Part 2 – Node.js on Kubernetes – What to expect from the managed IBM Kubernetes service

Check out the Part 2 video on YouTube that goes with this blog post. In Part 1 we took a simple Node.js application that uses a Cloudant database for a backend and deployed it to Cloud Foundry. The app is really simple and we used the IBM Cloud portal to create the Cloudant service, connect it to our app, deploy the app using the command line, and auto-scale the app. In Part 2 we took the same app and deployed it to the IBM Kubernetes Service (IKS). The same app works for both deployment targets with the only difference being how the Cloudant connect string gets passed to the app.

Picture1

I thought I would spend time in this blog post looking at the IBM Kubernetes service and why it is unique to any other Kube service from other cloud vendors. The IBM Kubernetes Service is a managed Kubernetes service providing an intuitive user experience with simplified cluster lifecycle management. IKS has built-in security and isolation to enable rapid delivery of apps while leveraging IBM Cloud services including weather data, IOT, Analytics, data, or AI capabilities with Watson. Available in 6 IBM regions world-wide including 25+ data centers.

First and foremost, IKS is a managed solution. So what does that mean? First of all, IBM manages the master node side of the architecture. The master node are fully managed and maintained by IBM inside of an IBM account. You have multiple master nodes (high-availability) so that if any one goes down you do not lose your cluster. You have a fully-featured user interface portal that allows you to manage your cluster and its health. You can upgrade your Kubernetes version via the UI.

The worker nodes on the other hand are yours and fully under your control. The worker nodes run in your IBM account and you have complete access and architecture control of your worker nodes. When you create a cluster, you can specify the worker node architecture (bare metal, virtual shared and virtual dedicated). You can mix and match architectures in your cluster (i.e. edge nodes vs app nodes) and configure the network to you liking. A worker nodes will automatically be recovered if it goes down. IBM will upgrade Kube versions on your workers for you when requested. Workers can be deployed to single zone or multi-zone configurations.

From a security standpoint, again IKS lets you control your worker nodes. Therefore you can add your own security capabilities as you see fit. Kube secrets and volumes are automatically encrypted and you can provide your own keys via the IBM Key Protect service. Picture2Images can be stored securely in your own IBM private registry or you can use whatever registry you would like. IBM Vulnerability Advisor provides Docker image and running container scanning to detect vulnerabilities and configuration weaknesses. Images can be signed by Docker Notary to further insure you are using approved images.

IBM also allows you to extend you cluster to use other IBM Cloud services. You can enhance your applications with Watson, IOT, Analytics and Data services from the IBM Cloud catalog. Persistent volumes can be created using IBM Cloud storage solutions (file, block, object). IKS is integrated with IBM Cloud identity and access management for single point control of access and permissions translated to cluster RBAC.

And IKS offers the complete Kubernetes distribution with no changes including 100% API and CLI. IBM is a certified Kubernetes provider with conformance testing for each release. IKS is also integrated with IBM Cloud logging and monitoring or you can wire the cluster into your own popular logging or monitoring solutions. IBM also offers managed add-on capabilities such as installing and maintaining Istio or Knative into your cluster as of today.

OK, enough with the commercial. The other aspect to IKS is that it is used extensively within the IBM Cloud and is the underpinnings of almost everything IBM does both internally and publicly. All IBM Cloud services (140+) run on top of IKS. And there are numerous internal applications that run on IKS as well. IBM continues to be a large contributor to Kubernetes and Kube-based capabilities like Istio and Knative. More to come on those topics.

Needless to say, IBM has based its future on Kube and I would expect it to be a key piece of any future offerings. Please compare IKS to what you get from Azure, AWS, or Google and let me know if you don’t think IKS holds its own against any of them.

 

Advertisements

What is the IBM Cloud?

Right off the bat, let me stress that while I do work for IBM, my thoughts and opinions in the blog post and my blog in general are mine and mine alone. Shemp

When I think about the IBM Cloud, and that is “big C” Cloud, the entire IBM Cloud portfolio; I think of Shemp or maybe Curly Joe. Zeppo Marx and Cooper Manning also come to mind. So does Daniel Baldwin. If you haven’t figured it out yet, the IBM Cloud is the least known of the cloud siblings. There is no doubt that Shemp and Curly Joe, Zeppo and Daniel all bring unique talents to their respective families. But there is no arguing that Moe, Larry, Curly, Harpo, Groucho, Chico, Payton, Eli, Alec, William, and Stephen (well maybe not William and Stephen) are more well known. While Amazon, Microsoft, and Google get the lion’s share of the “off the top of your head” references, the IBM Cloud holds its own when it comes to capabilities. But why do you not hear about it except for some very specific reference stories and some very well-done commercials. I wanted to examine some of the realities of the IBM Cloud in this blog post.

First of all, I am not going to put features and capabilities side by side for a grand comparison chart. But what I will say is that there are some areas of the IBM Cloud that shine, and IBM has many success stories to prove it. It is no secret that AWS has a huge lead, a large market share and a large mindshare. Focusing on “catching” them is probably not a smart strategy. Also, much of the standard public cloud (see VSIs) is moving to commodity territory and is a race to the bottom from a price point perspective. If you want to compare pennies per gigabyte hour or number of seconds to spin up a virtual machine, then go ahead, more power to you. But at some point, I would argue that unless you are on a pretty large scale this effort is pointless.

