LinuxONE Technical Sales Enablement

Virtualization on LinuxONE:

Software Containers

Brett Webb
Program Director, Executive Enterprise Architect
[email protected]
Topics

🔵 Definition of software containers

🔵 Comparison with virtual servers approach

🔵 Container technologies/vendors

🔵 Orchestration technologies/vendors

🔵 Suggested reading and education

Systems / Containers on LinuxONE / © 2019 IBM Corp. 2

What are Software Containers?

🔵 “Containers are a solution to the problem of how to get software to run reliably
when moved from one computing environment to another.” – CIO Magazine

🔵 “Containers offer a logical packaging mechanism in which applications can be

abstracted from the environment in which they actually run. … Containerization
allows our development teams to move fast, deploy software efficiently, and
operate at an unprecedented scale. … From Gmail to YouTube to Search,
everything at Google runs in containers. Each week, we start over two billion
containers.” – Google, Inc.

🔵 “A container is a standard unit of software that packages up code and all its
dependencies so the application runs quickly and reliably from one computing
environment to another.” – Docker, Inc.

Systems / Containers on LinuxONE / © 2019 IBM Corp. 3

Containers in Linux

🔵 Linux Foundation  Cloud Native Computing Foundation  Linux Containers:

 Linux Containers (LXC)
 Linux Container management (LXD)
 Linux Container File System (LXCFS)
 Linux cgroup manager daemon (CGManager).

🔵 The goal is to offer a Linux distro- and vendor-neutral environment for the development of Linux container
technologies.
 As close as possible to the one you would get from a virtual machine
 Without the overhead that comes with running a separate kernel and simulating all the hardware.
 Achieved through a combination of kernel security features such as namespaces, mandatory access control, and control groups
(cgroups).

🔵 Container goals and characteristics:

 Isolated application environments within a Linux OS instance
 Each container has its own, different address space, but same kernel
 Serve a single task
 Self-contained set of files for applications
 The startup time and efficiency comparable to native execution
Systems / Containers on LinuxONE / © 2019 IBM Corp. 4
Virtual Servers vs. Containers

Virtual Servers - Infrastructure oriented

 Customers have virtualized their servers to gain OpenStack App 1 App 2 App n
efficiencies
(running in (running in (running in . . . (running in
 Focus is on virtual server resource management a Guest VM) Guest VM 1) Guest VM 2) Guest VM n)
 Few applications per Guest VM / operating system OS Kernel OS Kernel OS Kernel OS Kernel
instance Hypervisor
 Provides application isolation - An application Infrastructure
failure does not adversely affect other applications
Virtual Virtual Virtual
residing in other Guest VMs Network Compute Storage
 Provides persistence across server restarts

Software containers - Service oriented App 1 App 2 App n

 Application-centric - infrastructure resources are ...
(running in (running in (running in
assumed to be already in place Container 1) Container 2) Container N)

 Focus is on application isolation / management Container Manager

(running in a Guest VM)
 All containers for a given application reside in a single
Guest VM / single operating system instance OS Kernel
Hypervisor
 Provides a very dynamic application deployment model
Infrastructure
Virtual Virtual Virtual
Network Compute Storage

Systems / Containers on LinuxONE / © 2019 IBM Corp. 5

The problems addressed by containers

Version dependencies
E.g., “We tested our app on v2.7, but it got deployed on v3”
Database dependencies
E.g., “We tested with MySQL, but it is getting deployed with PostgreSQL”

Environment dependencies
E.g., “We tested our app using SSL v3.0, but it got deployed using
TLS v1.3”
Platform dependencies
E.g., “We tested our app using Ubuntu, but someone wants to run
it on SUSE, and someone else wants to run it on Red Hat”

E.g., “We tested on x86, but someone wants to run it on IBM

Power, and someone else wants to run it on something called
Systems / LinuxONE Architecture / © 2019 IBM Corp.
“LinuxONE” 6
How software containers address these problems

An isolated userspace within a running Linux OS instance

Isolation is implemented with Linux control groups (cgroups: mem, cpu, devices, blkio)
Shared kernel across containers
Direct access to devices
All packages and data in an isolated runtime, saved as a file system

