Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Bicep resource definition
The openShiftClusters resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.RedHatOpenShift/openShiftClusters resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.RedHatOpenShift/openShiftClusters@2024-08-12-preview' = {
identity: {
type: 'string'
userAssignedIdentities: {
{customized property}: {}
}
}
___location: 'string'
name: 'string'
properties: {
apiserverProfile: {
visibility: 'string'
}
clusterProfile: {
___domain: 'string'
fipsValidatedModules: 'string'
oidcIssuer: 'string'
pullSecret: 'string'
resourceGroupId: 'string'
version: 'string'
}
consoleProfile: {}
ingressProfiles: [
{
name: 'string'
visibility: 'string'
}
]
masterProfile: {
diskEncryptionSetId: 'string'
encryptionAtHost: 'string'
subnetId: 'string'
vmSize: 'string'
}
networkProfile: {
loadBalancerProfile: {
managedOutboundIps: {
count: int
}
}
outboundType: 'string'
podCidr: 'string'
preconfiguredNSG: 'string'
serviceCidr: 'string'
}
platformWorkloadIdentityProfile: {
platformWorkloadIdentities: {
{customized property}: {
resourceId: 'string'
}
}
upgradeableTo: 'string'
}
provisioningState: 'string'
servicePrincipalProfile: {
clientId: 'string'
clientSecret: 'string'
}
workerProfiles: [
{
count: int
diskEncryptionSetId: 'string'
diskSizeGB: int
encryptionAtHost: 'string'
name: 'string'
subnetId: 'string'
vmSize: 'string'
}
]
}
tags: {
{customized property}: 'string'
}
}
Property Values
APIServerProfile
| Name | Description | Value |
|---|---|---|
| visibility | API server visibility. | 'Private' 'Public' |
ClusterProfile
| Name | Description | Value |
|---|---|---|
| ___domain | The ___domain for the cluster. | string |
| fipsValidatedModules | If FIPS validated crypto modules are used | 'Disabled' 'Enabled' |
| oidcIssuer | The URL of the managed OIDC issuer in a workload identity cluster. | string |
| pullSecret | The pull secret for the cluster. | string |
| resourceGroupId | The ID of the cluster resource group. | string |
| version | The version of the cluster. | string |
ConsoleProfile
| Name | Description | Value |
|---|
IngressProfile
| Name | Description | Value |
|---|---|---|
| name | The ingress profile name. | string |
| visibility | Ingress visibility. | 'Private' 'Public' |
LoadBalancerProfile
| Name | Description | Value |
|---|---|---|
| managedOutboundIps | The desired managed outbound IPs for the cluster public load balancer. | ManagedOutboundIPs |
ManagedOutboundIPs
| Name | Description | Value |
|---|---|---|
| count | Count represents the desired number of IPv4 outbound IPs created and managed by Azure for the cluster public load balancer. Allowed values are in the range of 1 - 20. The default value is 1. | int |
ManagedServiceIdentity
| Name | Description | Value |
|---|---|---|
| type | Type of managed service identity (where both SystemAssigned and UserAssigned types are allowed). | 'None' 'SystemAssigned' 'SystemAssigned,UserAssigned' 'UserAssigned' (required) |
| userAssignedIdentities | The set of user assigned identities associated with the resource. The userAssignedIdentities dictionary keys will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}. The dictionary values can be empty objects ({}) in requests. | ManagedServiceIdentityUserAssignedIdentities |
ManagedServiceIdentityUserAssignedIdentities
| Name | Description | Value |
|---|
MasterProfile
| Name | Description | Value |
|---|---|---|
| diskEncryptionSetId | The resource ID of an associated DiskEncryptionSet, if applicable. | string |
| encryptionAtHost | Whether master virtual machines are encrypted at host. | 'Disabled' 'Enabled' |
| subnetId | The Azure resource ID of the master subnet. | string |
| vmSize | The size of the master VMs. | string |
Microsoft.RedHatOpenShift/openShiftClusters
| Name | Description | Value |
|---|---|---|
| identity | Identity stores information about the cluster MSI(s) in a workload identity cluster. | ManagedServiceIdentity |
| ___location | The geo-___location where the resource lives | string (required) |
| name | The resource name | string (required) |
| properties | The cluster properties. | OpenShiftClusterProperties |
| tags | Resource tags | Dictionary of tag names and values. See Tags in templates |
NetworkProfile
| Name | Description | Value |
|---|---|---|
