OpenShift Multi-Cluster Management Handbook

OpenShift Multi-Cluster Management Handbook

by Giovanni Fontana, Rafael Pecora
Released November 2022
Publisher(s): Packt Publishing
ISBN: 9781803235288

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

Discover best practices for designing and scaling robust OpenShift clusters’ architecture for different workloads Manage multiple clusters on-premise or in the cloud using multi-cluster management tools to keep them secure and compliant Implement multi-cluster CI/CD on OpenShift using GitOps

Key Features

  • Discover best practices to design robust OpenShift architecture and scale them to different workloads
  • Understand the minimal collection of topics you should consider in your container security strategy
  • Implement multi-cluster CI/CD on OpenShift using GitOps

Book Description

For IT professionals working with Red Hat OpenShift Container Platform, the key to maximizing efficiency is understanding the powerful and resilient options to maintain the software development platform with minimal effort. OpenShift Multi-Cluster Management Handbook is a deep dive into the technology, containing knowledge essential for anyone who wants to work with OpenShift.

This book starts by covering the architectural concepts and definitions necessary for deploying OpenShift clusters. It then takes you through designing Red Hat OpenShift for hybrid and multi-cloud infrastructure, showing you different approaches for multiple environments (from on-premises to cloud providers). As you advance, you’ll learn container security strategies to protect pipelines, data, and infrastructure on each layer. You’ll also discover tips for critical decision making once you understand the importance of designing a comprehensive project considering all aspects of an architecture that will allow the solution to scale as your application requires.

By the end of this OpenShift book, you’ll know how to design a comprehensive Red Hat OpenShift cluster architecture, deploy it, and effectively manage your enterprise-grade clusters and other critical components using tools in OpenShift Plus.

What you will learn

  • Understand the important aspects of OpenShift cluster architecture
  • Design your infrastructure to run across hybrid clouds
  • Define the best strategy for multitenancy on OpenShift
  • Discover efficient troubleshooting strategies with OpenShift
  • Build and deploy your applications using OpenShift Pipelines (Tekton)
  • Work with ArgoCD to deploy your applications using GitOps practices
  • Monitor your clusters’ security using Red Hat Advanced Cluster Security

Who this book is for

This book is for a wide range of IT professionals using or looking to use OpenShift with a hybrid/multi-cloud approach. In this book, IT architects will find practical guidance on OpenShift clusters’ architecture, while Sysadmins, SREs, and IT operators will learn more about OpenShift deployment, troubleshooting, networking, security, and tools to manage multiple clusters from a single pane. For DevOps engineers, this book covers CI/CD strategies for multiple clusters using GitOps. Equipped with just basic knowledge of containerization and Kubernetes, you’re ready to get started.

