►
From YouTube: What’s Possible with Azure Red Hat OpenShift Mohammad Nofal (Microsoft) OpenShift Commons 2022 Spain
Description
What’s Possible with Azure Red Hat OpenShift
Speaker: Mohammad Nofal (Microsoft)
OpenShift Commons Gathering Kubecon EU
May 17, 2022 Live from Kubecon EU in Valencia, Spain
Full Agenda here: https://commons.openshift.org/gatherings/OpenShift_Commons_Gathering_at_Kubecon_Europe_2022.html
Learn more at: https://commons.openshift.org
A
Hello:
everyone,
my
name
is
mohammad
nafal,
I'm
an
architect
cloud
native
apps,
architect,
that's
what
they
call
us
now
called
the
global
black
build
team
and
microsoft,
pretty
cool
name.
I'm
going
to
talk
to
you
about
red
azure
at
openshift
today
and
what's
possible
with
it.
My
goal
is
just
to
explain
in
10
minutes
what
you
can
do
we
get
what
you
can
achieve
with
it.
Then
the
other
goal
is
to
bridge
walid
to
azure
from
aws.
It's
like.
We
need
that
passion
man,
that's
pretty
cool
right.
A
So
if
you
have
installed
openshift
in
a
cloud,
any
public
cloud,
you're
gonna
end
up
with
more
or
less
similar
or
close
architecture
to
the
one
on
that
screen
right.
So
you're
gonna
have
your
infrastructure
nodes!
You're
gonna!
Have
your
master
nodes
fronted
by
load
balancer,
so
you
can
load
balance
the
calls
to
your
api
server.
A
You're
gonna.
Have
your
worker
nodes
or
application
nodes?
You're
gonna
have
another
load
balancer,
so
you
can
control
the
ingress
flows
to
your
applications
on
top
of
that
you're
going
to
have
azure,
dns
or
a
dns
provider.
So
you
can
register
your
fqdn
for
your
api
server
and
you
can
register
the
fpdns
for
your
applications
as
well
and
then
on
top
you're,
going
to
have
an
identity
provider
as
your
cloud
azure
active
directory
in
this
instance,
or
any
other
identity
provider
and
you're
going
to
have
a
key
vault
of
sort.
A
So
you
can
register
your
secrets
and
your
certificates
and
you
can
bring
them
in
to
your
applications
right.
So
if
you
install
this
in
azure,
for
instance,
the
whole
infrastructure
management
piece
belongs
to
you.
So
you're
gonna
operate
the
whole
thing
and
on
top
of
that,
you're
gonna
do
the
onboarding
for
your
developer
workflows.
So
you
can
have
developers
deploying
applications
to
openshift,
but
the
only
like
managed
piece
in
that
scenario
is
you
can
open
a
code
on
either
microsoft
or
red
hat
and
say
hey?
I
have
a
support
ticket.
A
So,
four
years
ago,
after
a
lot
of
you
know,
work
that
is
happening
with
red
hat.
We
decided
to
build
azure.openshift
and
azure
redhat
openshift
is
a
co-engineered
co-developed
co-supported
cooperated
service
between
us
and
red
hat,
so
microsoft
and
red
hat,
even
like
in
the
sales
part
it's
core
sales
right,
so
the
both
teams
will
go
together
and
sell
that
service
to
customers.
It's
not
just
like
red
hat
going
or
microsoft
will
go
on
with
azure
attack
openshift.
A
We
take
the
whole
infrastructure
part
and
we
abstract
it
for
you,
so
you
still
have
access
to
it,
but
it's
all
abstracted
for
you.
It's
fully
managed,
so
all
the
nodes
that
you
saw
all
the
load
balancers,
the
dns
part.
These
scale
sets
parts
and
so
on.
All
of
these
parts
are
managed
you're
going
to
end
up
with
just
the
part
that
you
need
to
onboard
your
developer,
workflows
and
identity
provider
integration.
That's
all
that
you
need
to
do.
A
A
You
can
mix
and
match
between
public
and
private
as
well
right,
then
you
have
a
full
cluster
admin
on
the
cluster
itself,
so
when
we
first
did
azure
openshift,
it
was
on
311,
but
then
we
didn't
give
you
admin
access
there,
because
we
didn't
need
to
provide
too
much
access
that
you
can
break
the
sla
right,
so
we
needed
to
achieve
the
sla,
but
then
that
led
to
a
lot
of
restrictions
on
our
end,
so
we
moved
to
a
way
where
okay,
we're
not
gonna,
respect
a
lot,
we're
gonna
open
up,
but
we're
gonna
tell
you
the
things
that
you
shouldn't
do
right,
so
you
can
technically
have
the
admin
access
that
you
require
to
your
cluster.
A
You
can
bring
your
own
virtual
network,
which
means
that
you
can
own
your
ingress
and
ingress
flows.
So
you
can
ingress
your
traffic
through
a
web
application
firewall.
You
can
do
whatever
you
like
with
your
ingress.
You
can
deploy
your
own
routers
and
so
on
and
you
can
control
your
egress
flows
as
well.