NGINX001

NGINX002

NGINX003

NGINX004

WAS001

WAS002
Containers
Version dependencies
Binaries/LibrariesBins/Libs
Binaries/Libraries Database dependencies
Container Infrastructure Environment dependencies
Platform dependencies
Host OS
Hypervisor
Server Hardware
Systems / Containers on LinuxONE / © 2019 IBM Corp. 7
There are several software containers for Linux

Systems / Containers on LinuxONE / © 2019 IBM Corp. 8

 Why I love containerd… and Docker!
January 10, 2019
https://www.tigera.io/blog/why-i-love-containerdand-docker/

As a (potentially poor) analogy this {using containerd

instead of Docker} is like saying “I can take away the
Phil Estes, DE & CTO
IDE that my development team uses and provide them Container and Linux OS
with /usr/bin/gcc as a drop-in replacement”. Architecture Strategy
[email protected]

You might ask: “well then why use containerd?”

Because operationally, containerd makes perfect sense
as an implementer of the CRI API from
Kubernetes, and as a lower layer life-cycle manager
under the feature-rich Docker offerings shown above.
Systems / LinuxONE Architecture / © 2019 IBM Corp. 9
Docker is most likely the container technology you need to know

Docker Image
Docker Container
Docker Engine
Docker Registry

Systems / LinuxONE Architecture / © 2019 IBM Corp. 10

The basic functions of Docker

Build Store Run

Describes steps to
build container
Dockerfile for
Operator
automatically from
application Deploys
source
Containers
Docker
Registry

Docker Image N

Docker Container N
Docker

Container A
Source Build N

Container B
Get N Run N
Code Engine
Repository (Build) …
Image
Repository

Push new
Image to
Developer Docker Repository Docker Engine
image and pushes Host OS
it to registry Hypervisor
Server Hardware

Systems / Containers on LinuxONE / © 2019 IBM Corp. 11

What Docker looks like on LinuxONE

Run 100’s, 1000’s, even 100’s

of 1000’s of containers on a
single IBM LinuxONE

Container A
Container B
(Emperor benchmarked at 2 million containers)

Docker Engine Docker Engine

Docker Engine Linux on
Linux on KVM
z/VM
Host
Linux onOS
LPAR KVM z/VM
LPAR01 LPAR02 LPAR03
IBM PR/SM Hypervisor with DPM
IFL IFL IFL IFL IFL IFL IFL IFL IFL IFL IFL IFL IFL
Redundant Array of Independent Memory
I/O and Network
Systems / Containers on LinuxONE / © 2019 IBM Corp. 12
Server Server
LinuxONE™ Hardware
Hardware
 https://blog.docker.com/2017/09/docker-official-images-now-multi-platform/

Systems / LinuxONE Architecture / © 2019 IBM Corp. 13

You must click on the pull-down menu to see “Linux – IBM Z”

Systems / LinuxONE Architecture / © 2019 IBM Corp. 14

Containers should be taken seriously

Systems / Containers on LinuxONE / © 2019 IBM Corp. 15

Docker containers are the path to development & infrastructure agility

Development Application Deployment Infrastructure Delivery

Process Architecture Packaging & Consumption
Waterfall Monolithic Datacenter
Physical Servers

Virtual
N-Tier Machines Hosted

DevOps Microservices Containers Hybrid Cloud and

Cloud-Native

Systems / Containers on LinuxONE / © 2019 IBM Corp. 16

Docker is central to Cloud-Native technologies

• The community edition of Docker has been downloaded several billion times
• There are more than 2 million Docker containers available in Docker Hub
• Hortonworks CEO to take over as CEO of Docker in June 2019
Why containers for cloud?
Higher Density than VM’s: 10-100X more containers per
system
Provision in seconds / milliseconds, vs. 10+ minutes for
VM’s
Near-bare metal runtime performance
Versioning and portability greatly improves software
distribution
Flexibility
– Containerize “applications”
– Deliver Polyglot apps
Dev Test Production
Open source – free – lower TCO
Supported by modern Linux kernel
Runs on bare metal systems
Systems / Containers on LinuxONE / © 2019 IBM Corp.
Growing set of tools and ecosystem 17
Some of the nearly 2000 Docker images available on Docker Hub

MongoDB

ibmjava

Systems / LinuxONE Architecture / © 2019 IBM Corp. 18

The challenge with containers alone

MongoDB

MongoDB

Systems / LinuxONE Architecture / © 2019 IBM Corp. 19

The challenge with containers alone

MongoDB
MongoDB MongoDB

Systems / LinuxONE Architecture / © 2019 IBM Corp. 20

 “to arrange or manipulate,
especially by means of clever
Orchestration or thorough planning or
maneuvering”
– dictionary.com

Systems / LinuxONE Architecture / © 2019 IBM Corp. 21

Why do we need container orchestration?

