{"id":30120037,"url":"https://github.com/stakater/terraform-azure-openshift","last_synced_at":"2025-08-10T12:53:04.168Z","repository":{"id":93166742,"uuid":"222555961","full_name":"stakater/terraform-azure-openshift","owner":"stakater","description":"OpenShift on Azure with Terraform!","archived":false,"fork":false,"pushed_at":"2023-12-15T14:51:29.000Z","size":24,"stargazers_count":5,"open_issues_count":1,"forks_count":7,"subscribers_count":6,"default_branch":"master","last_synced_at":"2024-04-15T04:16:42.750Z","etag":null,"topics":["azure","ocp","okd","openshift","origin","stakater","terraform"],"latest_commit_sha":null,"homepage":"https://stakater.com/opensource","language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/stakater.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2019-11-18T22:20:59.000Z","updated_at":"2024-02-27T08:22:32.000Z","dependencies_parsed_at":"2023-05-14T03:15:51.903Z","dependency_job_id":null,"html_url":"https://github.com/stakater/terraform-azure-openshift","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/stakater/terraform-azure-openshift","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stakater%2Fterraform-azure-openshift","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stakater%2Fterraform-azure-openshift/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stakater%2Fterraform-azure-openshift/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stakater%2Fterraform-azure-openshift/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/stakater","download_url":"https://codeload.github.com/stakater/terraform-azure-openshift/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/stakater%2Fterraform-azure-openshift/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":269727088,"owners_count":24465397,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-10T02:00:08.965Z","response_time":71,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["azure","ocp","okd","openshift","origin","stakater","terraform"],"created_at":"2025-08-10T12:52:57.959Z","updated_at":"2025-08-10T12:53:04.159Z","avatar_url":"https://github.com/stakater.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Terraform Azure Openshift\n\nOpenShift on Azure with Terraform!\n\n[OpenShift Reference Architecture](https://blog.openshift.com/openshift-container-platform-reference-architecture-implementation-guides/) implementation on Azure using Terraform.\n\n![OpenShift Azure](https://blog.openshift.com/wp-content/uploads/refarch-ocp-on-azure-v6.png)\n\n## Setup\n\nMake sure you have Terraform(v0.11.x) in your PATH.\n\nLog in into Azure using [Azure CLI](https://docs.microsoft.com/en-us/cli/azure/?view=azure-cli-latest):\n\n```bash\naz login\n```\n\n### Generate Certificate\n\nTo generate certificate to be used by the openshift cluster, use the certs module. Configure the [cert.tfvars](certs/cert.tfvars) file as needed.\n\nTo generate the certificate using ACME, do:\n\n```bash\ncd certs\nterraform apply -var-file=cert.tfvars\n```\n\nTo get the certificate values, do:\n\n```bash\nterraform output public_certificate_pem\nterraform output public_certificate_key\nterraform output public_certificate_intermediate_pem\n```\n\nOnce the certificate is generated, you can use these certificates in either terraform-ocp.tfvars or terraform-okd.tfvars files according to your needs\n\n### Create Openshift stack\n\n#### Create service principal\n\nCreate a service principal which will allow terraform to create resources on your behalf on azure\n\n```bash\naz ad sp create-for-rbac -n {PRINCIPAL_NAME} --password {PASSWORD} --role contributor --scopes /subscriptions/{subscription-id}\n```\n\n#### Create resources\n\nYou can tweak the [OpenShift inventory file](openshift/provision/template-inventory.yaml). Its rendered, copied and executed on the server using [inventory.tf](openshift/inventory.tf).\n\nTo configure OKD, modify the variables in `openshift/terraform-okd.tfvars`, leave the empty variables and replace the variables filled with capital letters and apply:\n\n```bash\ncd openshift\nterraform apply -var-file=terraform-okd.tfvars\n```\n\nTo configure OCP, modify the variables in `openshift/terraform-ocp.tfvars`, replace the variables in capital letters and apply:\n\n```bash\ncd openshift\nterraform apply -var-file=terraform-ocp.tfvars\n```\n\nWhen finished, you will get the public IPs for the Bastion host and for both the External Load Balancer and the Router Load Balancer.