Microsoft Azure Red Hat OpenShift multi-cluster and Azure container registry integration
Marcel Hild, Red Hat Managed OpenShift Black Belt and Kevin Harris, Microsoft Azure Global Black Belt, will teach you about multi-cluster integration for Azure Red Hat OpenShift, as well as the Azure container registry and how this can help you scale efficiently and manage your applications in a cloud-native environment.
Meet the speakers
Kevin Harris (00:01):
Welcome everyone to the Microsoft Azure Red Hat® OpenShift®, also known as ARO, video series. My name is Kevin Harris, part of the Azure Global Black Belt App Innovation Team. I love to help customers and partners build cloud native solutions on top of Azure. I'll be one of your hosts today.
Marcel Hild (00:15):
My name is Marcel. I work at Red Hat as a Managed OpenShift Black Belt and I love to solve cloud native problems. In today's session, we will talk about an Azure Red Hat OpenShift multi-cluster environment. Kevin?
Kevin Harris (00:31):
Let's get things started. So on that topic, Marcel, what exactly is multi-cluster? Maybe we should define that for our audience so everybody's on the same page.
What is a multi-cluster environment?
Marcel Hild (00:39):
Sure. So clusters are used for making your workloads and applications highly available. So if one node goes down, it doesn't bring down with itself the whole service. Actually, let me draw that on the whiteboard.
Kevin Harris (00:55):
I think that'd be good. Yeah, pictures are worth a thousand words.
Marcel Hild (00:59):
So you would segment your clusters either by workload type, like database and front end, or by their usage type, like you would have here your "dev" cluster and your test cluster and your production cluster. If you deploy an ARO cluster, you are already deploying multiple machines, multiple nodes. So it comes with at least three master nodes for the control plane, and multiple worker nodes for your workloads and applications. And you will be placing these nodes into multiple availability zones. Here is AZ1, AZ2, and AZ3. You get that for even higher availability.
(02:03)
Now if you're deploying these clusters, you already have a multi-cluster environment, but you can go even further and also include other Azure clusters that are, for example, installer-provisioned, or on-prem clusters for like your local data that is running inside your factory, or development clusters for your developers. The nice thing about the cloud is that it takes only under 60 minutes to spin up an Azure cluster, configure it, and have it readily available. So that in essence means that you can treat a cluster as an ephemeral entity, which you can bring rapidly up, tear down, and take advantage of multiple clusters being spun up at the time. Cool. So now that we defined multi-clusters and have those clusters, how do we get applications onto them?
Applications and multi-cluster environments
Kevin Harris (03:16):
So I think the key thing, when I think about applications, I've been a developer for many years. We think about basically having compute and data close to one another. In this case, the application and the database. The data in our case are container images. Those container images need to reside somewhere. In our case, they'll reside in what we call a container registry. Some of the key things around a container registry, it has the repository, it has tags, has all those images, and we wanna make sure that that's highly available. It's geo-replicated and we wanna make sure that that's actually close to the compute. I don't wanna be pulling those images, you know, halfway around the world. With that, what does ARO provide for a container registry?
Azure container registry
Marcel Hild (03:53):
Sure. Like every Red Hat OpenShift installation, also ARO comes with its built-in container registry.
Kevin Harris (04:01):
Actually Marcel, should we go to the board?
Marcel Hild (04:02):
I love the whiteboard.
Kevin Harris (04:04):
Okay, let's go.
Marcel Hild (04:06):
Okay. So you deployed your development cluster and you enabled the internal registry…
(04:14)
…out of the box. And since we're running on Azure, you can make use of the various storage options that Azure provides. So that makes sure that your images are securely saved to dist, they are encrypted at rest, and they're available inside your cluster. This makes it a really out-of-the-box experience when working with images in a single cluster. You could also enable the registry for outside usage. So you have some other cluster also access that registry. This way you could deploy a centralized registry inside your region. But since we're talking about multi-cluster, probably also on a worldwide level, does Azure provide us something to scale us beyond regions?
Scaling a registry beyond regions in Azure
Kevin Harris (05:07):
Yeah. In Azure we have what we call Azure Container Registry. So one of the key features around Azure Container Registry is geo-replication. So we can use this as a centralized registry for within a region, and then we can also use it to replicate data across regions. So what I mean by that is we could push a container image into Azure Container Registry, use its geo-replication capabilities to say, go from West Europe over to East U.S. and Singapore. Again, nothing else I need to do, it’s just configuration. So that's one of those great capabilities. The other thing we can do is we can add Azure Defender to help essentially secure this. You can think of this as supply chain management. So I can now scan every single container image that goes inside there. I can look for vulnerabilities and then I can block those vulnerabilities from getting into any of these clusters. So Marcel, now we've defined "multi-cluster", we've talked about the different container registry options, how do ARO and Azure container registry work together?
Azure Red Hat OpenShift and the Azure container registry
Marcel Hild (06:11):
They work real well together. It's really straightforward. You just need to configure the ACR pull secret inside the ARO cluster, and then the cluster can pull down images from ACR. The pull secret is used for authentication and communicating securely with ACR obviously. The nice thing is that you can also configure the internal registry to act as a cache. So the first time the image is pulled from ACR, we start inside the internal registry, and then the second time a container boots up. It's essentially faster, reduces latency, and makes your workloads even more flexible to be started up.
Kevin Harris (06:58):
Essentially, it's optimized. You're not having to constantly use up all that network bandwidth pulling from like centralized registry. Kind of cache at local, leverage that in that local ARO cluster, and then go from there.
Marcel Hild (07:07):
Exactly. Very cool. Thanks for the explanation. So to sum it up, multi-cluster provides high availability and flexibility for managing your workloads and applications. And Azure Container Registry provides a centralized way to manage, store, and secure your container images.
Kevin Harris (07:26):
Exactly Marcel. The integration between the two, between Azure Red Hat OpenShift, and Azure Container Registry, allow you to build highly scalable applications in a cloud native environment. If you'd like to know more about Azure Red Hat OpenShift and how it can help you scale to meet your business needs, please check out the other videos in the series. Thank you.