Deploying Red Hat OpenShift Dedicated clusters to Shared Virtual Private Cloud on Google Cloud

We are pleased to announce the provisioning of Red Hat OpenShift Dedicated clusters to Shared Virtual Private Cloud (VPC) on Google Cloud is now generally available. This article describes the benefits of adopting the Shared VPC deployment pattern and also walks you through setting up an OpenShift Dedicated cluster in a Shared VPC on Google Cloud.

Shared VPC (formerly known as Cross-Project Networking or xPN) allows organizations to connect resources from multiple projects to a common VPC network so that they can communicate securely and efficiently using internal IP addresses from that network. Shared VPC simplifies network management, allows consistent network policies and provides a centralized view of network resources.

Shared VPC introduces two concepts: A host project and a service project.

• Host project: The Google Cloud Platform project that hosts the shared VPC and other network resources.
• Service project: The Google Cloud Platform project that consumes the shared VPC network.

The Google Cloud Platform organization admin must first enable a Google Cloud Platform project as a host project and then attach one or more service projects to it. The participating host and service projects cannot belong to different organizations in the Google Cloud resource hierarchy. The OpenShift Dedicated cluster is deployed in a service project using Shared VPC resources from the host project. 

Benefits and use cases of Shared VPC

Scaling and VPC peering:

• As per the default Google Cloud quota, users can add up to 25 VPC peering connections per VPC. Shared VPC lets Google Cloud Platform projects communicate over shared VPC networks and this default Google Cloud VPC peering quota limitation can be avoided.
• Users can create up to 100 host projects in a single Google Cloud Platform organization and assign up to 1000 service projects per host project.

Simplified network management:

• The Google Cloud Platform organization admin can delegate network resources to the individual service project admins while maintaining centralized and fine-grained control over those shared network resources.

Network segmentation:

• Shared VPC enables users to implement network segmentation for different environments (e.g., production and staging) with isolated access, promoting effective application lifecycle management.
• A dedicated service project can be created per department, team, or development/deployment environment.

Deploying OpenShift Dedicated into a shared VPC on Google Cloud

You can purchase OpenShift Dedicated through Red Hat Sales, Google Cloud Marketplace, Red Hat Marketplace, or authorized Red Hat partners. You can then use Red Hat OpenShift Cluster Manager to deploy OpenShift Dedicated into a Shared VPC on Google Cloud.

Complete the prerequisites for installing OpenShift Dedicated in Google Cloud Platform. Also, make sure the organization admin has enabled a Google Cloud Platform project as a host project in the Google Cloud and attached the Google Cloud Platform project where the OpenShift Dedicated must be installed as the service project to it. Refer to Google Cloud documentation on Provisioning Shared VPC. 

Procedure:

1. Log in to OpenShift Cluster Manager Hybrid Cloud Console and start the OpenShift Dedicated cluster creation wizard.
2. Under the Billing model, configure the subscription type and infrastructure type.
3. Select Run on the Google Cloud Platform.
4. Review and complete the listed cluster provisioning prerequisites. Select the checkbox to acknowledge that you have read and meet all the prerequisites. Next, provide your Google Cloud Platform service account private key in JSON format.
5. On the Cluster details page, provide a name for your cluster, select the version, set the Google Cloud Platform region, and specify the other cluster details. To install a cluster into a shared VPC, you must use OpenShift Dedicated version 4.13.15 or above.
6. On the Default machine pool page, select a compute node instance type and count for your default machine pool.
7. On the Network configuration page, specify the network access configuration for your cluster. By default, a new VPC will be created for your cluster. For installing OpenShift Dedicated into a Shared VPC, first, opt to Install to an existing VPC and then, on the next page, select Install into Google Cloud Platform shared VPC. 

8. On the VPC settings page, specify your Host Project ID and the shared VPC name and subnets. OpenShift Dedicated will be installed in this shared VPC network.
9. Continue with the rest of the configuration in the OpenShift Dedicated cluster creation wizard. Review the summary of your selections and click Create cluster to start the cluster installation.
10. At this point, the cluster enters the "Installation waiting" stage. The OpenShift Dedicated user must contact the owner of the host project to grant additional roles.

11. The owner of the host project must assign the following roles in Google Cloud to the service account dynamically generated by the OpenShift Dedicated wizard: Computer Network Administrator, Compute Security Administrator and DNS Administrator.
    
    The owner of the host project has 30 days to grant the listed permissions before the cluster creation fails.

12. Once the required roles are granted to the host project, the OpenShift Dedicated wizard resumes the installation. Cluster creation can take about 30 to 60 minutes to complete.

You can monitor the progress of the installation on the Overview page for your cluster. The cluster is ready when the Status in the Details section of the page is listed as Ready.

Ready to harness the power of Google Cloud's Shared VPC and OpenShift Dedicated?

Shared VPC is an effective way to extend the architectural simplicity of a single VPC network across multiple working groups. Take advantage of the flexible consumption model and easy procurement of OpenShift Dedicated from the Google Cloud Marketplace. You can also retire a portion of your Google Cloud committed spend when purchasing OpenShift Dedicated.

Red Hat OpenShift Dedicated is a fully managed application platform that helps you more quickly build, deploy and scale applications, rather than having to deal with the underlying infrastructure. Get started with OpenShift Dedicated on Google Cloud today.

Additional resources on this topic

• Shared VPC in Google Cloud
• Steps to provisioning Shared VPC in Google Cloud documentation
• Steps to Create a cluster on Google Cloud Platform in OpenShift Dedicated documentation
• Cloud deployment options in OpenShift Dedicated documentation
• OpenShift Dedicated on Google Cloud Marketplace listing