Table of contents

  1. OpenShift Multi-Cluster Management Handbook
  2. Foreword
  3. Contributors
  4. About the authors
  5. About the reviewers
  6. Preface
    1. Who this book is for
    2. What this book covers
    3. To get the most out of this book
    4. Download the color images
    5. Download the example code files
    6. Conventions used
    7. Get in touch
    8. Share Your Thoughts
    9. Download a free PDF copy of this book
  7. Part 1 – Design Architectures for Red Hat OpenShift
  8. Chapter 1: Hybrid Cloud Journey and Strategies
    1. Main challenges of the public cloud
    2. Benefits of the public cloud
    3. Is hybrid cloud the solution?
    4. Containers and Kubernetes – part of the answer!
    5. OpenShift – a complete option
      1. OpenShift offerings – multiple options to meet any needs
      2. OpenShift installation modes
      3. OpenShift multi-cluster tools – going above and beyond
    6. Summary
    7. Further reading
  9. Chapter 2: Architecture Overview and Definitions
    1. Technical requirements
      1. Prerequisites
    2. Understanding the foundational concepts
      1. Master nodes
      2. Bootstrap node
      3. Workers
      4. Highly available cluster
    3. OpenShift architectural concepts and 
best practices
      1. Installation mode
      2. Computing
      3. Aggregated logging
      4. Monitoring
      5. Storage
      6. Example
    4. Infrastructure/cloud provider
    5. Network considerations
      1. VPC/VNet
      2. DNS
      3. Load balancers
      4. DHCP/IPMI/PXE
      5. Internet access
    6. Other considerations
      1. SSL certificates
      2. IdPs
    7. OpenShift architectural checklists
    8. Summary
    9. Further reading
  10. Chapter 3: Multi-Tenant Considerations
    1. What is multitenancy?
    2. Handling multiple tenants
      1. Multitenancy in OpenShift
      2. Multi-tenant strategies
      3. OpenShift multitenancy checklist
    3. Summary
    4. Further reading
  11. Chapter 4: OpenShift Personas and Skillsets
    1. Personas
      1. A system/cloud/platform administrator
      2. IT architect
      3. Application developer
      4. The DevOps engineer/SRE
      5. The security engineers
    2. The skills matrix
      1. Architecture-, infrastructure-, and automation-related skills
      2. Development-, container-, and CI/CD-related skills
      3. OpenShift-related skills
    3. Summary
    4. Further reading
  12. Part 2 – Leverage Enterprise Products with Red Hat OpenShift
  13. Chapter 5: OpenShift Deployment
    1. Requirements
      1. OpenShift checklist opt-in
      2. Lab requisites
    2. OpenShift installation prerequisites
      1. UPI/agnostic installer
      2. IPI
    3. Preparing for the installation
      1. An SSH key pair
      2. Pull secret
      3. OpenShift installer binary
      4. OpenShift command-line tools
      5. Installation configuration file (install-config.yaml)
    4. Installation
      1. Phase 1 – Provisioning servers
      2. Phase 2 – Bootstrap and control plane
      3. Phase 3 – Check for certificates to sign – For UPI and agnostic installations only
      4. Phase 4 – Finishing the installation
    5. What's next?
    6. FAQs
    7. Summary
    8. Further reading
  14. Chapter 6: OpenShift Troubleshooting, Performance, and Best Practices
    1. Things that can crash a cluster
      1. Operators
      2. etcd
      3. Authentication
    2. Troubleshooting reference guide – how to start
      1. Describing objects
      2. Events
      3. Pod logs
      4. Deployment logs
      5. Debugging pods
      6. Operator logs
      7. Other oc CLI commands and options
    3. Understanding misleading error messages
      1. ImagePullBackOff
      2. CrashLoopBackOff
      3. Init:0/1
    4. Summary
    5. Further reading
  15. Chapter 7: OpenShift Network
    1. OpenShift networking
      1. How does traffic work on Open vSwitch?
      2. Network type – OpenShift SDN or OVN-Kubernetes
    2. Network policies
      1. North-south traffic
      2. East-west traffic
      3. Controlling network traffic
      4. Creating a network policy
    3. What is an ingress controller?
      1. How does an ingress operator work?
      2. Creating a new ingress controller
      3. Testing the new ingress
    4. Types of routes
      1. Passthrough routes
      2. Edge routes
      3. Reencrypted routes
    5. Summary
    6. Further reading
  16. Chapter 8: OpenShift Security
    1. Container security
      1. Control
      2. Protect
      3. Detect and respond
    2. AuthN and AuthZ
      1. Authentication
      2. IdPs
      3. Authorization – RBAC
      4. Access-control troubleshooting
    3. Certificates in OpenShift
      1. Trusted CA
    4. etcd encryption
    5. Container isolation
      1. SCCs
    6. Network isolation
    7. Red Hat Container Catalog
      1. Red Hat UBI
