Access your cluster

Once your OpenShift Dedicated cluster is configured and ready to use, you can access it through the following paths:

  • Cluster ID: The unique cluster name provided by the customer during provisioning. It is lowercase, and only contains letters, numbers, and hyphens.

  • Console URL: The OpenShift Dedicated URL for the web console.

  • API URL: The OpenShift Dedicated URL for the OpenShift and Kubernetes REST API.

  • Registry URL: The OpenShift Dedicated URL for the private image registry. In addition to containing all images used by OpenShift Dedicated, podman pull or docker pull and podman push or docker push can be used directly on the registry.

  • Metrics API URL: The OpenShift Dedicated URL for the Hawkular Metrics API.

  • Logging URL: The OpenShift Dedicated URL for the aggregate logging Kibana interface.

  • If an authentication callback URL is necessary, you can configure it with:

    https://api.<cluster-id><IdP name>

Access your OpenShift Dedicated portal

Additional information about your cluster, including usage, subscription information, and past and upcoming maintenance is available at

Configuring AWS virtual private clouds

If a virtual private cloud (VPC) peering connection was requested, the VPC peering request is initiated from the Red Hat OpenShift AWS account. First, accept the peering request , and then configure the Route Tables:

  1. Log into your AWS Web Console.

  2. Select the Route Table for your VPC (VPCRoute Tables).

  3. Select the Routes tab.

  4. Click Edit.

  5. Enter the Dedicated Cluster VPC CIDR block in the Destination text box.

  6. Enter the Peering Connection ID in the Target text box.

  7. Click Save.

Configure your application routes

When your cluster is provisioned, an AWS elastic load balancer (ELB) is created to route application traffic into the cluster. The domain for your ELB is configured to route application traffic via http(s)://*.<shard-id>.<cluster-id> The <shard-id> is a four-character string that is communicated to you after initial provisioning.

If you want to use custom domain names for your application routes, you should set up a CNAME record in your DNS host to point to elb.<shard-id>.<cluster-id> While elb is recommended as a reminder for where this record is pointing, you can use any string for this value. You can create these CNAME records for each custom route you have, or you can create a wildcard CNAME record. For example:

*    CNAME

This allows you to create routes like and without having to update your DNS every time.

Customers with configured VPC peering or VPN connections have the option of requesting a second ELB, so that application routes can be configured as internal-only or externally available. The domain for this ELB will be identical to the first, with a different <shard-id> value. By default, application routes are handled by the internal-only router. To expose an application or service externally, you must create a new route with a specific label, route=external.

To expose a new route for an existing service, apply the label route=external and define a host name that contains the secondary, public router shard ID:

$ oc expose service <service-name> -l route=external --name=<custom-route-name> --hostname=<custom-hostname>.<shard-id>.<cluster-id>

Alternatively, you can use a custom domain:

$ oc expose service <service-name> -l route=external --name=<custom-route-name> --hostname=<custom-domain>

Expose TCP Services

OpenShift Dedicated routes expose applications by proxying traffic through HTTP/HTTPS(SNI)/TLS(SNI) to pods and services. A LoadBalancer service creates an AWS Elastic Load Balancer (ELB) for your OpenShift Dedicated cluster, enabling direct TCP access to applications exposed by your LoadBalancer service.

LoadBalancer services require an additional purchase. Contact your sales team if you are interested in using LoadBalancer services for your OpenShift Dedicated cluster.

Check your LoadBalancer Quota

By purchasing LoadBalancer services, you are provided with a quota of LoadBalancers available for your OpenShift Dedicated cluster.

$ oc describe clusterresourcequota service-loadbalancers
Name:       service-loadbalancers
Labels:     <none>
Annotations:    <none>
Resource        Used    Hard
--------        ----    ----
services.loadbalancers  0   4

Expose TCP Service

You can expose your applications over an external LoadBalancer service, enabling access over the public Internet.

$ oc expose dc httpd-example --type=LoadBalancer --name=lb-service
service/lb-service exposed

Create an Internal-Only TCP Service

You can alternatively expose your applications internally only, enabling access only through AWS VPC Peering or a VPN connection.

$ oc expose dc httpd-example --type=LoadBalancer --name=internal-lb --dry-run -o yaml | awk '1;/metadata:/{ print "  annotations:\n" }' | oc create -f -
service/internal-lb exposed

Use your TCP Service

Once your LoadBalancer service is created, you can access your service by using the URL provided to you by OpenShift Dedicated. The LoadBalancer Ingress value is a URL unique to your service that remains static as long as the service is not deleted. If you prefer to use a custom domain, you can create a CNAME DNS record for this URL.

$ oc describe svc lb-service
Name:                     lb-service
Namespace:                default
Labels:                   app=httpd-example
Annotations:              <none>
Selector:                 name=httpd-example
Type:                     LoadBalancer
LoadBalancer Ingress:
Port:                     <unset>  8080/TCP
TargetPort:               8080/TCP
NodePort:                 <unset>  31409/TCP
Endpoints:                <none>
Session Affinity:         None
External Traffic Policy:  Cluster

Receive status updates

Access the status portal at You can also subscribe to notifications via email, SMS, or RSS by changing your preferences in the status portal.

Request support

If you have questions about your environment or need to open a support ticket, you can open or view a support case in the Red Hat Customer Portal.

Next steps

You can download the OpenShift Dedicated command line tools from your cluster’s web console. For help getting started with command line tools, see the Get Started with the CLI guide. You can also visit the Getting Started Guide for developers.

Dedicated cluster administrators should view the Cluster Administration Overview for detailed information on available roles and permissions. This section also includes important topics such as managing quotas and configuring service accounts.

If your cluster has been configured with the NetworkPolicy SDN, OpenShift Dedicated administrators are able to create and modify NetworkPolicy objects. NetworkPolicy, by default, allows traffic communication between projects. Denying traffic between projects can be enabled by the creation of two NetworkPolicy objects.