news and updates onred hat openshift strategy –docker red hat headed towards a world without...

News and Updates on

OpenShift Container Platformfor Linux on Z & LinuxONE

Hendrik BrücknerManager Linux on Z DevelopmentRed Hat Partner Engineer for RHEL & OpenShift on ZIBM DE R&D GmbH

OpenShift on IBM Z & LinuxONE / March 2020 / © IBM Corp. 2019, 2020 1

Trademarks


TrademarksThe following are trademarks of the International Business Machines Corporation in the United States and/or other countries.

Notes:

Performance is in Internal Throughput Rate (ITR) ratio based on measurements and projections using standard IBM benchmarks in a controlled environment. The actual throughput that any user will experience will vary

depending upon considerations such as the amount of multiprogramming in the user's job stream, the I/O configuration, the storage configuration, and the workload processed. Therefore, no assurance can be given

that an individual user will achieve throughput improvements equivalent to the performance ratios stated here.

IBM hardware products are manufactured from new parts, or new and serviceable used parts. Regardless, our warranty terms apply.

All customer examples cited or described in this presentation are presented as illustrations of the manner in which some customers have used IBM products and the results they may have achieved. Actual

environmental costs and performance characteristics will vary depending on individual customer configurations and conditions.

This publication was produced in the United States. IBM may not offer the products, services or features discussed in this document in other countries, and the information may be subject to change without notice.

Consult your local IBM business contact for information on the product or services available in your area.

All statements regarding IBM's future direction and intent are subject to change or withdrawal without notice, and represent goals and objectives only.

Information about non-IBM products is obtained from the manufacturers of those products or their published announcements. IBM has not tested those products and cannot confirm the performance, compatibility, or

any other claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products.

Prices subject to change without notice. Contact your IBM representative or Business Partner for the most current pricing in your geography.

This information provides only general descriptions of the types and portions of workloads that are eligible for execution on Specialty Engines (e.g, zIIPs, zAAPs, and IFLs) ("SEs"). IBM authorizes customers to use

IBM SE only to execute the processing of Eligible Workloads of specific Programs expressly authorized by IBM as specified in the “Authorized Use Table for IBM Machines” provided at

www.ibm.com/systems/support/machine_warranties/machine_code/aut.html (“AUT”). No other workload processing is authorized for execution on an SE. IBM offers SE at a lower price than General

Processors/Central Processors because customers are authorized to use SEs only to process certain types and/or amounts of workloads as specified by IBM in the AUT.

* Registered trademarks of IBM Corporation

Linux is a registered trademark of Linus Torvalds in the United States, other countries, or both.

Microsoft, Windows, Windows NT, and the Windows logo are trademarks of Microsoft Corporation in the United States, other countries, or both.

OpenStack is a trademark of OpenStack LLC.

Red Hat, JBoss, OpenShift, Fedora, Hibernate, Ansible, CloudForms, RHCA, RHCE, RHCSA, Ceph, and Gluster are trademarks or registered trademarks of Red Hat, Inc. or its subsidiaries in the United States and other countries.

VMware, the VMware logo, VMware Cloud Foundation, VMware Cloud Foundation Service, VMware vCenter Server, and VMware vSphere are registered trademarks or trademarks of VMware, Inc. or its subsidiaries in the United States and/or other

jurisdictions.

Other product and service names might be trademarks of IBM or other companies.

API Connect*Aspera*CICS*

Cloud Paks

IBM*

IBM (logo)*

IBM Cloud*

ibm.com*

IBM Z*

IMS

LinuxONE

MobileFirst*

Power*

Power Systems

WebSphere*

z13*

Cognos*

DataPower*

Db2*

FileNet*

z13s*

z/OS*

z/VM*

http://www.ibm.com/systems/support/machine_warranties/machine_code/aut.html

About me

Linux on IBM Z®

• 12 years Linux on Z kernel development

• Linux on Z development team lead

• Manager of Linux on Z kernel and cloud team


About me

Linux on IBM Z®

• 12 years Linux on Z kernel development

• Linux on Z development team lead

• Manager of Linux on Z kernel and cloud team


Red Hat

• Partner Engineer for RHEL/OCP on Z

• 10 years in service

• Responsible for RHEL on Z

• Focus on OpenShift for Z since acquisition

Contents

• Introduction IBM Hybrid Multi-Cloud Strategy• OpenShift 4 in a Nutshell• Overview OpenShift Container Platform OCP 4.2 for IBM Z & LinuxONE


6

IBM® Hybrid Multicloud Strategy

Foundation

Infrastructure

Advise Move Build Manage

Certified Offerings

Open Hybrid MulticloudPlatform

Common Services

OpenShift

Mesh/Serverless/Tekton/…

RHEL/CoreOS

Cloud Paks

ApplicationsData Integration AutomationMulticloud

Management

Services

6

IBM Cloud®Edge Private

Creating the world’s leading hybrid cloud provider

IBM Z®

IBM LinuxONE™

IBM Power Systems™

OpenShift on IBM Z & LinuxONE / March 2020 / © IBM Corp. 2019, 2020

IBM + Red Hat deliver industry’s only true hybrid multicloudplatform


Traditional workloads

AWS Microsoft GoogleIBM + Red Hat

Limitedfeature support

Azure StackGoogleAnthos

Limited feature support

PublicCloud

PrivateCloud

Traditional on-premises

Limited connectivity in

storage/data movement

Connectivity confined to

Microsoft products

No connectivity𝙓

Extensivemulticloud governance/mgmt.

↻

IBM Private Cloud

OpenShiftAWS Azure OpenShiftGoogleCloud

AWS Outposts

OpenShiftIBM Public CloudOpenShift optimized

OpenShift

In a nutshell

OpenShift Container Platform as base for IBM CloudPaks


Red Hat OpenShift Container Platform 4In a Nutshell

Installation paradigms (Day 1)

• Installer-Provisioned Infrastructure (IPI) –OpenShift installer provisions infrastructure component on supported platforms

• User-Provisioned Infrastructure (UPI) –Platform administrator has to pre-provision infrastructure components

Installation based on RHEL CoreOS

• CoreOS is a pre-mastered image being tailored by Ignition technology

• Required for OCP master nodes (control planes)

Kubernetes-native Day 2 Management

• Operators codify operational knowledge and workflows to automate (e2e) life-cycle management of containerized applications


Introduction to RHEL CoreOS (RHCOS)

Immutable container host based on RHEL 8

• CoreOS is tested and shipped in conjunction with the OpenShift platform

• Immutable and tightly integrated with OpenShift

• Self-managing, over-the-air updates

• Host isolation is enforced via Containers and Security Enhanced Linux (SELinux)

CoreOS is operated as part of the cluster with config for components managed by operators.


Red Hat OpenShift Strategy – Docker


Red Hat headed towards a world without Docker

OpenShift dedicated customers will not have Docker

• Standalone dependencies on modern Docker engines will not be allowed

• This means Container images built/packaged and tested with Docker can be reused and, eventually, be adjusted; but runtime dependencies will most likely be rejected

Red Hat OpenShift Strategy – Docker

Red Hat headed towards a world without Docker

• cri-o is only one component (the Kubernetes CRI runtime) of OpenShift

• RHEL will not deliver a modern Docker engine

• Red Hat will replace it with:

• podman (docker client compatible CLI)

• skopeo (registry)

• buildah (docker build)


14

Red Hat OpenShift 4


IBM Software as Cloud Paks – Middleware anywhere

Enterprise-grade, modular middleware solutions giving clientsan open, faster, more reliable way to move, build, and manage on the cloud


IBM Certified ContainersContainerized, security-compliant IBM middleware

and Open Source components

Core operational servicesLogging, monitoring, metering, persistent storage,

security, identity access management.

Container platformKubernetes-based and portable

15

Cloud Paks® Components / Core Services Core services: Cloud Paks decide which services to include

Cloud Pak for Applications

Cloud Pak for Automation

Cloud Pak for Integration

Cloud Pak for Data

Cloud Pak for Multicloud

Management

• Audit• Cert Manager• System Healthcheck

service• Visual Web Terminal (KUI)• Console UI• CLI

• Monitoring • Metering• IAM• Installer

• Key Management• KMS Plug-in• Image Signing Service• Secure Token Service• Vulnerability Advisor• Mutation Advisor

IBM public cloud Amazon Web

ServicesMicrosoft ® Azure ® Google Cloud Edge Private IBM Z

IBM LinuxONE

IBM Power Systems

These enterprise platforms bring industry-leading security and resiliency to help

accelerate the rich IBM software ecosystem that is necessary for enterprise clients to

adopt hybrid multicloud for their mission-critical workloads.

IBM Z/LinuxONE Roadmap

Limited Availability – NowFull Support – 2Q 2020*

Manage-to – 2Q 2020*Manage-from - 3Q 2020*

Target – 2H 2020* Target – 2Q 2020* Target – 3Q 2020*

*Statements by IBM regarding its plans, directions, and intent are subject to change or withdrawal without notice at the sole discretion of IBM

Build, deploy, and run

applications

Collect, organize,

and analyze data

Multicloudvisibility,

governance, and automation

Integrate applications,data, cloud

services,and APIs

Transform business

processes, decisions,

and content

Core Services Core Services Core Services Core Services Core Services


OpenShift Container Platform 4.2 for IBM Z & LinuxONE


Where can you download OCP?


