Azure Red Hat OpenShift: What You Should Know

Azure Red Hat OpenShift: What You Should Know

What Is Azure Red Hat OpenShift?

Red Hat OpenShift provides a Kubernetes platform for enterprises. Azure Red Hat OpenShift permits you to deploy fully-managed OpenShift clusters in the Azure cloud. Azure Red Hat OpenShift is a joint collaboration between Microsoft and Red Hat—it is engineered, supported and operated by both companies, for the purpose of providing a centralized platform that fulfills all requirements.

Azure Red Hat OpenShift has the following tools and functionality in one platform to help both operations and development teams:

  • Image registries
  • Storage management
  • Networking solutions
  • Logging and monitoring tools

The Importance of Azure Red Hat OpenShift

OpenShift offers the resources, tasks and tools needed to run containers in the production environment via Kubernetes, and which has to be tested and versioned together. When developing containerized applications, you require integration with databases, frameworks, CI/CD tools and middleware.

This service lets you sign-on through Azure Active Directory (AD). The clusters are located in your Azure subscriptions and are featured in your Azure bill.

When using Azure Red Hat OpenShift, you are not required to perform patches or operate VMs. Microsoft and Red Hat are responsible for patching, updating and monitoring all infrastructure, master and application nodes.

You can employ your own registry, networking, CI/CD tools and storage. Or you may make use of any of the built-in options that can automate application and container builds, source code management, health management, scaling and more.

Here are some key features:

  • Access, security and monitoring—allows you to integrate with Azure AD and employ Kubernetes RBAC. It also allows you to keep track of the health of resources and clusters.
  • Cluster and node—all nodes of this service run on Azure VMs. The service allows you to connect storage to pods and nodes, you may also upgrade cluster components.
  • Service Level Agreement—provides a SLA that provides for 99.95% availability.
  • Security—Azure simplifies OpenShift security, which can be difficult to configure in an on-premises environment.

OpenShift 4 on Azure Red Hat OpenShift

With version 4, OpenShift added core attributes to Azure Red Hat OpenShift, such as:

  • Support for a cluster-admin role—allows for the cluster-admin role via Azure Red Hat OpenShift clusters, providing entire cluster customization abilities, including installing CRDs and running privileged containers.
  • Autoscaling—utilizes the MachineAutoscalers and Cluster Autoscaler to perform Kubernetes autoscaling, expanding or reducing cluster size to fulfill current demand. Pick and choose VM sizes to your workloads.
  • Clusters across multiple Availability Zones—to provide high-levels of resilience, cluster components are deployed over three Azure AZs in certain Azure regions to ensure high-availability for your mission-critical and highly-demanding data and applications. Azure Red Hat OpenShift features a SLA of 99.9%.
  • Industry standard compliance certifications—to let you adhere to your compliance requirements via regulated markets and industries around the world, Azure Red Hat OpenShift is FedRAMP High, PCI DSS and HITRUST certified. Azure has the largest compliance portfolio in relation to the entire number of offerings, and the amount of customer-facing services.
  • Option to use your own identity provider—as well as supporting authorization and authentication via Azure Active Directory, users can make use of their supported identity provider, for instance they can use OpenID Connect or OAuth2.
  • Support for Azure Monitor—Microsoft Azure now offers monitoring support for Red Hat OpenShift 4 clusters. Those hosted via Azure Red Hat OpenShift and via OpenShift Container Platform run on Azure or run on-premise via Azure Monitor for containers. At the moment, this support is available in a public preview.
  • Support for private ingress and API endpoints—users can now select either public or private cluster management (API) or ingress endpoints. With Azure Express Route and private endpoints, private hybrid clusters have been enabled. This lets mutual users extend their on-premise strategies to Azure.

Image Source: OpenShift

Network Concepts for Azure Red Hat OpenShift

OpenShift Software Defined Networking is an overlay network configured utilizing Open vSwitch, which is an OpenFlow implementation designed according to specifications recommended by the CNI project.

The SDN supports various plugins. Specifically, Azure Red Hat on OpenShift 4 uses the Network Policy plugin. The SDN manages all network communication. This means there is no need to establish any extra routes on your virtual networks in order to achieve pod-to-pod communication.

