news and updates onred hat openshift strategy –docker red hat headed towards a world without...
TRANSCRIPT
News and Updates on
OpenShift Container Platformfor Linux on Z & LinuxONE
Hendrik BrücknerManager Linux on Z DevelopmentRed Hat Partner Engineer for RHEL & OpenShift on ZIBM DE R&D GmbH
OpenShift on IBM Z & LinuxONE / March 2020 / © IBM Corp. 2019, 2020 1
Trademarks
OpenShift on IBM Z & LinuxONE / March 2020 / © IBM Corp. 2019, 2020 2
TrademarksThe following are trademarks of the International Business Machines Corporation in the United States and/or other countries.
Notes:
Performance is in Internal Throughput Rate (ITR) ratio based on measurements and projections using standard IBM benchmarks in a controlled environment. The actual throughput that any user will experience will vary
depending upon considerations such as the amount of multiprogramming in the user's job stream, the I/O configuration, the storage configuration, and the workload processed. Therefore, no assurance can be given
that an individual user will achieve throughput improvements equivalent to the performance ratios stated here.
IBM hardware products are manufactured from new parts, or new and serviceable used parts. Regardless, our warranty terms apply.
All customer examples cited or described in this presentation are presented as illustrations of the manner in which some customers have used IBM products and the results they may have achieved. Actual
environmental costs and performance characteristics will vary depending on individual customer configurations and conditions.
This publication was produced in the United States. IBM may not offer the products, services or features discussed in this document in other countries, and the information may be subject to change without notice.
Consult your local IBM business contact for information on the product or services available in your area.
All statements regarding IBM's future direction and intent are subject to change or withdrawal without notice, and represent goals and objectives only.
Information about non-IBM products is obtained from the manufacturers of those products or their published announcements. IBM has not tested those products and cannot confirm the performance, compatibility, or
any other claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products.
Prices subject to change without notice. Contact your IBM representative or Business Partner for the most current pricing in your geography.
This information provides only general descriptions of the types and portions of workloads that are eligible for execution on Specialty Engines (e.g, zIIPs, zAAPs, and IFLs) ("SEs"). IBM authorizes customers to use
IBM SE only to execute the processing of Eligible Workloads of specific Programs expressly authorized by IBM as specified in the “Authorized Use Table for IBM Machines” provided at
www.ibm.com/systems/support/machine_warranties/machine_code/aut.html (“AUT”). No other workload processing is authorized for execution on an SE. IBM offers SE at a lower price than General
Processors/Central Processors because customers are authorized to use SEs only to process certain types and/or amounts of workloads as specified by IBM in the AUT.
* Registered trademarks of IBM Corporation
Linux is a registered trademark of Linus Torvalds in the United States, other countries, or both.
Microsoft, Windows, Windows NT, and the Windows logo are trademarks of Microsoft Corporation in the United States, other countries, or both.
OpenStack is a trademark of OpenStack LLC.
Red Hat, JBoss, OpenShift, Fedora, Hibernate, Ansible, CloudForms, RHCA, RHCE, RHCSA, Ceph, and Gluster are trademarks or registered trademarks of Red Hat, Inc. or its subsidiaries in the United States and other countries.
VMware, the VMware logo, VMware Cloud Foundation, VMware Cloud Foundation Service, VMware vCenter Server, and VMware vSphere are registered trademarks or trademarks of VMware, Inc. or its subsidiaries in the United States and/or other
jurisdictions.
Other product and service names might be trademarks of IBM or other companies.
API Connect*Aspera*CICS*
Cloud Paks
IBM*
IBM (logo)*
IBM Cloud*
ibm.com*
IBM Z*
IMS
LinuxONE
MobileFirst*
Power*
Power Systems
WebSphere*
z13*
Cognos*
DataPower*
Db2*
FileNet*
z13s*
z/OS*
z/VM*
About me
Linux on IBM Z®
• 12 years Linux on Z kernel development
• Linux on Z development team lead
• Manager of Linux on Z kernel and cloud team
OpenShift on IBM Z & LinuxONE / March 2020 / © IBM Corp. 2019, 2020 3
About me
Linux on IBM Z®
• 12 years Linux on Z kernel development
• Linux on Z development team lead
• Manager of Linux on Z kernel and cloud team
OpenShift on IBM Z & LinuxONE / March 2020 / © IBM Corp. 2019, 2020 4
Red Hat
• Partner Engineer for RHEL/OCP on Z
• 10 years in service
• Responsible for RHEL on Z
• Focus on OpenShift for Z since acquisition
Contents
• Introduction IBM Hybrid Multi-Cloud Strategy• OpenShift 4 in a Nutshell• Overview OpenShift Container Platform OCP 4.2 for IBM Z & LinuxONE
OpenShift on IBM Z & LinuxONE / March 2020 / © IBM Corp. 2019, 2020 5
6
IBM® Hybrid Multicloud Strategy
Foundation
Infrastructure
Advise Move Build Manage
Certified Offerings
Open Hybrid MulticloudPlatform
Common Services
OpenShift
Mesh/Serverless/Tekton/…
RHEL/CoreOS
Cloud Paks
ApplicationsData Integration AutomationMulticloud
Management
Services
6
IBM Cloud®Edge Private
Creating the world’s leading hybrid cloud provider
IBM Z®
IBM LinuxONE™
IBM Power Systems™
OpenShift on IBM Z & LinuxONE / March 2020 / © IBM Corp. 2019, 2020
IBM + Red Hat deliver industry’s only true hybrid multicloudplatform
OpenShift on IBM Z & LinuxONE / March 2020 / © IBM Corp. 2019, 2020 7
Traditional workloads
AWS Microsoft GoogleIBM + Red Hat
Limitedfeature support
Azure StackGoogleAnthos
Limited feature support
PublicCloud
PrivateCloud
Traditional on-premises
Limited connectivity in
storage/data movement
Connectivity confined to
Microsoft products
No connectivity𝙓
Extensivemulticloud governance/mgmt.
