This document contains the guideline to deploy Openshift Container Platform Cluster on Azure. There are many ways to create an OCP cluster on Azure and also it supports Azure Openshift offering which is completely managed, but we encourage to create cluster on our own to have full control.


Configuration and Deployment

There are two ways to deploy the cluster:


We encourage to create all the Infrastructure and deploy OCP on it using Terraform & Ansible scripts. You can clone stakater/terraform-azure-openshiftopen in new window repo and create an Openshift cluster on Azure by following the steps.

1. Generate Certificate

To generate certificate to be used by the openshift cluster, use the certs module. Configure the cert.tfvars in certs/ folder as needed.

To generate the certificate using ACME, do:

cd certs
terraform apply -var-file=cert.tfvars

To get the certificate values, do:

terraform output public_certificate_pem
terraform output public_certificate_key
terraform output public_certificate_intermediate_pem

Once the certificate is generated, you can use these certificates in either terraform-ocp.tfvars or terraform-okd.tfvars files according to your needs

2. Create service principal

Create a service principal which will allow terraform to create resources on your behalf on azure

az ad sp create-for-rbac -n {PRINCIPAL_NAME} --password {PASSWORD} --role contributor --scopes /subscriptions/{subscription-id}

3. Create resources

You can tweak the openshift/provision/template-inventory.yaml. Its rendered, copied and executed on the server using openshift/

To configure OKD, modify the variables in openshift/terraform-okd.tfvars, leave the empty variables and replace the variables filled with capital letters with your variables and apply:

cd openshift
terraform apply -var-file=terraform-okd.tfvars

To configure OCP, modify the variables in openshift/terraform-ocp.tfvars, replace the variables in capital letters and apply:

cd openshift
terraform apply -var-file=terraform-ocp.tfvars

And your cluster will be ready. Today's cluster has been deployed using terraform.

Azure's RedHat OpenShift Container Platform Self-Managed

It is a simple method to bring up an Openshift cluster, you just have to pass configuration to it and it will create a cluster,


Follow the steps to deploy the cluster:

  1. Create a cluster using the Red Hat OpenShift Container Platform Self-Managed from the Azure Marketplace.

  2. Provide the cluster configuration in deployment wizard and deploy the cluster. List of required parameters are given below:

Parameter NameDescription
Admin UsernameCluster admin username
Add User SSH public keyCluster admin public SSH key
SubscriptionSubscription name
Resource GroupCreate a new resource group
LocationEurope west
OCP Cluster Name PrefixNIL
Node sizesSize should be changes to D2s_v3
Key vault Resource Group NameNIL
Key Vault NameNIL
Secret NameNIL
Virtual NetworkDefault new existing virtual network
Default CIDR Setting or Custom IP RangeDefault setting should be used
Openshift Admin User PasswordNIL
RedHat Subscription Manager User NameNIL
RedHat Subscription Manager User PasswordNIL
RedHat Subscription Manager Openshift Pool IDNIL
RedHat Subscription Manager Openshift Pool ID for Broker / Master NodesNIL
Azure AD Service Principal Client ID GUIDNIL
Azure AD Service Principal Client ID SecretNIl
Container Native StorageDisable it.
Cluster LoggingDefault logging for the cluster. Enable it.
Configure Metrics for clusterDisable it.
Default Router SubdomainSubdomain that will be used for routes in the cluster.


NIL means that the paramter doesn't require any description because parameter name is self-explanatory. Details can be found on Azure offical documentation.

  1. Once cluster is deployed, the cluster can be accessed by these two methods:

    1. Kube config: It is available on the bastion node. Bastion node can be accessed using the public key provided at the time of cluster deployment. Get the public ip of bastion node from the Azure portal Cluster Resource Group -> Bastion public IP. Use the command given below to access the bastion node.
    ssh -i ~/.ssh/private_key <cluster-admin-name>@<bastion-node-public-ip>
    1. Cluster Dashboard: Cluster console URL is available at this location Cluster Resource Group -> Deployments -> redhat.openshift-container-platform-XXXXX -> Outputs -> OpenshiftConsoleURL.
  2. Add an wildcard entry in the Route53/DNS record for the cluster infra load balancer's ip address.

  3. Resize the infra nodes to DS2_v2 because default DS2_v3 only allows 4 disk to be attached to a node but more disks are required. DS2_v2 allows 8 disks to be attached.

Issues Faced

  • You cannot manage it completely e.g. it will create self signed certs for the console url, which browsers does not support so it will be Not Secure.

  • You cannot change the count of master and infra nodes.

  • There are very little Azure VM Families, you can chose from the portal, and the default VM doesn't support attaching more than 4 disks per node.