Cloud Experts Documentation

Azure Red Hat OpenShift

Microsoft Azure Red Hat OpenShift is a turnkey application platform that provides highly available, fully managed Red Hat OpenShift clusters on demand. Red Hat and Microsoft jointly engineer, manage, and support the platform, allowing organizations to increase operational efficiency, refocus on innovation, and quickly build, deploy and scale applications.

ARO Quickstart

A Quickstart guide to deploying an Azure Red Hat OpenShift cluster. Video Walkthrough If you prefer a more visual medium, you can watch Paul Czarkowskiexternal link (opens in new tab) walk through this quickstart on YouTubeexternal link (opens in new tab) . Prerequisites Azure…

Using OpenShift Lightspeed with ARO

This guide walks through setting up OpenShift Lightspeed backed by Azure AI Foundry services for the LLM. Prerequisites An ARO Cluster is already installed. Permissions to use/register Microsoft Cognitive Services Command line tools used in this guide: aws cli jq Set up…

Configuring Cross-Tenant Azure DevOps Access from ArgoCD on ARO

This guide has been validated on OpenShift 4.20. Operator CRD names, API versions, and console paths may differ on other versions. In some large enterprises, it might be a requirement to have your Azure DevOps (ADO) tools in a centralized Azure Tenant different from the tenant…

Add or Update a Red Hat Pull Secret on ARO

When deploying an Azure Red Hat OpenShift (ARO) cluster, omitting a Red Hat pull secret results in a “limited” configuration. While this allows the cluster to function using core service images, it restricts access to the broader Red Hat ecosystem, including Red Hat…

OpenShift Network Calculator

Calculate network sizing for your OpenShift cluster

Migrating Azure VMs to OpenShift Virtualization on ARO

Migrating virtual machines (VMs) from Azure to OpenShift Virtualization on Azure Red Hat OpenShift (ARO) is a powerful step toward unifying your traditional and cloud-native workloads on a single, enterprise-grade application platform. This guide will walk you through the…

Deploying OpenShift Virtualization on ARO

This guide has been validated on OpenShift 4.20. Operator CRD names, API versions, and console paths may differ on other versions. OpenShift Virtualization is a feature of OpenShift that allows you to run virtual machines alongside your containers. This is useful for running…

Backup and Restore for Azure Red Hat OpenShift using OpenShift API for Data Protection

This guide outlines how to implement OpenShift API for Data Protection (OADP) for comprehensive backup and recovery for Azure Red Hat OpenShift (ARO) clusters using a storage account. Overview of OADP OADP provides robust disaster recovery solution, covering OpenShift…

Scalability and Cost Management for Azure Red Hat OpenShift

With Azure Red Hat OpenShift (ARO), you can take advantage of flexible pricing models, including pay-as-you-go and reserved instances, to further optimize your cloud spending. Its auto-scaling capabilities help reduce costs by avoiding over-provisioning, making it a…

Creating Agentic AI to deploy ARO cluster using Terraform with Red Hat OpenShift AI on ROSA and Amazon Bedrock

1. Introduction Agentic AI can be defined as systems that are capable of interpreting natural language instructions, in this case users’ prompts, making decisions based on those prompts, and then autonomously executing tasks on behalf of users. In this guide, we will create…

Remove the default azurefile-csi storage class

Azure Red Hat OpenShift (ARO) clusters, while offering a robust application platform for containerized applications, come with a default storage class named azurefile-csi. This default storage class is provided for user convenience, allowing for immediate persistent storage…

Configuring Cluster Observability Operator (COO) in ARO and Enabling remote writing of metrics to Azure Monitor Workspace

The Cluster Observability Operator (COO) is an optional OpenShift Container Platform Operator that enables administrators to create standalone monitoring stacks that are independently configurable for use by different services and users. Deploying COO helps you address monitoring…

Setting up Cross-Cluster PostgreSQL Replication with Skupper on ROSA and ARO

This guide demonstrates how to set up a highly available PostgreSQL database with cross-cluster replication between Red Hat OpenShift Service on AWS (ROSA) and Azure Red Hat OpenShift (ARO) using Skupper. This architecture enables disaster recovery capabilities and geographical…

Creating RAG Chatbot using TinyLlama and LangChain with Red Hat OpenShift AI on ARO

