An Red Hat OpenShift Service on AWS cluster can be made private so that internal applications can be hosted inside a corporate network. In addition, private clusters can be configured to have only internal API endpoints for increased security.

Privacy settings can be configured during cluster creation or after a cluster is established.

Enabling private cluster on a new cluster

You can enable the private cluster setting when creating a new Red Hat OpenShift Service on AWS cluster.

Prerequisites

AWS VPC Peering, VPN, DirectConnect, or TransitGateway has been configured to allow private access.

Procedure

Enter the following command to create a new private cluster.

+

$ rosa create cluster --cluster-name=<cluster_name> --private
=== Alternatively, use --interactive to be prompted for each cluster option. ===

Enabling private cluster on an existing cluster

After a cluster has been created, you can later enable the cluster to be private.

Prerequisites

AWS VPC Peering, VPN, DirectConnect, or TransitGateway has been configured to allow private access.

Procedure

Enter the following command to enable the --private option on an existing cluster.

$ rosa edit cluster --cluster-name=<cluster_name> --private

Transitioning your cluster between private and public can take several minutes to complete.