Note
Access to this page requires authorization. You can try signing in or .
Access to this page requires authorization. You can try .
az aro
Manage Azure Red Hat OpenShift clusters.
Commands
| Name | Description | Type | Status |
|---|---|---|---|
| az aro create |
Create a cluster. |
Core | GA |
| az aro delete |
Delete a cluster. |
Core | GA |
| az aro get-admin-kubeconfig |
List admin kubeconfig of a cluster. |
Core | GA |
| az aro get-versions |
List versions available for installation. |
Core | GA |
| az aro list |
List clusters. |
Core | GA |
| az aro list-credentials |
List credentials of a cluster. |
Core | GA |
| az aro show |
Get the details of a cluster. |
Core | GA |
| az aro update |
Update a cluster. |
Core | GA |
| az aro validate |
Validate permissions required to create a cluster. |
Core | GA |
| az aro wait |
Wait for a cluster to reach a desired state. |
Core | GA |
az aro create
Create a cluster.
az aro create --master-subnet
--name
--resource-group
--worker-subnet
[--acquire-policy-token]
[--apiserver-visibility {Private, Public}]
[--assign-cluster-identity --mi-user-assigned]
[--assign-platform-wi --assign-platform-workload-identity]
[--change-reference]
[--client-id]
[--client-secret]
[--cluster-resource-group]
[--disk-encryption-set]
[--domain]
[--enable-managed-identity --enable-mi {false, true}]
[--enable-preconfigured-nsg {false, true}]
[--fips --fips-validated-modules {false, true}]
[--ingress-visibility {Private, Public}]
[--lb-ip-count --load-balancer-managed-outbound-ip-count]
[--location]
[--master-enc-host --master-encryption-at-host {false, true}]
[--master-vm-size]
[--no-wait]
[--outbound-type]
[--pod-cidr]
[--pull-secret]
[--service-cidr]
[--tags]
[--version]
[--vnet]
[--vnet-resource-group]
[--worker-count]
[--worker-enc-host --worker-encryption-at-host {false, true}]
[--worker-vm-disk-size-gb]
[--worker-vm-size]Examples
Create a cluster.
az aro create --resource-group MyResourceGroup --name MyCluster --vnet MyVnet --master-subnet MyMasterSubnet --worker-subnet MyWorkerSubnetCreate a cluster with a supported OpenShift version.
az aro create --resource-group MyResourceGroup --name MyCluster --vnet MyVnet --master-subnet MyMasterSubnet --worker-subnet MyWorkerSubnet --version X.Y.ZCreate a cluster with 5 compute nodes and Red Hat pull secret.
az aro create --resource-group MyResourceGroup --name MyCluster --vnet MyVnet --master-subnet MyMasterSubnet --worker-subnet MyWorkerSubnet --worker-count 5 --pull-secret pullsecret.txtCreate a private cluster.
az aro create --resource-group MyResourceGroup --name MyCluster --vnet MyVnet --master-subnet MyMasterSubnet --worker-subnet MyWorkerSubnet --apiserver-visibility Private --ingress-visibility PrivateRequired Parameters
Name or ID of master vnet subnet. If name is supplied, --vnet must be supplied.
Name of cluster.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Name or ID of worker vnet subnet. If name is supplied, --vnet must be supplied.
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Acquiring an Azure Policy token automatically for this resource operation.
| Property | Value |
|---|---|
| Parameter group: | Global Policy Arguments |
API server visibility. [Default: Public].
| Property | Value |
|---|---|
| Accepted values: | Private, Public |
Set the user managed identity on the cluster. Value must be an identity name or resource ID.
| Property | Value |
|---|---|
| Parameter group: | Identity Arguments |
Assign a platform workload identity used within the cluster. Requires two values: an operator name and either the name or resource ID of the Azure identity to use for it.
| Property | Value |
|---|---|
| Parameter group: | Identity Arguments |
The related change reference ID for this resource operation.
| Property | Value |
|---|---|
| Parameter group: | Global Policy Arguments |
Client ID of cluster service principal.
