az aro
Manage Azure Red Hat OpenShift clusters.
Commands
| Name | Description | Type | Status |
|---|---|---|---|
| az aro create |
Create a cluster. |
Core | GA |
| az aro delete |
Delete a cluster. |
Core | GA |
| az aro get-admin-kubeconfig |
List admin kubeconfig of a cluster. |
Core | GA |
| az aro get-versions |
List versions available for installation. |
Core | GA |
| az aro list |
List clusters. |
Core | GA |
| az aro list-credentials |
List credentials of a cluster. |
Core | GA |
| az aro show |
Get the details of a cluster. |
Core | GA |
| az aro update |
Update a cluster. |
Core | GA |
| az aro validate |
Validate permissions required to create a cluster. |
Core | GA |
| az aro wait |
Wait for a cluster to reach a desired state. |
Core | GA |
az aro create
Create a cluster.
az aro create --master-subnet
--name
--resource-group
--worker-subnet
[--apiserver-visibility {Private, Public}]
[--client-id]
[--client-secret]
[--cluster-resource-group]
[--disk-encryption-set]
[--domain]
[--enable-preconfigured-nsg {false, true}]
[--fips --fips-validated-modules {false, true}]
[--ingress-visibility {Private, Public}]
[--lb-ip-count --load-balancer-managed-outbound-ip-count]
[--location]
[--master-enc-host --master-encryption-at-host {false, true}]
[--master-vm-size]
[--no-wait]
[--outbound-type]
[--pod-cidr]
[--pull-secret]
[--service-cidr]
[--tags]
[--version]
[--vnet]
[--vnet-resource-group]
[--worker-count]
[--worker-enc-host --worker-encryption-at-host {false, true}]
[--worker-vm-disk-size-gb]
[--worker-vm-size]Examples
Create a cluster.
az aro create --resource-group MyResourceGroup --name MyCluster --vnet MyVnet --master-subnet MyMasterSubnet --worker-subnet MyWorkerSubnetCreate a cluster with a supported OpenShift version.
az aro create --resource-group MyResourceGroup --name MyCluster --vnet MyVnet --master-subnet MyMasterSubnet --worker-subnet MyWorkerSubnet --version X.Y.ZCreate a cluster with 5 compute nodes and Red Hat pull secret.
az aro create --resource-group MyResourceGroup --name MyCluster --vnet MyVnet --master-subnet MyMasterSubnet --worker-subnet MyWorkerSubnet --worker-count 5 --pull-secret pullsecret.txtCreate a private cluster.
az aro create --resource-group MyResourceGroup --name MyCluster --vnet MyVnet --master-subnet MyMasterSubnet --worker-subnet MyWorkerSubnet --apiserver-visibility Private --ingress-visibility PrivateRequired Parameters
Name or ID of master vnet subnet. If name is supplied, --vnet must be supplied.
Name of cluster.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Name or ID of worker vnet subnet. If name is supplied, --vnet must be supplied.
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
API server visibility.
| Property | Value |
|---|---|
| Default value: | Public |
| Accepted values: | Private, Public |
Client ID of cluster service principal.
Client secret of cluster service principal.
Resource group of cluster.
ResourceID of the DiskEncryptionSet to be used for master and worker VMs.
Domain of cluster.
Use Preconfigured NSGs.
| Property | Value |
|---|---|
| Default value: | False |
| Accepted values: | false, true |
Use FIPS validated cryptography modules.
| Property | Value |
|---|---|
| Default value: | False |
| Accepted values: | false, true |
Ingress visibility.
| Property | Value |
|---|---|
| Default value: | Public |
| Accepted values: | Private, Public |
The desired number of IPv4 outbound IPs created and managed by Azure for the cluster public load balancer.
Location. Values from: az account list-locations. You can configure the default location using az configure --defaults location=<location>.
