Microsoft.RedHatOpenShift openShiftClusters

2025-01-28

Bicep resource definition

The openShiftClusters resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.RedHatOpenShift/openShiftClusters resource, add the following Bicep to your template.

resource symbolicname 'Microsoft.RedHatOpenShift/openShiftClusters@2024-08-12-preview' = {
  scope: resourceSymbolicName or scope
  identity: {
    type: 'string'
    userAssignedIdentities: {
      {customized property}: {}
    }
  }
  location: 'string'
  name: 'string'
  properties: {
    apiserverProfile: {
      visibility: 'string'
    }
    clusterProfile: {
      domain: 'string'
      fipsValidatedModules: 'string'
      oidcIssuer: 'string'
      pullSecret: 'string'
      resourceGroupId: 'string'
      version: 'string'
    }
    consoleProfile: {}
    ingressProfiles: [
      {
        name: 'string'
        visibility: 'string'
      }
    ]
    masterProfile: {
      diskEncryptionSetId: 'string'
      encryptionAtHost: 'string'
      subnetId: 'string'
      vmSize: 'string'
    }
    networkProfile: {
      loadBalancerProfile: {
        managedOutboundIps: {
          count: int
        }
      }
      outboundType: 'string'
      podCidr: 'string'
      preconfiguredNSG: 'string'
      serviceCidr: 'string'
    }
    platformWorkloadIdentityProfile: {
      platformWorkloadIdentities: {
        {customized property}: {
          resourceId: 'string'
        }
      }
      upgradeableTo: 'string'
    }
    provisioningState: 'string'
    servicePrincipalProfile: {
      clientId: 'string'
      clientSecret: 'string'
    }
    workerProfiles: [
      {
        count: int
        diskEncryptionSetId: 'string'
        diskSizeGB: int
        encryptionAtHost: 'string'
        name: 'string'
        subnetId: 'string'
        vmSize: 'string'
      }
    ]
  }
  tags: {
    {customized property}: 'string'
  }
}

Property Values

Microsoft.RedHatOpenShift/openShiftClusters

Name	Description	Value
identity	Identity stores information about the cluster MSI(s) in a workload identity cluster.	ManagedServiceIdentity
location	The geo-location where the resource lives	string (required)
name	The resource name	string (required)
properties	The cluster properties.	OpenShiftClusterProperties
scope	Use when creating a resource at a scope that is different than the deployment scope.	Set this property to the symbolic name of a resource to apply the extension resource.
tags	Resource tags	Dictionary of tag names and values. See Tags in templates

APIServerProfile

Name	Description	Value
visibility	API server visibility.	'Private' 'Public'

ClusterProfile

Name	Description	Value
domain	The domain for the cluster.	string
fipsValidatedModules	If FIPS validated crypto modules are used	'Disabled' 'Enabled'
oidcIssuer	The URL of the managed OIDC issuer in a workload identity cluster.	string
pullSecret	The pull secret for the cluster.	string
resourceGroupId	The ID of the cluster resource group.	string
version	The version of the cluster.	string

ConsoleProfile

Name	Description	Value

IngressProfile

Name	Description	Value
name	The ingress profile name.	string
visibility	Ingress visibility.	'Private' 'Public'

LoadBalancerProfile

Name	Description	Value
managedOutboundIps	The desired managed outbound IPs for the cluster public load balancer.	ManagedOutboundIPs

ManagedOutboundIPs

Name	Description	Value
count	Count represents the desired number of IPv4 outbound IPs created and managed by Azure for the cluster public load balancer. Allowed values are in the range of 1 - 20. The default value is 1.	int

ManagedServiceIdentity

Name	Description	Value
type	Type of managed service identity (where both SystemAssigned and UserAssigned types are allowed).	'None' 'SystemAssigned' 'SystemAssigned,UserAssigned' 'UserAssigned' (required)
userAssignedIdentities	The set of user assigned identities associated with the resource. The userAssignedIdentities dictionary keys will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}. The dictionary values can be empty objects ({}) in requests.	ManagedServiceIdentityUserAssignedIdentities