| loadBalancerProfile | The cluster load balancer profile. | LoadBalancerProfile |
| outboundType | The OutboundType used for egress traffic. | 'Loadbalancer' 'UserDefinedRouting' |
| podCidr | The CIDR used for OpenShift/Kubernetes Pods. | string |
| preconfiguredNSG | Specifies whether subnets are pre-attached with an NSG | 'Disabled' 'Enabled' |
| serviceCidr | The CIDR used for OpenShift/Kubernetes Services. | string |
OpenShiftClusterProperties
| Name | Description | Value |
|---|---|---|
| apiserverProfile | The cluster API server profile. | APIServerProfile |
| clusterProfile | The cluster profile. | ClusterProfile |
| consoleProfile | The console profile. | ConsoleProfile |
| ingressProfiles | The cluster ingress profiles. | IngressProfile[] |
| masterProfile | The cluster master profile. | MasterProfile |
| networkProfile | The cluster network profile. | NetworkProfile |
| platformWorkloadIdentityProfile | The workload identity profile. | PlatformWorkloadIdentityProfile |
| provisioningState | The cluster provisioning state. | 'AdminUpdating' 'Canceled' 'Creating' 'Deleting' 'Failed' 'Succeeded' 'Updating' |
| servicePrincipalProfile | The cluster service principal profile. | ServicePrincipalProfile |
| workerProfiles | The cluster worker profiles. | WorkerProfile[] |
PlatformWorkloadIdentity
| Name | Description | Value |
|---|---|---|
| resourceId | The resource ID of the PlatformWorkloadIdentity resource | string |
PlatformWorkloadIdentityProfile
| Name | Description | Value |
|---|---|---|
| platformWorkloadIdentities | Dictionary of <PlatformWorkloadIdentity> | PlatformWorkloadIdentityProfilePlatformWorkloadIdentities |
| upgradeableTo | UpgradeableTo stores a single OpenShift version a workload identity cluster can be upgraded to | string |
PlatformWorkloadIdentityProfilePlatformWorkloadIdentities
| Name | Description | Value |
|---|
ServicePrincipalProfile
| Name | Description | Value |
|---|---|---|
| clientId | The client ID used for the cluster. | string |
| clientSecret | The client secret used for the cluster. | string |
TrackedResourceTags
| Name | Description | Value |
|---|
UserAssignedIdentity
| Name | Description | Value |
|---|
WorkerProfile
| Name | Description | Value |
|---|---|---|
| count | The number of worker VMs. | int |
| diskEncryptionSetId | The resource ID of an associated DiskEncryptionSet, if applicable. | string |
| diskSizeGB | The disk size of the worker VMs. | int |
| encryptionAtHost | Whether master virtual machines are encrypted at host. | 'Disabled' 'Enabled' |
| name | The worker profile name. | string |
| subnetId | The Azure resource ID of the worker subnet. | string |
| vmSize | The size of the worker VMs. | string |
ARM template resource definition
The openShiftClusters resource type can be deployed with operations that target:
- Resource groups - See resource group deployment commands
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.RedHatOpenShift/openShiftClusters resource, add the following JSON to your template.
{
"type": "Microsoft.RedHatOpenShift/openShiftClusters",
"apiVersion": "2024-08-12-preview",
"name": "string",
"identity": {
"type": "string",
"userAssignedIdentities": {
"{customized property}": {
}
}
},
"___location": "string",
"properties": {
"apiserverProfile": {
"visibility": "string"
},
"clusterProfile": {
"___domain": "string",
"fipsValidatedModules": "string",
"oidcIssuer": "string",
"pullSecret": "string",
"resourceGroupId": "string",
"version": "string"
},
"consoleProfile": {
},
"ingressProfiles": [
{
"name": "string",
"visibility": "string"
}
],
"masterProfile": {
"diskEncryptionSetId": "string",
"encryptionAtHost": "string",
"subnetId": "string",
"vmSize": "string"
},
"networkProfile": {
"loadBalancerProfile": {
"managedOutboundIps": {
"count": "int"
}
},
"outboundType": "string",
"podCidr": "string",
"preconfiguredNSG": "string",
"serviceCidr": "string"
},
"platformWorkloadIdentityProfile": {
"platformWorkloadIdentities": {
"{customized property}": {
"resourceId": "string"
}
},
"upgradeableTo": "string"
},
"provisioningState": "string",
"servicePrincipalProfile": {
"clientId": "string",
"clientSecret": "string"
},
"workerProfiles": [
{
"count": "int",
"diskEncryptionSetId": "string",
"diskSizeGB": "int",
"encryptionAtHost": "string",
"name": "string",
"subnetId": "string",
"vmSize": "string"
}
]
},
"tags": {
"{customized property}": "string"
