Book Image

OpenShift Multi-Cluster Management Handbook

By : Giovanni Fontana, Rafael Pecora
5 (1)
Book Image

OpenShift Multi-Cluster Management Handbook

5 (1)
By: Giovanni Fontana, Rafael Pecora

Overview of this book

For IT professionals working with Red Hat OpenShift Container Platform, the key to maximizing efficiency is understanding the powerful and resilient options to maintain the software development platform with minimal effort. OpenShift Multi-Cluster Management Handbook is a deep dive into the technology, containing knowledge essential for anyone who wants to work with OpenShift. This book starts by covering the architectural concepts and definitions necessary for deploying OpenShift clusters. It then takes you through designing Red Hat OpenShift for hybrid and multi-cloud infrastructure, showing you different approaches for multiple environments (from on-premises to cloud providers). As you advance, you’ll learn container security strategies to protect pipelines, data, and infrastructure on each layer. You’ll also discover tips for critical decision making once you understand the importance of designing a comprehensive project considering all aspects of an architecture that will allow the solution to scale as your application requires. By the end of this OpenShift book, you’ll know how to design a comprehensive Red Hat OpenShift cluster architecture, deploy it, and effectively manage your enterprise-grade clusters and other critical components using tools in OpenShift Plus.
Table of Contents (23 chapters)
Part 1 – Design Architectures for Red Hat OpenShift
Part 2 – Leverage Enterprise Products with Red Hat OpenShift
Part 3 – Multi-Cluster CI/CD on OpenShift Using GitOps
Part 4 – A Taste of Multi-Cluster Implementation and Security Compliance
Part 5 – Continuous Learning

OpenShift – a complete option

OpenShift is one of the most popular platforms based on Kubernetes among enterprise customers. It was first released in 2011, even before Kubernetes was created. However, in 2015, with the release of OpenShift version 3, Red Hat decided to adopt Kubernetes as its container orchestration layer. Since then, they are actively collaborating with the Kubernetes community – Red Hat and Google are the top contributors to Kubernetes. Due to that, it is not a surprise that OpenShift is one of the most mature and complete solutions built on top of Kubernetes.

The following table summarizes some of the features that are included out-of-the-box with the Red Hat OpenShift Container Platform (OCP) (or easily pluggable):

(*) Need to be installed on day 2

These features are available for any customer that has a valid OpenShift subscription with Red Hat. However, if you don't have access to a Red Hat subscription, there are some alternatives (for studying purposes):

We are going to see many of these great features in detail, along with practical examples, in this book.


The updated statistics about the contributions to the Kubernetes project, grouped by companies, can be found at

OpenShift offerings – multiple options to meet any needs

An interesting factor about OpenShift is the vast range of platforms that are supported. With OpenShift version 4.11 (the version that was available when this book was written), you can have the following different combinations to choose from:

Figure. 1.2 – OpenShift offerings

Figure. 1.2 – OpenShift offerings

In this section, we will walk through each of these options.

OpenShift managed cloud services

In the old days, when we talked about using a certain technology, we also thought about how to deploy and manage it. Nowadays, this is not always true – almost everything now can be found in a Software as a Service model, which you can quickly and easily start using without caring about deployment and management.

The same applies to OpenShift: multiple managed cloud services allow an organization to focus on the application's development and the business while Red Hat and the cloud provider manage the rest.

The following table shows the existing managed offerings at the time of writing this book (check Red Hat for the current options):

Important Note

Note that Red Hat manages the full stack, not only the Kubernetes control plane. Red Hat provides management and version maintenance for the entire cluster, including masters, infrastructure, and worker nodes, though it's not limited to that: it also supports CI/CD, logging, metrics, and others.

There are other managed Kubernetes options on the market. Although this is not the focus of this book, keep in mind that some providers don't manage and support the entire stack – only the control plane, for instance. When you're considering a Kubernetes managed solution, see if it is fully managed or only part of the stack.

Managed or self-managed – which is the best?

The answer is: it depends! There are several things you need to consider to find out the best for your case, but generally speaking, managed solutions are not the best option for organizations that need to have control over the servers and their infrastructure. For organizations that are more focused on application development and don't care about the platform, as long as it is safe and reliable, then managed solutions are probably a good fit.

Managed solutions could also be helpful for organizations that want to put their hands on the platform, evaluate it, and understand if it fits their needs but don't have skilled people to maintain it yet.