ManagedServiceIdentityUserAssignedIdentities

Name	Description	Value

MasterProfile

Name	Description	Value
diskEncryptionSetId	The resource ID of an associated DiskEncryptionSet, if applicable.	string
encryptionAtHost	Whether master virtual machines are encrypted at host.	'Disabled' 'Enabled'
subnetId	The Azure resource ID of the master subnet.	string
vmSize	The size of the master VMs.	string

NetworkProfile

Name	Description	Value
loadBalancerProfile	The cluster load balancer profile.	LoadBalancerProfile
outboundType	The OutboundType used for egress traffic.	'Loadbalancer' 'UserDefinedRouting'
podCidr	The CIDR used for OpenShift/Kubernetes Pods.	string
preconfiguredNSG	Specifies whether subnets are pre-attached with an NSG	'Disabled' 'Enabled'
serviceCidr	The CIDR used for OpenShift/Kubernetes Services.	string

OpenShiftClusterProperties

Name	Description	Value
apiserverProfile	The cluster API server profile.	APIServerProfile
clusterProfile	The cluster profile.	ClusterProfile
consoleProfile	The console profile.	ConsoleProfile
ingressProfiles	The cluster ingress profiles.	IngressProfile[]
masterProfile	The cluster master profile.	MasterProfile
networkProfile	The cluster network profile.	NetworkProfile
platformWorkloadIdentityProfile	The workload identity profile.	PlatformWorkloadIdentityProfile
provisioningState	The cluster provisioning state.	'AdminUpdating' 'Canceled' 'Creating' 'Deleting' 'Failed' 'Succeeded' 'Updating'
servicePrincipalProfile	The cluster service principal profile.	ServicePrincipalProfile
workerProfiles	The cluster worker profiles.	WorkerProfile[]

PlatformWorkloadIdentity

Name	Description	Value
resourceId	The resource ID of the PlatformWorkloadIdentity resource	string

PlatformWorkloadIdentityProfile

Name	Description	Value
platformWorkloadIdentities	Dictionary of <PlatformWorkloadIdentity>	PlatformWorkloadIdentityProfilePlatformWorkloadIdentities
upgradeableTo	UpgradeableTo stores a single OpenShift version a workload identity cluster can be upgraded to	string

PlatformWorkloadIdentityProfilePlatformWorkloadIdentities

Name	Description	Value

ServicePrincipalProfile

Name	Description	Value
clientId	The client ID used for the cluster.	string
clientSecret	The client secret used for the cluster.	string

TrackedResourceTags

Name	Description	Value

UserAssignedIdentity

Name	Description	Value

WorkerProfile

Name	Description	Value
count	The number of worker VMs.	int
diskEncryptionSetId	The resource ID of an associated DiskEncryptionSet, if applicable.	string
diskSizeGB	The disk size of the worker VMs.	int
encryptionAtHost	Whether master virtual machines are encrypted at host.	'Disabled' 'Enabled'
name	The worker profile name.	string
subnetId	The Azure resource ID of the worker subnet.	string
vmSize	The size of the worker VMs.	string

ARM template resource definition

The openShiftClusters resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.RedHatOpenShift/openShiftClusters resource, add the following JSON to your template.

