Some or all of the information on this page might not apply to Cloud de Confiance by S3NS. See Differences from Google Cloud for more details.

Plan for OpenShift on Cloud de Confiance

This document provides information that you can use when planning the deployment of a Red Hat OpenShift cluster on Cloud de Confiance.

This document is intended for cloud architects, platform administrators, and developers who want to develop and deploy enterprise-grade applications on OpenShift clusters that run on Cloud de Confiance.

Choose a deployment model

You can deploy the OpenShift control plane on Cloud de Confiance either on a self-managed basis or as a managed solution.

The following table presents the key aspects that you need to consider when you choose a deployment model:

Key aspect	Self-managed OpenShift	Managed OpenShift
Managed by	You, the user	Red Hat
Suitable for	When you want to migrate OpenShift clusters to Cloud de Confiance that have a substantial history of customization and configuration. When you want to keep your application architecture consistent between OpenShift and other environments, such as on-premises.	When you need to quickly deploy applications on OpenShift without the operational burden of managing the underlying infrastructure.
Deployment method	To deploy a self-managed OpenShift cluster on Cloud de Confiance, you use the Red Hat OpenShift Container Platform. For more information about this platform, see Red Hat OpenShift Container Platform. For information about the deployment architecture of OpenShift Container Platform, see OpenShift Container Platform architecture.	To deploy an OpenShift cluster on Cloud de Confiance as a managed solution, you use Red Hat OpenShift Dedicated - a managed cloud service provided by Red Hat. For more information about this service, see Red Hat OpenShift Dedicated service. For information about the deployment architecture of OpenShift Dedicated, see OpenShift Dedicated architecture.
Benefits	The self-managed option offers you more control and flexibility for managing OpenShift clusters. You can streamline the usage of Google services with your self-managed OpenShift clusters by using Cluster Services for OpenShift. This service provides built-in OpenShift integrations for Google services. Cluster Services for OpenShift is jointly developed and supported by Cloud de Confiance and Red Hat. For more information about Cluster Services for OpenShift, see Cluster Services for OpenShift.	OpenShift Dedicated helps you accelerate application deployment and streamline operations on the OpenShift platform. OpenShift Dedicated is supported by Red Hat site reliability engineers and includes an SLA. For more information, see OpenShift Online Terms of Service. This managed support lets you focus on your business instead of managing the underlying infrastructure and services.
Responsibility assignment	A self-managed OpenShift cluster on Cloud de Confiance uses a shared responsibility model: You manage the OpenShift cluster, OS, and applications. Cloud de Confiance manages the physical infrastructure and its security. You manage OS hardening, and the security at the cluster and application levels.	A managed OpenShift cluster on Cloud de Confiance uses a shared responsibility model: Red Hat manages the OpenShift Dedicated service, and you share responsibilities for some aspects of the deployment. Cloud de Confiance manages the physical infrastructure and security. For more information, see the Red Hat document Responsibility assignment matrix.

Choose an installation method

You can install the OpenShift control plane on Cloud de Confiance by using a graphical user interface (GUI), command-line interface (CLI), application programming interface (API), or an Infrastructure as Code (IaC) tool.

The availability of these installation methods depends on the deployment model that you choose, as described in the following table:

Installation method	Availability for self-managed OpenShift	Availability for managed OpenShift	Description
Graphical user interface (GUI)	No	Yes	The Cloud de Confiance console provides a dedicated GUI that guides you in deploying self-managed and managed OpenShift on Cloud de Confiance. Click the following button to access this GUI: Go to Red Hat OpenShift on Cloud de Confiance
Command-line interface (CLI)	Yes	Yes	To install self-managed OpenShift on Cloud de Confiance, you use the OpenShift Container Platform installer. For more information, see Installing OpenShift Container Platform on Cloud de Confiance. To install managed OpenShift on Cloud de Confiance, you use the `ocm-cli` tool. For more information, see Using the `ocm-cli` to manage clusters in OpenShift Cluster Manager (requires a Red Hat account).
Application programming interface (API)	No	Yes	To install managed OpenShift on Cloud de Confiance, you use the OpenShift Cluster Manager API.
Infrastructure as Code (IaC) tool	Yes	No	To install self-managed OpenShift on Cloud de Confiance, follow the instructions to install an OpenShift cluster on user-provisioned infrastructure, with an IaC tool such as Terraform.

