How to implement Microsoft Azure Red Hat OpenShift

Red Hat OpenShift is a platform of choice for application modernization and cloud-native development. OpenShift makes the most of heterogeneous cloud environments and modern architectures that rely on microservices and serverless patterns. This approach brings in a dramatic reduction in the time developers need to create applications, making teams much more responsive and flexible whenever they need to change applications or include new features.

OpenShift also provides multiple layers of Kubernetes security to the entire container lifecycle. Starting at the build phase from the image registry through deployment and runtime, OpenShift helps improve the security posture of both the applications running in a container and the infrastructure of the container itself.

Additionally, OpenShift allows infrastructure and developer teams to  keep their options open and run workloads precisely where and how they need them. OpenShift is at the heart of Red Hat’s open hybrid cloud strategy because it can be deployed on-premises or on any type of cloud. This type of agility in a hybrid cloud solution gives organizations and advantage, because flexibility is key

There are many benefits in using OpenShift, one of them being the change of mindset that leads to the adoption of DevOps and DevSecOps methodologies, as shared by more and more developers every day.

The tasks involved in operating and making sure OpenShift is up to date and compliant can be daunting, however, and require specialized skills. Self-hosted OpenShift requires an investment in infrastructure that isn’t practical for every team or organization. 

Organizations that are lacking either these skills or infrastructure can still take full advantage of OpenShift with Microsoft Azure Red Hat OpenShift. Azure Red Hat OpenShift has the same features as self-hosted and on-premise versions of Red Hat OpenShift, but it is jointly managed by Red Hat and Microsoft so users don't have to worry about update cycles and maintenance. Organizations using Azure Red Hat OpenShift are able to precisely track their expenditure on the Microsoft Azure portal, benefitting from future forecasting as well as the ability to set a maximum budget thresholds for consumption.

When laying the groundwork for solutions like this, we want to first ensure we have a common language. In this section we’ll help define the foundational components that play a part in deployment and implementation. 

DevOps and DevSecOps defined

DevOps is a set of practices and tools that combine software development and IT operations into one operating model. The purpose is to speed up application and service delivery and enhance collaboration between teams. DevOps can shorten development lifecycles by facilitating constant collaboration and feedback from discovery phases all the way through deployment and observation. 

DevSecOps is the adoption of DevOps practices within the security organization. Here, security becomes an integrated component to the tools and processes in the lifecycle of all IT assets and applications.

Exploring the difference between multicloud and hybrid cloud environments

A multicloud solution includes multiple cloud services where each performs a separate function for the business. This can be because one cloud provider is better equipped to handle a specific function, while another is better for other functions. So each function can seamlessly operate irrespective of the others in multiple different clouds.;

A hybrid cloud is a solution in which applications run in a combination of different environments, including physically on-premise, and virtually in the cloud. The option of running in a cloud environment is not locked in, so it can be public, or private, or even a combination of both, where each application is able to operate across a common platform, regardless of location or provider.

For example, Red Hat often works with customers who run a development or testing environment in a public cloud, while quality engineering is in a private cloud, and finally, the production environment is hosted on-premise. A hybrid cloud solution spans across this entire estate, allowing for versatility in managing applications, taking the complexity of the environment, and ‌simplifying the end result.

Reducing complexity and avoiding lock-in with a hybrid cloud

Open hybrid cloud is Red Hat's recommended strategy for architecting, developing, and operating a hybrid mix of applications, delivering a truly flexible cloud experience with the speed, stability, and scale required for digital business transformation.

Red Hat’s open hybrid cloud strategy is built on the technological foundation of Red Hat Enterprise Linux®, Red Hat OpenShift®, and Red Hat Ansible® Automation Platform. This strategy gives developers a common application environment to develop, orchestrate, and run their applications, while giving system administrators and operations teams a common operating environment to manage their infrastructure. With this consistency across environments,  you can deliver automated IT infrastructure.

