zhongwei/gh-openshift-eng-ai-helpers-plugins-hcp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
9fc59ddec1c1872154d7c04d72fa60d89f9ecc8b
gh-openshift-eng-ai-helpers…/skills/hcp-create-azure/SKILL.md
Zhongwei Li 9fc59ddec1 Initial commit
2025-11-30 08:45:56 +08:00

130 lines
4.1 KiB
Markdown
Raw Blame History

---
name: HyperShift Azure Provider
description: Use this skill when you need to deploy HyperShift clusters on Microsoft Azure with proper identity configuration and resource management
---
# HyperShift Azure Provider
This skill provides implementation guidance for creating HyperShift clusters on Azure, focusing on self-managed control plane configuration, resource group management, and Azure identity integration.
## When to Use This Skill
This skill is automatically invoked by the `/hcp:generate azure` command to guide the Azure provider cluster creation process.
## Prerequisites
- Azure CLI configured with appropriate credentials
- Azure subscription with sufficient quotas
- HyperShift operator installed and configured
- Pull secret for accessing OpenShift images
## Azure Provider Overview
### Azure Provider Peculiarities
- **Self-managed control plane only:** For ARO HCP use ARO CLI instead
- **Resource groups:** Auto-created during cluster creation
- **Limited region availability:** Not all Azure regions support all features
- **Azure identity required:** Service principal or managed identity configuration
- **Virtual network integration:** Requires proper VNet configuration
- **Control plane runs on Azure VMs:** Managed by HyperShift operator
### Identity Configuration Options
Choose one of three identity methods:
1. **Managed + Data Plane Identities:** Use `--managed-identities-file` AND `--data-plane-identities-file`
2. **Workload Identities:** Use `--workload-identities-file`
3. **OIDC Integration:** Use `--oidc-issuer-url`
## Implementation Steps
### Step 1: Parse Environment Requirements
**Environment Detection:**
- **Development:** "dev", "testing", "demo" → Standard_D4s_v3, SingleReplica
- **Production:** "prod", "enterprise" → Standard_D8s_v3+, HighlyAvailable
### Step 2: Interactive Parameter Collection
**Required Parameters:**
1. **Cluster Name & Location**
```
🔹 **Cluster Name**: What would you like to name your cluster?
🔹 **Azure Location**: Which Azure region? [default: eastus]
```
2. **Identity Configuration Method**
```
🔹 **Identity Method**: Choose Azure identity configuration:
1. Managed + Data Plane Identities (recommended)
2. Workload Identities
3. OIDC Integration
```
3. **Resource Group Configuration**
```
🔹 **Resource Group**: Name for the resource group?
[default: {cluster-name}-rg]
```
### Step 3: Generate Command
**Development Configuration:**
```bash
hypershift create cluster azure \
--name dev-cluster \
--namespace dev-cluster-ns \
--location eastus \
--pull-secret /path/to/pull-secret.json \
--release-image quay.io/openshift-release-dev/ocp-release:4.18.0-multi \
--resource-group-name dev-cluster-rg \
--base-domain example.com \
--managed-identities-file /path/to/managed-identities.json \
--data-plane-identities-file /path/to/data-plane-identities.json
```
**Production Configuration:**
```bash
hypershift create cluster azure \
--name production-cluster \
--namespace production-cluster-ns \
--location eastus \
--pull-secret /path/to/pull-secret.json \
--release-image quay.io/openshift-release-dev/ocp-release:4.18.0-multi \
--resource-group-name production-cluster-rg \
--base-domain clusters.company.com \
--managed-identities-file /path/to/managed-identities.json \
--data-plane-identities-file /path/to/data-plane-identities.json \
--control-plane-availability-policy HighlyAvailable
```
## Error Handling
### Identity Configuration Issues
```
Azure identity files not found or invalid.
Required files for managed identity method:
1. managed-identities.json
2. data-plane-identities.json
Generate using Azure CLI:
az identity create --name hypershift-managed-identity
```
### Resource Group Conflicts
```
Resource group "cluster-rg" already exists.
Options:
1. Use existing resource group (ensure proper permissions)
2. Choose different name
3. Delete existing resource group (if safe)
```
## See Also
- [HyperShift Azure Provider Documentation](https://hypershift.openshift.io/how-to/azure/)
- [Azure Resource Manager Documentation](https://docs.microsoft.com/en-us/azure/azure-resource-manager/)
Reference in New Issue View Git Blame Copy Permalink