The document discusses the features and benefits of Red Hat Advanced Cluster Management for Kubernetes, including improved developer productivity, enhanced application lifecycle management, and centralized control across hybrid cloud environments. It highlights the challenges of managing multiple cloud infrastructures and presents Red Hat's solutions for security and compliance. Additionally, it covers architectural components, deployment processes, and the integration of tools like Quarkus for efficient application development.

1. 1
February 25th, 2020
Red Hat Advanced Cluster
Management for Kubernetes
Dieter De Moitié
Senior Solution Architect
The
Kubernetes
platform
for
big
ideas
Ludovic Aelbrecht
Business Development Manager

2. 2
Disclaimer
The content set forth herein is Red Hat confidential
information and does not constitute in any way a
binding or legal agreement or impose any legal
obligation or duty on Red Hat.
This information is provided for discussion purposes
only and is subject to change for any or no reason.
Disclaimer

3. 3
Agenda
▸ What’s new in OpenShift
▸ Introducing Red Hat Advanced Cluster Management for Kubernetes
▸ Demo
▸ Wrap up

4. ACM
What’s new in OpenShift

5. OpenShift Container Platform
Developer productivity
Cluster services
Install ⠇Operators ⠇Over-the-air updates ⠇Monitoring ⠇Logging ⠇Registry ⠇ Storage ⠇Networking ⠇Security | Ingress routing
5
Kubernetes
Developer CLI ⠇IDE
Plugins & Extensions ⠇
Cloud-native IDE ⠇
Local developer sandbox
Service Mesh
Serverless ⠇Builds
CI/CD Pipelines
Log Management ⠇
Cost Management
Languages & Runtimes
API Mgmt ⠇
Integration⠇
Messaging ⠇
Process Automation
Platform services Application services Developer services
Build cloud-native apps
Manage workloads
Multi-cluster management
Inventory ⠇Policy ⠇Compliance ⠇Configuration ⠇Workloads
Data driven insights
Databases ⠇Cache
Data Ingestion &
Preparation
Data Analytics ⠇AI/ML
Data Mgmt & Resilience
Data services
Physical Virtual Private cloud Public cloud Edge
OpenShift
Kubernetes
Engine
Advanced
Cluster
Management
OpenShift
Container
Platform
Red Hat Enterprise Linux CoreOS
5

6. OpenShift offers the broadest set of hybrid cloud services
6
Red Hat OpenShift
Service on AWS
Azure Red Hat
OpenShift
Red Hat
OpenShift on
IBM Cloud
On-premises
Red Hat OpenShift
Red Hat Managed OCP Customer
Managed
Developer Efficiency Business Productivity Enterprise Ready
Red Hat
OpenShift
Dedicated
Joint offerings with Cloud Provider
Offered as a Native Console offering on equal parity with cloud provider
Kubernetes service
or
OCP Customer Managed
OpenShift
Container
Platform

7. Containerized virtual machines
7
● Inherit many features and functions from Kubernetes
○ Scheduling, high availability, attach/detach resources
● Containerized virtual machines have the same characteristics as
non-containerized
○ CPU, RAM, etc. limitations dictated by libvirt and QEMU
○ Linux and Windows guest operating systems
● Storage
○ Use Persistent Volumes Claims (PVCs) for VM disks
○ Containerized Data Importer (CDI) import VM images
● Network
○ Inherit pod network by default
○ Multus enables direct connection to external network
VMs Containers
Red Hat OpenShift Container Platform
Red Hat Enterprise Linux CoreOS
Physical machine
OpenShift Virtualization

8. Compact 3-node Clusters on Bare Metal (only)
Compact clusters for the Edge
● Allows minimal footprint clusters to be used for developer and
Edge deployments
○ Reduces hardware costs and power requirements
● Comprised of just 3 control plane nodes without the need for any
additional worker nodes
○ Application workloads are schedulable on the control plane nodes
○ Control plane remains highly available supporting upgrades
● Requires:
○ Setting worker replicas to 0 in install-config will configure master
nodes as workers as well (any other value will set them as masters)
○ Temporary bootstrap node for initial cluster bring-up
○ External DNS and LB services
○ HAProxy for *.apps needs to be reconfigured to target masters
(ensure health checks are enabled)
● Minimum system resource requirements for each control plane
node are cumulative of master and worker requirements:
○ 6 vCPU, 24GB RAM, 200GB Storage
● Additional workers nodes can be added on Day 2
# Edit ‘install-config.yaml’ and ensure worker node replicas is set to ‘0’:
- compute:
name: worker
platform: {}
replicas: 0
$ ./openshift-install create ignition-configs --dir=<installation_directory>
INFO Consuming Install Config from target directory
WARNING Making control-plane schedulable by setting MastersSchedulable to true
for Scheduler cluster settings
# Install using documented workflow
8

