db2 on kubernetes · 2019-09-26 · on average docker developers ship software 7x more frequently...
TRANSCRIPT
Db2 on KubernetesClaus Huempel ltchuempeldeibmcomgt
Technical Sales Hybrid Data Management IBM Deutschland GmbH
IBM Cloud2
Legal Disclaimer
2
Copyright copy IBM Corporation 2019 All rights reserved
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corporation
THE INFORMATION CONTAINED IN THIS PRESENTATION IS PROVIDED FOR INFORMATIONAL PURPOSES ONLY WHILE EFFORTS WERE MADE TO
VERIFY THE COMPLETENESS AND ACCURACY OF THE INFORMATION CONTAINED IN THIS PRESENTATION IT IS PROVIDED ldquoAS ISrdquo WITHOUT
WARRANTY OF ANY KIND EXPRESS OR IMPLIED IN ADDITION THIS INFORMATION IS BASED ON CURRENT THINKING REGARDING TRENDS AND
DIRECTIONS WHICH ARE SUBJECT TO CHANGE BY IBM WITHOUT NOTICE FUNCTION DESCRIBED HEREIN MY NEVER BE DELIVERED BY IBM IBM
SHALL NOT BE RESPONSIBLE FOR ANY DAMAGES ARISING OUT OF THE USE OF OR OTHERWISE RELATED TO THIS PRESENTATION OR ANY
OTHER DOCUMENTATION NOTHING CONTAINED IN THIS PRESENTATION IS INTENDED TO NOR SHALL HAVE THE EFFECT OF CREATING ANY
WARRANTIES OR REPRESENTATIONS FROM IBM (OR ITS SUPPLIERS OR LICENSORS) OR ALTERING THE TERMS AND CONDITIONS OF ANY
AGREEMENT OR LICENSE GOVERNING THE USE OF IBM PRODUCTS ANDOR SOFTWARE
IBM the IBM logo ibmcom and Db2 are trademarks or registered trademarks of International Business Machines Corporation in the United States other
countries or both If these and other IBM trademarked terms are marked on their first occurrence in this information with a trademark symbol (reg or trade)
these symbols indicate US registered or common law trademarks owned by IBM at the time this information was published Such trademarks may also
be registered or common law trademarks in other countries A current list of IBM trademarks is available on the Web at ldquoCopyright and trademark
informationrdquo at wwwibmcomlegalcopytradeshtml
IBM Cloud3
Agenda
Micro Services and Containers
Kubernetes Basics
Deploying Db2 on Kubernetes
minus Db2 OLTP Single Server
minus Db2 OLTP HADR
minus Data Server Manager (DSM)
Additional Resources
Summary
IBM Cloud4
Micro Services amp Containers
IBM Cloud5
Technology by itself is not the business disruptor
Failing to be customer centric is the biggest business threat
The right technology for the right job is an enabler of business disruption
Netflix did not kill Blockbusterhellip ridiculous late fees and rewind fees did
Uber did not kill the taxi businesshellip limited access and fare control did
Apple did not kill the music industryhellip being forced to buy full length albums did
Airbnb isnrsquot killing the hotel industryhellip limited availability and pricing options are
IBM Cloud6
Multi-cloud is being driven by cloud native architecturesMicroservices and containers are changing IT
Portable Applications
Public Cloud
CAGR -8
Traditional IT
Private Cloud
Public
with Virtual
Private
Cloud
Public Cloud
The Compound
Annual Growth Rate
of traditional IT
continues to shrink
while public and
private cloud
continues to grow
Microservices and
containers are keys to
this transformation
CAGR 16 CAGR 30
IBM Cloud7
Microservices ndash the first key to cloud native applicationsMaking development amp deployment more efficient
Microservices benefits
bull Improves fault isolation
Larger applications can remain largely
unaffected by the failure of a single
module
bull Eliminates long-term commitment to
a single technology stack
Try out a new technology stack on an
individual service and roll it back if
required
bull Easier development
A new developer can more easily
understand the functionality of a service
bull Easier deployment
Auto provision auto scale and provide
auto-redundancy
Microservice
Data
Access
Layer
Business
Logic
DB
UIUI
Microservice
Microservice
Monolithic
ArchitectureMicroservices
Architecture
DB
Microservice
Microservice
DB
Microservice
DB
This is not a claim that a microservice-based application approach is always better for every use case scenario
IBM Cloud8
Containers ndash the second key to cloud native applicationsReducing operational and development costs
Containers virtual software in the way that virtual machines have virtualized hardware
Virtual machines vs containers
Hypervisor
Infrastructure
Guest
OS
Guest
OS
Guest
OS
BinsLibs LibsBins BinsLibs
App 1 App 2 App 3
Operating System
Infrastructure
BinsLibs BinsLibs BinsLibs
App 1 App 2 App 3
Container Engine
overhea
d
Containers can be 2 ndash 3 times more resource
efficient than virtual machines
On average Docker developers ship software 7x
more frequently
BV
IBM Cloud9
Container automation and orchestration is essentialEnter Kubernetes
Containers are revolutionizing IT
But they require orchestration
Kubernetes - κυβερνήτης
Means ldquohelmsmanrdquo or ldquopilotrdquo
IBM Cloud10
Private Clouds address the new IT realityCreated by digital transformation
Method Development Deployment Environment
Waterfall Monolithic Bare metal On-Premises
Agile Programming N-Tier Virtual Server Off-Premises
Agile DevOps Microservices Containers Cloud
Hypervisor
Infrastructure
GuestOS
GuestOS
GuestOS
BinsLibs BinsLibs BinsLibs
App 1 App 2 App 3
Operating System
Infrastructure
BinsLibs BinsLibs BinsLibs
App 1 App 2 App 3
Container Engine
Tim
e t
o v
alu
e
Perc
ep
tio
n o
f co
st
IBM Cloud11
Public Cloud + Private Cloud = Hybrid Cloud Different cloud options
Public CloudOn-Premises
Private Cloud
Hosted Private
CloudHybrid Cloud
Hardware
Deployment and
Management
Vendor Customer Vendor
Shared between
vendor and
customer
Hardware Sharing
ModelShared Dedicated Dedicated
Partially shared
and partially
dedicated
Scalability High Medium High High
Low Cost Yes Sometimes Sometimes Sometimes
Predictable Cost No Yes Yes No
Utility Billing Yes No Depends on vendor Partial
Flexibility Yes Limited Limited Yes
Customization
CapabilitiesNo Yes Depends on vendor Partial
Enhanced Security
and ComplianceNo Yes Yes Yes
Instant
ProvisioningYes Yes Yes Yes
A ldquoHybrid Cloudrdquo is a highly orchestrated environment where all sources act as one
A ldquoMulti-cloudrdquo environment simply refers to the use of multiple cloud sources of any kind without necessarily being orchestrated
IBM Cloud12
Why care about Private CloudsAdoption brings agility and efficiency
Cost Efficient amp Scalable
Infrastructure
Accelerate Time to Market
Build package amp deploy applications in
containers run at scale with Kubernetes
Refactor applications into microservices
amp modernize monolithic applications
Manage Data at Scale
Access govern amp analyze your data at
scale accelerate your journey to AI
50 Benefit
3-Year $54 Million Cost Savings 255 ROI
Business Value Assessment Customer Output
Standard On-Premises vs IBM Cloud Private
Data CenterSystem Utilization amp Server Reduction
75 BenefitManage PerformanceElasticity Bursting High Availability
35 BenefitDevOpsFaster Deployments
30 BenefitDeployment EfficiencyContainers amp Microservices
50 BenefitImproved SecurityManagement amp Risk Reduction
IBM Cloud13
Private Cloud Platform Market LeadersOpenShift and IBM Cloud Private
IBM Cloud Private
IBM Cloud14
Kubernetes Basics
IBM Cloud15
Kubernetes Basics
Kubernetes Overview
minusOpen Source Project
minus Features
minusArchitecture
Kubernetes Workloads
minus Pods and YAML
minus Controllers
Kubernetes Networking
minus Services
Kubernetes Storage
minus Volume types
minus Persistent volumes
minus Persistent volume claims
Kubernetes Security
minus Secrets
IBM Cloud Private Catalog
minusHelm Charts
minusHelm CLI
IBM Cloud16
Kubernetes ndash Open Source Project
Greek work for ldquoHelmsmanrdquo
Itrsquos Open Source - httpsgithubcomkuberneteskubernetes
Itrsquos a graduated project of Cloud Native Computing Foundation httpscncfio
Popularly known as ldquoContainer Orchestratorrdquo
It is a modern ldquoCluster Managerrdquo for automating deployment scaling and management of containerized applications
IBM Cloud17
Kubernetes ndash Features (1)
Automatic binpacking
minus Automatically places containers on nodes Mix critical and best-effort workloads in order to drive up utilization
Horizontal scaling
minus Scale application up or down with a simple command with a UI or automatically based on CPU usage
Automated rollouts and rollbacks
minus Kubernetes progressively rolls out changes to the application or its configuration while monitoring application health to ensure that it doesnrsquot kill all instances at the same time
Storage orchestration
minus Automatically mount the storage system of your choice whether from local public or SAN such as iSCSI Gluster Ceph Cinder Flocker NFS or IBM Spectrum Scale
IBM Cloud18
Kubernetes ndash Features (2)
Self-healing
minus Restart containers that fail replace and reschedules containers when nodes die kill containers that do not respond to user defined health checks
Service discovery and load balancing
minus No need to modify the application to use an unfamiliar service discovery mechanism Kubernetes gives containers their own IP addresses and a single DNS name for a set of containers
Secret and configuration management
minus Deploy and update secrets and application configuration without rebuilding your image and without exposing secrets in your stack configuration
Batch Execution
minus In addition to services Kubernetes can manage your batch and CI workloads replacing containers that fail if desired
IBM Cloud19
Kubernetes Architecture
Kubernetes Cluster
Kubelet
Worker NodeKubelet
Worker NodeKubelet
Worker Node
Master Node
API Server
Scheduler ControllerDistributed etcd
key-value datastore
Image Registry
Container -
1Container -
2Container -
3Container -
4Container -
5Container -
6Container -
7Container -
8Container -
n
Kubernetes REST API
Command
LineWeb UI
IBM Cloud20
Kubernetes WorkloadsPod ndash the basic building block for Kubernetes
Smallest and simplest unit in Kubernetes object model
Pod encapsulates an application container (or multiple containers) storage resources a unique network IP and options that govern how the container should run
Pod is a unit of deployment
Pod runs one or more containers as a unit
Docker is the container runtime used in IBM Cloud Private
One-container-per-pod model is most common use case
Kubernetes manages the pod rather than containers directly
Pods can run multiple containers that need to work together and toshare resources
Pods are designed as relatively ephemeral disposable entities
Pods do not self-heal by themselves ndash a higher level abstractiondoes this
IBM Cloud21
Kubernetes ConfigurationsCreate YAML for creating resources on KubernetesYAML ndash Yet Another Markup Language or YAML Ainrsquot Markup Language
Types of structures required in Kubernetes
minus Maps
minus Lists
YAML Maps - let you associate name value pair For example---apiVersion v1kind pod
YAML Maps ndash Create a key that maps to another map---apiVersion v1kind podmetadata
name db2labels
app db2
IBM Cloud22
Kubernetes Configurations ndash Create YAML (continued)YAML Lists are literally a sequence of objects Members in the list can also be maps
---apiVersion v1kind podmetadata
name db2labels
app db2spec
containers- name front-endimage nginxports
- containerPort 80- name db2-oltpimage storeibmcorpdb2_developer_c11144ports
- containerPort 50000
A YAML manifest has four components to define a Kubernetes resourcebull apiVersionbull kindbull metadatabull spec
IBM Cloud23
Kubernetes Workloads ndash Create a Pod
Create a nginx pod ndash icp01yaml--- Simple yaml file to create an nginx podapiVersion v1kind Podmetadata
name nginxlabels
app nginxspec
containers- name nginx
image nginx179ports- containerPort 80
Create the pod
$ kubectl apply -f icp01yaml
podnginx created
Check pod status
$ kubectl get pods
NAME READY STATUS RESTARTS AGE
nginx 11 Running 0 13s
IBM Cloud24
Kubernetes Workloads - ControllersControllers can create and manage pods for you
ReplicaSet
minus A ReplicaSet ensures that a specified number of pod replicas are running at any given time
Deployments
minus Deployment is a higher-level concept that manages ReplicaSets and provides declarative updates to pods
minus Example Create a deployment to rollout a ReplicaSet
StatefulSets
minus StatefulSets represent a set of pods with unique persistent identities and stable hostnames that are maintained regardless where they are scheduled
minus Examples Db2 Redis IBM MQ
DaemonSets
minus A DaemonSet ensures that nodes (all or some) run a copy of pod As nodes are added pods are added to them
minus Example Cluster storage daemon such as glusterd ceph logs collection on each node
Jobs CronJobs
minus A job creates one or more pods and ensures that a specified number of them successfully terminate
IBM Cloud25
Kubernetes Network - Services
Without services Pods are not visible outside the cluster
To enable communication from outside world to the Pods services are created
Internal Service Endpoints ndash Available inside the cluster only
External Service Endpoints - DNS names C-Names or A-records available to access pods
With the help of labels and selectors the services are tied to the pods
Service Types
minus ClusterIP ndash Service is reachable only from inside of the cluster
minus NodePort ndash Service is reachable through NodeIPNodePort
minus LoadBalancer ndash Service is reachable through an external load balancer mapped to NodeIPNodePort address
IBM Cloud26
Kubernetes Storage ndash Volume types
Host-based
minus EmptyDir
minus HostPath
Block Storage
minus IBM Block Storage
minus Amazon EBS
minus GCE Persistent Disk
minus vSphere Volumes
Distributed File System
minus IBM Spectrum Scale
minus NFS
minus Ceph
minus GlusterFS
minus Amazon EFS
minus Azure File System
Other
minus Flocker
minus iSCSI
minus Git Repository
minus Quobyte
IBM Cloud27
Kubernetes Storage ndash Persistence in Pods
Pods are ephemeral and stateless
Applications need persistent storage
Volumes is a way to get persistence to a Pod
Kubernetes volumes are similar to Docker volumes but are managed differently
All containers in a Pod can access the volume
Volumes are associated with the lifecycle of a Pod
Directories in a host are exposed as volumes in Pod
Volumes may be based on a variety of back-end storage types
IBM Cloud28
Kubernetes StoragePersistent volume and persistent volume claim
The Kubernetes Volume abstraction provides
minusPersistent Volume (PV) ndash Provisioned by an administrator
minusPersistent Volume Claim (PVC) ndash Requested by an user and Heketi provisions PVC ndash which creates a PV
minus Storage Class (SC) ndash Storage profiles offered by admins
Persistent
Volume
Block Storage Distributed File System IBM
Spectrum Scale
Worker Node
Pod 1 Pod 1
Persistent
Volume
Claim
IBM Cloud29
Kubernetes SecretsDecouple container with sensitive information
Secret holds sensitive information such as password OAuth tokens and more
Secret is an abstraction to decouple sensitive data
To use a secret Pod needs to reference the secret
Secret can be used in a Pod as files in a volume mounted on one or more containers or used by kubelet when pulling images for the Pod
$ kubectl -n stocktrader
create secret generic db2
--from-literal=id=db2psc
--from-literal=pwd=password
--from-literal=host=dev-ibm-db2oltp-devdefaultsvcclusterlocal
--from-literal=port=50000
--from-literal=db=PSDB
IBM Cloud30
IBM Cloud Private catalog ndash Helm Charts
Db2 chart
DSM chart
IBM Cloud31
IBM Cloud Private catalog ndash What is a Helm Chart
Helm is the package manager in IBM Cloud Private
Tiller is the server that serves the Helm content
Helm charts help to define install and upgrade software in an automated fashion
Helm charts can be deployed using GUI or command line
Software packages are available from IBM Charts Repository
Available at httpsgithubcomIBMcharts
IBM Cloud Private catalog requires internet connectivity to show available charts
In an air-gap environment you can build your own Local Charts repository
IBM Cloud32
IBM Charts Repository httpsgithubcomIBMchartstreemasterstable
Db2 chart
DSM chart
IBM Cloud33
Helm command line ndash Helm and Tiller
Helm is the client and Tiller is the server ndash runs on master node
$ helm version
Client v272+icp
Error cannot connect to Tiller
Use of --tls is required to do Helm operations
$ helm version --tls
Client v272+icp
Server v272+icp
Helm and Tiller version must be same ndash do not download Helm from Internet
IBM Cloud34
Deploying Db2 on Kubernetes
IBM Cloud35
Db2-based Containers running on Kubernetes (Sep 2019)Product Version Worker
Nodes
Pods PVCs Comments
Db2 OLTP 11144 1 1 1
Db2 OLTP HADR 11144 3 5 6 1x Db2 primary 1x Db2 standby 3x etcd for cluster
manager addntl PVC for HADR setup
Data Server
Manager
215 1 2 2 1x DSM 1x Db2 repository database
Includes Db2 111 engine
Db2 Warehouse
SMP
3100 1 1 1 Includes Db2 111 engine
Db2 Warehouse
MPP
3100 3+ 3+ 1 Includes Db2 111 engine
Requires IBM Cloud Pak for Data
Coming soon
minus Red Hat OpenShift Kubernetes support
minus Db2 v115 engine
IBM Cloud36
IBM Cloud Private Kubernetes platform
IBM Cloud37
Before deploying Db2 OLTP to Kubernetes a couple of stepsneed to be performed
Creating a new namespace (optional)
Configuring a pod security policy
Configuring an image pull secret
Configuring the service account
IBM Cloud38
Creating the Namespace for the Db2 OLTP containers
We will create new namespace where all our Pods for Db2 OLTP Db2 OLTP HADR and Data Server Manager will run
Create the namespace for example stock-trader-data
$ kubectl create namespace stock-trader-data
namespacestock-trader-data created
Switch the context to the newly created namespace
$ kubectl config set-context $(kubectl config current-context)
--namespace=stock-trader-data
Context mycluster-context modified
Verify pods There should be no pods running as we just created the namespace$ kubectl get podsNo resources found
IBM Cloud39
Configuring Pod Security Policy for Db2$ cat pre01yamlapiVersion extensionsv1beta1kind PodSecurityPolicymetadata
name db2-privilegesspec
allowPrivilegeEscalation trueprivileged falseallowedCapabilities- SETPCAP- MKNOD- AUDIT_WRITE- CHOWN- NET_RAW- DAC_OVERRIDE- FOWNER- FSETID- KILL- SETGID- SETUID- NET_BIND_SERVICE- SYS_CHROOT- SETFCAP- SYS_RESOURCE- IPC_OWNER- SYS_NICEfsGroup
rule RunAsAnyhostIPC true
hostNetwork falsehostPID falsehostPorts- max 65535
min 1runAsUser
rule RunAsAnyseLinux
rule RunAsAnysupplementalGroups
rule RunAsAnyvolumes-
Configure the pod security policy$ kubectl apply -f pre01yamlpodsecuritypolicyextensionsdb2-privileges configured
Verify the results$ kubectl get psp
db2-privileges false SETPCAPMKNODAUDIT_WRITECHOWNNET_RAWDAC_OVERRIDEFOWNERFSETIDKILLSETGIDSETUIDNET_BIND_SERVICESYS_CHROOTSETFCAPSYS_RESOURCEIPC_OWNERSYS_NICE RunAsAny RunAsAny RunAsAny RunAsAnyfalse
IBM Cloud40
Configuring Image Pull Secret for Db2
We need to create a image pull secret to give Kubernetes the credentials to pull the Db2 Developer-C and DSM images from Docker Hub
The username password and email are the credentials form Docker Hub
Note that you need to subscribe the Db2 and DSM images in Docker Hub first
Configure the image pull secret$ kubectl create secret docker-registry dockerhub
--docker-username=ltyour dockerhub usernamegt--docker-password=ltyour dockerhub passwordgt--docker-email=ltyour dockerhub emailgt--namespace=ltyour namespacegt
secretdockerhub created
Verify the result$ kubectl get secretsNAME TYPE DATA AGEdefault-token-mwvpl kubernetesioservice-account-token 3 17ddockerhub kubernetesiodockerconfigjson 1 13m
IBM Cloud41
Configuring Service Account for Db2$ more pre04yaml---kind ClusterRoleapiVersion rbacauthorizationk8siov1metadataname db2-privileges-cluster-role
rules- apiGroups [extensions]resources [podsecuritypolicies]verbs [use]resourceNames- db2-privileges
---kind ClusterRoleBindingapiVersion rbacauthorizationk8siov1metadataname db2-privileges-cluster-role-binding
roleRefkind ClusterRolename db2-privileges-cluster-roleapiGroup rbacauthorizationk8sio
subjects- kind ServiceAccountname defaultnamespace stock-trader-data
The YAML specification file that defines the cluster role and the cluster role binding for the service account
Configure the service account$ kubectl apply -f pre04yamlclusterrolerbacauthorizationk8siodb2-privileges-cluster-role createdclusterrolebindingrbacauthorizationk8siodb2-privileges-cluster-role-binding created
Verify the results$ kubectl get psp
db2-privileges false SETPCAPMKNODAUDIT_WRITECHOWNNET_RAWDAC_OVERRIDEFOWNERFSETIDKILLSETGIDSETUIDNET_BIND_SERVICESYS_CHROOTSETFCAPSYS_RESOURCEIPC_OWNERSYS_NICE RunAsAny RunAsAny RunAsAnyRunAsAny false
IBM Cloud42
Helm Charts for Db2 and DSM
IBM Cloud43
Helm install command to deploy Db2 OLTP on Kubernetes
Installing Db2 OLTP server with one database in 2 minutes
$ helm install --name db2-01 ibm-chartsibm-db2oltp-dev
--tls
--set db2instinstname=db2inst1
--set db2instpassword=passw0rd
--set optionsdatabaseName=MYDB
--set dataVolumesize=20Gi
Size of the
Db2 data
volume
Name of database that
will be created
If not specified no
database will be
created
Instance
owner name
Instance owner
password
Db2 OLTP
Helm chart
name
Helm release
name
different for each
deployment
Additional parameters available for example to enable Oracle compatibilitySee httpsgithubcomIBMchartstreemasterstableibm-db2oltp-dev
IBM Cloud44
Letrsquos verify if we can connect to the MYDB database (1)
Get list of running pods and verify that Db2 OLTP pod is running
$ kubectl get podsNAME READY STATUS RESTARTS AGEdb2-01-ibm-db2oltp-dev-0 11 Running 1 7h57m
Review the logs of the Db2 OLTP container
$ kubectl logs -f db2-01-ibm-db2oltp-dev-009152019 160430 0 0 SQL1063N DB2START processing was successfulSQL1063N DB2START processing was successful() Starting TEXT SEARCH service CIE00001 Operation completed successfullyssh-keygen generating new host keys RSA1 RSA DSA ECDSA ED25519() All databases are now active() Setup has completed
IBM Cloud45
Letrsquos verify if we can connect to the MYDB database (2)
Login to the Db2 OLTP container and connect to MYDB Db2 database
$ kubectl exec -it db2-01-ibm-db2oltp-dev-0 --binbash su - db2inst1Last login Sun Sep 15 161711 UTC 2019$ db2 connect to MYDB
Database Connection Information
Database server = DB2LINUXX8664 11144SQL authorization ID = DB2INST1Local database alias = MYDB
IBM Cloud46
Cataloging the MYDB database
We need to catalog the MYDB database to access from Db2 client
binbash
NODE_PORT=$(kubectl get --namespace stock-trader-data
-o jsonpath=specports[0]nodePort services db2-01-ibm-db2oltp-dev-db2)
echo Cataloging node db2tcp1
db2 -v uncatalog node DB2TCP1
db2 -v catalog tcpip node DB2TCP1 remote 19216827100 server $NODE_PORT
echo Cataloging database MYDB at node db2tcp1
db2 -v uncatalog database MYDB
db2 -v catalog database MYDB at node DB2TCP1
db2 terminate
We get the Db2 port
from the Db2 OLTP
helm release service
definition
IBM Cloud47
Kubernetes resources for Db2 OLTP$ helm status db2-01 --tlsNAME db2-01LAST DEPLOYED Sun Sep 15 081114 2019NAMESPACE stock-trader-dataSTATUS DEPLOYEDRESOURCES==gt v1SecretNAME TYPE DATA AGEdb2-01-ibm-db2oltp-dev Opaque 1 1s==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