      2. Limiting image registry sources
    8. Summary
    9. Further reading
  17. Part 3 – Multi-Cluster CI/CD on OpenShift Using GitOps
  18. Chapter 9: OpenShift Pipelines – Tekton
    1. Technical requirements
      1. Installing and using CRC
    2. What is OpenShift Pipelines?
      1. What is Tekton?
      2. Main benefits
      3. Tekton components
      4. Concepts
    3. Installing OpenShift Pipelines
      1. Prerequisites
      2. Installation
      3. Installing the tkn CLI
    4. Creating a Tekton pipeline from scratch
      1. Tasks
      2. TaskRun
      3. Pipelines
      4. PipelineRun
    5. Using triggers with GitHub webhooks
      1. TriggerBinding
      2. TriggerTemplate
      3. Trigger
      4. EventListener
      5. Creating a GitHub webhook
      6. Testing the Tekton trigger
    6. Fixing the failed PipelineRun due to YAML issues
    7. Summary
    8. Further reading
  19. Chapter 10: OpenShift GitOps – Argo CD
    1. What is GitOps?
    2. What is Argo CD?
    3. Application delivery model
    4. Installing OpenShift GitOps
      1. Prerequisites
      2. Installation
      3. Installing the argocd CLI
    5. Configuring Argo CD against multiple clusters
    6. Argo CD definitions and challenges
      1. GitHub repository structure
      2. Templating Kubernetes manifests
      3. Managing secrets
    7. Argo CD main objects
      1. AppProject
      2. Applications
    8. Deploying an application using GitOps
      1. Building a new image version
      2. Deploying in development
      3. Promoting to QA
      4. Promoting to production
    9. Deploying to multiple clusters
    10. Summary
    11. Further reading
  20. Chapter 11: OpenShift Multi-Cluster GitOps and Management
    1. What is Red Hat ACM?
    2. Red Hat ACM installation
      1. Prerequisites
      2. Installation
    3. Managing clusters using Red Hat ACM
      1. Cluster provisioning
    4. Managing applications using Red Hat ACM
      1. Application Subscription model
      2. OpenShift GitOps (Argo CD) and ApplicationSets
    5. Governance using Red Hat ACM
    6. Multi-cluster observability with Red Hat ACM
      1. Prerequisites
      2. Enabling the observability service
    7. Summary
    8. Further reading
  21. Part 4 – A Taste of Multi-Cluster Implementation and Security Compliance
  22. Chapter 12: OpenShift Multi-Cluster Security
    1. What is Red Hat Advanced Cluster Security?
    2. Red Hat Advanced Cluster Security installation
      1. Prerequisites
      2. Operator installation
      3. ACS Central installation
    3. Adding secured clusters
    4. Policies and violations
      1. Security policies
      2. Violations
    5. Vulnerability management
    6. Risk profiling
    7. Compliance
    8. Configuration Management
    9. Network segmentation
      1. Network flows
      2. Network Policy Simulator
    10. Summary
    11. Further reading
  23. Chapter 13: OpenShift Plus – a Multi-Cluster Enterprise Ready Solution
    1. Introducing Red Hat Quay
    2. Deploying Red Hat Quay using the Quay Operator
      1. Prerequisites
      2. Operator installation
      3. Configuring Quay
    3. Using Red Hat Quay
      1. Running the tutorial
    4. What is OpenShift Plus?
      1. Value proposition: benefits
    5. OpenShift Plus – a practical use case
    6. Summary
    7. Further reading
  24. Chapter 14: Building a Cloud-Native Use Case on a Hybrid Cloud Environment
    1. Use case description
    2. Application build using OpenShift Pipelines and S2I
      1. Configuring the image registry
      2. Linking image registry credentials
      3. Checking the image on Quay
    3. Application deployment using OpenShift Pipelines and GitOps
    4. Adding security checks in the building and deployment process
      1. Fixing security issues
    5. Provisioning and managing multiple clusters
      1. Provisioning new clusters
      2. Cluster governance
    6. Deploying an application into multiple clusters
    7. Summary
    8. Further reading
  25. Part 5 – Continuous Learning
  26. Chapter 15: What’s Next
    1. Red Hat training
      1. Training and certifications
    2. Online learning platforms
    3. Free training and references
      1. OpenShift Container Platform Demo and Workshop Guide
      2. OpenShift 4 101 Workshop
      3. Open Demos
      4. Red Hat Developer portal
      5. YouTube and Twitch
      6. Blogs
      7. Product documentation
    4. Summary
    5. Final words
  27. Index
    1. Why subscribe?
  28. Other Books You May Enjoy
    1. Packt is searching for authors like you
    2. Share Your Thoughts
    3. Download a free PDF copy of this book

Product information

  • Title: OpenShift Multi-Cluster Management Handbook
  • Author(s): Giovanni Fontana, Rafael Pecora
  • Release date: November 2022
  • Publisher(s): Packt Publishing
  • ISBN: 9781803235288