# Private Cluster Management

To facilitate secure DevOps on private clusters, Ozone provides a secure tunnel for communications between the private cluster and Ozone agents, without being exposed externally and with no hassles over working with firewalls.

It leverages Open Ziti as a provider for a private tunnel which helps establish a secure channel to enable managing deployments to private clusters.

In order to attach a private cluster, head over to the cluster view screen from the resources menu.

<figure><img src="/files/FyMsPjkWEWHArpWLmKzu" alt=""><figcaption></figcaption></figure>

Enter the name of the cluster, the environment to which the cluster maps to, and the features that need to be enabled for this cluster:

<figure><img src="/files/dLlTPvfUi47i5lppDuqz" alt=""><figcaption></figcaption></figure>

In the next screen, select the cluster type. Currently, Ozone supports the following cluster types: AKS, GKE, Openshift, TKG, EKS, PKS, and a generic K8s cluster for local instances. Select “Yes” to ensure the setup is for a private cluster.

<figure><img src="/files/olf6WNzVptnNtZKMw22F" alt=""><figcaption></figcaption></figure>

Once you confirm that it is a private cluster, you will see another pop-up window where you are required to enter the name of the provider and an IP address, as part of configuring a new edge router provider. Ozone uses Netfoundry’s Open Ziti to create the private tunnel.

<figure><img src="/files/s7e3zNkuyf0NZEb47cdv" alt=""><figcaption></figcaption></figure>

Once you hit “Submit”, a shell file is downloaded onto your system. Copy the command and run it in your VM to install Ziti.

<figure><img src="/files/BxDP0QUHtR4cTxSVMuuf" alt=""><figcaption></figcaption></figure>

Download the tunnel config json file once Ziti has finished installing, come back to Ozone, and close the pop-up shown above. You will need to setup the private cluster by adding a public and task registry prefix, selecting the edge router, and finally uploading the tunnel config file:

<figure><img src="/files/Sy6TCtbeIFIds6AdQUBz" alt=""><figcaption></figcaption></figure>

Clicking on “Download File” will give you the YAML that you will need to run on your cluster along with a kubectl command to install Ozone agents. After successful installation, you can find your new private cluster attached in the cluster view screen.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.ozone.one/ozone-end-user-guide/documentation/settings/private-cluster-management.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.