↻
IBM Private Cloud
OpenShiftAWS Azure OpenShiftGoogleCloud
AWS Outposts
OpenShiftIBM Public CloudOpenShift optimized
OpenShift
In a nutshell
OpenShift Container Platform as base for IBM CloudPaks
OpenShift on IBM Z & LinuxONE / March 2020 / © IBM Corp. 2019, 2020 9
Red Hat OpenShift Container Platform 4In a Nutshell
Installation paradigms (Day 1)
• Installer-Provisioned Infrastructure (IPI) –OpenShift installer provisions infrastructure component on supported platforms
• User-Provisioned Infrastructure (UPI) –Platform administrator has to pre-provision infrastructure components
Installation based on RHEL CoreOS
• CoreOS is a pre-mastered image being tailored by Ignition technology
• Required for OCP master nodes (control planes)
Kubernetes-native Day 2 Management
• Operators codify operational knowledge and workflows to automate (e2e) life-cycle management of containerized applications
OpenShift on IBM Z & LinuxONE / March 2020 / © IBM Corp. 2019, 2020 10
Introduction to RHEL CoreOS (RHCOS)
Immutable container host based on RHEL 8
• CoreOS is tested and shipped in conjunction with the OpenShift platform
• Immutable and tightly integrated with OpenShift
• Self-managing, over-the-air updates
• Host isolation is enforced via Containers and Security Enhanced Linux (SELinux)
CoreOS is operated as part of the cluster with config for components managed by operators.
OpenShift on IBM Z & LinuxONE / March 2020 / © IBM Corp. 2019, 2020 11
Red Hat OpenShift Strategy – Docker
OpenShift on IBM Z & LinuxONE / March 2020 / © IBM Corp. 2019, 2020 12
Red Hat headed towards a world without Docker
OpenShift dedicated customers will not have Docker
• Standalone dependencies on modern Docker engines will not be allowed
• This means Container images built/packaged and tested with Docker can be reused and, eventually, be adjusted; but runtime dependencies will most likely be rejected
Red Hat OpenShift Strategy – Docker
Red Hat headed towards a world without Docker
• cri-o is only one component (the Kubernetes CRI runtime) of OpenShift
• RHEL will not deliver a modern Docker engine
• Red Hat will replace it with:
• podman (docker client compatible CLI)
• skopeo (registry)
• buildah (docker build)
OpenShift on IBM Z & LinuxONE / March 2020 / © IBM Corp. 2019, 2020 13
14
Red Hat OpenShift 4
OpenShift on IBM Z & LinuxONE / March 2020 / © IBM Corp. 2019, 2020
IBM Software as Cloud Paks – Middleware anywhere
Enterprise-grade, modular middleware solutions giving clientsan open, faster, more reliable way to move, build, and manage on the cloud
OpenShift on IBM Z & LinuxONE / March 2020 / © IBM Corp. 2019, 2020
IBM Certified ContainersContainerized, security-compliant IBM middleware
and Open Source components
Core operational servicesLogging, monitoring, metering, persistent storage,
security, identity access management.
Container platformKubernetes-based and portable
15
Cloud Paks® Components / Core Services Core services: Cloud Paks decide which services to include
Cloud Pak for Applications
Cloud Pak for Automation
Cloud Pak for Integration
Cloud Pak for Data
Cloud Pak for Multicloud
Management
• Audit• Cert Manager• System Healthcheck
service• Visual Web Terminal (KUI)• Console UI• CLI
• Monitoring • Metering• IAM• Installer
• Key Management• KMS Plug-in• Image Signing Service• Secure Token Service• Vulnerability Advisor• Mutation Advisor
IBM public cloud Amazon Web
ServicesMicrosoft ® Azure ® Google Cloud Edge Private IBM Z
IBM LinuxONE
IBM Power Systems
These enterprise platforms bring industry-leading security and resiliency to help
accelerate the rich IBM software ecosystem that is necessary for enterprise clients to
adopt hybrid multicloud for their mission-critical workloads.
IBM Z/LinuxONE Roadmap
Limited Availability – NowFull Support – 2Q 2020*
Manage-to – 2Q 2020*Manage-from - 3Q 2020*
Target – 2H 2020* Target – 2Q 2020* Target – 3Q 2020*
*Statements by IBM regarding its plans, directions, and intent are subject to change or withdrawal without notice at the sole discretion of IBM
Build, deploy, and run
applications
Collect, organize,
and analyze data
Multicloudvisibility,
governance, and automation
Integrate applications,data, cloud
services,and APIs
Transform business
processes, decisions,
and content
Core Services Core Services Core Services Core Services Core Services
OpenShift on IBM Z & LinuxONE / March 2020 / © IBM Corp. 2019, 2020 16
OpenShift Container Platform 4.2 for IBM Z & LinuxONE
OpenShift on IBM Z & LinuxONE / March 2020 / © IBM Corp. 2019, 2020 17
Where can you download OCP?