1. Introduction Retrieval-Augmented Generationexternal link (opens in new tab) (RAG) is a technique to enhance Large Language Models (LLMs) to retrieve relevant information from a knowledge base before generating responses, rather than relying solely on their training.…

Configuring Microsoft Entra ID to emit group names

In this guide, we will configure an existing Microsoft Entra ID (formerly Azure Active Directory) identity provider to emit the group name instead of the group ID for optional group claims. This will allow you to reference group names in your role bindings instead of the group…

Maximo Application Suite on ARO ( Azure Red Hat OpenShift )

IBM Maximo Application Suite (MAS) is a set of applications for asset monitoring, management, predictive maintenance and reliability planning. When combined with Azure Red Hat OpenShift ( ARO ), this frees up your Maximo and operations team to focus on what is important to them (…

Ansible Automation Platform (AAP) on ARO

Ansible Automation Platform (AAP)external link (opens in new tab) is a popular platform for centralizing and managing an organization’s automation content using Ansible as the engine for writing automation code. Prior to deployment, organizations are faced with the decision…

Setting custom domains for apps created via OpenShift Dev Spaces

Red Hat OpenShift Dev Spaces (formally CodeReady Workspaces) is an Operator available for OpenShift that allows users to create dynamic IDEs for developing and publishing code. When using OpenShift Dev Spaces, users can test their code and have the service automatically create a…

Prerequisites Checklist to Deploy ARO Cluster

Before deploying an ARO cluster, ensure you meet the following prerequisites: Setup Tools Install Azure CLI: Essential for managing Azure resources. Refer to the official documentationexternal link (opens in new tab) Verify Resources Core Quota: Confirm availability of at least…

Deploying Advanced Cluster Management and OpenShift Data Foundation for ARO Disaster Recovery

A guide to deploying Advanced Cluster Management (ACM) and OpenShift Data Foundation (ODF) for Azure Red hat OpenShift (ARO) Disaster Recovery Overview VolSync is not supported for ARO in ACM: https://access.redhat.com/articles/7006295 so if you run into issues and file a support…

Deploying Private ARO clusters with Custom Domains

Overview By default Azure Red Hat OpenShift uses self-signed certificates for all of the routes created on *.apps.<random>.<location>.aroapp.io. Many companies also seek to leverage the capabilities of Azure Red Hat OpenShift (ARO) to deploy their applications while…

ARO - Cross Tenant Provisioning

Summary There may be situations where you want to create an ARO cluster where the organization has a policy which has a central entity that controls things such as encryption keys or networking components. This is desirable in large enterprises due to separation of concerns and…

Use Azure Blob storage Container Storage Interface (CSI) driver on an ARO cluster

The Azure Blob Storage Container Storage Interface (CSI) is a CSI compliant driver that can be installed to an Azure Red Hat OpenShift (ARO) cluster to manage the lifecycle of Azure Blob storage. When you use this CSI driver to mount an Azure Blob storage into a pod, it allows…

Deploying OpenShift API for Data Protection on an ARO cluster

Prerequisites An ARO Cluster Getting Started Create the following environment variables, substituting appropriate values for your environment: Prepare Azure Account Create an Azure Storage Account as a backup target: Create an Azure Blob storage container: Create a role…

Configure an ARO cluster with Azure Files using a private endpoint

Effectively securing your Azure Storage Account requires more than just basic access controls. Azure Private Endpoints provide a powerful layer of protection by establishing a direct, private connection between your virtual network and storage resources—completely bypassing the…

Configure Red Hat SSO with Microsoft Entra ID as a Federated Identity Provider

This guide demonstrates how to install and configure Red Hat SSO (Keycloak) into an Azure Red Hat OpenShift (ARO) cluster. It will also also configure the ARO cluster to use the SSO server as a mechanism to login by way of the OIDC protocol. In addition, Red Hat SSO can federate…

Using Azure Container Registry in Private ARO clusters

This guide describes how configure and deploy an Azure Container Registry, limiting the access to the registry and connecting privately from a Private ARO cluster, eliminating exposure from the public internet. You can limit access to the ACR by assigning virtual network private…

What to consider when using Azure AD as IDP?