Encryption at host flag for master VMs.
| Property | Value |
|---|---|
| Default value: | False |
| Accepted values: | false, true |
Size of master VMs.
| Property | Value |
|---|---|
| Default value: | Standard_D8s_v5 |
Do not wait for the long-running operation to finish.
| Property | Value |
|---|---|
| Default value: | False |
Outbound type of cluster. Must be "Loadbalancer" or "UserDefinedRouting".
| Property | Value |
|---|---|
| Default value: | Loadbalancer |
CIDR of pod network. Must be a minimum of /18 or larger.
| Property | Value |
|---|---|
| Default value: | 10.128.0.0/14 |
Pull secret of cluster.
CIDR of service network. Must be a minimum of /18 or larger.
| Property | Value |
|---|---|
| Default value: | 172.30.0.0/16 |
Space-separated tags: key[=value] [key[=value] ...]. Use "" to clear existing tags.
OpenShift version to use for cluster creation.
Name or ID of vnet. If name is supplied, --vnet-resource-group must be supplied.
Name of vnet resource group.
Count of worker VMs.
| Property | Value |
|---|---|
| Default value: | 3 |
Encryption at host flag for worker VMs.
| Property | Value |
|---|---|
| Default value: | False |
| Accepted values: | false, true |
Disk size in GB of worker VMs.
| Property | Value |
|---|---|
| Default value: | 128 |
Size of worker VMs.
| Property | Value |
|---|---|
| Default value: | Standard_D4s_v5 |
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az aro delete
Delete a cluster.
az aro delete --name
--resource-group
[--no-wait]
[--yes]Examples
Delete a cluster.
az aro delete --name MyCluster --resource-group MyResourceGroupRequired Parameters
Name of cluster.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Do not wait for the long-running operation to finish.
| Property | Value |
|---|---|
| Default value: | False |
Do not prompt for confirmation.
| Property | Value |
|---|---|
| Default value: | False |
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az aro get-admin-kubeconfig
List admin kubeconfig of a cluster.
az aro get-admin-kubeconfig --name
--resource-group
[--file]Examples
List admin kubeconfig of a cluster. The default is to save it in a file named "kubeconfig".
az aro get-admin-kubeconfig --name MyCluster --resource-group MyResourceGroupRequired Parameters
Name of cluster.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Path to the file where kubeconfig should be saved. Default: kubeconfig in local directory.
| Property | Value |
|---|---|
| Default value: | kubeconfig |
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az aro get-versions
List versions available for installation.
az aro get-versions --locationExamples
List install versions available for the East US region.
az aro get-versions --location eastusList install versions available for the East US region with table formatted output.
az aro get-versions --location eastus -o tableRequired Parameters
Location. Values from: az account list-locations. You can configure the default location using az configure --defaults location=<location>.
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az aro list
List clusters.
az aro list [--resource-group]Examples
List clusters.
az aro listList clusters with table view.
az aro list -o tableOptional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az aro list-credentials
List credentials of a cluster.
az aro list-credentials --name
--resource-groupExamples
List credentials of a cluster.
az aro list-credentials --name MyCluster --resource-group MyResourceGroupRequired Parameters
Name of cluster.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az aro show
Get the details of a cluster.
az aro show --name
--resource-groupExamples
Get the details of a cluster.
az aro show --name MyCluster --resource-group MyResourceGroupRequired Parameters
Name of cluster.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az aro update
Update a cluster.
az aro update --name
--resource-group
[--client-id]
[--client-secret]
[--lb-ip-count --load-balancer-managed-outbound-ip-count]
[--no-wait]
[--refresh-credentials {false, true}]Examples
Update a cluster.
az aro update --name MyCluster --resource-group MyResourceGroupRequired Parameters
Name of cluster.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Client ID of cluster service principal.
Client secret of cluster service principal.
The desired number of IPv4 outbound IPs created and managed by Azure for the cluster public load balancer.
