IBM Cloud Private with OpenShift
IBM® and Red Hat have partnered to provide a joint solution that uses IBM Cloud Private and OpenShift. You can deploy IBM certified software containers running on IBM Cloud Private with Red Hat OpenShift and with OpenShift on IBM Cloud.
When you install IBM Cloud Private with OpenShift, IBM Cloud Private provides the IBM Cloud Private experience, management, and operations for applications and uses OpenShift Kubernetes and Docker registry that is already installed by Red Hat.
Similar to IBM Cloud Private, OpenShift is a container platform that is built on top of Kubernetes. You can install IBM Cloud Private with OpenShift by using the IBM Cloud Private installer for OpenShift.
Integration capabilities
- Supports Linux® x86_64 platform in offline only installation mode
- Integrated IBM Cloud Private cluster management console and Catalog
- Integrated core Platform services, such as monitoring, metering, and logging
- IBM Cloud Private uses the OpenShift image registry
This integration defaults to using the Open Service Broker in OpenShift. Brokers that are registered in OpenShift are still recognized and can contribute to the IBM Cloud Private Catalog. IBM Cloud Private is also configured to use the OpenShift Kube API Server.
Notes:
- IBM Cloud Private Vulnerability Advisor (VA) and audit logging are not available on OpenShift
- Not all CLI command options, for example all
cloudctl cm
commands, are supported
Security
Authentication and authorization administration happens from only IBM Cloud Private to OpenShift. If a user is created in OpenShift, the user is not available in IBM Cloud Private. Authorization is handled by IBM Cloud Private IAM services that integrate with OpenShift RBAC.
Support
If you need support, contact either IBM or Red Hat depending on where you encountered the issue. IBM and Red Hat have defined a collaborative support model and will work together for complex issues that involve both support teams.
The IBM Cloud Private cluster administrator is created in OpenShift during installation. All other users and user-groups from IBM Cloud Private LDAP are dynamically created in OpenShift when the users invoke any Kube API for the first time. The roles for all IBM Cloud Private users and user-groups are mapped to equivalent OpenShift roles. The tokens that are generated by IBM Cloud Private are accepted by the OpenShift Kube API server, OpenShift user interface, and OpenShift CLI.
Monitoring on OpenShift
OpenShift provides an optional Prometheus-based monitoring component, but does not provide the same capabilities as the IBM Cloud Private monitoring service. When you install IBM Cloud Private on OpenShift, the IBM Cloud Private monitoring service is installed by default. You can disable the monitoring service. For more information, see the Managing Grafana dashboards section on the IBM Cloud Private monitoring page.
If IBM Multicloud Manager is installed, IBM Cloud Private monitoring must be enabled to federate metrics from your other clusters.
Logging on OpenShift
OpenShift provides an optional Elasticsearch-based logging service that collect logs from system and application components automatically. You can choose to install the IBM Cloud Private logging service. For more information, see IBM Cloud Private logging.
Learn more about IBM Cloud Private with OpenShift.
- Preparing to install IBM Cloud Private with OpenShift
- Installing IBM Cloud Private with OpenShift
- Uninstalling IBM Cloud Private with OpenShift
- Configuring authentication for IBM Cloud Private with OpenShift
- Features in IBM Cloud Private running with OpenShift that require customization
- Known issues and limitations for IBM Cloud Private with OpenShift