Author: Ricardo Macedo Martinsexternal link (opens in new tab) May 24, 2023 In this guide, we will discuss key considerations when using Azure Active Directory (AAD) as the Identity Provider (IDP) for your ARO or ROSA cluster. Below are some helpful references: Configure ARO to…

Deploy ACM Submariner for connect overlay networks ARO - ROSA clusters

Submariner is an open source tool that can be used with Red Hat Advanced Cluster Management for Kubernetes to provide direct networking between pods and compatible multicluster service discovery across two or more Kubernetes clusters in your environment, either on-premises or in…

Configure Microsoft Entra ID as an OIDC identity provider for ARO with cli

The steps to add Azure AD as an identity provider for Azure Red Hat OpenShift (ARO) via cli are: Prerequisites Have Azure cli installed Login to Azure Azure Define needed variables Get oauthCallbackURL Create manifest.json file to configure the Azure Active Directory application…

Red Hat Cost Management for Cloud Services

Adopted from Official Documentation for Cost Management Service Red Hat Cost Management is a software as a service (SaaS) offering available free of charge as part of your Red Hat subscriptions. Cost management helps you monitor and analyze your OpenShift Container Platform and…

Azure Front Door with ARO ( Azure Red Hat OpenShift )

Securing exposing an Internet facing application with a private ARO Cluster. When you create a cluster on ARO you have several options in making the cluster public or private. With a public cluster you are allowing Internet traffic to the api and *.apps endpoints. With a private…

Setup a VPN Connection into an ARO Cluster with OpenVPN

When you configure an Azure Red Hat OpenShift (ARO) cluster with a private only configuration, you will need connectivity to this private network in order to access your cluster. This guide will show you how to configute a point-to-site VPN connection so you won’t need to…

Using Cluster Logging Forwarder in ARO with Azure Monitor (<=4.12)

NOTE: These instructions are now only necessary for clusters on verions less than or equal to 4.12. The OpenShift Cluster Logging Operator supports a simplified configuration with Azure Monitor as of verison 5.9, which is available on clusters of version 4.13 or greater. Ideally,…

Using Cluster Logging Forwarder in ARO with Azure Monitor (>=4.13)

NOTE: Starting from version 5.9, OpenShift Logging supports native forwarding to Azure Monitor and Azure Log Analytics, which is available on clusters running OpenShift 4.13 or higher. Please note that apiVersion was changed from logging.openshift.io/v1 to…

Azure DevOps with Managed OpenShift

Author: Kevin Collins Last edited: 03/14/2023 Adopted from Hosting an Azure Pipelines Build Agent in OpenShift and Kevin Chung Azure Pipelines OpenShift exampleexternal link (opens in new tab) Azure DevOps is a very popular DevOps tool that has a host of features including the…

Upgrade a disconnected ARO cluster

Background One of the great features of ARO is that you can create &lsquo;disconnected&rsquo; clusters with no connectivity to the Internet. Out of the box, the ARO service mirrors all the code repositories to build OpenShift clusters to Azure Container Registry. This means ARO…

Assign Consistent Egress IP for External Traffic

It may be desirable to assign a consistent IP address for traffic that leaves the cluster when configuring items such as security groups or other sorts of security controls which require an IP-based configuration. By default, Kubernetes via the OVN-Kubernetes CNI will assign…

Deploying ARO using azurerm Terraform Provider

This guide has been validated on OpenShift 4.20. Operator CRD names, API versions, and console paths may differ on other versions. Overview Infrastructure as Code has become one of the most prevalent ways in which to deploy and install code for good reason, especially on the…

Helm Chart to set up extra MachineSets on ARO clusters

Please refer to the The Managed OpenShift Black Belt team maintained Helm chart at hereexternal link (opens in new tab) .

Integrating Azure ARC with ARO

This document explain how to integrate ARO cluster with Azure Arc-enabled Kubernetes. When you connect a Kubernetes/OpenShift cluster with Azure Arc, it will: Be represented in Azure Resource Manager with a unique ID Be placed in an Azure subscription and resource group Receive…

Deploying Red Hat Advanced Cluster Security in ARO/ROSA

This document is based in the RHACS workshopexternal link (opens in new tab) and in the RHACS official documentation . Prerequisites An ARO cluster or a ROSA cluster . Set up the OpenShift CLI (oc) Download the OS specific OpenShift CLI from Red Hat Unzip the downloaded file on…

