Red Hat Advanced Cluster Manager Details
jd_sourav
193 views
18 slides
May 27, 2024
Slide 1 of 18
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
About This Presentation
Advanced Cluster Management
Slide Content
CONFIDENTIAL designator
Advanced Cluster Management
John Gammon
Senior Account Solution
Architect
Aly Ibrahim
Cloud App Dev Solutions
Architect
1
Advanced Cluster Management
John Gammon
Senior Account Solution
Architect
Aly Ibrahim
Cloud App Dev Solutions
Architect
1
CONFIDENTIAL designator
2
Lunch & Learn Agenda
●Advanced Cluster Management Presentation (~ 25 minutes)
○Why Advanced Cluster Management?
○Features of Advanced Cluster Management?
●Demo ---------------------------------------------------------------- (~30 minutes)
○Cluster Lifecycle Management
○Policy and Governance
○Application Lifecycle Deployments
John Gammon
Senior Account Solution Architect
Aly Ibrahim
Cloud App Dev Solutions Architect
2
Lunch & Learn Agenda
●Advanced Cluster Management Presentation (~ 25 minutes)
○Why Advanced Cluster Management?
○Features of Advanced Cluster Management?
●Demo ---------------------------------------------------------------- (~30 minutes)
○Cluster Lifecycle Management
○Policy and Governance
○Application Lifecycle Deployments
John Gammon
Senior Account Solution Architect
Aly Ibrahim
Cloud App Dev Solutions Architect
CONFIDENTIAL designator
Why Advanced Cluster Management?
Why Advanced Cluster Management?
CONFIDENTIAL designator Educated Prediction of Future Conditions
If we accept that enterprise kubernetes is going to grow,, what can we predict?
Years 2 3 4 5
For Every 1000 Applications 1,000 1,000 1,000 1,000
% Containerized 20.00% 30.00% 40.00% 60.00%
Containerized Apps 200 300 400 600
Number of Kubernetes Clusters (Dev/Test/Prod) 10 20 25 30
Sub-Total Containerized Apps 2,000 6,000 10,000 18,000
Concurrency Factor 1.40 1.40 1.40 1.40
Total Containerized Apps 2,800 8,400 14,000 25,200
Annual Frequency of Change
Slow (1 per week) 145,600 436,800 728,000 1,310,400
Medium (2 per week) 291,200 873,600 1,456,000 2,620,800
Fast (daily) 1,022,000 3,066,000 5,110,000 9,198,000
Years 2 3 4 5
Volume of Daily Pipelines
Slow (1 per week) 560 1,680 2,800 5,040
Medium (2 per week) 2,240 6,720 11,200 20,160
Fast (daily) 2,800 8,400 14,000 25,200
Let’s do the Math
For Your Average Large Company
Expected Pace of Change
If we accept that enterprise kubernetes is going to grow,, what can we predict?
Years 2 3 4 5
For Every 1000 Applications 1,000 1,000 1,000 1,000
% Containerized 20.00% 30.00% 40.00% 60.00%
Containerized Apps 200 300 400 600
Number of Kubernetes Clusters (Dev/Test/Prod) 10 20 25 30
Sub-Total Containerized Apps 2,000 6,000 10,000 18,000
Concurrency Factor 1.40 1.40 1.40 1.40
Total Containerized Apps 2,800 8,400 14,000 25,200
Annual Frequency of Change
Slow (1 per week) 145,600 436,800 728,000 1,310,400
Medium (2 per week) 291,200 873,600 1,456,000 2,620,800
Fast (daily) 1,022,000 3,066,000 5,110,000 9,198,000
Years 2 3 4 5
Volume of Daily Pipelines
Slow (1 per week) 560 1,680 2,800 5,040
Medium (2 per week) 2,240 6,720 11,200 20,160
Fast (daily) 2,800 8,400 14,000 25,200
Let’s do the Math
For Your Average Large Company
Expected Pace of Change
CONFIDENTIAL designator
OR
Enterprise Kubernetes
xKS/DIY? OpenShift?