Where can you download OCP?

try.openshift.comcloud.redhat.com

GA11. Feb. 2020


What our clients are saying

• Clients are adopting OpenShift on Linux on Z

• Workload modernization and hybrid cloud environment with OpenShift on Linux on Z is where some clients see the key value

• Clients want to work with a homogenous solution across their IT environment and OpenShift is the key enabler

• The agility and automation enabled with Red Hat offerings are other areas of interest

We currently have across industries actively engaged in trying OpenShift Container Platform on Z


What does OpenShift on IBM Z & LinuxONE look like?


What are the smallestOpenShift Container Platform cluster requirements?


OCP smallest cluster requirements

A smallest OCP cluster requires:

• One (temporary) bootstrap machine

• Two machines becoming worker nodes

• Three machines becoming master nodes (control planes)

Use the bootstrap machine to install and deploy the OCP cluster on the three master and two worker nodes.

• You can remove the bootstrap machine after the installation completed.

• The bootstrap machine, master and worker machines must use RHEL CoreOS (RHCOS) as operating system.

A deployment server is required unless the existing infrastructure can provide services like:

• FTP/HTTP for installation files (e.g. ignition)

• NFS and/or DNS


Component Overview – Initial OCP 4.2 release


IBM Z / LinuxONE LPAR 1

z/VM Hypervisor

OCPMasterNode

RHELCoreOS

OCPMasterNode

RHELCoreOS

OCPMasterNode

RHELCoreOS

OCPWorkerNode

RHELCoreOS

OCPWorkerNode

RHELCoreOS

z/VM Hypervisor

IBM Z / LinuxONE LPAR 2

OCP 4.2 initial release

• Minimum configuration

• 1 LPAR

• z/VM Hypervisor

• OCP cluster nodes run as guest virtual machines

• LPAR/KVM support subject to future releases

OCP 4.2 on ZTechnical Fact Sheet

Minimum System Requirements

• IBM z13/z13s and later, and IBM LinuxONE

• 1 LPAR with z/VM 7.1 using 3 IFLs, 80+GB

• FICON or FCP attached disk storage

• OSA, RoCE, z/VM VSwitch networking

Preferred Systems Requirements for High-Availability

• 3 LPARs with z/VM 7.1 using 6 IFLs, 104+GB


Feature Overview

• RHEL CoreOS only

• User-provisioned infrastructure (UPI)

• NFS-based persistent storage

z/VM

Sample operational OCP on z/VM Layout


Notes• DHCP server/relay is not

required for static IP configurations.

API ETCD

Storage

API ETCD

Storage

MasterNodes

API ETCD

Storage

Router

Worker nodes

Router Registry

Storage

App 1 App 2

Storage

LocalDASD/FCP

LocalDASD/FCP

NFS LocalDASD/FCP

NFS

External network

RouterLoad Balancer

DHCP NFS

OpenShift SDN

DNS

What are the hardware and software requirements?


MinimumSystem Requirements

Hardware Capacity

• 1 LPAR with 3 IFLs supporting SMT2

• 1 OSA and/or RoCE card

Operating System

• z/VM 7.1

• 3 VMs for OCP Master Nodes

• 2 VMs for OCP Worker Nodes

• 1 VM for temporary OCP Bootstrap Node

Disk storage

• FICON attached disk storage (DASDs)

• Minidisks, fullpack minidisks, or dedicated DASDs

• FCP attached disk storage

Network

• Single z/VM virtual NIC in layer 2 mode, one of

• Direct-attached OSA or RoCE

• z/VM VSwitch

Memory

• 16GB for OCP Master Nodes (Control Planes)

• 8GB for OCP Worker Nodes

• 16GB for OCP Bootstrap Node (temporary)


PreferredSystem Requirements

Hardware Capacity

• 3 LPARs with 6 IFLs supporting SMT2

• 1-2 OSA and/or RoCE card

Operating System

• z/VM 7.1 – 3 instances for HA purposes

• 3 VMs for OCP Master Nodes (one per instance)

• 6+ VMs for OCP Worker Nodes (across instances)

• 1 VM for temporary OCP Bootstrap Node

Disk storage

• FICON attached disk storage (DASDs)

• Minidisks, fullpack minidisks, or dedicated DASDs

• FCP attached disk storage

Network

• Single z/VM virtual NIC in layer 2 mode, one of

• Direct-attached OSA or RoCE

• z/VM VSwitch (using OSA link aggregation to increase bandwidth and high availability)

Memory

• 16+ GB for each OCP Master Node (Control Planes)

• 8+ GB for each OCP Worker Node

• 16GB for the OCP Bootstrap Node (temporary)