OpenShift on IBM Z & LinuxONE / March 2020 / © IBM Corp. 2019, 2020 18
Where can you download OCP?
try.openshift.comcloud.redhat.com
GA11. Feb. 2020
OpenShift on IBM Z & LinuxONE / March 2020 / © IBM Corp. 2019, 2020 19
What our clients are saying
• Clients are adopting OpenShift on Linux on Z
• Workload modernization and hybrid cloud environment with OpenShift on Linux on Z is where some clients see the key value
• Clients want to work with a homogenous solution across their IT environment and OpenShift is the key enabler
• The agility and automation enabled with Red Hat offerings are other areas of interest
We currently have across industries actively engaged in trying OpenShift Container Platform on Z
OpenShift on IBM Z & LinuxONE / March 2020 / © IBM Corp. 2019, 2020 20
What does OpenShift on IBM Z & LinuxONE look like?
OpenShift on IBM Z & LinuxONE / March 2020 / © IBM Corp. 2019, 2020 21
What are the smallestOpenShift Container Platform cluster requirements?
OpenShift on IBM Z & LinuxONE / March 2020 / © IBM Corp. 2019, 2020 22
OCP smallest cluster requirements
A smallest OCP cluster requires:
• One (temporary) bootstrap machine
• Two machines becoming worker nodes
• Three machines becoming master nodes (control planes)
Use the bootstrap machine to install and deploy the OCP cluster on the three master and two worker nodes.
• You can remove the bootstrap machine after the installation completed.
• The bootstrap machine, master and worker machines must use RHEL CoreOS (RHCOS) as operating system.
A deployment server is required unless the existing infrastructure can provide services like:
• FTP/HTTP for installation files (e.g. ignition)
• NFS and/or DNS
OpenShift on IBM Z & LinuxONE / March 2020 / © IBM Corp. 2019, 2020 23
Component Overview – Initial OCP 4.2 release
OpenShift on IBM Z & LinuxONE / March 2020 / © IBM Corp. 2019, 2020 24
IBM Z / LinuxONE LPAR 1
z/VM Hypervisor
OCPMasterNode
RHELCoreOS
OCPMasterNode
RHELCoreOS
OCPMasterNode
RHELCoreOS
OCPWorkerNode
RHELCoreOS
OCPWorkerNode
RHELCoreOS
z/VM Hypervisor
IBM Z / LinuxONE LPAR 2
OCP 4.2 initial release
• Minimum configuration
• 1 LPAR
• z/VM Hypervisor
• OCP cluster nodes run as guest virtual machines
• LPAR/KVM support subject to future releases
OCP 4.2 on ZTechnical Fact Sheet
Minimum System Requirements
• IBM z13/z13s and later, and IBM LinuxONE
• 1 LPAR with z/VM 7.1 using 3 IFLs, 80+GB
• FICON or FCP attached disk storage
• OSA, RoCE, z/VM VSwitch networking
Preferred Systems Requirements for High-Availability
• 3 LPARs with z/VM 7.1 using 6 IFLs, 104+GB
OpenShift on IBM Z & LinuxONE / March 2020 / © IBM Corp. 2019, 2020 25
Feature Overview
• RHEL CoreOS only
• User-provisioned infrastructure (UPI)
• NFS-based persistent storage
z/VM
Sample operational OCP on z/VM Layout
OpenShift on IBM Z & LinuxONE / March 2020 / © IBM Corp. 2019, 2020 26
Notes• DHCP server/relay is not
required for static IP configurations.
API ETCD
Storage
API ETCD
Storage
MasterNodes
API ETCD
Storage
Router
Worker nodes
Router Registry
Storage
App 1 App 2
Storage
LocalDASD/FCP
LocalDASD/FCP
NFS LocalDASD/FCP
NFS
External network
RouterLoad Balancer
DHCP NFS
OpenShift SDN
DNS
What are the hardware and software requirements?