OR
Enterprise Kubernetes
xKS/DIY? OpenShift?
CONFIDENTIAL designator
Advanced Cluster Management to the Rescue
RHACM Hub
Red Hat Openshift Platform
Pre &
Post
Advanced Cluster Management to the Rescue
RHACM Hub
Red Hat Openshift Platform
Pre &
Post
CONFIDENTIAL designator
Policies can be written by the security
team and enforced at each cluster, allowing
environments to conform to your policy.
Ease compliance
Red Hat OpenShift and Red Hat Advanced Cluster Management for Kubernetes
Benefits
7
Placement rules can allow quick deployment
of clusters across distributed locations for
availability, capacity, and security reasons.
Increase application availability
Self-service provisioning allows app dev
teams to request clusters directly from a
catalog removing central IT as a bottleneck.
Accelerate development to production
Centralized management of clusters reduces
operational cost, makes the environment
consistent, and removes the need to manually
manage individual clusters.
Reduce costs
Red Hat Advanced Cluster Management for Kubernetes
Policies can be written by the security
team and enforced at each cluster, allowing
environments to conform to your policy.
Ease compliance
Red Hat OpenShift and Red Hat Advanced Cluster Management for Kubernetes
Benefits
7
Placement rules can allow quick deployment
of clusters across distributed locations for
availability, capacity, and security reasons.
Increase application availability
Self-service provisioning allows app dev
teams to request clusters directly from a
catalog removing central IT as a bottleneck.
Accelerate development to production
Centralized management of clusters reduces
operational cost, makes the environment
consistent, and removes the need to manually
manage individual clusters.
Reduce costs
Red Hat Advanced Cluster Management for Kubernetes
CONFIDENTIAL designator
Advanced Cluster Management
Advanced Cluster Management
CONFIDENTIAL designator
Advanced Cluster Management for Kubernetes
Red Hat Advanced Cluster Management
9
Hub Sizing Requirements
OpenShift Node RoleAvailability Zones Data Stores Total reserved
memory (lower
bound)
Total reserved CPU
(lower bound)
Master 3 etcd x 3 Per OpenShift sizing
guidelines
Per OpenShift sizing
guidelines
Worker 3 redisgraph/redis x 1 12Gi 6 CPU
2.0
*Observed usage consumes around 2 CPU steady state for 30+ clusters
+About 20Gi of persistent
storage
Advanced Cluster Management for Kubernetes
Red Hat Advanced Cluster Management
9
Hub Sizing Requirements
OpenShift Node RoleAvailability Zones Data Stores Total reserved
memory (lower
bound)
Total reserved CPU
(lower bound)
Master 3 etcd x 3 Per OpenShift sizing
guidelines
Per OpenShift sizing
guidelines
Worker 3 redisgraph/redis x 1 12Gi 6 CPU
2.0
*Observed usage consumes around 2 CPU steady state for 30+ clusters
+About 20Gi of persistent
storage
CONFIDENTIAL designator
Availability Zone 1
Red Hat Advanced Cluster Management
RHACM 2.x Fault Domains
10
Availability Zone 2 Availability Zone 3
openshift-etcd-
0
openshift-etcd-
1
openshift-etcd-
2
acm-ui pods
(multiple
services)
acm-ui pods
(multiple
services)
acm-api pods
(multiple
services)
acm-api pods
(multiple
services)
●Fault domains spread pods
across AZs via podAntiAffinity
●Stateful datastores require 3
replicas
●All Stateless UI & API services
will be run with at least 2
replicas to support rolling
updates and fault domain
outages
●Thanos requires an S3 object
store that can be run inside or
outside the cluster
●Redis/RedisGraph provides an
in-memory index for search;
search data re-indexed in case
of Pod or Node failure
High Availability
acm-redisgraph-0
Observability
acm-observability API
acm-thanos datastore
S3-compatible
Object Store
acm-grafana
acm-thanos memcached
Observability
acm-observability API
acm-thanos datastore
S3-compatible
Object Store
acm-grafana
acm-thanos memcached
Observability
