Red Hat Advanced Cluster Management (RHACM) provides tools to manage the lifecycle of Kubernetes clusters at scale across multiple clouds and on-premises environments. It offers capabilities for provisioning, configuring, and governing clusters consistently using policies. It also allows deploying applications across clusters and provides observability into cluster and application health. RHACM addresses the challenges organizations face in deploying and managing many Kubernetes clusters distributed across complex environments.

1. Introducing
github.com/open-cluster-management
How to deliver apps across clusters and clouds with
consistent configuration management
Michael Elder
Senior Distinguished Engineer
@mdelder
linkedin.com/in/mdelder

2. Kubernetes
2
Node (Computer)
Kubelet
Container Orchestration for your Apps
Node (Computer)
Kubelet
apiVersion: apps/v1
kind: Deployment
image: quay.io/myapp:1.0
image: quay.io/myapp:1.0
Kubernetes cluster

3. Growth of clusters
3
Dev/Test/Prod
Geo Replication
Project
Team 1
Project
Team 2
Project
Team 3

4. Reasons for deploying clusters
Application
availability
Reduced
latency
Address industry
standards
Geopolitical data
residency guidelines
Disaster
recovery
Edge
deployments
CapEx
cost reduction
Avoid vendor
lock-in
4

5. Where is the growth in cluster deployments?
5
● 100s of zones, 1000s of
clusters and nodes across
complex topologies
● Managing and syncing across
Dev/QE/Pre-Prod/Prod
clusters can be difficult
Small Scale Dev teams Edge Scale Telco
● Global organizations with
100s of clusters, hosting
thousand of applications
● Large Retail with 1000s of
stores
Large Scale
● Retail with small clusters
across 100s of locations
● Organizations with plan for
growth 10-15 clusters
moving to 100s
Medium Scale
Organizations

6. Managing your clusters
6
Cluster orchestration for your platform
Kubernetes cluster
How do you source,
create, update & delete
k8 clusters?
How do you configure
clusters consistently with
compliance?
kind: Role
kind: RoleBinding
kind: Namespace
kind: NetworkPolicy
kind: ...
How do you distribute
apps across clusters?
kind: Deployment
kind: Service
kind: PersistentVolumeClaim
How do you ensure you
apps are healthy?

7. Trusted enterprise
Kubernetes
Empowering
developers to
innovate
Cloud-like experience
everywhere
Open source innovation
Why customers choose Red Hat OpenShift
7

8. Introducing ...
github.com/open-cluster-management
8
Use Cases: community/pull/2
1. Cluster Lifecycle. How are clusters provisioned, upgraded,
registered, scaled out or in and decommissioned?
2. Policy & Configuration Lifecycle. How are clusters configured,
audited, secured, access controlled, managed for quota or cost?
3. Application Lifecycle. How are containerized or hybrid applications
delivered across one or more clusters? How are those applications
kept current with ongoing changes?
4. Observability. How does a user understand the health of their
cluster fleet? How does a user understand the health of distributed
applications? How does a user search available clusters or
applications and diagnose problems when they occur?

9. Cluster Lifecycle
9

10. 10
How do I get a simplified understanding of my cluster health and
the impact it may have on my application availability ?
How do I automate provisioning and deprovisioning of my
clusters?
How can I manage the life cycle of multiple clusters regardless of
where they reside (on-prem, across public clouds) using a single
control plane?
DevOps/SRE
IT Operations
Multi-Cluster Lifecycle Management

11. 11
11
● Create, Upgrade and Destroy OCP
clusters running on Bare-metal as well as
public cloud
● Leverage Hive API for OCP cluster
deployment
● Wizard or YAML based create cluster flow
● Launch to an OCP Console from ACM
● Access cluster login credentials and
download kubeadmin configuration
Creating & Importing Clusters
Multi-Cluster Lifecycle Management
IT Operations DevOps/SRE

12. 12
Learning about Hubs & Managed Clusters
https://github.com/open-cluster-management/api/blob/master/
docs/design.md

13. github.com/open-cluster-management
13
Simplify Cluster Management
Red Hat Openshift Platform
Hub (Control Plane)
Klusterlet (Agent)
Red Hat Openshift
Platform
Klusterlet (Agent)
Red Hat Openshift
Platform
Klusterlet (Agent)
Red Hat Openshift
Platform
Managed Cluster Managed Cluster Managed Cluster

14. ● API driven OpenShift 4 cluster provisioning and
management
● Hive is an operator that runs on top of OpenShift
● Used to provision and perform initial configuration
of OpenShift clusters
● Working code & documentation available
upstream::
○ https://github.com/openshift/hive
● Support for provisioning clusters on AWS, Azure,
and GCP
Hive
14
Product Manager: Katherine Dubé
github.com/openshift/hive
apiVersion: hive.openshift.io/v1
kind: ClusterDeployment

