You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Enrich landing page narrative with workshop journey detail.
Expand the pattern overview with hub-spoke architecture summary,
service mesh traffic flow, OpenShift AI MaaS, Kuadrant API gateway,
and detailed workshop dual-track description aligned with the
Hybrid Mesh AI Showroom content.
Signed-off-by: Maximiliano Pizarro <maximiliano.pizarro.5@gmail.com>
Co-authored-by: Cursor <cursoragent@cursor.com>
Copy file name to clipboardExpand all lines: content/patterns/hybrid-mesh-platform/_index.md
+42-16Lines changed: 42 additions & 16 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -41,31 +41,50 @@ contributor:
41
41
42
42
> **Your journey:** This platform deploys in one `helm upgrade`, connects three OpenShift clusters (hub + east + west), and shows IoT sensor data across Grafana and Developer Hub within about 30 minutes. The pages below follow one continuous story — concept, install, operate, scaffold — so you can read straight through or jump to any chapter.
43
43
44
-
**Hybrid Mesh Platform** is a multi-cluster GitOps platform using Red Hat products. It implements a hub-spoke topology that centralizes governance with Red Hat Advanced Cluster Management (ACM), delivers [Industrial Edge](/patterns/industrial-edge/) workloads on regional spokes, uses OpenShift Service Mesh in ambient mode for east-west connectivity, layers Connectivity Link (Kuadrant) for API-aware ingress policy, exposes Grafana dashboards for cross-cluster visibility, and integrates Advanced Cluster Security (ACS) for vulnerability and runtime protection.
44
+
## What is Hybrid Mesh Platform?
45
+
46
+
**Hybrid Mesh Platform** is a production-grade, multi-cluster GitOps reference architecture that mirrors how Red Hat customers run hybrid cloud on OpenShift. It implements a **hub-spoke topology** where:
47
+
48
+
- A **hub cluster** (OpenShift on AWS) centralizes fleet governance with **ACM**, deploys via **OpenShift GitOps** (Argo CD), hosts the **Developer Hub** internal portal, runs **ACS Central** for security, aggregates observability in **Grafana**, and exposes cross-cluster services through a **Gateway API** hub gateway with circuit breaking.
49
+
- Two **spoke clusters** (east and west) execute **Industrial Edge** factory workloads — MQTT sensors, Kafka pipelines, ML inference, and dashboards — connected to the hub via a **Skupper Virtual Application Network** (no VPN or firewall changes).
50
+
-**OpenShift Service Mesh 3** in **ambient mode** (no sidecars) provides ztunnel-based L4 encryption and optional waypoint L7 policy across all clusters.
51
+
-**Connectivity Link (Kuadrant)** layers API-aware ingress policies — rate limiting, auth, DNS/TLS automation — on top of Gateway API.
52
+
53
+
The result is a reference design you can adopt, extend, or customize for factory IoT, fleet management, or any workload that requires centralized governance with distributed execution.
45
54
46
55
**Tested on:** Red Hat OpenShift Container Platform **4.20** on **AWS** (hub + east spoke + west spoke, multinode 3 workers each). Compatible with 4.14+ per cluster.
47
56
48
57
**Current release:**[ocp-420-v5](https://github.com/maximilianoPizarro/platform-hub-spoke-config/releases/tag/ocp-420-v5) — Camel Dashboard on east/west spokes, Skupper token sync, Kafka Console broker DNS fixes.
49
58
50
59
Read **concept → mechanics → operations**: start with [Architecture](architecture), install via [Getting Started](getting-started), scaffold workloads via [Scaffolding](scaffolding), then use platform chapters (**Hub Gateway**, **Observability**, **Industrial Edge**) before drilling into the [pattern repository](https://github.com/maximilianopizarro/platform-hub-spoke-config).
This repository models a **GitOps-first platform** where:
63
+
_Hub cluster aggregates observability and Developer Hub; east and west spokes run Industrial Edge workloads connected via Service Interconnect (Skupper). Click the image to open the full diagram._
55
64
56
-
-**Hub cluster** runs ACM, OpenShift GitOps (Argo CD), observability aggregation, Developer Hub, ACS Central, Mailpit for notifications, and gateway-style HTTP routing with **circuit breaking** for shared services.