To get full value of containers, we need to automate:

🔵 Configuring 🔵 Allocating resources between and

among containers
🔵 Scheduling
🔵 Load balancing and traffic routing
🔵 Provisioning
🔵 Service discovery
🔵 Deploying
🔵 Monitoring container health
🔵 Assuring availability
🔵 Securing the interactions between
🔵 Scaling and balancing workloads
containers.
across available infrastructure

Systems / LinuxONE Architecture / © 2019 IBM Corp. 22

Independent Software Vendor (ISV) Suites for Enterprise Containers

https://goto.docker.com/the-forrester-wave-enterprise-container-platform-software-suites-2018.html

ISVs listed by
Orchestration Technology
Leading ISVs
• Docker Swarm
1. Docker, Inc.
1. Docker, Inc.
2. Red Hat
• Kubernetes
3. Rancher Labs
1. Docker, Inc.
4. Pivotal
2. Red Hat
5. Mesosphere
3. IBM
6. IBM
4. Pivotal
7. Platform9
5. Rancher Labs
8. SUSE
6. Platform9
7. SUSE
• Mesos
1. Mesosphere

Systems / LinuxONE Architecture / © 2019 IBM Corp. 23

Kubernetes

🔵 Ancient Greek κυβερνήτης (koo-burr-

net-ez) for “helmsman”
🔵 Abbreviated as k8s or kube
🔵 Container orchestrator
 Provisions
 Manages
 Scales
🔵 Declarative model
🔵 Originally Google proprietary cloud
tools, donated to open community
🔵 Now owned and managed by the
Cloud Native Computing Foundation
(CNCF), part of the Linux Foundation

Systems / LinuxONE Architecture / © 2019 IBM Corp. 24

Cloud Native Computing Foundation (CNCF)

The CNCF Cloud Native Definition v1.0 says:

Cloud native technologies empower organizations to build and run scalable

applications in modern, dynamic environments such as public, private, and hybrid
clouds. Containers, service meshes, microservices, immutable infrastructure, and
declarative APIs exemplify this approach.

These techniques enable loosely coupled systems that are resilient, manageable,
and observable. Combined with robust automation, they allow engineers to make
high-impact changes frequently and predictably with minimal toil.

The Cloud Native Computing Foundation seeks to drive adoption of this paradigm
by fostering and sustaining an ecosystem of open source, vendor-neutral projects.
We democratize state-of-the-art patterns to make these innovations accessible for
everyone.
Systems / LinuxONE Architecture / © 2019 IBM Corp. 25
Simplified view of what Kubernetes does

I want 5
instances of a
container.

Systems / LinuxONE Architecture / © 2019 IBM Corp. 26

A slightly deeper view of what Kubernetes does

Controllers provide
The human uses the The API Server
Kubernetes Control additional
(kube-apiserver) is functionality and
command and YAML
part of the convenience
to manipulate
resources
Kubernetes Master features

Worker
etcd is a consistent and highly-
Node could
available key value store used as be an
There are 28
Kubernetes’ backing store for all
different types LPAR or a
cluster data. Always have a backup
plan for etcd’s data for your
Volumes virtual
Kubernetes cluster. Secrets holds machine
passwords,
tokens, keys…

