Control plane configuration options for Microsoft Azure

You can update your control plane machines to reflect changes in your infrastructure or environment by editing values in the control plane machine set specification.

When you save an update to the control plane machine set, the Control Plane Machine Set Operator updates the control plane machines according to your configured update strategy. For more information, see "Updating the control plane configuration".

The following example YAML snippets show provider specification and failure domain configurations for an Azure cluster.

Sample Azure provider specification

You can update your control plane machines to reflect changes in your underlying infrastructure by editing values in the control plane machine set provider specification.

The following example YAML illustrates a valid configuration for a Microsoft Azure cluster.

Note

When you create a control plane machine set for an existing cluster, the provider specification must match the providerSpec configuration in the control plane machine custom resource (CR) that the installation program creates.

You can omit any field that has a value set in the failure domain section of the CR.

In the following example, the <cluster_id> string is the infrastructure ID. The infrastructure ID matches the cluster ID that the installation program used during cluster provisioning. If you have the OpenShift CLI (oc) installed, you can obtain the infrastructure ID by running the following command:

$ oc get -o jsonpath='{.status.infrastructureName}{"\n"}' infrastructure cluster

Sample Azure providerSpec values

apiVersion: machine.openshift.io/v1
kind: ControlPlaneMachineSet
metadata:
  name: cluster
  namespace: openshift-machine-api
spec:
# ...
  template:
# ...
      spec:
        providerSpec:
          value:
            acceleratedNetworking: true
            apiVersion: machine.openshift.io/v1beta1
            credentialsSecret:
              name: azure-cloud-credential
              namespace: openshift-machine-api
            diagnostics: {}
            image:
              offer: ""
              publisher: ""
              resourceID: /resourceGroups/<cluster_id>-rg/providers/Microsoft.Compute/galleries/gallery_<cluster_id>/images/<cluster_id>-gen2/versions/412.86.20220930
              sku: ""
              version: ""
            internalLoadBalancer: <cluster_id>-internal
            kind: AzureMachineProviderSpec
            location: <region>
            managedIdentity: <cluster_id>-identity
            metadata:
              creationTimestamp: null
              name: <cluster_id>
            networkResourceGroup: <cluster_id>-rg
            osDisk:
              diskSettings: {}
              diskSizeGB: 1024
              managedDisk:
                storageAccountType: Premium_LRS
              osType: Linux
            publicIP: false
            publicLoadBalancer: <cluster_id>
            resourceGroup: <cluster_id>-rg
            subnet: <cluster_id>-master-subnet
            userDataSecret:
              name: master-user-data
            vmSize: Standard_D8s_v3
            vnet: <cluster_id>-vnet
            zone: "1"

where:

spec.template.spec.providerSpec.value.credentialsSecret.name

Specifies the secret name for the cluster. Do not change this value.

spec.template.spec.providerSpec.value.image

Specifies the image details for your control plane machine set.

spec.template.spec.providerSpec.value.image.resourceID

Specifies an image that is compatible with your instance type. The Hyper-V generation V2 images created by the installation program have a -gen2 suffix, while V1 images have the same name without the suffix.

spec.template.spec.providerSpec.value.internalLoadBalancer

Specifies the internal load balancer for the control plane. The ControlPlaneMachineSet and control plane Machine CRs require this field. If the field is empty, specify a valid value.

spec.template.spec.providerSpec.value.kind

Specifies the cloud provider platform type. Do not change this value.

spec.template.spec.providerSpec.value.location

Specifies the region to place control plane machines on.

spec.template.spec.providerSpec.value.osDisk

Specifies the disk configuration for the control plane.

spec.template.spec.providerSpec.value.publicLoadBalancer

Specifies the public load balancer for the control plane.

Note

You can omit the publicLoadBalancer parameter on private OpenShift Container Platform clusters that have user-defined outbound routing.

spec.template.spec.providerSpec.value.subnet

Specifies the subnet for the control plane.

spec.template.spec.providerSpec.value.userDataSecret

Specifies the control plane user data secret. Do not change this value.

spec.template.spec.providerSpec.value.zone

Specifies the zone configuration for clusters that use a single zone for all failure domains.

Note

If the cluster uses a different zone for each failure domain, configure this parameter in the failure domain. If you specify this value in the provider specification when using different zones for each failure domain, the Control Plane Machine Set Operator ignores it and uses the value in the failure domain.

Sample Azure failure domain configuration

To prevent downtime for your application due to the failure of a single Microsoft Azure region, you can configure failure domains in the control plane machine set. To use failure domains, you configure appropriate values in the failureDomains section of the ControlPlaneMachineSet custom resource (CR).

The control plane machine set concept of a failure domain is analogous to the Azure concept of an Azure availability zone. The ControlPlaneMachineSet CR spreads control plane machines across more than one failure domain when possible.

When configuring Azure failure domains in the control plane machine set, you must specify the availability zone name. An Azure cluster can use the following configurations:

• One subnet for each availability zone.

• One subnet that spans more than one availability zone.

• More than one subnet in more than one availability zone.

Sample Azure failure domain values

apiVersion: machine.openshift.io/v1
kind: ControlPlaneMachineSet
metadata:
  name: cluster
  namespace: openshift-machine-api
spec:
# ...
  template:
# ...
    machines_v1beta1_machine_openshift_io:
      failureDomains:
        azure:
        - zone: "1"
          subnet: <subnet_zone_1>
        - zone: "2"
          subnet: <subnet_zone_2>
        - zone: "3"
          subnet: <subnet_zone_3>
        platform: Azure
# ...

where:

spec.template.machines_v1beta1_machine_openshift_io.failureDomains.azure.zone

Each instance of zone specifies an Azure availability zone for a failure domain.

Note

If the cluster uses a single zone for all failure domains, the zone parameter is in the provider specification instead of in the failure domain configuration.

spec.template.machines_v1beta1_machine_openshift_io.failureDomains.azure.subnet

Optional: Specifies the network subnet in which to create the control plane VM. When omitted, the control plane machine set uses the subnet value from the machine providerSpec template.

spec.template.machines_v1beta1_machine_openshift_io.failureDomains.platform

Specifies the cloud provider platform name. Do not change this value.

Additional resources

• Updating the control plane configuration

• Configuring Microsoft Azure features for control plane machines