9. 9
Control plane
Windows application
Windows
virtual machine
Red Hat OpenShift
Virtualization
Linux
containers
.NET core
containers
Linux
containers
Red Hat Enterprise
Linux CoreOS
Windows traditional .NET
framework containers
Windows
containers
Microsoft Windows
Windows App Modernization
Windows application
Windows
virtual machine
VMware or other
hypervisor
1 2 3

10. 10
Windows Machine Config Operator Architecture
WMCB
CNI
Kubelet
Kube-proxy
Hybrid-overlay
Payload
Windows machine
config operator
Watches
Windows MachineSet Windows machine
Kube-proxy
CNI
Hybrid-overlay
Kubelet
Windows virtual
machine
Windows machine config bootstrapper (WMCB)
Configures
Installs operator
Results in creation of virtual machines
Cluster admin On cluster OperatorHub
Cluster admin
Copy binaries
configure services

11. Supersonic, Subatomic Java with Quarkus
• Optimized Java framework with
low memory consumption and
blazingly fast first response times
• Allows developers to get their job
done faster with a low learning
curve
• Unifies imperative and reactive
programming models
• Compatible with popular
frameworks like Eclipse
MicroProfile, select Spring APIs,
Hibernate, and more
Quarkus provides an effective solution
for running Java applications that deal
in serverless, microservices, containers,
Kubernetes, Serverless, or cloud in
general.
11

12. 12
When you adopt Quarkus, you will
be productive from day one
since you don’t really need to
learn new technologies.
-TalkDesk
We could run 3x denser
deployments without
sacrificing availability and
response times of service.
-Lufthansa Technik
Our trust of Red Hat combined with its credibility
in the software market gave us the assurance
that we were making the right choice by
selecting Quarkus, whose sponsor is Red Hat.
-Vodafone Greece

13. 13

14. 14
Red Hat Advanced Cluster Security for Kubernetes
The first Kubernetes-native security platform
Secure supply chain
Extend scanning and compliance
into development (DevSecOps)
Secure infrastructure
Leverage built-in Kubernetes
CSPM to identify and remediate
risky configurations
Secure workloads
Maintain and enforce a “zero-trust
execution” approach to workload
protection

15. ACM
Introducing Red Hat
Advanced Cluster
Management For
Kubernetes

16. Reasons for deploying clusters
Red Hat Advanced Cluster Management for Kubernetes
Application
availability
Reduced
latency
Address industry
standards
Geopolitical data
residency guidelines
Disaster
recovery
Edge
deployments
CapEx
cost reduction
Avoid vendor
lock-in
16

17. IDC Survey of 200 US-based $1B companies actively using two
or more “infrastructure clouds” for production applications
81%
Hybrid Multi-Cloud management is really hard
17
Source:
DC Multicloud Management Survey, 2019: Special Study, Doc # US45020919, April 2019
*IDC Survey of 200 US-based $1B companies actively using two or more “infrastructure clouds” for production applications
As organizations deploy more across
multiple clouds, new challenges arise.
▸ Difficult and error prone
to manage at scale
▸ Inconsistent security controls
across environments
▸ Overwhelming to verify
components, configurations,
policies, and compliance
Using multiple infrastructure clouds*
93%
Using multiple public clouds and
one or more private/dedicated clouds*
Red Hat Advanced Cluster Management for Kubernetes

18. Key personas
18
Red Hat Advanced Cluster Management for Kubernetes
SRE/DevOps
IT Operations SecOps

19. Architecture overview
19
Hub architecture and components
Red Hat Advanced Cluster Management uses
the multicluster-hub operator and runs in the
open-cluster-management namespace
Managed cluster architecture
and components
Red Hat Advanced Cluster Management managed
clusters use the multicluster-endpoint operator which
runs in the open-cluster-management namespace
Cluster
Lifecycle
Red Hat Advanced Cluster Management for Kubernetes
IT Operations

20. 20
Hub Cluster
● Requires OCP 4.4.x - 4.6.x
○ (managed cluster can be 3.11)
● Operator based installation
● Available on OperatorHub
High Availability
● Supports OCP Availability Zone
Backup/Restore
● Backup/Restore etcd database of hub OpenShift cluster
Installation and foundation
Red Hat Advanced Cluster Management for Kubernetes
IT Operations

21. 21
Robust. Proven. Award winning.
Multicluster lifecycle
management
Policy driven governance,
risk, and compliance
Advanced application
lifecycle management
Red Hat Advanced Cluster Management for Kubernetes
Multicluster observability for
health and optimization

22. 22
22
• Centrally create, update and
delete Kubernetes clusters
across multiple private and
public clouds
• Search, find and modify any
kubernetes resource across the
entire domain.
• Quickly troubleshoot and
resolve issues across your
federated domain
Unified Multi-Cluster Management
Single Pane for all your Kubernetes Clusters

