Open Core Powers Secure IBM Cloud Container Services

3 min read

IBM Cloud has a strong open source commitment, particularly when it comes to container native offerings.

IBM offers two managed container services, IBM Cloud Kubernetes Service and Red Hat OpenShift on IBM Cloud. Both services are built on a wide array of open source projects in which IBM and a broad ecosystem collaborate on a stable and secure set of core components.  Let’s take a look under the hood.

Container orchestration

We’ll start with the two most obvious components since they are included in the service names directly: Kubernetes and OpenShift.

Kubernetes provides the container orchestration layer, and OpenShift builds on Kubernetes to further enhance your application development experience. For our IBM Cloud Kubernetes Service, we directly collaborate and coordinate our releases with the upstream Kubernetes project and many adjacent projects, like container runtimes and others detailed below. Clearly, when we provide OpenShift on IBM Cloud, Red Hat has done much of that upstream collation of projects, and we work directly with Red Hat on hosting that in our public cloud platform.

For more of a background on how Kubernetes and OpenShift related, see the following video:

Container runtime and networking

Next up are cri-o, containerd, runc, and Calico. Your containers won’t be able to run nor communicate without a runtime or networking components plugged into Kubernetes itself. The IBM Cloud Kubernetes Service uses containerd and runc to implement the container runtime interface (CRI), while Red Hat OpenShift on IBM Cloud uses cri-o and runc. In addition, both services use Calico to implement the container network interface (CNI) and provide networking services to your applications and services hosted in Kubernetes.

Container platform

Of course, these orchestration and runtime components need an actual platform, or operating environment, on which to run. This is where Linux and all of its tools come into play. IBM Cloud Kubernetes Services supports running on Ubuntu worker nodes and Red Hat OpenShift on IBM Cloud runs on RHEL worker nodes, as you would expect.

Our platform teams handle constantly tracking these distributions for Common Vulnerabilities and Exposures (CVEs) and other required updates, and provide a stable and secure platform on which our container orchestration offerings can operate for you, the customer.

Cloud native

With the container platform, runtime, networking, and orchestration in place, you’re ready to build your cloud native applications by using a broad range of existing cloud native components.

For example, IBM Cloud Kubernetes Service uses CoreDNS for our cluster DNS service. CoreDNS is one of the Cloud Native Computing Foundation’s (CNCF) graduated projects, alongside Kubernetes, containerd, and several others. All these valuable projects are designed to help you focus on building your cloud native applications without having to develop the entire platform or build infrastructure tools and reinvent the wheel.

We haven’t even mentioned our managed Istio and Knative services in IBM Cloud, which can be paired with our managed Kubernetes services mentioned above to provide additional capabilities, application deployment, and management tools to your own cloud native services.

Our open source commitment

All of these open source components power IBM Cloud’s container native offerings; and not only do we consume these valuable open source projects, we contribute, maintain, and even provide leadership to some of the special interest groups (SIGs) and organizations shepherding these projects.

We carefully assess where we can help, apply decades of IBM enterprise software expertise, and help shepherd these open source communities, helping a broad range of contributors continue to deliver high quality, performant, and secure open source components.

IBM, now with and alongside Red Hat, are active contributors and maintainers for both major container runtimes in the CNCF and have hundreds of contributors to the Kubernetes projects and a vast array of related cloud native projects, from storage to serverless and everything in between.

If you are interested in more information or if you have questions, engage our team via Slack by registering here, and join the discussion in the #general or #openshift channels on our public Kubernetes Service on IBM Cloud Slack.

Be the first to hear about news, product updates, and innovation from IBM Cloud