Red Hat OpenShift Virtualization High-Level Design

OpenShift Virtualization uses KVM, the Linux kernel hypervisor, to bring virtual machines as native objects to OpenShift. KVM is a core component of the Red Hat Enterprise Linux kernel and has been used in production for 15+ years in other hypervisor products, such as Red Hat Virtualization, Red Hat OpenStack Platform, and Red Hat Enterprise Linux. The KVM stack used by OpenShift incorporates the same KVM, QEMU, and libvirt components used by those platforms; OpenShift is a robust, stable, and scalable type-1 hypervisor for virtualization workloads.

Virtual machines are deployed and managed using the same scheduler used for non-virtual machine workloads. Native features like host affinity, resource awareness, load balancing, and high availability are all inherited from the native OpenShift features for non-virtual machine workloads.

Virtual machines connected to the cluster software-defined network (SDN) are accessible using standard Kubernetes methods, including services and routes, while also being subject to controlling traffic using network policy and ingress/egress configuration. This provides robust methods for enabling access to virtual machines from inside and outside the cluster, along with platform-level security controls for managing access to VM-hosted applications.

For environments like the financial company where the initial focus is migrating virtual machines with minimal changes, OpenShift Virtualization also has full support for directly attaching virtual machine interfaces to VLAN-tagged datacenter networks through bridge networking and optionally SR-IOV virtual function passthrough. This allows for the migration of a virtual machine’s network identity (IP and MAC address) to greatly reduce the risk and effort associated with “lift and shift” style migrations.

Because it is a fully-featured application platform and not just a virtualization solution, OpenShift necessarily has more infrastructure overhead than the incumbent vSphere solution. In order to minimize the additional overhead, OpenShift supports a feature called hosted control planes (HCP) which allows for the control plane workloads of multiple OpenShift clusters to run on a shared management cluster (“Foundation” cluster in this design).

The proposed data center design for the financial company makes use of HCP to minimize additional overhead and isolate control plane workloads from potential data plane and storage array outages. This design also allows for the financial company to support their current “Two SPOF” or two failure-domain model for workloads in the short term while the foundation cluster has three failure domains. The datacenter can then be easily converted to a “Three SPOF” or three failure-domain model for workloads through scaling operations rather than redeployment of clusters.