Red Hat Advanced Cluster Management for Kubernetes

Feature

Benefit

Fleet health monitoring

Sort, filter, and scan individual clusters and user workloads in addition to aggregated multiclusters with Grafana. Use the open source Thanos project for scalable metrics collection with long-term data retention. Get health metrics for OpenShift clusters and non-OpenShift clusters—such as EKS, GKE, AKS, and IKS—in the many out-of-the-box Grafana dashboards.

Customized metrics and dashboards

Customize Grafana dashboards based on metrics you define and predefined metrics. Define service-level objectives (SLOs) on a cluster or the platform services, measure the performance against them, and dynamically adjust for deeper collection during critical events when root cause analysis requires it.

Dynamic search

Use the graphical console or the application programming interface (API) to identify, isolate, and resolve issues affecting distributed workloads. Application SREs can view application resource YAML and fetch logs from deployments in real time, assisting in mean time to resolution and problem determination. Improved controls with configurable data collection provides opportunities for high-scale environments and security lockdown to limit what gets collected from the managed clusters.

Analytics through Red Hat Insights for Red Hat OpenShift

Gain intelligence on cluster health for your entire managed fleet and take proactive steps and remediation actions as needed, based on the analytics provided by Red Hat OpenShift-based telemetry and Red Hat expertise.

Automatic alert forwarding from managed clusters to Red Hat Advanced Cluster Management hub

Respond and troubleshoot more efficiently by getting centralized alerts of cluster health metrics and all of your policy violations sent into your third-party tools, such as Slack and PagerDuty.

Global Hub

The Global Hub architecture provides a centralized policy compliance view across multiple hubs, ensuring that organizations with high scale and/or strict divisions across regional datacenters can still get a holistic view of their entire security compliance posture from a central interface.

Feature

Benefit

Cluster lifecycle management

Create and upgrade new Red Hat OpenShift clusters, CNCF conformant Kubernetes, or import existing OpenShift and managed Kubernetes clusters, using Red Hat Advanced Cluster Management console.

Cloud providers supported

Red Hat Advanced Cluster Management supports the creation of OpenShift clusters on public clouds such as:  AWS, Microsoft Azure, Google Cloud Platform (GCP), Microsoft Azure Government, AWS GovCloud, Alibaba Cloud, Oracle Cloud Infrastructure, and IBM Cloud. A full list of supported deployment options for OpenShift can be found in the documentation.

Supported hypervisors

Red Hat Advanced Cluster Management supports the creation of OpenShift clusters on KVM, VMware ESXi, Nutanix AHV, IBM Power VM, and IBM z/VM. A full list of supported deployment options for OpenShift can be found in the documentation.

Enhanced cluster lifecycle management

Take advantage of features, such as worker pool scaling with autoscale configuration, cluster hibernate, and resume via cluster pools (tech preview) to help deploy clusters in less time. Group clusters into cluster sets to more clearly define access controls.

Red Hat Ansible® Automation Platform integration

As part of the integration, supercharge your playbooks with straightforward, security-focused, and Ansible-native access across your Kubernetes fleet, powered by the robust multicluster management layer provided by the multicluster engine for Kubernetes operator and Red Hat Advanced Cluster Management, with the stolostron.core Ansible Collection. Invoke Ansible within Red Hat Advanced Cluster Management for cluster lifecycle management, using pre- and post-hooks.

Multicluster networking with Submariner

Get rich multicluster networking capabilities with Submariner for application components deployed across multiple clusters. Reduce the complexity of deploying application components and networking requirements across clusters.

Hosted control planes

Host and provision containerized Red Hat OpenShift control planes at scale, which solves for cost, footprint, time to provision, and portability across cloud environments with strong separation of concerns between management and workloads.

Hosted control planes are supported on the following platforms as of ACM 2.12.

• Bare metal by using the agent provider
• Non-bare-metal agent machines, as a technology preview feature
• Red Hat OpenShift Virtualization
• Amazon Web Services (AWS)
• IBM Z
• IBM Power

Host inventory for bare-metal deployments

Use a self-service model that allows infrastructure owners to provide developers access to bare-metal infrastructure resources to provision OpenShift clusters. Use the infrastructure environments allowing operators to readily maintain your bare-metal host inventory.

