Azure Red Hat OpenShift: What You Should Know

Azure Red Hat OpenShift: What You Should Know

What Is Azure Red Hat OpenShift?

Red Hat OpenShift provides a Kubernetes platform for enterprises. Azure Red Hat OpenShift permits you to deploy fully-managed OpenShift clusters in the Azure cloud. Azure Red Hat OpenShift is a joint collaboration between Microsoft and Red Hat—it is engineered, supported and operated by both companies, for the purpose of providing a centralized platform that fulfills all requirements.

Azure Red Hat OpenShift has the following tools and functionality in one platform to help both operations and development teams:

  • Image registries
  • Storage management
  • Networking solutions
  • Logging and monitoring tools

The Importance of Azure Red Hat OpenShift

OpenShift offers the resources, tasks and tools needed to run containers in the production environment via Kubernetes, and which has to be tested and versioned together. When developing containerized applications, you require integration with databases, frameworks, CI/CD tools and middleware.

This service lets you sign-on through Azure Active Directory (AD). The clusters are located in your Azure subscriptions and are featured in your Azure bill.

When using Azure Red Hat OpenShift, you are not required to perform patches or operate VMs. Microsoft and Red Hat are responsible for patching, updating and monitoring all infrastructure, master and application nodes.

You can employ your own registry, networking, CI/CD tools and storage. Or you may make use of any of the built-in options that can automate application and container builds, source code management, health management, scaling and more.

Here are some key features:

  • Access, security and monitoring—allows you to integrate with Azure AD and employ Kubernetes RBAC. It also allows you to keep track of the health of resources and clusters.
  • Cluster and node—all nodes of this service run on Azure VMs. The service allows you to connect storage to pods and nodes, you may also upgrade cluster components.
  • Service Level Agreement—provides a SLA that provides for 99.95% availability.
  • Security—Azure simplifies OpenShift security, which can be difficult to configure in an on-premises environment.

OpenShift 4 on Azure Red Hat OpenShift

With version 4, OpenShift added core attributes to Azure Red Hat OpenShift, such as:

  • Support for a cluster-admin role—allows for the cluster-admin role via Azure Red Hat OpenShift clusters, providing entire cluster customization abilities, including installing CRDs and running privileged containers.
  • Autoscaling—utilizes the MachineAutoscalers and Cluster Autoscaler to perform Kubernetes autoscaling, expanding or reducing cluster size to fulfill current demand. Pick and choose VM sizes to your workloads.
  • Clusters across multiple Availability Zones—to provide high-levels of resilience, cluster components are deployed over three Azure AZs in certain Azure regions to ensure high-availability for your mission-critical and highly-demanding data and applications. Azure Red Hat OpenShift features a SLA of 99.9%.
  • Industry standard compliance certifications—to let you adhere to your compliance requirements via regulated markets and industries around the world, Azure Red Hat OpenShift is FedRAMP High, PCI DSS and HITRUST certified. Azure has the largest compliance portfolio in relation to the entire number of offerings, and the amount of customer-facing services.
  • Option to use your own identity provider—as well as supporting authorization and authentication via Azure Active Directory, users can make use of their supported identity provider, for instance they can use OpenID Connect or OAuth2.
  • Support for Azure Monitor—Microsoft Azure now offers monitoring support for Red Hat OpenShift 4 clusters. Those hosted via Azure Red Hat OpenShift and via OpenShift Container Platform run on Azure or run on-premise via Azure Monitor for containers. At the moment, this support is available in a public preview.
  • Support for private ingress and API endpoints—users can now select either public or private cluster management (API) or ingress endpoints. With Azure Express Route and private endpoints, private hybrid clusters have been enabled. This lets mutual users extend their on-premise strategies to Azure.

Image Source: OpenShift

Network Concepts for Azure Red Hat OpenShift

OpenShift Software Defined Networking is an overlay network configured utilizing Open vSwitch, which is an OpenFlow implementation designed according to specifications recommended by the CNI project.

