IBM Containers: A Bluemix Runtime Leveraging Docker Technology

Share this post:

As of May 23rd IBM Bluemix Container Service now provides a native Kubernetes operations experience while removing the burden of maintaining master nodes. Kubernetes itself is based on the Docker engine for managing software images and instantiating containers. Get the details.

IBM Containers

robotIBM Containers allows users to deploy, manage, and run application components on the IBM Bluemix development platform, leveraging the open-source Docker container technology. IBM Bluemix now offers three infrastructure compute technology choices to deploy applications – Docker containers, OpenStack virtual machines, or Cloud Foundry apps. Designed for enterprise production workloads, IBM Containers can be securely deployed with integrated scalability and reliability, which enterprise customers rely upon. IBM Containers allows a user to obtain access to a hosted, private repository of images where they can store, certify, and manage access to container images, specific to their organization.



Prior to delving into the details of IBM Containers, it may be advantageous to define some key terminology used in this technology:

  • Dockerfile
    A text document that contains all of the required commands to build a Docker image.
  • Docker Image
    The building block from which containers are launched. An image is the read-only layer that never changes. Images can be created based on the committed containers.
  • Docker Container
    A running instance, generated from a Docker image. Self-contained environment built from one or more images.
    Information available at the Container level includes the image from which it was generated, memory used, IP address assigned it, and other pertinent information.
  • Container Group
    A group of containers, which all share the same base image.
  • Docker Registry
    A registry server that provides hosting and delivery of images.
  • Layer
    Each file system that is stacked when Docker mounts root.
    The base image is the read-only layer and each application addition to that image is added as its own layer on top of the previous.

Why did IBM partner with Docker to bring their container technology to the enterprise?

Docker Logo The Docker project launched in March 2013 and in two years has built a tremendously popular and growing ecosystem in the open source community. Docker users have downloaded over 100 million Docker images from the public registry. The Docker project is the second most popular in the open community with over 750 contributors and 137 community meet-ups in forty-nine countries. Docker has an open governance model with a twelve member governance advisory board which is selected by the community. IBM’s partnership with Docker signifies another important milestone in IBM’s Open by DesignTM commitment. The open-source Docker project provides the foundation for improving the test and development user experience and IBM is adding enterprise-grade capabilities to bring container technology to large businesses.

Why are companies interested in IBM Containers?

The Docker technology provides the application portability by utilizing open-source, standardized, light-weight, and self-sufficient container capability. IBM’s implementation of the Docker technology with the enterprise capabilities and further strengthens IBM’s support for hybrid cloud environments. Not every application at every stage in its lifecycle will run in the public cloud and IBM Containers enables the user to determine when to run containers on-premise and when to deploy to the public cloud on IBM Bluemix with full Internet connectivity. Image files created within IBM Containers support portability and can be instantiated as containers on any infrastructure that can run the Docker daemon.

Hybrid Cloud

The new hybrid cloud is more than the sum of its parts. The hybrid cloud is Open by Design ™ and IBM is committed to open source projects such as OpenStack, Docker, Cloud Foundry, and Node JS. Hybrid cloud means providing customers the freedom to choose and change their environments, data, and services. Most importantly, the hybrid cloud means customers have the tools necessary for visibility, control, and security everywhere. IBM provides the means for customers to determine when and where it is best to run their mission critical enterprise applications, allowing the lines of business to focus on their markets and product lines.
Hybrid cloud
Let’s take a closer look at some of the benefits which make IBM Containers the platform of choice for enterprise workloads.

Hosted private registry with access controls

Where are my images stored? Who has access to my images? Today, any of the 75,000+ images in the Docker registry are publicly accessible by anyone with a freely available Docker hub account. Enterprise customers cannot rely on this registry to store their intellectual property or confidential images. With security and privacy as top concerns in every industry, users cannot store images in publicly accessible registries. The IBM Containers offering on Bluemix allows users to store images in a private registry on the cloud with controls to ensure no one else can access them. Access is controlled at the organization level within Bluemix and provides granular configuration for access. By default, a registered IBM Bluemix user account can only access images in their registry, however, that user can grant access to their images to any other registered IBM Bluemix account.

ibm containers

Portability: Push and pull containers from on-premises to off-premises

How can I run my apps locally for testing and move the workload to the Bluemix public cloud for production? IBM Containers enables hybrid cloud by allowing users to deploy containers wherever they choose, and move images to the location dictated by their workload needs. Users have the ability to download and run containers on-premises (through a local workstation or private cloud) for use prior to running in the public cloud. Using the command line, users can easily automate the deployment of containers to a private or public cloud.