OpenShift on IBM Z & LinuxONE / March 2020 / © IBM Corp. 2019, 2020 27
MinimumSystem Requirements
Hardware Capacity
• 1 LPAR with 3 IFLs supporting SMT2
• 1 OSA and/or RoCE card
Operating System
• z/VM 7.1
• 3 VMs for OCP Master Nodes
• 2 VMs for OCP Worker Nodes
• 1 VM for temporary OCP Bootstrap Node
Disk storage
• FICON attached disk storage (DASDs)
• Minidisks, fullpack minidisks, or dedicated DASDs
• FCP attached disk storage
Network
• Single z/VM virtual NIC in layer 2 mode, one of
• Direct-attached OSA or RoCE
• z/VM VSwitch
Memory
• 16GB for OCP Master Nodes (Control Planes)
• 8GB for OCP Worker Nodes
• 16GB for OCP Bootstrap Node (temporary)
OpenShift on IBM Z & LinuxONE / March 2020 / © IBM Corp. 2019, 2020 28
PreferredSystem Requirements
Hardware Capacity
• 3 LPARs with 6 IFLs supporting SMT2
• 1-2 OSA and/or RoCE card
Operating System
• z/VM 7.1 – 3 instances for HA purposes
• 3 VMs for OCP Master Nodes (one per instance)
• 6+ VMs for OCP Worker Nodes (across instances)
• 1 VM for temporary OCP Bootstrap Node
Disk storage
• FICON attached disk storage (DASDs)
• Minidisks, fullpack minidisks, or dedicated DASDs
• FCP attached disk storage
Network
• Single z/VM virtual NIC in layer 2 mode, one of
• Direct-attached OSA or RoCE
• z/VM VSwitch (using OSA link aggregation to increase bandwidth and high availability)
Memory
• 16+ GB for each OCP Master Node (Control Planes)
• 8+ GB for each OCP Worker Node
• 16GB for the OCP Bootstrap Node (temporary)
• For sizing details, see also https://docs.openshift.com/container-platform/4.2/scalability_and_performance/recommended-host-practices.html#master-node-sizing_
OpenShift on IBM Z & LinuxONE / March 2020 / © IBM Corp. 2019, 2020 29
PreferredArchitecture Overview
Notes
• Distribute OCP master nodes (control planes) to different z/VM instances on one or more IBM Z / LinuxONE servers to achieve HA and cover service outages/windows
OpenShift on IBM Z & LinuxONE / March 2020 / © IBM Corp. 2019, 2020 30
IBM Z / LinuxONE
z/VM LPAR
z/VM Control Program (CP)
OCPMasterNode
RHELCoreOS
OCPWorkerNode
RHELCoreOS
OCPWorkerNode
RHELCoreOS
z/VM LPAR
z/VM Control Program (CP)
OCPMasterNode
RHELCoreOS
OCPWorkerNode
RHELCoreOS
OCPWorkerNode
RHELCoreOS
z/VM LPAR
z/VM Control Program (CP)
OCPMasterNode
RHELCoreOS
OCPWorkerNode
RHELCoreOS
OCPWorkerNode
RHELCoreOS
OSA / RoCE
OSA / RoCE
OSA / RoCE
Software Configuration forOpenShift Container Platform
Infrastructure Services (Pre-requisites)
• DHCP server or static IP addresses
• DNS server
• Load balancers (optional but preferred)
• Deployment server for installation (temporary)
• Internet connectivity
Operating System
• RHEL CoreOS for Master and Bootstrap Nodes
• RHEL CoreOS only for Worker Nodes
Persistent Storage
• NFSv4 server with >100GB disk storage
• 100GB for internal registry at minimum
Bootstrap and Master Nodes (Control Planes)
• 4 vCPUs
• 16+ GB main memory
• 120GB disk storage
Worker Nodes (+ depending on workload)
• 2+ vCPUs (1+ IFLs with SMT2 enabled)
• 8+GB main memory
• 120GB disk storage
Reference about OCP cluster limits
• https://docs.openshift.com/container-platform/4.2/scalability_and_performance/planning-your-environment-according-to-object-limits.html
OpenShift on IBM Z & LinuxONE / March 2020 / © IBM Corp. 2019, 2020 31
MinimumArchitecture Overview – Network Option 1
Use single vNIC for z/VM guest virtual machines
• Direct-attached OSA or RoCE to each guest virtual machine
OCP uses this 1 vNIC for two networks
• External communication
• Internal communication –software-defined network for Kubernetes pod communication
OpenShift on IBM Z & LinuxONE / March 2020 / © IBM Corp. 2019, 2020 32
IBM Z / LinuxONE
z/VM LPAR
z/VM Control Program (CP)
OCPMasterNode
RHELCoreOS
OCPMasterNode
RHELCoreOS
OCPMasterNode
RHELCoreOS
OCPWorkerNode
RHELCoreOS
OCPWorkerNode
RHELCoreOS
OSA / RoCE
MinimumArchitecture Overview – Network Option 2
Use single vNIC for z/VM guest virtual machines
• z/VM VSwitch with OSA (optionally, using link aggregation)
OCP uses this 1 vNIC for two networks
• External communication
• Internal communication –software-defined network for Kubernetes pod communication
OpenShift on IBM Z & LinuxONE / March 2020 / © IBM Corp. 2019, 2020 33
IBM Z / LinuxONE
z/VM LPAR
z/VM Control Program (CP)
OCPMasterNode
RHELCoreOS
OCPMasterNode
RHELCoreOS
OCPMasterNode
RHELCoreOS
OCPWorkerNode
RHELCoreOS
OCPWorkerNode
RHELCoreOS
VSwitch
OSA
MinimumArchitecture Overview – Disk Storage Options for Installation
Disk storage considerations
• Minidisks are a z/VM virtual resources and represent smaller chunks on a DASD; Linux sees them as individual disks (DASDs)
• Consider HyperPAV for ECKD storage