db2-01-data-stor Bound vol12 20Gi RWO 1s
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
db2-01-ibm-db2oltp-dev-db2 NodePort 100050 ltnonegt 5000030463TCP5500032236TCP 1sdb2-01-ibm-db2oltp-dev ClusterIP None ltnonegt 50000TCP55000TCP60006TCP60007TCP 1s==gt v1StatefulSetNAME DESIRED CURRENT AGE
db2-01-ibm-db2oltp-dev 1 1 1s
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdb2-01-ibm-db2oltp-dev-0 01 Init01 0 1s 1 Pod runs
the Db2
container
2 Services for
Db2 1x external
1x internal
1 StatefulSet
DESIRED = 1
1 PVC (RWO) for db
files logs amp config
1 Secret
Db2 instance
owner password
IBM Cloud48
Helm install command for deploying Db2 OLTP HADR
Setting up a Db2 OLTP v111 HADR cluster pair in 5 minutes with 1 command
helm install --name db2-02 ibm-chartsibm-db2oltp-dev
--tls
--set db2instinstname=db2inst1
--set db2instpassword=passw0rd
--set optionsdatabaseName=HADB
--set dataVolumesize=20Gi--set hadrenabled=true
Additional parameter
hadrenabled set to true to
indicate that we want a
HADR setup
IBM Cloud49
Verify that Db2 HADR is working
IBM Cloud50
Kubernetes resources for Db2 OTLP HADRNAME db2-02LAST DEPLOYED Tue Sep 17 082433 2019NAMESPACE stock-trader-dataSTATUS DEPLOYEDRESOURCES==gt v1SecretNAME TYPE DATA AGEdb2-02-ibm-db2oltp-dev Opaque 1 1s==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
db2-02-hadr-stor Bound vol09 20Gi RWX 1s
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
db2-02-ibm-db2oltp-dev-db2 NodePort 100061 ltnonegt 5000032422TCP5500032181TCP 1sdb2-02-ibm-db2oltp-dev ClusterIP None ltnonegt 50000TCP55000TCP60006TCP60007TCP 1sdb2-02-ibm-db2oltp-dev-etcd ClusterIP None ltnonegt 2380TCP2379TCP 1s==gt v1StatefulSetNAME DESIRED CURRENT AGE
db2-02-ibm-db2oltp-dev 2 2 1s
==gt v1beta2StatefulSet
db2-02-ibm-db2oltp-dev-etcd 3 0 1s
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdb2-02-ibm-db2oltp-dev-0 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-1 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-etcd-0 01 ContainerCreating 0 1sdb2-02-ibm-db2oltp-dev-etcd-1 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-etcd-2 01 Pending 0 1s
5 Pods
2x Db2 3x etcd
3 Services
2x Db2 1x etcd
2 StatefulSets
Db2 DESIRED=2
etcd DESIRED=3
1 PVC (RWX)
for HADR setup (1)
1 Secret
Db2 instance
owner password
(1) 5 addntl PVCs are being created
implicitly for 2x Db2 and 3x etcd
IBM Cloud51
Kubernetes Job to deploy SQL $ cat single04yamlapiVersion batchv1kind Jobmetadata
name db2-01-create-database-schemaspec
templatespec
containers- name db2-01-create-database-schema
image storeibmcorpdb2_developer_c11144-x86_64command [ binsh-cscriptsdb2-setupsh ]volumeMounts- name db2-createschema
mountPath scriptssecurityContext
capabilitiesadd [SYS_RESOURCE IPC_OWNER SYS_NICE]
env- name LICENSE
value accept- name DB2INSTANCE
value db2inst1- name DB2INST1_PASSWORD
valueFromsecretKeyRef
name db2-01-ibm-db2oltp-devkey password
- name DB2_SERVICE_NAMEvalue db2-01-ibm-db2oltp-dev
- name DBNAMEvalue mydb
restartPolicy Nevervolumes- name db2-createschema
configMapname db2-createschemadefaultMode 0744
backoffLimit 1---apiVersion v1data
db2-setupsh |binshexport SETUPDIR=vardb2_setupsource $SETUPDIRincludedb2_constantssource $SETUPDIRincludedb2_common_functionsif getent passwd $DB2INSTANCE gt devnull 2gtamp1 then
echo () Previous setup has not been detected Creating create_users
fiif create_instance then
exit 1fistart_db2cp scriptsdb2-createschemash databasedb2-createschemashchmod +x databasedb2-createschemashsu - $DB2INSTANCE -c databasedb2-createschemash
$DB2_SERVICE_NAME $DB2INSTANCEldquo$DB2INST1_PASSWORD $DBNAME
IBM Cloud52
Kubernetes Job to deploy SQL (contrsquod)db2-createschemash |
binshDB2_SERVICE_NAME=$1DB2INSTANCE=$2DB2INST1_PASSWORD=$3DBNAME=$4echo Configure schema for database $DBNAME on host $DB2_SERVICE_NAMEdb2 catalog tcpip node DB2NODE remote $DB2_SERVICE_NAME server 50000db2 catalog db $DBNAME as $DBNAME at node DB2NODEdb2 terminatedb2 activate database $DBNAME user $DB2INSTANCE using $DB2INST1_PASSWORDdb2 connect to $DBNAME user $DB2INSTANCE using $DB2INST1_PASSWORDsleep 2db2 -tvmf scriptsps-bp-tbspsqlsleep 10db2 -tvmf scriptsps-tablessqlecho Database $DBNAME has been configured
ps-bp-tbspsql |CREATE BUFFERPOOL BP32K PAGESIZE 32KCREATE TABLESPACE TS32 PAGESIZE 32K BUFFERPOOL BP32K
ps-tablessql |CREATE TABLE PS_TABLE(PS_TABLE_ID INTEGER NOT NULL GENERATED ALWAYS AS IDENTITY (START WITH 100000 INCREMENT BY 5) [hellip] IN TS32INSERT INTO PS_TABLE (SSNFIRST_NAMELAST_NAMEJOB_CODEDEPTSALARYDOB) WITH TEMP1 [hellip] CREATE TABLE PS_HISTORY ( FIRSTNAME VARCHAR(20) NOT NULL LASTNAME VARCHAR(20) NOT NULL JOBCODE CHAR(4) NOT NULL ) IN TS32 GRANT ALL ON ps_table TO PUBLICGRANT ALL ON ps_history TO PUBLIC
kind ConfigMapmetadata
name db2-createschema
IBM Cloud53
Deploying the Job to run the SQL
We deploy the Kubernetes job that runs the SQL on the MYDB database
$ kubectl apply ndashf single04yaml
jobbatchdb2-01-create-database-schema created
configmapdb2-createschema configured
We verify that the job has been created
$ kubectl get jobs
NAME COMPLETIONS DURATION AGE
db2-01-create-database-schema 01 0s 0s
Eventually the job completes
$ kubectl get jobs
NAME COMPLETIONS DURATION AGE
db2-01-create-database-schema 11 109s 45m
IBM Cloud54
Verifying the logs from the Job that runs the SQL on MYDBWe run a script to retrieve the logs form the job
binbash
kubectl config set-context $(kubectl config current-context) --namespace=stock-trader-data
pod=$(kubectl get pods --selector=job-name=db2-01-create-database-schema --output=jsonpath=items[]metadataname)
kubectl logs -f $pod
Output
[hellip]
DB20000I The SQL command completed successfully
GRANT ALL ON ps_table TO PUBLIC
DB20000I The SQL command completed successfully
GRANT ALL ON ps_history TO PUBLIC
DB20000I The SQL command completed successfully
Database mydb has been configured
IBM Cloud55
Deploying Data Server Manager (DSM) with the GUI
IBM Cloud56
Deploying Data Server Manager (DSM) with the GUI (2)
IBM Cloud57
Getting the URL of Data Server Manager
We need to query Kubernetes for the URL of the DSM GUI
binbash
export NODE_PORT=$(kubectl get --namespace stock-trader-data -o jsonpath=spec
ports[1]nodePort services dsm-01-ibm-dsm-dev)
export NODE_IP=$(kubectl get nodes --namespace stock-trader-data -o jsonpath=
items[0]statusaddresses[0]address)
echo https$NODE_IP$NODE_PORT
=gt https1921682710030462 (can be different on your system)
IBM Cloud58
Accessing Data Server Manager
IBM Cloud59
Data Server Manager HomepageAll Db2 OLTP instances running in the
same namespace as DSM will be auto-
discovered and monitored by DSM
IBM Cloud60
DSM Kubernetes resources (12)$ helm status dsm-01 --tlsLAST DEPLOYED Mon Sep 16 120102 2019NAMESPACE stock-trader-dataSTATUS DEPLOYED
RESOURCES==gt v1RoleBindingNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGEdsm-01-repository NodePort 1000233 ltnonegt 5000032695TCP5500032203TCP 8mdsm-01-ibm-dsm-dev NodePort 100085 ltnonegt 1108032444TCP1108130462TCP 8m
==gt v1beta1DeploymentNAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGEdsm-01-repository 1 1 1 1 8mdsm-01-ibm-dsm-dev 1 1 1 1 8m
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdsm-01-repository-76f87d47d4-dlqh4 11 Running 0 8mdsm-01-ibm-dsm-dev-b976d89bd-dflqn 22 Running 0 8m
2 RoleBindings
2 Services
1x Db2 (repodb)
1x DSM
2 Deployments
2 Pods
1 Db2 1 DSM
IBM Cloud61
DSM Kubernetes resources (22)
[hellip]==gt v1SecretNAME TYPE DATA AGEdsm-01-repository-db2-passwd Opaque 1 8mdsm-01-ibm-dsm-dev-dsm-passwd Opaque 1 8m
==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGEdsm-01-repository-data-stor Bound vol14 20Gi RWO 8mdsm-01-ibm-dsm-dev-datavolume Bound vol12 20Gi RWO 8m
==gt v1ServiceAccountNAME SECRETS AGEdsm-repodb-dsm-01-repository 1 8mdsm-dsm-01-ibm-dsm-dev 1 8m
==gt v1RoleNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
2 Secrets 1 DSM
asmin 1 Db2
instance owner
2 PVCs 1 DSM
Db2
3 Roles
IBM Cloud62
Additional Resources
IBM Cloud63
Additional Resources ndash Kubernetes Docker Helm
Kubernetes
minus httpskubernetesiodocstutorialskubernetes-basics
Kubernetes in the Enterprise eBook
minus ibmbizBdYA4i
Docker
minus httpsdocsdockercomget-started
Docker Hub
minus httpshubdockercom
Helm
minus httpshelmshdocs
IBM Cloud64
Additional Resources ndash IBM Cloud Private OpenShift
IBM Cloud Private Documentation
minus httpswwwibmcomsupportknowledgecenterenSSBS6K_320kc_welcome_containershtml
Deploy IBM Cloud Private Community Edition using Vagrant
minus httpsgithubcomIBMdeploy-ibm-cloud-privateblobmasterdocsdeploy-vagrantmd
Red Hat OpenShift Container Platform Documentation
minus httpsdocsopenshiftcomcontainer-platform41welcomeindexhtml
IBM Cloud65
Additional Resources ndash Db2 Db2Wh DSMDb2 Integration into IBM Cloud Private
minus httpsdeveloperibmcomrecipestutorialsdb2-integration-into-ibm-cloud-private
Db2 on IBM Cloud Private with Red Hat OpenShift
minus httpsdeveloperibmcomrecipestutorialsibm-db2-on-ibm-cloud-private-with-redhat-openshift
IBM Db2 Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-db2oltp-dev
IBM Data Server Manager Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-dsm-dev
Deploying Db2 Warehouse SMP using Kubernetes
minus httpswwwibmcomsupportknowledgecenterenSSCJDQcomibmswgimdashdbdocadmindeploy_kubernetes_smphtml
Deploying Db2 Warehouse SMP and MPP on IBM Cloud Pak for Data
minus httpswwwibmcomsupportknowledgecenterenSSQNUZ_210comibmicpdatadoczenadmindb-reqshtmldb-reqs__db2warehouse
IBM Cloud66
Presentation on Db2 and Docker from Db2 Aktuell 2018
IBM Cloud67
Summary
IBM Cloud68
Summary
Micro Services and Containers
Kubernetes Basics
Deploying Db2 on Kubernetes
minus Db2 OLTP Single Server
minus Db2 OLTP HADR
minus Data Server Manager (DSM)
Additional Resources
Summary
IBM Cloud69
Claus Huempel IBM Deutschland GmbH
Karl-Arnold-Platz 1a
Technical Sales Professional 40474 Duesseldorf
Hybrid Data Management Germany
Mobile +49-177-3627278
Email chuempeldeibmcom
Thank You
IBM Cloud70
IBM Cloud2
Legal Disclaimer
2
Copyright copy IBM Corporation 2019 All rights reserved
US Government Users Restricted Rights - Use duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corporation
THE INFORMATION CONTAINED IN THIS PRESENTATION IS PROVIDED FOR INFORMATIONAL PURPOSES ONLY WHILE EFFORTS WERE MADE TO
VERIFY THE COMPLETENESS AND ACCURACY OF THE INFORMATION CONTAINED IN THIS PRESENTATION IT IS PROVIDED ldquoAS ISrdquo WITHOUT
WARRANTY OF ANY KIND EXPRESS OR IMPLIED IN ADDITION THIS INFORMATION IS BASED ON CURRENT THINKING REGARDING TRENDS AND
DIRECTIONS WHICH ARE SUBJECT TO CHANGE BY IBM WITHOUT NOTICE FUNCTION DESCRIBED HEREIN MY NEVER BE DELIVERED BY IBM IBM
SHALL NOT BE RESPONSIBLE FOR ANY DAMAGES ARISING OUT OF THE USE OF OR OTHERWISE RELATED TO THIS PRESENTATION OR ANY
OTHER DOCUMENTATION NOTHING CONTAINED IN THIS PRESENTATION IS INTENDED TO NOR SHALL HAVE THE EFFECT OF CREATING ANY
WARRANTIES OR REPRESENTATIONS FROM IBM (OR ITS SUPPLIERS OR LICENSORS) OR ALTERING THE TERMS AND CONDITIONS OF ANY
AGREEMENT OR LICENSE GOVERNING THE USE OF IBM PRODUCTS ANDOR SOFTWARE
IBM the IBM logo ibmcom and Db2 are trademarks or registered trademarks of International Business Machines Corporation in the United States other
countries or both If these and other IBM trademarked terms are marked on their first occurrence in this information with a trademark symbol (reg or trade)
these symbols indicate US registered or common law trademarks owned by IBM at the time this information was published Such trademarks may also
be registered or common law trademarks in other countries A current list of IBM trademarks is available on the Web at ldquoCopyright and trademark
informationrdquo at wwwibmcomlegalcopytradeshtml
IBM Cloud3
Agenda
Micro Services and Containers
Kubernetes Basics
Deploying Db2 on Kubernetes
minus Db2 OLTP Single Server
minus Db2 OLTP HADR
minus Data Server Manager (DSM)
Additional Resources
Summary
IBM Cloud4
Micro Services amp Containers
IBM Cloud5
Technology by itself is not the business disruptor
Failing to be customer centric is the biggest business threat
The right technology for the right job is an enabler of business disruption
Netflix did not kill Blockbusterhellip ridiculous late fees and rewind fees did
Uber did not kill the taxi businesshellip limited access and fare control did
Apple did not kill the music industryhellip being forced to buy full length albums did
Airbnb isnrsquot killing the hotel industryhellip limited availability and pricing options are
IBM Cloud6
Multi-cloud is being driven by cloud native architecturesMicroservices and containers are changing IT
Portable Applications
Public Cloud
CAGR -8
Traditional IT
Private Cloud
Public
with Virtual
Private
Cloud
Public Cloud
The Compound
Annual Growth Rate
of traditional IT
continues to shrink
while public and
private cloud
continues to grow
Microservices and
containers are keys to
this transformation
CAGR 16 CAGR 30
IBM Cloud7
Microservices ndash the first key to cloud native applicationsMaking development amp deployment more efficient
Microservices benefits
bull Improves fault isolation
Larger applications can remain largely
unaffected by the failure of a single
module
bull Eliminates long-term commitment to
a single technology stack
Try out a new technology stack on an
individual service and roll it back if
required
bull Easier development
A new developer can more easily
understand the functionality of a service
bull Easier deployment
Auto provision auto scale and provide
auto-redundancy
Microservice
Data
Access
Layer
Business
Logic
DB
UIUI
Microservice
Microservice
Monolithic
ArchitectureMicroservices
Architecture
DB
Microservice
Microservice
DB
Microservice
DB
This is not a claim that a microservice-based application approach is always better for every use case scenario
IBM Cloud8
Containers ndash the second key to cloud native applicationsReducing operational and development costs
Containers virtual software in the way that virtual machines have virtualized hardware
Virtual machines vs containers
Hypervisor
Infrastructure
Guest
OS
Guest
OS
Guest
OS
BinsLibs LibsBins BinsLibs
App 1 App 2 App 3
Operating System
Infrastructure
BinsLibs BinsLibs BinsLibs
App 1 App 2 App 3
Container Engine
overhea
d
Containers can be 2 ndash 3 times more resource
efficient than virtual machines
On average Docker developers ship software 7x
more frequently
BV
IBM Cloud9
Container automation and orchestration is essentialEnter Kubernetes
Containers are revolutionizing IT
But they require orchestration
Kubernetes - κυβερνήτης
Means ldquohelmsmanrdquo or ldquopilotrdquo
IBM Cloud10
Private Clouds address the new IT realityCreated by digital transformation
Method Development Deployment Environment
Waterfall Monolithic Bare metal On-Premises
Agile Programming N-Tier Virtual Server Off-Premises
Agile DevOps Microservices Containers Cloud
Hypervisor
Infrastructure
GuestOS
GuestOS
GuestOS
BinsLibs BinsLibs BinsLibs
App 1 App 2 App 3
Operating System
Infrastructure
BinsLibs BinsLibs BinsLibs
App 1 App 2 App 3
Container Engine
Tim
e t
o v
alu
e
Perc
ep
tio
n o
f co
st
IBM Cloud11
Public Cloud + Private Cloud = Hybrid Cloud Different cloud options
Public CloudOn-Premises
Private Cloud
Hosted Private
CloudHybrid Cloud
Hardware
Deployment and
Management
Vendor Customer Vendor
Shared between
vendor and
customer
Hardware Sharing
ModelShared Dedicated Dedicated
Partially shared
and partially
dedicated
Scalability High Medium High High
Low Cost Yes Sometimes Sometimes Sometimes
Predictable Cost No Yes Yes No
Utility Billing Yes No Depends on vendor Partial
Flexibility Yes Limited Limited Yes
Customization
CapabilitiesNo Yes Depends on vendor Partial
Enhanced Security
and ComplianceNo Yes Yes Yes
Instant
ProvisioningYes Yes Yes Yes
A ldquoHybrid Cloudrdquo is a highly orchestrated environment where all sources act as one
A ldquoMulti-cloudrdquo environment simply refers to the use of multiple cloud sources of any kind without necessarily being orchestrated
IBM Cloud12
Why care about Private CloudsAdoption brings agility and efficiency
Cost Efficient amp Scalable
Infrastructure
Accelerate Time to Market
Build package amp deploy applications in
containers run at scale with Kubernetes
Refactor applications into microservices
amp modernize monolithic applications
Manage Data at Scale
Access govern amp analyze your data at
scale accelerate your journey to AI
50 Benefit
3-Year $54 Million Cost Savings 255 ROI
Business Value Assessment Customer Output
Standard On-Premises vs IBM Cloud Private
Data CenterSystem Utilization amp Server Reduction
75 BenefitManage PerformanceElasticity Bursting High Availability
35 BenefitDevOpsFaster Deployments
30 BenefitDeployment EfficiencyContainers amp Microservices
50 BenefitImproved SecurityManagement amp Risk Reduction
IBM Cloud13
Private Cloud Platform Market LeadersOpenShift and IBM Cloud Private
IBM Cloud Private
IBM Cloud14
Kubernetes Basics
IBM Cloud15
Kubernetes Basics
Kubernetes Overview
minusOpen Source Project
minus Features
minusArchitecture
Kubernetes Workloads
minus Pods and YAML
minus Controllers
Kubernetes Networking
minus Services
Kubernetes Storage
minus Volume types
minus Persistent volumes
minus Persistent volume claims
Kubernetes Security
minus Secrets
IBM Cloud Private Catalog
minusHelm Charts
minusHelm CLI
IBM Cloud16
Kubernetes ndash Open Source Project
Greek work for ldquoHelmsmanrdquo
Itrsquos Open Source - httpsgithubcomkuberneteskubernetes
Itrsquos a graduated project of Cloud Native Computing Foundation httpscncfio
Popularly known as ldquoContainer Orchestratorrdquo
It is a modern ldquoCluster Managerrdquo for automating deployment scaling and management of containerized applications
IBM Cloud17
Kubernetes ndash Features (1)
Automatic binpacking
minus Automatically places containers on nodes Mix critical and best-effort workloads in order to drive up utilization
Horizontal scaling
minus Scale application up or down with a simple command with a UI or automatically based on CPU usage
Automated rollouts and rollbacks
minus Kubernetes progressively rolls out changes to the application or its configuration while monitoring application health to ensure that it doesnrsquot kill all instances at the same time
Storage orchestration
minus Automatically mount the storage system of your choice whether from local public or SAN such as iSCSI Gluster Ceph Cinder Flocker NFS or IBM Spectrum Scale
IBM Cloud18
Kubernetes ndash Features (2)
Self-healing
minus Restart containers that fail replace and reschedules containers when nodes die kill containers that do not respond to user defined health checks
Service discovery and load balancing
minus No need to modify the application to use an unfamiliar service discovery mechanism Kubernetes gives containers their own IP addresses and a single DNS name for a set of containers
Secret and configuration management
minus Deploy and update secrets and application configuration without rebuilding your image and without exposing secrets in your stack configuration
Batch Execution
minus In addition to services Kubernetes can manage your batch and CI workloads replacing containers that fail if desired
IBM Cloud19
Kubernetes Architecture
Kubernetes Cluster
Kubelet
Worker NodeKubelet
Worker NodeKubelet
Worker Node
Master Node
API Server
Scheduler ControllerDistributed etcd
key-value datastore
Image Registry
Container -
1Container -
2Container -
3Container -
4Container -
5Container -
6Container -
7Container -
8Container -
n
Kubernetes REST API
Command
LineWeb UI
IBM Cloud20
Kubernetes WorkloadsPod ndash the basic building block for Kubernetes
Smallest and simplest unit in Kubernetes object model
Pod encapsulates an application container (or multiple containers) storage resources a unique network IP and options that govern how the container should run
Pod is a unit of deployment
Pod runs one or more containers as a unit
Docker is the container runtime used in IBM Cloud Private
One-container-per-pod model is most common use case
Kubernetes manages the pod rather than containers directly
Pods can run multiple containers that need to work together and toshare resources
Pods are designed as relatively ephemeral disposable entities
Pods do not self-heal by themselves ndash a higher level abstractiondoes this
IBM Cloud21
Kubernetes ConfigurationsCreate YAML for creating resources on KubernetesYAML ndash Yet Another Markup Language or YAML Ainrsquot Markup Language
Types of structures required in Kubernetes
minus Maps
minus Lists
YAML Maps - let you associate name value pair For example---apiVersion v1kind pod
YAML Maps ndash Create a key that maps to another map---apiVersion v1kind podmetadata
name db2labels
app db2
IBM Cloud22
Kubernetes Configurations ndash Create YAML (continued)YAML Lists are literally a sequence of objects Members in the list can also be maps
---apiVersion v1kind podmetadata
name db2labels
app db2spec
containers- name front-endimage nginxports
- containerPort 80- name db2-oltpimage storeibmcorpdb2_developer_c11144ports
- containerPort 50000
A YAML manifest has four components to define a Kubernetes resourcebull apiVersionbull kindbull metadatabull spec
IBM Cloud23
Kubernetes Workloads ndash Create a Pod
Create a nginx pod ndash icp01yaml--- Simple yaml file to create an nginx podapiVersion v1kind Podmetadata
name nginxlabels
app nginxspec
containers- name nginx
image nginx179ports- containerPort 80
Create the pod
$ kubectl apply -f icp01yaml
podnginx created
Check pod status
$ kubectl get pods
NAME READY STATUS RESTARTS AGE
nginx 11 Running 0 13s
IBM Cloud24
Kubernetes Workloads - ControllersControllers can create and manage pods for you
ReplicaSet
minus A ReplicaSet ensures that a specified number of pod replicas are running at any given time
Deployments
minus Deployment is a higher-level concept that manages ReplicaSets and provides declarative updates to pods
minus Example Create a deployment to rollout a ReplicaSet
StatefulSets
minus StatefulSets represent a set of pods with unique persistent identities and stable hostnames that are maintained regardless where they are scheduled
minus Examples Db2 Redis IBM MQ
DaemonSets
minus A DaemonSet ensures that nodes (all or some) run a copy of pod As nodes are added pods are added to them
minus Example Cluster storage daemon such as glusterd ceph logs collection on each node
Jobs CronJobs
minus A job creates one or more pods and ensures that a specified number of them successfully terminate
IBM Cloud25
Kubernetes Network - Services
Without services Pods are not visible outside the cluster
To enable communication from outside world to the Pods services are created
Internal Service Endpoints ndash Available inside the cluster only
External Service Endpoints - DNS names C-Names or A-records available to access pods
With the help of labels and selectors the services are tied to the pods
Service Types
minus ClusterIP ndash Service is reachable only from inside of the cluster
minus NodePort ndash Service is reachable through NodeIPNodePort
minus LoadBalancer ndash Service is reachable through an external load balancer mapped to NodeIPNodePort address