}
}
Property Values
APIServerProfile
| Name | Description | Value |
|---|---|---|
| visibility | API server visibility. | 'Private' 'Public' |
ClusterProfile
| Name | Description | Value |
|---|---|---|
| ___domain | The ___domain for the cluster. | string |
| fipsValidatedModules | If FIPS validated crypto modules are used | 'Disabled' 'Enabled' |
| oidcIssuer | The URL of the managed OIDC issuer in a workload identity cluster. | string |
| pullSecret | The pull secret for the cluster. | string |
| resourceGroupId | The ID of the cluster resource group. | string |
| version | The version of the cluster. | string |
ConsoleProfile
| Name | Description | Value |
|---|
IngressProfile
| Name | Description | Value |
|---|---|---|
| name | The ingress profile name. | string |
| visibility | Ingress visibility. | 'Private' 'Public' |
LoadBalancerProfile
| Name | Description | Value |
|---|---|---|
| managedOutboundIps | The desired managed outbound IPs for the cluster public load balancer. | ManagedOutboundIPs |
ManagedOutboundIPs
| Name | Description | Value |
|---|---|---|
| count | Count represents the desired number of IPv4 outbound IPs created and managed by Azure for the cluster public load balancer. Allowed values are in the range of 1 - 20. The default value is 1. | int |
ManagedServiceIdentity
| Name | Description | Value |
|---|---|---|
| type | Type of managed service identity (where both SystemAssigned and UserAssigned types are allowed). | 'None' 'SystemAssigned' 'SystemAssigned,UserAssigned' 'UserAssigned' (required) |
| userAssignedIdentities | The set of user assigned identities associated with the resource. The userAssignedIdentities dictionary keys will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}. The dictionary values can be empty objects ({}) in requests. | ManagedServiceIdentityUserAssignedIdentities |
ManagedServiceIdentityUserAssignedIdentities
| Name | Description | Value |
|---|
MasterProfile
| Name | Description | Value |
|---|---|---|
| diskEncryptionSetId | The resource ID of an associated DiskEncryptionSet, if applicable. | string |
| encryptionAtHost | Whether master virtual machines are encrypted at host. | 'Disabled' 'Enabled' |
| subnetId | The Azure resource ID of the master subnet. | string |
| vmSize | The size of the master VMs. | string |
Microsoft.RedHatOpenShift/openShiftClusters
| Name | Description | Value |
|---|---|---|
| apiVersion | The api version | '2024-08-12-preview' |
| identity | Identity stores information about the cluster MSI(s) in a workload identity cluster. | ManagedServiceIdentity |
| ___location | The geo-___location where the resource lives | string (required) |
| name | The resource name | string (required) |
| properties | The cluster properties. | OpenShiftClusterProperties |
| tags | Resource tags | Dictionary of tag names and values. See Tags in templates |
| type | The resource type | 'Microsoft.RedHatOpenShift/openShiftClusters' |
NetworkProfile
| Name | Description | Value |
|---|---|---|
| loadBalancerProfile | The cluster load balancer profile. | LoadBalancerProfile |
| outboundType | The OutboundType used for egress traffic. | 'Loadbalancer' 'UserDefinedRouting' |
| podCidr | The CIDR used for OpenShift/Kubernetes Pods. | string |
| preconfiguredNSG | Specifies whether subnets are pre-attached with an NSG | 'Disabled' 'Enabled' |
| serviceCidr | The CIDR used for OpenShift/Kubernetes Services. | string |
OpenShiftClusterProperties
| Name | Description | Value |
|---|---|---|
| apiserverProfile | The cluster API server profile. | APIServerProfile |
| clusterProfile | The cluster profile. | ClusterProfile |
| consoleProfile | The console profile. | ConsoleProfile |
| ingressProfiles | The cluster ingress profiles. | IngressProfile[] |
| masterProfile | The cluster master profile. | MasterProfile |
| networkProfile | The cluster network profile. | NetworkProfile |
| platformWorkloadIdentityProfile | The workload identity profile. | PlatformWorkloadIdentityProfile |
| provisioningState | The cluster provisioning state. | 'AdminUpdating' 'Canceled' 'Creating' 'Deleting' 'Failed' 'Succeeded' 'Updating' |
| servicePrincipalProfile | The cluster service principal profile. | ServicePrincipalProfile |
| workerProfiles | The cluster worker profiles. | WorkerProfile[] |
PlatformWorkloadIdentity
