Skip to content

Files

Latest commit

NickomangNickomang
metadata updated
Feb 4, 2021
936d318 · Feb 4, 2021

History

History
146 lines (122 loc) · 5.5 KB

howto-create-private-cluster-3x.md

File metadata and controls

146 lines (122 loc) · 5.5 KB
title description author ms.author ms.service ms.topic ms.date keywords
Create a private cluster with Azure Red Hat OpenShift 3.11 | Microsoft Docs
Create a private cluster with Azure Red Hat OpenShift 3.11
sakthi-vetrivel
suvetriv
azure-redhat-openshift
conceptual
03/02/2020
aro, openshift, private cluster, red hat

Create a private cluster with Azure Red Hat OpenShift 3.11

Important

Azure Red Hat OpenShift 3.11 will be retired 30 June 2022. Support for creation of new Azure Red Hat OpenShift 3.11 clusters continues through 30 November 2020. Following retirement, remaining Azure Red Hat OpenShift 3.11 clusters will be shut down to prevent security vulnerabilities.

Follow this guide to create an Azure Red Hat OpenShift 4 cluster. If you have specific questions, please contact us.

Private clusters provide the following benefits:

  • Private clusters don't expose cluster control plane components (such as the API servers) on a public IP address.
  • The virtual network of a private cluster is configurable by customers, allowing you to set up networking to allow peering with other virtual networks, including ExpressRoute environments. You can also configure custom DNS on the virtual network to integrate with internal services.

Before you begin

The fields in the following configuration snippet are new and must be included in your cluster configuration. managementSubnetCidr must be within the cluster virtual network and is used by Azure to manage the cluster.

properties:
 networkProfile:
   managementSubnetCidr: 10.0.1.0/24
 masterPoolProfile:
   apiProperties:
     privateApiServer: true

A private cluster can be deployed using the sample scripts provided below. Once the cluster is deployed, execute the cluster get command and view the properties.FQDN property to determine the private IP address of the OpenShift API server.

The cluster virtual network will have been created with permissions so that you can modify it. You can then set up networking to access the virtual network (ExpressRoute, VPN, virtual network peering) as required for your needs.

If you change the DNS nameservers on the cluster virtual network, then you will need to issue an update on the cluster with the properties.RefreshCluster property set to true so that the VMs can be reimaged. This update will allow them to pick up the new nameservers.

Sample configuration scripts

Use the sample scripts in this section to set up and deploy your private cluster.

Environment

Fill in the environment variables below as using your own values.

Note

The location must be set to eastus2 as this is currently the only supported location for private clusters.

export CLUSTER_NAME=
export LOCATION=eastus2
export TOKEN=$(az account get-access-token --query 'accessToken' -o tsv)
export SUBID=
export TENANT_ID=
export ADMIN_GROUP=
export CLIENT_ID=
export SECRET=

private-cluster.json

Using the environment variables defined above, here is a sample cluster configuration with private cluster enabled.

{
   "location": "$LOCATION",
   "name": "$CLUSTER_NAME",
   "properties": {
       "openShiftVersion": "v3.11",
       "networkProfile": {
           "vnetCIDR": "10.0.0.0/8",
           "managementSubnetCIDR" : "10.0.1.0/24"
       },
       "authProfile": {
           "identityProviders": [
               {
                   "name": "Azure AD",
                   "provider": {
                       "kind": "AADIdentityProvider",
                       "clientId": "$CLIENT_ID",
                       "secret": "$SECRET",
                       "tenantId": "$TENANT_ID",
                       "customerAdminGroupID": "$ADMIN_GROUP"
                   }
               }
           ]
       },
       "masterPoolProfile": {
           "name": "master",
           "count": 3,
           "vmSize": "Standard_D4s_v3",
           "osType": "Linux",
           "subnetCIDR": "10.0.0.0/24",
           "apiProperties": {
                "privateApiServer": true
            }
       },
       "agentPoolProfiles": [
           {
               "role": "compute",
               "name": "compute",
               "count": 1,
               "vmSize": "Standard_D4s_v3",
               "osType": "Linux",
               "subnetCIDR": "10.0.0.0/24"
           },
           {
               "role": "infra",
               "name": "infra",
               "count": 3,
               "vmSize": "Standard_D4s_v3",
               "osType": "Linux",
               "subnetCIDR": "10.0.0.0/24"
           }
       ],
       "routerProfiles": [
           {
               "name": "default"
           }
       ]
   }
}

Deploy a private cluster

After configuring your private cluster with the sample scripts above, run the following command to deploy your private cluster.

az group create --name $CLUSTER_NAME --location $LOCATION
cat private-cluster.json | envsubst | curl -v -X PUT \
-H 'Content-Type: application/json; charset=utf-8' \
-H 'Authorization: Bearer '$TOKEN'' -d @- \
 https://management.azure.com/subscriptions/$SUBID/resourceGroups/$CLUSTER_NAME/providers/Microsoft.ContainerService/openShiftManagedClusters/$CLUSTER_NAME?api-version=2019-10-27-preview

Next steps

To learn about how to access the OpenShift console, see Web Console Walkthrough.