Azure Red Hat on OpenShift 4

Image Source: Azure

Once you use Azure Red Hat on OpenShift 4—the entire cluster (including all nodes) is contained inside the virtual network. Master nodes and worker nodes are each placed in their own unique subnet, which is located inside the main virtual network. Each subnet gets its own internal load balancer as well as a public load balancer.

Here are several networking features of Azure Red Hat OpenShift:

  • The service lets users create an ARO cluster within an existing virtual network. Alternatively, users can create a virtual network when they create an ARO cluster.
  • You can configure Service and Pod Network CIDRs.
  • Masters and nodes are located in diverse subnets.
  • Masters virtual network subnets and nodes must be minimum /27.
  • Pod CIDR default is
  • Service CIDR default is
  • Pod and Service Network CIDRs should not overlap with any different address ranges used on the network, and should not be in the cluster’s virtual network IP address range.
  • Pod CIDR must be at least /18 in size. The network of the pod is utilized solely within the OpenShift SDN and is non-routable IPs.
  • Each node is given /23 subnets (512 IPs) for the pods. You cannot change this value.
  • You can’t attach a pod to several networks.
  • You can’t configure Egress static IP.


In this article I explained the basics of Azure Red Hat OpenShift, a solution that lets you run OpenShift as a managed service in the Azure cloud. I discussed the benefits of OpenShift 4, recently supported on Azure, which adds features like autoscaling and running clusters across multiple Availability Zones. Finally, I discussed how networking works in the solution, leveraging Azure cloud network infrastructure and Open vSwitch (OVS).

I hope this will be of help as you evaluate moving your OpenShift deployment to the cloud.

By Gilad Maayan

James Crowley

Does Open-Source Software Hold the Key to Data Security?

Open-Source Software Data Security Whether you realize it or not, open-source software is everywhere in our everyday tech, from mobile phones to air travel, from streaming Netflix to space exploration. Open-source software has played a ...
Jim Fagan

Behind The Headlines: Capacity For The Rest Of Us

Capacity For The Rest Of Us We live in the connected age, and the rise of cloud computing that creates previously unheard of value in our professional and personal lives is at the very heart ...

Are We Building The Matrix?…

When sci-fi films like Tom Cruise’s Oblivion depict humans living in the clouds, we imagine that humanity might one day leave our primitive dwellings attached to the ground and ascend to floating castles in the ...
Marcus Schmidt

What IT Leaders Should Know About Microsoft’s Operator Connect

Microsoft’s Operator Connect Earlier this year, Microsoft announced a new calling service for Microsoft Teams (Teams) users called Operator Connect. IT leaders justifiably want to know how Operator Connect is different from Microsoft’s existing PSTN ...
Doug Hazelman Cloudberry

Managing an Increasingly Complex IT Environment

Managing Complex IT Environments The hybrid work model is here to stay—at least for the time being. That’s how things feel in these still uncertain times. This new way of work that has evolved from ...


The CloudTweaks technology lists will include updated resources to leading services from around the globe. Examples include leading IT Monitoring Services, Bootcamps, VPNs, CDNs, Reseller Programs and much more...

  • Opsview


    Opsview is a global privately held IT Systems Management software company whose core product, Opsview Enterprise was released in 2009. The company has offices in the UK and USA, boasting some 35,000 corporate clients. Their prominent clients include Cisco, MIT, Allianz, NewVoiceMedia, Active Network, and University of Surrey.

  • Nagios


    Nagios is one of the leading vendors of IT monitoring and management tools offering cloud monitoring capabilities for AWS, EC2 (Elastic Compute Cloud) and S3 (Simple Storage Service). Their products include infrastructure, server, and network monitoring solutions like Nagios XI, Nagios Log Server, and Nagios Network Analyzer.

  • Datadog


    DataDog is a startup based out of New York which secured $31 Million in series C funding. They are quickly making a name for themselves and have a truly impressive client list with the likes of Adobe, Salesforce, HP, Facebook and many others.

  • Sematext Logo


    Sematext bridges the gap between performance monitoring, real user monitoring, transaction tracing, and logs. Sematext all-in-one monitoring platform gives businesses full-stack visibility by exposing logs, metrics, and traces through a single Cloud or On-Premise solution. Sematext helps smart DevOps teams move faster.