• DASDs/FCP devices can be dedicated to a z/VM guest ("pass-through")
• Consider using FCP multipath installations (future)
OpenShift on IBM Z & LinuxONE / March 2020 / © IBM Corp. 2019, 2020 34
IBM Z / LinuxONE
z/VM LPAR
z/VM Control Program (CP)
OCPMasterNode
RHELCoreOS
OCPMasterNode
RHELCoreOS
OCPMasterNode
RHELCoreOS
OCPWorkerNode
RHELCoreOS
OCPWorkerNode
RHELCoreOS
FCPFCP
FCPFCP
FCPECKD
MinidiskMinidisk
Shared disk storage considerations
Required shared disk storage
• Internal registry (container images)
Use cases for shared disk storage
• Shared data pool for container instances (persistent container storage)
• Application or workload specific use cases
Shared disk storage options in the initial release
• NFS only
Shared disk storage options in future releases
• IBM Spectrum Scale
• IBM Storage Server support through CSI providers
• Red Hat OpenShift Container Storage (OCS) based on Ceph distributed file system, Rook (operator), Noobaa (Multi-storage gateway)
OpenShift on IBM Z & LinuxONE / March 2020 / © IBM Corp. 2019, 2020 35
News on OCP 4.2 Performance
OpenShift on IBM Z & LinuxONE / March 2020 / © IBM Corp. 2019, 2020 36
Acme Air Density on OpenShift Container Platform 4.2 on z15 versus x86 Skylake
IBM Z / © 2020 IBM Corporation
DISCLAIMER: Performance results based on IBM internal tests running the Acme Air microservice benchmark(https://github.com/blueperf/acmeair-mainservice-java) on OpenShift Container Platform (OCP) 4.2.19 on z15using z/VM versus on compared x86 platform using KVM. The z/VM and KVM guests with the OCP Master nodeswere configured with 4 vCPUs and 16 GB memory each. The z/VM and KVM guests with the OCP Worker nodeswere configured with 16 vCPUs and 32 GB memory each. Results may vary. z15 configuration: The OCP Proxyserver ran native LPAR with 4 dedicated IFLs, 64 GB memory, RHEL 8.1 (SMT mode). The OCP Master and Workernodes ran on z/VM 7.1 in a LPAR with 30 dedicated IFLs, 160 GB memory, and DASD storage. x86 configuration:The OCP Proxy server ran on 4 Intel® Xeon® Gold 6126 CPU @ 2.60GHz with Hyperthreading turned on, 64 GBmemory, RHEL 8.1. The OCP Master and Worker nodes ran on KVM on RHEL 8.1 on 30 Intel® Xeon® Gold 6140CPU @ 2.30GHz with Hyperthreading turned on, 160 GB memory, and RAID5 local SSD storage.
OpenShift Container Platform (OCP)
Run up to 2.5x more Acme Air benchmark instances per core on OpenShift Container Platform 4.2 on z15 using z/VM versus on a compared x86 platform using KVM, each processing an identical transaction load
x86 server
z15
Guest 4(4 vCPU,
16GB memory)
Guest 4(4 vCPU,
16GB memory)
Guest 1 (16 vCPU,
32GB memory)
Guest 1 (16 vCPU,
32GB memory)
zHypervisor
z/VM 7.1 in LPAR30 IFLs, 160 GB memory
Guest 4 - 6each 4 vCPU,
16 GB memory
OCP Master
x86 server (4 cores, 64 GB memory)
Guest 1 - 3each 16 vCPU,32 GB memory
OCP Worker with
5 Acme Air instances
Compared x86 Platform
KVM on RHEL 8.1 30 cores, 160 GB memory
z15 LPAR (4 IFLs, 64 GB memory)
Proxy / Balancer
x86 serverx86 server 1 - 3
JMeterWorkload Driver
x86 serverx86 server
x86 server 1 - 3
Guest 4(4 vCPU,
16GB memory)
Guest 4(4 vCPU,
16GB memory)
Guest 1 (16 vCPU,
32GB memory)
Guest 1 (16 vCPU,
32GB memory)
Guest 4 - 6each 4 vCPU,
16 GB memory
OCP Master
Guest 1 - 3each 16 vCPU,32 GB memory
OCP Worker with
2 Acme Air instances
30.6K transactions/sec in total, 2K transactions/sec per instance
Proxy / Balancer
JMeterWorkload Driver
12.4K transactions/sec in total, 2K transactions/sec per instance
37
Acme Air Performance on OpenShift Container Platform 4.2 on z15 versus x86 Skylake
IBM Z / © 2020 IBM Corporation
DISCLAIMER: Performance results based on IBM internal tests running the Acme Air microservice benchmark(https://github.com/blueperf/acmeair-mainservice-java) on OpenShift Container Platform (OCP) 4.2.19 on z15 using z/VM versus oncompared x86 platform using KVM. On both platforms 12 Acme Air instances were running on 3 OCP Worker nodes. The z/VM andKVM guests with the OCP Master nodes were configured with 4 vCPUs and 16 GB memory each. The z/VM and KVM guests with theOCP Worker nodes were configured with 16 vCPUs and 32 GB memory each. Results may vary. z15 configuration: The OCP Proxyserver ran native LPAR with 4 dedicated IFLs, 64 GB memory, RHEL 8.1 (SMT mode). The OCP Master and Worker nodes ran onz/VM 7.1 in a LPAR with 30 dedicated IFLs, 160 GB memory, and DASD storage. x86 configuration: The OCP Proxy server ran on 4Intel® Xeon® Gold 6126 CPU @ 2.60GHz with Hyperthreading turned on, 64 GB memory, RHEL 8.1. The OCP Master and Workernodes ran on KVM on RHEL 8.1 on 30 Intel® Xeon® Gold 6140 CPU @ 2.30GHz with Hyperthreading turned on, 160 GB memory, andRAID5 local SSD storage.