Client secret of cluster service principal.
Resource group of cluster.
ResourceID of the DiskEncryptionSet to be used for master and worker VMs.
Domain of cluster.
Enable managed identity for this cluster.
| Property | Value |
|---|---|
| Parameter group: | Identity Arguments |
| Default value: | False |
| Accepted values: | false, true |
Use Preconfigured NSGs. Allowed values: false, true. [Default: false].
| Property | Value |
|---|---|
| Accepted values: | false, true |
Use FIPS validated cryptography modules. [Default: false].
| Property | Value |
|---|---|
| Accepted values: | false, true |
Ingress visibility. [Default: Public].
| Property | Value |
|---|---|
| Accepted values: | Private, Public |
The desired number of IPv4 outbound IPs created and managed by Azure for the cluster public load balancer.
Location. Values from: az account list-locations. You can configure the default location using az configure --defaults location=<location>.
Encryption at host flag for master VMs. [Default: false].
| Property | Value |
|---|---|
| Default value: | False |
| Accepted values: | false, true |
Size of master VMs. [Default: Standard_D8s_v5].
Do not wait for the long-running operation to finish.
| Property | Value |
|---|---|
| Default value: | False |
Outbound type of cluster. Must be "Loadbalancer" or "UserDefinedRouting". [Default: Loadbalancer].
CIDR of pod network. Must be a minimum of /18 or larger. [Default: 10.128.0.0/14].
Pull secret of cluster.
CIDR of service network. Must be a minimum of /18 or larger. [Default: 172.30.0.0/16].
Space-separated tags: key[=value] [key[=value] ...]. Use "" to clear existing tags.
OpenShift version to use for cluster creation.
Name or ID of vnet. If name is supplied, --vnet-resource-group must be supplied.
Name of vnet resource group.
Count of worker VMs. [Default: 3].
Encryption at host flag for worker VMs. [Default: false].
| Property | Value |
|---|---|
| Default value: | False |
| Accepted values: | false, true |
Disk size in GB of worker VMs. [Default: 128].
Size of worker VMs. [Default: Standard_D4s_v5].
az aro delete
Delete a cluster.
az aro delete --name
--resource-group
[--acquire-policy-token]
[--change-reference]
[--delete-identities {false, true}]
[--no-wait]
[--yes]Examples
Delete a cluster.
az aro delete --name MyCluster --resource-group MyResourceGroupRequired Parameters
Name of cluster.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Acquiring an Azure Policy token automatically for this resource operation.
| Property | Value |
|---|---|
| Parameter group: | Global Policy Arguments |
The related change reference ID for this resource operation.
| Property | Value |
|---|---|
| Parameter group: | Global Policy Arguments |
Delete the cluster's associated managed identities together with the cluster.
| Property | Value |
|---|---|
| Parameter group: | Identity Arguments |
| Accepted values: | false, true |
Do not wait for the long-running operation to finish.
| Property | Value |
|---|---|
| Default value: | False |
Do not prompt for confirmation.
| Property | Value |
|---|---|
| Default value: | False |
az aro get-admin-kubeconfig
List admin kubeconfig of a cluster.
az aro get-admin-kubeconfig --name
--resource-group
[--acquire-policy-token]
[--change-reference]
[--file]Examples
List admin kubeconfig of a cluster. The default is to save it in a file named "kubeconfig".
az aro get-admin-kubeconfig --name MyCluster --resource-group MyResourceGroupRequired Parameters
Name of cluster.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Acquiring an Azure Policy token automatically for this resource operation.
| Property | Value |
|---|---|
| Parameter group: | Global Policy Arguments |
The related change reference ID for this resource operation.
| Property | Value |
|---|---|
| Parameter group: | Global Policy Arguments |
Path to the file where kubeconfig should be saved. Default: kubeconfig in local directory.
| Property | Value |
|---|---|
| Default value: | kubeconfig |
az aro get-versions
List versions available for installation.
az aro get-versions --location
[--acquire-policy-token]
[--change-reference]Examples
List install versions available for the East US region.
az aro get-versions --location eastusList install versions available for the East US region with table formatted output.
az aro get-versions --location eastus -o tableRequired Parameters
Location. Values from: az account list-locations. You can configure the default location using az configure --defaults location=<location>.
