System requirements
Software, hardware, and system configuration settings that are required for setting up an IBM Cloud Private cluster on Secure Service Container.
Hardware requirements for the 64-bit x86 or Linux on Z server
The x86 or Linux on Z server is used to download Secure Service Container for IBM Cloud Private and IBM Cloud Private installation binary, install the Secure Service Container for IBM Cloud Private and IBM Cloud Private, configure the network for the IBM Cloud Private cluster, and also act as the master and boot node in the IBM Cloud Private cluster.
Table 1. 64-bit x86 or Linux on Z server requirements
| Minimal requirement |
|---|
| 8 or more cores with at least 2.4 GHz |
| 16 GB RAM |
| 300 GB disk space |
Hardware requirements for Secure Service Container partition
You can configure Secure Service Container partitions on the following IBM Z and LinuxONE systems:
- An IBM z14 with Driver 32 (2.14.0) Bundle S53, or later
- An IBM LinuxONE Emperor II with Driver 32 (2.14.0) Bundle S53, or later
- An IBM LinuxONE Rockhopper II with Driver 32 (2.14.0) Bundle S53, or later
The Secure Service Container partitions are used for hosting worker and proxy nodes. The following table shows the minimal requirement for one Secure Service Container partition, which hosts one worker node and one proxy node.
Table 2. Secure Service Container partition requirements
| Minimal (one worker + one proxy) |
|---|
| 2 Integrated Facility (IFL) |
| 1 Open System Adapter (OSA) card with two virtual devices (one for internal and one for external data traffic) |
| 12 GB RAM |
| 530 GB (50 GB for the Secure Service Container for IBM Cloud Private appliance, 200 GB in the storage pool for each cluster node, and 80 GB for each GlusterFS node on the Secure Service Container partition) |
Note:
- For each worker node running on the Secure Service Container partition, you need to allocate as least 200 GB in the storage pool (140 GB for the docker file system and 60 GB for the root file system). See Hardware requirements and recommendations of IBM Cloud Private for more details.
- For each Secure Service Container partition, you can use either SCSI or extended count key data (ECKD) disks as the storage subsystem. You can allocate 50 GB for the appliance, and at least 200 GB distributed over one or more disks for the storage.
- Secure Service Container for IBM Cloud Private supports hostPath persistent volumes as the storage solution. For more information about the hostPath volume, see hostPath.
- Secure Service Container for IBM Cloud Private also supports GlusterFS as the persistent volumes. You need to allocate at least 80 GB for each GlusterFS node. For more information, see Deploying GlusterFS.
Networking
The Secure Service Container for IBM Cloud Private requires two levels of network to work properly.
- Network among cluster nodes by using the internal IP addresses
- Network for proxy nodes for external requests to the services inside the cluster
Table 3. Supported network interfaces on the Secure Service Container partitions
| Interface | Layer 2 network | Layer 3 network |
|---|---|---|
| Ethernet | Yes | Yes |
| VLAN | Yes | Yes |
| Bond | Yes | Yes |
For more information, see Configuring the network for worker and proxy nodes and Configuring the network on the master node.
Supported operating systems and platforms
The operating system for running the worker and proxy nodes is Ubuntu 18.04, which is encapsulated into the Secure Service Container for IBM Cloud Private and will be installed into the Secure Service Container partition as a docker image during the installation.
However, you must set up an x86 or Linux on Z server to host the master node, which is configured with one of the supported operating systems in the following table.
Table 4. Supported operating systems and platforms
| Platform | Operating system |
|---|---|
| Linux 64-bit | Red Hat Enterprise Linux (RHEL) 7.3, 7.4, 7.5, and 7.6 |
| Ubuntu 16.04 LTS and 18.04 LTS | |
| SUSE Linux Enterprise Server (SLES) 12 SP4, and 15 |
Linux Unified Key Setup (LUKS) hardware encryption on the x86 or Linux on Z server can protect the hardware from faulty access. When installing the Ubuntu onto the x86 or Linux on Z server, select the Encrypt the new Ubuntu installation for Security option to encrypt the hard disk.
Software requirements
You must invest in the following software infrastructure to run the Secure Service Container for IBM Cloud Private solution.
- IBM Cloud Private
- IBM Secure Service Container for IBM Cloud Private, which you can get from IBM Passport Advantage site.
- Feature Code 0104 (Container Hosting Foundation), which is required by the IBM Secure Service Container, and can be ordered on the IBM Z14, IBM LinuxONE Emperor II, and IBM LinuxONE Rockerhopper II servers from the eConfig fulfillment system.
You can contact your sales representatives to obtain the required access to IBM Passport Advantage site and eConfig system.
Supported Docker versions
The Docker release required by Secure Service Container for IBM Cloud Private is identical to the requirements of IBM Cloud Private. See IBM Cloud Private Supported Docker Versions for more details.
You must install one of supported Docker versions on the x86 or Linux on Z server. Note the supported Kubernetes version for the master node is 1.11. The Docker/Kubernetes environment on the Secure Service Container partition is configured during the installation of Secure Service Container for IBM Cloud Private.
Supported IBM Cloud Private versions
The Secure Service Container for IBM Cloud Private solution is tested and developed on the following IBM Cloud Private bundles.
Table 5. Supported IBM Cloud Private versions
| Version | Enterprise Edition | Cloud Native | Community Edition |
|---|---|---|---|
| 3.2.0 | Y | N | Y |
| 3.1.2 | Y | N | Y |
| 3.1.1 | Y | N | Y |
Note:
- To install the IBM Cloud Private Community edition, the x86 or Linux on Z server must have the internet access to install the required docker images that are hosted on this external site.
- The installation packages of IBM Cloud Private Enterprise Edition can be acquired from the IBM Passport Advantage site.
- The code snippets or links to IBM Cloud Private documentation uses 3.2.0 to maintain consistency. You can also use a different supported version number or refer to its document if needed.
Required ports
The required ports of Secure Service Container for IBM Cloud Private are identical to the ones of IBM Cloud Private. For more information , see Required ports.