Hosted Control Planes Is Here as Tech Preview!

Customers care about applications and workloads first and foremost. There are many routes to host applications securely and reliably at scale; however, this comes with the cost of additional management and operational overhead.

To truly focus on applications and reduce management overhead, optimize cluster deployment time, and enable separation of concerns between management and workloads, we’re pleased to announce hosted control planes for Red Hat OpenShift. Based on the HyperShift project, hosted control planes is now available on Amazon Web Services (AWS) as a technology preview feature enabled through the multicluster engine for Kubernetes operator version 2.0.

In future releases, we plan to expand support for providers, such as Azure, KubeVirt, and Baremetal (via the Assisted Installer agent workflow), which are currently available in developer preview state.

Hosted Control Planes: Same OpenShift, Different Architecture

A Kubernetes/OpenShift cluster consists of a control plane that includes an API endpoint, a storage endpoint, a workload scheduler, an active actuator that ensures state, and a data plane. The data plane mainly covers the hot path, such as compute, storage, and networking, where workloads and applications live.

In standalone OpenShift, the control plane and data plane are coupled in terms of locality. The control plane is hosted by a dedicated group of nodes with a minimum number to ensure a quorum, the network stack is shared, and adminstrator access to the cluster means visibility into the cluster's control plane, and machine management APIs, and other system components that contribute to the cluster’s livelihood.

While this is desirable in some cases, it does not quite cover customers' broad range of use cases.

Red Hat now offers hosted control planes in addition to standalone OpenShift. Hosted control planes for Red Hat OpenShift decouples the control plane from the data plane (workers), separates network domains, and provides a shared interface through which administrators and Site Reliability Engineers (SREs) can easily operate a fleet of clusters. Now, the control plane acts and behaves like any other workload. The same rich stack used to monitor, secure, and operate your applications is re-used for managing the control plane.

Why Hosted Control Planes?

Hosting workloads on fewer larger clusters was sufficient in the past. However, there’s a growing need for distributing workloads across multiple clusters across hybrid topologies to overcome cluster scale limitations, satisfy location constraints (e.g., availability, locality, latency), and improve workload isolation with better separation of concerns.

With a growing number of clusters, a single pane of glass is needed to provide consistent management and operational experience. Hosted control planes simplifies fleet management by providing the following benefits to overcome many of today’s multi-cluster management challenges: 

• Time to value: how fast/long it takes to run workloads. Hosted control planes focus on reducing the time it takes to deploy Control Plans from infrastructure to readiness. This improves developer productivity and time to complete jobs for CI/CD use cases, which in turn reduces overhead. 
• Cost to value: as opposed to standalone OpenShift, where control planes are hosted on dedicated infrastructure nodes. Hosted control planes allow multiple cluster control planes to be hosted as workloads that share the hosting service's cluster nodes, which reduces infrastructure costs.
• Strong separation of concerns: Workloads and control planes have different requirements (security/availability) and personas (end-users and developers vs. service and infrastructure providers). Delegating the responsibility of hosting the control plane to a separate persona keeps the data plane dedicated to hosting workloads and reduces the human-error margin (e.g., accidentally deleting the control-plane infrastructure). 

Let’s dig more…. Hosted control planes might resonate with you if any of the following applies to you:

Hosted control planes might also resonate with you if you are a(n):

• Infrastructure administrator who wants to increase server utilization by using it to host the control planes of multiple clusters as efficiently as possible. Hosted control planes can help by allowing the control plane from multiple clusters to be shared on the same host/node. Unlike standalone OpenShift, hosted control planes for OpenShift do not require dedicated nodes to host the control plane.
• Network administrator who defines a strict network security policy that mandates (1) network separation between the cluster control plane and the data plane and (2) only allows application workloads on the data plane. Hosted control planes help by using the management cluster network domain to host the Control Plane network and a dedicated network domain for each hosted cluster (an OpenShift cluster with hosted control planes). The hosted cluster networking is disjointed from the networking of the hosting service cluster, where the control planes of hosted clusters live.
• Cluster administrator who wishes to upgrade the control plane only without upgrading the entire cluster. Hosted control planes facilitate the maintenance of the control plane versus workers due to the natural decoupling in the architecture, which does not require an upgrade for the entire cluster.
• Developer who cares more about developing and testing an application than waiting for a cluster or infrastructure to be ready or who wants strong API boundaries to test a potentially leaky codebase. Hosted control planes reduce the time and barriers to a working cluster and make one cluster per application (if desired) easily attainable.