acm-observability API
acm-thanos datastore
S3-compatible
Object Store
acm-grafana
acm-thanos memcached
Availability Zone 1
Red Hat Advanced Cluster Management
RHACM 2.x Fault Domains
10
Availability Zone 2 Availability Zone 3
openshift-etcd-
0
openshift-etcd-
1
openshift-etcd-
2
acm-ui pods
(multiple
services)
acm-ui pods
(multiple
services)
acm-api pods
(multiple
services)
acm-api pods
(multiple
services)
●Fault domains spread pods
across AZs via podAntiAffinity
●Stateful datastores require 3
replicas
●All Stateless UI & API services
will be run with at least 2
replicas to support rolling
updates and fault domain
outages
●Thanos requires an S3 object
store that can be run inside or
outside the cluster
●Redis/RedisGraph provides an
in-memory index for search;
search data re-indexed in case
of Pod or Node failure
High Availability
acm-redisgraph-0
Observability
acm-observability API
acm-thanos datastore
S3-compatible
Object Store
acm-grafana
acm-thanos memcached
Observability
acm-observability API
acm-thanos datastore
S3-compatible
Object Store
acm-grafana
acm-thanos memcached
Observability
acm-observability API
acm-thanos datastore
S3-compatible
Object Store
acm-grafana
acm-thanos memcached
1111
•Centrally create, update and
delete Kubernetes clusters
across multiple private and
public clouds
•Search, find and modify any
kubernetes resource across the
entire domain.
•Quickly troubleshoot and
resolve issues across your
federated domain
Unified Multi-Cluster Management
Single Pane for all your Kubernetes Clusters
•Centrally create, update and
delete Kubernetes clusters
across multiple private and
public clouds
•Search, find and modify any
kubernetes resource across the
entire domain.
•Quickly troubleshoot and
resolve issues across your
federated domain
Unified Multi-Cluster Management
Single Pane for all your Kubernetes Clusters
1212
●Create, Upgrade and Destroy OCP
clusters running on Bare-metal as well as
public cloud
●Leverage Hive API for OCP cluster
deployment
●Wizard or YAML based create cluster flow
●Launch to an OCP Console from ACM
●Access cluster login credentials and
download kubeadmin configuration
Creating & Importing Clusters
Multi-Cluster Lifecycle Management
IT Operations DevOps/SRE
●Create, Upgrade and Destroy OCP
clusters running on Bare-metal as well as
public cloud
●Leverage Hive API for OCP cluster
deployment
●Wizard or YAML based create cluster flow
●Launch to an OCP Console from ACM
●Access cluster login credentials and
download kubeadmin configuration
Creating & Importing Clusters
Multi-Cluster Lifecycle Management
IT Operations DevOps/SRE
OpenShift Compliance Operator: Declarative Security Compliance (As of 10/22)
13
=
Install, upgrade,
reconcile, config
Describe intent
with declarative
config
Monitor, scale,
troubleshoot,
backup
SummarizeObserve
ComplianceSuite
Scan (results)
1A compliance profile is
selected
2
The operator runs the scan
for the profile against
nodes, collect results, and
(optionally) performs
remeditations
3Accreditors or Auditors can
examine the scan results
for compliance status,
After review, if desired,
remediations can be
manually applied by the
cluster-admin.
ComplianceCheckResult
ComplianceRemediations
Security and Compliance
With 4.6, a limited set of RHCOS checks will
be implemented. Additional compliance
checks will be delivered roughly every 2
months.
13
For Each OpenShift Cluster
13
=
Install, upgrade,
reconcile, config
Describe intent
with declarative
config
Monitor, scale,
troubleshoot,
backup
SummarizeObserve
ComplianceSuite
Scan (results)
1A compliance profile is
selected
2
The operator runs the scan
for the profile against
nodes, collect results, and
(optionally) performs
remeditations
3Accreditors or Auditors can
examine the scan results
for compliance status,
After review, if desired,
remediations can be
manually applied by the
cluster-admin.
