Terraform module to install Portworx into an OCP/ARO/IPI cluster on Azure, compatible with modules from https://modules.cloudnativetoolkit.dev
This module has 2 manual steps that must be completed before successful deployment:
- Azure service principal/credentials
- Portworx configuration
The provided scripts/portworx-prereq.sh
script will collect/create the necessary service principle. The script required the resource group name, cluster name, and cluster type as input. Optionally the subscription id can be provided. If not provided, the subscription id will be looked up.
-
Log into your Azure account using the
az
cli. -
Run the
scripts/portworx-prereq.sh
script../scripts/portworx-prereq.sh -t aro -g rg-name -n cluster-name
-
If successful, the output of the script will look like the following. The output values can be provided as input to the automation.
{ "azure_client_id": "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX", "azure_client_secret": "XXXXXXX", "azure_tenant_id": "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX", "azure_subscription_id": "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX" }
Alternatively, you can use known credentials for an existing service principal to allow Portworx to provision volumes for the cluster.
A service principal (service account) is used by the Portworx deployment to provision storage volumes that will be leveraged by Portworx once deployed into the OpenShift cluster. There are some specifics for service principals when deploying portworx, as detailed below:
-
ARO Clusters: - For ARO clusters, you must use the service principal that was created in the background when the ARO cluster was created.
-
IPI Clusters: - For IPI clusters, you must create a service principal that has the following permissions:
Microsoft.ContainerService/managedClusters/agentPools/read
Microsoft.Compute/disks/delete
Microsoft.Compute/disks/write
Microsoft.Compute/disks/read
Microsoft.Compute/virtualMachines/write
Microsoft.Compute/virtualMachines/read
Microsoft.Compute/virtualMachineScaleSets/virtualMachines/write
Microsoft.Compute/virtualMachineScaleSets/virtualMachines/read
Before attempting to deploy this module, you can log into the az
cli, and manually run the scripts/portworx-prereq.sh
script, which will handle both of these cases. This script will output the credentials that are required to successfully deploy Portworx into the cluster. The output will be a JSON structure like:
This module requires a Portworx configuration. Portworx is available in 2 flavors: Enterprise
and Essentials
.
Portworx Essentials is free forever, but only supports a maximum of 5 nodes on a cluster, 200 volumes, and 5TB of storage.
Portworx Enterprise requires a subscription (has 30 day free trial), supports over 1000 nodes per cluster, and has unlimited storage.
More detailed comparisons are available at: https://portworx.com/products/features/
Instructions for obtaining your portworx configuration are available at portworx config
You can see an example in the Example usage section below.
The module depends on the following software components:
- terraform >= v0.15
- nil
This module makes use of the output from other modules:
- github.com/cloud-native-toolkit/terraform-ocp-login.git
- provides the
cluster_config_file
variable for theazure-portworx
module.
- provides the
Note: osb_endpoint
and user_id
are only required in portworx_config
if type
is essentials
. These values are not required for type enterprise
.
module "cluster-login" {
source = "github.com/cloud-native-toolkit/terraform-ocp-login.git"
server_url = var.server_url
login_user = var.cluster_username
login_password = var.cluster_password
login_token = ""
ca_cert = var.ca_cert
}
module "azure-portworx" {
source = "./module"
azure_client_id = var.azure_client_id
azure_client_secret = var.azure_client_secret
azure_subscription_id = var.azure_subscription_id
azure_tenant_id = var.azure_tenant_id
cluster_config_file = module.terraform-ocp-login.platform.kubeconfig
cluster_type = "IPI"
portworx_spec_file = "${path.module}/px_spec.yaml"
}
This module is a derivative of https://github.com/ibm-hcbt/terraform-ibm-cloud-pak/tree/main/modules/portworx_aws