An OpenShift Dedicated cluster can be made private so that internal applications can be hosted inside a corporate network. In addition, private clusters can be configured to have only internal API endpoints for increased security.

OpenShift Dedicated administrators can choose between public and private cluster configuration from within the OpenShift Cluster Manager (OCM). Privacy settings can be configured during cluster creation or after a cluster is established.

Enabling private cluster on a new cluster

You can enable private cluster settings when creating a new cluster:

Prerequisites
  • AWS VPC Peering, VPN, DirectConnect, or TransitGateway has been configured to allow private access.

Procedure
  1. In the OpenShift Cluster Manager, click Create cluster and select OpenShift Dedicated.

  2. Configure your cluster details, then select Advanced in the Networking section.

  3. Determine your CIDR requirements for your network and input the required fields.

    CIDR configurations cannot be changed later. Confirm your selections with your network administrator before proceeding.

  4. Under Cluster Privacy, select Private.

Enabling private cluster on an existing cluster

You can enable private clusters after a cluster has been created:

Prerequisites
  • AWS VPC Peering, VPN, DirectConnect, or TransitGateway has been configured to allow private access.

Procedure
  1. Access your cluster in the OpenShift Cluster Manager.

  2. Navigate to the Networking tab.

  3. Select Make API private under Master API endpoint and click Change settings.

    Transitioning your cluster between private and public can take several minutes to complete.

Enabling public cluster on a private cluster

You can set a private cluster to public facing:

Procedure
  1. Access your cluster in the OpenShift Cluster Manager.

  2. Navigate to the Networking tab.

  3. Deselect Make API private under Master API endpoint and click Change settings.

    Transitioning your cluster between private and public can take several minutes to complete.

Red Hat Service Reliability Engineers (SREs) can access a public or private cluster through the cloud-ingress-operator and existing ElasticSearch Load Balancer or Amazon S3 framework. SREs can access clusters through a secure endpoint to perform maintenance and service tasks.