Can I connect a private link endpoint to the PLS for the internal load balancer API interface

CARY, HARVEY D 40 Reputation points
2023-03-15T19:40:18.32+00:00

Looking https://video2.skills-academy.com/en-us/azure/openshift/concepts-networking I need to connect to the Azure Red Hat API's on port 6443 but I am not able to create a second PLE from outside my single subscription. I tried to change Visibility to Anyone with your alias. I have also tried adding the remote subscription to the Subscription-level access and auto-approval but the UI throughs the following error any help would be greatly appreciated...

Failed to update the private link service 'XXXXXX'. Error: The client 'XXXXXX' with object id 'XXXXXX' has permission to perform action 'Microsoft.Network/privateLinkServices/write' on scope 'XXXXXX/providers/Microsoft.Network/privateLinkServices/XXXXXX-mkrgz-pls'>XXXXXX-mkrgz-pls'; 

however, the access is denied because of the deny assignment with name 'XXXXXX' and Id 'XXXXXX' at scope '/subscriptions/XXXXXX/resourcegroups/aro-xuha5kl0'.
Azure Red Hat OpenShift
Azure Red Hat OpenShift
An Azure service that provides a flexible, self-service deployment of fully managed OpenShift clusters.
81 questions
0 comments
Accepted answer
  1. Prrudram-MSFT 22,941 Reputation points
    2023-03-20T08:24:20.4766667+00:00

    Hi @CARY, HARVEY D

    Thank you for reaching out to the Microsoft Q&A platform.

    A new PLS needs to be created to access the ARO cluster API endpoint (port 6443 on the SLB associated with the cluster) via a PLE.

    Somewhat like this:

    Secure access to Azure Red Hat OpenShift with Azure Front Door - Azure Red Hat OpenShift | Microsoft Learn

    And you would need to point the oc client to the PLE IP/DNS name.

    If this does answer your question, please accept it as the answer as a token of appreciation.

    1 person found this answer helpful.
    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest