Red Hat OpenShift Connectors Service Definition
Introduction
Red Hat OpenShift Connectors is a user-friendly way to quickly build scalable and reliable pipelines for OpenShift Streams for Apache Kafka (RHOSAK) without writing a single line of code. OpenShift Connectors is a fully-hosted cloud service. The underlying platform is provisioned, automated, managed, and maintained by Red Hat.
OpenShift Connectors provides a mechanism to ingest or output data between third-party systems and Red Hat OpenShift Streams for Apache Kafka. It is available to customers who have entitlements to Red Hat OpenShift Streams for Apache Kafka and access to an Red Hat OpenShift Service on AWS (ROSA) cluster.
Prerequisites
-
Access to a Red Hat OpenShift Service on AWS cluster
-
Entitlement to Red Hat OpenShift Streams for Apache Kafka and a provisioned Kafka instance
Deployment models
OpenShift Connectors supports the deployment of Connectors instances on Red Hat OpenShift Service on AWS (ROSA) instances spanning multiple regions. Users with cluster administrator permissions can access and administer these ROSA instances. Cluster administrators can manually register other users or integrate clusters with an identity provider to allow other users to access the clusters.
Red Hat provides the following components for provisioning and monitoring tasks:
-
A web console
-
A dedicated
rhoascommand-line interface (CLI) tool -
A publically-available Connectors Service Fleet Manager REST API
Red Hat OpenShift Connectors is composed of a control plane and a data plane. The control plane contains components that manage the deployment of Connectors instances in the data plane. The data plane is the set of OpenShift clusters that a customer creates and that are managed by Red Hat.
Control plane components
The control plane contains the following components:
- Fleet Manager
- Identity and access management
- Metrics and monitoring
- User interface
- Service API
Data plane components
Connectors are deployed in a managed OpenShift environment that the customer owns.
The data plane contains the following components:
- Fleet Shard Synchronizer
- Fleet Shard Camel Operator
- Camel K Operator
- Fleet Shard Debezium Operator
- Strimzi Operator
- Connectors instances
- Metrics and monitoring
Cloud provider and region availability
Red Hat OpenShift Connectors is available only on Red Hat OpenShift Service on AWS (ROSA). For more details about AWS versions for OpenShift, refer to the Red Hat OpenShift Service on AWS Service Definition.
OpenShift Connectors is available in all of the configurations supported by Red Hat OpenShift Service on AWS: private, public, or public/private. It is critical for the customer to ensure that the Control Plane and other related Red Hat services are reachable from the ROSA cluster.
Connector visibility and secure transfer of data
All users within an OpenShift Cluster Manager (OCM) organization can see the Connectors instances created by members of that organization. However, only cluster administrators can access the Red Hat OpenShift Service on AWS (ROSA) cluster where the Connectors instances are deployed and inspect their logs.
OpenShift Connectors implements the protocols required to communicate with a diverse range of third-party systems. Most of these protocols include encryption to ensure the secure delivery of data, avoiding possible eavesdropping and/or alteration of the content. However, in cases when secure and insecure protocols are available (such as HTTPS and HTTP), it is up to the customer to choose the relevant protocol.
Guidance on environments
Red Hat recommends that users create a separate Connectors instance for each of their environments. That is, a user should use a separate Connectors instance for their development, stage, and production environments.
Connectors configuration
Users cannot modify the following default configurations of Connectors instances:
-
Each Connectors instance runs in a single pod without support for replication or horizontal scaling.
-
Operations related to provisioning and administering resources in the service are supported through the OpenShift Connector control plane interfaces (user interface, API, and CLI).
Required resources
The base components for Red Hat OpenShift Connectors require less than 1.4 CPUs (1400m) and less than 2.5GB memory. The requested amount of CPU and memory resources might increase when running a large number of connectors.