Most of this book has been written with a self-managed cluster in mind. However, excluding the chapters focused on platform deployment and troubleshooting, the rest of it will likely apply to any type of OpenShift cluster.

The following diagram shows a workflow that aims to help you decide which strategy to go for:

Figure. 1.3 – Managed or self-managed decision workflow

Figure. 1.3 – Managed or self-managed decision workflow

OpenShift installation modes

There are three installation modes you can use to deploy OpenShift in any of the supported providers, as follows:

  • Full-stack automated (installer-provisioned infrastructure): In this mode, the installer will spin up all the required infrastructure automatically – the installer will integrate with the underlying virtualization or cloud provider to deploy all the machines that are required for the cluster. It is an opinionated fully automated solution that makes the deployment process a lot easier.
  • Pre-existing infrastructure (user-provisioned infrastructure): With this installation, the machines are provisioned manually by following some standard images and processes, on top of tested virtualization or cloud providers.
  • Provider-agnostic (also known as the bare metal install method): OpenShift is supported wherever Red Hat Enterprise Linux (*) is, though this doesn't mean that the installer and platform are tested (**) on every infrastructure layer combination that's supported with Red Hat Enterprise Linux. In such cases, you can use the provider-agnostic installation, which is a manual installation process with no integration between the installer and the platform with the virtualization or cloud provider.

(*) You can find a list of supported hypervisors for Red Hat Enterprise Linux at

(**) Please refer to this link for an updated list of tested providers and integrations with OpenShift:

OpenShift multi-cluster tools – going above and beyond

When it comes to supporting your hybrid or multi-cloud strategy, other great tools provide single and unified management, security, and orchestration layers across all environments in all providers. We reserved the last part of this book to take a deep dive into those tools, but you must meet them from the beginning to understand the role of each in the hybrid/multi-cloud picture.

Red Hat Advanced Cluster Management for Kubernetes – unified management

As we mentioned previously, a single and unified management layer is important to support the hybrid/multi-cloud strategy. Red Hat Advanced Cluster Management lets us manage the life cycle, ensure compliance using policies, and deploy applications on multiple Kubernetes clusters. The following are some of its main features:

  • Unified management: Create, update, and delete Kubernetes clusters on top of different cloud providers. You can also access, find, and modify Kubernetes resources across the different clusters.
  • Governance, risk, and compliance: Ensure compliance among multiple clusters using policies. Look for policy violations quickly and remediate them accordingly.
  • Application life cycle management: Deploy applications across multiple clusters at once. Deploy complex applications by integrating Advanced Cluster Management with Red Hat Ansible Automation Platform to configure networks, load balancers, and other external dependencies.
  • Multi-cluster observability: Check the health status of multiple clusters from a single point using out-of-the-box dashboards and metrics.

We will dive into Red Hat Advanced Cluster Management using practical examples in the last part of this book.

Red Hat Advanced Cluster Security for Kubernetes – securing applications no matter where they are

Security is becoming increasingly important for Kubernetes users. When you have multiple Kubernetes clusters spread among different providers, ensuring security and having a real notion of the current vulnerabilities is a real challenge. Red Hat Advanced Cluster Security aims to help with that – through it, you can easily scan container images to find known vulnerabilities, audit workloads, and clusters using industry standards such as NIST, PCI, and others, analyze network traffic, and create policies accordingly, among other great features. You can apply all of these features to multiple different clusters, which helps you keep all your environments secure, no matter where they are.

We will look at Red Hat Advanced Cluster Security using practical examples in the last part of this book.

Red Hat Quay – storing and managing container images in a central repository

A central container image registry isn't usually a required tool. However, deploying applications on several clusters without it makes the build and deployment activity a bit challenging. Red Hat Quay is a container image registry that provides not only the usual capabilities of an image registry (storing your container images) but also provides image vulnerability scans, a time machine, replication, garbage collection, automated builds, authentication, authorization, and more.

We will learn how to use Red Hat Quay in the last part of this book.

OpenShift Plus – the whole package

Red Hat OpenShift, Advanced Cluster Management, Advanced Cluster Security, and Quay are different products. However, with the OpenShift Plus package, you can have all of them in one subscription only, which is probably the best way to go if you are planning to adopt a hybrid or multi-cloud Kubernetes strategy.

We will cover OpenShift Plus in more detail with practical examples in the last part of this book.