IBM Cloud26
Kubernetes Storage ndash Volume types
Host-based
minus EmptyDir
minus HostPath
Block Storage
minus IBM Block Storage
minus Amazon EBS
minus GCE Persistent Disk
minus vSphere Volumes
Distributed File System
minus IBM Spectrum Scale
minus NFS
minus Ceph
minus GlusterFS
minus Amazon EFS
minus Azure File System
Other
minus Flocker
minus iSCSI
minus Git Repository
minus Quobyte
IBM Cloud27
Kubernetes Storage ndash Persistence in Pods
Pods are ephemeral and stateless
Applications need persistent storage
Volumes is a way to get persistence to a Pod
Kubernetes volumes are similar to Docker volumes but are managed differently
All containers in a Pod can access the volume
Volumes are associated with the lifecycle of a Pod
Directories in a host are exposed as volumes in Pod
Volumes may be based on a variety of back-end storage types
IBM Cloud28
Kubernetes StoragePersistent volume and persistent volume claim
The Kubernetes Volume abstraction provides
minusPersistent Volume (PV) ndash Provisioned by an administrator
minusPersistent Volume Claim (PVC) ndash Requested by an user and Heketi provisions PVC ndash which creates a PV
minus Storage Class (SC) ndash Storage profiles offered by admins
Persistent
Volume
Block Storage Distributed File System IBM
Spectrum Scale
Worker Node
Pod 1 Pod 1
Persistent
Volume
Claim
IBM Cloud29
Kubernetes SecretsDecouple container with sensitive information
Secret holds sensitive information such as password OAuth tokens and more
Secret is an abstraction to decouple sensitive data
To use a secret Pod needs to reference the secret
Secret can be used in a Pod as files in a volume mounted on one or more containers or used by kubelet when pulling images for the Pod
$ kubectl -n stocktrader
create secret generic db2
--from-literal=id=db2psc
--from-literal=pwd=password
--from-literal=host=dev-ibm-db2oltp-devdefaultsvcclusterlocal
--from-literal=port=50000
--from-literal=db=PSDB
IBM Cloud30
IBM Cloud Private catalog ndash Helm Charts
Db2 chart
DSM chart
IBM Cloud31
IBM Cloud Private catalog ndash What is a Helm Chart
Helm is the package manager in IBM Cloud Private
Tiller is the server that serves the Helm content
Helm charts help to define install and upgrade software in an automated fashion
Helm charts can be deployed using GUI or command line
Software packages are available from IBM Charts Repository
Available at httpsgithubcomIBMcharts
IBM Cloud Private catalog requires internet connectivity to show available charts
In an air-gap environment you can build your own Local Charts repository
IBM Cloud32
IBM Charts Repository httpsgithubcomIBMchartstreemasterstable
Db2 chart
DSM chart
IBM Cloud33
Helm command line ndash Helm and Tiller
Helm is the client and Tiller is the server ndash runs on master node
$ helm version
Client v272+icp
Error cannot connect to Tiller
Use of --tls is required to do Helm operations
$ helm version --tls
Client v272+icp
Server v272+icp
Helm and Tiller version must be same ndash do not download Helm from Internet
IBM Cloud34
Deploying Db2 on Kubernetes
IBM Cloud35
Db2-based Containers running on Kubernetes (Sep 2019)Product Version Worker
Nodes
Pods PVCs Comments
Db2 OLTP 11144 1 1 1
Db2 OLTP HADR 11144 3 5 6 1x Db2 primary 1x Db2 standby 3x etcd for cluster
manager addntl PVC for HADR setup
Data Server
Manager
215 1 2 2 1x DSM 1x Db2 repository database
Includes Db2 111 engine
Db2 Warehouse
SMP
3100 1 1 1 Includes Db2 111 engine
Db2 Warehouse
MPP
3100 3+ 3+ 1 Includes Db2 111 engine
Requires IBM Cloud Pak for Data
Coming soon
minus Red Hat OpenShift Kubernetes support
minus Db2 v115 engine
IBM Cloud36
IBM Cloud Private Kubernetes platform
IBM Cloud37
Before deploying Db2 OLTP to Kubernetes a couple of stepsneed to be performed
Creating a new namespace (optional)
Configuring a pod security policy
Configuring an image pull secret
Configuring the service account
IBM Cloud38
Creating the Namespace for the Db2 OLTP containers
We will create new namespace where all our Pods for Db2 OLTP Db2 OLTP HADR and Data Server Manager will run
Create the namespace for example stock-trader-data
$ kubectl create namespace stock-trader-data
namespacestock-trader-data created
Switch the context to the newly created namespace
$ kubectl config set-context $(kubectl config current-context)
--namespace=stock-trader-data
Context mycluster-context modified
Verify pods There should be no pods running as we just created the namespace$ kubectl get podsNo resources found
IBM Cloud39
Configuring Pod Security Policy for Db2$ cat pre01yamlapiVersion extensionsv1beta1kind PodSecurityPolicymetadata
name db2-privilegesspec
allowPrivilegeEscalation trueprivileged falseallowedCapabilities- SETPCAP- MKNOD- AUDIT_WRITE- CHOWN- NET_RAW- DAC_OVERRIDE- FOWNER- FSETID- KILL- SETGID- SETUID- NET_BIND_SERVICE- SYS_CHROOT- SETFCAP- SYS_RESOURCE- IPC_OWNER- SYS_NICEfsGroup
rule RunAsAnyhostIPC true
hostNetwork falsehostPID falsehostPorts- max 65535
min 1runAsUser
rule RunAsAnyseLinux
rule RunAsAnysupplementalGroups
rule RunAsAnyvolumes-
Configure the pod security policy$ kubectl apply -f pre01yamlpodsecuritypolicyextensionsdb2-privileges configured
Verify the results$ kubectl get psp
db2-privileges false SETPCAPMKNODAUDIT_WRITECHOWNNET_RAWDAC_OVERRIDEFOWNERFSETIDKILLSETGIDSETUIDNET_BIND_SERVICESYS_CHROOTSETFCAPSYS_RESOURCEIPC_OWNERSYS_NICE RunAsAny RunAsAny RunAsAny RunAsAnyfalse
IBM Cloud40
Configuring Image Pull Secret for Db2
We need to create a image pull secret to give Kubernetes the credentials to pull the Db2 Developer-C and DSM images from Docker Hub
The username password and email are the credentials form Docker Hub
Note that you need to subscribe the Db2 and DSM images in Docker Hub first
Configure the image pull secret$ kubectl create secret docker-registry dockerhub
--docker-username=ltyour dockerhub usernamegt--docker-password=ltyour dockerhub passwordgt--docker-email=ltyour dockerhub emailgt--namespace=ltyour namespacegt
secretdockerhub created
Verify the result$ kubectl get secretsNAME TYPE DATA AGEdefault-token-mwvpl kubernetesioservice-account-token 3 17ddockerhub kubernetesiodockerconfigjson 1 13m
IBM Cloud41
Configuring Service Account for Db2$ more pre04yaml---kind ClusterRoleapiVersion rbacauthorizationk8siov1metadataname db2-privileges-cluster-role
rules- apiGroups [extensions]resources [podsecuritypolicies]verbs [use]resourceNames- db2-privileges
---kind ClusterRoleBindingapiVersion rbacauthorizationk8siov1metadataname db2-privileges-cluster-role-binding
roleRefkind ClusterRolename db2-privileges-cluster-roleapiGroup rbacauthorizationk8sio
subjects- kind ServiceAccountname defaultnamespace stock-trader-data
The YAML specification file that defines the cluster role and the cluster role binding for the service account
Configure the service account$ kubectl apply -f pre04yamlclusterrolerbacauthorizationk8siodb2-privileges-cluster-role createdclusterrolebindingrbacauthorizationk8siodb2-privileges-cluster-role-binding created
Verify the results$ kubectl get psp
db2-privileges false SETPCAPMKNODAUDIT_WRITECHOWNNET_RAWDAC_OVERRIDEFOWNERFSETIDKILLSETGIDSETUIDNET_BIND_SERVICESYS_CHROOTSETFCAPSYS_RESOURCEIPC_OWNERSYS_NICE RunAsAny RunAsAny RunAsAnyRunAsAny false
IBM Cloud42
Helm Charts for Db2 and DSM
IBM Cloud43
Helm install command to deploy Db2 OLTP on Kubernetes
Installing Db2 OLTP server with one database in 2 minutes
$ helm install --name db2-01 ibm-chartsibm-db2oltp-dev
--tls
--set db2instinstname=db2inst1
--set db2instpassword=passw0rd
--set optionsdatabaseName=MYDB
--set dataVolumesize=20Gi
Size of the
Db2 data
volume
Name of database that
will be created
If not specified no
database will be
created
Instance
owner name
Instance owner
password
Db2 OLTP
Helm chart
name
Helm release
name
different for each
deployment
Additional parameters available for example to enable Oracle compatibilitySee httpsgithubcomIBMchartstreemasterstableibm-db2oltp-dev
IBM Cloud44
Letrsquos verify if we can connect to the MYDB database (1)
Get list of running pods and verify that Db2 OLTP pod is running
$ kubectl get podsNAME READY STATUS RESTARTS AGEdb2-01-ibm-db2oltp-dev-0 11 Running 1 7h57m
Review the logs of the Db2 OLTP container
$ kubectl logs -f db2-01-ibm-db2oltp-dev-009152019 160430 0 0 SQL1063N DB2START processing was successfulSQL1063N DB2START processing was successful() Starting TEXT SEARCH service CIE00001 Operation completed successfullyssh-keygen generating new host keys RSA1 RSA DSA ECDSA ED25519() All databases are now active() Setup has completed
IBM Cloud45
Letrsquos verify if we can connect to the MYDB database (2)
Login to the Db2 OLTP container and connect to MYDB Db2 database
$ kubectl exec -it db2-01-ibm-db2oltp-dev-0 --binbash su - db2inst1Last login Sun Sep 15 161711 UTC 2019$ db2 connect to MYDB
Database Connection Information
Database server = DB2LINUXX8664 11144SQL authorization ID = DB2INST1Local database alias = MYDB
IBM Cloud46
Cataloging the MYDB database
We need to catalog the MYDB database to access from Db2 client
binbash
NODE_PORT=$(kubectl get --namespace stock-trader-data
-o jsonpath=specports[0]nodePort services db2-01-ibm-db2oltp-dev-db2)
echo Cataloging node db2tcp1
db2 -v uncatalog node DB2TCP1
db2 -v catalog tcpip node DB2TCP1 remote 19216827100 server $NODE_PORT
echo Cataloging database MYDB at node db2tcp1
db2 -v uncatalog database MYDB
db2 -v catalog database MYDB at node DB2TCP1
db2 terminate
We get the Db2 port
from the Db2 OLTP
helm release service
definition
IBM Cloud47
Kubernetes resources for Db2 OLTP$ helm status db2-01 --tlsNAME db2-01LAST DEPLOYED Sun Sep 15 081114 2019NAMESPACE stock-trader-dataSTATUS DEPLOYEDRESOURCES==gt v1SecretNAME TYPE DATA AGEdb2-01-ibm-db2oltp-dev Opaque 1 1s==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
db2-01-data-stor Bound vol12 20Gi RWO 1s
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
db2-01-ibm-db2oltp-dev-db2 NodePort 100050 ltnonegt 5000030463TCP5500032236TCP 1sdb2-01-ibm-db2oltp-dev ClusterIP None ltnonegt 50000TCP55000TCP60006TCP60007TCP 1s==gt v1StatefulSetNAME DESIRED CURRENT AGE
db2-01-ibm-db2oltp-dev 1 1 1s
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdb2-01-ibm-db2oltp-dev-0 01 Init01 0 1s 1 Pod runs
the Db2
container
2 Services for
Db2 1x external
1x internal
1 StatefulSet
DESIRED = 1
1 PVC (RWO) for db
files logs amp config
1 Secret
Db2 instance
owner password
IBM Cloud48
Helm install command for deploying Db2 OLTP HADR
Setting up a Db2 OLTP v111 HADR cluster pair in 5 minutes with 1 command
helm install --name db2-02 ibm-chartsibm-db2oltp-dev
--tls
--set db2instinstname=db2inst1
--set db2instpassword=passw0rd
--set optionsdatabaseName=HADB
--set dataVolumesize=20Gi--set hadrenabled=true
Additional parameter
hadrenabled set to true to
indicate that we want a
HADR setup
IBM Cloud49
Verify that Db2 HADR is working
IBM Cloud50
Kubernetes resources for Db2 OTLP HADRNAME db2-02LAST DEPLOYED Tue Sep 17 082433 2019NAMESPACE stock-trader-dataSTATUS DEPLOYEDRESOURCES==gt v1SecretNAME TYPE DATA AGEdb2-02-ibm-db2oltp-dev Opaque 1 1s==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
db2-02-hadr-stor Bound vol09 20Gi RWX 1s
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
db2-02-ibm-db2oltp-dev-db2 NodePort 100061 ltnonegt 5000032422TCP5500032181TCP 1sdb2-02-ibm-db2oltp-dev ClusterIP None ltnonegt 50000TCP55000TCP60006TCP60007TCP 1sdb2-02-ibm-db2oltp-dev-etcd ClusterIP None ltnonegt 2380TCP2379TCP 1s==gt v1StatefulSetNAME DESIRED CURRENT AGE
db2-02-ibm-db2oltp-dev 2 2 1s
==gt v1beta2StatefulSet
db2-02-ibm-db2oltp-dev-etcd 3 0 1s
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdb2-02-ibm-db2oltp-dev-0 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-1 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-etcd-0 01 ContainerCreating 0 1sdb2-02-ibm-db2oltp-dev-etcd-1 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-etcd-2 01 Pending 0 1s
5 Pods
2x Db2 3x etcd
3 Services
2x Db2 1x etcd
2 StatefulSets
Db2 DESIRED=2
etcd DESIRED=3
1 PVC (RWX)
for HADR setup (1)
1 Secret
Db2 instance
owner password
(1) 5 addntl PVCs are being created
implicitly for 2x Db2 and 3x etcd
IBM Cloud51
Kubernetes Job to deploy SQL $ cat single04yamlapiVersion batchv1kind Jobmetadata
name db2-01-create-database-schemaspec
templatespec
containers- name db2-01-create-database-schema
image storeibmcorpdb2_developer_c11144-x86_64command [ binsh-cscriptsdb2-setupsh ]volumeMounts- name db2-createschema
mountPath scriptssecurityContext
capabilitiesadd [SYS_RESOURCE IPC_OWNER SYS_NICE]
env- name LICENSE
value accept- name DB2INSTANCE
value db2inst1- name DB2INST1_PASSWORD
valueFromsecretKeyRef
name db2-01-ibm-db2oltp-devkey password
- name DB2_SERVICE_NAMEvalue db2-01-ibm-db2oltp-dev
- name DBNAMEvalue mydb
restartPolicy Nevervolumes- name db2-createschema
configMapname db2-createschemadefaultMode 0744
backoffLimit 1---apiVersion v1data
db2-setupsh |binshexport SETUPDIR=vardb2_setupsource $SETUPDIRincludedb2_constantssource $SETUPDIRincludedb2_common_functionsif getent passwd $DB2INSTANCE gt devnull 2gtamp1 then
echo () Previous setup has not been detected Creating create_users
fiif create_instance then
exit 1fistart_db2cp scriptsdb2-createschemash databasedb2-createschemashchmod +x databasedb2-createschemashsu - $DB2INSTANCE -c databasedb2-createschemash
$DB2_SERVICE_NAME $DB2INSTANCEldquo$DB2INST1_PASSWORD $DBNAME
IBM Cloud52
Kubernetes Job to deploy SQL (contrsquod)db2-createschemash |
binshDB2_SERVICE_NAME=$1DB2INSTANCE=$2DB2INST1_PASSWORD=$3DBNAME=$4echo Configure schema for database $DBNAME on host $DB2_SERVICE_NAMEdb2 catalog tcpip node DB2NODE remote $DB2_SERVICE_NAME server 50000db2 catalog db $DBNAME as $DBNAME at node DB2NODEdb2 terminatedb2 activate database $DBNAME user $DB2INSTANCE using $DB2INST1_PASSWORDdb2 connect to $DBNAME user $DB2INSTANCE using $DB2INST1_PASSWORDsleep 2db2 -tvmf scriptsps-bp-tbspsqlsleep 10db2 -tvmf scriptsps-tablessqlecho Database $DBNAME has been configured
ps-bp-tbspsql |CREATE BUFFERPOOL BP32K PAGESIZE 32KCREATE TABLESPACE TS32 PAGESIZE 32K BUFFERPOOL BP32K
ps-tablessql |CREATE TABLE PS_TABLE(PS_TABLE_ID INTEGER NOT NULL GENERATED ALWAYS AS IDENTITY (START WITH 100000 INCREMENT BY 5) [hellip] IN TS32INSERT INTO PS_TABLE (SSNFIRST_NAMELAST_NAMEJOB_CODEDEPTSALARYDOB) WITH TEMP1 [hellip] CREATE TABLE PS_HISTORY ( FIRSTNAME VARCHAR(20) NOT NULL LASTNAME VARCHAR(20) NOT NULL JOBCODE CHAR(4) NOT NULL ) IN TS32 GRANT ALL ON ps_table TO PUBLICGRANT ALL ON ps_history TO PUBLIC
kind ConfigMapmetadata
name db2-createschema
IBM Cloud53
Deploying the Job to run the SQL
We deploy the Kubernetes job that runs the SQL on the MYDB database
$ kubectl apply ndashf single04yaml
jobbatchdb2-01-create-database-schema created
configmapdb2-createschema configured
We verify that the job has been created
$ kubectl get jobs
NAME COMPLETIONS DURATION AGE
db2-01-create-database-schema 01 0s 0s
Eventually the job completes
$ kubectl get jobs
NAME COMPLETIONS DURATION AGE
db2-01-create-database-schema 11 109s 45m
IBM Cloud54
Verifying the logs from the Job that runs the SQL on MYDBWe run a script to retrieve the logs form the job
binbash
kubectl config set-context $(kubectl config current-context) --namespace=stock-trader-data
pod=$(kubectl get pods --selector=job-name=db2-01-create-database-schema --output=jsonpath=items[]metadataname)
kubectl logs -f $pod
Output
[hellip]
DB20000I The SQL command completed successfully
GRANT ALL ON ps_table TO PUBLIC
DB20000I The SQL command completed successfully
GRANT ALL ON ps_history TO PUBLIC
DB20000I The SQL command completed successfully
Database mydb has been configured
IBM Cloud55
Deploying Data Server Manager (DSM) with the GUI
IBM Cloud56
Deploying Data Server Manager (DSM) with the GUI (2)
IBM Cloud57
Getting the URL of Data Server Manager
We need to query Kubernetes for the URL of the DSM GUI
binbash
export NODE_PORT=$(kubectl get --namespace stock-trader-data -o jsonpath=spec
ports[1]nodePort services dsm-01-ibm-dsm-dev)
export NODE_IP=$(kubectl get nodes --namespace stock-trader-data -o jsonpath=
items[0]statusaddresses[0]address)
echo https$NODE_IP$NODE_PORT
=gt https1921682710030462 (can be different on your system)
IBM Cloud58
Accessing Data Server Manager
IBM Cloud59
Data Server Manager HomepageAll Db2 OLTP instances running in the
same namespace as DSM will be auto-
discovered and monitored by DSM
IBM Cloud60
DSM Kubernetes resources (12)$ helm status dsm-01 --tlsLAST DEPLOYED Mon Sep 16 120102 2019NAMESPACE stock-trader-dataSTATUS DEPLOYED
RESOURCES==gt v1RoleBindingNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGEdsm-01-repository NodePort 1000233 ltnonegt 5000032695TCP5500032203TCP 8mdsm-01-ibm-dsm-dev NodePort 100085 ltnonegt 1108032444TCP1108130462TCP 8m
==gt v1beta1DeploymentNAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGEdsm-01-repository 1 1 1 1 8mdsm-01-ibm-dsm-dev 1 1 1 1 8m
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdsm-01-repository-76f87d47d4-dlqh4 11 Running 0 8mdsm-01-ibm-dsm-dev-b976d89bd-dflqn 22 Running 0 8m
2 RoleBindings
2 Services
1x Db2 (repodb)
1x DSM
2 Deployments
2 Pods
1 Db2 1 DSM
IBM Cloud61
DSM Kubernetes resources (22)
[hellip]==gt v1SecretNAME TYPE DATA AGEdsm-01-repository-db2-passwd Opaque 1 8mdsm-01-ibm-dsm-dev-dsm-passwd Opaque 1 8m
==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGEdsm-01-repository-data-stor Bound vol14 20Gi RWO 8mdsm-01-ibm-dsm-dev-datavolume Bound vol12 20Gi RWO 8m
==gt v1ServiceAccountNAME SECRETS AGEdsm-repodb-dsm-01-repository 1 8mdsm-dsm-01-ibm-dsm-dev 1 8m
==gt v1RoleNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
2 Secrets 1 DSM
asmin 1 Db2
instance owner
2 PVCs 1 DSM
Db2
3 Roles
IBM Cloud62
Additional Resources
IBM Cloud63
Additional Resources ndash Kubernetes Docker Helm
Kubernetes
minus httpskubernetesiodocstutorialskubernetes-basics
Kubernetes in the Enterprise eBook
minus ibmbizBdYA4i
Docker
minus httpsdocsdockercomget-started
Docker Hub
minus httpshubdockercom
Helm
minus httpshelmshdocs
IBM Cloud64
Additional Resources ndash IBM Cloud Private OpenShift
IBM Cloud Private Documentation
minus httpswwwibmcomsupportknowledgecenterenSSBS6K_320kc_welcome_containershtml
Deploy IBM Cloud Private Community Edition using Vagrant
minus httpsgithubcomIBMdeploy-ibm-cloud-privateblobmasterdocsdeploy-vagrantmd
Red Hat OpenShift Container Platform Documentation
minus httpsdocsopenshiftcomcontainer-platform41welcomeindexhtml
IBM Cloud65
Additional Resources ndash Db2 Db2Wh DSMDb2 Integration into IBM Cloud Private
minus httpsdeveloperibmcomrecipestutorialsdb2-integration-into-ibm-cloud-private
Db2 on IBM Cloud Private with Red Hat OpenShift
minus httpsdeveloperibmcomrecipestutorialsibm-db2-on-ibm-cloud-private-with-redhat-openshift
IBM Db2 Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-db2oltp-dev
IBM Data Server Manager Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-dsm-dev
Deploying Db2 Warehouse SMP using Kubernetes
minus httpswwwibmcomsupportknowledgecenterenSSCJDQcomibmswgimdashdbdocadmindeploy_kubernetes_smphtml
Deploying Db2 Warehouse SMP and MPP on IBM Cloud Pak for Data
minus httpswwwibmcomsupportknowledgecenterenSSQNUZ_210comibmicpdatadoczenadmindb-reqshtmldb-reqs__db2warehouse
IBM Cloud66
Presentation on Db2 and Docker from Db2 Aktuell 2018
IBM Cloud67
Summary
IBM Cloud68
Summary
Micro Services and Containers
Kubernetes Basics
Deploying Db2 on Kubernetes
minus Db2 OLTP Single Server
minus Db2 OLTP HADR
minus Data Server Manager (DSM)
Additional Resources
Summary
IBM Cloud69
Claus Huempel IBM Deutschland GmbH
Karl-Arnold-Platz 1a
Technical Sales Professional 40474 Duesseldorf
Hybrid Data Management Germany
Mobile +49-177-3627278
Email chuempeldeibmcom
Thank You
IBM Cloud70
IBM Cloud3
Agenda
Micro Services and Containers
Kubernetes Basics
Deploying Db2 on Kubernetes
minus Db2 OLTP Single Server
minus Db2 OLTP HADR
minus Data Server Manager (DSM)
Additional Resources
Summary
IBM Cloud4
Micro Services amp Containers
IBM Cloud5
Technology by itself is not the business disruptor
Failing to be customer centric is the biggest business threat
The right technology for the right job is an enabler of business disruption
Netflix did not kill Blockbusterhellip ridiculous late fees and rewind fees did
Uber did not kill the taxi businesshellip limited access and fare control did
Apple did not kill the music industryhellip being forced to buy full length albums did
Airbnb isnrsquot killing the hotel industryhellip limited availability and pricing options are
IBM Cloud6
Multi-cloud is being driven by cloud native architecturesMicroservices and containers are changing IT
Portable Applications
Public Cloud
CAGR -8
Traditional IT
Private Cloud
Public
with Virtual
Private
Cloud
Public Cloud
The Compound
Annual Growth Rate
of traditional IT
continues to shrink
while public and
private cloud
continues to grow
Microservices and
containers are keys to
this transformation
CAGR 16 CAGR 30
IBM Cloud7
Microservices ndash the first key to cloud native applicationsMaking development amp deployment more efficient
Microservices benefits
bull Improves fault isolation
Larger applications can remain largely
unaffected by the failure of a single
module
bull Eliminates long-term commitment to
a single technology stack
Try out a new technology stack on an
individual service and roll it back if
required
bull Easier development
A new developer can more easily
understand the functionality of a service
bull Easier deployment
Auto provision auto scale and provide
auto-redundancy
Microservice
Data
Access
Layer
Business
Logic
DB
UIUI
Microservice
Microservice
Monolithic
ArchitectureMicroservices
Architecture
DB
Microservice
Microservice
DB
Microservice
DB
This is not a claim that a microservice-based application approach is always better for every use case scenario
IBM Cloud8
Containers ndash the second key to cloud native applicationsReducing operational and development costs
Containers virtual software in the way that virtual machines have virtualized hardware
Virtual machines vs containers
Hypervisor
Infrastructure
Guest
OS
Guest
OS
Guest
OS
BinsLibs LibsBins BinsLibs
App 1 App 2 App 3
Operating System
Infrastructure
BinsLibs BinsLibs BinsLibs
App 1 App 2 App 3
Container Engine
overhea
d
Containers can be 2 ndash 3 times more resource
efficient than virtual machines
On average Docker developers ship software 7x
more frequently
BV
IBM Cloud9
Container automation and orchestration is essentialEnter Kubernetes
Containers are revolutionizing IT
But they require orchestration
Kubernetes - κυβερνήτης
Means ldquohelmsmanrdquo or ldquopilotrdquo
IBM Cloud10
Private Clouds address the new IT realityCreated by digital transformation
Method Development Deployment Environment
Waterfall Monolithic Bare metal On-Premises
Agile Programming N-Tier Virtual Server Off-Premises
Agile DevOps Microservices Containers Cloud
Hypervisor
Infrastructure
GuestOS
GuestOS
GuestOS
BinsLibs BinsLibs BinsLibs
App 1 App 2 App 3
Operating System
Infrastructure
BinsLibs BinsLibs BinsLibs
App 1 App 2 App 3
Container Engine
Tim
e t
o v
alu
e
Perc
ep
tio
n o
f co
st
IBM Cloud11