What is Red Hat OpenShift?

OpenShift is a unified platform powered by Kubernetes for building, modernizing, and deploying applications at scale. It delivers a consistent experience across public clouds, on-premises, hybrid clouds, and even edge architectures. Adding this unification across platforms builds the consistency and stability that allows for. 

What is Microsoft Azure? 

The Azure cloud platform has more than 200 products and cloud services designed to help you bring new solutions to life—to solve today’s challenges and create the future. Build, run, and manage applications across multiple clouds, on-premises, and at the edge, with the tools and frameworks of your choice.

What is Azure Red Hat OpenShift?

Microsoft Azure Red Hat OpenShift is a turnkey application platform that provides highly available, fully managed Red Hat OpenShift clusters on demand. Red Hat and Microsoft jointly engineer, manage, and support the platform, allowing organizations to increase operational efficiency, refocus on innovation, and quickly build, deploy and scale applications.

Deploy Azure Red Hat OpenShift following the recommendations in the Azure Red Hat OpenShift landing zone accelerator (the code for it is in this GitHub repo). Microsoft has created landing zone accelerators to facilitate and accelerate the creation of Azure environments tailored to the workloads that they will host.

From a network perspective, the traffic that goes to the Azure Red Hat OpenShift cluster (ingress traffic) as well as the traffic that goes out of it (egress traffic) must be controlled and have security policies enforced. If you want to have a private cluster, one of the options for the former is to use the Azure Front Door service (which is specifically for Azure Red Hat OpenShift) and combine it with Azure Private Link.

In this way, the applications running on the cluster will be exposed to users that have access to the Azure Front Door subnet. These applications run behind the Azure Standard Load Balancer. Apart from this, Azure Red Hat OpenShift has a built-in ingress controller and routes that provide advanced HTTP routing, improved security and a single endpoint for all the applications in the cluster.

In Figure 1 we can see that users will utilize Azure Front Door’s IP address to send a request for the application they want to consume. This service will use Azure Private Link to get to the internal load balancer and, from there, to the requested application in the cluster.

The pods in the cluster will need access to other Azure services, some of which are also represented in Figure 1. In order to build the images for the containers, they need a registry, such as the Azure Container Registry. It is strongly recommended that Azure Active Directory is integrated with an organization's identity provider to add another layer of security, and to use Azure Key Vault secrets to manage cluster secrets. To round this up, the cluster can also be connected to Azure Arc-enabled Kubernetes to better protect certificates, secrets and connection strings and to monitor the cluster. Alternatively, you can use Red Hat Advanced Cluster Security for Kubernetes.

There should be a subnet of private endpoints for communication between the Azure Red Hat OpenShift cluster and the rest of the Azure services. It is also advised that you use Azure Private Link for the connection to the Azure Container Registry.

It is recommended that the traffic that goes from the Azure Red Hat OpenShift cluster to the internet (egress traffic) go through Azure Firewall. Figure 2 also shows the recommended way for users to access the cluster itself (not the applications running on it) by connecting to a virtual machine (VM) deployed using the Azure Bastion service.

If you want to make the most of Red Hat OpenShift on scalable infrastructure without having to deal with your own management or maintenance, Azure Red Hat OpenShift is a great option. Following the recommendations in the Azure Red Hat OpenShift landing zone accelerator will help you get started with this robust and flexible enterprise Kubernetes platform for developing and running cloud-native applications.

Learn more about on-demand, managed OpenShift from Azure and Red Hat

Checklist: 4 benefits of Azure Red Hat OpenShift >>

	Checklist: 4 benefits of Azure Red Hat OpenShift >>
	Already an Azure customer? Learn how to use your Azure committed spend funds for Red Hat OpenShift on Azure. Brief: Use Microsoft Azure Consumption Commitment for Red Hat solutions >>
	Ready to get started? Try Azure Red Hat OpenShift >>