     --disable-private-link-service-network-policies true \
+     >/dev/null
+   ```
+
+## Create a cluster
+
+Run the following command to create a cluster.
+
+```console
+az aro create \
+  -g "$RESOURCEGROUP" \
+  -n "$CLUSTER" \
+  --vnet vnet \
+  --master-subnet "$CLUSTER-master" \
+  --worker-subnet "$CLUSTER-worker"
+```
+
+>[!NOTE]
+> It normally takes about 35 minutes to create a cluster.
+
+## Access the cluster console
+
+You can find the cluster console URL (of the form `https://console-openshift-console.apps.<random>.<location>.aroapp.io/`) under the Azure Red Hat OpenShift 4.3 cluster resource. Run the following command to view the resource:
+
+```console
+az aro list -o table
+```
+
+You can log into the cluster using the `kubeadmin` user.  Run the following command to find the password for the `kubeadmin` user:
+
+```dotnetcli
+az aro list-credentials -g "$RESOURCEGROUP" -n "$CLUSTER"
+```
+
+## Delete a cluster
+
+Run the following command to delete a cluster.
+
+```console
+az aro delete -g "$RESOURCEGROUP" -n "$CLUSTER"
+
+# (optional)
+for subnet in "$CLUSTER-master" "$CLUSTER-worker"; do
+  az network vnet subnet delete -g "$RESOURCEGROUP" --vnet-name vnet -n "$subnet"
+done
+```
diff --git a/articles/openshift/toc.yml b/articles/openshift/toc.yml
@@ -35,6 +35,12 @@
           href: howto-create-tenant.md
         - name: Create an Azure AD app object and user
           href: howto-aad-app-configuration.md
+    - name: Azure Red Hat OpenShift 4.3 (preview)
+      items:
+        - name: Create an Azure Red Hat OpenShift 4.3 cluster
+          href: howto-using-azure-redhat-openshift.md
+        - name: Set up Azure Monitor for Azure Red Hat OpenShift 4.3
+          href: howto-azure-monitor-v4.md
     - name: Deploy a standalone prometheus in an Azure Red Hat OpenShift cluster
       href: howto-deploy-prometheus.md
     - name: Manage projects in an Azure Red Hat OpenShift cluster