{
  "type": "Microsoft.RedHatOpenShift/openShiftClusters",
  "apiVersion": "2024-08-12-preview",
  "name": "string",
  "identity": {
    "type": "string",
    "userAssignedIdentities": {
      "{customized property}": {
      }
    }
  },
  "location": "string",
  "properties": {
    "apiserverProfile": {
      "visibility": "string"
    },
    "clusterProfile": {
      "domain": "string",
      "fipsValidatedModules": "string",
      "oidcIssuer": "string",
      "pullSecret": "string",
      "resourceGroupId": "string",
      "version": "string"
    },
    "consoleProfile": {
    },
    "ingressProfiles": [
      {
        "name": "string",
        "visibility": "string"
      }
    ],
    "masterProfile": {
      "diskEncryptionSetId": "string",
      "encryptionAtHost": "string",
      "subnetId": "string",
      "vmSize": "string"
    },
    "networkProfile": {
      "loadBalancerProfile": {
        "managedOutboundIps": {
          "count": "int"
        }
      },
      "outboundType": "string",
      "podCidr": "string",
      "preconfiguredNSG": "string",
      "serviceCidr": "string"
    },
    "platformWorkloadIdentityProfile": {
      "platformWorkloadIdentities": {
        "{customized property}": {
          "resourceId": "string"
        }
      },
      "upgradeableTo": "string"
    },
    "provisioningState": "string",
    "servicePrincipalProfile": {
      "clientId": "string",
      "clientSecret": "string"
    },
    "workerProfiles": [
      {
        "count": "int",
        "diskEncryptionSetId": "string",
        "diskSizeGB": "int",
        "encryptionAtHost": "string",
        "name": "string",
        "subnetId": "string",
        "vmSize": "string"
      }
    ]
  },
  "tags": {
    "{customized property}": "string"
  }
}

Property Values

Microsoft.RedHatOpenShift/openShiftClusters

Name	Description	Value
apiVersion	The api version	'2024-08-12-preview'
identity	Identity stores information about the cluster MSI(s) in a workload identity cluster.	ManagedServiceIdentity
location	The geo-location where the resource lives	string (required)
name	The resource name	string (required)
properties	The cluster properties.	OpenShiftClusterProperties
tags	Resource tags	Dictionary of tag names and values. See Tags in templates
type	The resource type	'Microsoft.RedHatOpenShift/openShiftClusters'

APIServerProfile

Name	Description	Value
visibility	API server visibility.	'Private' 'Public'

ClusterProfile

Name	Description	Value
domain	The domain for the cluster.	string
fipsValidatedModules	If FIPS validated crypto modules are used	'Disabled' 'Enabled'
oidcIssuer	The URL of the managed OIDC issuer in a workload identity cluster.	string
pullSecret	The pull secret for the cluster.	string
resourceGroupId	The ID of the cluster resource group.	string
version	The version of the cluster.	string

ConsoleProfile

Name	Description	Value

IngressProfile

Name	Description	Value
name	The ingress profile name.	string
visibility	Ingress visibility.	'Private' 'Public'

LoadBalancerProfile

Name	Description	Value
managedOutboundIps	The desired managed outbound IPs for the cluster public load balancer.	ManagedOutboundIPs

ManagedOutboundIPs

Name	Description	Value
count	Count represents the desired number of IPv4 outbound IPs created and managed by Azure for the cluster public load balancer. Allowed values are in the range of 1 - 20. The default value is 1.	int

ManagedServiceIdentity

Name	Description	Value
type	Type of managed service identity (where both SystemAssigned and UserAssigned types are allowed).	'None' 'SystemAssigned' 'SystemAssigned,UserAssigned' 'UserAssigned' (required)
userAssignedIdentities	The set of user assigned identities associated with the resource. The userAssignedIdentities dictionary keys will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}. The dictionary values can be empty objects ({}) in requests.	ManagedServiceIdentityUserAssignedIdentities

ManagedServiceIdentityUserAssignedIdentities

Name	Description	Value

MasterProfile

Name	Description	Value
diskEncryptionSetId	The resource ID of an associated DiskEncryptionSet, if applicable.	string
encryptionAtHost	Whether master virtual machines are encrypted at host.	'Disabled' 'Enabled'
subnetId	The Azure resource ID of the master subnet.	string
vmSize	The size of the master VMs.	string