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Acquiring an Azure Policy token automatically for this resource operation.
| Property | Value |
|---|---|
| Parameter group: | Global Policy Arguments |
The related change reference ID for this resource operation.
| Property | Value |
|---|---|
| Parameter group: | Global Policy Arguments |
az aro list
List clusters.
az aro list [--resource-group]Examples
List clusters.
az aro listList clusters with table view.
az aro list -o tableOptional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
az aro list-credentials
List credentials of a cluster.
az aro list-credentials --name
--resource-group
[--acquire-policy-token]
[--change-reference]Examples
List credentials of a cluster.
az aro list-credentials --name MyCluster --resource-group MyResourceGroupRequired Parameters
Name of cluster.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Acquiring an Azure Policy token automatically for this resource operation.
| Property | Value |
|---|---|
| Parameter group: | Global Policy Arguments |
The related change reference ID for this resource operation.
| Property | Value |
|---|---|
| Parameter group: | Global Policy Arguments |
az aro show
Get the details of a cluster.
az aro show --name
--resource-groupExamples
Get the details of a cluster.
az aro show --name MyCluster --resource-group MyResourceGroupRequired Parameters
Name of cluster.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
az aro update
Update a cluster.
az aro update --name
--resource-group
[--acquire-policy-token]
[--assign-cluster-identity --mi-user-assigned]
[--assign-platform-wi --assign-platform-workload-identity]
[--change-reference]
[--client-id]
[--client-secret]
[--lb-ip-count --load-balancer-managed-outbound-ip-count]
[--no-wait]
[--refresh-credentials {false, true}]
[--upgradeable-to]Examples
Update a cluster.
az aro update --name MyCluster --resource-group MyResourceGroupRequired Parameters
Name of cluster.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Acquiring an Azure Policy token automatically for this resource operation.
| Property | Value |
|---|---|
| Parameter group: | Global Policy Arguments |
Set the user managed identity on the cluster. Value must be an identity name or resource ID.
| Property | Value |
|---|---|
| Parameter group: | Identity Arguments |
Assign a platform workload identity used within the cluster. Requires two values: an operator name and either the name or resource ID of the Azure identity to use for it.
| Property | Value |
|---|---|
| Parameter group: | Identity Arguments |
The related change reference ID for this resource operation.
| Property | Value |
|---|---|
| Parameter group: | Global Policy Arguments |
Client ID of cluster service principal.
Client secret of cluster service principal.
The desired number of IPv4 outbound IPs created and managed by Azure for the cluster public load balancer.
Do not wait for the long-running operation to finish.
| Property | Value |
|---|---|
| Default value: | False |
Refresh cluster application credentials.
| Property | Value |
|---|---|
| Default value: | False |
| Accepted values: | false, true |
OpenShift version to upgrade to.
| Property | Value |
|---|---|
| Parameter group: | Identity Arguments |
az aro validate
Validate permissions required to create a cluster.
az aro validate --master-subnet
--name
--resource-group
--worker-subnet
[--acquire-policy-token]
[--assign-cluster-identity --mi-user-assigned]
[--assign-platform-wi --assign-platform-workload-identity]
[--change-reference]
[--client-id]
[--client-secret]
[--cluster-resource-group]
[--disk-encryption-set]
[--enable-managed-identity --enable-mi {false, true}]
[--location]
[--pod-cidr]
[--service-cidr]
[--version]
[--vnet]
[--vnet-resource-group]Examples
Validate permissions.
az aro validate --resource-group MyGroup --name MyName --vnet MyVnet --master-subnet MyMasterSubnet --worker-subnet MyWorkerSubnetValidate permissions and OpenShift version
az aro validate --resource-group MyGroup --name MyName --vnet MyVnet --master-subnet MyMasterSubnet --worker-subnet MyWorkerSubnet --version X.Y.ZRequired Parameters
Name or ID of master vnet subnet. If name is supplied, --vnet must be supplied.
