Unlocking new possibilities: The general availability of hosted control planes for self-managed Red Hat OpenShift

In the evolving landscape of cloud infrastructure, organizations are confronting the complexities of deploying and managing applications across various regions and zones due to latency, availability, compliance, sovereignty and security concerns. As demand for multitenancy and specialized workload management grows, the limitations of single-cluster setups become evident, pushing businesses towards a multicluster approach.

As organizations navigate this shift, they encounter the daunting task of orchestrating and administering multiple clusters efficiently. The need for a cost-effective, scalable and security-focused holistic multicluster Red Hat OpenShift architecture arises as a business priority to maintain a competitive edge and build innovative applications.

Recognizing this, a year ago, we introduced a technology preview of hosted control planes for OpenShift, tailored for efficient multicluster deployments. Hosted control planes, which architecturally decouples the control plane from workloads, presents a scalable and economical solution for multicluster management. It helps streamline cluster provisioning and maximizes resource utilization by leveraging existing OpenShift management infrastructure and tooling.

After a year of invaluable feedback and insights from our community of partners and customers, we are excited to announce that hosted control planes is now generally available on two key on-premises platforms: Red Hat OpenShift on bare metal via the agent provider and the Red Hat OpenShift Virtualization provider.

Embracing efficiency: The business case for hosted control planes

Adopting hosted control planes for multicluster operations doesn't just yield cost savings; it can fundamentally transform the economics of hosting and operating platforms and infrastructure for applications. Without hosted control planes, organizations may face spiraling costs and operational inefficiencies, particularly as they embrace a multicluster approach at scale. 

An internal Red Hat analysis reveals that using hosted control planes as an OpenShift form factor for multicluster deployments will minimize total cost of ownership (TCO) in several key areas, especially for on-premises deployments:

• Improved developer productivity: By reducing cluster provisioning times and streamlining processes, hosted control planes boost developer efficiency, translating to over 60% in savings.
• Streamlined SRE operations: Site reliability engineering (SRE) teams benefit from unified tooling and reduced context switching, resulting in over 65% reduction in operational costs.
• Energy and facility cost savings: Hosted control planes require fewer servers and less energy, slashing power and facility-related expenses by more than 50%.
• Depreciation cost benefits: With a reduced server count comes savings in depreciation costs, often exceeding 90%.

The voice of innovation: Partner success with hosted control planes

Leading voices in the tech industry have already begun reaping the benefits of hosted control planes. The CTO of German Edge Cloud GmbH, a frontrunner in tech innovation, shares their experience:

"ONCITE Digital Product Systems, our scalable application platform, is exclusively powered by Red Hat OpenShift and allows us to facilitate industrial solutions for the smart factory - including analytics at the edge, quality control and real-time production insights. The adoption of self-managed Red Hat OpenShift with hosted control planes in our development ecosystem has resulted in long-term infrastructure cost savings, promoting sustained resource efficiency. It has also optimized application development processes by boosting productivity, enabling our developers to focus on building the core of industrial solutions utilizing the cluster-as-a-service, self-service option." - Andreas Zerfas, CTO Digital Industrial Solutions, German Edge Cloud GmbH & Co. KG

This success story underscores the transformative impact of hosted control planes on both the operational and development fronts.

Solving problems: The technical case for hosted control planes

OpenShift exists to serve applications and workloads. Scheduling, control planes and controller managers are components that make orchestration simpler to optimize workload placement. Hosted control planes is a re-architecture of OpenShift that reduces the cost/overhead of orchestrations, scheduling and placement (i.e., the control-plane). Doing so makes clusters more cost-effective, faster and more attainable at scale, allowing us to assume the cluster as a boundary for multitenancy and making the following jobs easier.  