But what I will talk about is focus. First let’s look at how cloud is defined and get it out on the table to help the discussion. This is not as easy an answer as one would think. Is a cloud determined by its deployment model? Are private, hybrid, and public deployment models all considered cloud? Is a cloud determined by its physical deployment location? Can a cloud can be on-premises and off-premises? Does a cloud have to be IaaS or PaaS or SaaS alone or some combination of all three? Does a cloud have to be based on some type of virtualization or can it be based on bare metal machines as well?

You would think the technology analyst firms could help us out here. After all, they are in the business of analyzing and ranking cloud vendors. It doesn’t take long to see their differing opinions. The famous IaaS magic quadrant from Gartner this year puts IBM in the niche category. But Forrester Wave’s PaaS rating puts IBM a strong second. Analysts don’t see eye-to-eye in what an important perspective is when looking at cloud vendors.

IBM’s focus on cloud is unique due to its breadth of customers and breadth of its overall solution portfolio much of which fall outside of traditional “cloud.” Therefore, IBM focuses on cloud with a fisheye lens (ultra-wide). IBM sees cloud as all of the ways to look at cloud. I think I can argue that no other cloud vendor offers as much diversity in deployment model, location, and service model and combinations of them all as IBM. You might think that a private cloud has to run on-premises but that is not true. IBM offers private and dedicated versions of its public services. IBM also strives to provide a “one architecture” perspective. This provides a similar if not identical look, feel, and experience regardless of what cloud deployment model you choose. This is much easier said than done but it is a key strategy for IBM.

Another difference with the IBM Cloud is its focus on open source. Open source is a priority to IBM and is evident by its participation in numerous open source initiatives going way back to Linux and Eclipse. I believe the difference for IBM is that it makes a concerted effort to not vendor-lock a customer. That doesn’t sound right based on IBM’s proprietary solution success stories. But when it comes to the cloud, IBM wants its customers to know that an investment in targeting IBM’s cloud should not prevent them from moving that solution off of the IBM Cloud if they so choose. Let’s look at a few examples. IBM’s Bluemix was launched in June of 2014 as managed platform-as-a-service offering. But IBM did not invent their own, but instead offered a managed Cloud Foundry implementation. IBM could have invented their own, but IBM instead chose to compete with other ways of deploying Cloud Foundry and bet that it could build a business offering a public managed version. A slightly different approach was taken with serverless computing. IBM open-sourced its OpenWhisk serverless platform so that customers could deploy their own on-premises version if they were not happy with the IBM experience. The same approach was taken with blockchain and the HyperLedger project.

Another way to look at the IBM strategy is via the continuum of a customer’s journey to cloud. IBM approaches the cloud discussion with not just a target to shoot for but a path to get there. Not everyone is ready to move to a cloud-native container-based application architecture. Many of IBM’s customers strive to be there someday, but need to get there in way that does not upset their existing application base. A “typical” driving force to move to cloud is the desire to get out of the data center business. But this does not have to involve a huge IT transformation. By deploying VMWare in the IBM Cloud, customers can operate their data center in the exact same way they do today, but VMWare is instead hosted in the IBM Cloud. Customers may be ready for their first Kubernetes-based containerized app deployment but they aren’t ready for it to be off-prem. Customers can get the full Kubernetes experience with IBM Cloud Private (ICP) on-prem and then move to a cloud-based Kubernetes cluster offering when ready. Customers may even be ready to host their first public cloud application but are not comfortable with moving their corporate data off-prem. This is the one aspect of the hybrid cloud model and IBM fully embraces this paradigm offering many ways to enable hybrid applications (cloud to/from data center, cloud to cloud, etc.). IBM also readily admits that most enterprises will not standardize on a single cloud vendor, but instead take a multi-cloud approach. IBM’s Cloud Automation Manager and Multi-Cloud Manager as a part of its ICP capabilities are beginning to offer solutions to govern and manage this strategy using a single pane of glass.

One could argue that casting such a wide net creates weaknesses in some aspects of its cloud offerings where other vendors focus all their efforts. Such is the life of IBM. IBM has a truly unique perspective to this problem and an even more unique customer base that it must keep happy throughout this “journey to the cloud.” But what I do know is that when given the opportunity IBM usually is able to compete and many times win. Stay tuned to this blog as I examine more aspects of the IBM Cloud.

Platform as a Service – Built-in DevOps

I like to keep myself in tune with what is going on in world with all things DevOps, so I frequent a few places (the LinkedIn DevOps group, DevOps.com, etc.).  There are lots of good discussions and topics out there.  These types of fast moving sites are a must to keep up with the world.  From a technical standpoint the topics usually center around the various tools and techniques involved in automation.   There is no arguing the fact that many shops out there that are embracing DevOps start at the low technical level and work their way up.  I call this Startup DevOps (I doubt I can take credit for this term).  Most startups have very smart people and very little bureaucracy to cut through.  Get the job done faster and everyone is happy.   Using tools like Chef, Puppet, Vagrant, Glu, Jenkins, GIT, RunDeck, Fabric, Capistrano, CFEngine, yada yada yada you can get the job done.  You can craft a very significant and powerful set of automation at very little cost (open source) and provide the fast moving infrastructure to handle the fast moving pace of startups.

