An OpenShift Dedicated cluster can be made private so that internal applications can be hosted inside a corporate network. In addition, private clusters can be configured to have only internal API endpoints for increased security.

OpenShift Dedicated administrators can choose between public and private cluster configuration from within the OpenShift Cluster Manager (OCM). Privacy settings can be configured during cluster creation or after a cluster is established.

Enabling a private cluster during cluster creation

You can enable private cluster settings when creating a new cluster.

Prerequisites
  • The following private connections must be configured to allow private access:

    • VPC Peering

    • Cloud VPN

    • DirectConnect (AWS only)

    • TransitGateway (AWS only)

    • Cloud Interconnect (GCP only)

Procedure
  1. Log in to OpenShift Cluster Manager (OCM).

  2. Click Create clusterOpenShift DedicatedCreate cluster.

  3. Configure your cluster details.

  4. When selecting your preferred network configuration, select Advanced.

  5. Select Private.

    When set to Private, you cannot access your cluster unless you have configured the private connections in your cloud provider as outlined in the prerequisites.

  6. Click Create cluster. The cluster creation process begins and takes about 30-40 minutes to complete.

Verification
  • The Installing cluster heading, under the Overview tab, indicates that the cluster is installing and you can view the installation logs from this heading. The Status indicator under the Details heading indicates when your cluster is Ready for use.

Enabling an existing cluster to be private

After a cluster has been created, you can later enable the cluster to be private.

Prerequisites
  • The following private connections must be configured to allow private access:

    • VPC Peering

    • Cloud VPN

    • DirectConnect (AWS only)

    • TransitGateway (AWS only)

    • Cloud Interconnect (GCP only)

Procedure
  1. Log in to OpenShift Cluster Manager (OCM).

  2. Select the public cluster you would like to make private.

  3. On the Networking tab, select Make API private under Control Plane API endpoint.

    When set to Private, you cannot access your cluster unless you have configured the private connections in your cloud provider as outlined in the prerequisites.

  4. Click Change settings.

    Transitioning your cluster between private and public can take several minutes to complete.

Enabling an existing private cluster to be public

After a private cluster has been created, you can later enable the cluster to be public.

Procedure
  1. Log in to OpenShift Cluster Manager (OCM).

  2. Select the private cluster you would like to make public.

  3. On the Networking tab, deselect Make API private under Control Plane API endpoint.

  4. Click Change settings.

    Transitioning your cluster between private and public can take several minutes to complete.