57
-
-**Spoke clusters** (east/west regions) host **Industrial Edge** patterns: sensor and MQTT-style ingestion, Kafka pipelines, optional ML scoring, and dashboards fed by Prometheus-compatible metrics.
58
-
-**Service Mesh 3 ambient** reduces sidecar overhead while retaining ztunnel-based L4 and waypoint-based L7 policy where needed.
59
-
-**Hub Gateway** splits traffic into **front** and **API** services per spoke, with per-service **circuit breaking** via `DestinationRule`.
60
-
-**Service Interconnect (Skupper)** bridges spoke services and metrics to the hub via a Virtual Application Network (VAN), without VPN or firewall changes.
61
-
-**Spoke Gateways** aggregate Industrial Edge services per spoke for simplified cross-cluster exposure.
62
-
-**Kiali + OSSM Console** provides service mesh topology visualization on every cluster via the OpenShift Console plugin.
63
-
-**Grafana dashboards** roll up cluster and application signals from all clusters.
64
-
-**ACS** provides centralized policy, CVE visibility, and SecuredCluster agents on spokes.
_Hub cluster aggregates observability and Developer Hub; east and west spokes run Industrial Edge workloads connected via Service Interconnect (Skupper). Click the image to open the full diagram._
69
+
-**Hub** runs: ACM, OpenShift GitOps (Argo CD), Developer Hub, OpenShift AI, Service Mesh control plane, Skupper, Kuadrant, ACS Central, Grafana, Kafka Console, and Kubecost.
The platform uses OpenShift Service Mesh 3 in **ambient mode** (no sidecars). Traffic between hub and spokes crosses a Skupper tunnel exposed via Gateway API:
76
+
77
+
-`HTTPRoute` resources on the hub split traffic to east/west backends (frontend 50/50, API pinned for Socket.IO session affinity)
-`AuthorizationPolicy` (zero-trust) restricts which service accounts can reach backends
80
+
81
+
## OpenShift AI — Model as a Service
82
+
83
+
The AI layer provides a shared LLM endpoint (MaaS) deployed on the hub via the OpenShift AI operator (`DataScienceCluster`). Any application that speaks the OpenAI REST API can consume MaaS without code changes — just point `OPENAI_API_BASE` to the in-cluster service.
84
+
85
+
## Kuadrant API gateway
86
+
87
+
Kuadrant manages API rate limiting and auth policies across the hub gateway. Per-user API keys scoped to plans enable controlled access to AI endpoints and workshop APIs via `APIProduct`, `AuthPolicy`, and `TokenRateLimitPolicy`.
@@ -96,9 +115,16 @@ Screenshots and architecture diagrams in the pattern repository support full-scr
96
115
97
116
**Next →**[Architecture](architecture) — understand how Git, ACM, and Skupper wire the three clusters together.
98
117
99
-
## Workshop
118
+
## Workshop — Hybrid Mesh AI
119
+
120
+
A dual-track **Hybrid Mesh AI Workshop** is available for this platform:
121
+
122
+
-**Part A (modules 01–05)** — Executive-oriented: hybrid cloud strategy, ROSA architecture, security at scale, AWS AI integration, and real customer cases.
123
+
-**Part B (modules 10–28)** — Fully hands-on on a live RHDP hub-spoke fleet: ACM fleet management, ambient mesh, Developer Hub scaffolding, Industrial Edge deployment, Kairos SmartScaling, observability, GitOps, Service Mesh, scalability (HPA + Kafka), network policies, ACS + Connectivity Link, FinOps (Kubecost), OpenShift AI, AI Gateway (MaaS + Kuadrant), and LLM/RAG patterns.
124
+
125
+
Each module targets a specific product area and includes a `verify` step to confirm work. The lab uses the same three-cluster topology documented here (hub + east + west on AWS).
100
126
101
-
A hands-on **Hybrid Mesh AI Workshop** (dual-track: executive strategy + hands-on lab) is available for this platform. It covers ACM fleet management, ambient mesh, Developer Hub scaffolding, OpenShift AI, Kuadrant API gateway, and FinOps — all on a live RHDP hub-spoke fleet. See the [workshop site](https://maximilianopizarro.github.io/platform-hub-spoke-config/workshop/) for agendaand registration.
127
+
See the [workshop site](https://maximilianopizarro.github.io/platform-hub-spoke-config/workshop/) for agenda, registration, and YAML snippets.
0 commit comments