Red Hat Advanced Cluster Management for Kubernetes
Introduction
As you move modern applications from development to production, it often makes sense to have multiple fit-for-purpose Kubernetes clusters to support continuous integration/continuous delivery (CI/CD) of DevOps pipelines. This cluster sprawl continues as you add new clusters configured for specific purposes, such as edge deployments, faster response time, reduced latency, reduced capital expenditures (CapEx), and compliance with data residency requirements.
Whether your organization is just getting started with a single cluster or already operating in a multicluster environment, you likely face some difficult decisions, such as:
- How can you manage the life cycle of multiple clusters, regardless of whether they reside on-premise or across public cloud environments, using a single control plane?
- How do you get a simplified understanding of your cluster health and the effect it may have on your application availability?
- How do you automate the provisioning and deprovisioning of your clusters?
- How do you ensure that all of your clusters are compliant with standard and custom policies?
- How do you get alerted about configuration drift and remediate it?
- How can you automate the placement of workloads based on policy?
Red Hat Advanced Cluster Management for Kubernetes
Red Hat® Advanced Cluster Management for Kubernetes offers end-to-end management, visibility, and control of your cluster and application life cycle, along with improved security and compliance of your entire Kubernetes domain—across multiple datacenters and public cloud environments.
Red Hat OpenShift® is the clear choice for container orchestration, offering a platform for deploying and managing containers in a standard, consistent control plane. Red Hat OpenShift and Red Hat Advanced Cluster Management provide the hybrid cloud management platform and capabilities that address common challenges faced by administrators and site reliability engineers (SREs), as they work across a range of environments, such as multiple datacenters and private and public cloud environments that run Kubernetes clusters, including your remote edge sites. Certain industries, such as public sector environments, require strict compliance and U.S. Federal Information Processing Standards (FIPS) mode support, which Red Hat Advanced Cluster Management provides.
Red Hat Advanced Cluster Management lets you manage your Kubernetes clusters from one place. Provision new Red Hat OpenShift clusters across Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP), Microsoft Azure Government (MAG), AWS GovCloud, bare metal, Red Hat OpenStack® Platform, Red Hat Virtualization, and VMware vSphere. In addition, existing Red Hat OpenShift clusters can be imported and managed, such as Red Hat OpenShift on IBM Cloud, Microsoft Azure Red Hat OpenShift, Red Hat OpenShift Dedicated, Red Hat OpenShift on Red Hat OpenStack Platform, Red Hat OpenShift on IBM Z, Red Hat OpenShift on IBM Power, Red Hat OpenShift on Amazon, and Red Hat OpenShift on ARM architecture.
Red Hat Advanced Cluster Management can also import and manage your existing public cloud Kubernetes clusters, such as Amazon Elastic Kubernetes Service (Amazon EKS), IBM Cloud Kubernetes Service (IKS), Azure Kubernetes Service (AKS), and Google Kubernetes Engine (GKE).
Key benefits
- Accelerate application development with self-service provisioning.
- Free IT teams from manual provisioning with self-service cluster deployment that automatically delivers applications.
- Increase application availability with the ability to deploy legacy and cloud-native applications across distributed clusters in less time.
- Enhance security compliance with centralized policy enforcement across clusters.
- Reduce operational costs with a unified management interface.
Features and benefits of Red Hat Advanced Cluster Management
Multicluster observability for fleet health and optimization
Deliver an enhanced SRE experience with out-of-the-box multicluster dashboards that can store long-term historical data and provide an overview of fleet health and optimization.
Learn more at redhat.com/
clustermanagement.