\n\nIn order to SSH into the Bastion host use the key in the `keys` folder:\n\n```bash\nssh -i keys/bastion.key cloud-user@BASTION_IP\n```\n\nThe ```oc``` command is configured to be used in the Bastion host.\n\nAlso, you can access the other servers from bastion host e.g to access `master1` server execute the following on bastion\n\n```bash\nssh -i openshift.key cloud-user@master1.openshift.local\n```\n\n#### Scale up openshift stack\n\nTo scale up openshift stack, set the `scale_up` variable to true and add the configuration of new nodes under `OSEv3.children.new_nodes.hosts` in the `openshift/provision/template-inventory.yaml` e.g\n\n```yaml\nOSEv3:\n  children:\n    new_nodes:\n      hosts:\n        infra2.openshift.local:\n           openshift_node_group_name: node-config-infra\n```\n\nand simply do terraform apply.\n\n## Troubleshooting\n\n### Re-executing scripts\n\n- If you have changed some config file in the `openshift/provision` folder and need to re apply the config on the stack then chances are it won't get triggered automatically. This is done by design to avoid automatic deployment e.g in case of scale up. In case you have to re apply the config on the server then use the `terraform taint` command. e.g you have the changed the inventory file and want to re-apply the deploy cluster script then you need to first do:\n\n```bash\nterraform taint null_resource.main\n```\n\nand then do terraform apply\n\n### Scaling up/ Creating stack fails because server could not be reached\n\nTerraform currently has an [issue](https://github.com/hashicorp/terraform/issues/17101) with resources depending on entire modules. The work around for this is to just re-apply the resource that failed (manually taint resources if needed).\n\n### Openshift sdn pods not starting\n\nOn certain AMIs, openshift sdn pods may not start causing the nodes to not become ready. This issue is caused when the network interface is not allowed to be managed by network manager. You can confirm this by reading the file `/etc/sysconfig/network-scripts/ifcfg-eth0` and make sure that `NM_CONTROLLED` is set to `yes`. To automate this, you can add the following task to your standard ansible node config.\n\n```bash\n- name: Allow network to be controlled by Network Manager\n  lineinfile:\n    dest: /etc/sysconfig/network-scripts/ifcfg-eth0\n    regexp: '^NM_CONTROLLED=no$'\n    line: 'NM_CONTROLLED=yes'\n    backrefs: yes\n```\n\nFor this repo, it is already added to `openshift/provision/node-config-playbook.yaml`\n\n### ansible-playbook: command not found\n\n```bash\nnull_resource.bastion_config (remote-exec): Connected!\nnull_resource.bastion_config (remote-exec): Loaded plugins: langpacks, product-id,\nnull_resource.bastion_config (remote-exec):               : search-disabled-repos,\nnull_resource.bastion_config (remote-exec):               : subscription-manager\nnull_resource.bastion_config (remote-exec): This system is registered with an entitlement server, but is not receiving updates. You can use subscription-manager to assign subscriptions.\nnull_resource.bastion_config (remote-exec): No package ansible available.\nnull_resource.bastion_config (remote-exec): Error: Nothing to do\nnull_resource.bastion_config (remote-exec): /home/cloud-user/bastion-config.sh: line 4: ansible-playbook: command not found\n\nError: Error applying plan:\n\n1 error(s) occurred:\n\n* null_resource.bastion_config: error executing \"/tmp/terraform_1606393123.sh\": Process exited with status 127\n```\n\nThis issue was due to the existing subscriptions that was causing some packages to not be installed that caused the above issue. This was resolved by removing the existing subsriptions.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fstakater%2Fterraform-azure-openshift","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fstakater%2Fterraform-azure-openshift","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fstakater%2Fterraform-azure-openshift/lists"}