Public Cloud + Private Cloud = Hybrid Cloud Different cloud options
Public CloudOn-Premises
Private Cloud
Hosted Private
CloudHybrid Cloud
Hardware
Deployment and
Management
Vendor Customer Vendor
Shared between
vendor and
customer
Hardware Sharing
ModelShared Dedicated Dedicated
Partially shared
and partially
dedicated
Scalability High Medium High High
Low Cost Yes Sometimes Sometimes Sometimes
Predictable Cost No Yes Yes No
Utility Billing Yes No Depends on vendor Partial
Flexibility Yes Limited Limited Yes
Customization
CapabilitiesNo Yes Depends on vendor Partial
Enhanced Security
and ComplianceNo Yes Yes Yes
Instant
ProvisioningYes Yes Yes Yes
A ldquoHybrid Cloudrdquo is a highly orchestrated environment where all sources act as one
A ldquoMulti-cloudrdquo environment simply refers to the use of multiple cloud sources of any kind without necessarily being orchestrated
IBM Cloud12
Why care about Private CloudsAdoption brings agility and efficiency
Cost Efficient amp Scalable
Infrastructure
Accelerate Time to Market
Build package amp deploy applications in
containers run at scale with Kubernetes
Refactor applications into microservices
amp modernize monolithic applications
Manage Data at Scale
Access govern amp analyze your data at
scale accelerate your journey to AI
50 Benefit
3-Year $54 Million Cost Savings 255 ROI
Business Value Assessment Customer Output
Standard On-Premises vs IBM Cloud Private
Data CenterSystem Utilization amp Server Reduction
75 BenefitManage PerformanceElasticity Bursting High Availability
35 BenefitDevOpsFaster Deployments
30 BenefitDeployment EfficiencyContainers amp Microservices
50 BenefitImproved SecurityManagement amp Risk Reduction
IBM Cloud13
Private Cloud Platform Market LeadersOpenShift and IBM Cloud Private
IBM Cloud Private
IBM Cloud14
Kubernetes Basics
IBM Cloud15
Kubernetes Basics
Kubernetes Overview
minusOpen Source Project
minus Features
minusArchitecture
Kubernetes Workloads
minus Pods and YAML
minus Controllers
Kubernetes Networking
minus Services
Kubernetes Storage
minus Volume types
minus Persistent volumes
minus Persistent volume claims
Kubernetes Security
minus Secrets
IBM Cloud Private Catalog
minusHelm Charts
minusHelm CLI
IBM Cloud16
Kubernetes ndash Open Source Project
Greek work for ldquoHelmsmanrdquo
Itrsquos Open Source - httpsgithubcomkuberneteskubernetes
Itrsquos a graduated project of Cloud Native Computing Foundation httpscncfio
Popularly known as ldquoContainer Orchestratorrdquo
It is a modern ldquoCluster Managerrdquo for automating deployment scaling and management of containerized applications
IBM Cloud17
Kubernetes ndash Features (1)
Automatic binpacking
minus Automatically places containers on nodes Mix critical and best-effort workloads in order to drive up utilization
Horizontal scaling
minus Scale application up or down with a simple command with a UI or automatically based on CPU usage
Automated rollouts and rollbacks
minus Kubernetes progressively rolls out changes to the application or its configuration while monitoring application health to ensure that it doesnrsquot kill all instances at the same time
Storage orchestration
minus Automatically mount the storage system of your choice whether from local public or SAN such as iSCSI Gluster Ceph Cinder Flocker NFS or IBM Spectrum Scale
IBM Cloud18
Kubernetes ndash Features (2)
Self-healing
minus Restart containers that fail replace and reschedules containers when nodes die kill containers that do not respond to user defined health checks
Service discovery and load balancing
minus No need to modify the application to use an unfamiliar service discovery mechanism Kubernetes gives containers their own IP addresses and a single DNS name for a set of containers
Secret and configuration management
minus Deploy and update secrets and application configuration without rebuilding your image and without exposing secrets in your stack configuration
Batch Execution
minus In addition to services Kubernetes can manage your batch and CI workloads replacing containers that fail if desired
IBM Cloud19
Kubernetes Architecture
Kubernetes Cluster
Kubelet
Worker NodeKubelet
Worker NodeKubelet
Worker Node
Master Node
API Server
Scheduler ControllerDistributed etcd
key-value datastore
Image Registry
Container -
1Container -
2Container -
3Container -
4Container -
5Container -
6Container -
7Container -
8Container -
n
Kubernetes REST API
Command
LineWeb UI
IBM Cloud20
Kubernetes WorkloadsPod ndash the basic building block for Kubernetes
Smallest and simplest unit in Kubernetes object model
Pod encapsulates an application container (or multiple containers) storage resources a unique network IP and options that govern how the container should run
Pod is a unit of deployment
Pod runs one or more containers as a unit
Docker is the container runtime used in IBM Cloud Private
One-container-per-pod model is most common use case
Kubernetes manages the pod rather than containers directly
Pods can run multiple containers that need to work together and toshare resources
Pods are designed as relatively ephemeral disposable entities
Pods do not self-heal by themselves ndash a higher level abstractiondoes this
IBM Cloud21
Kubernetes ConfigurationsCreate YAML for creating resources on KubernetesYAML ndash Yet Another Markup Language or YAML Ainrsquot Markup Language
Types of structures required in Kubernetes
minus Maps
minus Lists
YAML Maps - let you associate name value pair For example---apiVersion v1kind pod
YAML Maps ndash Create a key that maps to another map---apiVersion v1kind podmetadata
name db2labels
app db2
IBM Cloud22
Kubernetes Configurations ndash Create YAML (continued)YAML Lists are literally a sequence of objects Members in the list can also be maps
---apiVersion v1kind podmetadata
name db2labels
app db2spec
containers- name front-endimage nginxports
- containerPort 80- name db2-oltpimage storeibmcorpdb2_developer_c11144ports
- containerPort 50000
A YAML manifest has four components to define a Kubernetes resourcebull apiVersionbull kindbull metadatabull spec
IBM Cloud23
Kubernetes Workloads ndash Create a Pod
Create a nginx pod ndash icp01yaml--- Simple yaml file to create an nginx podapiVersion v1kind Podmetadata
name nginxlabels
app nginxspec
containers- name nginx
image nginx179ports- containerPort 80
Create the pod
$ kubectl apply -f icp01yaml
podnginx created
Check pod status
$ kubectl get pods
NAME READY STATUS RESTARTS AGE
nginx 11 Running 0 13s
IBM Cloud24
Kubernetes Workloads - ControllersControllers can create and manage pods for you
ReplicaSet
minus A ReplicaSet ensures that a specified number of pod replicas are running at any given time
Deployments
minus Deployment is a higher-level concept that manages ReplicaSets and provides declarative updates to pods
minus Example Create a deployment to rollout a ReplicaSet
StatefulSets
minus StatefulSets represent a set of pods with unique persistent identities and stable hostnames that are maintained regardless where they are scheduled
minus Examples Db2 Redis IBM MQ
DaemonSets
minus A DaemonSet ensures that nodes (all or some) run a copy of pod As nodes are added pods are added to them
minus Example Cluster storage daemon such as glusterd ceph logs collection on each node
Jobs CronJobs
minus A job creates one or more pods and ensures that a specified number of them successfully terminate
IBM Cloud25
Kubernetes Network - Services
Without services Pods are not visible outside the cluster
To enable communication from outside world to the Pods services are created
Internal Service Endpoints ndash Available inside the cluster only
External Service Endpoints - DNS names C-Names or A-records available to access pods
With the help of labels and selectors the services are tied to the pods
Service Types
minus ClusterIP ndash Service is reachable only from inside of the cluster
minus NodePort ndash Service is reachable through NodeIPNodePort
minus LoadBalancer ndash Service is reachable through an external load balancer mapped to NodeIPNodePort address
IBM Cloud26
Kubernetes Storage ndash Volume types
Host-based
minus EmptyDir
minus HostPath
Block Storage
minus IBM Block Storage
minus Amazon EBS
minus GCE Persistent Disk
minus vSphere Volumes
Distributed File System
minus IBM Spectrum Scale
minus NFS
minus Ceph
minus GlusterFS
minus Amazon EFS
minus Azure File System
Other
minus Flocker
minus iSCSI
minus Git Repository
minus Quobyte
IBM Cloud27
Kubernetes Storage ndash Persistence in Pods
Pods are ephemeral and stateless
Applications need persistent storage
Volumes is a way to get persistence to a Pod
Kubernetes volumes are similar to Docker volumes but are managed differently
All containers in a Pod can access the volume
Volumes are associated with the lifecycle of a Pod
Directories in a host are exposed as volumes in Pod
Volumes may be based on a variety of back-end storage types
IBM Cloud28
Kubernetes StoragePersistent volume and persistent volume claim
The Kubernetes Volume abstraction provides
minusPersistent Volume (PV) ndash Provisioned by an administrator
minusPersistent Volume Claim (PVC) ndash Requested by an user and Heketi provisions PVC ndash which creates a PV
minus Storage Class (SC) ndash Storage profiles offered by admins
Persistent
Volume
Block Storage Distributed File System IBM
Spectrum Scale
Worker Node
Pod 1 Pod 1
Persistent
Volume
Claim
IBM Cloud29
Kubernetes SecretsDecouple container with sensitive information
Secret holds sensitive information such as password OAuth tokens and more
Secret is an abstraction to decouple sensitive data
To use a secret Pod needs to reference the secret
Secret can be used in a Pod as files in a volume mounted on one or more containers or used by kubelet when pulling images for the Pod
$ kubectl -n stocktrader
create secret generic db2
--from-literal=id=db2psc
--from-literal=pwd=password
--from-literal=host=dev-ibm-db2oltp-devdefaultsvcclusterlocal
--from-literal=port=50000
--from-literal=db=PSDB
IBM Cloud30
IBM Cloud Private catalog ndash Helm Charts
Db2 chart
DSM chart
IBM Cloud31
IBM Cloud Private catalog ndash What is a Helm Chart
Helm is the package manager in IBM Cloud Private
Tiller is the server that serves the Helm content
Helm charts help to define install and upgrade software in an automated fashion
Helm charts can be deployed using GUI or command line
Software packages are available from IBM Charts Repository
Available at httpsgithubcomIBMcharts
IBM Cloud Private catalog requires internet connectivity to show available charts
In an air-gap environment you can build your own Local Charts repository
IBM Cloud32
IBM Charts Repository httpsgithubcomIBMchartstreemasterstable
Db2 chart
DSM chart
IBM Cloud33
Helm command line ndash Helm and Tiller
Helm is the client and Tiller is the server ndash runs on master node
$ helm version
Client v272+icp
Error cannot connect to Tiller
Use of --tls is required to do Helm operations
$ helm version --tls
Client v272+icp
Server v272+icp
Helm and Tiller version must be same ndash do not download Helm from Internet
IBM Cloud34
Deploying Db2 on Kubernetes
IBM Cloud35
Db2-based Containers running on Kubernetes (Sep 2019)Product Version Worker
Nodes
Pods PVCs Comments
Db2 OLTP 11144 1 1 1
Db2 OLTP HADR 11144 3 5 6 1x Db2 primary 1x Db2 standby 3x etcd for cluster
manager addntl PVC for HADR setup
Data Server
Manager
215 1 2 2 1x DSM 1x Db2 repository database
Includes Db2 111 engine
Db2 Warehouse
SMP
3100 1 1 1 Includes Db2 111 engine
Db2 Warehouse
MPP
3100 3+ 3+ 1 Includes Db2 111 engine
Requires IBM Cloud Pak for Data
Coming soon
minus Red Hat OpenShift Kubernetes support
minus Db2 v115 engine
IBM Cloud36
IBM Cloud Private Kubernetes platform
IBM Cloud37
Before deploying Db2 OLTP to Kubernetes a couple of stepsneed to be performed
Creating a new namespace (optional)
Configuring a pod security policy
Configuring an image pull secret
Configuring the service account
IBM Cloud38
Creating the Namespace for the Db2 OLTP containers
We will create new namespace where all our Pods for Db2 OLTP Db2 OLTP HADR and Data Server Manager will run
Create the namespace for example stock-trader-data
$ kubectl create namespace stock-trader-data
namespacestock-trader-data created
Switch the context to the newly created namespace
$ kubectl config set-context $(kubectl config current-context)
--namespace=stock-trader-data
Context mycluster-context modified
Verify pods There should be no pods running as we just created the namespace$ kubectl get podsNo resources found
IBM Cloud39
Configuring Pod Security Policy for Db2$ cat pre01yamlapiVersion extensionsv1beta1kind PodSecurityPolicymetadata
name db2-privilegesspec
allowPrivilegeEscalation trueprivileged falseallowedCapabilities- SETPCAP- MKNOD- AUDIT_WRITE- CHOWN- NET_RAW- DAC_OVERRIDE- FOWNER- FSETID- KILL- SETGID- SETUID- NET_BIND_SERVICE- SYS_CHROOT- SETFCAP- SYS_RESOURCE- IPC_OWNER- SYS_NICEfsGroup
rule RunAsAnyhostIPC true
hostNetwork falsehostPID falsehostPorts- max 65535
min 1runAsUser
rule RunAsAnyseLinux
rule RunAsAnysupplementalGroups
rule RunAsAnyvolumes-
Configure the pod security policy$ kubectl apply -f pre01yamlpodsecuritypolicyextensionsdb2-privileges configured
Verify the results$ kubectl get psp
db2-privileges false SETPCAPMKNODAUDIT_WRITECHOWNNET_RAWDAC_OVERRIDEFOWNERFSETIDKILLSETGIDSETUIDNET_BIND_SERVICESYS_CHROOTSETFCAPSYS_RESOURCEIPC_OWNERSYS_NICE RunAsAny RunAsAny RunAsAny RunAsAnyfalse
IBM Cloud40
Configuring Image Pull Secret for Db2
We need to create a image pull secret to give Kubernetes the credentials to pull the Db2 Developer-C and DSM images from Docker Hub
The username password and email are the credentials form Docker Hub
Note that you need to subscribe the Db2 and DSM images in Docker Hub first
Configure the image pull secret$ kubectl create secret docker-registry dockerhub
--docker-username=ltyour dockerhub usernamegt--docker-password=ltyour dockerhub passwordgt--docker-email=ltyour dockerhub emailgt--namespace=ltyour namespacegt
secretdockerhub created
Verify the result$ kubectl get secretsNAME TYPE DATA AGEdefault-token-mwvpl kubernetesioservice-account-token 3 17ddockerhub kubernetesiodockerconfigjson 1 13m
IBM Cloud41
Configuring Service Account for Db2$ more pre04yaml---kind ClusterRoleapiVersion rbacauthorizationk8siov1metadataname db2-privileges-cluster-role
rules- apiGroups [extensions]resources [podsecuritypolicies]verbs [use]resourceNames- db2-privileges
---kind ClusterRoleBindingapiVersion rbacauthorizationk8siov1metadataname db2-privileges-cluster-role-binding
roleRefkind ClusterRolename db2-privileges-cluster-roleapiGroup rbacauthorizationk8sio
subjects- kind ServiceAccountname defaultnamespace stock-trader-data
The YAML specification file that defines the cluster role and the cluster role binding for the service account
Configure the service account$ kubectl apply -f pre04yamlclusterrolerbacauthorizationk8siodb2-privileges-cluster-role createdclusterrolebindingrbacauthorizationk8siodb2-privileges-cluster-role-binding created
Verify the results$ kubectl get psp
db2-privileges false SETPCAPMKNODAUDIT_WRITECHOWNNET_RAWDAC_OVERRIDEFOWNERFSETIDKILLSETGIDSETUIDNET_BIND_SERVICESYS_CHROOTSETFCAPSYS_RESOURCEIPC_OWNERSYS_NICE RunAsAny RunAsAny RunAsAnyRunAsAny false
IBM Cloud42
Helm Charts for Db2 and DSM
IBM Cloud43
Helm install command to deploy Db2 OLTP on Kubernetes
Installing Db2 OLTP server with one database in 2 minutes
$ helm install --name db2-01 ibm-chartsibm-db2oltp-dev
--tls
--set db2instinstname=db2inst1
--set db2instpassword=passw0rd
--set optionsdatabaseName=MYDB
--set dataVolumesize=20Gi
Size of the
Db2 data
volume
Name of database that
will be created
If not specified no
database will be
created
Instance
owner name
Instance owner
password
Db2 OLTP
Helm chart
name
Helm release
name
different for each
deployment
Additional parameters available for example to enable Oracle compatibilitySee httpsgithubcomIBMchartstreemasterstableibm-db2oltp-dev
IBM Cloud44
Letrsquos verify if we can connect to the MYDB database (1)
Get list of running pods and verify that Db2 OLTP pod is running
$ kubectl get podsNAME READY STATUS RESTARTS AGEdb2-01-ibm-db2oltp-dev-0 11 Running 1 7h57m
Review the logs of the Db2 OLTP container
$ kubectl logs -f db2-01-ibm-db2oltp-dev-009152019 160430 0 0 SQL1063N DB2START processing was successfulSQL1063N DB2START processing was successful() Starting TEXT SEARCH service CIE00001 Operation completed successfullyssh-keygen generating new host keys RSA1 RSA DSA ECDSA ED25519() All databases are now active() Setup has completed
IBM Cloud45
Letrsquos verify if we can connect to the MYDB database (2)
Login to the Db2 OLTP container and connect to MYDB Db2 database
$ kubectl exec -it db2-01-ibm-db2oltp-dev-0 --binbash su - db2inst1Last login Sun Sep 15 161711 UTC 2019$ db2 connect to MYDB
Database Connection Information
Database server = DB2LINUXX8664 11144SQL authorization ID = DB2INST1Local database alias = MYDB
IBM Cloud46
Cataloging the MYDB database
We need to catalog the MYDB database to access from Db2 client
binbash
NODE_PORT=$(kubectl get --namespace stock-trader-data
-o jsonpath=specports[0]nodePort services db2-01-ibm-db2oltp-dev-db2)
echo Cataloging node db2tcp1
db2 -v uncatalog node DB2TCP1
db2 -v catalog tcpip node DB2TCP1 remote 19216827100 server $NODE_PORT
echo Cataloging database MYDB at node db2tcp1
db2 -v uncatalog database MYDB
db2 -v catalog database MYDB at node DB2TCP1
db2 terminate
We get the Db2 port
from the Db2 OLTP
helm release service
definition
IBM Cloud47
Kubernetes resources for Db2 OLTP$ helm status db2-01 --tlsNAME db2-01LAST DEPLOYED Sun Sep 15 081114 2019NAMESPACE stock-trader-dataSTATUS DEPLOYEDRESOURCES==gt v1SecretNAME TYPE DATA AGEdb2-01-ibm-db2oltp-dev Opaque 1 1s==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
db2-01-data-stor Bound vol12 20Gi RWO 1s
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
db2-01-ibm-db2oltp-dev-db2 NodePort 100050 ltnonegt 5000030463TCP5500032236TCP 1sdb2-01-ibm-db2oltp-dev ClusterIP None ltnonegt 50000TCP55000TCP60006TCP60007TCP 1s==gt v1StatefulSetNAME DESIRED CURRENT AGE
db2-01-ibm-db2oltp-dev 1 1 1s
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdb2-01-ibm-db2oltp-dev-0 01 Init01 0 1s 1 Pod runs
the Db2
container
2 Services for
Db2 1x external
1x internal
1 StatefulSet
DESIRED = 1
1 PVC (RWO) for db
files logs amp config
1 Secret
Db2 instance
owner password
IBM Cloud48
Helm install command for deploying Db2 OLTP HADR
Setting up a Db2 OLTP v111 HADR cluster pair in 5 minutes with 1 command
helm install --name db2-02 ibm-chartsibm-db2oltp-dev
--tls
--set db2instinstname=db2inst1
--set db2instpassword=passw0rd
--set optionsdatabaseName=HADB
--set dataVolumesize=20Gi--set hadrenabled=true
Additional parameter
hadrenabled set to true to
indicate that we want a
HADR setup
IBM Cloud49
Verify that Db2 HADR is working
IBM Cloud50
Kubernetes resources for Db2 OTLP HADRNAME db2-02LAST DEPLOYED Tue Sep 17 082433 2019NAMESPACE stock-trader-dataSTATUS DEPLOYEDRESOURCES==gt v1SecretNAME TYPE DATA AGEdb2-02-ibm-db2oltp-dev Opaque 1 1s==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
db2-02-hadr-stor Bound vol09 20Gi RWX 1s
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
db2-02-ibm-db2oltp-dev-db2 NodePort 100061 ltnonegt 5000032422TCP5500032181TCP 1sdb2-02-ibm-db2oltp-dev ClusterIP None ltnonegt 50000TCP55000TCP60006TCP60007TCP 1sdb2-02-ibm-db2oltp-dev-etcd ClusterIP None ltnonegt 2380TCP2379TCP 1s==gt v1StatefulSetNAME DESIRED CURRENT AGE
db2-02-ibm-db2oltp-dev 2 2 1s
==gt v1beta2StatefulSet
db2-02-ibm-db2oltp-dev-etcd 3 0 1s
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdb2-02-ibm-db2oltp-dev-0 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-1 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-etcd-0 01 ContainerCreating 0 1sdb2-02-ibm-db2oltp-dev-etcd-1 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-etcd-2 01 Pending 0 1s
5 Pods
2x Db2 3x etcd
3 Services
2x Db2 1x etcd
2 StatefulSets
Db2 DESIRED=2
etcd DESIRED=3
1 PVC (RWX)
for HADR setup (1)
1 Secret
Db2 instance
owner password
(1) 5 addntl PVCs are being created
implicitly for 2x Db2 and 3x etcd
IBM Cloud51
Kubernetes Job to deploy SQL $ cat single04yamlapiVersion batchv1kind Jobmetadata
name db2-01-create-database-schemaspec
templatespec
containers- name db2-01-create-database-schema
image storeibmcorpdb2_developer_c11144-x86_64command [ binsh-cscriptsdb2-setupsh ]volumeMounts- name db2-createschema
mountPath scriptssecurityContext
capabilitiesadd [SYS_RESOURCE IPC_OWNER SYS_NICE]
env- name LICENSE
value accept- name DB2INSTANCE
value db2inst1- name DB2INST1_PASSWORD
valueFromsecretKeyRef
name db2-01-ibm-db2oltp-devkey password
- name DB2_SERVICE_NAMEvalue db2-01-ibm-db2oltp-dev
- name DBNAMEvalue mydb
restartPolicy Nevervolumes- name db2-createschema
configMapname db2-createschemadefaultMode 0744
backoffLimit 1---apiVersion v1data
db2-setupsh |binshexport SETUPDIR=vardb2_setupsource $SETUPDIRincludedb2_constantssource $SETUPDIRincludedb2_common_functionsif getent passwd $DB2INSTANCE gt devnull 2gtamp1 then
echo () Previous setup has not been detected Creating create_users
fiif create_instance then
exit 1fistart_db2cp scriptsdb2-createschemash databasedb2-createschemashchmod +x databasedb2-createschemashsu - $DB2INSTANCE -c databasedb2-createschemash
$DB2_SERVICE_NAME $DB2INSTANCEldquo$DB2INST1_PASSWORD $DBNAME
IBM Cloud52
Kubernetes Job to deploy SQL (contrsquod)db2-createschemash |
binshDB2_SERVICE_NAME=$1DB2INSTANCE=$2DB2INST1_PASSWORD=$3DBNAME=$4echo Configure schema for database $DBNAME on host $DB2_SERVICE_NAMEdb2 catalog tcpip node DB2NODE remote $DB2_SERVICE_NAME server 50000db2 catalog db $DBNAME as $DBNAME at node DB2NODEdb2 terminatedb2 activate database $DBNAME user $DB2INSTANCE using $DB2INST1_PASSWORDdb2 connect to $DBNAME user $DB2INSTANCE using $DB2INST1_PASSWORDsleep 2db2 -tvmf scriptsps-bp-tbspsqlsleep 10db2 -tvmf scriptsps-tablessqlecho Database $DBNAME has been configured
ps-bp-tbspsql |CREATE BUFFERPOOL BP32K PAGESIZE 32KCREATE TABLESPACE TS32 PAGESIZE 32K BUFFERPOOL BP32K
ps-tablessql |CREATE TABLE PS_TABLE(PS_TABLE_ID INTEGER NOT NULL GENERATED ALWAYS AS IDENTITY (START WITH 100000 INCREMENT BY 5) [hellip] IN TS32INSERT INTO PS_TABLE (SSNFIRST_NAMELAST_NAMEJOB_CODEDEPTSALARYDOB) WITH TEMP1 [hellip] CREATE TABLE PS_HISTORY ( FIRSTNAME VARCHAR(20) NOT NULL LASTNAME VARCHAR(20) NOT NULL JOBCODE CHAR(4) NOT NULL ) IN TS32 GRANT ALL ON ps_table TO PUBLICGRANT ALL ON ps_history TO PUBLIC
kind ConfigMapmetadata
name db2-createschema
IBM Cloud53
Deploying the Job to run the SQL
We deploy the Kubernetes job that runs the SQL on the MYDB database
$ kubectl apply ndashf single04yaml
jobbatchdb2-01-create-database-schema created
configmapdb2-createschema configured
We verify that the job has been created
$ kubectl get jobs
NAME COMPLETIONS DURATION AGE
db2-01-create-database-schema 01 0s 0s
Eventually the job completes
$ kubectl get jobs
NAME COMPLETIONS DURATION AGE
db2-01-create-database-schema 11 109s 45m
IBM Cloud54
Verifying the logs from the Job that runs the SQL on MYDBWe run a script to retrieve the logs form the job