NetworkProfile

Name	Description	Value
loadBalancerProfile	The cluster load balancer profile.	LoadBalancerProfile
outboundType	The OutboundType used for egress traffic.	'Loadbalancer' 'UserDefinedRouting'
podCidr	The CIDR used for OpenShift/Kubernetes Pods.	string
preconfiguredNSG	Specifies whether subnets are pre-attached with an NSG	'Disabled' 'Enabled'
serviceCidr	The CIDR used for OpenShift/Kubernetes Services.	string

OpenShiftClusterProperties

Name	Description	Value
apiserverProfile	The cluster API server profile.	APIServerProfile
clusterProfile	The cluster profile.	ClusterProfile
consoleProfile	The console profile.	ConsoleProfile
ingressProfiles	The cluster ingress profiles.	IngressProfile[]
masterProfile	The cluster master profile.	MasterProfile
networkProfile	The cluster network profile.	NetworkProfile
platformWorkloadIdentityProfile	The workload identity profile.	PlatformWorkloadIdentityProfile
provisioningState	The cluster provisioning state.	'AdminUpdating' 'Canceled' 'Creating' 'Deleting' 'Failed' 'Succeeded' 'Updating'
servicePrincipalProfile	The cluster service principal profile.	ServicePrincipalProfile
workerProfiles	The cluster worker profiles.	WorkerProfile[]

PlatformWorkloadIdentity

Name	Description	Value
resourceId	The resource ID of the PlatformWorkloadIdentity resource	string

PlatformWorkloadIdentityProfile

Name	Description	Value
platformWorkloadIdentities	Dictionary of <PlatformWorkloadIdentity>	PlatformWorkloadIdentityProfilePlatformWorkloadIdentities
upgradeableTo	UpgradeableTo stores a single OpenShift version a workload identity cluster can be upgraded to	string

PlatformWorkloadIdentityProfilePlatformWorkloadIdentities

Name	Description	Value

ServicePrincipalProfile

Name	Description	Value
clientId	The client ID used for the cluster.	string
clientSecret	The client secret used for the cluster.	string

TrackedResourceTags

Name	Description	Value

UserAssignedIdentity

Name	Description	Value

WorkerProfile

Name	Description	Value
count	The number of worker VMs.	int
diskEncryptionSetId	The resource ID of an associated DiskEncryptionSet, if applicable.	string
diskSizeGB	The disk size of the worker VMs.	int
encryptionAtHost	Whether master virtual machines are encrypted at host.	'Disabled' 'Enabled'
name	The worker profile name.	string
subnetId	The Azure resource ID of the worker subnet.	string
vmSize	The size of the worker VMs.	string

Usage Examples

Terraform (AzAPI provider) resource definition

The openShiftClusters resource type can be deployed with operations that target:

For a list of changed properties in each API version, see change log.

Resource format

To create a Microsoft.RedHatOpenShift/openShiftClusters resource, add the following Terraform to your template.

resource "azapi_resource" "symbolicname" {
  type = "Microsoft.RedHatOpenShift/openShiftClusters@2024-08-12-preview"
  name = "string"
  parent_id = "string"
  identity {
    type = "string"
    identity_ids = [
      "string"
    ]
  }
  location = "string"
  tags = {
    {customized property} = "string"
  }
  body = {
    properties = {
      apiserverProfile = {
        visibility = "string"
      }
      clusterProfile = {
        domain = "string"
        fipsValidatedModules = "string"
        oidcIssuer = "string"
        pullSecret = "string"
        resourceGroupId = "string"
        version = "string"
      }
      consoleProfile = {
      }
      ingressProfiles = [
        {
          name = "string"
          visibility = "string"
        }
      ]
      masterProfile = {
        diskEncryptionSetId = "string"
        encryptionAtHost = "string"
        subnetId = "string"
        vmSize = "string"
      }
      networkProfile = {
        loadBalancerProfile = {
          managedOutboundIps = {
            count = int
          }
        }
        outboundType = "string"
        podCidr = "string"
        preconfiguredNSG = "string"
        serviceCidr = "string"
      }
      platformWorkloadIdentityProfile = {
        platformWorkloadIdentities = {
          {customized property} = {
            resourceId = "string"
          }
        }
        upgradeableTo = "string"
      }
      provisioningState = "string"
      servicePrincipalProfile = {
        clientId = "string"
        clientSecret = "string"
      }
      workerProfiles = [
        {
          count = int
          diskEncryptionSetId = "string"
          diskSizeGB = int
          encryptionAtHost = "string"
          name = "string"
          subnetId = "string"
          vmSize = "string"
        }
      ]
    }
  }
}

