Plan for OpenShift on Google Cloud

This document provides information that you can use when planning the deployment of a Red Hat OpenShift cluster on Google Cloud.

This document is intended for cloud architects, platform administrators, and developers who want to develop and deploy enterprise-grade applications on OpenShift clusters that run on Google Cloud.

Choose a deployment model

You can deploy the OpenShift control plane on Google Cloud either on a self-managed basis or as a managed solution.

The following table presents the key aspects that you need to consider when you choose a deployment model:

Key aspect	Self-managed OpenShift	Managed OpenShift
Managed by	You, the user	Red Hat
Suitable for	When you want to migrate OpenShift clusters to Google Cloud that have a substantial history of customization and configuration. When you want to keep your application architecture consistent between OpenShift and other environments, such as on-premises.	When you need to quickly deploy applications on OpenShift without the operational burden of managing the underlying infrastructure.
Deployment method	To deploy a self-managed OpenShift cluster on Google Cloud, you use the Red Hat OpenShift Container Platform. For more information about this platform, see Red Hat OpenShift Container Platform. For information about the deployment architecture of OpenShift Container Platform, see OpenShift Container Platform architecture.	To deploy an OpenShift cluster on Google Cloud as a managed solution, you use Red Hat OpenShift Dedicated - a managed cloud service provided by Red Hat. For more information about this service, see Red Hat OpenShift Dedicated service. For information about the deployment architecture of OpenShift Dedicated, see OpenShift Dedicated architecture.
Benefits	The self-managed option offers you more control and flexibility for managing OpenShift clusters. You can streamline the usage of Google services with your self-managed OpenShift clusters by using Cluster Services for OpenShift. This service provides built-in OpenShift integrations for Google services. Cluster Services for OpenShift is jointly developed and supported by Google Cloud and Red Hat. For more information about Cluster Services for OpenShift, see Cluster Services for OpenShift.	OpenShift Dedicated helps you accelerate application deployment and streamline operations on the OpenShift platform. OpenShift Dedicated is supported by Red Hat site reliability engineers and includes an SLA. For more information, see OpenShift Online Terms of Service. This managed support lets you focus on your business instead of managing the underlying infrastructure and services.
Responsibility assignment	A self-managed OpenShift cluster on Google Cloud uses a shared responsibility model: You manage the OpenShift cluster, OS, and applications. Google Cloud manages the physical infrastructure and its security. You manage OS hardening, and the security at the cluster and application levels.	A managed OpenShift cluster on Google Cloud uses a shared responsibility model: Red Hat manages the OpenShift Dedicated service, and you share responsibilities for some aspects of the deployment. Google Cloud manages the physical infrastructure and security. For more information, see the Red Hat document Responsibility assignment matrix.

Choose an installation method

You can install the OpenShift control plane on Google Cloud by using a graphical user interface (GUI), command-line interface (CLI), application programming interface (API), or an Infrastructure as Code (IaC) tool.

The availability of these installation methods depends on the deployment model that you choose, as described in the following table:

Installation method	Availability for self-managed OpenShift	Availability for managed OpenShift	Description
Graphical user interface (GUI)	No	Yes	The Google Cloud console provides a dedicated GUI that guides you in deploying self-managed and managed OpenShift on Google Cloud. Click the following button to access this GUI: Go to Red Hat OpenShift on Google Cloud
Command-line interface (CLI)	Yes	Yes	To install self-managed OpenShift on Google Cloud, you use the OpenShift Container Platform installer. For more information, see Installing OpenShift Container Platform on Google Cloud. To install managed OpenShift on Google Cloud, you use the `ocm-cli` tool. For more information, see Using the `ocm-cli` to manage clusters in OpenShift Cluster Manager (requires a Red Hat account).
Application programming interface (API)	No	Yes	To install managed OpenShift on Google Cloud, you use the OpenShift Cluster Manager API.
Infrastructure as Code (IaC) tool	Yes	No	To install self-managed OpenShift on Google Cloud, follow the instructions to install an OpenShift cluster on user-provisioned infrastructure, with an IaC tool such as Terraform.

