Note:

• This tutorial requires access to Oracle Cloud. To sign up for a free account, see Get started with Oracle Cloud Infrastructure Free Tier.
• It uses example values for Oracle Cloud Infrastructure credentials, tenancy, and compartments. When completing your lab, substitute these values with ones specific to your cloud environment.

Enable Seamless Access to Red Hat OpenShift Container Platform on OCI from On-Premises to VCNs in the Same Region

Introduction

Remote connectivity to a Red Hat OpenShift Container Platform on Oracle Cloud Infrastructure (OCI) cluster enhances flexibility and operational efficiency by enabling centralized management and collaboration across distributed teams. It supports hybrid cloud set up, ensuring scalability and smooth communication. Secure connections also promote business continuity and cost efficiency, streamlining operations and maintaining resilient access across diverse network segments.

This tutorial guides users on connecting their on-premises environments and OCI VCNs within the same region to a Red Hat OpenShift Container Platform cluster. It covers networking configurations and best practices for establishing secure, seamless connectivity, ensuring optimal cluster performance across environments.

Architecture

• Red Hat OpenShift Container Platform cluster deployed in demo-openshift VCN with CIDR 10.73.0.0/16.

• We have carved a small subnet that is 10.241.20.0/28 on the Workload VCN which will require access to the Red Hat OpenShift Container Platform cluster URL.

• On-premises subnet 10.10.10.0/24 needs access to the Red Hat OpenShift Container Platform cluster URL.

Objectives

• Enable access to a Red Hat OpenShift Container Platform on OCI cluster from both on-premises environments and other OCI VCNs within the same region. Learn how to configure network settings that facilitate secure, reliable connectivity from their on-premises infrastructure to the Red Hat OpenShift Container Platform cluster. Additionally, this tutorial will cover how to establish connectivity between multiple OCI VCNs and the Red Hat OpenShift Container Platform cluster, creating a unified network.

• Gain an understanding of essential networking components such as DRG, and IPSec VPN, which are critical for achieving seamless integration between distributed environments and the Red Hat OpenShift Container Platform cluster. This tutorial aims to equip users with the knowledge needed to configure and maintain effective, secure network connections in a hybrid cloud setup.

  

Prerequisites

• The on-premises environment and OCI must be connected using an IPSec VPN or FastConnect with active connectivity.

• Both OCI VCNs should be connected to Dynamic Routing Gateways (DRG).

• Red Hat OpenShift Container Platform cluster deployed on native OCI.

• Note down the Red Hat OpenShift Container Platform cluster URL and the kubeadmin credentials.

• Create the subnet on the workload VCN and at the on-premises environment that needs connectivity to the Red Hat OpenShift Container Platform cluster URL.

• Post Red Hat OpenShift Container Platform on OCI deployment, as a part of the architecture we create two OCI load balancers. Note the IP address of the load balancer ending with app_apps_lb.

  

Task 1: Enable Red Hat OpenShift Container Platform on OCI VCN Domain Name System (DNS) Listener

1. Log in to the OCI Console, navigate to Networking, Virtual cloud networks, Virtual Cloud Networks Details and click the DNS resolver link.

   

2. Click Endpoints and enter the following information to create endpoint. Click Create endpoint.

   • Name: Enter openshift_listener.
   • Choose a subnet: Select the private subnet.
   • Endpoint type: Select Listening.
   • Listening IP address: Leave it blank.

   

   This will create a listener endpoint. Take a note of this IP as it will be needed in next task.

   

Task 2: Set up DNS Forwarder on the Workload VCN

In this task, we will create and enable DNS forwarder on the workload VCN.

1. Go to the OCI Console, navigate to Networking, Virtual cloud networks and click the workload VCN.

2. Click the DNS resolver link and Endpoints.

3. Click Create endpoint and enter the following information.

   • Name: Enter wrk_vcn_forwarder.
   • Choose a subnet: Select the private subnet.
   • Endpoint type: Select Forwarding.
   • Listening IP address: Leave it blank.

   

   This will create a forwarder endpoint.

   

4. Click Rules and Manage rules. Enter the following information and save.

   • Rule condition: Enter Domains.
   • Enter Source endpoint.
   • Destination IP address: Enter the Red Hat OpenShift VCN listener address that is 10.73.18.16.

   

   The following image shows the set up so far.

   

Task 3: Enable the Communication on Red Hat OpenShift VCN Private Subnet

1. Navigate to Networking, Virtual cloud networks, the OpenShift VCN private subnet, click Route Table Details and enable the communication on the route table.

2. Enter the on-premises and the workload VCN CIDR details pointing to DRG.

   

3. Allow the traffic using the security list.

   

Task 4: Enable Communication to the Red Hat OpenShift VCN from the Workload VCN

In this task, we will set up routing to the Red Hat OpenShift VCN.

1. Navigate to the appropriate subnet on the workload VCN.

2. Click the associated route table.

3. Add the Red Hat OpenShift VCN load balancer private IP address from Prerequisites section pointing to DRG.

4. Add the Red Hat OpenShift VCN DNS listener IP pointing to DRG.

   

5. Allow traffic using the security list.

   

   We should now be able to access and log in to the OpenShift Container Platform cluster URL from the workload VCN instances.

   

Task 5: Enable Communication to the Red Hat OpenShift VCN from the On-Premises Environment

As we already mentioned in the Prerequisites section:

• We need to have connectivity to the Red Hat OpenShift VCN.

• Required ports are allowed on the on-premises firewall.

We need to set up DNS forwarder at the on-premises DNS server, pointing to the Red Hat OpenShift VCN listener.

We should now be able to access and log in to the Red Hat OpenShift Container Platform cluster URL from the on-premises instance.

Acknowledgments

• Author - Vaibhav Tiwari (Cloud VMware Solutions Specialist)

More Learning Resources

Explore other labs on docs.oracle.com/learn or access more free learning content on the Oracle Learning YouTube channel. Additionally, visit education.oracle.com/learning-explorer to become an Oracle Learning Explorer.

For product documentation, visit Oracle Help Center.

---

Title and Copyright Information

Enable Seamless Access to Red Hat OpenShift Container Platform on OCI from On-Premises to VCNs in the Same Region

G15170-01

September 2024

Copyright ©2024,

Oracle and/or its affiliates.