I
like
a
lot
of
enterprises
that
we
work
with
what
they
do
is
the
eagles
through
a
firewall
for
instance,
so
they
can
audit
all
their
traffic.
They
prevent
the
traffic
that
shouldn't
be,
you
know,
allowed
to
the
public
and
so
on.
A
So
that's
something
that
you
can
achieve,
because
you
have
full
access
to
the
virtual
network.
We
have
multiple
availabilities
on
support.
So
that's
if
you
need
to
split
your
traffic
across
three
different
availability
zones
and
then
you
move
from
three
nines
sla
to
four
nines
sla,
that's
what
you
can
achieve
with
availability
zones.
A
You
can
also
bring
your
own
identity
provider,
so
we
recommend
azure
active
directory.
But
if
you
have
a
your
own
identity
provider
like
you're
working
with
octa
or
some
other
identity
provider,
you
can
bring
your
own
and
then
integrate
with
it.
We
don't
have
really
we
don't
force
anything
there.
A
You
can
choose
your
desired
billing
model
as
well.
So
by
default
you
go
for
a
pay-as-you-go
model,
which
is
the
on-demand
model.
A
You
also
have
the
reserve
model,
where
you're
going
to
say:
hey,
I'm
going
to
pay
upfront,
but
then
you're
going
to
get
a
discount
for
whatever
you
committed
to
upfront,
and
then
there
is
the
pretty
cool
model,
which
is
the
spot
model
right
and
the
spot
model.
Is
you
gonna
bid
on
the
unused
capacity
in
azure
right?
So
in
each
data
center
we
have
some
unused
capacity,
so
you're
going
to
bid
on
it
and
that
bid
will
give
you
80
to
85
percent
saving
on
the
compute
price
right.
A
So
on
the
on
demand,
compute
price,
the
caveat
there
is
once
we
need
that
capacity.
We
can
evict
your
node
right,
which
means
that
the
spot
instances
is
a
good
candidate
for
anything
that
is
ephemeral,
workload,
so
developer
clusters,
a
lot
of
most
like
a
lot
of
customers
that
we
work
with.
We
the
we
board
their
developer
clusters
on
the
spot
instances,
because
that's
how
they're
gonna
save
and
then
we
save
the
state
and
a
short
file
system
and
a
desk
or
whatever.
That
is
so
assuming
that
we
evicted
the
cluster.
A
A
We
maintain
good
compliance,
so
we
have
pci
dss
stock,
123,
iso
2701
and
a
lot
other
things.
It's
all
in
the
public,
azure
docs
that
you
can
follow
and
we
keep
updating
these
compliance.
A
We
do
encryption,
that's
fips
compliant
as
well,
and
we
agitate
openshift
or
openshift
in
general
and
azure
is
a
first
party
service.
We
don't
treat
it
as
a
isv
service.
We
work
with
azure
adapt
openshift
as
a
first
party
service
as
such,
we're
integrating
azure
that
openshift
in
the
whole
azure
ecosystem
right,
so
that
integration
is
done
using
a
service
called
azure
arc
and
azure
arc
is
bringing
the
azure
control
plane
to
any
data
center
right.
So
our
control
plane
in
azure
is
called
azure
resource
manager.
That's
the
api!
A
That's
the
control
plane
that
you
can
control
everything
in
azure
with
it
and
azure
arc
is
the
one
that
brings
this
one
outside
azure
to
anything
else
right
so
to
your
own
data,
centers
on
premises
or
god
forbid,
to
some
other
cloud
providers
right.
So
with
azure
art
we
brought
azure
monitor.
We
brought
azure
log
analytics.
We
brought
azure
policy,
so
you
can
deploy
azure
policy
on
open
shift
running
on
azure
and
on
your
premises,
and
you
can
deploy
one
policy
to
both
clusters.
A
That
says
my
containers
can
only
pull
images
from
this
registry
right,
so
you
can
have
a
single
pane
of
grass
and
azure
policy
that
says
deploy
that
policy
dual
clusters
right.
So
these
are
the
type
of
things
that
you
can
achieve
with
azure
arc
and
azure
policy
integration
and
we're
adding
all
of
these
like
type
of
things,
getups
and
azure
apim,
and
so
on.
All
of
these
on
azure
arc
that
you
can
deploy
on
openshift
either
on
the
cloud
or
on
premises.
A
You
also
have
a
choice
to
work
either
with
the
openshift
tooling
that
you
like
and
love
like
openshift
like
the
pipelines
or
the
registry
or
whatever,
or
you
can
have
a
choice
to
use.
Azure
services
like
azure
container
registry
or
github
actions
or
azure
devops,
and
whatever
that
you
choose
to
work
on
with
azure
red
hat
openshift,
there's
no
restriction
on
the
tooling.
A
That's,
I
think,
the
message
let's
unify
support
right
so
whether
you're
gonna
open
you
have
a
problem
with
your
cluster
and
you
can
open
a
ticket
on
the
azure
porter
or
on
the
red
hat
portal.