• For sizing details, see also https://docs.openshift.com/container-platform/4.2/scalability_and_performance/recommended-host-practices.html#master-node-sizing_


https://docs.openshift.com/container-platform/4.2/scalability_and_performance/recommended-host-practices.html#master-node-sizing_

PreferredArchitecture Overview

Notes

• Distribute OCP master nodes (control planes) to different z/VM instances on one or more IBM Z / LinuxONE servers to achieve HA and cover service outages/windows


IBM Z / LinuxONE

z/VM LPAR

z/VM Control Program (CP)

OCPMasterNode

RHELCoreOS

OCPWorkerNode

RHELCoreOS

OCPWorkerNode

RHELCoreOS

z/VM LPAR


OCPMasterNode

RHELCoreOS

OCPWorkerNode

RHELCoreOS

OCPWorkerNode

RHELCoreOS

z/VM LPAR


OCPMasterNode

RHELCoreOS

OCPWorkerNode

RHELCoreOS

OCPWorkerNode

RHELCoreOS

OSA / RoCE

OSA / RoCE

OSA / RoCE

Software Configuration forOpenShift Container Platform

Infrastructure Services (Pre-requisites)

• DHCP server or static IP addresses

• DNS server

• Load balancers (optional but preferred)

• Deployment server for installation (temporary)

• Internet connectivity

Operating System

• RHEL CoreOS for Master and Bootstrap Nodes

• RHEL CoreOS only for Worker Nodes

Persistent Storage

• NFSv4 server with >100GB disk storage

• 100GB for internal registry at minimum

Bootstrap and Master Nodes (Control Planes)

• 4 vCPUs

• 16+ GB main memory

• 120GB disk storage

Worker Nodes (+ depending on workload)

• 2+ vCPUs (1+ IFLs with SMT2 enabled)

• 8+GB main memory

• 120GB disk storage

Reference about OCP cluster limits

• https://docs.openshift.com/container-platform/4.2/scalability_and_performance/planning-your-environment-according-to-object-limits.html


https://docs.openshift.com/container-platform/4.2/scalability_and_performance/planning-your-environment-according-to-object-limits.html

MinimumArchitecture Overview – Network Option 1

Use single vNIC for z/VM guest virtual machines

• Direct-attached OSA or RoCE to each guest virtual machine

OCP uses this 1 vNIC for two networks

• External communication

• Internal communication –software-defined network for Kubernetes pod communication


IBM Z / LinuxONE

z/VM LPAR


OCPMasterNode

RHELCoreOS

OCPMasterNode

RHELCoreOS

OCPMasterNode

RHELCoreOS

OCPWorkerNode

RHELCoreOS

OCPWorkerNode

RHELCoreOS

OSA / RoCE

MinimumArchitecture Overview – Network Option 2

Use single vNIC for z/VM guest virtual machines

• z/VM VSwitch with OSA (optionally, using link aggregation)

OCP uses this 1 vNIC for two networks

• External communication

• Internal communication –software-defined network for Kubernetes pod communication


IBM Z / LinuxONE

z/VM LPAR


OCPMasterNode

RHELCoreOS

OCPMasterNode

RHELCoreOS

OCPMasterNode

RHELCoreOS

OCPWorkerNode

RHELCoreOS

OCPWorkerNode

RHELCoreOS

VSwitch

OSA

MinimumArchitecture Overview – Disk Storage Options for Installation

Disk storage considerations

• Minidisks are a z/VM virtual resources and represent smaller chunks on a DASD; Linux sees them as individual disks (DASDs)

• Consider HyperPAV for ECKD storage

• DASDs/FCP devices can be dedicated to a z/VM guest ("pass-through")

• Consider using FCP multipath installations (future)


IBM Z / LinuxONE

z/VM LPAR


OCPMasterNode

RHELCoreOS

OCPMasterNode

RHELCoreOS

OCPMasterNode

RHELCoreOS

OCPWorkerNode

RHELCoreOS

OCPWorkerNode

RHELCoreOS

FCPFCP

FCPFCP

FCPECKD

MinidiskMinidisk

Shared disk storage considerations

Required shared disk storage

• Internal registry (container images)

Use cases for shared disk storage

• Shared data pool for container instances (persistent container storage)

• Application or workload specific use cases

Shared disk storage options in the initial release

• NFS only

Shared disk storage options in future releases

• IBM Spectrum Scale

• IBM Storage Server support through CSI providers

• Red Hat OpenShift Container Storage (OCS) based on Ceph distributed file system, Rook (operator), Noobaa (Multi-storage gateway)


