RedHat Open Shift Container Platform on IBM z/OS Container Extensions

z/OS® Container Extensions Foundation for Red Hat® OpenShift®, or zCX for OpenShift, provides Red Hat OpenShift running on z/OS, using IBM® z/OS Container Extensions (zCX). With zCX for OpenShift, you can integrate s390x containerized applications within IBM z/OS, and co-locate applications and workloads that have an affinity for z/OS by bringing those applications and workloads closer to z/OS applications and data. With zCX for OpenShift, there is no need to provision separate Linux servers.

Red Hat OpenShift is an open-source container application platform, and is Red Hat’s Platform as a Service (Paas) offering. OpenShift manages a myriad of infrastructure components necessary to bring up a computing cluster for running applications. By doing so, it frees developers from having to manually manage the various devices and operating system instances that make up the cluster. OpenShift uses Open Container Initiative (OCI) containers to run your applications, while using Kubernetes to orchestrate said containers.

Containers are a portable way to package an application with its libraries dependencies. This packaging allows developers to avoid the “dependency hell” situation where different application components have incompatible library requirements. Packaging each component into a different container allows it to be bundled with specific library versions. These library versions can be different for each container that makes up an application.

Kubernetes automatically deploys and manages containers, and this process is called orchestration. It is able to deploy containers onto different nodes, and can also scale up (or down) the number of nodes in response to application demand. These management behaviors are tuned by a set of configuration files.

OpenShift adds a number of components on top of the OCI containers and Kubernetes, in order to provide a complete clustering solution. One of them is a container registry, which is a service that allows you to store and retrieve container images. These images are deployed onto the various nodes as necessary. You can also use a different container registry, such as Red Hat Quay, or the IBM Z and LinuxONE Container Registry, or your own enterprise registry.

A collection of containers on a single host is called a pod. Pods continue to run as long as they are required. A collection of pods is called a deployment. A replication controller for the deployment scales the number of pods up or down as required. If pods exit or are deleted, then the controller will instantiate more pods, potentially on different nodes. If application demand drops, then the controller will terminate some pods in order to stay in line with its management goals.

The OpenShift cluster is made up of control plane nodes that manage compute nodes. The control plane is composed of master machines, which manages the cluster. The compute nodes are the workers, which actually run your desired containers and applications.

zCX for OpenShift is a new offering from IBM that allows you to run OpenShift under the zCX hypervisor on z/OS. This is a separate offering from the original zCX for Containers product. zCX for Containers allows you to run one or more Linux systems with multiple containers inside of each. In contrast, zCX for OpenShift is a managed Kubernetes cluster of Linux instances, where the actual provisioning of the nodes is abstracted away by the OpenShift interface. You can run zCX for OpenShift on an IBM z14 or later, running z/OS 2.4 or later. Running OpenShift requires zCX Foundation for Red Hat OpenShift product licensing. Like zCX for Containers, zCX for OpenShift is zIIP-eligible, which helps to control your overall software costs.

Running OpenShift on z/OS allows you to take advantage of the z/OS qualities of service, along with giving your container applications rapid access to your existing z/OS data. This is similar to running zCX for Containers, but with the added benefit of having OpenShift manage the various Linux instances for you based on policy goals. When installing OpenShift, you can chose the amount of memory and CPU resources to dedicate to the cluster.

Another benefit of running zCX for OpenShift is that it supports high-availability configurations. If you have multiple z/OS LPARs running on multiple CPCs, you can configure OpenShift so that the cluster is spread out among the different LPARs. This way if an LPAR goes down, the load can be shifted to the other nodes in the cluster.

If you aren’t sure if zCX for OpenShift is for you, there is a 60-day trial available. You can work with your IBM representative to enable the trial, which involves setting up an IFAPRDxx member in your parmlib.

zCX for OpenShift uses z/OSMF workflows for installation. These workflows guide the user through the necessary configuration steps, while automating the backend processes required for installation. Once the installation workflows are complete, the zCX for OpenShift cluster can be managed in a similar manner to other Red Hat OpenShift environments.

In order to utilize the workflows for OpenShift installation, z/OSMF must be configured and operational, and all systems in the sysplex must be defined to z/OSMF. If z/OSMF is not configured on your system, refer to z/OSMF Configuration Guide in IBM Documentation.

While a complete walkthrough of the installation process is outside the scope of this article, we can summarize the overall process. There are two fundamental types of OpenShift installations: installer-provisioned infrastructure clusters, and user-provisioned infrastructure clusters. The installer-provisioned cluster allows you to delegate the infrastructure bootstrapping and provisioning to the installer rather than doing it yourself. The installer does all the work of defining the guest virtual machines, setting up networks, and installing the operating systems.

The main products of the installation program are the Ignition config files for the bootstrap, control plane, and compute nodes. With these config files, and the appropriately configured infrastructure, you can start a zCX for OpenShift cluster.

The OpenShift Container Platform installation program uses a set of targets and dependencies to manage cluster installation. The installation program has a set of targets that it must achieve, and each target has a set of dependencies. Because each target is only concerned with its own dependencies, the installation program can act to achieve multiple targets in parallel. The ultimate goal is a running cluster. By meeting dependencies instead of running commands, the installation program is able to recognize and use existing components instead of running the commands to create them again.

After installation, each cluster machine uses Red Hat Enterprise Linux CoreOS (RHCOS) as the operating system. RHCOS is the immutable container host version of Red Hat Enterprise Linux (RHEL) and features a RHEL kernel with SELinux enabled by default. It includes the kubelet, which is the Kubernetes node agent, and the CRI-O container runtime, which is optimized for Kubernetes.

Every control plane machine in an OpenShift Container Platform 4.9 cluster must use RHCOS, which includes a critical first-boot provisioning tool called Ignition. This tool enables the cluster to configure the machines. Operating system updates are delivered as an Atomic OSTree repository that is embedded in a container image that is rolled out across the cluster by an operator. Actual operating system changes are made in-place on each machine as an atomic operation by using rpm-ostree. Together, these technologies enable OpenShift Container Platform to manage the operating system like it manages any other application on the cluster, through in-place upgrades that keep the entire platform up to date. These in-place updates can reduce the burden on operations teams.

If you use RHCOS as the operating system for all cluster machines, the cluster manages all aspects of its components and machines, including the operating system. Because of this, only the installation program and the Machine Config Operator can change machines. The installation program uses Ignition config files to set the exact state of each machine, and the Machine Config Operator completes more changes to the machines, such as the application of new certificates or keys, after installation.

zCX for OpenShift is an exciting new offering on z/OS that allows you to run an OpenShift cluster right next to your existing enterprise data. It can help you potentially realize performance gains and latency improvements in your line-of-business applications. If you have a need to run Linux containers in a clustered environment, zCX for OpenShift might be right for you.

Anthony Giorgio is an Advisory Software Engineer with 20 years of mainframe experience. He currently works on the z/OS Container Extensions (zCX) team in Poughkeepsie, NY. Anthony holds a BS and MS in Computer Science from the NYU Tandon School of Engineering.