Achieve up to 2.7x more throughput per core and up to 2.9x lower latency on OpenShift Container Platform 4.2 on z15 using z/VM versus on compared x86 platform using KVM, when running 12 Acme Air benchmark instances on 3 worker nodes
OpenShift Container Platform (OCP)
2.7x2.6x2.4x2.2x
2.9x2.7x
2.6x2.4x
38
Acme Air Performance on OpenShift Container Platform 4.2 on z15 versus x86 Skylake
IBM Z / © 2020 IBM Corporation
OpenShift Container Platform (OCP)
Benchmark Setup
– 3 OpenShift Container Platform (OCP) Master and 3 Worker nodes on z15 under z/VM versus on x86 under KVM
– Acme Air microservice benchmark (https://github.com/blueperf/acmeair-mainservice-java) instances placed manually on the OCP Worker nodes such that each OCP Worker node ran the same number of instances
– Acme Air instances were driven remotely from 3 x86 servers running JMeter 5.2.1
System Stack
– z15
• LPAR with 4 dedicated IFLs, 64 GB memory, RHEL 8.1 (SMT mode), running the OCP Proxy server
• LPAR with 30 dedicated IFLs, 160 GB memory, DASD storage, running z/VM 7.1
– 3 guests with 4 vCPU, 16 GB memory, each running an OCP Master
– 3 guests with 16 vCPUs, 32 GB memory, each running an OCP Worker
• OpenShift Container Platform (OCP) 4.2.19
– x86
• 4 Intel® Xeon® Gold 6126 CPU @ 2.60GHz w/ Hyperthreading turned on, 64 GB memory, RHEL 8.1, running the OCP Proxy server
• 30 Intel® Xeon® Gold 6140 CPU @ 2.30GHz w/ Hyperthreading turned on, 160 GB memory, running KVM on RHEL 8.1
– 3 guests with 4 vCPU, 16 GB memory, each running an OCP Master
– 3 guests with 16 vCPUs, 32 GB memory, each running a OCP Worker
• OpenShift Container Platform (OCP) 4.2.19
x86 server
z15
Guest 4(4 vCPU,
16GB memory)
Guest 4(4 vCPU,
16GB memory)
Guest 1 (16 vCPU,
32GB memory)
Guest 1 (16 vCPU,
32GB memory)
zHypervisor
z/VM 7.1 in LPAR30 IFLs, 160 GB memory
Guest 4 - 6each 4 vCPU,
16 GB memory
OCP Master
x86 server (4 cores, 64 GB memory)
Guest 1 - 3each 16 vCPU,32 GB memory
OCP Worker with
Acme Air instances
Compared x86 Platform
KVM on RHEL 8.1 30 cores, 160 GB memory
z15 LPAR (4 IFLs, 64 GB memory)
Proxy / Balancer
x86 serverx86 server 1 - 3
JMeterWorkload Driver
x86 serverx86 server
x86 server 1 - 3
Guest 4(4 vCPU,
16GB memory)
Guest 4(4 vCPU,
16GB memory)
Guest 1 (16 vCPU,
32GB memory)
Guest 1 (16 vCPU,
32GB memory)
Guest 4 - 6each 4 vCPU,
16 GB memory
OCP Master
Guest 1 - 3each 16 vCPU,32 GB memory
OCP Worker with
Acme Air instances
Proxy / Balancer
JMeterWorkload Driver
39
What are the functionalities on the roadmap?
OpenShift on IBM Z & LinuxONE / March 2020 / © IBM Corp. 2019, 2020 40
OCP on Z & LinuxONE Roadmap**** Subject to change ***
IBM Z & LinuxONE support
• CoreOS support for FCP multi-path installations
• OCP deployments on LPAR, KVM
• OCP deployments on zCX, HPVS, Z Public Cloud
• Storage Support on IBM Spectrum Scale
• Pervasive Encryption enhancements
• IBM Cloud Paks
Future content for OpenShift Container Platform
• Service Mesh (istio) to connect, secure, control, and observe services
• Tekton pipelines and Knative
• CodeReady Workspaces and odo
• OpenShift Container Storage (OCS) support for file, block, and object storage based on Ceph, Rook, and Noobaa
• Heterogeneous clusters (master and worker nodes on different architectures)
OpenShift on IBM Z & LinuxONE / March 2020 / © IBM Corp. 2019, 2020 41
*Statements by IBM regarding its plans, directions, and intent are subject to change or withdrawal without notice at the sole discretion of IBM
Ready to Go?
OpenShift on IBM Z & LinuxONE / March 2020 / © IBM Corp. 2019, 2020 42
Let’s GO
• What does your hybrid multicloud strategy on IBM Z & LinuxONE look like?
• How can IBM Z/LinuxONE support your strategy?
• Identify workloads for containerization and start containerization
• Start with workloads that exist today, including workloads in support of z/OS
• Which workloads have on-prem or public cloud requirements?
• Leverage IBM Cloud Paks and Red Hat OpenShift on Z & LinuxONE
• Contact us to start your journey with OpenShift on IBM Z/LinuxONE
OpenShift on IBM Z & LinuxONE / March 2020 / © IBM Corp. 2019, 2020 43
Questions?
OpenShift on IBM Z & LinuxONE / March 2020 / © IBM Corp. 2019, 2020 44
Thank you
Hendrik BruecknerManager Linux on Z Development & ServiceRed Hat Partner Engineer for RHEL and OpenShift on Z—[email protected]
© Copyright IBM Corporation 2020. All rights reserved. The information contained in these materials is provided for informational purposes only, and is provided AS IS without warranty of any kind, express or implied. Any statement of direction represents IBM’s current intent, is subject to change or withdrawal, and represent only goals and objectives. IBM, the IBM logo, and ibm.com are trademarks of IBM Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available at Copyright and trademark information.
