Configure OpenShift Container Platform Connection Details

Red Hat OpenShift is an open-source container application platform for developing and hosting enterprise-grade applications. You can deploy your containerized applications on your OpenShift clusters from within the Lazsa Platform. Here we assume that you already have a running OpenShift cluster.

Prerequisites and Required Permissions

The following table contains the details of the user inputs required in the OpenShift cluster connection details in the Lazsa Platform and the permissions that must be assigned to the OpenShift account.

User Input required in Lazsa	Required Permissions
Cluster Name Cluster URL Certificate authority data Token	Namespace- Create or list a namespace Deployment- Create, update, or delete a deployment Ingress - Create, update, or delete ingress Routes- Create, update, or delete routes HorizontalPodAutoscaler (HPA)- Create, update, or delete HPA

To access this cluster from within the Lazsa Platform, you must configure the cluster connection details as described in the following steps:

1. Sign in to the Lazsa Platform and click Configuration in the left navigation pane.

2. On the Platform Setup screen, on the Cloud Platform, Tools & Technologies tile, click Configure.
3. On the Cloud Platform, Tools & Technologies screen, in the OpenShift Container Platform section, click Configure.

   (After you save your first cluster connection details, you see the Modify button here.)
   
   

4. On the OpenShift Container Platform screen, click the OpenShift Container Platform tile.
5. Provide the following cluster connection details:
   • OpenShift Configuration Name: Give a local name to your configuration. Your OpenShift account connection details are saved by this name in the Lazsa Platform.
   • Cluster Name: Enter the name of your OpenShift cluster.
   • OpenShift Cluster URL: Enter your OpenShift cluster URL.
   • You can authenticate to your OpenShift cluster by using the token or the Kubeconfig file. Use one of the following options to provide authentication details to access your OpenShift cluster:
   Use Token
   With this option, you can use the authentication token to authenticate to your OpenShift cluster by any of the following ways:
   • Connect using Lazsa Orchestrator Agent

     Turn on this toggle to use Lazsa Orchestrator Agent to programmatically retrieve the OpenShift token value stored in your secrets management tool within your private network and to establish communication with your Kubernetes cluster.

     In the Lazsa Orchestrator Agent dropdown list, all your configured agents are displayed. Select the one you want to use to connect to your OpenShift cluster.

     The secrets management tool that the selected Orchestrator Agent is authorized to access for retrieving secrets is auto-selected. Specify the details of OpenShift secrets that the agent should retrieve from the secrets management tool. Currently, we support AWS Secrets Manager and Azure Key Vault.

     For AWS Secrets Manager, provide the secret name and token key where you store your OpenShift authentication token.

     

     For Azure Key Vault, provide the vault name and the name of the secret where you have stored the token.
     

     

   • Select Secret Manager

     If you don't use the Lazsa Orchestrator Agent, you can directly provide the authentication token in the configuration, or retrieve it from a secrets management tool of your choice (such as AWS Secrets Manager or Azure Key Vault). Do one of the following:

     • Select Lazsa and in the Token field, provide the authentication token. In this case, the token is securely stored in the Lazsa-managed secrets store.
     • Select AWS Secrets Manager. In the Secrets Management Tool dropdown list, the AWS Secrets Manager configurations that you save and activate in the Secret Management section on the Cloud Platform, Tools & Technologies screen are listed for selection. Select the configuration of your choice. Provide the name and the key of the secret where you have stored the token.
     • Select Azure Key Vault. In the Vault Configuration dropdown list, the Azure Key Vault configurations that you save and activate in the Secret Management section on the Cloud Platform, Tools & Technologies screen are listed for selection. Select the configuration of your choice. Provide the vault name and the name of the secret where you have stored the token.
   Upload Kubeconfig File

   Kubeconfig file is a YAML file that contains the OpenShift cluster details, certificate authority data, and the secret token to authenticate the cluster. You can use a Kubeconfig file to establish a connection with your running OpenShift cluster from within the Lazsa Platform. Depending on where you want to store the Kubeconfig file, do one of the following:

   • Connect using Lazsa Orchestrator Agent

     Turn on this toggle to use Lazsa Orchestrator Agent to programmatically resolve the details in the Kubeconfig file stored in your secrets management tool within your private network and to establish communication with your OpenShift cluster.

     In the Lazsa Orchestrator Agent dropdown list, all your configured agents are displayed. Select the one you want to use to connect to your OpenShift cluster.

     The secrets management tool that the selected Orchestrator Agent is authorized to access for retrieving secrets is auto-selected. Specify the details of OpenShift secrets that the agent should retrieve from the secrets management tool. Currently, we support AWS Secrets Manager as the secrets management tool to store your Kubeconfig file. Provide the name of the secret in AWS Secrets Manager where you store the Kubeconfig file details.

     

     Note:

     Currently, Azure Key Vault is not supported for the Upload Kubeconfig File option. If you use Azure Key Vault, go ahead with the Use Token option instead.

   • Select Secret Manager

     If you don't use the Lazsa Orchestrator Agent, you can directly upload the Kubeconfig file in the configuration, or retrieve it from AWS Secrets Manager. Do one of the following:

     • Select Lazsa and upload the Kubeconfig file in the drop zone. In this case, the Kubeconfig file is securely stored in the Lazsa-managed secrets store.
     • Select AWS Secrets Manager. In the Secrets Management Tool dropdown list, the AWS Secrets Manager configurations that you save and activate in the Secret Management section on the Cloud Platform, Tools & Technologies screen are listed for selection. Select the configuration of your choice. In the Secret Name field, provide the name of the secret where you have stored the Kubeconfig file as plain text.
       

       Note:

       Currently, Azure Key Vault is not supported for the Upload Kubeconfig File option. If you use Azure Key Vault, go ahead with the Use Token option instead.

   • Secure configuration details with a password
     To password-protect your OpenShift cluster connection details, enable the Secure configuration details with a password option, enter a password, and then retype it to confirm.

     This is optional but recommended. When you share the connection details with multiple users, password protection helps you ensure authorized access to the connection details.

   • Test Connection
     Click Test Connection to check if you can connect to the configured OpenShift cluster successfully.

   • After you save and activate the configured connection details, you can see them listed on the Cloud Platform, Tools & Technologies screen.

With this, you are all set to connect with your OpenShift cluster from within the Lazsa Platform. You can select this cluster to deploy your tech stack. You may want to configure the next tool required in your product development.

Recommended Topics

What's next? Configure Source Code Repository Connection Details