The following table shows the minimal requested resources and resource limits for the OpenShift Connectors base components.
| Operator | CPU - Requests | CPU - Limits | Memory |
|---|---|---|---|
| Fleetshard-Sync | 100m | 1000m | 400Mi |
| Debezium Operator | 500m | 1000m | 512Mi |
| Camel Operator | 500m | 1000m | 600Mi |
| Strimzi | 100m | 1000m | 384Mi |
| Camel-K | 100m | 1000m | 256Mi |
| Observability Controller Manager | 100m | 100m | 500Mi |
Additional CPU and memory is needed for every running connector. The amount depends on the connector type and the processed data (for example,. the number of captured tables and topics, data size, and the number of events).
Performance
In the event that application and client performance do not meet a customer’s expectations, the customer should contact Red Hat Support. Red Hat support can help diagnose and resolve performance issues.
Identity and access management
Red Hat OpenShift Connectors supports authentication and authorization for users (user identity) and Kafka client applications (service accounts).
User identity
User identity is authenticated and authorized by using Red Hat Single Sign-On (SSO), based on a customer or organization's Red Hat identity. The user identity allows a user to access the OpenShift Connectors service user interface, APIs, and CLI.
Service accounts
OpenShift Connectors access Kafka instances through an authenticated service account. A service account isolates and identifies each Connectors instance’s access to the Kafka instance by providing access credentials (client ID and secret).
A user can create multiple service accounts to isolate different Connectors instances from accessing a specific Kafka instance.
Third party
OpenShift Connectors access third party systems by using authentication and authorization options provided by the third party systems. These mechanisms can vary across different third party systems.
Updates and upgrades to OpenShift Connectors
Red Hat will make a commercially reasonable effort to notify customers prior to updates and upgrades that impact OpenShift Connectors. The determination of the need for a Connectors update and the timing thereof are the sole responsibility of Red Hat.
Customers do not have control over when a Connectors update occurs.
Upgrades to the version of Camel K and Debezium used in OpenShift Connectors are considered part of a Connectors update.
Upgrades aim to preserve overall Connectors availability, but may temporarily impact performance.
Service availability
With a subscription, Red Hat maintains a 99.95% availability for its cloud application services, including the underlying Red Hat OpenShift Service on AWS environment.
For more information, refer to Appendix 4 (Online Subscription Services) of the Red Hat Enterprise Agreements.
Security and compliance
OpenShift Connectors are deployed on Red Hat OpenShift service on AWS (ROSA) instances. The underlying environment follows common industry best practices for security and controls. The certifications are outlined here.
At a future date, OpenShift Connectors itself will also be certified against some of these security and compliance protocols.
Metrics and logging
Service metrics
Service metrics are internal only. They are used by Red Hat to provide and maintain the service at agreed levels. Service metrics are accessible to Red Hat authorized personnel only.
Service logging
System logs for Control plane components of OpenShift Connectors are internal and available only to Red Hat personnel. Logs for Data plane components can be accessed by Red Hat personnel and OpenShift Dedicated cluster administrators.
Log retention is a customer-owned activity. The customer can install the Cluster Logging Operator from OperatorHub by following the steps described in Installing logging add-on services.
Backup and disaster recovery
If Connectors instances are deleted inadvertently during a system error, the system automatically recreates the instance. In case the OpenShift Dedicated cluster goes down, a cluster administrator must use the registration ID to re-install the OpenShift Connectors add-on. Re-installing the add-on allows the system to automatically recreate the Connectors instances associated with the ID.
In the event of a catastrophic failure, Red Hat site reliability engineers (SREs) will use a commercially reasonable approach to recover the Connectors add-on and data.
User-initiated operations might involve the deletion of Connectors instances or artifacts.
Recovery from any potentially destructive operations are the sole responsibility of the customer.
Getting Support
Red Hat OpenShift Connectors is a premium offering. With a subscription for the add-on installed on Red Hat OpenShift on AWS (ROSA), you have full access to the Red Hat Customer Portal with 24x7 production and developer-level support.
Whenever users have a question or issue, they can file a ticket that specifies Red Hat OpenShift Connectors as the service category.
For more details, see the Production Support Terms of Service.