Shipping logs and metrics to Azure Blob storage

Azure Red Hat Openshiftexternal link (opens in new tab) clusters have built in metrics and logs that can be viewed by both Administrators and Developers via the OpenShift Console. But there are many reasons you might want to store and view these metrics and logs from outside of…

Configure ARO to use Microsoft Entra ID

This guide demonstrates how to configure Azure AD as the cluster identity provider in Azure Red Hat OpenShift. This guide will walk through the creation of an Azure Active Directory (Azure AD) application and configure Azure Red Hat OpenShift (ARO) to authenticate using Azure AD.…

Azure Service Operator V1 in ARO

The Azure Service Operator (ASO) provides Custom Resource Definitions (CRDs) for Azure resources that can be used to create, update, and delete Azure services from an OpenShift cluster. This example uses ASO V1, which has now been replaced by ASO V2. ASO V2 does not (as of…

Azure Service Operator V2 in ARO

The Azure Service Operator (ASO) provides Custom Resource Definitions (CRDs) for Azure resources that can be used to create, update, and delete Azure services from an OpenShift cluster. This example uses ASO V2, which is a replacement for ASO V1. Equivalent documentation for ASO…

Setting up Quay on an ARO cluster via Console

Red Hat Quay setup on ARO (Azure Openshift) A guide to deploying an Azure Red Hat OpenShift Cluster with Red Hat Quay. Author: [Kristopher White x Connor Wooley] Video Walkthrough If you prefer a more visual medium, you can watch [Kristopher White] walk through Quay Registry…

Adding infrastructure nodes to an ARO cluster

This guide has been validated on OpenShift 4.20. Operator CRD names, API versions, and console paths may differ on other versions. This document shows how to set up infrastructure nodes in an ARO cluster and move infrastructure related workloads to them. This can help with larger…

Apply Azure Policy to Azure Red Hat Openshift ( ARO )

Azure Policyexternal link (opens in new tab) helps to enforce organizational standards and to assess compliance at-scale. Azure Policy supports arc enabled kubernetes clusterexternal link (opens in new tab) with both build-in and custom policies to ensure kubernetes resources are…

Setting up Quay on an ARO cluster via CLI

Pre Requisites An ARO cluster oc cli azure cli Steps Create Azure Resources Create Storage Account Create Storage Container Note: this command returns a json by default with your keyName and Values, command above specifies yaml

Accessing the Internal Registry from ARO

Kevin Collins 06/28/2022 One of the advantages of using OpenShift is the internal registry that comes with OpenShfit to build, deploy and manage container images locally. By default, access to the registry is limited to the cluster ( by design ) but can be extended to usage…

Configure ARO with OpenShift Data Foundation

This guide has been validated on OpenShift 4.20. Operator CRD names, API versions, and console paths may differ on other versions. NOTE: This guide demonstrates how to setup and configure self-managed OpenShift Data Foundation in Internal Mode on an ARO Cluster and test it out.…

ARO with Nvidia GPU Workloads

ARO guide to running Nvidia GPU workloads. Prerequisites oc cli Helm jq, moreutils, and gettext package An ARO 4.14 cluster Note: If you need to install an ARO cluster, please read our ARO Terraform Install Guide . Please be sure if you&rsquo;re installing or using an existing…

ARO Custom domain with cert-manager and LetsEncrypt

ARO guide to deploying an ARO cluster with custom domain and automating certificate management with cert-manager and letsencrypt certificates to manage the *.apps and api endpoints. Prerequisites az cli (already installed in Azure Cloud Shell) oc cli jq (already installed in…

Trident NetApp operator setup for Azure NetApp files

Note: This guide a simple &ldquo;happy path&rdquo; to show the path of least friction to showcasing how to use NetApp files with Azure Red Hat OpenShift. This may not be the best behavior for any system beyond demonstration purposes. Prerequisites An Azure Red Hat OpenShift…

Adding an additional ingress controller to an ARO cluster

This guide has been validated on OpenShift 4.20. Operator CRD names, API versions, and console paths may differ on other versions. Prerequisites an Azure Red Hat OpenShift cluster a DNS zone that you can easily modify Get Started Create some environment variables Create a…

Using Group Sync Operator with Azure Active Directory and ROSA

This guide focuses on how to synchronize Identity Provider (IDP) groups and users after configuring authentication in OpenShift Cluster Manager (OCM). For an IDP configuration example, please reference the Configure Azure AD as an OIDC identity provider for ROSA/OSD guide. To set…

