A Red Hat OpenShift Service on AWS cluster can be made private so that internal applications can be hosted inside a corporate network. In addition, private clusters can be configured to have only internal API endpoints for increased security.

Privacy settings can be configured during cluster creation or after a cluster is established.

Enabling private cluster on a new cluster

You can enable the private cluster setting when creating a new Red Hat OpenShift Service on AWS cluster.

Private clusters cannot be used with AWS security token service (STS). However, STS supports AWS PrivateLink clusters.

Prerequisites

AWS VPC Peering, VPN, DirectConnect, or TransitGateway has been configured to allow private access.

Procedure

Enter the following command to create a new private cluster.

$ rosa create cluster --cluster-name=<cluster_name> --private

Alternatively, use --interactive to be prompted for each cluster option.

Enabling private cluster on an existing cluster

After a cluster has been created, you can later enable the cluster to be private.

Private clusters cannot be used with AWS security token service (STS). However, STS supports AWS PrivateLink clusters.

Prerequisites

AWS VPC Peering, VPN, DirectConnect, or TransitGateway has been configured to allow private access.

Procedure

Enter the following command to enable the --private option on an existing cluster.

$ rosa edit cluster --cluster-name=<cluster_name> --private

Transitioning your cluster between private and public can take several minutes to complete.