In this example, the user can list the images that are currently available in their private registry running on IBM Bluemix and then download that image to their local development workstation for further enhancements to their app.
image id
After making code changes and creating a new image, the user can upload to their private registry on IBM Bluemix.

Easy Creation of Containers: Integrated Docker build

IBM Containers includes an integrated Docker build service. A user can build a new Docker image directly on a cloud using a Dockerfile specified via command line. The image is saved to the user’s private registry thus eliminating the need for image and package copying between local environments and the cloud.

root 3

Multiple region support

Can I support my geographically distributed requirements? IBM Containers will be available in Dallas, Texas, USA and London, England initially with other locations following.

Native Docker CLI support

We’re already familiar with Docker commands; do I need to learn an entirely new tool set? IBM Containers supports the Docker CLI natively ensuring users can continue to utilize Docker commands such as build, run, push, pull, etc.

Container quota and cost management

How do I control my organization’s costs? IBM Containers enables the organization administrator to specify quota limits ensuring budget targets are adhered to in a pay-as-you-go pricing model in Bluemix.

Once containers are created and moved into the runtime environment of choice, there are configuration challenges to manage such as managing distributed network IPs with secure access, and assigning appropriate storage to be used by the containers. Let’s look at a few ways which IBM Containers help with these configuration challenges.

Private container-level networking

How do my deployed containers talk to each other? This security feature allows secure container communications and IBM Containers on Bluemix is the only runtime environment that provides this functionality. The private networking enables open connectivity within the environment deployed by a given user.
web 1

One-step public IP configuration

My app is ready for the world, how do I make it accessible? It could not be easier to request a publicly routable and accessible IP address and assign it to a container using the command line or UI. After fully testing the application in the container, a user can bind a public IP to it and run the app, accessible on the Internet. A user can control connectivity to the container by opening individual ports.
web 2
web 3

Integrated L7 routing capability

I’m worried about performance of the components in my multi-tiered app? Layer 7 of the OSI (Open Systems Interconnection) model is the application level, and routing typically occurs much lower in the stack in layer 3. Layer 7 routing for the application is much more efficient because the network traffic generated by your app does not have to traverse down the stack to layer 3, then move to another system, and work back up the stack to layer 7.

With IBM Containers integrated L7 routing capability, this dramatically simplifies the process for a user to deploy a web app in a container and balance the traffic in a much more efficient manner. IBM Containers provides the user with a DNS name, routing, and load balancing.

Group based, multi-container deployment

How can I provide load balancing and redundancy for my mission critical app? IBM Containers provide an application platform that allows a user to package a web app as a container and deploy it in a scalable manner. This is accomplished by creating a group of containers and integrating it into Bluemix gorouter where a DNS name is created and can be used to access the instances of the app. The group created on IBM Containers can be configured with the quantity of instances and modified at a later time based on utilization.

Container-level managed storage using Docker volumes

How do I save persistent data? The container-level storage in IBM Containers provides an invaluable mechanism for backup and recovery of apps and data. Attaching external storage volumes exists in all clouds, but it is done per VM, whereas IBM Containers is the only offering that manages storage per container, providing the granularity users require.

Once the necessary container configurations have been obtained, enterprises must consider the lifecycle of the containers, as enterprise applications must be available and accessible at all times. IBM Containers includes an operational dashboard and integrated automation of operational functions to ensure enterprise apps are open for business.

Integrated container monitoring and logging

How can I view resource usage metrics? As soon as a user deploys new containers, they have insight to the CPU, memory, and network utilization per container. These metrics assist the user in determining if their container size is sufficient or excessive for the application. Additionally, IBM Containers provides the user with access to the latest log messages from their containers. Container monitoring and logging is done without any modifications to user container images or running containers.

