openshift/openshift-docs
1
0
Fork 0
mirror of https://github.com/openshift/openshift-docs.git synced 2026-02-07 00:48:01 +01:00
Code Issues Releases Activity
Files
45e86efb1ccc781ac61baa35f746ffa8891c8ade
openshift-docs/modules/private-clusters-setting-api-private.adoc
Kathryn Alexander 90d985a0bb [enterprise-4.14] changing content type attribute
2023-10-30 10:13:25 -04:00

143 lines
4.4 KiB
Plaintext
Raw Blame History

// Module included in the following assemblies:
//
// * post_installation_configuration/configuring-private-cluster.adoc
// * machine_management/control_plane_machine_management/cpmso-using.adoc
ifeval::["{context}" == "configuring-private-cluster"]
:post-install:
endif::[]
ifeval::["{context}" == "cpmso-using-aws"]
:cpmso-using-aws:
endif::[]
ifeval::["{context}" == "cpmso-using-azure"]
:cpmso-using-azure:
endif::[]
:_mod-docs-content-type: PROCEDURE
[id="private-clusters-setting-api-private_{context}"]
= Restricting the API server to private
After you deploy a cluster to
ifdef::cpmso-using-aws[Amazon Web Services (AWS),]
ifdef::post-install[Amazon Web Services (AWS) or]
ifndef::cpmso-using-aws[Microsoft Azure,]
you can reconfigure the API server to use only the private zone.
.Prerequisites
* Install the OpenShift CLI (`oc`).
* Have access to the web console as a user with `admin` privileges.
.Procedure
. In the web portal or console for your cloud provider, take the following actions:
.. Locate and delete the appropriate load balancer component:
ifndef::cpmso-using-azure[]
*** For AWS, delete the external load balancer. The API DNS entry in the private zone already points to the internal load balancer, which uses an identical configuration, so you do not need to modify the internal load balancer.
endif::cpmso-using-azure[]
ifndef::cpmso-using-aws[]
*** For Azure, delete the `api-internal` rule for the load balancer.
endif::cpmso-using-aws[]
.. Delete the `api.$clustername.$yourdomain` DNS entry in the public zone.
ifndef::post-install[]
. Remove the external load balancers by deleting the following lines in the control plane machine set custom resource:
+
[source,yaml]
----
providerSpec:
value:
loadBalancers:
- name: lk4pj-ext <1>
type: network <1>
- name: lk4pj-int
type: network
----
<1> Delete this line.
endif::post-install[]
ifdef::post-install[]
. Remove the external load balancers:
+
[IMPORTANT]
====
You can run the following steps only for an installer-provisioned infrastructure (IPI) cluster. For a user-provisioned infrastructure (UPI) cluster, you must manually remove or disable the external load balancers.
====
+
** If your cluster uses a control plane machine set, delete the following lines in the control plane machine set custom resource:
+
[source,yaml]
----
providerSpec:
value:
loadBalancers:
- name: lk4pj-ext <1>
type: network <1>
- name: lk4pj-int
type: network
----
<1> Delete this line.
** If your cluster does not use a control plane machine set, you must delete the external load balancers from each control plane machine.
... From your terminal, list the cluster machines by running the following command:
+
[source,terminal]
----
$ oc get machine -n openshift-machine-api
----
+
.Example output
[source,terminal]
----
NAME STATE TYPE REGION ZONE AGE
lk4pj-master-0 running m4.xlarge us-east-1 us-east-1a 17m
lk4pj-master-1 running m4.xlarge us-east-1 us-east-1b 17m
lk4pj-master-2 running m4.xlarge us-east-1 us-east-1a 17m
lk4pj-worker-us-east-1a-5fzfj running m4.xlarge us-east-1 us-east-1a 15m
lk4pj-worker-us-east-1a-vbghs running m4.xlarge us-east-1 us-east-1a 15m
lk4pj-worker-us-east-1b-zgpzg running m4.xlarge us-east-1 us-east-1b 15m
----
+
The control plane machines contain `master` in the name.
... Remove the external load balancer from each control plane machine:
.... Edit a control plane machine object to by running the following command:
+
[source,terminal]
----
$ oc edit machines -n openshift-machine-api <control_plane_name> <1>
----
<1> Specify the name of the control plane machine object to modify.
.... Remove the lines that describe the external load balancer, which are marked in the following example:
+
[source,yaml]
----
providerSpec:
value:
loadBalancers:
- name: lk4pj-ext <1>
type: network <1>
- name: lk4pj-int
type: network
----
<1> Delete this line.
.... Save your changes and exit the object specification.
.... Repeat this process for each of the control plane machines.
endif::post-install[]
ifeval::["{context}" == "configuring-private-cluster"]
:!post-install:
endif::[]
ifeval::["{context}" == "cpmso-using-aws"]
:!cpmso-using-aws:
endif::[]
ifeval::["{context}" == "cpmso-using-azure"]
:!cpmso-using-azure:
endif::[]
View Git Blame Copy Permalink