The SDN supports various plugins. Specifically, Azure Red Hat on OpenShift 4 uses the Network Policy plugin. The SDN manages all network communication. This means there is no need to establish any extra routes on your virtual networks in order to achieve pod-to-pod communication.

Azure Red Hat on OpenShift 4

Image Source: Azure

Once you use Azure Red Hat on OpenShift 4—the entire cluster (including all nodes) is contained inside the virtual network. Master nodes and worker nodes are each placed in their own unique subnet, which is located inside the main virtual network. Each subnet gets its own internal load balancer as well as a public load balancer.

Here are several networking features of Azure Red Hat OpenShift:

  • The service lets users create an ARO cluster within an existing virtual network. Alternatively, users can create a virtual network when they create an ARO cluster.
  • You can configure Service and Pod Network CIDRs.
  • Masters and nodes are located in diverse subnets.
  • Masters virtual network subnets and nodes must be minimum /27.
  • Pod CIDR default is 10.128.0.0/14.
  • Service CIDR default is 172.30.0.0/16.
  • Pod and Service Network CIDRs should not overlap with any different address ranges used on the network, and should not be in the cluster’s virtual network IP address range.
  • Pod CIDR must be at least /18 in size. The network of the pod is utilized solely within the OpenShift SDN and is non-routable IPs.
  • Each node is given /23 subnets (512 IPs) for the pods. You cannot change this value.
  • You can’t attach a pod to several networks.
  • You can’t configure Egress static IP.

Conclusion

In this article I explained the basics of Azure Red Hat OpenShift, a solution that lets you run OpenShift as a managed service in the Azure cloud. I discussed the benefits of OpenShift 4, recently supported on Azure, which adds features like autoscaling and running clusters across multiple Availability Zones. Finally, I discussed how networking works in the solution, leveraging Azure cloud network infrastructure and Open vSwitch (OVS).

I hope this will be of help as you evaluate moving your OpenShift deployment to the cloud.

By Gilad Maayan

Gary Bernstein
Most Dangerous Botnets While it’s no secret that the technical sophistication of cyber-attacks grows exponentially, adversaries often need widespread networks to make it happen. One of the ways to do that is to infect legitimate ...
Bitcoin electricity
Bitcoin Heating? Bitcoin mining or cryptocurrency mining has been widely vilified for it’s environmental impact. Why it does draw a huge amount of energy, more and more of it is coming from renewable sources and ...
Gary Bernstein
Secure Remote Authentication When employees are working remotely, they need to be able to access company resources and applications just as if they were in the office. This means that remote authentication needs to be ...
James Corbishly
Teams Sprawl in the Remote Workspace As working from home has become the new everyday norm, with more employers embracing the remote-work model as a new and likely permanent fixture of the employment world, there ...
Sofia Jaramillo
Augmented Reality in Architecture Augmented reality (AR) is a growing field of study and application in the world of architecture. This useful tool can help us visualize architectural designs by superimposing them onto real-world scenes ...

SECURITY TRAINING

  • Isc2

    ISC2

    (ISC)² provides IT training, certifications, and exams that run online, on your premises, or in classrooms. Self-study resources are available. You can also train groups of 10 or more of your employees. If you want a job in cybersecurity, this is the route to take.

  • App Academy

    App Academy

    Immersive software engineering programs. No experience required. Pay $0 until you're hired. Join an online info session to learn more

  • Cybrary

    Cybrary

    CYBRARY Open source Cyber Security learning. Free for everyone, forever. The world's largest cyber security community. Cybrary provides free IT training and paid IT certificates. Courses for beginners, intermediates, and advanced users are available.

  • Plural Site

    Pluralsite

    Pluralsight provides online courses on popular programming languages and developer tools. Other courses cover fields such as IT security best practices, server infrastructure, and virtualization.