23. 23
23
● Full Management of OCP Kubernetes
○ Install OCP 4.4-4.6 on public cloud, bare
metal or vsphere
○ Import any existing OCP 3.11 to 4.6.x
● Public cloud managed kubernetes: EKS, AKS,
GKE, IKS, ROKS
● Wizard or YAML based create cluster flow
● Launch to an OCP Console from ACM
● Access cluster login credentials and download
kubeadmin configuration
Creating & Importing Clusters
Multi-Cluster Lifecycle Management
IT Operations DevOps/SRE

24. 24
● Troubleshooting across clusters via
relationships
● See all unhealthy pods
● See related application models to
those pods
● See related Persistent Volumes
● See related secrets
● See related any kube resource object
category
Multi-Cluster Lifecycle Management
Dynamic Search
IT Operations DevOps/SRE

25. 25
● Interactive terminal combines
command input with visual output
● One Terminal for all
● Works with helm, kubectl, oc, istioctl
● Single interface for multi-cluster
● Drive ops directly from dashboards
● Bash commands allow for grep
Multi-Cluster Lifecycle Management
Visual Web Terminal
IT Operations DevOps/SRE

26. 26
26
Policy based Governance, Risk and Compliance
• Set and enforce policies for
security, applications, &
infrastructure
• Deep visibility for auditing
configuration of apps and
clusters
• Unique policy capabilities
around compliance
• Categorize violations based on
your standards for immediate
visibility into your compliance
posture
Don’t wait for your security team to tap you on the shoulder
Security Ops IT Operations

27. 27
27
Policy based Governance, Risk and Compliance
● Standard Policies out of the
box
○ FISMA
○ HIPAA
○ NIST
○ PCI
● Leverage Different
Categories to Represent
more standards (if Needed)
● Use Labels to enforce
policies against clusters
● Use inform to view policy
violations
● Use enforce to view
violations and automatically
remediate
Don’t wait for your security team to tap you on the shoulder
Security Ops IT Operations

28. 28
28
Advanced Application Lifecycle Management
• Deploy Applications at Scale
• Deploy Applications from
Multiple Sources and Clusters
• Quickly Visualize Application
Relationships
• Integrate with the Red Hat
Ansible Automation Platform
Simplify your Application Lifecycle
IT Operations DevOps/SRE

29. 29
29
Advanced Application Lifecycle Management
● Create, modify & delete, just as you
would any source code. Git becomes
your source of truth controlling your
data center.
● Have a record of who, what & when for
every change precipitated in your
environments
● Through code Reviews & Approvals,
take full control of all changes to your
data center(s)
● Restore your environment, via the Git
commit history (system of record)
GitOps as the source of truth
https://github.com/open-cluster-management/demo-subscription-gitops
IT Operations DevOps/SRE

30. 30
30
Advanced Application Lifecycle Management
● Extending the best of Enterprise
into a desired state
methodology
● Time Windows: New releases
during your maintenance
windows
● Rolling Updates: Control the rate
and load on your growing
infrastructure
Subscriptions Bring Enterprise to Kubernetes
CHANNELS
Objectstorage
Kubernetes
Resource
Templates
(deployables)
IT Operations DevOps/SRE

31. Architecture Overview
31
for Application Lifecycle

32. 32
● Global Query view with Grafana
○ Out of the Box multi cluster health
monitoring dashboards
○ PromQL compliant - Build your own
queries
● Centralized Database
○ Optimized set of metrics collected from
managed clusters
○ Focused on Cluster Management
● Unlimited Data Retention
○ Observe Metric trends
○ Set Alert Patterns
○ Supported Object Storage
■ AWS S3 (and compatible)
■ Ceph for on-premise
■ Google Cloud Storage
■ Azure Storage
Multi-Cluster Observability
Overview

33. ACM
Demo

34. ACM
Wrap up

35. Policies can be written by the security team
and enforced at each cluster, allowing
environments to conform to your policy.
Ease compliance
Red Hat OpenShift and Red Hat Advanced Cluster Management for Kubernetes
Benefits
35
Placement rules can allow quick deployment
of clusters across distributed locations for
availability, capacity, and security reasons.
Increase application availability
Self-service provisioning allows app dev
teams to request clusters directly from a
catalog removing central IT as a bottleneck.
Accelerate development to production
Centralized management of clusters reduces
operational cost, makes the environment
consistent, and removes the need to manually
manage individual clusters.
Reduce costs
Red Hat Advanced Cluster Management for Kubernetes

36. linkedin.com/company/red-hat
youtube.com/user/RedHatVideos
facebook.com/redhatinc
twitter.com/RedHat
Red Hat is the world’s leading provider of
enterprise open source software solutions.
Award-winning support, training, and consulting
services make
Red Hat a trusted adviser to the Fortune 500.
Thank you
36