Installing Astronomer on a private ARO cluster

This assumes you’ve already got a private ARO cluster installed. You could also follow the same instructions to create a public Astronomer, just use a regular DNS zone and skip the private parts.

A default 3-node cluster is a bit small for Astronomer, If you have a three node cluster you can increase it by updating the replicas count machinesets in the openshift-machine-api namespace.

Create a private DNS

1. Log into Azure and click to private dns

2. Click + Add

3. Set the Resource Group to match your ARO Resource Group

4. Set Name to your TLD (astro.mobb.ninja in the example)

5. Click Review and Create and create the Zone

6. Inside the Domain settings click Virtual network links -> + Add

7. Link Name: astro-aro

8. Select the correct Subscription and Network from the dropdown boxes

9. Click OK

Create TLS Secret

1. Next we need a TLS Secret to use. You could create a self-signed certificate using a CA that you own, or use certbot (if you have a valid DNS provider, note records don’t need to be public)

2. Follow certbot’s instructions (something like ):

3. Create a Secret from the Cert (use the paths provided from the above command):

Deploy Astronomer

1. update the values.yaml and set baseDomain: astro.mobb.ninja

2. Install

While that’s running add our DNS

1. In another shell run

2. Go back to your private DNS zone in Azure and create a record set * and copy the contents of EXTERNAL-IP from the above command.

Fix SCCs for elasticsearch

Validate the Install

1. Check the Helm install has finished

2. Since this is a private LB you’ll need to access it from inside the network. The quick hacky way to do this is

   and you should see