×

Important

Azure Red Hat OpenShift 3.11 will be retired 30 June 2022. Support for creation of new Azure Red Hat OpenShift 3.11 clusters continues through 30 November 2020. Following retirement, remaining Azure Red Hat OpenShift 3.11 clusters will be shut down to prevent security vulnerabilities.

Follow this guide to create an Azure Red Hat OpenShift 4 cluster. If you have specific questions, please contact us


Access your cluster

Once your Azure Red Hat OpenShift cluster is configured and ready to use, you can access it through the following paths:

  • Cluster ID: The cluster ID assigned by the Azure service.

  • Cluster Region: The cluster region specified when the cluster was provisioned.

    https://openshift.<cluster-id>.<cluster-region>.azmosa.io/
  • API URL: The Azure Red Hat OpenShift URL for the OpenShift and Kubernetes REST API.

    https://openshift.<cluster-id>.<cluster-region>.azmosa.io/
  • Registry URL: The Azure Red Hat OpenShift URL for the private image registry. In addition to containing all images used by Azure Red Hat OpenShift, podman pull or docker pull and podman push or docker push can be used directly on the registry.

    https://docker-registry.apps.<cluster-id>.<cluster-region>.azmosa.io/

Expose TCP Services

Azure Red Hat OpenShift routes expose applications by proxying traffic through HTTP/HTTPS(SNI)/TLS(SNI) to pods and services. A LoadBalancer service creates an Azure Elastic Load Balancer (ELB) for your Azure Red Hat OpenShift cluster, enabling direct TCP access to applications exposed by your LoadBalancer service.

Check your LoadBalancer Quota

$ oc describe clusterresourcequota service-loadbalancers
Name:       service-loadbalancers
Labels:     <none>
Annotations:    <none>
Resource        Used    Hard
--------        ----    ----
services.loadbalancers  0   4

Expose TCP Service

You can expose your applications over an external LoadBalancer service, enabling access over the public Internet.

$ oc expose dc httpd-example --type=LoadBalancer --name=lb-service
service/lb-service exposed

Create an Internal-Only TCP Service

You can alternatively expose your applications internally only, enabling access only through Azure VNet Peering.

$ oc expose dc httpd-example --type=LoadBalancer --name=internal-lb --dry-run -o yaml | awk '1;/metadata:/{ print "  annotations:\n    service.beta.kubernetes.io/azure-load-balancer-internal: \"true\"" }' | oc create -f -
service/internal-lb exposed

Use your TCP Service

Once your LoadBalancer service is created, you can access your service by using the IP provided to you by Azure Red Hat OpenShift. The LoadBalancer Ingress value is a URL unique to your service that remains static as long as the service is not deleted. You can specify an Azure DNS label for the service using the service.beta.kubernetes.io/azure-dns-label-name annotation. If you prefer to use a custom domain, you can create a CNAME DNS record for this URL.

$ oc describe svc internal-lb
Name:                     internal-lb
Namespace:                cake
Labels:                   app=cakephp-mysql-persistent
                          template=cakephp-mysql-persistent
                          template.openshift.io/template-instance-owner=3a53eabd-6b11-11e9-948c-000d3ab9a700
Annotations:              service.beta.kubernetes.io/azure-load-balancer-internal=0.0.0.0/0
Selector:                 name=cakephp-mysql-persistent
Type:                     LoadBalancer
IP:                       172.30.166.170
LoadBalancer Ingress:     52.155.223.79
Port:                     <unset>  8080/TCP
TargetPort:               8080/TCP
NodePort:                 <unset>  30823/TCP
Endpoints:                10.128.2.9:8080
Session Affinity:         None
External Traffic Policy:  Cluster

Receive status updates

Overall service status/health information is available at https://azure.microsoft.com/en-us/status/.

Request support

If you have questions about your environment or need to open a Microsoft Azure support ticket, you can open or view a support case in the Microsoft Azure Support Portal.

Next steps

You can download the Azure Red Hat OpenShift command line tools from your cluster’s web console. For help getting started with command line tools, see the Get Started with the CLI guide. You can also visit the Getting Started Guide for developers.

Customer cluster administrators should view the Cluster Administration Overview for detailed information on available roles and permissions. This section also includes important topics such as managing quotas and configuring service accounts.

All Azure Red Hat OpenShift clusters are configured using the NetworkPolicy SDN. Project admins can set NetworkPolicy objects on their projects. Cluster admins can also set EgressNetworkPolicies.