Property Values

Microsoft.RedHatOpenShift/openShiftClusters

Name	Description	Value
identity	Identity stores information about the cluster MSI(s) in a workload identity cluster.	ManagedServiceIdentity
location	The geo-location where the resource lives	string (required)
name	The resource name	string (required)
parent_id	The ID of the resource to apply this extension resource to.	string (required)
properties	The cluster properties.	OpenShiftClusterProperties
tags	Resource tags	Dictionary of tag names and values.
type	The resource type	"Microsoft.RedHatOpenShift/openShiftClusters@2024-08-12-preview"

APIServerProfile

Name	Description	Value
visibility	API server visibility.	'Private' 'Public'

ClusterProfile

Name	Description	Value
domain	The domain for the cluster.	string
fipsValidatedModules	If FIPS validated crypto modules are used	'Disabled' 'Enabled'
oidcIssuer	The URL of the managed OIDC issuer in a workload identity cluster.	string
pullSecret	The pull secret for the cluster.	string
resourceGroupId	The ID of the cluster resource group.	string
version	The version of the cluster.	string

ConsoleProfile

Name	Description	Value

IngressProfile

Name	Description	Value
name	The ingress profile name.	string
visibility	Ingress visibility.	'Private' 'Public'

LoadBalancerProfile

Name	Description	Value
managedOutboundIps	The desired managed outbound IPs for the cluster public load balancer.	ManagedOutboundIPs

ManagedOutboundIPs

Name	Description	Value
count	Count represents the desired number of IPv4 outbound IPs created and managed by Azure for the cluster public load balancer. Allowed values are in the range of 1 - 20. The default value is 1.	int

ManagedServiceIdentity

Name	Description	Value
type	Type of managed service identity (where both SystemAssigned and UserAssigned types are allowed).	'None' 'SystemAssigned' 'SystemAssigned,UserAssigned' 'UserAssigned' (required)
userAssignedIdentities	The set of user assigned identities associated with the resource. The userAssignedIdentities dictionary keys will be ARM resource ids in the form: '/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{identityName}. The dictionary values can be empty objects ({}) in requests.	ManagedServiceIdentityUserAssignedIdentities

ManagedServiceIdentityUserAssignedIdentities

Name	Description	Value

MasterProfile

Name	Description	Value
diskEncryptionSetId	The resource ID of an associated DiskEncryptionSet, if applicable.	string
encryptionAtHost	Whether master virtual machines are encrypted at host.	'Disabled' 'Enabled'
subnetId	The Azure resource ID of the master subnet.	string
vmSize	The size of the master VMs.	string

NetworkProfile

Name	Description	Value
loadBalancerProfile	The cluster load balancer profile.	LoadBalancerProfile
outboundType	The OutboundType used for egress traffic.	'Loadbalancer' 'UserDefinedRouting'
podCidr	The CIDR used for OpenShift/Kubernetes Pods.	string
preconfiguredNSG	Specifies whether subnets are pre-attached with an NSG	'Disabled' 'Enabled'
serviceCidr	The CIDR used for OpenShift/Kubernetes Services.	string

