<\/p>\n\n\n\n
Imagine a FinTech company<\/strong> (like a bank or payment platform) running critical apps.<\/p>\n\n\n\n They need:<\/p>\n\n\n\n They deploy OpenShift 4.14<\/strong> like this:<\/p>\n\n\n\n Example public routes:<\/p>\n\n\n\n \u2705 Minimal human error \u2705 OpenShift is NOT “just Kubernetes” \u2014 it’s Kubernetes plus everything companies need to run safely and scale.<\/strong><\/p>\n\n\n\n \u2705 OpenShift 4.14 keeps getting closer to pure Kubernetes<\/strong>, but still adds the real-world enterprise features<\/strong> Kubernetes users have to stitch together manually.<\/p>\n\n\n\n Imagine a FinTech company (like a bank or payment platform) running critical apps. They need: They deploy OpenShift 4.14 like this: \ud83e\udde9 Architecture Diagram (High Level) \ud83d\udd25 Infrastructure Components Layer… <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"_joinchat":[],"footnotes":""},"categories":[5153],"tags":[],"class_list":["post-49174","post","type-post","status-publish","format-standard","hentry","category-openshift"],"_links":{"self":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/49174","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/comments?post=49174"}],"version-history":[{"count":1,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/49174\/revisions"}],"predecessor-version":[{"id":49175,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/49174\/revisions\/49175"}],"wp:attachment":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/media?parent=49174"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/categories?post=49174"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/tags?post=49174"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}\n
\n\n\n\n\ud83e\udde9 Architecture Diagram (High Level)<\/h1>\n\n\n
+--------------------------+\n | External Clients |\n +--------------------------+\n |\n \u2193\n Load Balancer (F5\/AWS ALB)\n |\n \u2193\n +---------------------------------+\n | OpenShift 4.14 Cluster |\n | (3 Master + 6 Worker Nodes HA) |\n +---------------------------------+\n |\n +---------+---------+---------+---------+---------+\n | | | | | |\n Core Apps Microservices Monitoring GitOps\/CD Storage\n (e.g., API, (Payments, (Prometheus, (ArgoCD, (Ceph, EBS,\n Billing UI) Notifications) Grafana) Tekton) NetApp)\n<\/code><\/span><\/pre>\n\n\n
\n\n\n\n\ud83d\udd25 Infrastructure Components<\/h1>\n\n\n\n
Layer<\/th> Details<\/th><\/tr><\/thead> OpenShift Platform<\/td> OpenShift 4.14 running on AWS EC2 (or Bare Metal, Azure, GCP)<\/td><\/tr> Masters<\/td> 3 Control Plane nodes (HA)<\/td><\/tr> Infra Nodes<\/td> 2 nodes dedicated for ingress, monitoring, and registry<\/td><\/tr> Worker Nodes<\/td> 4+ nodes running application workloads<\/td><\/tr> Storage<\/td> EBS for dynamic PVCs, Ceph for persistent apps, S3 object storage<\/td><\/tr> Backup<\/td> Velero for backup and recovery<\/td><\/tr> Networking<\/td> OVN-Kubernetes CNI, secured Ingress, firewall\/VPC<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n
\n\n\n\n\ud83d\udee0 What Happens Inside the Cluster<\/h1>\n\n\n\n
Area<\/th> Description<\/th><\/tr><\/thead> Internal Image Registry<\/td> Apps built in CI pipelines are pushed here<\/td><\/tr> ImageStreams<\/td> Track versions of app images (dev \u2794 staging \u2794 prod)<\/td><\/tr> CI\/CD Pipelines<\/td> Tekton Pipelines build, test, and deploy automatically<\/td><\/tr> GitOps<\/td> ArgoCD monitors Git Repos and auto-syncs deployments<\/td><\/tr> Monitoring<\/td> Built-in Prometheus, Grafana, AlertManager<\/td><\/tr> Logging<\/td> Loki stack or EFK (Elasticsearch, Fluentd, Kibana)<\/td><\/tr> Operators<\/td> Certified operators installed for databases (Postgres, Mongo), monitoring, and security<\/td><\/tr> Security<\/td> SCCs enforced, Pod Security Admission, OAuth with SSO (Keycloak), network policies applied<\/td><\/tr> TLS everywhere<\/td> All apps exposed externally use Let’s Encrypt or company-provided TLS certificates via Ingress Controller<\/td><\/tr> Service Mesh (optional)<\/td> Istio\/Red Hat Service Mesh for complex apps needing traffic routing, retries, circuit breaking<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n