Name of cluster.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Name or ID of worker vnet subnet. If name is supplied, --vnet must be supplied.
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Acquiring an Azure Policy token automatically for this resource operation.
| Property | Value |
|---|---|
| Parameter group: | Global Policy Arguments |
Set the user managed identity on the cluster. Value must be an identity name or resource ID.
| Property | Value |
|---|---|
| Parameter group: | Identity Arguments |
Assign a platform workload identity used within the cluster. Requires two values: an operator name and either the name or resource ID of the Azure identity to use for it.
| Property | Value |
|---|---|
| Parameter group: | Identity Arguments |
The related change reference ID for this resource operation.
| Property | Value |
|---|---|
| Parameter group: | Global Policy Arguments |
Client ID of cluster service principal.
Client secret of cluster service principal.
Resource group of cluster.
ResourceID of the DiskEncryptionSet to be used for master and worker VMs.
Enable managed identity for this cluster.
| Property | Value |
|---|---|
| Parameter group: | Identity Arguments |
| Default value: | False |
| Accepted values: | false, true |
Location. Values from: az account list-locations. You can configure the default location using az configure --defaults location=<location>.
CIDR of pod network. Must be a minimum of /18 or larger. [Default: 10.128.0.0/14].
CIDR of service network. Must be a minimum of /18 or larger. [Default: 172.30.0.0/16].
OpenShift version to use for cluster creation.
Name or ID of vnet. If name is supplied, --vnet-resource-group must be supplied.
Name of vnet resource group.
az aro wait
Wait for a cluster to reach a desired state.
If an operation on a cluster was interrupted or was started with --no-wait, use this command to wait for it to complete.
az aro wait --name
--resource-group
[--acquire-policy-token]
[--change-reference]
[--created]
[--custom]
[--deleted]
[--exists]
[--interval]
[--timeout]
[--updated]Required Parameters
Name of cluster.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Acquiring an Azure Policy token automatically for this resource operation.
| Property | Value |
|---|---|
| Parameter group: | Global Policy Arguments |
The related change reference ID for this resource operation.
| Property | Value |
|---|---|
| Parameter group: | Global Policy Arguments |
Wait until created with 'provisioningState' at 'Succeeded'.
| Property | Value |
|---|---|
| Parameter group: | Wait Condition Arguments |
| Default value: | False |
Wait until the condition satisfies a custom JMESPath query. E.g. provisioningState!='InProgress', instanceView.statuses[?code=='PowerState/running'].
| Property | Value |
|---|---|
| Parameter group: | Wait Condition Arguments |
Wait until deleted.
| Property | Value |
|---|---|
| Parameter group: | Wait Condition Arguments |
| Default value: | False |
Wait until the resource exists.
| Property | Value |
|---|---|
| Parameter group: | Wait Condition Arguments |
| Default value: | False |
Polling interval in seconds.
| Property | Value |
|---|---|
| Parameter group: | Wait Condition Arguments |
| Default value: | 30 |
Maximum wait in seconds.
| Property | Value |
|---|---|
| Parameter group: | Wait Condition Arguments |
| Default value: | 3600 |
Wait until updated with provisioningState at 'Succeeded'.
| Property | Value |
|---|---|
| Parameter group: | Wait Condition Arguments |
| Default value: | False |
Feedback
Was this page helpful?