A
There
is
a
back-to-back
support
system
that
the
support
engineers
will
access
tickets
on,
assuming
that
you
opened
an
open
shift
ticket
with
red
hat
and
then
turned
out
to
be
like
an
azure
underlying
vm
issue.
They're
gonna
exchange
the
ticket
at
the
back
end,
they're,
gonna,
talk
together
and
they're
gonna
solve
the
issue
for
you
right,
so
that's
unified
support.
A
There
are
series,
as
well
sitting
there
and
monitoring
the
clusters
24
7
to
in
order
to
ensure
that
there
is,
if
there
is
any
failure,
any
not
failure
underlying
failures
that
they're
going
to
fix
it
and
they
have
a
lot
of
autofixes
that
are
in
place.
So
if
there
is
something
that
transit
error
they're
going
to
fix
it
automatically
also
as
a
flight,
we
brought
bring
your
own
dns.
A
So
that's
bring
your
own
dns
of
kirian.
That's
bring
your
own
recursive
or
resolving
dns,
so
you
can,
by
I'm
using
my
specific
dns
resolvers.
In
my
own
premises
or
in
the
cloud
and
I'm
going
to
use
them
instead
of
the
azure
ones,
you
can
bring
your
own
with
azure
attack
openshift
and
you
can
do
the
same
for
your
certificate
authority.
So
you
can
bring
your
own
certificate
authority
and
then
you
know
sign
all
your
applications
using
that
certificate
authority.
A
So
just
small
couple
of
examples
on
the
things
that
you
can
do.
We
spoke
about
this
one.
So
this
is
like
networking,
of
course,
the
everybody's
favorite
hated
topic.
You
can
just
have
it
out
table
from
the
subnets
where
the
masters
and
the
infrastructure
nodes
are
running
or
the
application
nodes
are
running
that
goes
to
a
firewall.
A
That's
azure
firewall
in
this
instance,
or
any
firewall
of
your
choice
and
technically
get
all
the
egress
traffic
there
and
from
there
you
can
decide
what's
whitelisted
and
what's
blacklisted
in
terms
of
traffic,
you
can
they
take
this
a
bit
further
and
say:
okay,
my
egress
traffic,
so
traffic
originating
from
my
nodes
will
go
through
azure
firewall,
but
my
ingress
traffic
shouldn't
go
through
a
firewall
because
the
firewall
isn't
supposed
to
take
or
handle
web
traffic
right.
So
what
you
can
do
is
have
an
application
gateway.
A
That's
azure
web
application
firewall,
but
you
can
bring
your
own
as
well
and
then
ingress
all
the
traffic
through
the
web
application
firewall
and
then
that's
the
stateful
traffic
right.
So
it's
going
to
maintain
the
same
path
back,
but
any
traffic
originating
from
the
node
will
go
through
the
firewalls.
That's
something
that
you
can
do
as
well.
We
have
all
sorts
of
like
complex
scenarios
that
customers
are
doing
with
azure
azure
and
how
to
open
shift
on
the
regional
availability.
A
We
have
customers
doing
this,
for
instance,
where
you
can
deploy
your
clusters
across
a
couple
of
regions.
If
you
need
you,
you
really
want
to
go
like
for
an
active,
active
type
scenario.
You
can
have
a
you
cannot
do
do
this
with
relation
databases
right,
so
you
need
something,
not
sql.
So
that's
cosmos
db,
that's
our
non-sql
offering!
So
you
can.
If
your
state
can
be
stored
there,
you
can
have
an
active,
active
across
region.
Type
setup
for
azure
attack,
openshift
and
yeah
do
have
public
references.
Alpega
is
in
the
logistics
industry.
A
They're
focused
on
the
logistics
for
the
transportation.
They
had
this.
You
know
sudden
increase
of
traffic
every
now
and
then
they
couldn't
accommodate
for
this
on
premises
because
they
needed
to
build
the
infrastructure
for
this.
So
as
such,
we
imported
them
to
azure
red
hat,
open
shift,
and
now
they
just
scale
on
demand
whenever
is
needed,
and
that's
that's
technically
how
they
saved
coast
and
achieve
the
cost
achieve
the
scale
that
they
require.
A
Andreani
is
the
same
in
south
america.
They
are
in
the
logistics,
but
in
the
shipping
during
covered.
As
you
know,
everybody
went
online,
so
they
the
traffic
or
the
number
of
shipments
during
the
days
like
increased
dramatically
for
them
to
accommodate
for
this
increase.
They
also,
we
onboarded,
we
accelerated
onboarding
to
azure
red
hat,
open
shift
as
well,
and
now
they
achieve
the
cost
and
sorry
they
achieve
the
scale
that
they
on
demand
scale
that
they
require
with
the
cost
that
is
desired
from
them
right.
A
We
do
have
some
other
examples
which
I'm
not
going
to
go
through,
but
all
of
these
are
public
references
that
are
documented
the
microsoft
site.
And
lastly,
if
you
want
to
learn
more,
you
can
either
visit
the
arrow
or
azure
data,
openshift,
docs
and
microsoft,
or
the
ones
in
the
red
hat
site.