Table 1. Features and benefits of multicluster observability
Feature | Benefit |
Fleet health monitoring |
Sort, filter, and scan individual clusters and user workloads in addition to aggregated multiclusters with Grafana. Use the open source Thanos project for scalable metrics collection with long-term data retention. Get health metrics for OpenShift clusters and non-OpenShift clusters—such as EKS, GKE, AKS, and IKS—in the many out-of-the-box Grafana dashboards. |
Customized metrics and dashboards |
Customize Grafana dashboards based on metrics you define and predefined metrics. Define service-level objectives (SLOs) on a cluster or the platform services, measure the performance against them, and dynamically adjust for deeper collection during critical events when root cause analysis requires it. |
Dynamic search |
Use the graphical console or the application programming interface (API) to identify, isolate, and resolve issues affecting distributed workloads. Application SREs can view application resource YAML and fetch logs from deployments in real time, assisting in mean time to resolution and problem determination. Improved controls with configurable data collection provides opportunities for high-scale environments and security lockdown to limit what gets collected from the managed clusters. |
Analytics through Red Hat Insights for Red Hat OpenShift |
Gain intelligence on cluster health for your entire managed fleet and take proactive steps and remediation actions as needed, based on the analytics provided by Red Hat OpenShift-based telemetry and Red Hat expertise. |
Automatic alert forwarding from managed clusters to Red Hat Advanced Cluster Management hub |
Respond and troubleshoot more easily by getting centralized alerts of cluster health metrics and all of your policy violations sent into your third-party tools, such as Slack and PagerDuty. |
Global Hub |
The Global Hub architecture provides a centralized policy compliance view across multiple hubs, ensuring that organizations with high scale and/or strict divisions across regional datacenters can still get a holistic view of their entire security compliance posture from one central interface. |
Unified multicluster life cycle management
Create, upgrade, and destroy Kubernetes clusters reliably, consistently, and at scale, using an open source programming model that supports and encourages infrastructure as code (IaC) best practices and design principles.
Table 2. Features and benefits of unified multicluster life cycle management
Feature | Benefit |
Cluster life cycle management | Gain Day 1 experience with cluster life cycle management, using the open source Hive API. Create and upgrade new Red Hat OpenShift clusters, or import existing OpenShift and managed Kubernetes clusters, using Red Hat Advanced Cluster Management console. |
Cloud providers supported |
Red Hat Advanced Cluster Management supports the creation of OpenShift clusters on AWS, Microsoft Azure, Google Cloud Platform (GCP), Microsoft Azure Government, AWS GovCloud, bare metal, Red Hat OpenStack Platform, Red Hat Virtualization, and VMware vSphere. |
Enhanced cluster life cycle management |
Take advantage of features, such as worker pool scaling with autoscale configuration, cluster Hibernate® (tech preview), and resume via cluster pools (tech preview) to help deploy clusters in less time. Group clusters into cluster sets to more clearly define access controls. |
Red Hat Ansible® Automation Platform integration |
As part of the integration, supercharge your playbooks with straightforward, security-focused, and Ansible-native access across your Kubernetes fleet, powered by the robust multicluster management layer provided by the multicluster engine for Kubernetes operator and Red Hat Advanced Cluster Management, with the stolostron.core Ansible Collection. Invoke Ansible within Red Hat Advanced Cluster Management for cluster life cycle management, using pre- and post-hooks. |
Multicluster networking with Submariner |
Get rich multicluster networking capabilities with Submariner for application components deployed across multiple clusters. Reduce the complexity of deploying application components and networking requirements across clusters. |
Hosted control planes |
Host and provision containerized Red Hat OpenShift control planes at scale, which solves for cost, footprint, time to provision, and portability across cloud environments with strong separation of concerns between management and workloads. This feature is generally available for bare metal and Red Hat OpenShift Virtualization and is available as a technology preview for AWS. |
Central infrastructure management (CIM) for bare-metal deployments |
Use a self-service model that allows infrastructure owners to provide developers access to bare-metal infrastructure resources to provision OpenShift clusters. Use the infrastructure environments allowing operators to readily maintain your bare-metal host inventory. |
Policy-based governance, risk, and compliance
Apply a policy-based governance approach to automatically monitor and ensure desired best practices configuration state for controls related to security, resiliency, and software engineering so that these controls are operated to industry compliance standards or self-imposed corporate standards.