15. Policy & Configuration
Lifecycle across clusters
15

16. 16
● How do I ensure all my clusters are compliant with standard
and custom policies?
● How do I set consistent security policies across diverse
environments and ensure enforcement?
● How do I get alerted on any configuration drift and
remediate it?
● How do I ensure 99.9 % Uptime?
● How do I drive more innovation at scale?
Policy Driven Governance Risk and Compliance
IT Operations
Security OPS

17. 17
Security Ops IT Operations
Policy Driven Governance Risk and Compliance
Managed Cluster and GRC Controllers
● Driven by Kubernetes CRDs and controllers
● Governance capability for managed clusters covering both security and
configuration aspects.
● Out of box policies and an extensible policy framework

18. 18
Learning about Policies
https://www.openshift.com/blog/develop-your-own-poli
cy-controller-to-integrate-with-red-hat-advanced-cluste
r-management-for-kubernetes
https://github.com/open-cluster-management/policy-collection

19. Application Lifecycle
across clusters
19

20. 20
● I want to quickly investigate application relationships with real
time status, so that I can see where problems are.
● With the Application Topology view, I can visually inspect
application status labels and pod logs to understand if a part
of the application is running or not, without having to
connect to a cluster and gather any info.
● I want new clusters to be deployed with a set of known
configurations and required applications.
● With the assignment of a label at cluster deploy time, the
necessary configurations and applications will be
automatically deployed and running without any additional
manual effort.
IT Operations
DevOps/SRE
Advanced Application Lifecycle Management

21. Adding Subscriptions for Content
Your cluster can subscribe a GitHub repository as its system of record. Now expand that from a single cluster
to 10s clusters or 100s clusters.
This allows the flexibility to start small and scale as your business need grows.
This approach can also be applied to existing clusters at scale, where you can import and subscribe them, to
align environments with GitHub as you single source of truth.
Subscriptions are the Continuous Delivery in CI / CD
21
Subscription Operators
https://operatorhub.io/operator/multicluster-operators-subscription
GitOps Demonstrations
https://github.com/open-cluster-management/demo-subscription-gitops
Application Lifecycle

22. 22
Application Lifecycle
CHANNELS
Object Storage
Kubernetes Resource
(as templates)

23. 23
CHANNEL
Local subscription flows
1
1 Discover and apply (or kustomize) YAML resources
Subscription

24. 24
CHANNEL
Remote subscription flows
2
1
3
3
1
2
3
Subscription propagation to Managed Clusters
Discover YAML resources and draw the desired topology
Discover and apply (or kustomize) YAML resources on the
Managed-clusters
Subscription
Subscription Subscription
Red Hat Openshift Platform
Hub (Control Plane)

25. 25
Application Lifecycle
Placement Rules
Allow subscriptions to be delivered to managed clusters. This enables the management of clusters
at scale. Placement Rules can target cluster names or use Kubernetes Label Selectors
An example:
The web server deployment lives on an AWS cluster, but we need to move it to GCP as we change
our default Cloud Provider.
- Update the placement rule to encompass both clusters, the app will be spread to both clusters
- Update the traffic load balancer for the new cluster
- Update the placement rule to remove the AWS cluster
GitOps Demonstrations
https://github.com/open-cluster-management/demo-subscription-gitops/placement

26. Deploy Pacman App with GitOps
26

27. Observability across
clusters
27

28. Red Hat Openshift Platform
Managed Cluster
Object
Storage
config
Get Changes
Register
External
Systems
Insights
(Dashboarding) Alert
Forwarding
Centralized Data
(long term history)
Data Collection
(Observability
Add-on)
Configuration
Multicluster
Observability
Operator Observatorium
API Gateway
AlertManager
API Server
Metrics-Collector
Prometheus
Cluster Metrics
Operator
Red Hat Openshift Platform
Observability with Thanos
(Hub)

29. Red Hat Advanced
Cluster Management
29

30. What's new in OpenShift 4.6
Red Hat Advanced Cluster Management for Kubernetes
Multi-cluster lifecycle
management
Policy driven governance,
risk, and compliance
Advanced application
lifecycle management
Observability for your Clusters and Apps
● GA provisioning of OpenShift on vSphere
● GA provisioning of OpenShift on Bare Metal
● Open Source Policy Repository
● Enhanced OPA integration
● Simplified Application Experience
● Portfolio Integration with Ansible Automation Platform -
● Cluster Health monitoring with Thanos
● Multi-cluster health optimization with Grafana
What’s new with 2.1
30

31. F18017-190601
RHACM Hub
Managed Clusters
31
Integration Architecture Overview for Application Lifecycle
Red Hat Openshift Platform
RHACM Klusterlet
Red Hat Openshift
Platform
Red Hat Ansible
Automation Platform IT Systems
Security
Network
Application
CM
APP A
APP A
Kubernetes
resources
Channel
1
2
3
4
2
Kubernetes Job
1
3
4
Managed Clusters install resources
based on channel it subscribed
ACM hub call Ansible Tower with
Template Job ID define in
Application Pre & Post Action
Ansible Tower executes Job
ACM hub receives feedback from
Job execution and show all
Kubernetes resources in topology
including Ansible Job status
Pre &
Post
+