Feature

Benefit

Cluster configuration management at scale

Powered by the Open Cluster Management project, more easily manage and observe desired cluster configurations and state across a fleet. 

Use “inform” mode to detect configuration drift from desired controls; and “enforce” mode to ensure that those controls are continuously implemented and maintained.

GitOps-enabled via Policy-as-Code design

Taking advantage of the Kubernetes CustomResourceDefinition (CRD) pattern, allows for policies to be declaratively defined and naturally integrated with git workflows using  tools like OpenShift GitOps (Argo CD). 

Predefined “health checks” for Open Cluster Management policies enable Argo CD to intelligently understand the policy violation statuses and natively display in the Argo CD dashboard.

Flexible multi-cluster deployment options

The RHACM policy framework provides a Continuous Delivery (CD) mechanism to deploy your policies to clusters that match Placement criteria via the Policy Custom Resource.

For users that already have existing delivery tools in place, such as Argo CD, you can integrate policies into your existing workflows for deployment to clusters without any tooling or process changes.

Dynamic run-time configuration via lookups and templating

Configurations may occasionally require unique cluster values or characteristics, or need to dynamically adapt based on the cluster state.   

With lookups, you can readily reference other values in the cluster such as the cluster name, secret values, and more.  With templating, you can create highly customizable logic, using conditionals and more, for your tailored configuration needs.

Through lookups and templating, you can greatly reduce and simplify the number of resource manifests you need to manage resulting from variations in cluster characteristics, cluster or deployed software versions, environments, and more.

Synchronization of secrets, ConfigMaps, or other configurations from hub to spoke

Security-hardened delivery and enforcement of content from the hub to managed clusters, using templatized policies and its underlying encryption (from secret and protect functions).

Operator lifecycle management (OLM)

Use a single consolidated API, OperatorPolicy, to declaratively manage the lifecycle of OLM operators across your fleet. It provides a consolidated operator health status for expedited problem detection. Provides a GitOps-friendly API, even for operators deployed in “manual” mode and declarative management of the operator’s install plans for more controlled upgrades.

Admission and mutation controls

Get full support for Open Policy Agent (OPA) Gatekeeper that allows deployment of the operator to your fleet. Initiate Gatekeeper controls across your fleet to enforce various OPA controls. Centrally view and drill down into violations for all of your Gatekeeper policies.

Certificate issue detection

Use CertificatePolicy to detect certificates that will soon expire, configured with lifespans that are too long, or contain DNS names that fail to match specified patterns.

Out-of-the-box and customization of policies

Use prebuilt policy templates to enforce policy on Kubernetes configuration, e.g., etcd encryption, identity and access management (IAM), certificate management, and deploy and configure operators, such as compliance operator, Gatekeeper/OPA, and container security uperator across your clusters. Implement policy-based governance via GitOps to meet internal and external standards, using the open source policy collection repository.

Allow policies to be auto-generated, using the Policy Generator, and deployed via OpenShift GitOps from existing Kubernetes configuration, Gatekeeper, and Kyverno policies.

Integration with observability tooling

Policies produce associated Prometheus metrics that allow for a reliable integration with Observability tooling; such as creating customized Grafana dashboards, or hooking into alerting tools, to naturally fit into SRE workflows.

Ansible Automation Platform integration

Use Ansible Automation Platform integration with Red Hat Advanced Cluster Management to automate remediation of violation conditions and gather audit information about the clusters for analysis to promote proactive measures against policy violations detected by Red Hat Advanced Cluster Management.

Red Hat OpenShift Platform Plus policy set

Get a consolidated experience by using Red Hat Advanced Cluster Management console to deploy OpenShift Platform Plus components consistently across hub and managed clusters by creating policy sets developed with the Policy Generator.

Policy CLI

For improved local development of policies, use the policytools CLI, to more easily create and locally test the behavior of policies that use the lookup and templating functions.

Simplified policy management experience

Use the governance dashboard to view and manage security risks and policy violations in all of your clusters and applications. Get details on violation history. Examine violation details by centrally accessing details from managed clusters from the Red Hat Advanced Cluster Management hub.