ComplianceCheckResult
ComplianceRemediations
Security and Compliance
With 4.6, a limited set of RHCOS checks will
be implemented. Additional compliance
checks will be delivered roughly every 2
months.
13
For Each OpenShift Cluster
1414
Policy based Governance, Risk and Compliance
•Centrally set & enforce policies
for security, applications, &
infrastructure
•Quickly visualize detailed
auditing on configuration of
apps and clusters
•Built-in CIS compliance policies
and audit checks
•Immediate visibility into your
compliance posture based on
your defined standards
Don’t wait for your security team to tap you on the shoulder
Policy based Governance, Risk and Compliance
•Centrally set & enforce policies
for security, applications, &
infrastructure
•Quickly visualize detailed
auditing on configuration of
apps and clusters
•Built-in CIS compliance policies
and audit checks
•Immediate visibility into your
compliance posture based on
your defined standards
Don’t wait for your security team to tap you on the shoulder
1515
Policy based Governance, Risk and Compliance
●Standard Policies out of the
box
○FISMA
○HIPAA
○NIST
○PCI
●Leverage Different
Categories to Represent
more standards (if Needed)
●Use Labels to enforce
policies against clusters
●Use inform to view policy
violations
●Use enforce to view
violations and automatically
remediate
Don’t wait for your security team to tap you on the shoulder
Security Ops IT Operations
Policy based Governance, Risk and Compliance
●Standard Policies out of the
box
○FISMA
○HIPAA
○NIST
○PCI
●Leverage Different
Categories to Represent
more standards (if Needed)
●Use Labels to enforce
policies against clusters
●Use inform to view policy
violations
●Use enforce to view
violations and automatically
remediate
Don’t wait for your security team to tap you on the shoulder
Security Ops IT Operations
1616
Advanced Application Lifecycle Management
•Easily Deploy Applications at
Scale
•Deploy Applications from
Multiple Sources
•Quickly visualize application
relationships across clusters
and those that span clusters
Simplify your Application Lifecycle
Advanced Application Lifecycle Management
•Easily Deploy Applications at
Scale
•Deploy Applications from
Multiple Sources
•Quickly visualize application
relationships across clusters
and those that span clusters
Simplify your Application Lifecycle
Application LifeCycle Management
Advanced Cluster Manager
Advanced Cluster Manager
F18017-190601
RHACM Hub
Managed Clusters
18
Integration Architecture Overview for Application Life Cycle
Red Hat Openshift Platform
RHACM Klusterlet
Red Hat Openshift
Platform
Red Hat Ansible
Automation Platform IT Systems
Security
Network
Application
CM
APP A
APP A
Kubernetes
resources
Channel
1
2
3
4
2
Kubernetes Job
1
3
4
Managed Clusters install resources
based on channel it subscribed
ACM hub call Ansible Tower with
Template Job ID define in
Application Pre & Post Action
Ansible Tower executes Job
ACM hub receives feedback from
Job execution and show all
Kubernetes resources in topology
including Ansible Job status
Pre &
Post
+
RHACM Hub
Managed Clusters
18
Integration Architecture Overview for Application Life Cycle
Red Hat Openshift Platform
RHACM Klusterlet
Red Hat Openshift
Platform
Red Hat Ansible
Automation Platform IT Systems
Security
Network
Application
CM
APP A
APP A
Kubernetes
resources
Channel
1
2
3
4
2
Kubernetes Job
1
3
4
Managed Clusters install resources
based on channel it subscribed
ACM hub call Ansible Tower with
Template Job ID define in
Application Pre & Post Action
Ansible Tower executes Job
ACM hub receives feedback from
Job execution and show all
Kubernetes resources in topology
including Ansible Job status
Pre &
Post
+
Tags
Categories
GeneralDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 193
- Slides 18
- Favorites 1
- Age 555 days
Related Slideshows
22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
32 views
26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
34 views
31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
31 views
14
Fertility awareness methods for women in the society
Isaiah47
30 views
35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
28 views
5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
30 views