Systems / LinuxONE Architecture / © 2019 IBM Corp. 27

 Kubernetes Components
🔵 Kubernetes Control Plane –
makes the clusters’ current state
match the desired state, via the
Pod Lifecycle Event Generator
(PLEG)
 Kubernetes Master – a collection of
three processes that run on the
designated master node in your
cluster
• API Server (kube-apiserver)
• Controller Manager (kube-
controller-manager)
• Scheduler (kube-scheduler)
 Worker Nodes – each non-master node
in your cluster runs two processes
• Kubelet – communicates with the
Kubernetes Master
• Kube-proxy – a network proxy which
reflects Kubernetes networking services
on each node
Systems / LinuxONE Architecture / © 2019 IBM Corp.
🔵 Kubernetes Objects – abstracted 🔵 Controllers – build upon the basic
representations of things in your objects, and provide additional
cluster. functionality and convenience
features. They include:
 Pod – the smallest deployable
units of computing that can be  ReplicaSet - ensures that a
created and managed in specified number of pod replicas
Kubernetes; encapsulates an are running at any given time
application’s container (or, in some  Deployment – define a desired
cases, multiple containers), state of a deployment object
storage resources, a unique
 StatefulSet – the workload API
network IP, and options that govern
object used to manage stateful
how the container(s) should run.
applications.
 Service – an abstraction which
 Job – creates one or more pods,
defines a logical set of Pods and a
and as they complete successfully,
policy by which to access them -
the job is marked as completed.
sometimes called a micro-service.
 Volume – persistent data store
 Namespace – a collection of
virtual clusters that are backed by
the same physical cluster
28
Kubernetes Architecture
Image Registry

Worker Node

Pod Pod Pod

App Container Init Container App Container

Kubernetes Container Container
Master Node Container Container
App Container
App Container

Docker kublet kube-proxy

Summary

🔵 Containers provide more scalability and more flexibility than the virtual servers approach, but both approaches
can be used on LinuxONE, including both at the same time, with great scale and performance
🔵 Containers solve several problems we have with virtual servers, most significantly dependencies and portability
🔵 Challenge your prospects to embrace containers and tout LinuxONE’s virtualization and scalability superiority for
serving data and microservices
🔵 Both LXC containers and Docker containers run on LinuxONE
🔵 Containers at scale need orchestration, and all three of the main container orchestration technologies run on
LinuxONE
 Kubernetes is the most popular, and is core to IBM Cloud Private, Red Hat OpenShift, and Pivotal Cloud Foundry
 Swarm is powerful, fast, and highly scalable, and is core to Docker Enterprise Edition, which runs on LinuxONE
 Mesos is core to Mesosphere, and Apache Mesos has been ported to and validated on LinuxONE

🔵 Use the LinuxONE Community Cloud to experience containers on LinuxONE for yourself, and recommend it to
your prospects
🔵 Read some of the articles and view some of the education on the following slides to develop more skills and
understanding about containers.
Systems / LinuxONE Architecture / © 2019 IBM Corp. 30
Try Docker on LinuxONE on the LinuxONE Community Cloud

https://developer.ibm.com/linuxone/

1. Install docker.
2. Install docker-compose.
3. Download WebSphere Liberty image,
deploy it on the LinuxONE machine,
and push a Java sample application.
4. Install and run WordPress.
5. Craft a multicomponent deployment.
6. Create Docker images to run the
MEAN stack deployment.

Systems / LinuxONE Architecture / © 2019 IBM Corp. 31

For more on containers and Kubernetes
🔵 Linux Containers Introduction: 🔵 ”Containing Container Chaos with Kubernetes” by Terry Ryan
https://linuxcontainers.org/lxd/introduction/ https://opensource.com/life/16/9/containing-container-chaos-kubernet
es
🔵 TechBeacon article by Deloitte Consulting’s Chief Cloud Strategy
Officer:
https://techbeacon.com/enterprise-it/essential-guide-software-containe 🔵 “Kubernetes vs. Docker Swarm: A Complete Comparison Guide”
rs-application-development https://hackernoon.com/kubernetes-vs-docker-swarm-a-complete-com
parison-guide-15ba3ac6f750

🔵 CIO Magazine article, “What are containers and why do you need
them?” 🔵 ”Kubernetes vs. Docker” on Svitla:
https://www.cio.com/article/2924995/what-are-containers-and-why-do- https://svitla.com/blog/kubernetes-vs-docker
you-need-them.html
🔵 IBM developerWorks webcast “Learn the history and fundamentals of
Kubernetes” by Ed Shee (1-hr video including live demo)
🔵 Network World article, “Software Containers: Used More Frequently https://developer.ibm.com/videos/learn-the-history-and-fundamentals-
than Most Realize” of-kubernetes/
https://www.networkworld.com/article/2226996/software-containers--u
sed-more-frequently-than-most-realize.html
🔵 Wikipedia article: https://en.wikipedia.org/wiki/Kubernetes