News on OCP 4.2 Performance


Acme Air Density on OpenShift Container Platform 4.2 on z15 versus x86 Skylake

IBM Z / © 2020 IBM Corporation

DISCLAIMER: Performance results based on IBM internal tests running the Acme Air microservice benchmark(https://github.com/blueperf/acmeair-mainservice-java) on OpenShift Container Platform (OCP) 4.2.19 on z15using z/VM versus on compared x86 platform using KVM. The z/VM and KVM guests with the OCP Master nodeswere configured with 4 vCPUs and 16 GB memory each. The z/VM and KVM guests with the OCP Worker nodeswere configured with 16 vCPUs and 32 GB memory each. Results may vary. z15 configuration: The OCP Proxyserver ran native LPAR with 4 dedicated IFLs, 64 GB memory, RHEL 8.1 (SMT mode). The OCP Master and Workernodes ran on z/VM 7.1 in a LPAR with 30 dedicated IFLs, 160 GB memory, and DASD storage. x86 configuration:The OCP Proxy server ran on 4 Intel® Xeon® Gold 6126 CPU @ 2.60GHz with Hyperthreading turned on, 64 GBmemory, RHEL 8.1. The OCP Master and Worker nodes ran on KVM on RHEL 8.1 on 30 Intel® Xeon® Gold 6140CPU @ 2.30GHz with Hyperthreading turned on, 160 GB memory, and RAID5 local SSD storage.

OpenShift Container Platform (OCP)

Run up to 2.5x more Acme Air benchmark instances per core on OpenShift Container Platform 4.2 on z15 using z/VM versus on a compared x86 platform using KVM, each processing an identical transaction load

x86 server

z15

Guest 4(4 vCPU,

16GB memory)

Guest 4(4 vCPU,

16GB memory)

Guest 1 (16 vCPU,

32GB memory)

Guest 1 (16 vCPU,

32GB memory)

zHypervisor

z/VM 7.1 in LPAR30 IFLs, 160 GB memory

Guest 4 - 6each 4 vCPU,

16 GB memory

OCP Master

x86 server (4 cores, 64 GB memory)

Guest 1 - 3each 16 vCPU,32 GB memory

OCP Worker with

5 Acme Air instances

Compared x86 Platform

KVM on RHEL 8.1 30 cores, 160 GB memory

z15 LPAR (4 IFLs, 64 GB memory)

Proxy / Balancer

x86 serverx86 server 1 - 3

JMeterWorkload Driver

x86 serverx86 server

x86 server 1 - 3

Guest 4(4 vCPU,

16GB memory)

Guest 4(4 vCPU,

16GB memory)

Guest 1 (16 vCPU,

32GB memory)

Guest 1 (16 vCPU,

32GB memory)


16 GB memory

OCP Master


OCP Worker with

2 Acme Air instances

30.6K transactions/sec in total, 2K transactions/sec per instance

Proxy / Balancer


12.4K transactions/sec in total, 2K transactions/sec per instance

37

Acme Air Performance on OpenShift Container Platform 4.2 on z15 versus x86 Skylake


DISCLAIMER: Performance results based on IBM internal tests running the Acme Air microservice benchmark(https://github.com/blueperf/acmeair-mainservice-java) on OpenShift Container Platform (OCP) 4.2.19 on z15 using z/VM versus oncompared x86 platform using KVM. On both platforms 12 Acme Air instances were running on 3 OCP Worker nodes. The z/VM andKVM guests with the OCP Master nodes were configured with 4 vCPUs and 16 GB memory each. The z/VM and KVM guests with theOCP Worker nodes were configured with 16 vCPUs and 32 GB memory each. Results may vary. z15 configuration: The OCP Proxyserver ran native LPAR with 4 dedicated IFLs, 64 GB memory, RHEL 8.1 (SMT mode). The OCP Master and Worker nodes ran onz/VM 7.1 in a LPAR with 30 dedicated IFLs, 160 GB memory, and DASD storage. x86 configuration: The OCP Proxy server ran on 4Intel® Xeon® Gold 6126 CPU @ 2.60GHz with Hyperthreading turned on, 64 GB memory, RHEL 8.1. The OCP Master and Workernodes ran on KVM on RHEL 8.1 on 30 Intel® Xeon® Gold 6140 CPU @ 2.30GHz with Hyperthreading turned on, 160 GB memory, andRAID5 local SSD storage.

