IBM Cloud Private with OpenShift

IBM® and Red Hat have partnered to provide a joint solution that uses IBM Cloud Private and OpenShift. You can now deploy IBM certified software containers that are running on IBM Cloud Private onto Red Hat OpenShift.

When you install IBM Cloud Private with OpenShift, IBM Cloud Private provides the IBM Cloud Private experience, management, and operations for applications and uses OpenShift's Kubernetes and Docker registry that is already installed by Red Hat.

Similar to IBM Cloud Private, OpenShift is a container platform built on top of Kubernetes. You can install IBM Cloud Private with OpenShift by using the IBM Cloud Private installer for OpenShift.

Integration capabilities

Supports Linux® 64-bit platform in offline only installation mode
Single-master configuration
Integrated IBM Cloud Private cluster management console and Catalog
Integrated core Platform services, such as monitoring, metering, and logging
IBM Cloud Private uses the OpenShift image registry

This integration defaults to using the Open Service Broker in OpenShift. Brokers that are registered in OpenShift are still recognized and can contribute to the IBM Cloud Private Catalog. IBM Cloud Private is also configured to use the OpenShift Kube API Server.

Notes:

IBM Cloud Private Platform images are not Red Hat OpenShift certified
IBM Cloud Private Vulnerability Advisor (VA) and audit logging are not available on OpenShift
Not all CLI command options, for example all cloudctl cm commands, are supported

Security

Authentication and authorization administration happens from only IBM Cloud Private to OpenShift. If a user is created in OpenShift, the user is not available in IBM Cloud Private. Authorization is handled by IBM Cloud Private IAM services that integrate with OpenShift RBAC.

The IBM Cloud Private cluster administrator is created in OpenShift during installation. All other users and user-groups from IBM Cloud Private LDAP are dynamically created in OpenShift when the users invoke any Kube API for the first time. The roles for all IBM Cloud Private users and user-groups are mapped to equivalent OpenShift roles. The tokens that are generated by IBM Cloud Private are accepted by the OpenShift Kube API server, OpenShift UI, and OpenShift CLI.

Support

If you need support, contact either IBM or Red Hat depending on where you encountered the issue. IBM and Red Hat have defined a collaborative support model and will work together for complex issues that involve both support teams.