binbash
kubectl config set-context $(kubectl config current-context) --namespace=stock-trader-data
pod=$(kubectl get pods --selector=job-name=db2-01-create-database-schema --output=jsonpath=items[]metadataname)
kubectl logs -f $pod
Output
[hellip]
DB20000I The SQL command completed successfully
GRANT ALL ON ps_table TO PUBLIC
DB20000I The SQL command completed successfully
GRANT ALL ON ps_history TO PUBLIC
DB20000I The SQL command completed successfully
Database mydb has been configured
IBM Cloud55
Deploying Data Server Manager (DSM) with the GUI
IBM Cloud56
Deploying Data Server Manager (DSM) with the GUI (2)
IBM Cloud57
Getting the URL of Data Server Manager
We need to query Kubernetes for the URL of the DSM GUI
binbash
export NODE_PORT=$(kubectl get --namespace stock-trader-data -o jsonpath=spec
ports[1]nodePort services dsm-01-ibm-dsm-dev)
export NODE_IP=$(kubectl get nodes --namespace stock-trader-data -o jsonpath=
items[0]statusaddresses[0]address)
echo https$NODE_IP$NODE_PORT
=gt https1921682710030462 (can be different on your system)
IBM Cloud58
Accessing Data Server Manager
IBM Cloud59
Data Server Manager HomepageAll Db2 OLTP instances running in the
same namespace as DSM will be auto-
discovered and monitored by DSM
IBM Cloud60
DSM Kubernetes resources (12)$ helm status dsm-01 --tlsLAST DEPLOYED Mon Sep 16 120102 2019NAMESPACE stock-trader-dataSTATUS DEPLOYED
RESOURCES==gt v1RoleBindingNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGEdsm-01-repository NodePort 1000233 ltnonegt 5000032695TCP5500032203TCP 8mdsm-01-ibm-dsm-dev NodePort 100085 ltnonegt 1108032444TCP1108130462TCP 8m
==gt v1beta1DeploymentNAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGEdsm-01-repository 1 1 1 1 8mdsm-01-ibm-dsm-dev 1 1 1 1 8m
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdsm-01-repository-76f87d47d4-dlqh4 11 Running 0 8mdsm-01-ibm-dsm-dev-b976d89bd-dflqn 22 Running 0 8m
2 RoleBindings
2 Services
1x Db2 (repodb)
1x DSM
2 Deployments
2 Pods
1 Db2 1 DSM
IBM Cloud61
DSM Kubernetes resources (22)
[hellip]==gt v1SecretNAME TYPE DATA AGEdsm-01-repository-db2-passwd Opaque 1 8mdsm-01-ibm-dsm-dev-dsm-passwd Opaque 1 8m
==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGEdsm-01-repository-data-stor Bound vol14 20Gi RWO 8mdsm-01-ibm-dsm-dev-datavolume Bound vol12 20Gi RWO 8m
==gt v1ServiceAccountNAME SECRETS AGEdsm-repodb-dsm-01-repository 1 8mdsm-dsm-01-ibm-dsm-dev 1 8m
==gt v1RoleNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
2 Secrets 1 DSM
asmin 1 Db2
instance owner
2 PVCs 1 DSM
Db2
3 Roles
IBM Cloud62
Additional Resources
IBM Cloud63
Additional Resources ndash Kubernetes Docker Helm
Kubernetes
minus httpskubernetesiodocstutorialskubernetes-basics
Kubernetes in the Enterprise eBook
minus ibmbizBdYA4i
Docker
minus httpsdocsdockercomget-started
Docker Hub
minus httpshubdockercom
Helm
minus httpshelmshdocs
IBM Cloud64
Additional Resources ndash IBM Cloud Private OpenShift
IBM Cloud Private Documentation
minus httpswwwibmcomsupportknowledgecenterenSSBS6K_320kc_welcome_containershtml
Deploy IBM Cloud Private Community Edition using Vagrant
minus httpsgithubcomIBMdeploy-ibm-cloud-privateblobmasterdocsdeploy-vagrantmd
Red Hat OpenShift Container Platform Documentation
minus httpsdocsopenshiftcomcontainer-platform41welcomeindexhtml
IBM Cloud65
Additional Resources ndash Db2 Db2Wh DSMDb2 Integration into IBM Cloud Private
minus httpsdeveloperibmcomrecipestutorialsdb2-integration-into-ibm-cloud-private
Db2 on IBM Cloud Private with Red Hat OpenShift
minus httpsdeveloperibmcomrecipestutorialsibm-db2-on-ibm-cloud-private-with-redhat-openshift
IBM Db2 Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-db2oltp-dev
IBM Data Server Manager Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-dsm-dev
Deploying Db2 Warehouse SMP using Kubernetes
minus httpswwwibmcomsupportknowledgecenterenSSCJDQcomibmswgimdashdbdocadmindeploy_kubernetes_smphtml
Deploying Db2 Warehouse SMP and MPP on IBM Cloud Pak for Data
minus httpswwwibmcomsupportknowledgecenterenSSQNUZ_210comibmicpdatadoczenadmindb-reqshtmldb-reqs__db2warehouse
IBM Cloud66
Presentation on Db2 and Docker from Db2 Aktuell 2018
IBM Cloud67
Summary
IBM Cloud68
Summary
Micro Services and Containers
Kubernetes Basics
Deploying Db2 on Kubernetes
minus Db2 OLTP Single Server
minus Db2 OLTP HADR
minus Data Server Manager (DSM)
Additional Resources
Summary
IBM Cloud69
Claus Huempel IBM Deutschland GmbH
Karl-Arnold-Platz 1a
Technical Sales Professional 40474 Duesseldorf
Hybrid Data Management Germany
Mobile +49-177-3627278
Email chuempeldeibmcom
Thank You
IBM Cloud70
IBM Cloud4
Micro Services amp Containers
IBM Cloud5
Technology by itself is not the business disruptor
Failing to be customer centric is the biggest business threat
The right technology for the right job is an enabler of business disruption
Netflix did not kill Blockbusterhellip ridiculous late fees and rewind fees did
Uber did not kill the taxi businesshellip limited access and fare control did
Apple did not kill the music industryhellip being forced to buy full length albums did
Airbnb isnrsquot killing the hotel industryhellip limited availability and pricing options are
IBM Cloud6
Multi-cloud is being driven by cloud native architecturesMicroservices and containers are changing IT
Portable Applications
Public Cloud
CAGR -8
Traditional IT
Private Cloud
Public
with Virtual
Private
Cloud
Public Cloud
The Compound
Annual Growth Rate
of traditional IT
continues to shrink
while public and
private cloud
continues to grow
Microservices and
containers are keys to
this transformation
CAGR 16 CAGR 30
IBM Cloud7
Microservices ndash the first key to cloud native applicationsMaking development amp deployment more efficient
Microservices benefits
bull Improves fault isolation
Larger applications can remain largely
unaffected by the failure of a single
module
bull Eliminates long-term commitment to
a single technology stack
Try out a new technology stack on an
individual service and roll it back if
required
bull Easier development
A new developer can more easily
understand the functionality of a service
bull Easier deployment
Auto provision auto scale and provide
auto-redundancy
Microservice
Data
Access
Layer
Business
Logic
DB
UIUI
Microservice
Microservice
Monolithic
ArchitectureMicroservices
Architecture
DB
Microservice
Microservice
DB
Microservice
DB
This is not a claim that a microservice-based application approach is always better for every use case scenario
IBM Cloud8
Containers ndash the second key to cloud native applicationsReducing operational and development costs
Containers virtual software in the way that virtual machines have virtualized hardware
Virtual machines vs containers
Hypervisor
Infrastructure
Guest
OS
Guest
OS
Guest
OS
BinsLibs LibsBins BinsLibs
App 1 App 2 App 3
Operating System
Infrastructure
BinsLibs BinsLibs BinsLibs
App 1 App 2 App 3
Container Engine
overhea
d
Containers can be 2 ndash 3 times more resource
efficient than virtual machines
On average Docker developers ship software 7x
more frequently
BV
IBM Cloud9
Container automation and orchestration is essentialEnter Kubernetes
Containers are revolutionizing IT
But they require orchestration
Kubernetes - κυβερνήτης
Means ldquohelmsmanrdquo or ldquopilotrdquo
IBM Cloud10
Private Clouds address the new IT realityCreated by digital transformation
Method Development Deployment Environment
Waterfall Monolithic Bare metal On-Premises
Agile Programming N-Tier Virtual Server Off-Premises
Agile DevOps Microservices Containers Cloud
Hypervisor
Infrastructure
GuestOS
GuestOS
GuestOS
BinsLibs BinsLibs BinsLibs
App 1 App 2 App 3
Operating System
Infrastructure
BinsLibs BinsLibs BinsLibs
App 1 App 2 App 3
Container Engine
Tim
e t
o v
alu
e
Perc
ep
tio
n o
f co
st
IBM Cloud11
Public Cloud + Private Cloud = Hybrid Cloud Different cloud options
Public CloudOn-Premises
Private Cloud
Hosted Private
CloudHybrid Cloud
Hardware
Deployment and
Management
Vendor Customer Vendor
Shared between
vendor and
customer
Hardware Sharing
ModelShared Dedicated Dedicated
Partially shared
and partially
dedicated
Scalability High Medium High High
Low Cost Yes Sometimes Sometimes Sometimes
Predictable Cost No Yes Yes No
Utility Billing Yes No Depends on vendor Partial
Flexibility Yes Limited Limited Yes
Customization
CapabilitiesNo Yes Depends on vendor Partial
Enhanced Security
and ComplianceNo Yes Yes Yes
Instant
ProvisioningYes Yes Yes Yes
A ldquoHybrid Cloudrdquo is a highly orchestrated environment where all sources act as one
A ldquoMulti-cloudrdquo environment simply refers to the use of multiple cloud sources of any kind without necessarily being orchestrated
IBM Cloud12
Why care about Private CloudsAdoption brings agility and efficiency
Cost Efficient amp Scalable
Infrastructure
Accelerate Time to Market
Build package amp deploy applications in
containers run at scale with Kubernetes
Refactor applications into microservices
amp modernize monolithic applications
Manage Data at Scale
Access govern amp analyze your data at
scale accelerate your journey to AI
50 Benefit
3-Year $54 Million Cost Savings 255 ROI
Business Value Assessment Customer Output
Standard On-Premises vs IBM Cloud Private
Data CenterSystem Utilization amp Server Reduction
75 BenefitManage PerformanceElasticity Bursting High Availability
35 BenefitDevOpsFaster Deployments
30 BenefitDeployment EfficiencyContainers amp Microservices
50 BenefitImproved SecurityManagement amp Risk Reduction
IBM Cloud13
Private Cloud Platform Market LeadersOpenShift and IBM Cloud Private
IBM Cloud Private
IBM Cloud14
Kubernetes Basics
IBM Cloud15
Kubernetes Basics
Kubernetes Overview
minusOpen Source Project
minus Features
minusArchitecture
Kubernetes Workloads
minus Pods and YAML
minus Controllers
Kubernetes Networking
minus Services
Kubernetes Storage
minus Volume types
minus Persistent volumes
minus Persistent volume claims
Kubernetes Security
minus Secrets
IBM Cloud Private Catalog
minusHelm Charts
minusHelm CLI
IBM Cloud16
Kubernetes ndash Open Source Project
Greek work for ldquoHelmsmanrdquo
Itrsquos Open Source - httpsgithubcomkuberneteskubernetes
Itrsquos a graduated project of Cloud Native Computing Foundation httpscncfio
Popularly known as ldquoContainer Orchestratorrdquo
It is a modern ldquoCluster Managerrdquo for automating deployment scaling and management of containerized applications
IBM Cloud17
Kubernetes ndash Features (1)
Automatic binpacking
minus Automatically places containers on nodes Mix critical and best-effort workloads in order to drive up utilization
Horizontal scaling
minus Scale application up or down with a simple command with a UI or automatically based on CPU usage
Automated rollouts and rollbacks
minus Kubernetes progressively rolls out changes to the application or its configuration while monitoring application health to ensure that it doesnrsquot kill all instances at the same time
Storage orchestration
minus Automatically mount the storage system of your choice whether from local public or SAN such as iSCSI Gluster Ceph Cinder Flocker NFS or IBM Spectrum Scale
IBM Cloud18
Kubernetes ndash Features (2)
Self-healing
minus Restart containers that fail replace and reschedules containers when nodes die kill containers that do not respond to user defined health checks
Service discovery and load balancing
minus No need to modify the application to use an unfamiliar service discovery mechanism Kubernetes gives containers their own IP addresses and a single DNS name for a set of containers
Secret and configuration management
minus Deploy and update secrets and application configuration without rebuilding your image and without exposing secrets in your stack configuration
Batch Execution
minus In addition to services Kubernetes can manage your batch and CI workloads replacing containers that fail if desired
IBM Cloud19
Kubernetes Architecture
Kubernetes Cluster
Kubelet
Worker NodeKubelet
Worker NodeKubelet
Worker Node
Master Node
API Server
Scheduler ControllerDistributed etcd
key-value datastore
Image Registry
Container -
1Container -
2Container -
3Container -
4Container -
5Container -
6Container -
7Container -
8Container -
n
Kubernetes REST API
Command
LineWeb UI
IBM Cloud20
Kubernetes WorkloadsPod ndash the basic building block for Kubernetes
Smallest and simplest unit in Kubernetes object model
Pod encapsulates an application container (or multiple containers) storage resources a unique network IP and options that govern how the container should run
Pod is a unit of deployment
Pod runs one or more containers as a unit
Docker is the container runtime used in IBM Cloud Private
One-container-per-pod model is most common use case
Kubernetes manages the pod rather than containers directly
Pods can run multiple containers that need to work together and toshare resources
Pods are designed as relatively ephemeral disposable entities
Pods do not self-heal by themselves ndash a higher level abstractiondoes this
IBM Cloud21
Kubernetes ConfigurationsCreate YAML for creating resources on KubernetesYAML ndash Yet Another Markup Language or YAML Ainrsquot Markup Language
Types of structures required in Kubernetes
minus Maps
minus Lists
YAML Maps - let you associate name value pair For example---apiVersion v1kind pod
YAML Maps ndash Create a key that maps to another map---apiVersion v1kind podmetadata
name db2labels
app db2
IBM Cloud22
Kubernetes Configurations ndash Create YAML (continued)YAML Lists are literally a sequence of objects Members in the list can also be maps
---apiVersion v1kind podmetadata
name db2labels
app db2spec
containers- name front-endimage nginxports
- containerPort 80- name db2-oltpimage storeibmcorpdb2_developer_c11144ports
- containerPort 50000
A YAML manifest has four components to define a Kubernetes resourcebull apiVersionbull kindbull metadatabull spec
IBM Cloud23
Kubernetes Workloads ndash Create a Pod
Create a nginx pod ndash icp01yaml--- Simple yaml file to create an nginx podapiVersion v1kind Podmetadata
name nginxlabels
app nginxspec
containers- name nginx
image nginx179ports- containerPort 80
Create the pod
$ kubectl apply -f icp01yaml
podnginx created
Check pod status
$ kubectl get pods
NAME READY STATUS RESTARTS AGE
nginx 11 Running 0 13s
IBM Cloud24
Kubernetes Workloads - ControllersControllers can create and manage pods for you
ReplicaSet
minus A ReplicaSet ensures that a specified number of pod replicas are running at any given time
Deployments
minus Deployment is a higher-level concept that manages ReplicaSets and provides declarative updates to pods
minus Example Create a deployment to rollout a ReplicaSet
StatefulSets
minus StatefulSets represent a set of pods with unique persistent identities and stable hostnames that are maintained regardless where they are scheduled
minus Examples Db2 Redis IBM MQ
DaemonSets
minus A DaemonSet ensures that nodes (all or some) run a copy of pod As nodes are added pods are added to them
minus Example Cluster storage daemon such as glusterd ceph logs collection on each node
Jobs CronJobs
minus A job creates one or more pods and ensures that a specified number of them successfully terminate
IBM Cloud25
Kubernetes Network - Services
Without services Pods are not visible outside the cluster
To enable communication from outside world to the Pods services are created
Internal Service Endpoints ndash Available inside the cluster only
External Service Endpoints - DNS names C-Names or A-records available to access pods
With the help of labels and selectors the services are tied to the pods
Service Types
minus ClusterIP ndash Service is reachable only from inside of the cluster
minus NodePort ndash Service is reachable through NodeIPNodePort
minus LoadBalancer ndash Service is reachable through an external load balancer mapped to NodeIPNodePort address
IBM Cloud26
Kubernetes Storage ndash Volume types
Host-based
minus EmptyDir
minus HostPath
Block Storage
minus IBM Block Storage
minus Amazon EBS
minus GCE Persistent Disk
minus vSphere Volumes
Distributed File System
minus IBM Spectrum Scale
minus NFS
minus Ceph
minus GlusterFS
minus Amazon EFS
minus Azure File System
Other
minus Flocker
minus iSCSI
minus Git Repository
minus Quobyte
IBM Cloud27
Kubernetes Storage ndash Persistence in Pods
Pods are ephemeral and stateless
Applications need persistent storage
Volumes is a way to get persistence to a Pod
Kubernetes volumes are similar to Docker volumes but are managed differently
All containers in a Pod can access the volume
Volumes are associated with the lifecycle of a Pod
Directories in a host are exposed as volumes in Pod
Volumes may be based on a variety of back-end storage types
IBM Cloud28
Kubernetes StoragePersistent volume and persistent volume claim
The Kubernetes Volume abstraction provides
minusPersistent Volume (PV) ndash Provisioned by an administrator
minusPersistent Volume Claim (PVC) ndash Requested by an user and Heketi provisions PVC ndash which creates a PV
minus Storage Class (SC) ndash Storage profiles offered by admins
Persistent
Volume
Block Storage Distributed File System IBM
Spectrum Scale
Worker Node
Pod 1 Pod 1
Persistent
Volume
Claim
IBM Cloud29
Kubernetes SecretsDecouple container with sensitive information
Secret holds sensitive information such as password OAuth tokens and more
Secret is an abstraction to decouple sensitive data
To use a secret Pod needs to reference the secret
Secret can be used in a Pod as files in a volume mounted on one or more containers or used by kubelet when pulling images for the Pod
$ kubectl -n stocktrader
create secret generic db2
--from-literal=id=db2psc
--from-literal=pwd=password
--from-literal=host=dev-ibm-db2oltp-devdefaultsvcclusterlocal
--from-literal=port=50000
--from-literal=db=PSDB
IBM Cloud30
IBM Cloud Private catalog ndash Helm Charts
Db2 chart
DSM chart
IBM Cloud31
IBM Cloud Private catalog ndash What is a Helm Chart
Helm is the package manager in IBM Cloud Private
Tiller is the server that serves the Helm content
Helm charts help to define install and upgrade software in an automated fashion
Helm charts can be deployed using GUI or command line
Software packages are available from IBM Charts Repository
Available at httpsgithubcomIBMcharts
IBM Cloud Private catalog requires internet connectivity to show available charts
In an air-gap environment you can build your own Local Charts repository
IBM Cloud32
IBM Charts Repository httpsgithubcomIBMchartstreemasterstable
Db2 chart
DSM chart
IBM Cloud33
Helm command line ndash Helm and Tiller
Helm is the client and Tiller is the server ndash runs on master node
$ helm version
Client v272+icp
Error cannot connect to Tiller
Use of --tls is required to do Helm operations
$ helm version --tls
Client v272+icp
Server v272+icp
Helm and Tiller version must be same ndash do not download Helm from Internet
IBM Cloud34
Deploying Db2 on Kubernetes
IBM Cloud35
Db2-based Containers running on Kubernetes (Sep 2019)Product Version Worker
Nodes
Pods PVCs Comments
Db2 OLTP 11144 1 1 1
Db2 OLTP HADR 11144 3 5 6 1x Db2 primary 1x Db2 standby 3x etcd for cluster
manager addntl PVC for HADR setup
Data Server
Manager
215 1 2 2 1x DSM 1x Db2 repository database
Includes Db2 111 engine
Db2 Warehouse
SMP
3100 1 1 1 Includes Db2 111 engine
Db2 Warehouse
MPP
3100 3+ 3+ 1 Includes Db2 111 engine
Requires IBM Cloud Pak for Data
Coming soon
minus Red Hat OpenShift Kubernetes support
minus Db2 v115 engine
IBM Cloud36
IBM Cloud Private Kubernetes platform
IBM Cloud37
Before deploying Db2 OLTP to Kubernetes a couple of stepsneed to be performed
Creating a new namespace (optional)
Configuring a pod security policy
Configuring an image pull secret
Configuring the service account
IBM Cloud38
Creating the Namespace for the Db2 OLTP containers
We will create new namespace where all our Pods for Db2 OLTP Db2 OLTP HADR and Data Server Manager will run
Create the namespace for example stock-trader-data
$ kubectl create namespace stock-trader-data
namespacestock-trader-data created
Switch the context to the newly created namespace
$ kubectl config set-context $(kubectl config current-context)
--namespace=stock-trader-data
Context mycluster-context modified
Verify pods There should be no pods running as we just created the namespace$ kubectl get podsNo resources found
IBM Cloud39
Configuring Pod Security Policy for Db2$ cat pre01yamlapiVersion extensionsv1beta1kind PodSecurityPolicymetadata
name db2-privilegesspec
allowPrivilegeEscalation trueprivileged falseallowedCapabilities- SETPCAP- MKNOD- AUDIT_WRITE- CHOWN- NET_RAW- DAC_OVERRIDE- FOWNER- FSETID- KILL- SETGID- SETUID- NET_BIND_SERVICE- SYS_CHROOT- SETFCAP- SYS_RESOURCE- IPC_OWNER- SYS_NICEfsGroup
rule RunAsAnyhostIPC true
hostNetwork falsehostPID falsehostPorts- max 65535
min 1runAsUser
rule RunAsAnyseLinux
rule RunAsAnysupplementalGroups
rule RunAsAnyvolumes-
Configure the pod security policy$ kubectl apply -f pre01yamlpodsecuritypolicyextensionsdb2-privileges configured
Verify the results$ kubectl get psp
db2-privileges false SETPCAPMKNODAUDIT_WRITECHOWNNET_RAWDAC_OVERRIDEFOWNERFSETIDKILLSETGIDSETUIDNET_BIND_SERVICESYS_CHROOTSETFCAPSYS_RESOURCEIPC_OWNERSYS_NICE RunAsAny RunAsAny RunAsAny RunAsAnyfalse
IBM Cloud40
Configuring Image Pull Secret for Db2
We need to create a image pull secret to give Kubernetes the credentials to pull the Db2 Developer-C and DSM images from Docker Hub
The username password and email are the credentials form Docker Hub
Note that you need to subscribe the Db2 and DSM images in Docker Hub first
Configure the image pull secret$ kubectl create secret docker-registry dockerhub
--docker-username=ltyour dockerhub usernamegt--docker-password=ltyour dockerhub passwordgt--docker-email=ltyour dockerhub emailgt--namespace=ltyour namespacegt
secretdockerhub created
Verify the result$ kubectl get secretsNAME TYPE DATA AGEdefault-token-mwvpl kubernetesioservice-account-token 3 17ddockerhub kubernetesiodockerconfigjson 1 13m
IBM Cloud41
Configuring Service Account for Db2$ more pre04yaml---kind ClusterRoleapiVersion rbacauthorizationk8siov1metadataname db2-privileges-cluster-role
rules- apiGroups [extensions]resources [podsecuritypolicies]verbs [use]resourceNames- db2-privileges
---kind ClusterRoleBindingapiVersion rbacauthorizationk8siov1metadataname db2-privileges-cluster-role-binding
roleRefkind ClusterRolename db2-privileges-cluster-roleapiGroup rbacauthorizationk8sio
subjects- kind ServiceAccountname defaultnamespace stock-trader-data
The YAML specification file that defines the cluster role and the cluster role binding for the service account
Configure the service account$ kubectl apply -f pre04yamlclusterrolerbacauthorizationk8siodb2-privileges-cluster-role createdclusterrolebindingrbacauthorizationk8siodb2-privileges-cluster-role-binding created
Verify the results$ kubectl get psp
db2-privileges false SETPCAPMKNODAUDIT_WRITECHOWNNET_RAWDAC_OVERRIDEFOWNERFSETIDKILLSETGIDSETUIDNET_BIND_SERVICESYS_CHROOTSETFCAPSYS_RESOURCEIPC_OWNERSYS_NICE RunAsAny RunAsAny RunAsAnyRunAsAny false
IBM Cloud42
Helm Charts for Db2 and DSM