Configuring IDP for ROSA, OSD and ARO

Red Hat OpenShift on AWS (ROSA) and OpenShift Dedicated (OSD) provide a simple way for the cluster administrator to configure one or more identity providers for their cluster[s] via the OpenShift Cluster Manager (OCM) , while Azure Red Hat OpenShift relies on the internal cluster…

Registering an ARO cluster to OpenShift Cluster Manager

Registering an ARO cluster to OpenShift Cluster Manager ARO clusters do not come connected to OpenShift Cluster Manager by default, because Azure would like customers to specifically opt-in to connections / data sent outside of Azure. This is the case with registering to…

Installing the HashiCorp Vault Secret CSI Driver

The HashiCorp Vault Secret CSI Driver allows you to access secrets stored in HashiCorp Vault as Kubernetes Volumes. Prerequisites An OpenShift Cluster (ROSA, ARO, OSD, and OCP 4.x all work) oc helm v3 Installing the Kubernetes Secret Store CSI Create an OpenShift Project to…

Installing the Kubernetes Secret Store CSI on OpenShift

The Kubernetes Secret Store CSI is a storage driver that allows you to mount secrets from external secret management systems like HashiCorp Vault and AWS Secrets. It comes in two parts, the Secret Store CSI, and a Secret provider driver. This document covers just the CSI itself.…

Azure Key Vault CSI on Azure Red Hat OpenShift

This document is adapted from the Azure Key Vault CSI Walkthroughexternal link (opens in new tab) specifically to run with Azure Red Hat OpenShift (ARO). Prerequisites An ARO cluster The AZ CLI (logged in) The OC CLI (logged in) Helm 3.x CLI Environment Variables Run this command…

Shipping logs to Azure Log Analytics

This document follows the steps outlined by Microsoft in their documentationexternal link (opens in new tab) Follow docs. Step 4, needs additional command of: to capture resource ID of ARO cluster as well, needed for export in step 6 bash enable-monitoring.sh --resource-id…

ARO - Considerations for Disaster Recovery

This is a high level overview of disaster recovery options for Azure Red Hat OpenShift. It is not a detailed design, but rather a starting point for a more detailed design. What is Disaster Recovery (DR) Disaster Recovery is an umbrella term that includes the following: Backup…

Private ARO Cluster with access via JumpHost

A Quickstart guide to deploying a Private Azure Red Hat OpenShift cluster. Once the cluster is running you will need a way to access the private network that ARO is deployed into. Authors: Paul Czarkowskiexternal link (opens in new tab) , Ricardo Macedo Martinsexternal link…

Using the Egressip Ipam Operator with a Private ARO Cluster

This guide is only valid for ARO clusters created on version 4.10 or earlier. Clusters created on version 4.11 and later use OVNKubernetes as their Container Network Interface, and egressip-ipam-operator does not support OVNKubernetes. In addition, please refer hereexternal link…

Demonstrate GitOps on Managed OpenShift with ArgoCD

Author: Steve Mirmanexternal link (opens in new tab) Video Walkthrough If you prefer a more visual medium, you can watch Steve Mirmanexternal link (opens in new tab) walk through this quickstart on YouTubeexternal link (opens in new tab) .

Federating System and User metrics to Azure Blob storage in Azure Red Hat OpenShift

By default Azure Red Hat OpenShift (ARO) stores metrics in Ephemeral volumes, and its advised that users do not change this setting. However its not unreasonable to expect that metrics should be persisted for a set amount of time. This guide shows how to set up Thanos to federate…

Installing Astronomer on a private ARO cluster

see here for public clusters. This assumes you&rsquo;ve already got a private ARO cluster installed. You could also follow the same instructions to create a public Astronomer, just use a regular DNS zone and skip the private parts. A default 3-node cluster is a bit small for…

Back to top

Interested in contributing to these docs?

Collaboration drives progress. Help improve our documentation The Red Hat Way.

GitHub Edit this page
Red Hat logo LinkedIn YouTube Facebook Twitter

Products

Tools

Try, buy & sell

Communicate

About Red Hat

We’re the world’s leading provider of enterprise open source solutions—including Linux, cloud, container, and Kubernetes. We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

Subscribe to our newsletter, Red Hat Shares

Sign up now © 2026 Red Hat