Understand billing

Running OpenShift clusters on Cloud de Confiance includes the following two categories of charges:

Infrastructure charges: To run OpenShift clusters on Cloud de Confiance, you use services such as Compute Engine, Persistent Disk, Hyperdisk, and Cloud Load Balancing. These services are billed according to their respective billing models.
Software related costs: Running OpenShift clusters also involves software related charges in the form of OpenShift entitlements or Red Hat OpenShift subscriptions. These charges are separate from the infrastructure charges.

Get an OpenShift subscription

To run enterprise-ready OpenShift clusters on Cloud de Confiance, you require a Red Hat OpenShift subscription. This subscription provides a comprehensive enterprise Kubernetes platform, including the container platform, management tools, security services, and technical support.

You can get an OpenShift subscription by using the following options:

Google Cloud Marketplace: You can go to Cloud Marketplace to get subscriptions for both self-managed and managed OpenShift control planes.

To run self-managed OpenShift on Cloud de Confiance, you can get the following subscriptions from Cloud Marketplace:
- Red Hat OpenShift Container Platform: A comprehensive offering that includes OpenShift Container Platform and additional tools for advanced cluster security, management, and a global container registry. This subscription is suitable for enterprises needing a full suite of capabilities across multiple clusters and hybrid cloud deployments.
- Red Hat OpenShift Platform Plus: This is the core enterprise Kubernetes platform. It provides a robust and scalable environment for building, deploying, and running containerized applications. This is the standard choice for most self-managed deployments.
- Red Hat OpenShift Kubernetes Engine: An offering that provides essential Kubernetes Engine components for running applications on OpenShift. This subscription is suitable for users who need the core OpenShift runtime without the broader platform management features.
To run managed OpenShift on Cloud de Confiance, you can get a subscription for Red Hat OpenShift Dedicated.

For more information about OpenShift subscriptions, see the Red Hat document Red Hat OpenShift subscription editions.
Bring Your Own Subscription (BYOS) model: The BYOS model lets you bring to Cloud de Confiance any existing OpenShift entitlements or Red Hat OpenShift subscriptions that you own.

For example, if you're migrating an OpenShift cluster from an on-premises environment to Cloud de Confiance, then you can re-use the Red Hat OpenShift subscription that you own for running that OpenShift cluster on-premises.

Migrate OpenShift clusters to Cloud de Confiance

If you're considering moving your OpenShift clusters to Cloud de Confiance, then you can reach out to Cloud de Confiance and ask for a migration assessment.

If you're already using Cloud de Confiance, then you can reach out to your Technical Account Manager (TAM). If you're new to Cloud de Confiance, then you can reach out to Cloud de Confiance Sales.

The migration assessment process begins with a review of your migration goals and the architecture of your existing OpenShift environments. Cloud de Confiance experts then collaborate with you to design a migration strategy that also helps you optimize your OpenShift environments for performance, cost, and scalability.

Best practices for running OpenShift on Cloud de Confiance

For running OpenShift clusters on Cloud de Confiance, we recommend the following best practices.

Security best practices

To let your OpenShift clusters authenticate with Cloud de Confiance APIs, we recommend that you use Workload Identity Federation instead of storing service account keys on hosts.

Workload Identity Federation lets you do the following:
- Set permissions for individual components of the OpenShift platform by using Kubernetes service accounts.
- Use managed short-lived authentication tokens.
- Avoid the need to store authentication keys on the host.
For more information, see the Red Hat document Configuring a Cloud de Confiance cluster to use short-term credentials.
To help protect your data at rest in Cloud de Confiance, we recommend that you use customer-managed encryption keys (CMEK) for storage. We recommend this configuration for the following components of your OpenShift deployment:
- Persistent volumes or Persistent volume claims (PV/PVCs), which manages persistent storage for applications and workloads that run on OpenShift clusters.
- The boot disks of the Compute Engine instances that you use to host the Openshift clusters.
For information about CMEK, see Customer-managed encryption keys (CMEK).

High availability best practices

To help ensure high availability for the applications that run on your OpenShift clusters on Cloud de Confiance, we recommend that you deploy both the control plane and the worker nodes in multiple zones.

For more information, see Best practices for high availability with OpenShift.

Disaster recovery best practices

To help ensure resilience for the applications that run on your OpenShift clusters on Cloud de Confiance, implement the best practices as described in the following documents:

What's next

Learn about Cluster Services for OpenShift.