Benefits for platform engineering and SRE teams

• Simplify operator's version dependencies: Have different versions of an operator installed per cluster so that applications belonging to various tenants can self-serve and function optimally without impacting each other.
• Simplify cluster lifecycle: Use the decoupled control plane and data-plane lifecycle and patch control planes as needed without impacting workload availability. 
• Reduce time to provision clusters for developers and tenants: Provisioning a new cluster just requires deploying worker nodes. There is no need to deploy the control plane nodes; control-planes are just workloads run on the management cluster.
• Establish clear ownership boundaries: Communicate with one application team rather than multiple teams to streamline scheduling and coordination.
• Reduce provisioning complexity: Abstracts away control plane management, reducing overall complexity, and allows for building automation workflows on top, for example, using cluster templates.
• Reduce human error in provisioning: Decoupling the personas means that the admins/developers only interact with workloads, not with control-plane artifacts, simplifying the ownership model and dependency between management planes and workloads for business continuation. 

Benefits for security and compliance teams

• Network segmentation between management and workloads: Separate control plane and workload traffic into distinct network domains for stronger segmentation (the management cluster and the hosted cluster network domains).
• Strong segmentation between provider and consumer personas: Utilize provider and consumer personas for permissions and role segmentation.
• Apply per-tenant security controls: Customize security controls (e.g., FIPS) per tenant without impacting other tenants that might not necessarily have the same requirements.

Benefits for cluster administrators

• Application-specific kernel requirements: Accommodate different needs without affecting other applications to prevent negative impacts and the necessity for major app re-work (e.g., applications that require special kernel modules).
• Tenant contention avoidance: Avoid "noisy neighbor" issues for tenants sharing the same nodes or racing for limited network bandwidth resources (e.g., cloud-native network functions (CNFs)).  
• Avoid port conflicts: Reduce deployment overhead and potential conflicts, particularly when two applications use the same port.
• Managing operator versions and Custom Resource Definitions (CRD) conflicts: Simplify version management for operators and avoid CRD conflicts.
• Maintenance coordination optimization: Set up a streamlined process for coordinating maintenance with application teams.
• Simpler IP Address Management (IPAM): Isolate IPAM per application, per cluster.

Hosted control planes and Red Hat Advanced Cluster Management: A symbiotic relationship

Hosted control planes complement tools like Red Hat Advanced Cluster Management for Kubernetes, which offers an end-to-end solution for multicluster management and lifecycle.

While Red Hat Advanced Cluster Management excels at optimizing day-to-day multicluster management, especially Day 2 tasks, such as policy enforcement, application lifecycle and observability across a fleet of clusters. Hosted control planes fine-tunes the underlying OpenShift architecture for multicluster deployments, providing a more seamless, cost-effective infrastructure for a multicluster environment.

What’s next from here?

The general availability of hosted control planes for OpenShift on bare metal via the agent provider and OpenShift Virtualization is but a milestone for delivering a robust, flexible and cost-effective solution for managing OpenShift clusters. But we are not stopping here. We are working hard to support additional self-managed cloud and on-premises providers in the future. We are also making additional architecture optimizations to better cater to various use cases.

Check the following resources to learn more about hosted control planes on OpenShift:

• Hosted control planes overview
• Episodes introducing the concept and benefits of hosted control planes:
  • The Cloud Multiplier: Ep. 1 | Hypershift
  • Ask an OpenShift Admin (Ep 84) | Hosted Control Planes
  • Ask an OpenShift Admin (E106) Next-Level Cluster Provisioning 
• Configuring hosted control planes: A step-by-step guide on setting up and managing hosted control planes.
• OpenShift Virtualization 4.14: Cloud deployment options, expanded security and more: Resources on the OpenShift Virtualization provider
• Hosted control planes demo with disconnected & IPv6 on bare metal: A video demonstration using hosted control planes with disconnected and IPv6 environments on bare metal.

We are eager to have you try and use hosted control planes on bare metal via the agent provider, as well as on the OpenShift virtualization provider. Your feedback and inquiries are highly valued. We would love for you to try using hosted control planes on bare metal with the agent provider, as well as with the OpenShift virtualization provider. 

To help us assist you better with using hosted control planes, we've created a short 3-minute feedback form. Please take a moment to fill out the Hosted Control Planes GA Feedback Form. Moreover, if you need further assistance, you can reach out to us through the following methods:

• OpenShift Commons slack
• OpenShift users Kubernetes slack channel
• Or through your Red Hat account representative

We hope you enjoy using hosted control planes and we look forward to hearing from you soon.