Do you have more than one OpenShift cluster? Do you want or need a better way to manage those clusters? Red Hat Advanced Cluster Management for Kubernetes (RHACM) provides a multi-cluster management experience that makes it easier for administrators to apply policies, check status, and more for hundreds - or even thousands - of clusters.
This week Jimmy Alvarez, Technical Marketing Manager, joined us to show more about RHACM, including how to deploy clusters, add existing clusters, and apply policies across some or all of your clusters.
As always, please see the list below for additional links to specific topics, questions, and supporting materials for the episode!
If you’re interested in more streaming content, please subscribe to the Red Hat livestreaming calendar to see the upcoming episode topics and to receive any schedule changes. If you have questions or topic suggestions for the Ask an OpenShift Admin Office Hour, please contact us via Discord, Twitter, or come join us live, Wednesdays at 11am EDT / 1500 UTC, on YouTube and Twitch.
Episode 36 recorded stream:
Use this link to jump directly to where we start talking about today’s topic.
This week’s top of mind topics:
- OpenShift 4.8 was released earlier this week! We briefly highlighted the release during today’s stream, but if you’re curious what’s new in this release you can see the product management team discuss the full payload here, or you can get a condensed version for administrators here.
- We briefly revisited last week, where we talked about a CVE that affected the Helm client. As predicted, the Helm CLI was updated in the OpenShift mirror(s), so please update!
- If you’re using a proxy for internet access, you can configure any on-premises IPI deployment to use that proxy via the install-config.yaml. The docs only have it listed for one infrastructure type, but the same process works - and is supported - with the others as well.
- If you’re deploying an OpenShift cluster to vSphere - IPI or UPI - be sure to pay attention to the permissions needed for the cloud provider and storage integration. We discussed this during the stream, but especially important is where, i.e. which objects in vSphere, the permissions are applied.
Questions answered and topics discussed during the stream:
- What is Advanced Cluster Management (ACM) and what role does it serve? In short, ACM enables administrators and developers to deploy, manage, and use OpenShift clusters across multiple infrastructure types with policies for configuration, security, integration, and more.
- There is some overlap in featureset between Red Hat Advanced Cluster Management and Advanced Cluster Security (ACS). What purpose does each one fill and what are the strengths? While it’s true there’s overlap, ACS excels at the security aspect and ACM excels at multi-cluster management. If you’re using both - or interested in both - check out OpenShift Platform Plus, which includes entitlements for OpenShift Container Platform, Advanced Cluster Management, Advanced Cluster Security, and Quay.
- Can separate OpenShift clusters have their configuration synchronized using ACM? Yes, though the optimal solution will probably be a combination of ACM and GitOps. ACM supports deploying applications via Helm, Git, and other methods. Additionally, applications can be set to automatically deploy to any cluster with a specific set of labels or tags. This means that when you deploy or import a cluster, the app can be deployed without further interaction.
- ACM is able to deploy clusters automatically. What infrastructure types and deployment types are supported? The hyperscalers are, of course, supported, along with vSphere, OpenStack, and bare metal for on-prem.
- ACM 2.3, which will be available soon, introduces the ability to have Ansible based pre- and post-deployment hooks. This is a powerful feature which enables you to do many actions in the external infrastructure, such as configuring DNS records or configuring external storage.
- ACM 2.3 also introduces cluster sets. Cluster sets group clusters together and applies configuration across them equally. They can also be used to configure Submariner cross-cluster SDN to facilitate application deployments which span multiple clusters.
- Can ACM do continuous optimization of application placement based on utilization or cost of infrastructure? Unfortunately, no, but this is an interesting concept, particularly if it could be integrated with the Red Hat cost management feature on the Red Hat Hybrid Cloud Console.
- Another ACM 2.3 feature is the ability to put clusters into hibernation. This can be a quick and simplified way of having capacity available quickly for scaling applications that doesn’t consume resources all of the time.
- Deploying in a disconnected environment, including having ACM deploy clusters in a disconnected environment, is fully supported!
- Metrics across multiple clusters are aggregated and displayed in a common interface. This includes not just performance metrics, but also security analysis, vulnerability information, and configuration issues coming from Insights.
- Last but not least, Jimmy shows us how to use ACM to deploy security policy across multiple clusters. You can find a collection of policies from Red Hat on GitHub to get you started with evaluating, reporting, and applying security governance on your clusters.