Achieve up to 2.7x more throughput per core and up to 2.9x lower latency on OpenShift Container Platform 4.2 on z15 using z/VM versus on compared x86 platform using KVM, when running 12 Acme Air benchmark instances on 3 worker nodes


2.7x2.6x2.4x2.2x

2.9x2.7x

2.6x2.4x

38

Acme Air Performance on OpenShift Container Platform 4.2 on z15 versus x86 Skylake



Benchmark Setup

– 3 OpenShift Container Platform (OCP) Master and 3 Worker nodes on z15 under z/VM versus on x86 under KVM

– Acme Air microservice benchmark (https://github.com/blueperf/acmeair-mainservice-java) instances placed manually on the OCP Worker nodes such that each OCP Worker node ran the same number of instances

– Acme Air instances were driven remotely from 3 x86 servers running JMeter 5.2.1

System Stack

– z15

• LPAR with 4 dedicated IFLs, 64 GB memory, RHEL 8.1 (SMT mode), running the OCP Proxy server

• LPAR with 30 dedicated IFLs, 160 GB memory, DASD storage, running z/VM 7.1

– 3 guests with 4 vCPU, 16 GB memory, each running an OCP Master

– 3 guests with 16 vCPUs, 32 GB memory, each running an OCP Worker

• OpenShift Container Platform (OCP) 4.2.19

– x86

• 4 Intel® Xeon® Gold 6126 CPU @ 2.60GHz w/ Hyperthreading turned on, 64 GB memory, RHEL 8.1, running the OCP Proxy server

• 30 Intel® Xeon® Gold 6140 CPU @ 2.30GHz w/ Hyperthreading turned on, 160 GB memory, running KVM on RHEL 8.1

– 3 guests with 4 vCPU, 16 GB memory, each running an OCP Master

– 3 guests with 16 vCPUs, 32 GB memory, each running a OCP Worker

• OpenShift Container Platform (OCP) 4.2.19

x86 server

z15

Guest 4(4 vCPU,

16GB memory)

Guest 4(4 vCPU,

16GB memory)

Guest 1 (16 vCPU,

32GB memory)

Guest 1 (16 vCPU,

32GB memory)

zHypervisor

z/VM 7.1 in LPAR30 IFLs, 160 GB memory


16 GB memory

OCP Master

x86 server (4 cores, 64 GB memory)


OCP Worker with

Acme Air instances

Compared x86 Platform

KVM on RHEL 8.1 30 cores, 160 GB memory

z15 LPAR (4 IFLs, 64 GB memory)

Proxy / Balancer

x86 serverx86 server 1 - 3


x86 serverx86 server

x86 server 1 - 3

Guest 4(4 vCPU,

16GB memory)

Guest 4(4 vCPU,

16GB memory)

Guest 1 (16 vCPU,

32GB memory)

Guest 1 (16 vCPU,

32GB memory)


16 GB memory

OCP Master


OCP Worker with

Acme Air instances

Proxy / Balancer


39

https://github.com/blueperf/acmeair-mainservice-java

What are the functionalities on the roadmap?


OCP on Z & LinuxONE Roadmap**** Subject to change ***

IBM Z & LinuxONE support

• CoreOS support for FCP multi-path installations

• OCP deployments on LPAR, KVM

• OCP deployments on zCX, HPVS, Z Public Cloud

• Storage Support on IBM Spectrum Scale

• Pervasive Encryption enhancements

• IBM Cloud Paks

Future content for OpenShift Container Platform

• Service Mesh (istio) to connect, secure, control, and observe services

• Tekton pipelines and Knative

• CodeReady Workspaces and odo

• OpenShift Container Storage (OCS) support for file, block, and object storage based on Ceph, Rook, and Noobaa

• Heterogeneous clusters (master and worker nodes on different architectures)


*Statements by IBM regarding its plans, directions, and intent are subject to change or withdrawal without notice at the sole discretion of IBM

Ready to Go?


Let’s GO

• What does your hybrid multicloud strategy on IBM Z & LinuxONE look like?

• How can IBM Z/LinuxONE support your strategy?

• Identify workloads for containerization and start containerization

• Start with workloads that exist today, including workloads in support of z/OS

• Which workloads have on-prem or public cloud requirements?

• Leverage IBM Cloud Paks and Red Hat OpenShift on Z & LinuxONE

• Contact us to start your journey with OpenShift on IBM Z/LinuxONE


Questions?


Thank you

Hendrik BruecknerManager Linux on Z Development & ServiceRed Hat Partner Engineer for RHEL and OpenShift on Z—[email protected]

© Copyright IBM Corporation 2020. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. Any statement of direction represents IBM’s current intent, is subject to change or withdrawal, and represent only goals and objectives. IBM, the IBM logo, and ibm.com are trademarks of IBM Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available at Copyright and trademark information.


mailto:[email protected]

https://www.ibm.com/legal/copytrade

“Operators” as a new´DesignPattern

• Consists of standard Kubernetes mechanisms

• Custom Resource Definitions

• Controllers

• Implements continuous target state management

• Controllers run in containers (e.g. within a Deployment)

• Can be written in any language, but preferred option is to use Go

• ”Installing” an operator means:

• Register the Custom Resource Definition(s)

• Deploy the controllerOpenShift on IBM Z & LinuxONE / March 2020 / © IBM Corp. 2019, 2020 47