IBM Cloud43
Helm install command to deploy Db2 OLTP on Kubernetes
Installing Db2 OLTP server with one database in 2 minutes
$ helm install --name db2-01 ibm-chartsibm-db2oltp-dev
--tls
--set db2instinstname=db2inst1
--set db2instpassword=passw0rd
--set optionsdatabaseName=MYDB
--set dataVolumesize=20Gi
Size of the
Db2 data
volume
Name of database that
will be created
If not specified no
database will be
created
Instance
owner name
Instance owner
password
Db2 OLTP
Helm chart
name
Helm release
name
different for each
deployment
Additional parameters available for example to enable Oracle compatibilitySee httpsgithubcomIBMchartstreemasterstableibm-db2oltp-dev
IBM Cloud44
Letrsquos verify if we can connect to the MYDB database (1)
Get list of running pods and verify that Db2 OLTP pod is running
$ kubectl get podsNAME READY STATUS RESTARTS AGEdb2-01-ibm-db2oltp-dev-0 11 Running 1 7h57m
Review the logs of the Db2 OLTP container
$ kubectl logs -f db2-01-ibm-db2oltp-dev-009152019 160430 0 0 SQL1063N DB2START processing was successfulSQL1063N DB2START processing was successful() Starting TEXT SEARCH service CIE00001 Operation completed successfullyssh-keygen generating new host keys RSA1 RSA DSA ECDSA ED25519() All databases are now active() Setup has completed
IBM Cloud45
Letrsquos verify if we can connect to the MYDB database (2)
Login to the Db2 OLTP container and connect to MYDB Db2 database
$ kubectl exec -it db2-01-ibm-db2oltp-dev-0 --binbash su - db2inst1Last login Sun Sep 15 161711 UTC 2019$ db2 connect to MYDB
Database Connection Information
Database server = DB2LINUXX8664 11144SQL authorization ID = DB2INST1Local database alias = MYDB
IBM Cloud46
Cataloging the MYDB database
We need to catalog the MYDB database to access from Db2 client
binbash
NODE_PORT=$(kubectl get --namespace stock-trader-data
-o jsonpath=specports[0]nodePort services db2-01-ibm-db2oltp-dev-db2)
echo Cataloging node db2tcp1
db2 -v uncatalog node DB2TCP1
db2 -v catalog tcpip node DB2TCP1 remote 19216827100 server $NODE_PORT
echo Cataloging database MYDB at node db2tcp1
db2 -v uncatalog database MYDB
db2 -v catalog database MYDB at node DB2TCP1
db2 terminate
We get the Db2 port
from the Db2 OLTP
helm release service
definition
IBM Cloud47
Kubernetes resources for Db2 OLTP$ helm status db2-01 --tlsNAME db2-01LAST DEPLOYED Sun Sep 15 081114 2019NAMESPACE stock-trader-dataSTATUS DEPLOYEDRESOURCES==gt v1SecretNAME TYPE DATA AGEdb2-01-ibm-db2oltp-dev Opaque 1 1s==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
db2-01-data-stor Bound vol12 20Gi RWO 1s
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
db2-01-ibm-db2oltp-dev-db2 NodePort 100050 ltnonegt 5000030463TCP5500032236TCP 1sdb2-01-ibm-db2oltp-dev ClusterIP None ltnonegt 50000TCP55000TCP60006TCP60007TCP 1s==gt v1StatefulSetNAME DESIRED CURRENT AGE
db2-01-ibm-db2oltp-dev 1 1 1s
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdb2-01-ibm-db2oltp-dev-0 01 Init01 0 1s 1 Pod runs
the Db2
container
2 Services for
Db2 1x external
1x internal
1 StatefulSet
DESIRED = 1
1 PVC (RWO) for db
files logs amp config
1 Secret
Db2 instance
owner password
IBM Cloud48
Helm install command for deploying Db2 OLTP HADR
Setting up a Db2 OLTP v111 HADR cluster pair in 5 minutes with 1 command
helm install --name db2-02 ibm-chartsibm-db2oltp-dev
--tls
--set db2instinstname=db2inst1
--set db2instpassword=passw0rd
--set optionsdatabaseName=HADB
--set dataVolumesize=20Gi--set hadrenabled=true
Additional parameter
hadrenabled set to true to
indicate that we want a
HADR setup
IBM Cloud49
Verify that Db2 HADR is working
IBM Cloud50
Kubernetes resources for Db2 OTLP HADRNAME db2-02LAST DEPLOYED Tue Sep 17 082433 2019NAMESPACE stock-trader-dataSTATUS DEPLOYEDRESOURCES==gt v1SecretNAME TYPE DATA AGEdb2-02-ibm-db2oltp-dev Opaque 1 1s==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
db2-02-hadr-stor Bound vol09 20Gi RWX 1s
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
db2-02-ibm-db2oltp-dev-db2 NodePort 100061 ltnonegt 5000032422TCP5500032181TCP 1sdb2-02-ibm-db2oltp-dev ClusterIP None ltnonegt 50000TCP55000TCP60006TCP60007TCP 1sdb2-02-ibm-db2oltp-dev-etcd ClusterIP None ltnonegt 2380TCP2379TCP 1s==gt v1StatefulSetNAME DESIRED CURRENT AGE
db2-02-ibm-db2oltp-dev 2 2 1s
==gt v1beta2StatefulSet
db2-02-ibm-db2oltp-dev-etcd 3 0 1s
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdb2-02-ibm-db2oltp-dev-0 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-1 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-etcd-0 01 ContainerCreating 0 1sdb2-02-ibm-db2oltp-dev-etcd-1 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-etcd-2 01 Pending 0 1s
5 Pods
2x Db2 3x etcd
3 Services
2x Db2 1x etcd
2 StatefulSets
Db2 DESIRED=2
etcd DESIRED=3
1 PVC (RWX)
for HADR setup (1)
1 Secret
Db2 instance
owner password
(1) 5 addntl PVCs are being created
implicitly for 2x Db2 and 3x etcd
IBM Cloud51
Kubernetes Job to deploy SQL $ cat single04yamlapiVersion batchv1kind Jobmetadata
name db2-01-create-database-schemaspec
templatespec
containers- name db2-01-create-database-schema
image storeibmcorpdb2_developer_c11144-x86_64command [ binsh-cscriptsdb2-setupsh ]volumeMounts- name db2-createschema
mountPath scriptssecurityContext
capabilitiesadd [SYS_RESOURCE IPC_OWNER SYS_NICE]
env- name LICENSE
value accept- name DB2INSTANCE
value db2inst1- name DB2INST1_PASSWORD
valueFromsecretKeyRef
name db2-01-ibm-db2oltp-devkey password
- name DB2_SERVICE_NAMEvalue db2-01-ibm-db2oltp-dev
- name DBNAMEvalue mydb
restartPolicy Nevervolumes- name db2-createschema
configMapname db2-createschemadefaultMode 0744
backoffLimit 1---apiVersion v1data
db2-setupsh |binshexport SETUPDIR=vardb2_setupsource $SETUPDIRincludedb2_constantssource $SETUPDIRincludedb2_common_functionsif getent passwd $DB2INSTANCE gt devnull 2gtamp1 then
echo () Previous setup has not been detected Creating create_users
fiif create_instance then
exit 1fistart_db2cp scriptsdb2-createschemash databasedb2-createschemashchmod +x databasedb2-createschemashsu - $DB2INSTANCE -c databasedb2-createschemash
$DB2_SERVICE_NAME $DB2INSTANCEldquo$DB2INST1_PASSWORD $DBNAME
IBM Cloud52
Kubernetes Job to deploy SQL (contrsquod)db2-createschemash |
binshDB2_SERVICE_NAME=$1DB2INSTANCE=$2DB2INST1_PASSWORD=$3DBNAME=$4echo Configure schema for database $DBNAME on host $DB2_SERVICE_NAMEdb2 catalog tcpip node DB2NODE remote $DB2_SERVICE_NAME server 50000db2 catalog db $DBNAME as $DBNAME at node DB2NODEdb2 terminatedb2 activate database $DBNAME user $DB2INSTANCE using $DB2INST1_PASSWORDdb2 connect to $DBNAME user $DB2INSTANCE using $DB2INST1_PASSWORDsleep 2db2 -tvmf scriptsps-bp-tbspsqlsleep 10db2 -tvmf scriptsps-tablessqlecho Database $DBNAME has been configured
ps-bp-tbspsql |CREATE BUFFERPOOL BP32K PAGESIZE 32KCREATE TABLESPACE TS32 PAGESIZE 32K BUFFERPOOL BP32K
ps-tablessql |CREATE TABLE PS_TABLE(PS_TABLE_ID INTEGER NOT NULL GENERATED ALWAYS AS IDENTITY (START WITH 100000 INCREMENT BY 5) [hellip] IN TS32INSERT INTO PS_TABLE (SSNFIRST_NAMELAST_NAMEJOB_CODEDEPTSALARYDOB) WITH TEMP1 [hellip] CREATE TABLE PS_HISTORY ( FIRSTNAME VARCHAR(20) NOT NULL LASTNAME VARCHAR(20) NOT NULL JOBCODE CHAR(4) NOT NULL ) IN TS32 GRANT ALL ON ps_table TO PUBLICGRANT ALL ON ps_history TO PUBLIC
kind ConfigMapmetadata
name db2-createschema
IBM Cloud53
Deploying the Job to run the SQL
We deploy the Kubernetes job that runs the SQL on the MYDB database
$ kubectl apply ndashf single04yaml
jobbatchdb2-01-create-database-schema created
configmapdb2-createschema configured
We verify that the job has been created
$ kubectl get jobs
NAME COMPLETIONS DURATION AGE
db2-01-create-database-schema 01 0s 0s
Eventually the job completes
$ kubectl get jobs
NAME COMPLETIONS DURATION AGE
db2-01-create-database-schema 11 109s 45m
IBM Cloud54
Verifying the logs from the Job that runs the SQL on MYDBWe run a script to retrieve the logs form the job
binbash
kubectl config set-context $(kubectl config current-context) --namespace=stock-trader-data
pod=$(kubectl get pods --selector=job-name=db2-01-create-database-schema --output=jsonpath=items[]metadataname)
kubectl logs -f $pod
Output
[hellip]
DB20000I The SQL command completed successfully
GRANT ALL ON ps_table TO PUBLIC
DB20000I The SQL command completed successfully
GRANT ALL ON ps_history TO PUBLIC
DB20000I The SQL command completed successfully
Database mydb has been configured
IBM Cloud55
Deploying Data Server Manager (DSM) with the GUI
IBM Cloud56
Deploying Data Server Manager (DSM) with the GUI (2)
IBM Cloud57
Getting the URL of Data Server Manager
We need to query Kubernetes for the URL of the DSM GUI
binbash
export NODE_PORT=$(kubectl get --namespace stock-trader-data -o jsonpath=spec
ports[1]nodePort services dsm-01-ibm-dsm-dev)
export NODE_IP=$(kubectl get nodes --namespace stock-trader-data -o jsonpath=
items[0]statusaddresses[0]address)
echo https$NODE_IP$NODE_PORT
=gt https1921682710030462 (can be different on your system)
IBM Cloud58
Accessing Data Server Manager
IBM Cloud59
Data Server Manager HomepageAll Db2 OLTP instances running in the
same namespace as DSM will be auto-
discovered and monitored by DSM
IBM Cloud60
DSM Kubernetes resources (12)$ helm status dsm-01 --tlsLAST DEPLOYED Mon Sep 16 120102 2019NAMESPACE stock-trader-dataSTATUS DEPLOYED
RESOURCES==gt v1RoleBindingNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGEdsm-01-repository NodePort 1000233 ltnonegt 5000032695TCP5500032203TCP 8mdsm-01-ibm-dsm-dev NodePort 100085 ltnonegt 1108032444TCP1108130462TCP 8m
==gt v1beta1DeploymentNAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGEdsm-01-repository 1 1 1 1 8mdsm-01-ibm-dsm-dev 1 1 1 1 8m
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdsm-01-repository-76f87d47d4-dlqh4 11 Running 0 8mdsm-01-ibm-dsm-dev-b976d89bd-dflqn 22 Running 0 8m
2 RoleBindings
2 Services
1x Db2 (repodb)
1x DSM
2 Deployments
2 Pods
1 Db2 1 DSM
IBM Cloud61
DSM Kubernetes resources (22)
[hellip]==gt v1SecretNAME TYPE DATA AGEdsm-01-repository-db2-passwd Opaque 1 8mdsm-01-ibm-dsm-dev-dsm-passwd Opaque 1 8m
==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGEdsm-01-repository-data-stor Bound vol14 20Gi RWO 8mdsm-01-ibm-dsm-dev-datavolume Bound vol12 20Gi RWO 8m
==gt v1ServiceAccountNAME SECRETS AGEdsm-repodb-dsm-01-repository 1 8mdsm-dsm-01-ibm-dsm-dev 1 8m
==gt v1RoleNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
2 Secrets 1 DSM
asmin 1 Db2
instance owner
2 PVCs 1 DSM
Db2
3 Roles
IBM Cloud62
Additional Resources
IBM Cloud63
Additional Resources ndash Kubernetes Docker Helm
Kubernetes
minus httpskubernetesiodocstutorialskubernetes-basics
Kubernetes in the Enterprise eBook
minus ibmbizBdYA4i
Docker
minus httpsdocsdockercomget-started
Docker Hub
minus httpshubdockercom
Helm
minus httpshelmshdocs
IBM Cloud64
Additional Resources ndash IBM Cloud Private OpenShift
IBM Cloud Private Documentation
minus httpswwwibmcomsupportknowledgecenterenSSBS6K_320kc_welcome_containershtml
Deploy IBM Cloud Private Community Edition using Vagrant
minus httpsgithubcomIBMdeploy-ibm-cloud-privateblobmasterdocsdeploy-vagrantmd
Red Hat OpenShift Container Platform Documentation
minus httpsdocsopenshiftcomcontainer-platform41welcomeindexhtml
IBM Cloud65
Additional Resources ndash Db2 Db2Wh DSMDb2 Integration into IBM Cloud Private
minus httpsdeveloperibmcomrecipestutorialsdb2-integration-into-ibm-cloud-private
Db2 on IBM Cloud Private with Red Hat OpenShift
minus httpsdeveloperibmcomrecipestutorialsibm-db2-on-ibm-cloud-private-with-redhat-openshift
IBM Db2 Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-db2oltp-dev
IBM Data Server Manager Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-dsm-dev
Deploying Db2 Warehouse SMP using Kubernetes
minus httpswwwibmcomsupportknowledgecenterenSSCJDQcomibmswgimdashdbdocadmindeploy_kubernetes_smphtml
Deploying Db2 Warehouse SMP and MPP on IBM Cloud Pak for Data
minus httpswwwibmcomsupportknowledgecenterenSSQNUZ_210comibmicpdatadoczenadmindb-reqshtmldb-reqs__db2warehouse
IBM Cloud66
Presentation on Db2 and Docker from Db2 Aktuell 2018
IBM Cloud67
Summary
IBM Cloud68
Summary
Micro Services and Containers
Kubernetes Basics
Deploying Db2 on Kubernetes
minus Db2 OLTP Single Server
minus Db2 OLTP HADR
minus Data Server Manager (DSM)
Additional Resources
Summary
IBM Cloud69
Claus Huempel IBM Deutschland GmbH
Karl-Arnold-Platz 1a
Technical Sales Professional 40474 Duesseldorf
Hybrid Data Management Germany
Mobile +49-177-3627278
Email chuempeldeibmcom
Thank You
IBM Cloud70
IBM Cloud5
Technology by itself is not the business disruptor
Failing to be customer centric is the biggest business threat
The right technology for the right job is an enabler of business disruption
Netflix did not kill Blockbusterhellip ridiculous late fees and rewind fees did
Uber did not kill the taxi businesshellip limited access and fare control did
Apple did not kill the music industryhellip being forced to buy full length albums did
Airbnb isnrsquot killing the hotel industryhellip limited availability and pricing options are
IBM Cloud6
Multi-cloud is being driven by cloud native architecturesMicroservices and containers are changing IT
Portable Applications
Public Cloud
CAGR -8
Traditional IT
Private Cloud
Public
with Virtual
Private
Cloud
Public Cloud
The Compound
Annual Growth Rate
of traditional IT
continues to shrink
while public and
private cloud
continues to grow
Microservices and
containers are keys to
this transformation
CAGR 16 CAGR 30
IBM Cloud7
Microservices ndash the first key to cloud native applicationsMaking development amp deployment more efficient
Microservices benefits
bull Improves fault isolation
Larger applications can remain largely
unaffected by the failure of a single
module
bull Eliminates long-term commitment to
a single technology stack
Try out a new technology stack on an
individual service and roll it back if
required
bull Easier development
A new developer can more easily
understand the functionality of a service
bull Easier deployment
Auto provision auto scale and provide
auto-redundancy
Microservice
Data
Access
Layer
Business
Logic
DB
UIUI
Microservice
Microservice
Monolithic
ArchitectureMicroservices
Architecture
DB
Microservice
Microservice
DB
Microservice
DB
This is not a claim that a microservice-based application approach is always better for every use case scenario
IBM Cloud8
Containers ndash the second key to cloud native applicationsReducing operational and development costs
Containers virtual software in the way that virtual machines have virtualized hardware
Virtual machines vs containers
Hypervisor
Infrastructure
Guest
OS
Guest
OS
Guest
OS
BinsLibs LibsBins BinsLibs
App 1 App 2 App 3
Operating System
Infrastructure
BinsLibs BinsLibs BinsLibs
App 1 App 2 App 3
Container Engine
overhea
d
Containers can be 2 ndash 3 times more resource
efficient than virtual machines
On average Docker developers ship software 7x
more frequently
BV
IBM Cloud9
Container automation and orchestration is essentialEnter Kubernetes
Containers are revolutionizing IT
But they require orchestration
Kubernetes - κυβερνήτης
Means ldquohelmsmanrdquo or ldquopilotrdquo
IBM Cloud10
Private Clouds address the new IT realityCreated by digital transformation
Method Development Deployment Environment
Waterfall Monolithic Bare metal On-Premises
Agile Programming N-Tier Virtual Server Off-Premises
Agile DevOps Microservices Containers Cloud
Hypervisor
Infrastructure
GuestOS
GuestOS
GuestOS
BinsLibs BinsLibs BinsLibs
App 1 App 2 App 3
Operating System
Infrastructure
BinsLibs BinsLibs BinsLibs
App 1 App 2 App 3
Container Engine
Tim
e t
o v
alu
e
Perc
ep
tio
n o
f co
st
IBM Cloud11
Public Cloud + Private Cloud = Hybrid Cloud Different cloud options
Public CloudOn-Premises
Private Cloud
Hosted Private
CloudHybrid Cloud
Hardware
Deployment and
Management
Vendor Customer Vendor
Shared between
vendor and
customer
Hardware Sharing
ModelShared Dedicated Dedicated
Partially shared
and partially
dedicated
Scalability High Medium High High
Low Cost Yes Sometimes Sometimes Sometimes
Predictable Cost No Yes Yes No
Utility Billing Yes No Depends on vendor Partial
Flexibility Yes Limited Limited Yes
Customization
CapabilitiesNo Yes Depends on vendor Partial
Enhanced Security
and ComplianceNo Yes Yes Yes
Instant
ProvisioningYes Yes Yes Yes
A ldquoHybrid Cloudrdquo is a highly orchestrated environment where all sources act as one
A ldquoMulti-cloudrdquo environment simply refers to the use of multiple cloud sources of any kind without necessarily being orchestrated
IBM Cloud12
Why care about Private CloudsAdoption brings agility and efficiency
Cost Efficient amp Scalable
Infrastructure
Accelerate Time to Market
Build package amp deploy applications in
containers run at scale with Kubernetes
Refactor applications into microservices
amp modernize monolithic applications
Manage Data at Scale
Access govern amp analyze your data at
scale accelerate your journey to AI
50 Benefit
3-Year $54 Million Cost Savings 255 ROI
Business Value Assessment Customer Output
Standard On-Premises vs IBM Cloud Private
Data CenterSystem Utilization amp Server Reduction
75 BenefitManage PerformanceElasticity Bursting High Availability
35 BenefitDevOpsFaster Deployments
30 BenefitDeployment EfficiencyContainers amp Microservices
50 BenefitImproved SecurityManagement amp Risk Reduction
IBM Cloud13
Private Cloud Platform Market LeadersOpenShift and IBM Cloud Private
IBM Cloud Private
IBM Cloud14
Kubernetes Basics
IBM Cloud15
Kubernetes Basics
Kubernetes Overview
minusOpen Source Project
minus Features
minusArchitecture
Kubernetes Workloads
minus Pods and YAML
minus Controllers
Kubernetes Networking
minus Services
Kubernetes Storage
minus Volume types
minus Persistent volumes
minus Persistent volume claims
Kubernetes Security
minus Secrets
IBM Cloud Private Catalog
minusHelm Charts
minusHelm CLI
IBM Cloud16
Kubernetes ndash Open Source Project
Greek work for ldquoHelmsmanrdquo
Itrsquos Open Source - httpsgithubcomkuberneteskubernetes
Itrsquos a graduated project of Cloud Native Computing Foundation httpscncfio
Popularly known as ldquoContainer Orchestratorrdquo
It is a modern ldquoCluster Managerrdquo for automating deployment scaling and management of containerized applications
IBM Cloud17
Kubernetes ndash Features (1)
Automatic binpacking
minus Automatically places containers on nodes Mix critical and best-effort workloads in order to drive up utilization
Horizontal scaling
minus Scale application up or down with a simple command with a UI or automatically based on CPU usage
Automated rollouts and rollbacks
minus Kubernetes progressively rolls out changes to the application or its configuration while monitoring application health to ensure that it doesnrsquot kill all instances at the same time
Storage orchestration
minus Automatically mount the storage system of your choice whether from local public or SAN such as iSCSI Gluster Ceph Cinder Flocker NFS or IBM Spectrum Scale
IBM Cloud18
Kubernetes ndash Features (2)
Self-healing
minus Restart containers that fail replace and reschedules containers when nodes die kill containers that do not respond to user defined health checks
Service discovery and load balancing
minus No need to modify the application to use an unfamiliar service discovery mechanism Kubernetes gives containers their own IP addresses and a single DNS name for a set of containers
Secret and configuration management
minus Deploy and update secrets and application configuration without rebuilding your image and without exposing secrets in your stack configuration
Batch Execution
minus In addition to services Kubernetes can manage your batch and CI workloads replacing containers that fail if desired
IBM Cloud19
Kubernetes Architecture
Kubernetes Cluster
Kubelet
Worker NodeKubelet
Worker NodeKubelet
Worker Node
Master Node
API Server
Scheduler ControllerDistributed etcd
key-value datastore
Image Registry
Container -
1Container -
2Container -
3Container -
4Container -
5Container -
6Container -
7Container -
8Container -
n
Kubernetes REST API
Command
LineWeb UI
IBM Cloud20
Kubernetes WorkloadsPod ndash the basic building block for Kubernetes
Smallest and simplest unit in Kubernetes object model
Pod encapsulates an application container (or multiple containers) storage resources a unique network IP and options that govern how the container should run
Pod is a unit of deployment
Pod runs one or more containers as a unit
Docker is the container runtime used in IBM Cloud Private
One-container-per-pod model is most common use case
Kubernetes manages the pod rather than containers directly
Pods can run multiple containers that need to work together and toshare resources
Pods are designed as relatively ephemeral disposable entities
Pods do not self-heal by themselves ndash a higher level abstractiondoes this
IBM Cloud21
Kubernetes ConfigurationsCreate YAML for creating resources on KubernetesYAML ndash Yet Another Markup Language or YAML Ainrsquot Markup Language
Types of structures required in Kubernetes
minus Maps
minus Lists
YAML Maps - let you associate name value pair For example---apiVersion v1kind pod
YAML Maps ndash Create a key that maps to another map---apiVersion v1kind podmetadata
name db2labels
app db2
IBM Cloud22
Kubernetes Configurations ndash Create YAML (continued)YAML Lists are literally a sequence of objects Members in the list can also be maps
---apiVersion v1kind podmetadata
name db2labels
app db2spec
containers- name front-endimage nginxports
- containerPort 80- name db2-oltpimage storeibmcorpdb2_developer_c11144ports
- containerPort 50000
A YAML manifest has four components to define a Kubernetes resourcebull apiVersionbull kindbull metadatabull spec
IBM Cloud23
Kubernetes Workloads ndash Create a Pod
Create a nginx pod ndash icp01yaml--- Simple yaml file to create an nginx podapiVersion v1kind Podmetadata
name nginxlabels
app nginxspec
containers- name nginx
image nginx179ports- containerPort 80
Create the pod
$ kubectl apply -f icp01yaml
podnginx created
Check pod status
$ kubectl get pods
NAME READY STATUS RESTARTS AGE
nginx 11 Running 0 13s
IBM Cloud24
Kubernetes Workloads - ControllersControllers can create and manage pods for you
ReplicaSet
minus A ReplicaSet ensures that a specified number of pod replicas are running at any given time
Deployments
minus Deployment is a higher-level concept that manages ReplicaSets and provides declarative updates to pods
minus Example Create a deployment to rollout a ReplicaSet
StatefulSets
minus StatefulSets represent a set of pods with unique persistent identities and stable hostnames that are maintained regardless where they are scheduled
minus Examples Db2 Redis IBM MQ
DaemonSets
minus A DaemonSet ensures that nodes (all or some) run a copy of pod As nodes are added pods are added to them
minus Example Cluster storage daemon such as glusterd ceph logs collection on each node
Jobs CronJobs
minus A job creates one or more pods and ensures that a specified number of them successfully terminate
IBM Cloud25
Kubernetes Network - Services
Without services Pods are not visible outside the cluster
