Diagram library

OpenShift fleet diagrams

This section is the visual catalogue for architecture, traffic flow, GitOps ownership, DR activation, and application onboarding diagrams.

Index

Diagram rows

Core diagrams

Core 01 Fleet topology Shows hub-dc, hub-dr, spoke-dc, spoke-dr, and core external dependencies used by OpenShift operations. Open full page
Core 02 Network and DNS flow Explains public DNS, Cloudflare, edge ingress, OpenShift ingress, routes, and app hostnames. Queued
Core 03 Cluster role model Explains what belongs on hubs versus spokes: ACM, GitOps, RHACS, OADP, workloads, mesh, and monitoring. Queued
Core 04 GitOps architecture Shows the Git source, app-of-apps, cluster-config apps, workload repo, overlays, and Argo CD sync flow. Queued
Core 05 Operator placement Matrix-style view showing which operators run on hubs or spokes and why. Queued
Core 06 Secrets and Vault flow Shows external Vault, Kubernetes auth mounts, ESO SecretStore, ExternalSecret, and target app secrets. Queued
Core 07 Observability architecture Shows ACM Observability collectors, hub Thanos/Grafana, object storage buckets, and user workload monitoring on spokes. Queued
Core 08 Backup and DR architecture Shows OADP, ACM backup, MinIO buckets, hub-dc to hub-dr activation path, and restore ownership. Queued
Core 09 Image mirror and pre-pull path Shows pull sources, hub image pre-pull, future mirror registry, IDMS/ITMS, and disconnected recovery risk. Queued
Core 10 Service Mesh ambient architecture Shows OSSM 3 Sail Operator, Istio, IstioCNI, ztunnel, and app namespace ambient opt-in. Queued

Application diagrams

App 11 Java/JBoss app runtime Shows namespace, Deployment, Service, Route/Gateway, configuration, probes, and policy boundaries. Queued
App 12 Java/JBoss app GitOps flow Shows app source repo, image build, registry, workload repo, and Argo sync to spokes. Queued
App 13 Application external dependency policy Shows how OpenShift workloads document required egress, secrets, routes, and network policy for any approved external dependency. Queued
App 14 App secret onboarding Shows how a new app gets Vault policy, ESO objects, Kubernetes Secret, and runtime environment or config. Queued
App 15 App DR placement Shows active app placement on spoke-dc, standby options on spoke-dr, and backup/restore or active-passive choices. Queued

Operations diagrams

Ops 16 Hub DR activation runbook Step-by-step gate view for backup freshness, hub-dr restore, ownership validation, and abort paths. Queued
Ops 17 Backup freshness alert flow Shows Velero and ACM backup metrics, PrometheusRules, alert path, and DR drill gate. Queued
Ops 18 Governance PolicySet model Shows ACM policies, placement, PolicySets, and compliance reporting across hubs and spokes. Queued
Ops 19 Storage topology Shows hub LVMS, spoke ODF/localblock, ACM Observability PVCs, and MinIO object storage. Queued
Ops 20 Security posture Shows RHACS Central/SecuredCluster, admission control, image scanning, and policy enforcement. Queued

Next: GitOps model