\n\n\n\n\ud83d\udce6 Application Lifecycle<\/h1>\n\n\n\n
Stage<\/th> What Happens<\/th><\/tr><\/thead> Dev Commit Code<\/td> Developer pushes code to GitHub\/GitLab<\/td><\/tr> CI Build<\/td> Tekton triggers build, builds container image<\/td><\/tr> Push to Dev<\/td> Image pushed to internal OpenShift registry, deployed to app-dev<\/code> project<\/td><\/tr>Promote to Staging<\/td> After tests pass, ImageStream tag promoted to app-staging<\/code><\/td><\/tr>Promote to Prod<\/td> Approval step (manual or automatic) \u2794 ImageStream tag promoted to app-prod<\/code><\/td><\/tr>Monitoring Alerts<\/td> Prometheus tracks app metrics, AlertManager sends Slack\/email alerts if thresholds are breached<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n
\n\n\n\n\ud83c\udf10 External Access<\/h1>\n\n\n\n
\n
App<\/th> Route<\/th><\/tr><\/thead> API Gateway<\/td> https:\/\/api.example.com<\/code><\/td><\/tr>Billing App<\/td> https:\/\/billing.example.com<\/code><\/td><\/tr>Admin Dashboard<\/td> https:\/\/admin.example.com<\/code><\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n
\n\n\n\n\ud83d\udd12 Security and Compliance Setup<\/h1>\n\n\n\n
Area<\/th> OpenShift Feature Used<\/th><\/tr><\/thead> Authentication<\/td> OAuth server integrated with SSO (Keycloak\/LDAP)<\/td><\/tr> Authorization<\/td> Role-based access control (RBAC) by projects\/namespaces<\/td><\/tr> Network Security<\/td> OpenShift NetworkPolicy to isolate apps<\/td><\/tr> Pod Security<\/td> SCCs (Security Context Constraints) enforced<\/td><\/tr> Vulnerability Scanning<\/td> Quay Clair or Prisma Cloud scans container images<\/td><\/tr> Compliance<\/td> OpenShift Compliance Operator runs CIS Benchmarks, PCI scans<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n
\n\n\n\n\ud83d\udcc8 Real Company Example Flow<\/h1>\n\n\n
Developer commits code \u2794\nTekton builds & tests \u2794\nArgoCD deploys to dev \u2794\nQA tests \u2794\nPromotion via ImageStream \u2794\nArgoCD syncs to production \u2794\nPrometheus monitors everything \u2794\nAlertManager informs on failures\n<\/code><\/span><\/pre>\n\n\n
\u2705 Rollbacks easy (previous image tags exist)
\u2705 Full GitOps-driven deployments
\u2705 Multi-cloud flexibility (AWS, Azure, GCP)<\/p>\n\n\n\n
\n\n\n\n\ud83c\udfaf Conclusion: Why Companies Use OpenShift 4.14<\/h1>\n\n\n\n
Reason<\/th> Explanation<\/th><\/tr><\/thead> Enterprise-ready Kubernetes<\/td> Certified platform with support<\/td><\/tr> Security first<\/td> Built-in SCC, OAuth, Compliance tools<\/td><\/tr> Automation native<\/td> GitOps, Pipelines, Operator Framework<\/td><\/tr> Multi-cloud \/ hybrid cloud<\/td> ROSA, ARO, or on-premises<\/td><\/tr> Easy cluster upgrades<\/td> Over-the-air OpenShift upgrades<\/td><\/tr> Developer happiness<\/td> Great GUI console, developer tools<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n
\n\n\n\n\ud83d\udccb Bonus: Technology Stack in This Company<\/h1>\n\n\n\n
Stack<\/th> Tools<\/th><\/tr><\/thead> CI\/CD<\/td> Tekton Pipelines, ArgoCD<\/td><\/tr> Monitoring<\/td> Prometheus, Grafana<\/td><\/tr> Logging<\/td> Loki or EFK<\/td><\/tr> Storage<\/td> EBS, Ceph, S3<\/td><\/tr> Service Mesh (optional)<\/td> Istio\/Red Hat Service Mesh<\/td><\/tr> SSO<\/td> Keycloak, LDAP<\/td><\/tr> Database<\/td> Operators for Postgres, MongoDB<\/td><\/tr> Security<\/td> Quay Clair, Prisma Cloud, SCCs, Compliance Operator<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n
\n\n\n\n\ud83d\ude80 That’s the Real World!<\/h1>\n\n\n\n
\n\n\n\n<\/h1>\n","protected":false},"excerpt":{"rendered":"