APPUiO Managed OpenShift 4 Architecture
APPUiO Managed OpenShift 4 is based on Red Hat OpenShift 4 Container Platform, which is a Kubernetes distribution maintained and developed by Red Hat. This documentation assumes that readers are familiar with Kubernetes concepts.
For details on the architecture of a Kubernetes cluster, we recommend reading the cluster architecture section of the official Kubernetes documentation.
For details on the architecture of a Red Hat OpenShift 4 cluster, please see the architecture section of the OpenShift 4 product documentation or architecture page in the OpenShift Container Platform technical documentation.
This page focuses on the default customizations and configurations for a Red Hat OpenShift 4 cluster which make up the APPUiO Managed OpenShift 4 product.
Generic APPUiO Managed OpenShift 4 architecture
Nodes
At minimum, a Red Hat OpenShift 4 cluster requires 3 control plane nodes with 4 vCPU and 16 GiB RAM and 2 worker nodes with 2 vCPU and 8 GiB RAM.
In contrast to the minimum requirements for a Red Hat OpenShift 4 cluster, the base configuration of an APPUiO Managed OpenShift 4 cluster has 4 infrastructure nodes with 4 vCPU and 16 GiB RAM and 3 worker nodes with 4 vCPU and 16 GiB RAM in addition to the required 3 control plane nodes with 4 vCPU and 16 GiB RAM.
APPUiO Managed OpenShift 4 deploys infrastructure nodes by default because an OpenShift 4 cluster with infrastructure nodes supports better separation of non-control plane infrastructure components (monitoring stack, logging stack, integrated image registry, etc.) from customer applications. Additionally, infrastructure nodes don’t incur Red Hat OpenShift 4 license fees as long as only approved infrastructure components are scheduled on those nodes.
All nodes are installed with Red Hat CoreOS.
Networking
All APPUiO Managed OpenShift 4 clusters use Cilium as the network plugin. APPUiO Managed OpenShift 4 uses the default OpenShift IP CIDRs for the pod and service networks: 10.128.0.0/14 for the pod network and 172.30.0.0/24 for the service network. There’s no standard IP CIDR for the cluster machine network (sometimes also "cluster network" or "machine network") for APPUiO Managed OpenShift 4 clusters. However, a default IP CIDR for the machine network is defined for some infrastructure providers.
Each cluster is configured with two floating IPs, one for the Kubernetes API (the "API VIP") and one for the ingress router (the "Ingress VIP"). On most providers, a third floating IP (the "Egress VIP") is configured and all outgoing traffic from the machine network is SNATed to this IP.
Project Syn is used to configure APPUiO Managed OpenShift 4 clusters. Apart from deploying custom configurations for OpenShift components, Project Syn is also used to deploy multiple third party components, such as Cilium and cert-manager on each APPUiO Managed OpenShift 4 cluster.
External connectivity
Each APPUiO Managed OpenShift 4 cluster depends on multiple external systems. Some of those systems are owned and operated by VSHN while others are operated by Red Hat. Additionally, APPUiO Managed OpenShift 4 makes use of some SaaS services, such as Let’s Encrypt, Passbolt, various container registries, and OpsGenie. The mandatory external systems are shown in the diagram below.
| If either Passbolt or OpsGenie aren’t reachable from the environment in which the cluster is deployed, VSHN can’t provide ongoing operational support. |
User access
There are three different personas accessing an APPUiO Managed OpenShift 4 cluster:
-
VSHNeers access the cluster in order to operate and maintain it. VSHNeers access the cluster’s API and the OpenShift web console to perform adminstrative tasks.
-
Customer developers access the cluster in order to develop, operate and maintain the customer’s applications. The customer’s developers access the cluster’s API and the OpenShift web console to operate and maintain the customer’s applications. Additionally, the customer’s developers access the customer’s applications.
-
Application users access the applications on the cluster. Application users don’t need to know or care about the fact that the applications are running on an APPUiO Managed OpenShift 4 cluster.
APPUiO Managed OpenShift 4 architecture for supported infrastructure providers
The architecture documentation for the supported infrastructure providers can give more details on how the architecture is adapted to work within the constraints imposed by the respective provider.
-
cloudscale.ch (coming soon)
-
Exoscale (coming soon)
Additionally, the APPUiO Managed OpenShift 4 product documentation provides more details on the minimum required resources, supported Red Hat OpenShift 4 features and components as well as optionally supported features and add-ons for each supported infrastructure provider.