Understand billing

Running OpenShift clusters on Google Cloud includes the following two categories of charges:

Infrastructure charges: To run OpenShift clusters on Google Cloud, you use services such as Compute Engine, Persistent Disk, Hyperdisk, and Cloud Load Balancing. These services are billed according to their respective billing models.
Software related costs: Running OpenShift clusters also involves software related charges in the form of OpenShift entitlements or Red Hat OpenShift subscriptions. These charges are separate from the infrastructure charges.

Get an OpenShift subscription

To run enterprise-ready OpenShift clusters on Google Cloud, you require a Red Hat OpenShift subscription. This subscription provides a comprehensive enterprise Kubernetes platform, including the container platform, management tools, security services, and technical support.

You can get an OpenShift subscription by using the following options:

Google Cloud Marketplace: You can go to Cloud Marketplace to get subscriptions for both self-managed and managed OpenShift control planes.

To run self-managed OpenShift on Google Cloud, you can get the following subscriptions from Cloud Marketplace:
- Red Hat OpenShift Container Platform: A comprehensive offering that includes OpenShift Container Platform and additional tools for advanced cluster security, management, and a global container registry. This subscription is suitable for enterprises needing a full suite of capabilities across multiple clusters and hybrid cloud deployments.
- Red Hat OpenShift Platform Plus: This is the core enterprise Kubernetes platform. It provides a robust and scalable environment for building, deploying, and running containerized applications. This is the standard choice for most self-managed deployments.
- Red Hat OpenShift Kubernetes Engine: An offering that provides essential Kubernetes Engine components for running applications on OpenShift. This subscription is suitable for users who need the core OpenShift runtime without the broader platform management features.
To run managed OpenShift on Google Cloud, you can get a subscription for Red Hat OpenShift Dedicated.

For more information about OpenShift subscriptions, see the Red Hat document Red Hat OpenShift subscription editions.
Bring Your Own Subscription (BYOS) model: The BYOS model lets you bring to Google Cloud any existing OpenShift entitlements or Red Hat OpenShift subscriptions that you own.

For example, if you're migrating an OpenShift cluster from an on-premises environment to Google Cloud, then you can re-use the Red Hat OpenShift subscription that you own for running that OpenShift cluster on-premises.

Migrate OpenShift clusters to Google Cloud

If you're considering moving your OpenShift clusters to Google Cloud, then you can reach out to Google Cloud and ask for a migration assessment.

If you're already using Google Cloud, then you can reach out to your Technical Account Manager (TAM). If you're new to Google Cloud, then you can reach out to Google Cloud Sales.

The migration assessment process begins with a review of your migration goals and the architecture of your existing OpenShift environments. Google Cloud experts then collaborate with you to design a migration strategy that also helps you optimize your OpenShift environments for performance, cost, and scalability.

Best practices for running OpenShift on Google Cloud

For running OpenShift clusters on Google Cloud, we recommend the following best practices.

Security best practices

To let your OpenShift clusters authenticate with Google Cloud APIs, we recommend that you use Workload Identity Federation instead of storing service account keys on hosts.

Workload Identity Federation lets you do the following:
- Set permissions for individual components of the OpenShift platform by using Kubernetes service accounts.
- Use managed short-lived authentication tokens.
- Avoid the need to store authentication keys on the host.
For more information, see the Red Hat document Configuring a Google Cloud cluster to use short-term credentials.
To help protect your data at rest in Google Cloud, we recommend that you use customer-managed encryption keys (CMEK) for storage. We recommend this configuration for the following components of your OpenShift deployment:
- Persistent volumes or Persistent volume claims (PV/PVCs), which manages persistent storage for applications and workloads that run on OpenShift clusters.
- The boot disks of the Compute Engine instances that you use to host the Openshift clusters.
For information about CMEK, see Customer-managed encryption keys (CMEK).

High availability best practices

To help ensure high availability for the applications that run on your OpenShift clusters on Google Cloud, we recommend that you deploy both the control plane and the worker nodes in multiple zones.

For more information, see Best practices for high availability with OpenShift.

Disaster recovery best practices

To help ensure resilience for the applications that run on your OpenShift clusters on Google Cloud, implement the best practices as described in the following documents:

What's next

Learn about Cluster Services for OpenShift.

Plan for OpenShift on Google Cloud Stay organized with collections Save and categorize content based on your preferences.