Observe

Analyze

Act

Custom Resource Definition

Operator Kubern

ete

s A

PI S

erv

er

etcd

Custom ResourcesKubernetes

Co

ntr

oll

er

resources

See also https://engineering.bitnami.com/articles/a-deep-dive-into-kubernetes-controllers.html

https://engineering.bitnami.com/articles/a-deep-dive-into-kubernetes-controllers.html

Comparing native Kubernetes and Red Hat OpenShift


References:10 most important differences between OpenShift and KubernetesDifferences Between Kubernetes and OpenShift

Differences Red Hat OpenShift Kubernetes

Product vs Open Source Project • Product with paid support subscription • Open Source project with community support

RHEL/RHCOS vs Any Linux distribution

• OCP 3.11 Red Hat Linux Enterprise (RHEL); manual install or openshift-ansible playbooks

• OCP 4.1 RHEL CoreOS; automated install or manual install• Can be installed on various Cloud Service Providers: AWS, Azure,

GCP, and IBM Cloud

• Any Linux distribution such as Ubuntu, Debian, others• Install tools: kubeadm, kube-spray, kops• Available in multiple cloud service providers: GKE on Google

GCP, EKS on Amazon AWS, AKS on Microsoft Azure, IKS on IBM Cloud

Security Policies • More strict security policies; e.g. cannot run a container as root (by default)

• Pervasive use of RBAC policies• Simpler, single (in 4.1) Oauth authentication even for add-on /

integrated services (e.g. logging / monitoring / CI/CD)

• Optional use of RBAC policies• Permissions management for name spaces is possible but not

easy to configure

Templates vs Helm Charts • OpenShift Templates to create simple deployable applications• Service Catalog (based on Open Service Broker)

• OperatorHub replaces Service Catalog in OCP 4.1• Cannot use Helm charts because OpenShift strict security polices

are not compatible with Tiller required permissions. See workaround.

• Helm charts for deploying Kubernetes resources and apps• Helm charts support sophisticated application templates and

package versioning

Routes vs Ingress • Routes used for automated reverse proxy• HAProxy or integrate with F5 BIG-IP (OCP 3.11)

• OCP 3.10 and later recognizes Kubernetes Ingress objects and implements them as a router

• Ingress interface (for automated reverse proxy) can be implemented with nginx, traefik, AWS ELB/ALB, GCE, Kong, and HAproxy, among others

• Ingress can be integrated with Kubernetes add-on cert-manager to automate management of SSL certificates

https://cloudowski.com/articles/10-differences-between-openshift-and-kubernetes/

https://medium.com/levvel-consulting/the-differences-between-kubernetes-and-openshift-ae778059a90e

https://github.com/openshift/openshift-ansible

https://www.operatorhub.io/

https://www.ibm.com/cloud/blog/deploying-helm-charts-on-openshift

https://github.com/jetstack/cert-manager

Comparing native Kubernetes and Red Hat OpenShift


References:10 most important differences between OpenShift and KubernetesDifferences Between Kubernetes and OpenShift

Differences OpenShift Kubernetes

DeploymentConfig vs Deployment Objects

• DeploymentConfig object provides a template for running and managing applications (replications and roll backs).

• Implemented on dedicated pods; does not support concurrent updates

• Deployment object to update pods• Implemented in controller• Supports concurrent updates

BuildConfig Objects (Container Image Management)

• Source-to-Image (S2I) build tool to create docker container images

• ImageStream to manage images (add/update tags, trigger deployments, etc)

• No tools for building/updating container images.• Need to use external tools like skopeo or build images

locally

CI/CD • Tight integration with Jenkins• OpenShift Pipelines for building, deploying, and promoting

applications

Projects vs Name Spaces • Projects are namespaces with annotations that provide access to resources

• Projects scope includes objects, policies, constraints and service accounts

• Namespaces provide a mechanism to scope resources in a cluster

User Interface • oc command (cli) equivalent to kubectl plus support for:• Logging-in to clusters and witching between

namespaces/ projects• Building and deploying an image with a single command

• Developer-focused console

• kubectl command (cli)• Kubernetes dashboard

https://cloudowski.com/articles/10-differences-between-openshift-and-kubernetes/

https://medium.com/levvel-consulting/the-differences-between-kubernetes-and-openshift-ae778059a90e

https://github.com/containers/skopeo

What are the key facts you should remember?