Use PolicySets to group policies for specific purposes, e.g., Red Hat OpenShift Platform Plus deployment, Red Hat Advanced Cluster Management hardening, managed cluster hardening, grouping Gatekeeper policies, PCIStoreFront, and HIPAA backend. This ensures an enhanced user-friendly experience of organizing, managing, and enforcing policies or policy sets for clusters at scale. Preconfigured policy sets are available via GitOps as a starting point to use this feature.

Customize policies for various compliance standards, governance dashboard views, and views for most-affected controls for specific standards.

Automated policy discovery and user experience for multiple policy engines

The Red Hat Advanced Cluster Management Governance dashboard will automatically detect deployed policies from multiple policy engines to include:  Open Cluster Management and Open Policy Agent Gatekeeper.

Feature

Benefit

Application topology view

Get wider visibility of the application topology and readily view the health of service endpoints and pods with all of the connected dependencies like image versions, associated placement rules, Kubernetes resources, and ConfigMaps, no matter if your application was created within Red Hat Advanced Cluster Management, Red Hat OpenShift, or GitOps tools like ArgoCD and Flux. Individual objects provide a link to ACM-search-menu for further troubleshooting options.

Placement

Rapidly deploy workloads across your fleet, or only to specific clusters, on the basis of placement  definitions control when and where your applications are being deployed.

Ansible Automation Platform integration

Automate everything outside of Kubernetes with your application deployments through pre- and post-hook Ansible job templates and workflows. For example, automate and configure networking, databases, load balancers, and firewalls with Ansible Automation Platform integration.

Application builder

Create intuitive applications, using a form-based input with contextual help to guide you in defining your application components without dealing directly with YAML.

OpenShift GitOps/Argo CD integration

Use Red Hat Advanced Cluster Management to allow OpenShift GitOps/Argo CD to automatically deliver content as clusters come online or get imported. Red Hat Advanced Cluster Management policies work in tandem with Argo CD to make sure compliance and configuration are managed and maintained at scale for tighter CI/CD alignment. View and troubleshoot applications deployed by Argo CD in the Advanced Cluster Management application topology view.

Gain flexibility (push versus pull-model) when distributing applications to different clusters. 

Feature

Benefit

Enhanced scalability

The number of OpenShift clusters managed by a single Red Hat Advanced Cluster Management hub is 3,500. Additionally, the IPV6 dual stack support simplifies the management of a scaled out edge architecture. These features ensure scalability in low-bandwidth, high-latency connections and disconnected sites.

Zero touch provisioning

Use Red Hat Advanced Cluster Management with assisted installer on-premise and Topology Aware Lifecycle Manager (TALM), Image Based Install (IBI) Operator, and image-based upgrade (IBU) for high-scale cluster deployment, serving telecommunications and edge scenarios.

Single-node OpenShift management

Get full management capabilities for your single-node OpenShift clusters—an essential feature for your edge use cases.

Hub-side policy templating

Reduce the number of policies for high-scale management scenarios by allowing them to refer to data from resources on the hub. TALM operator uses Red Hat Advanced Cluster Management policies to perform changes on the target clusters.

Feature

Benefit

Red Hat Advanced Cluster Management Hub backup and restore

Back up your hub configuration and restore it in a different hub cluster, using a backup solution based on OpenShift API for Data Protection (OADP). This ensures the management configuration is not lost and the continuity of business is maintained while applications continue to operate across the fleet.

Red Hat OpenShift Data Foundation for disaster recovery (DR), Metro-DR, Regional-DR

Provide a robust multisite, multicluster DR strategy for your stateful applications, using OpenShift Data Foundation and Red Hat Advanced Cluster Management. OpenShift Data Foundation ensures your application data volumes and persistent volumes (PVs) are consistently and frequently replicated. DR operators that are set up with Red Hat Advanced Cluster Management can automate the DR failover and failback processes asynchronously with Regional-DR for minimal recovery point objective (RPO) or synchronously with Metro-DR to achieve zero RPO.

PV replication using VolSync

Ensure resilience for the stateful applications your business relies on by providing a planned application migration strategy across your clusters. You can also use VolSync to create your own DR solution when working with alternative vendors’ storage or heterogeneous storage products.