OpenShift on IBM Z & LinuxONE / March 2020 / © IBM Corp. 2019, 2020 45
OpenShift on IBM Z & LinuxONE / March 2020 / © IBM Corp. 2019, 2020 46
“Operators” as a new´DesignPattern
• Consists of standard Kubernetes mechanisms
• Custom Resource Definitions
• Controllers
• Implements continuous target state management
• Controllers run in containers (e.g. within a Deployment)
• Can be written in any language, but preferred option is to use Go
• ”Installing” an operator means:
• Register the Custom Resource Definition(s)
• Deploy the controllerOpenShift on IBM Z & LinuxONE / March 2020 / © IBM Corp. 2019, 2020 47
Observe
Analyze
Act
Custom Resource Definition
Operator Kubern
ete
s A
PI S
erv
er
etcd
Custom ResourcesKubernetes
Co
ntr
oll
er
resources
See also https://engineering.bitnami.com/articles/a-deep-dive-into-kubernetes-controllers.html
Comparing native Kubernetes and Red Hat OpenShift
OpenShift on IBM Z & LinuxONE / March 2020 / © IBM Corp. 2019, 2020 48
References:10 most important differences between OpenShift and KubernetesDifferences Between Kubernetes and OpenShift
Differences Red Hat OpenShift Kubernetes
Product vs Open Source Project • Product with paid support subscription • Open Source project with community support
RHEL/RHCOS vs Any Linux distribution
• OCP 3.11 Red Hat Linux Enterprise (RHEL); manual install or openshift-ansible playbooks
• OCP 4.1 RHEL CoreOS; automated install or manual install• Can be installed on various Cloud Service Providers: AWS, Azure,
GCP, and IBM Cloud
• Any Linux distribution such as Ubuntu, Debian, others• Install tools: kubeadm, kube-spray, kops• Available in multiple cloud service providers: GKE on Google
GCP, EKS on Amazon AWS, AKS on Microsoft Azure, IKS on IBM Cloud
Security Policies • More strict security policies; e.g. cannot run a container as root (by default)
• Pervasive use of RBAC policies• Simpler, single (in 4.1) Oauth authentication even for add-on /
integrated services (e.g. logging / monitoring / CI/CD)
• Optional use of RBAC policies• Permissions management for name spaces is possible but not
easy to configure
Templates vs Helm Charts • OpenShift Templates to create simple deployable applications• Service Catalog (based on Open Service Broker)
• OperatorHub replaces Service Catalog in OCP 4.1• Cannot use Helm charts because OpenShift strict security polices
are not compatible with Tiller required permissions. See workaround.
• Helm charts for deploying Kubernetes resources and apps• Helm charts support sophisticated application templates and
package versioning
Routes vs Ingress • Routes used for automated reverse proxy• HAProxy or integrate with F5 BIG-IP (OCP 3.11)
• OCP 3.10 and later recognizes Kubernetes Ingress objects and implements them as a router
• Ingress interface (for automated reverse proxy) can be implemented with nginx, traefik, AWS ELB/ALB, GCE, Kong, and HAproxy, among others
• Ingress can be integrated with Kubernetes add-on cert-manager to automate management of SSL certificates
Comparing native Kubernetes and Red Hat OpenShift
OpenShift on IBM Z & LinuxONE / March 2020 / © IBM Corp. 2019, 2020 49
References:10 most important differences between OpenShift and KubernetesDifferences Between Kubernetes and OpenShift
Differences OpenShift Kubernetes
DeploymentConfig vs Deployment Objects
• DeploymentConfig object provides a template for running and managing applications (replications and roll backs).
• Implemented on dedicated pods; does not support concurrent updates
• Deployment object to update pods• Implemented in controller• Supports concurrent updates
BuildConfig Objects (Container Image Management)
• Source-to-Image (S2I) build tool to create docker container images
• ImageStream to manage images (add/update tags, trigger deployments, etc)
• No tools for building/updating container images.• Need to use external tools like skopeo or build images
locally
CI/CD • Tight integration with Jenkins• OpenShift Pipelines for building, deploying, and promoting
applications
Projects vs Name Spaces • Projects are namespaces with annotations that provide access to resources
• Projects scope includes objects, policies, constraints and service accounts
• Namespaces provide a mechanism to scope resources in a cluster
User Interface • oc command (cli) equivalent to kubectl plus support for:• Logging-in to clusters and witching between
namespaces/ projects• Building and deploying an image with a single command
• Developer-focused console
• kubectl command (cli)• Kubernetes dashboard
What are the key facts you should remember?
OpenShift on IBM Z & LinuxONE / March 2020 / © IBM Corp. 2019, 2020 50
OpenShift Container Platform on Z & LinuxONEProduct Description
Product Description
OCP 4.2 for Z/LinuxONE will be able to
• Manage an OpenShift cluster running on z/VM
• Master and Worker Nodes – CoreOS (based on RHEL 8)
• Persistent storage – supported through NFS
HW requirements
• IBM z13/z13s systems and later, and LinuxONE systems
Installation support
• Customer installations will use User-Provisioned Infrastructure (UPI) for the initial bootstrapping and installation of the compute, storage, and network nodes
The Journey continues …
• OpenShift feature functions at par with x86
• Service Mesh
• Tekton pipelines and Knative
• CodeReady Workspaces and odo
• OpenShift Container Storage (OCS) support
• IBM Spectrum Scale support
• OpenShift deployments on LPAR and KVM
• OpenShift support on HPVS, zCX, Public Cloud
• Red Hat Runtimes
• Additional CloudPaks
OpenShift on IBM Z & LinuxONE / March 2020 / © IBM Corp. 2019, 2020 51
Today Soon
Ready to Go?
