Building Distributed Cloud using Kubernetes based Platforms

As more organizations are embarking on the digital transformation journey by moving their on-premises workloads to the Cloud, there are multiple migration paths to choose from — to re-host on Cloud IaaS service or refactor for the Cloud PaaS service or to go Serverless. One thought that every organizations’ migration board deliberates on before starting their Cloud journey is about the choice of the Cloud Service Provider(CSP) and getting locked in with them in the future. Hence, they constantly explore cloud-agnostic solutions to migrate their on-premises workloads to the cloud to ensure that the CSP exit strategy is available, which is mandatory due to continuously evolving data and other industry-specific regulations.

One such cloud-agnostic solution is to install Kubernetes-based containerization platforms such as IBM RedHat OpenShift or Rancher or VMware Tanzu on the CSP infrastructure, refactor the on-premises workloads to containers, and then deploy the container-based workloads on Kubernetes platforms on CSP’s infrastructure.

Containerized Applications Distributed across CSP and On-premises Data Center

This article will see how to prepare such a cloud-agnostic and secure environment to deploy on-premises applications as container-based workloads on the cloud by installing the trial version of IBM RedHat OpenShift on Microsoft Azure Cloud. Note: The trial version of the RedHat OpenShift will expire after a limited trial duration; hence use the licensed version for the production environment.

Prerequisites:

Step i — Should have Microsoft Azure Account and an active subscription.

Step ii — Purchase a DNS domain or host an existing one in Azure DNS. The advantage of opting for the purchase of a new Azure DNS Domain is that the OpenShift installation program automatically creates a DNS zone from the Base Domain and configures DNS name servers for it. The manual name server configuration is not needed(Refer Step 2 in RedHat OpenShift Installation on Azure section below). The OpenShift cluster on Microsoft Azure infrastructure will be accessed over the internet using this DNS domain.

Purchase Azure App Service Domain

Step iii — Using a valid RedHat account, log in to the OpenShift Portal and download the OpenShift installation program and the Command-line interface(CLI) for the OS of your choice along with the Pull secret.

Select Self-Managed Azure installation option on OpenShift Portal
Select User-provisioned infrastructure installation
RedHat OpenShift and Command-line interface installations for various OS

Step iv — Extract the OpenShift installer and the CLI tools and add the CLI tools (oc and kubectl) to the classpath of your Linux machine. Create an installation_directory to be used by the OpenShift installer to save the cluster authentication and other installation-related information.

RedHat OpenShift Installation on Microsoft Azure

Step 1 — Create a service principal for the RedHat OpenShift installation program in Azure Active Directory by registering the application and make a note on the application(client) ID and Directory(tenant) ID.

New Application Registration in Azure Active Directory
Application and Directory ID for the RedHat OpenShift service principal

Then go to the Certificates & secrets section in the left panel and Add the client secret. Copy the client secret and store it somewhere safe because the secret will not be visible after the first view.

Client secret for the service principal

Step 2 — Add Microsoft Graph API permissions and grant the admin consent for Default Directory.

Microsoft Graph API permissions for the service principal
Grant admin consent to APIs

Step 3 — Assign the Contributor and User Access Administrator Roles to the service principal to allow the RedHat OpenShift installation program to create the resources in Microsoft Azure.

Roles assignment to service principal

Step 4 — Ensure that Azure Subscription has enough resource quota to install the RedHat OpenShift cluster. Raise a support ticket in Microsoft Azure to increase the quota of vCPU to 40 as the default vCPU quota is 10 per region. OpenShift cluster requires 1 bootstrap virtual machine(Standard_D4s_v3) with 4vCPUs, 3 master nodes(Standard_D8s_v3) with 8 vCPUs per virtual machine, and 3 worker nodes(Standard_D4s_v3) with 4 vCPUs per virtual machine, thus making it 40 vCPUs.

Autoscaling can be enabled to deploy extra worker nodes based on the computational power needs of the workloads, provided the vCPU quota limit is available for the selected region. The installation program distributes master and worker nodes across all availability zones within the selected region to ensure high availability and resilient OpenShift Cluster.

Step 5 — Run the OpenShift installation command and provide the following inputs :

  • installation directory — provide the installation directory created in Step iv of prerequisites
  • Platform — select Azure from the options displayed on the command prompt
  • Azure subscription id — get the subscription id from the Azure portal.
  • Azure tenant id, Azure service principal client id, Azure service principal client secret — Get the values from Step 1 above.
  • Azure Region — select East-US as it offers three availability zones.
  • Base Domain — provide the App Service Domain created in Step ii of Prerequisites
  • Cluster Name — provide a suitable cluster name.
  • Pull secret — paste the contents of Pull secret downloaded from RedHat Portal in Step iii of prerequisites.
RedHat OpenShift installation

The installation program will take around 45 mins to complete the installation. In the end, it will display the environment variable export command, the OpenShift cluster URL, and the login credentials to access the cluster. Run the environment variable export command to make the cluster configuration available in the system environment. Use the oc commands to access the OpenShift cluster on Azure Cloud, as seen below.

Export environment variable and run oc commands

The below Azure Architecture diagram shows the resources created by the installation program to build the OpenShift cluster on Microsoft Azure. It includes a Virtual Network (VNet) with two subnets, one each for 3-master and 3-worker nodes along with their respective disks and network interface cards. It also includes a public load-balancer for master nodes and an internal load-balancer for worker nodes.

RedHat OpenShift Architecture on Azure
Azure Resources created by RedHat OpenShift Installation

Using the URL and the credentials displayed on the installation console, login to the RedHat OpenShift Cluster on Microsoft Azure.

IBM RedHat OpenShift running on Azure

Finally, the on-premises workloads can be containerized and moved to RedHat OpenShift Cluster on Microsoft Azure.

The OpenShift installation program is available for other CSP platforms like AWS and Google and the on-premises data centers. The installation approach on any of the selected platforms will remain almost the same with a few minor differences in platform-specific configurations like the DNS or the service principal, or the Role-Based Access Control(RBAC). Hence those should be configured accordingly.

Summary:

For organizations exploring the cloud platforms for moving their on-premises applications, third-party Kubernetes-based platforms provide an abstraction layer between the applications and underlying CSP, thus enabling the formation of the Multi-Cloud Model within the organization. Each business unit within the organization can choose infrastructure available from the CSP or on-premises data centers to install the Kubernetes-based platform depending on their business and data needs, thus resulting in a Distributed Cloud organization. This approach helps to achieve cloud portability, in addition to the out-of-the-box advantages like security, scalability, reliability, and cost optimization, which every other CSP provides.

The next part of this article will discuss the deployment of containerized microservices-based workloads on the IBM RedHat OpenShift Cluster.

Let me know if this article was helpful to you and what you would like to see in the next part of this article. I would love to hear your feedback!