To enable communication from outside world to the Pods services are created
Internal Service Endpoints ndash Available inside the cluster only
External Service Endpoints - DNS names C-Names or A-records available to access pods
With the help of labels and selectors the services are tied to the pods
Service Types
minus ClusterIP ndash Service is reachable only from inside of the cluster
minus NodePort ndash Service is reachable through NodeIPNodePort
minus LoadBalancer ndash Service is reachable through an external load balancer mapped to NodeIPNodePort address
IBM Cloud26
Kubernetes Storage ndash Volume types
Host-based
minus EmptyDir
minus HostPath
Block Storage
minus IBM Block Storage
minus Amazon EBS
minus GCE Persistent Disk
minus vSphere Volumes
Distributed File System
minus IBM Spectrum Scale
minus NFS
minus Ceph
minus GlusterFS
minus Amazon EFS
minus Azure File System
Other
minus Flocker
minus iSCSI
minus Git Repository
minus Quobyte
IBM Cloud27
Kubernetes Storage ndash Persistence in Pods
Pods are ephemeral and stateless
Applications need persistent storage
Volumes is a way to get persistence to a Pod
Kubernetes volumes are similar to Docker volumes but are managed differently
All containers in a Pod can access the volume
Volumes are associated with the lifecycle of a Pod
Directories in a host are exposed as volumes in Pod
Volumes may be based on a variety of back-end storage types
IBM Cloud28
Kubernetes StoragePersistent volume and persistent volume claim
The Kubernetes Volume abstraction provides
minusPersistent Volume (PV) ndash Provisioned by an administrator
minusPersistent Volume Claim (PVC) ndash Requested by an user and Heketi provisions PVC ndash which creates a PV
minus Storage Class (SC) ndash Storage profiles offered by admins
Persistent
Volume
Block Storage Distributed File System IBM
Spectrum Scale
Worker Node
Pod 1 Pod 1
Persistent
Volume
Claim
IBM Cloud29
Kubernetes SecretsDecouple container with sensitive information
Secret holds sensitive information such as password OAuth tokens and more
Secret is an abstraction to decouple sensitive data
To use a secret Pod needs to reference the secret
Secret can be used in a Pod as files in a volume mounted on one or more containers or used by kubelet when pulling images for the Pod
$ kubectl -n stocktrader
create secret generic db2
--from-literal=id=db2psc
--from-literal=pwd=password
--from-literal=host=dev-ibm-db2oltp-devdefaultsvcclusterlocal
--from-literal=port=50000
--from-literal=db=PSDB
IBM Cloud30
IBM Cloud Private catalog ndash Helm Charts
Db2 chart
DSM chart
IBM Cloud31
IBM Cloud Private catalog ndash What is a Helm Chart
Helm is the package manager in IBM Cloud Private
Tiller is the server that serves the Helm content
Helm charts help to define install and upgrade software in an automated fashion
Helm charts can be deployed using GUI or command line
Software packages are available from IBM Charts Repository
Available at httpsgithubcomIBMcharts
IBM Cloud Private catalog requires internet connectivity to show available charts
In an air-gap environment you can build your own Local Charts repository
IBM Cloud32
IBM Charts Repository httpsgithubcomIBMchartstreemasterstable
Db2 chart
DSM chart
IBM Cloud33
Helm command line ndash Helm and Tiller
Helm is the client and Tiller is the server ndash runs on master node
$ helm version
Client v272+icp
Error cannot connect to Tiller
Use of --tls is required to do Helm operations
$ helm version --tls
Client v272+icp
Server v272+icp
Helm and Tiller version must be same ndash do not download Helm from Internet
IBM Cloud34
Deploying Db2 on Kubernetes
IBM Cloud35
Db2-based Containers running on Kubernetes (Sep 2019)Product Version Worker
Nodes
Pods PVCs Comments
Db2 OLTP 11144 1 1 1
Db2 OLTP HADR 11144 3 5 6 1x Db2 primary 1x Db2 standby 3x etcd for cluster
manager addntl PVC for HADR setup
Data Server
Manager
215 1 2 2 1x DSM 1x Db2 repository database
Includes Db2 111 engine
Db2 Warehouse
SMP
3100 1 1 1 Includes Db2 111 engine
Db2 Warehouse
MPP
3100 3+ 3+ 1 Includes Db2 111 engine
Requires IBM Cloud Pak for Data
Coming soon
minus Red Hat OpenShift Kubernetes support
minus Db2 v115 engine
IBM Cloud36
IBM Cloud Private Kubernetes platform
IBM Cloud37
Before deploying Db2 OLTP to Kubernetes a couple of stepsneed to be performed
Creating a new namespace (optional)
Configuring a pod security policy
Configuring an image pull secret
Configuring the service account
IBM Cloud38
Creating the Namespace for the Db2 OLTP containers
We will create new namespace where all our Pods for Db2 OLTP Db2 OLTP HADR and Data Server Manager will run
Create the namespace for example stock-trader-data
$ kubectl create namespace stock-trader-data
namespacestock-trader-data created
Switch the context to the newly created namespace
$ kubectl config set-context $(kubectl config current-context)
--namespace=stock-trader-data
Context mycluster-context modified
Verify pods There should be no pods running as we just created the namespace$ kubectl get podsNo resources found
IBM Cloud39
Configuring Pod Security Policy for Db2$ cat pre01yamlapiVersion extensionsv1beta1kind PodSecurityPolicymetadata
name db2-privilegesspec
allowPrivilegeEscalation trueprivileged falseallowedCapabilities- SETPCAP- MKNOD- AUDIT_WRITE- CHOWN- NET_RAW- DAC_OVERRIDE- FOWNER- FSETID- KILL- SETGID- SETUID- NET_BIND_SERVICE- SYS_CHROOT- SETFCAP- SYS_RESOURCE- IPC_OWNER- SYS_NICEfsGroup
rule RunAsAnyhostIPC true
hostNetwork falsehostPID falsehostPorts- max 65535
min 1runAsUser
rule RunAsAnyseLinux
rule RunAsAnysupplementalGroups
rule RunAsAnyvolumes-
Configure the pod security policy$ kubectl apply -f pre01yamlpodsecuritypolicyextensionsdb2-privileges configured
Verify the results$ kubectl get psp
db2-privileges false SETPCAPMKNODAUDIT_WRITECHOWNNET_RAWDAC_OVERRIDEFOWNERFSETIDKILLSETGIDSETUIDNET_BIND_SERVICESYS_CHROOTSETFCAPSYS_RESOURCEIPC_OWNERSYS_NICE RunAsAny RunAsAny RunAsAny RunAsAnyfalse
IBM Cloud40
Configuring Image Pull Secret for Db2
We need to create a image pull secret to give Kubernetes the credentials to pull the Db2 Developer-C and DSM images from Docker Hub
The username password and email are the credentials form Docker Hub
Note that you need to subscribe the Db2 and DSM images in Docker Hub first
Configure the image pull secret$ kubectl create secret docker-registry dockerhub
--docker-username=ltyour dockerhub usernamegt--docker-password=ltyour dockerhub passwordgt--docker-email=ltyour dockerhub emailgt--namespace=ltyour namespacegt
secretdockerhub created
Verify the result$ kubectl get secretsNAME TYPE DATA AGEdefault-token-mwvpl kubernetesioservice-account-token 3 17ddockerhub kubernetesiodockerconfigjson 1 13m
IBM Cloud41
Configuring Service Account for Db2$ more pre04yaml---kind ClusterRoleapiVersion rbacauthorizationk8siov1metadataname db2-privileges-cluster-role
rules- apiGroups [extensions]resources [podsecuritypolicies]verbs [use]resourceNames- db2-privileges
---kind ClusterRoleBindingapiVersion rbacauthorizationk8siov1metadataname db2-privileges-cluster-role-binding
roleRefkind ClusterRolename db2-privileges-cluster-roleapiGroup rbacauthorizationk8sio
subjects- kind ServiceAccountname defaultnamespace stock-trader-data
The YAML specification file that defines the cluster role and the cluster role binding for the service account
Configure the service account$ kubectl apply -f pre04yamlclusterrolerbacauthorizationk8siodb2-privileges-cluster-role createdclusterrolebindingrbacauthorizationk8siodb2-privileges-cluster-role-binding created
Verify the results$ kubectl get psp
db2-privileges false SETPCAPMKNODAUDIT_WRITECHOWNNET_RAWDAC_OVERRIDEFOWNERFSETIDKILLSETGIDSETUIDNET_BIND_SERVICESYS_CHROOTSETFCAPSYS_RESOURCEIPC_OWNERSYS_NICE RunAsAny RunAsAny RunAsAnyRunAsAny false
IBM Cloud42
Helm Charts for Db2 and DSM
IBM Cloud43
Helm install command to deploy Db2 OLTP on Kubernetes
Installing Db2 OLTP server with one database in 2 minutes
$ helm install --name db2-01 ibm-chartsibm-db2oltp-dev
--tls
--set db2instinstname=db2inst1
--set db2instpassword=passw0rd
--set optionsdatabaseName=MYDB
--set dataVolumesize=20Gi
Size of the
Db2 data
volume
Name of database that
will be created
If not specified no
database will be
created
Instance
owner name
Instance owner
password
Db2 OLTP
Helm chart
name
Helm release
name
different for each
deployment
Additional parameters available for example to enable Oracle compatibilitySee httpsgithubcomIBMchartstreemasterstableibm-db2oltp-dev
IBM Cloud44
Letrsquos verify if we can connect to the MYDB database (1)
Get list of running pods and verify that Db2 OLTP pod is running
$ kubectl get podsNAME READY STATUS RESTARTS AGEdb2-01-ibm-db2oltp-dev-0 11 Running 1 7h57m
Review the logs of the Db2 OLTP container
$ kubectl logs -f db2-01-ibm-db2oltp-dev-009152019 160430 0 0 SQL1063N DB2START processing was successfulSQL1063N DB2START processing was successful() Starting TEXT SEARCH service CIE00001 Operation completed successfullyssh-keygen generating new host keys RSA1 RSA DSA ECDSA ED25519() All databases are now active() Setup has completed
IBM Cloud45
Letrsquos verify if we can connect to the MYDB database (2)
Login to the Db2 OLTP container and connect to MYDB Db2 database
$ kubectl exec -it db2-01-ibm-db2oltp-dev-0 --binbash su - db2inst1Last login Sun Sep 15 161711 UTC 2019$ db2 connect to MYDB
Database Connection Information
Database server = DB2LINUXX8664 11144SQL authorization ID = DB2INST1Local database alias = MYDB
IBM Cloud46
Cataloging the MYDB database
We need to catalog the MYDB database to access from Db2 client
binbash
NODE_PORT=$(kubectl get --namespace stock-trader-data
-o jsonpath=specports[0]nodePort services db2-01-ibm-db2oltp-dev-db2)
echo Cataloging node db2tcp1
db2 -v uncatalog node DB2TCP1
db2 -v catalog tcpip node DB2TCP1 remote 19216827100 server $NODE_PORT
echo Cataloging database MYDB at node db2tcp1
db2 -v uncatalog database MYDB
db2 -v catalog database MYDB at node DB2TCP1
db2 terminate
We get the Db2 port
from the Db2 OLTP
helm release service
definition
IBM Cloud47
Kubernetes resources for Db2 OLTP$ helm status db2-01 --tlsNAME db2-01LAST DEPLOYED Sun Sep 15 081114 2019NAMESPACE stock-trader-dataSTATUS DEPLOYEDRESOURCES==gt v1SecretNAME TYPE DATA AGEdb2-01-ibm-db2oltp-dev Opaque 1 1s==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
db2-01-data-stor Bound vol12 20Gi RWO 1s
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
db2-01-ibm-db2oltp-dev-db2 NodePort 100050 ltnonegt 5000030463TCP5500032236TCP 1sdb2-01-ibm-db2oltp-dev ClusterIP None ltnonegt 50000TCP55000TCP60006TCP60007TCP 1s==gt v1StatefulSetNAME DESIRED CURRENT AGE
db2-01-ibm-db2oltp-dev 1 1 1s
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdb2-01-ibm-db2oltp-dev-0 01 Init01 0 1s 1 Pod runs
the Db2
container
2 Services for
Db2 1x external
1x internal
1 StatefulSet
DESIRED = 1
1 PVC (RWO) for db
files logs amp config
1 Secret
Db2 instance
owner password
IBM Cloud48
Helm install command for deploying Db2 OLTP HADR
Setting up a Db2 OLTP v111 HADR cluster pair in 5 minutes with 1 command
helm install --name db2-02 ibm-chartsibm-db2oltp-dev
--tls
--set db2instinstname=db2inst1
--set db2instpassword=passw0rd
--set optionsdatabaseName=HADB
--set dataVolumesize=20Gi--set hadrenabled=true
Additional parameter
hadrenabled set to true to
indicate that we want a
HADR setup
IBM Cloud49
Verify that Db2 HADR is working
IBM Cloud50
Kubernetes resources for Db2 OTLP HADRNAME db2-02LAST DEPLOYED Tue Sep 17 082433 2019NAMESPACE stock-trader-dataSTATUS DEPLOYEDRESOURCES==gt v1SecretNAME TYPE DATA AGEdb2-02-ibm-db2oltp-dev Opaque 1 1s==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
db2-02-hadr-stor Bound vol09 20Gi RWX 1s
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
db2-02-ibm-db2oltp-dev-db2 NodePort 100061 ltnonegt 5000032422TCP5500032181TCP 1sdb2-02-ibm-db2oltp-dev ClusterIP None ltnonegt 50000TCP55000TCP60006TCP60007TCP 1sdb2-02-ibm-db2oltp-dev-etcd ClusterIP None ltnonegt 2380TCP2379TCP 1s==gt v1StatefulSetNAME DESIRED CURRENT AGE
db2-02-ibm-db2oltp-dev 2 2 1s
==gt v1beta2StatefulSet
db2-02-ibm-db2oltp-dev-etcd 3 0 1s
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdb2-02-ibm-db2oltp-dev-0 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-1 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-etcd-0 01 ContainerCreating 0 1sdb2-02-ibm-db2oltp-dev-etcd-1 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-etcd-2 01 Pending 0 1s
5 Pods
2x Db2 3x etcd
3 Services
2x Db2 1x etcd
2 StatefulSets
Db2 DESIRED=2
etcd DESIRED=3
1 PVC (RWX)
for HADR setup (1)
1 Secret
Db2 instance
owner password
(1) 5 addntl PVCs are being created
implicitly for 2x Db2 and 3x etcd
IBM Cloud51
Kubernetes Job to deploy SQL $ cat single04yamlapiVersion batchv1kind Jobmetadata
name db2-01-create-database-schemaspec
templatespec
containers- name db2-01-create-database-schema
image storeibmcorpdb2_developer_c11144-x86_64command [ binsh-cscriptsdb2-setupsh ]volumeMounts- name db2-createschema
mountPath scriptssecurityContext
capabilitiesadd [SYS_RESOURCE IPC_OWNER SYS_NICE]
env- name LICENSE
value accept- name DB2INSTANCE
value db2inst1- name DB2INST1_PASSWORD
valueFromsecretKeyRef
name db2-01-ibm-db2oltp-devkey password
- name DB2_SERVICE_NAMEvalue db2-01-ibm-db2oltp-dev
- name DBNAMEvalue mydb
restartPolicy Nevervolumes- name db2-createschema
configMapname db2-createschemadefaultMode 0744
backoffLimit 1---apiVersion v1data
db2-setupsh |binshexport SETUPDIR=vardb2_setupsource $SETUPDIRincludedb2_constantssource $SETUPDIRincludedb2_common_functionsif getent passwd $DB2INSTANCE gt devnull 2gtamp1 then
echo () Previous setup has not been detected Creating create_users
fiif create_instance then
exit 1fistart_db2cp scriptsdb2-createschemash databasedb2-createschemashchmod +x databasedb2-createschemashsu - $DB2INSTANCE -c databasedb2-createschemash
$DB2_SERVICE_NAME $DB2INSTANCEldquo$DB2INST1_PASSWORD $DBNAME
IBM Cloud52
Kubernetes Job to deploy SQL (contrsquod)db2-createschemash |
binshDB2_SERVICE_NAME=$1DB2INSTANCE=$2DB2INST1_PASSWORD=$3DBNAME=$4echo Configure schema for database $DBNAME on host $DB2_SERVICE_NAMEdb2 catalog tcpip node DB2NODE remote $DB2_SERVICE_NAME server 50000db2 catalog db $DBNAME as $DBNAME at node DB2NODEdb2 terminatedb2 activate database $DBNAME user $DB2INSTANCE using $DB2INST1_PASSWORDdb2 connect to $DBNAME user $DB2INSTANCE using $DB2INST1_PASSWORDsleep 2db2 -tvmf scriptsps-bp-tbspsqlsleep 10db2 -tvmf scriptsps-tablessqlecho Database $DBNAME has been configured
ps-bp-tbspsql |CREATE BUFFERPOOL BP32K PAGESIZE 32KCREATE TABLESPACE TS32 PAGESIZE 32K BUFFERPOOL BP32K
ps-tablessql |CREATE TABLE PS_TABLE(PS_TABLE_ID INTEGER NOT NULL GENERATED ALWAYS AS IDENTITY (START WITH 100000 INCREMENT BY 5) [hellip] IN TS32INSERT INTO PS_TABLE (SSNFIRST_NAMELAST_NAMEJOB_CODEDEPTSALARYDOB) WITH TEMP1 [hellip] CREATE TABLE PS_HISTORY ( FIRSTNAME VARCHAR(20) NOT NULL LASTNAME VARCHAR(20) NOT NULL JOBCODE CHAR(4) NOT NULL ) IN TS32 GRANT ALL ON ps_table TO PUBLICGRANT ALL ON ps_history TO PUBLIC
kind ConfigMapmetadata
name db2-createschema
IBM Cloud53
Deploying the Job to run the SQL
We deploy the Kubernetes job that runs the SQL on the MYDB database
$ kubectl apply ndashf single04yaml
jobbatchdb2-01-create-database-schema created
configmapdb2-createschema configured
We verify that the job has been created
$ kubectl get jobs
NAME COMPLETIONS DURATION AGE
db2-01-create-database-schema 01 0s 0s
Eventually the job completes
$ kubectl get jobs
NAME COMPLETIONS DURATION AGE
db2-01-create-database-schema 11 109s 45m
IBM Cloud54
Verifying the logs from the Job that runs the SQL on MYDBWe run a script to retrieve the logs form the job
binbash
kubectl config set-context $(kubectl config current-context) --namespace=stock-trader-data
pod=$(kubectl get pods --selector=job-name=db2-01-create-database-schema --output=jsonpath=items[]metadataname)
kubectl logs -f $pod
Output
[hellip]
DB20000I The SQL command completed successfully
GRANT ALL ON ps_table TO PUBLIC
DB20000I The SQL command completed successfully
GRANT ALL ON ps_history TO PUBLIC
DB20000I The SQL command completed successfully
Database mydb has been configured
IBM Cloud55
Deploying Data Server Manager (DSM) with the GUI
IBM Cloud56
Deploying Data Server Manager (DSM) with the GUI (2)
IBM Cloud57
Getting the URL of Data Server Manager
We need to query Kubernetes for the URL of the DSM GUI
binbash
export NODE_PORT=$(kubectl get --namespace stock-trader-data -o jsonpath=spec
ports[1]nodePort services dsm-01-ibm-dsm-dev)
export NODE_IP=$(kubectl get nodes --namespace stock-trader-data -o jsonpath=
items[0]statusaddresses[0]address)
echo https$NODE_IP$NODE_PORT
=gt https1921682710030462 (can be different on your system)
IBM Cloud58
Accessing Data Server Manager
IBM Cloud59
Data Server Manager HomepageAll Db2 OLTP instances running in the
same namespace as DSM will be auto-
discovered and monitored by DSM
IBM Cloud60
DSM Kubernetes resources (12)$ helm status dsm-01 --tlsLAST DEPLOYED Mon Sep 16 120102 2019NAMESPACE stock-trader-dataSTATUS DEPLOYED
RESOURCES==gt v1RoleBindingNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGEdsm-01-repository NodePort 1000233 ltnonegt 5000032695TCP5500032203TCP 8mdsm-01-ibm-dsm-dev NodePort 100085 ltnonegt 1108032444TCP1108130462TCP 8m
==gt v1beta1DeploymentNAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGEdsm-01-repository 1 1 1 1 8mdsm-01-ibm-dsm-dev 1 1 1 1 8m
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdsm-01-repository-76f87d47d4-dlqh4 11 Running 0 8mdsm-01-ibm-dsm-dev-b976d89bd-dflqn 22 Running 0 8m
2 RoleBindings
2 Services
1x Db2 (repodb)
1x DSM
2 Deployments
2 Pods
1 Db2 1 DSM
IBM Cloud61
DSM Kubernetes resources (22)
[hellip]==gt v1SecretNAME TYPE DATA AGEdsm-01-repository-db2-passwd Opaque 1 8mdsm-01-ibm-dsm-dev-dsm-passwd Opaque 1 8m
==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGEdsm-01-repository-data-stor Bound vol14 20Gi RWO 8mdsm-01-ibm-dsm-dev-datavolume Bound vol12 20Gi RWO 8m
==gt v1ServiceAccountNAME SECRETS AGEdsm-repodb-dsm-01-repository 1 8mdsm-dsm-01-ibm-dsm-dev 1 8m
==gt v1RoleNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
2 Secrets 1 DSM
asmin 1 Db2
instance owner
2 PVCs 1 DSM
Db2
3 Roles
IBM Cloud62
Additional Resources
IBM Cloud63
Additional Resources ndash Kubernetes Docker Helm
Kubernetes
minus httpskubernetesiodocstutorialskubernetes-basics
Kubernetes in the Enterprise eBook
minus ibmbizBdYA4i
Docker
minus httpsdocsdockercomget-started
Docker Hub
minus httpshubdockercom
Helm
minus httpshelmshdocs
IBM Cloud64
Additional Resources ndash IBM Cloud Private OpenShift
IBM Cloud Private Documentation
minus httpswwwibmcomsupportknowledgecenterenSSBS6K_320kc_welcome_containershtml
Deploy IBM Cloud Private Community Edition using Vagrant
minus httpsgithubcomIBMdeploy-ibm-cloud-privateblobmasterdocsdeploy-vagrantmd
Red Hat OpenShift Container Platform Documentation
minus httpsdocsopenshiftcomcontainer-platform41welcomeindexhtml
IBM Cloud65
Additional Resources ndash Db2 Db2Wh DSMDb2 Integration into IBM Cloud Private
minus httpsdeveloperibmcomrecipestutorialsdb2-integration-into-ibm-cloud-private
Db2 on IBM Cloud Private with Red Hat OpenShift
minus httpsdeveloperibmcomrecipestutorialsibm-db2-on-ibm-cloud-private-with-redhat-openshift
IBM Db2 Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-db2oltp-dev
IBM Data Server Manager Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-dsm-dev
Deploying Db2 Warehouse SMP using Kubernetes
minus httpswwwibmcomsupportknowledgecenterenSSCJDQcomibmswgimdashdbdocadmindeploy_kubernetes_smphtml
Deploying Db2 Warehouse SMP and MPP on IBM Cloud Pak for Data
minus httpswwwibmcomsupportknowledgecenterenSSQNUZ_210comibmicpdatadoczenadmindb-reqshtmldb-reqs__db2warehouse
IBM Cloud66
Presentation on Db2 and Docker from Db2 Aktuell 2018
IBM Cloud67
Summary
IBM Cloud68
Summary
Micro Services and Containers
Kubernetes Basics
Deploying Db2 on Kubernetes
minus Db2 OLTP Single Server
minus Db2 OLTP HADR
minus Data Server Manager (DSM)
Additional Resources
Summary
IBM Cloud69
Claus Huempel IBM Deutschland GmbH
Karl-Arnold-Platz 1a
Technical Sales Professional 40474 Duesseldorf
Hybrid Data Management Germany
Mobile +49-177-3627278
Email chuempeldeibmcom
Thank You
IBM Cloud70
IBM Cloud6
Multi-cloud is being driven by cloud native architecturesMicroservices and containers are changing IT
Portable Applications
Public Cloud
CAGR -8
Traditional IT
Private Cloud
Public
with Virtual
Private
Cloud
Public Cloud
The Compound
Annual Growth Rate
of traditional IT
continues to shrink
while public and
private cloud
continues to grow
Microservices and
containers are keys to
this transformation
CAGR 16 CAGR 30
IBM Cloud7
Microservices ndash the first key to cloud native applicationsMaking development amp deployment more efficient
Microservices benefits
bull Improves fault isolation
Larger applications can remain largely
unaffected by the failure of a single
module
bull Eliminates long-term commitment to
a single technology stack
Try out a new technology stack on an
individual service and roll it back if
required
bull Easier development
A new developer can more easily
understand the functionality of a service
bull Easier deployment
Auto provision auto scale and provide
auto-redundancy
Microservice
Data
Access
Layer
Business
Logic
DB
UIUI
Microservice
Microservice
Monolithic
ArchitectureMicroservices
Architecture
DB
Microservice
Microservice
DB
Microservice
DB
This is not a claim that a microservice-based application approach is always better for every use case scenario
IBM Cloud8
Containers ndash the second key to cloud native applicationsReducing operational and development costs
Containers virtual software in the way that virtual machines have virtualized hardware
Virtual machines vs containers
Hypervisor
Infrastructure
Guest
OS
Guest
OS
Guest
OS
BinsLibs LibsBins BinsLibs
App 1 App 2 App 3
Operating System
Infrastructure
BinsLibs BinsLibs BinsLibs
App 1 App 2 App 3
Container Engine
overhea
d
Containers can be 2 ndash 3 times more resource
efficient than virtual machines
On average Docker developers ship software 7x
more frequently
BV
IBM Cloud9
Container automation and orchestration is essentialEnter Kubernetes
Containers are revolutionizing IT
But they require orchestration
Kubernetes - κυβερνήτης
Means ldquohelmsmanrdquo or ldquopilotrdquo
IBM Cloud10
Private Clouds address the new IT realityCreated by digital transformation
Method Development Deployment Environment
Waterfall Monolithic Bare metal On-Premises
Agile Programming N-Tier Virtual Server Off-Premises
Agile DevOps Microservices Containers Cloud
Hypervisor
Infrastructure
GuestOS
GuestOS
GuestOS
BinsLibs BinsLibs BinsLibs
App 1 App 2 App 3
Operating System
Infrastructure
BinsLibs BinsLibs BinsLibs
App 1 App 2 App 3
Container Engine
Tim
e t
o v
alu
e
Perc
ep
tio
n o
f co
st
IBM Cloud11
Public Cloud + Private Cloud = Hybrid Cloud Different cloud options
Public CloudOn-Premises
Private Cloud
Hosted Private
CloudHybrid Cloud
Hardware
Deployment and
Management
Vendor Customer Vendor
Shared between
vendor and
customer