Table 3. Features and benefits of policy-based governance, risk, and compliance
Feature | Benefit |
Out-of-the-box policy templates for security, resiliency, and configuration management |
Use prebuilt policy templates to enforce policy on Kubernetes configuration (e.g., etcd encryption), identity and access management (IAM), certificate management, and deploy and configure operators, such as Compliance Operator, Gatekeeper/Open Policy Agent (OPA), and Container Security Operator across your clusters. Implement policy-based governance via GitOps to meet internal and external standards, using the open source policy collection repository. |
Governance and risk dashboard |
Use the governance and risk dashboard to view and manage security risks and policy violations in all of your clusters and applications. Get details on violation history. Drill down into violation details by centrally accessing details from managed clusters from the Red Hat Advanced Cluster Management hub. |
Customized policy violation views |
Customize policies for various compliance standards, governance dashboard views, and views for most-affected controls for specific standards. |
Open source extensible policy framework and policy collection repository | Take advantage of the collaborative upstream policy contributions, using the policy collection repository. |
Integration with Gatekeeper and Open Policy Agent (OPA) |
Get a fully supported Gatekeeper and OPA operator that supports deployment of the Gatekeeper operator to your fleet, using compliance policy. Initiate Gatekeeper controls across your fleet to enforce various OPA policies. Centrally view and drill down into violations for all of your Gatekeeper and OPA policies. |
More efficient policy management through Policy Sets |
Group policies for specific purposes (e.g., Red Hat OpenShift Platform Plus deployment, Red Hat Advanced Cluster Management hardening, managed cluster hardening, grouping Gatekeeper policies, PCIStoreFront, HIPAA backend, etc.). This ensures an enhanced user-friendly experience of organizing, managing, and enforcing policies or policy sets for clusters at scale. Preconfigured Policy Sets are available via GitOps as a starting point to use this feature. |
Integration with Kyverno Policy Sets |
Get enhanced admission control capabilities and mutating capabilities with Kyverno Policy Sets. Generate and validate Kubernetes resources with the Kyverno integration, using the integration provided by Policy Generator (Kyverno is supported by the community). |
Integration with Compliance Operator |
Deploy Compliance Operator at scale across your fleet, using Red Hat Advanced Cluster Management to enforce various security profiles for compliance standards, such as the E8 Essential scan. Centrally view and drill down into violations for all of these security profiles. |
Ansible Automation Platform integration |
Use Ansible Automation Platform integration with Red Hat Advanced Cluster Management to automate remediation of noncompliant conditions and gather audit information about the clusters for analysis to promote proactive measures against policy violations detected by Red Hat Advanced Cluster Management. |
Red Hat OpenShift Platform Plus Policy Set |
Get a consolidated experience by using Red Hat Advanced Cluster Management console to deploy OpenShift Platform Plus components consistently across hub and managed clusters by creating policy sets developed with the Policy Generator. |
Policy generator |
Allow policies to be auto-generated and deployed via OpenShift GitOps from existing Kubernetes configuration, Gatekeeper, and Kyverno policies. |
Stronger security and edge scalability using templatized policies |
Secure delivery and enforcement of content from the hub to managed clusters, using templatized policies and its underlying encryption (from secret and protect functions). |
Advanced application life cycle management
Use open standards and deploy applications, using placement rules that are integrated into existing CI/CD pipelines and governance controls.
Table 4. Features and benefits of advanced application life cycle management
Feature | Benefit |
Application topology view |
Get wider visibility of the application topology and readily view the health of service endpoints and pods with all of the connected dependencies like image versions, associated placement rules, Kubernetes resources, and ConfigMaps, no matter if your application was created within Red Hat Advanced Cluster Management, Red Hat OpenShift, or GitOps tools like ArgoCD and Flux. |
Channels and subscriptions |
Automatically deploy applications to specific clusters by subscribing to different workload (resource) channels, such as GitHub, Helm repository, and ObjectStore types. |
Placement rules |
Rapidly deploy workloads across your fleet, or only to specific clusters, on the basis of placement rule definitions and time windows to control when and where your applications are being deployed. |
Ansible Automation Platform integration |
Automate everything outside of Kubernetes with your application deployments through pre- and post-hook Ansible job templates and workflows. For example, automate and configure networking, databases, load balancers, and firewalls with Ansible Automation Platform integration. |
Application builder |
Create intuitive applications, using a form-based input with contextual help to guide you in defining your application components without dealing directly with YAML. |
OpenShift GitOps/Argo CD integration |
Use Red Hat Advanced Cluster Management to allow OpenShift GitOps/Argo CD to automatically deliver content as clusters come online or get imported. Red Hat Advanced Cluster Management policies work in tandem with Argo CD to make sure compliance and configuration are managed and maintained at scale for tighter CI/CD alignment. View and troubleshoot applications deployed by Argo CD in the Advanced Cluster Management application topology view. Create application set objects for your clusters that are registered within Argo, directly from Red Hat Advanced Cluster Management console. |
Edge management at scale
With single-node OpenShift clusters and Red Hat Advanced Cluster Management, continuously scale while enabling availability in high-latency, low-bandwidth edge use cases.