OpenShift Container Platform on Z & LinuxONEProduct Description

Product Description

OCP 4.2 for Z/LinuxONE will be able to

• Manage an OpenShift cluster running on z/VM

• Master and Worker Nodes – CoreOS (based on RHEL 8)

• Persistent storage – supported through NFS

HW requirements

• IBM z13/z13s systems and later, and LinuxONE systems

Installation support

• Customer installations will use User-Provisioned Infrastructure (UPI) for the initial bootstrapping and installation of the compute, storage, and network nodes

The Journey continues …

• OpenShift feature functions at par with x86

• Service Mesh

• Tekton pipelines and Knative

• CodeReady Workspaces and odo

• OpenShift Container Storage (OCS) support

• IBM Spectrum Scale support

• OpenShift deployments on LPAR and KVM

• OpenShift support on HPVS, zCX, Public Cloud

• Red Hat Runtimes

• Additional CloudPaks


Today Soon

Ready to Go?


Let’s GO

• Start the hybrid cloud conversation with your clients

• What is hybrid? Why private cloud on Z? Why to use OpenShift?

• Identify workloads for containerization


• Which workloads have on-prem or public cloud requirements

• Identify requirements to make the containerization happen

• Leverage IBM Cloud Paks and Red Hat OpenShift as they become available


Can z/OS benefit from OCP 4.2 on Z?


Connects z/OS services running on an IBM Z

backend to a frontend private cloud platform

providing self-service access and consumption

of these services to developers

IBM z/OS Cloud Broker

z/OS subsystems

(CICS/IMS/Db2 etc.)

z/OS

IBM z/OS

Cloud Broker

Consumers

IBM Cloud Private

Provides self-service access to managed IBM Z resources to all flavors

of application developers

Centralization and automation of IBM Z operations to provide Z

resources to agencies or clients in their hybrid cloud

Improve time to value through efficiencies in development and

deployment

*Support for Pivotal Cloud

Platform coming in 2Q 2020Support for OpenShift

Platform GA: 4Q 2019OpenShift on IBM Z & LinuxONE / March 2020 / © IBM Corp. 2019, 2020 55

OCPWorker Node

Load Balancer Requirements

Load Balancer (LB) Requirements for OCP environments

• Two OpenShift functions require load balancing:

• Kubernetes API server (on master nodes)

• Router (ingress controller) (on worker/infrastructure nodes)

• Load Balancer implementation examples

• AProxy, NGINX, or F5

References

• https://docs.openshift.com/container-platform/4.2/installing/installing_bare_metal/installing-bare-metal-network-customizations.html#installation-network-user-infra_installing-bare-metal-network-customizations


OCPMaster Node

OCPMaster Node

OCPMaster Node

Loadbalancer(K8S API server)

Loadbalancer(Ingress Router)

OCPWorker NodeOCP

Worker Node

https://docs.openshift.com/container-platform/4.2/installing/installing_bare_metal/installing-bare-metal-network-customizations.html#installation-network-user-infra_installing-bare-metal-network-customizations

Potential Benefits for z/OS

Access of z/OS services can be implemented using the z/OS Broker

For details, see https://www-01.ibm.com/common/ssi/cgi-bin/ssialias?infotype=an&subtype=ca&appname=gpateam&supplier=872&letternum=ENUSAP19-0418


https://www-01.ibm.com/common/ssi/cgi-bin/ssialias?infotype=an&subtype=ca&appname=gpateam&supplier=872&letternum=ENUSAP19-0418

Where can the OCP 4.2 cluster reside on IBM Z/LinuxONE?


OCP 4.2 cluster considerations

OCP 4.2 on IBM Z/LinuxONE enables the build of a Homogenous cluster only

• All Nodes are required to be located on IBM Z /LinuxONE

• They need to be virtualized in one (or more) IBM z/VM® environments

Q: Can I run OCP 4.2 on Z in LPAR?

A: No, it requires z/VM 7.1

Q: Can I run OCP 4.2 on Z without z/VM

A: No, it is designed to run in a z/VM 7.1 environment only.


What are the Hardware Requirements?


Minimum Hardware Requirements

One LPAR with the following capacity characteristics:

• Capacity: 3 IFLs

• Memory: 80+ GB or more

• Network: One network interface per OCP node

• Disk Space required for OCP installation and shared disk storage for persistent container storage and image registry

Q: What network interfaces can be used?

A: Use one interface / port with OSA or RoCE.

Q: How to network with a co-located z/OS®?

A: Consider OSA only.

Q: Which shared persistent storage options are available?

A: Network Shared File system (NFS) only.


Ready to Go?


Let’s GO for OpenShift on Z

• Think about your cloud story?

• Is it hybrid? How can IBM Z/LinuxONE support your strategy?

• Identify workloads for containerization


• Which workloads have on-prem or public cloud requirements?

• Identify requirements to start containerization

• Leverage IBM Cloud Paks and Red Hat OpenShift on Z

• Contact us to start your journey with OpenShift on IBM Z/LinuxONEOpenShift on IBM Z & LinuxONE / March 2020 / © IBM Corp. 2019, 2020 68

news and updates onred hat openshift strategy –docker red hat headed towards a world without...

Documents