Auto-recovery of failed containers

What if one of my container crashes? A critical component of the group-based deployments within IBM Containers on Bluemix is the support of auto-recovery. If any of the containers in a group of size n fails, IBM Containers will instantiate a replacement container. Consider a deployment of five containers running your enterprise web application and leveraging the integrated load balancer to distribute incoming requests. If a container becomes unhealthy, i.e., it crashes or stops responding to a network probe, IBM Containers will restart that containers such that the desired size of the group is maintained. Otherwise, performance could be adversely affected and a developer would have to resolve the problem manually (by restarting the container).
create 2

Services integration, with other Bluemix services such as analytics

Can I leverage the Bluemix catalog with IBM Containers? One of the most important differentiators of IBM Containers is the ability for the user to bind any Bluemix service to a container. There are currently over 100 services that are available in Bluemix’s Cloud Foundry catalog that can be bound to a container with via UI or command line.

In this example, the user is able to instantiate a new container from the custom Ubuntu image with ssh enabled, bind an existing WordPress application, and provide a unique name for the new instance.

In addition to these features currently available in IBM Containers, the team is hard at work practicing Continuous Delivery in our development labs. Below are additional features expected to be delivered throughout 2015.

Public service with 24/7 support

I have an issue, who can I call? IBM Containers is delivered as a fully supported service, with paid usage tiers. Usage quota limits will be removed, and a broader set of container sizes introduced (container smaller than 256MB and larger than 2GB.) Additional storage for Docker volumes (beyond the currently offered 20GB) can be purchased as well. Both the granular configurations and the 24×7 support cater to the requirements of enterprise customers.

Bluemix Local

Can I run this service on-premise? IBM Containers will be delivered as a managed offering on-premise as a part of a Bluemix local delivery. The on-premise offering delivers the same capabilities as the public cloud offering, but allows the service to run on your network.

Docker Swarm and Compose

I’ve read about new beta offerings in the Docker community, will IBM Containers support them? IBM Containers maintains compatibility with Docker Swarm APIs. This intelligent scheduling capability is transparent to the user, but they can be assured that their containers are anti-collocated to ensure availability in the event of a catastrophic failure of a physical host.

Docker Compose can be leveraged as a client-side tool to deploy multi-container topologies. IBM Containers will ensure that all Docker hosts leveraged by Docker Compose can be provided securely in a multi-tenant environment. Specifically, Docker links will be supported in IBM Containers.

Improved security and performance isolation

Security and performance are critical concerns for my enterprise apps? IBM Containers will provide certain, defined guarantees regarding the security of containers. Overall isolation of containers will be improved by introducing user namespace isolation and improved resource control limits. Users will be informed of their security guarantees and risks associated with the use of IBM Containers and will be provided with guidelines on how to run applications securely in the IBM cloud.

Improved provisioning latency for light-weight containers

Can I deploy faster? IBM Containers will provide improved support for light-weight, short lived containers such as tasks, events, etc. Users can rapidly launch a large number of such containers with very little provisioning overhead.

Image compliance scanning

Is the image downloaded from Docker Hub compliant? Are there vulnerabilities in the images my developers are deploying? The image compliance scanning capability will enable the user to scan their image against a set of compliance criteria and provide a report with the status of that image prior to deploying that image.
bee 1


IBM Containers on Bluemix is a first-class runtime, built for the enterprise to support their hybrid cloud use cases. IBM continues to lead the industry with support of open-source technologies and communities; the partnership with Docker bringing container technology to IBM Bluemix is one more example. Users are encouraged to register for a free trial of IBM Containers on Bluemix today and begin developing use cases.

More stories
May 7, 2019

We’ve Moved! The IBM Cloud Blog Has a New URL

In an effort better integrate the IBM Cloud Blog with the IBM Cloud web experience, we have migrated the blog to a new URL:

Continue reading

April 19, 2019

Reach Out to the IBM Cloud Development Teams on Slack

Get the help you need fast—directly from the IBM Cloud Development Teams and other users on Slack.

Continue reading

April 11, 2019

Permanent Redirect to from

Starting on April 27, 2019, we will be turning on permanent redirects from to All of the same functionality that existed on is still available in

Continue reading