In this blog, we introduce the new technology preview integration between Submariner and Red Hat Advanced Cluster Management for Kubernetes that is available in version 2.2. This integration can enable direct networking between pods and services across the managed Red Hat OpenShift Container Platform clusters in the hybrid clouds, including on-premises and public clouds like Amazon Web Services, Google Cloud Platform, IBM Cloud, and Microsoft Azure.
Red Hat Advanced Cluster Management for Kubernetes provides end-to-end visibility and control to manage your Kubernetes clusters, and controls your application lifecycle across the hybrid clouds. There is a unique challenge with enabling the workloads that are deployed on the different clusters to communicate with each other when they are managed by Red Hat Advanced Cluster Management.
Submariner, an open source tool that is built to connect overlay networks of different Kubernetes clusters using encrypted VPN tunnels, provides a solution to this challenge. Red Hat Advanced Cluster Management leverages Submariner to provide the network infrastructure over multiple OpenShift Container Platform clusters across the cloud providers, data centers, and regions. The applications or services that are deployed on different OpenShift Container Platform clusters in a ManagedClusterSet, which is a group of managed clusters, can connect with each other securely.
Let's start our new feature journey:
In this example, we provide the steps for you to complete these high-level steps to configure your Submariner connection:
- Provision two managed clusters on Amazon Web Services.
- Deploy Submariner on each managed cluster.
- Deploy an application to verify the cluster connections.
Prerequisites
You need the following things configured in your environment:
You need the following things configured in your environment:
- A Red Hat Advanced Cluster Management hub cluster.
- A
ManagedClusterSet
that is created on our Red Hat Advanced Cluster Management hub cluster. We created it with the following command:cat << EOF | kubectl apply -f -
apiVersion: cluster.open-cluster-management.io/v1alpha1
kind: ManagedClusterSet
metadata:
name: submariner
EOFManagedClusterSet
, see the documentation for Creating a ManagedClusterSet in the Red Hat Advanced Cluster Management documentation.
Provision our managed clusters on Amazon Web Services
Complete the following steps to provision your clusters:
- Log into the Red Hat Advanced Cluster Management hub cluster console.
- From the navigation menu, navigate to Automate infrastructure > Clusters.
- On the Clusters page, click Add Cluster.
- Select Create a cluster.
- Enter a name for the cluster. In this example, the name of the first cluster is
cluster1
. - Select Amazon Web Services for the infrastructure platform.
- Specify a Release image. Note: The minimum required OpenShift Container Platform version is 4.4.
- Click Create.
- Repeat the previous steps to create a second cluster. In this example, the name of the second cluster is
cluster2
. Note: The two cluster CIDRs (ServiceCIDR and ClusterCIDR) cannot overlap. To ensure this, configure the networking options when you createcluster2
and set the Cluster network CIDR and Service network CIDR manually. In this example, the values are10.132.0.0/14
and172.31.0.0/16
, respectively.
Deploy Submariner on the managed clusters
After the two clusters are created, complete the following steps on the Red Hat Advanced Cluster Management hub cluster:
- Create a
SubmarinerConfig
resource in each managed cluster namespace to prepare the Submariner cluster environment with the following commands:- For
cluster1
:
cat << EOF | oc apply -f -
apiVersion: submarineraddon.open-cluster-management.io/v1alpha1
kind: SubmarinerConfig
metadata:
name: subconfig
namespace: cluster1
spec:
credentialsSecret:
name: cluster1-aws-creds
EOF- For
cluster2
:
cat << EOF | oc apply -f -
apiVersion: submarineraddon.open-cluster-management.io/v1alpha1
kind: SubmarinerConfig
metadata:
name: subconfig
namespace: cluster2
spec:
credentialsSecret:
name: cluster2-aws-creds
EOF - For
- Label the managed clusters to deploy the Submariner on the managed cluster with following command:
oc label managedclusters cluster1 "cluster.open-cluster-management.io/clusterset=submariner" --overwrite
oc label managedclusters cluster1 "cluster.open-cluster-management.io/submariner-agent=true" --overwrite
oc label managedclusters cluster2 "cluster.open-cluster-management.io/clusterset=submariner" --overwrite
oc label managedclusters cluster2 "cluster.open-cluster-management.io/submariner-agent=true" --overwrite
After the Submariner is deployed, you can find the Submariner pods in submariner-operator
namespace on each managed cluster.
Deploy an application to verify the managed cluster connections
You can use an application to verify the managed cluster connections.
The application in this example consists of a web frontend, redis-leader service
for storage, and redis-follower service
for storage backup. In this example, we use a Red Hat Advanced Cluster Management application to deploy the frontend and redis-leader
service to cluster1
. We then deploy the redis-follower
service to cluster2
. To make this application work, the redis-leader
service and redis-follower
service should be able to access each other, so we use the serviceexports.multicluster.x-k8s.io
API to export them to each managed cluster.
Complete the following steps to deploy your application:
- Log into to Red Hat Advanced Cluster Management hub cluster console.
- From the navigation menu, navigate to Manage applications.
- On the Applications page, click Create application.
- Enter the application name and namespace.
- Select Git repository.
- Enter the application Git URL. For this example, it is
https://github.com/skeeey/acm-demo-app
. - Select the
main
branch and theguestbook
path. - Enter the managed cluster
cluster1
labelname=cluster1
. This selects the managed clustercluster1
to deploy to the application frontend. - Repeat steps 2-6.
- Select the
main
branch and theredis-leader
path. - Enter the managed cluster
cluster1
labelname=cluster1
. This selects the managed clustercluster1
to deploy to the applicationredis-leader
service. - Repeat steps 2-6.
- Select the
main
branch and theredis-follower
path. - Enter the managed cluster
cluster2
labelname=cluster2
. This selects the managed clustercluster2
to deploy to application theredis-follower
service.
After the application is deployed, you can access the application with a browser.
Conclusion
Throughout the blog, we outlined a flexible solution to connect the workloads on multiple OpenShift Container Platform clusters. Although this is a tech preview feature, you can try it out to see how easy it is to get started with this new feature.
We continue to add and enhance features to make it more powerful and easy to use, which you can view in our GitHub repository Submariner-addon. Join the open-cluster-management.io community and contribute your use cases and scenarios related to multicluster networking.
About the authors
More like this
Browse by channel
Automation
The latest on IT automation that spans tech, teams, and environments
Artificial intelligence
Explore the platforms and partners building a faster path for AI
Open hybrid cloud
Explore how we build a more flexible future with hybrid cloud
Security
Explore how we reduce risks across environments and technologies
Edge computing
Updates on the solutions that simplify infrastructure at the edge
Infrastructure
Stay up to date on the world’s leading enterprise Linux platform
Applications
The latest on our solutions to the toughest application challenges
Original shows
Entertaining stories from the makers and leaders in enterprise tech
Products
- Red Hat Enterprise Linux
- Red Hat OpenShift
- Red Hat Ansible Automation Platform
- Cloud services
- See all products
Tools
- Training and certification
- My account
- Developer resources
- Customer support
- Red Hat value calculator
- Red Hat Ecosystem Catalog
- Find a partner
Try, buy, & sell
Communicate
About Red Hat
We’re the world’s leading provider of enterprise open source solutions—including Linux, cloud, container, and Kubernetes. We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.
Select a language
Red Hat legal and privacy links
- About Red Hat
- Jobs
- Events
- Locations
- Contact Red Hat
- Red Hat Blog
- Diversity, equity, and inclusion
- Cool Stuff Store
- Red Hat Summit