Hosting control planes provides the greatest benefit at scale. Hosted control planes requires one or more hosting service clusters (to host the control planes of the fleet). For larger cluster deployments with hundreds of nodes or smaller clusters with fewer nodes, the benefit of this OpenShift topology is minimal due to the fixed cost of the hosting service cluster(s). Conversely, for larger deployments, the cost of the hosting service cluster is flattened and there are noticeable savings in infrastructure costs. 

In addition, because hosted control planes provides cost, provisioning time optimizations, and decouples the control plane from workloads, hosted control planes is well suited for multi-cluster use cases. For example, hosting clusters with specific characteristics, workload tiering (workload or tenant per cluster), flexible upgrades (control planes can be upgraded independently of workers), and so on.

The Big Picture

Hosted control planes for Red Hat OpenShift is one of many form factors of OpenShift. By providing one or more hosting service clusters to host control planes as workloads, we’re able to provide a clear separation of concerns, a path to economies of scale with reduced management and operational overhead, as well as flexibility in how customers choose to host their workloads, which is a cost- and time-efficient way to deliver value.

Hosted control planes builds on the same foundation the industry and the community have strived to solidify over the past few years. It’s the same OpenShift and the same standards underneath for networking (CNI), runtime (CRI), storage (CSI), and last but not least cluster lifecycle via Cluster API.

A hosted cluster with a hosted control plane is still a single cluster. Multicluster engine for Kubernetes, available as an operator alongside your OpenShift subscription, which is part of base OpenShift subscription provides a single pane of glass to lifecycling clusters regardless of form factor you choose. Optionally, Red Hat Advanced Cluster Management provides the rest of the necessary tooling when the operand is not just a single cluster, but a fleet of clusters. 

Try It!

As mentioned earlier, hosted control planes is now available as a technology preview feature when enabled as an add-on via the multicluster engine for Kubernetes operator 2.0. The following are the high-level steps required to deploy OpenShift clusters with hosted control planes. Review the documentation for more details.

Install the Multicluster Engine for Kubernetes Operator

Follow the documentation to install the multicluster engine for kubernetes operator.

Enable the HyperShift Preview Feature

Remember, OpenShift with hosted control places is a feature based on the HyperShift project, so ensure the feature gate for hypershift-preview is set to true in your instance of the MultiClusterEngine created in the preceding step:

apiVersion: multicluster.openshift.io/v1
kind: MultiClusterEngine
metadata:
  name: multiclusterengine-sample
spec:
  availabilityConfig: High
  overrides:
    components:
    - enabled: true
      name: hypershift-preview
  targetNamespace: multicluster-engine

This ensures the necessary controllers to reconcile your HyperShiftDeployment are in place. 

Enable the HyperShift Managed Cluster Add-On

To tell the multi-cluster engine operator which OpenShift cluster will host the control planes to become the hosting service cluster, you need to create a ManagedClusterAddon resource with its coordinates.

apiVersion: addon.open-cluster-management.io/v1alpha1
kind: ManagedClusterAddOn
metadata:
  name: hypershift-addon
  namespace: <namespace of your MCE managed Cluster> # the managed OCP cluster you want to install hypershift operator on
spec:
  installNamespace: open-cluster-management-agent-addon

This starts deploying the HyperShift operator, which is responsible for lifecycling hosted clusters, or OpenShift clusters with hosted control planes. 

Start Creating Clusters 

Finally, create hosted clusters using the HyperShiftDeployment API: 

apiVersion: cluster.open-cluster-management.io/v1alpha1
kind: HypershiftDeployment
metadata:
  name: hypershift-demo
  namespace: default
spec:
  hostingCluster: hosting-cluster-name     

  hostingNamespace: clusters     # specify the namespace to which hostedcluster and noodpools belong on the hypershift management cluster.
  infrastructure:
    cloudProvider:
      name: <my-secret>
    configure: True
    platform:
      aws: 
        region: <region>

To customize your hosted cluster configuration, review the documentation. 

What’s Next?

Hosted control planes for Red Hat OpenShift is a big step forward in reducing the management and operational overhead of managing OpenShift clusters at scale. We offer it today for self-managed OpenShift as a technology preview via the multicluster engine for Kubernetes operator. 

In the future, we are looking to expand support for more providers as we incorporate more feedback. If you’re interested in hosted control planes, or have a particular use case in mind, please reach out to your Red Hat representative so we can record your interest. Furthermore, stay tuned for more applications of this OpenShift form factor in our portfolio.

To help you learn more about hosted control planes for Red Hat OpenShift, check out the following resources:

• Leveraging hosted control planes with OpenShift
• An Introduction to the new Hypershift Topology (demo included)
• HyperShift project documentation
• The developer preview repository for developer preview providers