Currently there is no official Azure Red Hat OpenShift (ARO) Reference Architecture that showcases how to deploy ARO in a typical enterprise environment. This may create confusion among customers on how to deploy ARO securely, integrate with various Azure services for securing ingress/egress traffic, monitoring, identity, etc. In light of these challenges, we are in process of publishing an official ARO Landing Zone Accelerator soon similar to AKS Landing Zone Accelerator.
Intent of this blog is to showcase Azure Red Hat OpenShift (ARO) Reference Architecture and Reference Implementation. This will allow customers to gain confidence and deploy ARO following some of the recommended best practices.
This Reference Architecture (RA) shows integrating ARO with several Azure services such as Azure Front Door + WAF for securely handling ingress traffic, Firewall for inspecting egress traffic to avoid data exfiltration, and Azure Active Directory for Role Based Access Control and so on. Also, this RA provides several recommended best practices for ARO deployment, from Networking best practices that supports multi-region growth, on-boarding the cluster on to Arc and enabling Container Insights to monitor the cluster and workload.
Entire Reference Implementation on how to deploy above mentioned Reference Architecture using Azure CLI can be found under deployment folder in this GitHub repo. Yes, it's not just a pretty architecture diagram, you can fully deploy the same using the scripts. Bicep & Terraform modules are under work in progress.
Credit goes to Victor Santana, Srikant Sarwa, Srini Padala & Melissa Verduci who helped immensely in putting together this Reference Architecture & Reference Implementation. Also, thanks to Sean McKenna, Kavitha Gowda, Rahul Mehta, Jim Zimmerman, Stuart Kirk & Tommy Hamilton for reviewing the same.