This solution introduces Red Hat OpenShift Container Platform and the benefits of running OpenShift on Google Cloud Platform (GCP), such as:
OpenShift enables running and supporting stateful and stateless applications without needing to completely re-architect your application.
OpenShift uses the Red Hat Enterprise Linux operating system as its foundation, providing a stable and secure foundation for your applications.
OpenShift natively integrates technologies such as Docker and Kubernetes, a powerful cluster manager and orchestration system for running your Docker containers.
OpenShift equips customers with an enterprise-grade Kubernetes environment, and all the tools and services they need to create, edit, deploy, and manage container-based applications at scale across a hybrid cloud environment. The service integrates the architecture, processes, platforms, and services that empower development and operations teams to build applications that move their business forward. OpenShift enables mission-critical, traditional applications to coexist with cloud-native or container-based applications.
The following diagram provides an overview of OpenShift components and functionality, including GCP components that you can integrate seamlessly with your deployment.
OpenShift utilizes two types of Google Compute Engine virtual machines: nodes and masters. Nodes contain pods, groups of one or more containers, that host your containerized applications. A native implementation of Kubernetes orchestrates these pods. The master controls and manages the OpenShift environment, and provides additional services such as authentication and the OpenShift API. The master also acts as a nexus point for your developers and system administrators, enabling them to interact with the platform using the tools and services they use every day. OpenShift uses Google Cloud Platform networking products to connect the machines together, and provide an external connection so your applications can talk to the outside world.
OpenShift leverages several other GCP resources for critical components. Cloud Storage provides persistent storage for your applications. You can store your Docker images with OpenShift's default registry, or with Google Cloud Container Registry. Applications can leverage any Google service that fits your use case, such as Google BigQuery, or Google Cloud Machine Learning.
Running OpenShift on GCP
OpenShift on GCP enables you to deploy stateful and stateless applications with nearly any language, framework, database, or service. Because OpenShift natively integrates Google technology such as Kubernetes, your applications are built and deployed on the same infrastructure and orchestrations as applications like YouTube, Google Drive, and more. OpenShift supports a broad array of GCP services.
The following diagram shows how OpenShift and GCP work together.
OpenShift uses Compute Engine to deploy resources in a highly available configuration across regions and zones. The configuration leverages load balancing and scaling, Google DNS, Google OAuth, custom images, and persistent disks.
Deployed instances support OpenShift in several ways.
The bastion host instance limits external access to internal instances by ensuring that all SSH traffic passes through the bastion host.
Master instances host OpenShift master components such as
etcdand the OpenShift API.
Application instances are destinations for user-deployed containers.
Infrastructure instances contain the OpenShift router and registry.
Google OAuth manages authentication. Persistent disks are used for instances and for persistent storage. Three load balancers distribute networking traffic to the external-facing and internal OpenShift API, external console access, and all services opened through OpenShift routing. Google Cloud DNS manages resource registration.
When you deploy OpenShift on GCP, building, securing and load balancing your application is managed for you. To learn more about configuration options available for your deployment, see Deploying Red Hat OpenShift Container Platform 3 on Google Cloud Platform.
Security and authorization
Once you've deployed your OpenShift environment, you can take additional steps
to help secure your setup and configure access for users you've created on the
LimitRanges enable configuring
different resource boundaries for these users, such as pod and container limits,
object counts, and compute resources. Quotas and limits are set per-project,
but you can create a quota-like limit on how many project requests an individual
user can make.
OpenShift on GCP utilizes Google Cloud Identity Access Management (IAM) to securely control access to Compute Engine resources and services. For more information on security and authorization for OpenShift on GCP, see OpenShift's infrastructure user and role administration guide.
You can upgrade OpenShift either in-place, or using a blue-green deployment method.
In-place upgrades update all hosts in a single cluster. You can run this process manually, or automatically if you installed OpenShift using the quick or advanced installation methods.
Blue-green deployments reduce upgrade downtime by creating a parallel environment where the new deployment installs. After the new deployment is verified, traffic can be switched over to it and rolled back if a problem occurs.
For more information, see OpenShift: Upgrading a Cluster.
Backing up and restoring OpenShift
Because OpenShift runs on GCP, your system is fault-tolerant by design. To take additional precautions, you can create and manage on-demand and automatic backups.