openshift-eng/hcp-create-azure

HyperShift Azure Provider

This skill provides implementation guidance for creating HyperShift clusters on Azure, focusing on self-managed control plane configuration, resource group management, and Azure identity integration.

When to Use This Skill

This skill is automatically invoked by the /hcp:generate azure command to guide the Azure provider cluster creation process.

Prerequisites

• Azure CLI configured with appropriate credentials
• Azure subscription with sufficient quotas
• HyperShift operator installed and configured
• Pull secret for accessing OpenShift images

Azure Provider Overview

Azure Provider Peculiarities

• Self-managed control plane only: For ARO HCP use ARO CLI instead
• Resource groups: Auto-created during cluster creation
• Limited region availability: Not all Azure regions support all features
• Azure identity required: Service principal or managed identity configuration
• Virtual network integration: Requires proper VNet configuration
• Control plane runs on Azure VMs: Managed by HyperShift operator

Identity Configuration Options

Choose one of three identity methods:

1. Managed + Data Plane Identities: Use --managed-identities-file AND --data-plane-identities-file
2. Workload Identities: Use --workload-identities-file
3. OIDC Integration: Use --oidc-issuer-url

Implementation Steps

Step 1: Parse Environment Requirements

Environment Detection:

• Development: "dev", "testing", "demo" → Standard_D4s_v3, SingleReplica
• Production: "prod", "enterprise" → Standard_D8s_v3+, HighlyAvailable

Step 2: Interactive Parameter Collection

Required Parameters:

1. Cluster Name & Location

   🔹 **Cluster Name**: What would you like to name your cluster?
   🔹 **Azure Location**: Which Azure region? [default: eastus]
   

2. Identity Configuration Method

   🔹 **Identity Method**: Choose Azure identity configuration:
      1. Managed + Data Plane Identities (recommended)
      2. Workload Identities
      3. OIDC Integration
   

3. Resource Group Configuration

   🔹 **Resource Group**: Name for the resource group?
      [default: {cluster-name}-rg]
   

Step 3: Generate Command

Development Configuration:

hypershift create cluster azure \
  --name dev-cluster \
  --namespace dev-cluster-ns \
  --location eastus \
  --pull-secret /path/to/pull-secret.json \
  --release-image quay.io/openshift-release-dev/ocp-release:4.18.0-multi \
  --resource-group-name dev-cluster-rg \
  --base-domain example.com \
  --managed-identities-file /path/to/managed-identities.json \
  --data-plane-identities-file /path/to/data-plane-identities.json

Production Configuration:

hypershift create cluster azure \
  --name production-cluster \
  --namespace production-cluster-ns \
  --location eastus \
  --pull-secret /path/to/pull-secret.json \
  --release-image quay.io/openshift-release-dev/ocp-release:4.18.0-multi \
  --resource-group-name production-cluster-rg \
  --base-domain clusters.company.com \
  --managed-identities-file /path/to/managed-identities.json \
  --data-plane-identities-file /path/to/data-plane-identities.json \
  --control-plane-availability-policy HighlyAvailable

Error Handling

Identity Configuration Issues

Azure identity files not found or invalid.

Required files for managed identity method:
1. managed-identities.json
2. data-plane-identities.json

Generate using Azure CLI:
  az identity create --name hypershift-managed-identity

Resource Group Conflicts

Resource group "cluster-rg" already exists.

Options:
1. Use existing resource group (ensure proper permissions)
2. Choose different name
3. Delete existing resource group (if safe)

See Also

• HyperShift Azure Provider Documentation
• Azure Resource Manager Documentation