OpenShiftClusterProperties

Name	Description	Value
apiserverProfile	The cluster API server profile.	APIServerProfile
clusterProfile	The cluster profile.	ClusterProfile
consoleProfile	The console profile.	ConsoleProfile
ingressProfiles	The cluster ingress profiles.	IngressProfile[]
masterProfile	The cluster master profile.	MasterProfile
networkProfile	The cluster network profile.	NetworkProfile
platformWorkloadIdentityProfile	The workload identity profile.	PlatformWorkloadIdentityProfile
provisioningState	The cluster provisioning state.	'AdminUpdating' 'Canceled' 'Creating' 'Deleting' 'Failed' 'Succeeded' 'Updating'
servicePrincipalProfile	The cluster service principal profile.	ServicePrincipalProfile
workerProfiles	The cluster worker profiles.	WorkerProfile[]

PlatformWorkloadIdentity

Name	Description	Value
resourceId	The resource ID of the PlatformWorkloadIdentity resource	string

PlatformWorkloadIdentityProfile

Name	Description	Value
platformWorkloadIdentities	Dictionary of <PlatformWorkloadIdentity>	PlatformWorkloadIdentityProfilePlatformWorkloadIdentities
upgradeableTo	UpgradeableTo stores a single OpenShift version a workload identity cluster can be upgraded to	string

PlatformWorkloadIdentityProfilePlatformWorkloadIdentities

Name	Description	Value

ServicePrincipalProfile

Name	Description	Value
clientId	The client ID used for the cluster.	string
clientSecret	The client secret used for the cluster.	string

TrackedResourceTags

Name	Description	Value

UserAssignedIdentity

Name	Description	Value

WorkerProfile

Name	Description	Value
count	The number of worker VMs.	int
diskEncryptionSetId	The resource ID of an associated DiskEncryptionSet, if applicable.	string
diskSizeGB	The disk size of the worker VMs.	int
encryptionAtHost	Whether master virtual machines are encrypted at host.	'Disabled' 'Enabled'
name	The worker profile name.	string
subnetId	The Azure resource ID of the worker subnet.	string
vmSize	The size of the worker VMs.	string

Feedback

Was this page helpful?

Share via

Microsoft.RedHatOpenShift openShiftClusters

Bicep resource definition

Resource format

Property Values

Microsoft.RedHatOpenShift/openShiftClusters

APIServerProfile

ClusterProfile

ConsoleProfile

IngressProfile

LoadBalancerProfile

ManagedOutboundIPs

ManagedServiceIdentity

ManagedServiceIdentityUserAssignedIdentities

MasterProfile

NetworkProfile

OpenShiftClusterProperties

PlatformWorkloadIdentity

PlatformWorkloadIdentityProfile

PlatformWorkloadIdentityProfilePlatformWorkloadIdentities

ServicePrincipalProfile

TrackedResourceTags

UserAssignedIdentity

WorkerProfile

ARM template resource definition

Resource format

Property Values

Microsoft.RedHatOpenShift/openShiftClusters

APIServerProfile

ClusterProfile

ConsoleProfile

IngressProfile

LoadBalancerProfile

ManagedOutboundIPs

ManagedServiceIdentity

ManagedServiceIdentityUserAssignedIdentities

MasterProfile

NetworkProfile

OpenShiftClusterProperties

PlatformWorkloadIdentity

PlatformWorkloadIdentityProfile

PlatformWorkloadIdentityProfilePlatformWorkloadIdentities

ServicePrincipalProfile

TrackedResourceTags

UserAssignedIdentity

WorkerProfile

Usage Examples

Terraform (AzAPI provider) resource definition

Resource format

Property Values

Microsoft.RedHatOpenShift/openShiftClusters

APIServerProfile

ClusterProfile

ConsoleProfile

IngressProfile

LoadBalancerProfile

ManagedOutboundIPs

ManagedServiceIdentity

ManagedServiceIdentityUserAssignedIdentities

MasterProfile

NetworkProfile

OpenShiftClusterProperties

PlatformWorkloadIdentity

PlatformWorkloadIdentityProfile

PlatformWorkloadIdentityProfilePlatformWorkloadIdentities

ServicePrincipalProfile

TrackedResourceTags

UserAssignedIdentity

WorkerProfile

Feedback

Additional resources