🔵 Google Cloud article, “Containers at Google”: 🔵 InfoWorld article: “What is Kubernetes? Container orchestration
https://cloud.google.com/containers/ explained”
https://www.infoworld.com/article/3268073/what-is-kubernetes-contain
🔵 “Kubernetes vs. Mesos vs. Swarm” by Sumo Logic er-orchestration-explained.html
https://www.sumologic.com/insight/kubernetes-vs-mesos-vs-swarm/
🔵 Official overview on K8s website:
Systems / Containers on LinuxONE / © 2019 IBM Corp. 32
https://kubernetes.io/docs/concepts/overview/what-is-kubernetes/
 Containers & Kubernetes education on YourLearning.ibm.com

• Learning Docker (11 hrs 47 mins eLearning)

https://yourlearning.ibm.com/#activity/EELC-SAFARI9781784397937
• Learning Path: Kubernetes and Docker Containers in Practice (4.5 hrs eLearning)
https://yourlearning.ibm.com/#activity/EELC-SAFARI9781838646622
• IBM Developer Tech Talk: Learn the history and fundamentals of Kubernetes
https://developer.ibm.com/videos/learn-the-history-and-fundamentals-of-kubernetes/
• developerWorks Learning Path: Kubernetes
https://developer.ibm.com/series/kubernetes-learning-path/
• IBM Cloud Private - Foundation Technology: https://yourlearning.ibm.com/#activity/SMT-2114
– IBM Cloud Private Foundation Technology Series: Containers and Docker (2h)
– IBM Cloud Private Foundation Technology Series: Kubernetes and Helm (1.5h)
– IBM Cloud Private Foundation Technology Series: Twelve-factor, Microservices, and Istio (3h)
– IBM Cloud Private Foundation Technology Series: Cloud Foundry (1h)

Systems / Containers on LinuxONE / © 2019 IBM Corp. 33

 Comparison of Swarm and K8s orchestration technologies

Orchestrator

A body of bees settled together, as in a hive, moving

Word meaning Ancient Greek for “helmsman”
about in great numbers like swarm of bees does)
Original
Docker, Inc. Google
developer
Current The Cloud Native Computing Foundation
Docker, Inc.
organization (part of The Linux® Foundation)
Programming
Go Go
Language
Google Cloud Platform, Microsoft Azure, IBM Cloud,
Used by Docker, VMware, Workday, others
Red Hat OpenShift, Pivotal Cloud Foundry

Apps deployed in Services or microservices in clusters Services or microservices in pods

Swarm managers are responsible for clusters. They
use ingress load balancing to expose services
HA capabilities
externally, and use a consensus algorithm to ensure
that they have consistent state information.
Pods distributed across nodes, multiple master nodes
and worker nodes can be load-balanced for requests
from kubectl and clients. etcd can be clustered. API servers
can be replicated.

Systems / Containers on LinuxONE / © 2019 IBM Corp. 34

Comparison of Swarm and K8s orchestration technologies (cont’d)

Orchestrator

Swarm mode has a DNS component that can be used

to distribute incoming requests to a service name.
Load balancing
Services can run on ports specified by the user or can
be assigned automatically.
Docker Engine and Docker Swarm support mounting
volumes into a container. Shared filesystems,
including NFS, iSCSI, and fibre channel, can be
Storage
configured nodes. Plugin options include Microsoft
Azure, Google Cloud Platform, NetApp, Dell EMC,
and others.
According to the
Docker’s blog post on scaling Swarm clusters, Docker
Performance &
Swarm has been scaled and performance tested up to
Scalability
30,000 containers and 1,000 nodes with 1 Swarm
manager.
Systems / Containers on LinuxONE / © 2019 IBM Corp.
Pods are exposed through a service, which can be
used as a load balancer within the cluster. Typically,
an ingress is used for load balancing.
K8s has two storage APIs. One provides abstractions
for individual storage backends (e.g,. NFS, AWS EBS,
ceph, flocker). The other provides an abstraction for a
storage resource request (e.g., 8 GB), which can be
fulfilled with different storage backends.
Kubernetes offers several types of persistent volumes
with block or file support, including iSCSI, NFS, FC,
Amazon Web Services, Google Cloud Platform, and
Microsoft Azure.
Kubernetes scales to 5,000-node clusters. Kubernetes
scalability is benchmarked with 99% of all API calls
return in less than 1s and 99% of pods and their
containers (with pre-pulled images) start within 5s.
35