Do not wait for the long-running operation to finish.
| Property | Value |
|---|---|
| Default value: | False |
Refresh cluster application credentials.
| Property | Value |
|---|---|
| Default value: | False |
| Accepted values: | false, true |
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az aro validate
Validate permissions required to create a cluster.
az aro validate --master-subnet
--name
--resource-group
--worker-subnet
[--client-id]
[--client-secret]
[--cluster-resource-group]
[--disk-encryption-set]
[--location]
[--pod-cidr]
[--service-cidr]
[--version]
[--vnet]
[--vnet-resource-group]Examples
Validate permissions.
az aro validate --resource-group MyGroup --name MyName --vnet MyVnet --master-subnet MyMasterSubnet --worker-subnet MyWorkerSubnetValidate permissions and OpenShift version
az aro validate --resource-group MyGroup --name MyName --vnet MyVnet --master-subnet MyMasterSubnet --worker-subnet MyWorkerSubnet --version X.Y.ZRequired Parameters
Name or ID of master vnet subnet. If name is supplied, --vnet must be supplied.
Name of cluster.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Name or ID of worker vnet subnet. If name is supplied, --vnet must be supplied.
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Client ID of cluster service principal.
Client secret of cluster service principal.
Resource group of cluster.
ResourceID of the DiskEncryptionSet to be used for master and worker VMs.
Location. Values from: az account list-locations. You can configure the default location using az configure --defaults location=<location>.
CIDR of pod network. Must be a minimum of /18 or larger.
CIDR of service network. Must be a minimum of /18 or larger.
OpenShift version to use for cluster creation.
Name or ID of vnet. If name is supplied, --vnet-resource-group must be supplied.
Name of vnet resource group.
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
az aro wait
Wait for a cluster to reach a desired state.
If an operation on a cluster was interrupted or was started with --no-wait, use this command to wait for it to complete.
az aro wait --name
--resource-group
[--created]
[--custom]
[--deleted]
[--exists]
[--interval]
[--timeout]
[--updated]Required Parameters
Name of cluster.
Name of resource group. You can configure the default group using az configure --defaults group=<name>.
Optional Parameters
The following parameters are optional, but depending on the context, one or more might become required for the command to execute successfully.
Wait until created with 'provisioningState' at 'Succeeded'.
| Property | Value |
|---|---|
| Parameter group: | Wait Condition Arguments |
| Default value: | False |
Wait until the condition satisfies a custom JMESPath query. E.g. provisioningState!='InProgress', instanceView.statuses[?code=='PowerState/running'].
| Property | Value |
|---|---|
| Parameter group: | Wait Condition Arguments |
Wait until deleted.
| Property | Value |
|---|---|
| Parameter group: | Wait Condition Arguments |
| Default value: | False |
Wait until the resource exists.
| Property | Value |
|---|---|
| Parameter group: | Wait Condition Arguments |
| Default value: | False |
Polling interval in seconds.
| Property | Value |
|---|---|
| Parameter group: | Wait Condition Arguments |
| Default value: | 30 |
Maximum wait in seconds.
| Property | Value |
|---|---|
| Parameter group: | Wait Condition Arguments |
| Default value: | 3600 |
Wait until updated with provisioningState at 'Succeeded'.
| Property | Value |
|---|---|
| Parameter group: | Wait Condition Arguments |
| Default value: | False |
Global Parameters
Increase logging verbosity to show all debug logs.
| Property | Value |
|---|---|
| Default value: | False |
Show this help message and exit.
Only show errors, suppressing warnings.
| Property | Value |
|---|---|
| Default value: | False |
Output format.
| Property | Value |
|---|---|
| Default value: | json |
| Accepted values: | json, jsonc, none, table, tsv, yaml, yamlc |
JMESPath query string. See http://jmespath.org/ for more information and examples.
Name or ID of subscription. You can configure the default subscription using az account set -s NAME_OR_ID.
Increase logging verbosity. Use --debug for full debug logs.
| Property | Value |
|---|---|
| Default value: | False |