OpenShift on IBM Z & LinuxONE / March 2020 / © IBM Corp. 2019, 2020 52
Let’s GO
• Start the hybrid cloud conversation with your clients
• What is hybrid? Why private cloud on Z? Why to use OpenShift?
• Identify workloads for containerization
• Start with workloads that exist today, including workloads in support of z/OS
• Which workloads have on-prem or public cloud requirements
• Identify requirements to make the containerization happen
• Leverage IBM Cloud Paks and Red Hat OpenShift as they become available
OpenShift on IBM Z & LinuxONE / March 2020 / © IBM Corp. 2019, 2020 53
Can z/OS benefit from OCP 4.2 on Z?
OpenShift on IBM Z & LinuxONE / March 2020 / © IBM Corp. 2019, 2020 54
Connects z/OS services running on an IBM Z
backend to a frontend private cloud platform
providing self-service access and consumption
of these services to developers
IBM z/OS Cloud Broker
z/OS subsystems
(CICS/IMS/Db2 etc.)
z/OS
IBM z/OS
Cloud Broker
Consumers
IBM Cloud Private
Provides self-service access to managed IBM Z resources to all flavors
of application developers
Centralization and automation of IBM Z operations to provide Z
resources to agencies or clients in their hybrid cloud
Improve time to value through efficiencies in development and
deployment
*Support for Pivotal Cloud
Platform coming in 2Q 2020Support for OpenShift
Platform GA: 4Q 2019OpenShift on IBM Z & LinuxONE / March 2020 / © IBM Corp. 2019, 2020 55
OCPWorker Node
Load Balancer Requirements
Load Balancer (LB) Requirements for OCP environments
• Two OpenShift functions require load balancing:
• Kubernetes API server (on master nodes)
• Router (ingress controller) (on worker/infrastructure nodes)
• Load Balancer implementation examples
• AProxy, NGINX, or F5
References
• https://docs.openshift.com/container-platform/4.2/installing/installing_bare_metal/installing-bare-metal-network-customizations.html#installation-network-user-infra_installing-bare-metal-network-customizations
OpenShift on IBM Z & LinuxONE / March 2020 / © IBM Corp. 2019, 2020 61
OCPMaster Node
OCPMaster Node
OCPMaster Node
Loadbalancer(K8S API server)
Loadbalancer(Ingress Router)
OCPWorker NodeOCP
Worker Node
Potential Benefits for z/OS
Access of z/OS services can be implemented using the z/OS Broker
For details, see https://www-01.ibm.com/common/ssi/cgi-bin/ssialias?infotype=an&subtype=ca&appname=gpateam&supplier=872&letternum=ENUSAP19-0418
OpenShift on IBM Z & LinuxONE / March 2020 / © IBM Corp. 2019, 2020 62
Where can the OCP 4.2 cluster reside on IBM Z/LinuxONE?
OpenShift on IBM Z & LinuxONE / March 2020 / © IBM Corp. 2019, 2020 63
OCP 4.2 cluster considerations
OCP 4.2 on IBM Z/LinuxONE enables the build of a Homogenous cluster only
• All Nodes are required to be located on IBM Z /LinuxONE
• They need to be virtualized in one (or more) IBM z/VM® environments
Q: Can I run OCP 4.2 on Z in LPAR?
A: No, it requires z/VM 7.1
Q: Can I run OCP 4.2 on Z without z/VM
A: No, it is designed to run in a z/VM 7.1 environment only.
OpenShift on IBM Z & LinuxONE / March 2020 / © IBM Corp. 2019, 2020 64
What are the Hardware Requirements?
OpenShift on IBM Z & LinuxONE / March 2020 / © IBM Corp. 2019, 2020 65
Minimum Hardware Requirements
One LPAR with the following capacity characteristics:
• Capacity: 3 IFLs
• Memory: 80+ GB or more
• Network: One network interface per OCP node
• Disk Space required for OCP installation and shared disk storage for persistent container storage and image registry
Q: What network interfaces can be used?
A: Use one interface / port with OSA or RoCE.
Q: How to network with a co-located z/OS®?
A: Consider OSA only.
Q: Which shared persistent storage options are available?
A: Network Shared File system (NFS) only.
OpenShift on IBM Z & LinuxONE / March 2020 / © IBM Corp. 2019, 2020 66
Ready to Go?
OpenShift on IBM Z & LinuxONE / March 2020 / © IBM Corp. 2019, 2020 67
Let’s GO for OpenShift on Z
• Think about your cloud story?
• Is it hybrid? How can IBM Z/LinuxONE support your strategy?
• Identify workloads for containerization
• Start with workloads that exist today, including workloads in support of z/OS
• Which workloads have on-prem or public cloud requirements?
• Identify requirements to start containerization
• Leverage IBM Cloud Paks and Red Hat OpenShift on Z
• Contact us to start your journey with OpenShift on IBM Z/LinuxONEOpenShift on IBM Z & LinuxONE / March 2020 / © IBM Corp. 2019, 2020 68