| Name | Description | Value |
|---|---|---|
| resourceId | The resource ID of the PlatformWorkloadIdentity resource | string |
PlatformWorkloadIdentityProfile
| Name | Description | Value |
|---|---|---|
| platformWorkloadIdentities | Dictionary of <PlatformWorkloadIdentity> | PlatformWorkloadIdentityProfilePlatformWorkloadIdentities |
| upgradeableTo | UpgradeableTo stores a single OpenShift version a workload identity cluster can be upgraded to | string |
PlatformWorkloadIdentityProfilePlatformWorkloadIdentities
| Name | Description | Value |
|---|
ServicePrincipalProfile
| Name | Description | Value |
|---|---|---|
| clientId | The client ID used for the cluster. | string |
| clientSecret | The client secret used for the cluster. | string |
TrackedResourceTags
| Name | Description | Value |
|---|
UserAssignedIdentity
| Name | Description | Value |
|---|
WorkerProfile
| Name | Description | Value |
|---|---|---|
| count | The number of worker VMs. | int |
| diskEncryptionSetId | The resource ID of an associated DiskEncryptionSet, if applicable. | string |
| diskSizeGB | The disk size of the worker VMs. | int |
| encryptionAtHost | Whether master virtual machines are encrypted at host. | 'Disabled' 'Enabled' |
| name | The worker profile name. | string |
| subnetId | The Azure resource ID of the worker subnet. | string |
| vmSize | The size of the worker VMs. | string |
Usage Examples
Terraform (AzAPI provider) resource definition
The openShiftClusters resource type can be deployed with operations that target:
- Resource groups
For a list of changed properties in each API version, see change log.
Resource format
To create a Microsoft.RedHatOpenShift/openShiftClusters resource, add the following Terraform to your template.
resource "azapi_resource" "symbolicname" {
type = "Microsoft.RedHatOpenShift/openShiftClusters@2024-08-12-preview"
name = "string"
parent_id = "string"
identity {
type = "string"
identity_ids = [
"string"
]
}
___location = "string"
tags = {
{customized property} = "string"
}
body = {
properties = {
apiserverProfile = {
visibility = "string"
}
clusterProfile = {
___domain = "string"
fipsValidatedModules = "string"
oidcIssuer = "string"
pullSecret = "string"
resourceGroupId = "string"
version = "string"
}
consoleProfile = {
}
ingressProfiles = [
{
name = "string"
visibility = "string"
}
]
masterProfile = {
diskEncryptionSetId = "string"
encryptionAtHost = "string"
subnetId = "string"
vmSize = "string"
}
networkProfile = {
loadBalancerProfile = {
managedOutboundIps = {
count = int
}
}
outboundType = "string"
podCidr = "string"
preconfiguredNSG = "string"
serviceCidr = "string"
}
platformWorkloadIdentityProfile = {
platformWorkloadIdentities = {
{customized property} = {
resourceId = "string"
}
}
upgradeableTo = "string"
}
provisioningState = "string"
servicePrincipalProfile = {
clientId = "string"
clientSecret = "string"
}
workerProfiles = [
{
count = int
diskEncryptionSetId = "string"
diskSizeGB = int
encryptionAtHost = "string"
name = "string"
subnetId = "string"
vmSize = "string"
}
]
}
}
}
Property Values
APIServerProfile
| Name | Description | Value |
|---|---|---|
| visibility | API server visibility. | 'Private' 'Public' |
ClusterProfile
| Name | Description | Value |
|---|---|---|
| ___domain | The ___domain for the cluster. | string |
| fipsValidatedModules | If FIPS validated crypto modules are used | 'Disabled' 'Enabled' |
| oidcIssuer | The URL of the managed OIDC issuer in a workload identity cluster. | string |
| pullSecret | The pull secret for the cluster. | string |
| resourceGroupId | The ID of the cluster resource group. | string |
| version | The version of the cluster. | string |
ConsoleProfile
| Name | Description | Value |
|---|
IngressProfile
| Name | Description | Value |
|---|---|---|
| name | The ingress profile name. | string |
| visibility | Ingress visibility. | 'Private' 'Public' |
LoadBalancerProfile
| Name | Description | Value |
|---|---|---|
| managedOutboundIps | The desired managed outbound IPs for the cluster public load balancer. | ManagedOutboundIPs |
ManagedOutboundIPs
| Name | Description | Value |
|---|---|---|
| count | Count represents the desired number of IPv4 outbound IPs created and managed by Azure for the cluster public load balancer. Allowed values are in the range of 1 - 20. The default value is 1. | int |
ManagedServiceIdentity
