Validated Patterns

Azure requirements

This demo currently has been tested only on azure. The configuration tested used the openshift-install. OpenShift documentation contains details on how to do this.

The documentation outlines minimum required configuration for an azure account.

Changes required

Do not accept default sizes for OpenShift install. It is recommended to up the workers to at least Standard_D8s_v5. This can be done by using openshift-install create install-config first and adjusting the workers under platform e.g.:

- architecture: amd64
  hyperthreading: Enabled
  name: worker
  platform:
    azure:
      type: Standard_D8s_v5
  replicas: 3

On a cloud provider the virtual machines for the kata containers use "peer pods" which are running directly on the cloud provider’s hypervisor (see the diagram below). This means that access is required to the "confidential computing" virtual machine class. On Azure the Standard_DCas_v5 class of virtual machines are used. These virtual machines are NOT available in all regions. Users will also need to up the specific limits for Standard_DC2as_v5 virtual machines.

Schematic diagram of peer pods vs standard kata containers

DNS for the openshift cluster also MUST be provided by azure DNS.

Azure configuration required for the validated pattern

The validated pattern requires access to azure apis to provision peer-pod VMs and to obtain certificates from let’s encrypt.

Azure configuration information must be provided in two places:

  • The a secret must be loaded using a ../../../learn/secrets-management-in-the-validated-patterns-framework/[values-secret] file. The values-secret.yaml.template file provides the appropriate structure

  • A broader set of information about the cluster is required in values-global.yaml (see below).

global:
  azure:
    clientID: '' # Service principle ID
    subscriptionID: ''
    tenantID: '' # Tenant ID
    DNSResGroup: '' # Resource group for the azure DNS hosted zone
    hostedZoneName: '' # the hosted zone name
    clusterResGroup: '' # Resource group of the cluster
    clusterSubnet: '' # subnet of the cluster
    clusterNSG: '' # network security group of the worker nodes in the cluster
    clusterRegion: ''

QUICKLINKS

CONTRIBUTE

STAY IN TOUCH

Validated Patterns

Validated Patterns are an evolution of how you deploy applications in a hybrid cloud. With a pattern, you can automatically deploy a full application stack through a GitOps-based framework. With this framework, you can create business-centric solutions while maintaining a level of Continuous Integration (CI) over your application.