Using AWS and OpenShift Together

At Red Hat Summit of this year, Amazon Web Services and Red Hat announced that we’d be natively integrating access to AWS cloud services into the OpenShift platform. Our first delivery towards that promise arrives this week with the release of OpenShift Container Platform 3.7. As we’ve written before, we’re excited to expand our strategic alliance with AWS, which has existed for nearly a decade.

The user experience for making AWS services accessible from within OpenShift is seamless—from a single platform, operations can administer AWS services and developers can easily find, bind, and consume those services within their applications in a truly hybrid-cloud environment.

We showed an early preview of these capabilities at Red Hat Summit, and outlined the initial set of services accessible from within OCP 3.7, but we thought it’d be helpful to explain more about what’s going on behind the scenes, and how you can bring AWS services into your OpenShift applications once OCP 3.7 is available.

Using the AWS Service Broker and OpenShift

Access to AWS cloud services within OpenShift is actually powered by a few different components, all of which keep in line with our philosophies here at Red Hat, and are entirely open source and based on open standards.

AWS services are made available to the OpenShift Service Catalog through the use of the AWS Service Broker, which is an implementation of the industry standard Open Service Broker API. While the AWS Service Broker is a required component to expose AWS services to the OpenShift Service Catalog, an OpenShift end-user only ever interacts with the Service Catalog itself and not the broker itself. The details of the AWS Service Broker remain largely hidden from the end-user beyond the initial setup and configuration of the broker service in their OpenShift environment. The AWS Service Broker is what’s responsible for managing and provisioning AWS services in OpenShift and configuring credentials for use with end-user applications.

For AWS services to show up in the OpenShift Service Catalog, the AWS Service Broker must first discover which services are available by searching the container registry for a list of services, which have an OpenShift deployment definition (in conjunction with an AWS CloudFormation Template). These OpenShift deployment definitions for AWS services are then published in the OpenShift Service Catalog. As new AWS services are released, the broker will automatically make them available without the need for manual intervention.

To provision AWS Services, OpenShift end-users must first login into the OpenShift Service Catalog UI and select the service they would like to deploy in their environment. AWS services can either be deployed to new or pre-existing projects (namespaces). As part of the provisioning step, you will be prompted to pick a service plan and fill in a series of parameters (such as service config options, storage, and networking information) needed for deployment of the service. Once the information has been provided by the end-user, the AWS Service Broker will handle the service provisioning operation. A video (below) has been recorded showing the entire end-to-end process for provisioning AWS services.

The OpenShift Service Catalog, in concert with the AWS Service Broker, takes the complexity out of deploying AWS services on OpenShift Container Platform and provides a seamless experience for end-users who would like to leverage these services for hybrid cloud-based applications.

In this demonstration below, we have a microservices application implementing an e-commerce website, affectionately named the Cool Store. This application uses multiple runtimes and data stores to provide a seamless shopping experience to the end user. The inventory service, which keeps track of item stock, has been configured to talk to a MySQL database instance running via Amazon RDS, and to send alerts to administrators via SMS using Amazon’s Simple Notification Service (SNS). We will use the OpenShift service catalog to provision these two Amazon services, and then use the OpenShift user interface to connect the application instance to these services, too.

Clearing up some misconceptions

As we’ve talked with users and customers about using AWS and OpenShift together through the AWS Service Broker, we encountered a few questions we thought it worth revisiting here. But as always, the best person to talk to is your Red Hat representative, who can help answer any questions you may have.

To be clear, providing access to AWS services from within OpenShift does not mean that AWS services will run in an on-premise datacenter in a hybrid-cloud context; AWS services will run on AWS. OpenShift provides a platform from which teams can manage AWS services, alongside their other container-based deployments and workloads. Given this construct, customers must have both an OpenShift subscription and an AWS customer account to make full use of the brokers, as billing will be handled separately (i.e., Red Hat is not reselling AWS services.

Lastly, while Red Hat and AWS are committed to jointly providing a single path for enterprise support for this solution, incidents for AWS services accessed through OpenShift using the AWS Service Broker should be reported to Red Hat first.

Your Next Steps

Getting started using AWS and OpenShift together is straightforward—it’s as easy as downloading and running an OpenShift template. Head here to download the AWS Service Broker, then install the broker by following the instructions for deploying an OpenShift template in the documentation.

As promised in May to our customers and users, Red Hat and Amazon will jointly provide a single path of support for the AWS Service Broker and AWS services being accessed through OpenShift Container Platform. As noted, the brokers will initially provide OpenShift customers with access to Amazon RDS, Amazon SQS, Amazon SNS, Amazon ElastiCache, Amazon Redshift, Amazon Route53, Amazon DynamoDB, Amazon S3, Amazon EMR, and Amazon Athena. Support for new services will be announced as they become available.

The AWS Service Broker will be generally available and eligible for production support with OpenShift Container Platform 3.7. If you’re at AWS re:Invent, we’re also previewing these integrations at the Red Hat booth (booth 910) on the expo floor—please come by and see us! OpenShift Container Platform 3.7 is available today; visit redhat.com for download, release notes, and more.

Categories
News, OpenShift Container Platform
Tags
, ,
  • badera

    What is about integration in OpenShift Online? It is no problem to use every AWS Service, which is public available or has its own authorisation – i.e. RDS, SNS, SQS, SES DynamoDB…. but using ElastiCache is not easy, because it is not available from outside the VPC. If I understand it correctly, this AWS Service Broker would solve this problem; so I assume that if OpenShift Online is migrated to OpenShift 3.7, the mentioned use case with ElastiCache will also be covered?