| Name | Description | Value |
|---|---|---|
| type | Type of managed service identity (where both SystemAssigned and UserAssigned types are allowed). | 'None' 'SystemAssigned' 'SystemAssigned,UserAssigned' 'UserAssigned' (required) |
| userAssignedIdentities | The set of user assigned identities associated with the resource. The userAssignedIdentities dictionary keys will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}. The dictionary values can be empty objects ({}) in requests. | ManagedServiceIdentityUserAssignedIdentities |
ManagedServiceIdentityUserAssignedIdentities
| Name | Description | Value |
|---|
MasterProfile
| Name | Description | Value |
|---|---|---|
| diskEncryptionSetId | The resource ID of an associated DiskEncryptionSet, if applicable. | string |
| encryptionAtHost | Whether master virtual machines are encrypted at host. | 'Disabled' 'Enabled' |
| subnetId | The Azure resource ID of the master subnet. | string |
| vmSize | The size of the master VMs. | string |
Microsoft.RedHatOpenShift/openShiftClusters
| Name | Description | Value |
|---|---|---|
| identity | Identity stores information about the cluster MSI(s) in a workload identity cluster. | ManagedServiceIdentity |
| ___location | The geo-___location where the resource lives | string (required) |
| name | The resource name | string (required) |
| properties | The cluster properties. | OpenShiftClusterProperties |
| tags | Resource tags | Dictionary of tag names and values. |
| type | The resource type | "Microsoft.RedHatOpenShift/openShiftClusters@2024-08-12-preview" |
NetworkProfile
| Name | Description | Value |
|---|---|---|
| loadBalancerProfile | The cluster load balancer profile. | LoadBalancerProfile |
| outboundType | The OutboundType used for egress traffic. | 'Loadbalancer' 'UserDefinedRouting' |
| podCidr | The CIDR used for OpenShift/Kubernetes Pods. | string |
| preconfiguredNSG | Specifies whether subnets are pre-attached with an NSG | 'Disabled' 'Enabled' |
| serviceCidr | The CIDR used for OpenShift/Kubernetes Services. | string |
OpenShiftClusterProperties
| Name | Description | Value |
|---|---|---|
| apiserverProfile | The cluster API server profile. | APIServerProfile |
| clusterProfile | The cluster profile. | ClusterProfile |
| consoleProfile | The console profile. | ConsoleProfile |
| ingressProfiles | The cluster ingress profiles. | IngressProfile[] |
| masterProfile | The cluster master profile. | MasterProfile |
| networkProfile | The cluster network profile. | NetworkProfile |
| platformWorkloadIdentityProfile | The workload identity profile. | PlatformWorkloadIdentityProfile |
| provisioningState | The cluster provisioning state. | 'AdminUpdating' 'Canceled' 'Creating' 'Deleting' 'Failed' 'Succeeded' 'Updating' |
| servicePrincipalProfile | The cluster service principal profile. | ServicePrincipalProfile |
| workerProfiles | The cluster worker profiles. | WorkerProfile[] |
PlatformWorkloadIdentity
| Name | Description | Value |
|---|---|---|
| resourceId | The resource ID of the PlatformWorkloadIdentity resource | string |
PlatformWorkloadIdentityProfile
| Name | Description | Value |
|---|---|---|
| platformWorkloadIdentities | Dictionary of <PlatformWorkloadIdentity> | PlatformWorkloadIdentityProfilePlatformWorkloadIdentities |
| upgradeableTo | UpgradeableTo stores a single OpenShift version a workload identity cluster can be upgraded to | string |
PlatformWorkloadIdentityProfilePlatformWorkloadIdentities
| Name | Description | Value |
|---|
ServicePrincipalProfile
| Name | Description | Value |
|---|---|---|
| clientId | The client ID used for the cluster. | string |
| clientSecret | The client secret used for the cluster. | string |
TrackedResourceTags
| Name | Description | Value |
|---|
UserAssignedIdentity
| Name | Description | Value |
|---|
WorkerProfile
| Name | Description | Value |
|---|---|---|
| count | The number of worker VMs. | int |
| diskEncryptionSetId | The resource ID of an associated DiskEncryptionSet, if applicable. | string |
| diskSizeGB | The disk size of the worker VMs. | int |
| encryptionAtHost | Whether master virtual machines are encrypted at host. | 'Disabled' 'Enabled' |
| name | The worker profile name. | string |
| subnetId | The Azure resource ID of the worker subnet. | string |
| vmSize | The size of the worker VMs. | string |