Being from IBM, I tend to look at things a bit differently.  Most of the customers I deal with are at the other end of the spectrum.  With IT departments having staffs in the many thousands, there is bureaucracy at every turn.  Large enterprises like this tend to spend money with IBM (and others like us) to transfer risk.  Spend umpteen million with IBM and you have to only look in one direction to point the finger.  So IBM tends to create products that cater to these types of clients.  I use the term Enterprise DevOps for this situation (again, can’t take credit for the term).

IBM is spending billions (yes with a B) on solutions that cater to these types of customers.  Cloud solutions is where the bulk of the effort is focused these days.  IBM offers quite a bit of choice here.  If you want private cloud, IBM has Pure Application Systems and SmartCloud Orchestrator that provide the Infrastructure as a Server (IaaS) capabilities.  Managing Servers, Storage, and Network in an incredibly flexible way is what this is all about.  IBM also has a public cloud offering in Soft Layer.  Let IBM manage your infrastructure and you don’t need a data center anymore.  Nice.

Platform as a Service (PaaS) is the next big thing.  IBM is now introducing the ability to assemble a platform dynamically and provide all of the plumbing in connecting those platform pieces in an automated way.  We have even connected our DevOps in the Cloud solution (JazzHub) with the IBM PaaS solution (BlueMix) in a way that offers a true cloud-based development environment that will automatically deploy to your PaaS infrastructure all without lifting a finger.  By the way, take a look at this short YouTube video to get a quick overview of the landscape.

Let’s take a bit closer look at BlueMix and JazzHub and see what I mean.  First, BlueMix allows you to create an infrastructure by assembling services.  You can start with some boilerplate templates that have already wired together infrastructure and services.  For example, the Java + DB Web Starter gives you a WAS Liberty Profile server and a DB2 database, all installed and ready to go.  This boilerplate gives you a sample application that runs as soon as  you server starts.  You get a zip of the source code (we will visit this again later).

bluemix1

Or you can build up your own infrastructure.  First, choose from a list of runtimes.

Bluemix2

And then add services to you infrastructure.

Bluemix3

In my case after a few clicks and less than a minute later I had a server with WAS Liberty and DB2 deployed and running the sample application.  I didn’t need a sysadmin to build me a server.  I didn’t need a DB administrator to install DB2 and create a database for me.  I didn’t need accounts created or ports opened.  All done seamlessly under the covers.  Point and click infrastructure assembly.  DevOps to the max.

But we need to develop our application (or enhance the boilerplate app), so we need a development environment. IBM offers JazzHub, a cloud-based development infrastructure.  JazzHub allows you to create a project that provides change management and source config management already setup and ready to go.

First, pick you source code management solution, Jazz or GIT.

jazzhub1

Next, add some additional services, like auto-deploy to a BlueMix infrastructure.

And we have a project all set to go.  I can invite others to join my project and we can develop in the cloud as a team.  Here I have loaded the sample application source code into my JazzHub project.  I can modify the code right here if I want and push that code into my GIT master branch.

jazzhub3

Or better yet, I can use Eclipse to develop my application using an IDE.  I have connected to my GIT repository and pulled the code down into my workspace.  I can use the GIT plugin to commit changes I have made to the GIT repository.

eclipse1

 

And to tidy things up nicely, by turning on auto-deploy in my JazzHub project, every new push to my GIT repository by my team causes an immediate deployment to my BlueMix infrastructure.

jazzhub4

Holy continuous delivery.  There is an awful lot of things going on under the covers here.  But like I said above, you are offloading risk to you PaaS solution.  The interesting thing is that the price is relatively not that big.  With subscription type pricing you get this solution relatively cheap.  (Note: I am not in sales so don’t ask me for a pricing quote).   Customers now have a choice in pursuing their DevOps goals.  You can build from within by hiring smart people that have experience in the myriad of ever-changing open source DevOps tools, automate as much of the infrastructure creation and platform connectivity on your own, and hope that your smart people don’t get hit by a bus.  Or you can subscribe to a PaaS solution like this one (or others out there) and to steal a Greyhound slogan, “leave the driving to us.”

I made this sound very simple and we know that there are lots of factors involved in determining the direction you go.  Some industries have a hard time with anything located outside of their walls due to regulatory issues or simply a fear of lack of control.  Some of the PaaS solutions will have on-premises options to allow you to bring the solution into your data center but your users won’t know the difference.  We all know that simple projects like this are not always the case.  The complex project portfolio of a large IT organization may require complex infrastructure that a PaaS solution cannot support.  But we are getting closer and closer to PaaS being a reality and I find it hard to believe that this isn’t a viable solution for a good portion of any typical IT application portfolio.