Table 5. Features and benefits of edge management at scale
Feature | Benefit |
Enhanced scalability | The number of OpenShift clusters managed by a single Red Hat Advanced Cluster Management hub is 3,500. Additionally, the IPV6 dual stack support simplifies the management of a scaled out edge architecture. These features ensure scalability in low-bandwidth, high-latency connections and disconnected sites. |
Zero touch provisioning |
Use Red Hat Advanced Cluster Management with assisted installer on-premise and Topology Aware Lifecycle Manager (TALM) for high-scale cluster deployment, serving telecommunications and edge scenarios. |
Single-node OpenShift management |
Get full management capabilities for your single-node OpenShift clusters—an essential feature for your edge use cases. |
Hub-side policy templating |
Reduce the number of policies for high-scale management scenarios by allowing them to refer to data from resources on the hub. TALM operator uses Red Hat Advanced Cluster Management policies to perform changes on the target clusters. |
Business continuity
Use Red Hat Advanced Cluster Management along with the broader Red Hat portfolio to ensure the applications and stateful applications your business relies on are always up and running.
Table 6. Features and benefits of business continuity
Feature | Benefit |
Red Hat Advanced Cluster Management Hub backup and restore |
Back up your hub configuration and restore it in a different hub cluster, using a backup solution based on OpenShift API for Data Protection (OADP). This ensures the management configuration is not lost and the continuity of business is maintained while applications continue to operate across the fleet. |
Red Hat OpenShift Data Foundation for disaster recovery (DR) MetroDR, RegionalDR |
Provide a robust multisite, multicluster DR strategy for your stateful applications, using OpenShift Data Foundation and Red Hat Advanced Cluster Management. OpenShift Data Foundation ensures your application data volumes and persistent volumes (PVs) are consistently and frequently replicated. DR operators that are set up with Red Hat Advanced Cluster Management can automate the DR failover and failback processes asynchronously with Regional-DR for minimal recovery point objective (RPO) or synchronously with Metro-DR to achieve zero RPO. |
PV replication using VolSync |
Ensure resilience for the stateful applications your business relies on by providing a planned application migration strategy across your clusters. You can also use VolSync to create your own DR solution when working with alternative vendors’ storage or heterogeneous storage products. |
Technical specifications for Red Hat Advanced Cluster Management
Hub cluster
- Operator-based installation
- Available on OperatorHub.io
- Requires Red Hat OpenShift Container Platform, 4.12 and above
Managed clusters
- Full life cycle management: any version of Red Hat OpenShift Container Platform 4.10 and above:
- Red Hat OpenShift Service on AWS, Microsoft Azure, Google Cloud Platform, Microsoft Azure Government, AWS GovCloud, VMware vSphere, Red Hat OpenStack Platform, OpenShift Virtualization, and bare metal
- Hosted control planes provider: AWS (tech preview), bare metal, and OpenShift Virtualization (KubeVirt)
- Import and manage:
- Limited life cycle support for managed Kubernetes clusters:
-
Amazon Elastic Kubernetes Service (Amazon EKS)
-
Azure Kubernetes Service (AKS)
-
IBM Cloud Kubernetes Service (IKS)
-
Google Kubernetes Engine (GKE)
-
-
Red Hat Advanced Cluster Management provides observability, application life cycle management, policy-based management, and security-focused network communication of imported clusters.
-
Red Hat Advanced Cluster Management provides full cluster life cycle management (create, upgrade, destroy) with additional security compliance capability for OpenShift Container Platform clusters.
High availability
- Red Hat OpenShift Container Platform availability zone supported
Resource requirements
- 3 masters, 3 infrastructure nodes, 6 vCPU, and 16GB RAM