Hardware Sharing
ModelShared Dedicated Dedicated
Partially shared
and partially
dedicated
Scalability High Medium High High
Low Cost Yes Sometimes Sometimes Sometimes
Predictable Cost No Yes Yes No
Utility Billing Yes No Depends on vendor Partial
Flexibility Yes Limited Limited Yes
Customization
CapabilitiesNo Yes Depends on vendor Partial
Enhanced Security
and ComplianceNo Yes Yes Yes
Instant
ProvisioningYes Yes Yes Yes
A ldquoHybrid Cloudrdquo is a highly orchestrated environment where all sources act as one
A ldquoMulti-cloudrdquo environment simply refers to the use of multiple cloud sources of any kind without necessarily being orchestrated
IBM Cloud12
Why care about Private CloudsAdoption brings agility and efficiency
Cost Efficient amp Scalable
Infrastructure
Accelerate Time to Market
Build package amp deploy applications in
containers run at scale with Kubernetes
Refactor applications into microservices
amp modernize monolithic applications
Manage Data at Scale
Access govern amp analyze your data at
scale accelerate your journey to AI
50 Benefit
3-Year $54 Million Cost Savings 255 ROI
Business Value Assessment Customer Output
Standard On-Premises vs IBM Cloud Private
Data CenterSystem Utilization amp Server Reduction
75 BenefitManage PerformanceElasticity Bursting High Availability
35 BenefitDevOpsFaster Deployments
30 BenefitDeployment EfficiencyContainers amp Microservices
50 BenefitImproved SecurityManagement amp Risk Reduction
IBM Cloud13
Private Cloud Platform Market LeadersOpenShift and IBM Cloud Private
IBM Cloud Private
IBM Cloud14
Kubernetes Basics
IBM Cloud15
Kubernetes Basics
Kubernetes Overview
minusOpen Source Project
minus Features
minusArchitecture
Kubernetes Workloads
minus Pods and YAML
minus Controllers
Kubernetes Networking
minus Services
Kubernetes Storage
minus Volume types
minus Persistent volumes
minus Persistent volume claims
Kubernetes Security
minus Secrets
IBM Cloud Private Catalog
minusHelm Charts
minusHelm CLI
IBM Cloud16
Kubernetes ndash Open Source Project
Greek work for ldquoHelmsmanrdquo
Itrsquos Open Source - httpsgithubcomkuberneteskubernetes
Itrsquos a graduated project of Cloud Native Computing Foundation httpscncfio
Popularly known as ldquoContainer Orchestratorrdquo
It is a modern ldquoCluster Managerrdquo for automating deployment scaling and management of containerized applications
IBM Cloud17
Kubernetes ndash Features (1)
Automatic binpacking
minus Automatically places containers on nodes Mix critical and best-effort workloads in order to drive up utilization
Horizontal scaling
minus Scale application up or down with a simple command with a UI or automatically based on CPU usage
Automated rollouts and rollbacks
minus Kubernetes progressively rolls out changes to the application or its configuration while monitoring application health to ensure that it doesnrsquot kill all instances at the same time
Storage orchestration
minus Automatically mount the storage system of your choice whether from local public or SAN such as iSCSI Gluster Ceph Cinder Flocker NFS or IBM Spectrum Scale
IBM Cloud18
Kubernetes ndash Features (2)
Self-healing
minus Restart containers that fail replace and reschedules containers when nodes die kill containers that do not respond to user defined health checks
Service discovery and load balancing
minus No need to modify the application to use an unfamiliar service discovery mechanism Kubernetes gives containers their own IP addresses and a single DNS name for a set of containers
Secret and configuration management
minus Deploy and update secrets and application configuration without rebuilding your image and without exposing secrets in your stack configuration
Batch Execution
minus In addition to services Kubernetes can manage your batch and CI workloads replacing containers that fail if desired
IBM Cloud19
Kubernetes Architecture
Kubernetes Cluster
Kubelet
Worker NodeKubelet
Worker NodeKubelet
Worker Node
Master Node
API Server
Scheduler ControllerDistributed etcd
key-value datastore
Image Registry
Container -
1Container -
2Container -
3Container -
4Container -
5Container -
6Container -
7Container -
8Container -
n
Kubernetes REST API
Command
LineWeb UI
IBM Cloud20
Kubernetes WorkloadsPod ndash the basic building block for Kubernetes
Smallest and simplest unit in Kubernetes object model
Pod encapsulates an application container (or multiple containers) storage resources a unique network IP and options that govern how the container should run
Pod is a unit of deployment
Pod runs one or more containers as a unit
Docker is the container runtime used in IBM Cloud Private
One-container-per-pod model is most common use case
Kubernetes manages the pod rather than containers directly
Pods can run multiple containers that need to work together and toshare resources
Pods are designed as relatively ephemeral disposable entities
Pods do not self-heal by themselves ndash a higher level abstractiondoes this
IBM Cloud21
Kubernetes ConfigurationsCreate YAML for creating resources on KubernetesYAML ndash Yet Another Markup Language or YAML Ainrsquot Markup Language
Types of structures required in Kubernetes
minus Maps
minus Lists
YAML Maps - let you associate name value pair For example---apiVersion v1kind pod
YAML Maps ndash Create a key that maps to another map---apiVersion v1kind podmetadata
name db2labels
app db2
IBM Cloud22
Kubernetes Configurations ndash Create YAML (continued)YAML Lists are literally a sequence of objects Members in the list can also be maps
---apiVersion v1kind podmetadata
name db2labels
app db2spec
containers- name front-endimage nginxports
- containerPort 80- name db2-oltpimage storeibmcorpdb2_developer_c11144ports
- containerPort 50000
A YAML manifest has four components to define a Kubernetes resourcebull apiVersionbull kindbull metadatabull spec
IBM Cloud23
Kubernetes Workloads ndash Create a Pod
Create a nginx pod ndash icp01yaml--- Simple yaml file to create an nginx podapiVersion v1kind Podmetadata
name nginxlabels
app nginxspec
containers- name nginx
image nginx179ports- containerPort 80
Create the pod
$ kubectl apply -f icp01yaml
podnginx created
Check pod status
$ kubectl get pods
NAME READY STATUS RESTARTS AGE
nginx 11 Running 0 13s
IBM Cloud24
Kubernetes Workloads - ControllersControllers can create and manage pods for you
ReplicaSet
minus A ReplicaSet ensures that a specified number of pod replicas are running at any given time
Deployments
minus Deployment is a higher-level concept that manages ReplicaSets and provides declarative updates to pods
minus Example Create a deployment to rollout a ReplicaSet
StatefulSets
minus StatefulSets represent a set of pods with unique persistent identities and stable hostnames that are maintained regardless where they are scheduled
minus Examples Db2 Redis IBM MQ
DaemonSets
minus A DaemonSet ensures that nodes (all or some) run a copy of pod As nodes are added pods are added to them
minus Example Cluster storage daemon such as glusterd ceph logs collection on each node
Jobs CronJobs
minus A job creates one or more pods and ensures that a specified number of them successfully terminate
IBM Cloud25
Kubernetes Network - Services
Without services Pods are not visible outside the cluster
To enable communication from outside world to the Pods services are created
Internal Service Endpoints ndash Available inside the cluster only
External Service Endpoints - DNS names C-Names or A-records available to access pods
With the help of labels and selectors the services are tied to the pods
Service Types
minus ClusterIP ndash Service is reachable only from inside of the cluster
minus NodePort ndash Service is reachable through NodeIPNodePort
minus LoadBalancer ndash Service is reachable through an external load balancer mapped to NodeIPNodePort address
IBM Cloud26
Kubernetes Storage ndash Volume types
Host-based
minus EmptyDir
minus HostPath
Block Storage
minus IBM Block Storage
minus Amazon EBS
minus GCE Persistent Disk
minus vSphere Volumes
Distributed File System
minus IBM Spectrum Scale
minus NFS
minus Ceph
minus GlusterFS
minus Amazon EFS
minus Azure File System
Other
minus Flocker
minus iSCSI
minus Git Repository
minus Quobyte
IBM Cloud27
Kubernetes Storage ndash Persistence in Pods
Pods are ephemeral and stateless
Applications need persistent storage
Volumes is a way to get persistence to a Pod
Kubernetes volumes are similar to Docker volumes but are managed differently
All containers in a Pod can access the volume
Volumes are associated with the lifecycle of a Pod
Directories in a host are exposed as volumes in Pod
Volumes may be based on a variety of back-end storage types
IBM Cloud28
Kubernetes StoragePersistent volume and persistent volume claim
The Kubernetes Volume abstraction provides
minusPersistent Volume (PV) ndash Provisioned by an administrator
minusPersistent Volume Claim (PVC) ndash Requested by an user and Heketi provisions PVC ndash which creates a PV
minus Storage Class (SC) ndash Storage profiles offered by admins
Persistent
Volume
Block Storage Distributed File System IBM
Spectrum Scale
Worker Node
Pod 1 Pod 1
Persistent
Volume
Claim
IBM Cloud29
Kubernetes SecretsDecouple container with sensitive information
Secret holds sensitive information such as password OAuth tokens and more
Secret is an abstraction to decouple sensitive data
To use a secret Pod needs to reference the secret
Secret can be used in a Pod as files in a volume mounted on one or more containers or used by kubelet when pulling images for the Pod
$ kubectl -n stocktrader
create secret generic db2
--from-literal=id=db2psc
--from-literal=pwd=password
--from-literal=host=dev-ibm-db2oltp-devdefaultsvcclusterlocal
--from-literal=port=50000
--from-literal=db=PSDB
IBM Cloud30
IBM Cloud Private catalog ndash Helm Charts
Db2 chart
DSM chart
IBM Cloud31
IBM Cloud Private catalog ndash What is a Helm Chart
Helm is the package manager in IBM Cloud Private
Tiller is the server that serves the Helm content
Helm charts help to define install and upgrade software in an automated fashion
Helm charts can be deployed using GUI or command line
Software packages are available from IBM Charts Repository
Available at httpsgithubcomIBMcharts
IBM Cloud Private catalog requires internet connectivity to show available charts
In an air-gap environment you can build your own Local Charts repository
IBM Cloud32
IBM Charts Repository httpsgithubcomIBMchartstreemasterstable
Db2 chart
DSM chart
IBM Cloud33
Helm command line ndash Helm and Tiller
Helm is the client and Tiller is the server ndash runs on master node
$ helm version
Client v272+icp
Error cannot connect to Tiller
Use of --tls is required to do Helm operations
$ helm version --tls
Client v272+icp
Server v272+icp
Helm and Tiller version must be same ndash do not download Helm from Internet
IBM Cloud34
Deploying Db2 on Kubernetes
IBM Cloud35
Db2-based Containers running on Kubernetes (Sep 2019)Product Version Worker
Nodes
Pods PVCs Comments
Db2 OLTP 11144 1 1 1
Db2 OLTP HADR 11144 3 5 6 1x Db2 primary 1x Db2 standby 3x etcd for cluster
manager addntl PVC for HADR setup
Data Server
Manager
215 1 2 2 1x DSM 1x Db2 repository database
Includes Db2 111 engine
Db2 Warehouse
SMP
3100 1 1 1 Includes Db2 111 engine
Db2 Warehouse
MPP
3100 3+ 3+ 1 Includes Db2 111 engine
Requires IBM Cloud Pak for Data
Coming soon
minus Red Hat OpenShift Kubernetes support
minus Db2 v115 engine
IBM Cloud36
IBM Cloud Private Kubernetes platform
IBM Cloud37
Before deploying Db2 OLTP to Kubernetes a couple of stepsneed to be performed
Creating a new namespace (optional)
Configuring a pod security policy
Configuring an image pull secret
Configuring the service account
IBM Cloud38
Creating the Namespace for the Db2 OLTP containers
We will create new namespace where all our Pods for Db2 OLTP Db2 OLTP HADR and Data Server Manager will run
Create the namespace for example stock-trader-data
$ kubectl create namespace stock-trader-data
namespacestock-trader-data created
Switch the context to the newly created namespace
$ kubectl config set-context $(kubectl config current-context)
--namespace=stock-trader-data
Context mycluster-context modified
Verify pods There should be no pods running as we just created the namespace$ kubectl get podsNo resources found
IBM Cloud39
Configuring Pod Security Policy for Db2$ cat pre01yamlapiVersion extensionsv1beta1kind PodSecurityPolicymetadata
name db2-privilegesspec
allowPrivilegeEscalation trueprivileged falseallowedCapabilities- SETPCAP- MKNOD- AUDIT_WRITE- CHOWN- NET_RAW- DAC_OVERRIDE- FOWNER- FSETID- KILL- SETGID- SETUID- NET_BIND_SERVICE- SYS_CHROOT- SETFCAP- SYS_RESOURCE- IPC_OWNER- SYS_NICEfsGroup
rule RunAsAnyhostIPC true
hostNetwork falsehostPID falsehostPorts- max 65535
min 1runAsUser
rule RunAsAnyseLinux
rule RunAsAnysupplementalGroups
rule RunAsAnyvolumes-
Configure the pod security policy$ kubectl apply -f pre01yamlpodsecuritypolicyextensionsdb2-privileges configured
Verify the results$ kubectl get psp
db2-privileges false SETPCAPMKNODAUDIT_WRITECHOWNNET_RAWDAC_OVERRIDEFOWNERFSETIDKILLSETGIDSETUIDNET_BIND_SERVICESYS_CHROOTSETFCAPSYS_RESOURCEIPC_OWNERSYS_NICE RunAsAny RunAsAny RunAsAny RunAsAnyfalse
IBM Cloud40
Configuring Image Pull Secret for Db2
We need to create a image pull secret to give Kubernetes the credentials to pull the Db2 Developer-C and DSM images from Docker Hub
The username password and email are the credentials form Docker Hub
Note that you need to subscribe the Db2 and DSM images in Docker Hub first
Configure the image pull secret$ kubectl create secret docker-registry dockerhub
--docker-username=ltyour dockerhub usernamegt--docker-password=ltyour dockerhub passwordgt--docker-email=ltyour dockerhub emailgt--namespace=ltyour namespacegt
secretdockerhub created
Verify the result$ kubectl get secretsNAME TYPE DATA AGEdefault-token-mwvpl kubernetesioservice-account-token 3 17ddockerhub kubernetesiodockerconfigjson 1 13m
IBM Cloud41
Configuring Service Account for Db2$ more pre04yaml---kind ClusterRoleapiVersion rbacauthorizationk8siov1metadataname db2-privileges-cluster-role
rules- apiGroups [extensions]resources [podsecuritypolicies]verbs [use]resourceNames- db2-privileges
---kind ClusterRoleBindingapiVersion rbacauthorizationk8siov1metadataname db2-privileges-cluster-role-binding
roleRefkind ClusterRolename db2-privileges-cluster-roleapiGroup rbacauthorizationk8sio
subjects- kind ServiceAccountname defaultnamespace stock-trader-data
The YAML specification file that defines the cluster role and the cluster role binding for the service account
Configure the service account$ kubectl apply -f pre04yamlclusterrolerbacauthorizationk8siodb2-privileges-cluster-role createdclusterrolebindingrbacauthorizationk8siodb2-privileges-cluster-role-binding created
Verify the results$ kubectl get psp
db2-privileges false SETPCAPMKNODAUDIT_WRITECHOWNNET_RAWDAC_OVERRIDEFOWNERFSETIDKILLSETGIDSETUIDNET_BIND_SERVICESYS_CHROOTSETFCAPSYS_RESOURCEIPC_OWNERSYS_NICE RunAsAny RunAsAny RunAsAnyRunAsAny false
IBM Cloud42
Helm Charts for Db2 and DSM
IBM Cloud43
Helm install command to deploy Db2 OLTP on Kubernetes
Installing Db2 OLTP server with one database in 2 minutes
$ helm install --name db2-01 ibm-chartsibm-db2oltp-dev
--tls
--set db2instinstname=db2inst1
--set db2instpassword=passw0rd
--set optionsdatabaseName=MYDB
--set dataVolumesize=20Gi
Size of the
Db2 data
volume
Name of database that
will be created
If not specified no
database will be
created
Instance
owner name
Instance owner
password
Db2 OLTP
Helm chart
name
Helm release
name
different for each
deployment
Additional parameters available for example to enable Oracle compatibilitySee httpsgithubcomIBMchartstreemasterstableibm-db2oltp-dev
IBM Cloud44
Letrsquos verify if we can connect to the MYDB database (1)
Get list of running pods and verify that Db2 OLTP pod is running
$ kubectl get podsNAME READY STATUS RESTARTS AGEdb2-01-ibm-db2oltp-dev-0 11 Running 1 7h57m
Review the logs of the Db2 OLTP container
$ kubectl logs -f db2-01-ibm-db2oltp-dev-009152019 160430 0 0 SQL1063N DB2START processing was successfulSQL1063N DB2START processing was successful() Starting TEXT SEARCH service CIE00001 Operation completed successfullyssh-keygen generating new host keys RSA1 RSA DSA ECDSA ED25519() All databases are now active() Setup has completed
IBM Cloud45
Letrsquos verify if we can connect to the MYDB database (2)
Login to the Db2 OLTP container and connect to MYDB Db2 database
$ kubectl exec -it db2-01-ibm-db2oltp-dev-0 --binbash su - db2inst1Last login Sun Sep 15 161711 UTC 2019$ db2 connect to MYDB
Database Connection Information
Database server = DB2LINUXX8664 11144SQL authorization ID = DB2INST1Local database alias = MYDB
IBM Cloud46
Cataloging the MYDB database
We need to catalog the MYDB database to access from Db2 client
binbash
NODE_PORT=$(kubectl get --namespace stock-trader-data
-o jsonpath=specports[0]nodePort services db2-01-ibm-db2oltp-dev-db2)
echo Cataloging node db2tcp1
db2 -v uncatalog node DB2TCP1
db2 -v catalog tcpip node DB2TCP1 remote 19216827100 server $NODE_PORT
echo Cataloging database MYDB at node db2tcp1
db2 -v uncatalog database MYDB
db2 -v catalog database MYDB at node DB2TCP1
db2 terminate
We get the Db2 port
from the Db2 OLTP
helm release service
definition
IBM Cloud47
Kubernetes resources for Db2 OLTP$ helm status db2-01 --tlsNAME db2-01LAST DEPLOYED Sun Sep 15 081114 2019NAMESPACE stock-trader-dataSTATUS DEPLOYEDRESOURCES==gt v1SecretNAME TYPE DATA AGEdb2-01-ibm-db2oltp-dev Opaque 1 1s==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
db2-01-data-stor Bound vol12 20Gi RWO 1s
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
db2-01-ibm-db2oltp-dev-db2 NodePort 100050 ltnonegt 5000030463TCP5500032236TCP 1sdb2-01-ibm-db2oltp-dev ClusterIP None ltnonegt 50000TCP55000TCP60006TCP60007TCP 1s==gt v1StatefulSetNAME DESIRED CURRENT AGE
db2-01-ibm-db2oltp-dev 1 1 1s
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdb2-01-ibm-db2oltp-dev-0 01 Init01 0 1s 1 Pod runs
the Db2
container
2 Services for
Db2 1x external
1x internal
1 StatefulSet
DESIRED = 1
1 PVC (RWO) for db
files logs amp config
1 Secret
Db2 instance
owner password
IBM Cloud48
Helm install command for deploying Db2 OLTP HADR
Setting up a Db2 OLTP v111 HADR cluster pair in 5 minutes with 1 command
helm install --name db2-02 ibm-chartsibm-db2oltp-dev
--tls
--set db2instinstname=db2inst1
--set db2instpassword=passw0rd
--set optionsdatabaseName=HADB
--set dataVolumesize=20Gi--set hadrenabled=true
Additional parameter
hadrenabled set to true to
indicate that we want a
HADR setup
IBM Cloud49
Verify that Db2 HADR is working
IBM Cloud50
Kubernetes resources for Db2 OTLP HADRNAME db2-02LAST DEPLOYED Tue Sep 17 082433 2019NAMESPACE stock-trader-dataSTATUS DEPLOYEDRESOURCES==gt v1SecretNAME TYPE DATA AGEdb2-02-ibm-db2oltp-dev Opaque 1 1s==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
db2-02-hadr-stor Bound vol09 20Gi RWX 1s
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
db2-02-ibm-db2oltp-dev-db2 NodePort 100061 ltnonegt 5000032422TCP5500032181TCP 1sdb2-02-ibm-db2oltp-dev ClusterIP None ltnonegt 50000TCP55000TCP60006TCP60007TCP 1sdb2-02-ibm-db2oltp-dev-etcd ClusterIP None ltnonegt 2380TCP2379TCP 1s==gt v1StatefulSetNAME DESIRED CURRENT AGE
db2-02-ibm-db2oltp-dev 2 2 1s
==gt v1beta2StatefulSet
db2-02-ibm-db2oltp-dev-etcd 3 0 1s
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdb2-02-ibm-db2oltp-dev-0 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-1 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-etcd-0 01 ContainerCreating 0 1sdb2-02-ibm-db2oltp-dev-etcd-1 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-etcd-2 01 Pending 0 1s
5 Pods
2x Db2 3x etcd
3 Services
2x Db2 1x etcd
2 StatefulSets
Db2 DESIRED=2
etcd DESIRED=3
1 PVC (RWX)
for HADR setup (1)
1 Secret
Db2 instance
owner password
(1) 5 addntl PVCs are being created
implicitly for 2x Db2 and 3x etcd
IBM Cloud51
Kubernetes Job to deploy SQL $ cat single04yamlapiVersion batchv1kind Jobmetadata
name db2-01-create-database-schemaspec
templatespec
containers- name db2-01-create-database-schema
image storeibmcorpdb2_developer_c11144-x86_64command [ binsh-cscriptsdb2-setupsh ]volumeMounts- name db2-createschema
mountPath scriptssecurityContext
capabilitiesadd [SYS_RESOURCE IPC_OWNER SYS_NICE]
env- name LICENSE
value accept- name DB2INSTANCE
value db2inst1- name DB2INST1_PASSWORD
valueFromsecretKeyRef
name db2-01-ibm-db2oltp-devkey password
- name DB2_SERVICE_NAMEvalue db2-01-ibm-db2oltp-dev
- name DBNAMEvalue mydb
restartPolicy Nevervolumes- name db2-createschema
configMapname db2-createschemadefaultMode 0744
backoffLimit 1---apiVersion v1data
db2-setupsh |binshexport SETUPDIR=vardb2_setupsource $SETUPDIRincludedb2_constantssource $SETUPDIRincludedb2_common_functionsif getent passwd $DB2INSTANCE gt devnull 2gtamp1 then
echo () Previous setup has not been detected Creating create_users
fiif create_instance then
exit 1fistart_db2cp scriptsdb2-createschemash databasedb2-createschemashchmod +x databasedb2-createschemashsu - $DB2INSTANCE -c databasedb2-createschemash
$DB2_SERVICE_NAME $DB2INSTANCEldquo$DB2INST1_PASSWORD $DBNAME
IBM Cloud52
Kubernetes Job to deploy SQL (contrsquod)db2-createschemash |
binshDB2_SERVICE_NAME=$1DB2INSTANCE=$2DB2INST1_PASSWORD=$3DBNAME=$4echo Configure schema for database $DBNAME on host $DB2_SERVICE_NAMEdb2 catalog tcpip node DB2NODE remote $DB2_SERVICE_NAME server 50000db2 catalog db $DBNAME as $DBNAME at node DB2NODEdb2 terminatedb2 activate database $DBNAME user $DB2INSTANCE using $DB2INST1_PASSWORDdb2 connect to $DBNAME user $DB2INSTANCE using $DB2INST1_PASSWORDsleep 2db2 -tvmf scriptsps-bp-tbspsqlsleep 10db2 -tvmf scriptsps-tablessqlecho Database $DBNAME has been configured
ps-bp-tbspsql |CREATE BUFFERPOOL BP32K PAGESIZE 32KCREATE TABLESPACE TS32 PAGESIZE 32K BUFFERPOOL BP32K
ps-tablessql |CREATE TABLE PS_TABLE(PS_TABLE_ID INTEGER NOT NULL GENERATED ALWAYS AS IDENTITY (START WITH 100000 INCREMENT BY 5) [hellip] IN TS32INSERT INTO PS_TABLE (SSNFIRST_NAMELAST_NAMEJOB_CODEDEPTSALARYDOB) WITH TEMP1 [hellip] CREATE TABLE PS_HISTORY ( FIRSTNAME VARCHAR(20) NOT NULL LASTNAME VARCHAR(20) NOT NULL JOBCODE CHAR(4) NOT NULL ) IN TS32 GRANT ALL ON ps_table TO PUBLICGRANT ALL ON ps_history TO PUBLIC
kind ConfigMapmetadata
name db2-createschema
IBM Cloud53
Deploying the Job to run the SQL
We deploy the Kubernetes job that runs the SQL on the MYDB database
$ kubectl apply ndashf single04yaml
jobbatchdb2-01-create-database-schema created
configmapdb2-createschema configured
We verify that the job has been created
$ kubectl get jobs
NAME COMPLETIONS DURATION AGE
db2-01-create-database-schema 01 0s 0s
Eventually the job completes
$ kubectl get jobs
NAME COMPLETIONS DURATION AGE
db2-01-create-database-schema 11 109s 45m
IBM Cloud54
Verifying the logs from the Job that runs the SQL on MYDBWe run a script to retrieve the logs form the job
binbash
kubectl config set-context $(kubectl config current-context) --namespace=stock-trader-data
pod=$(kubectl get pods --selector=job-name=db2-01-create-database-schema --output=jsonpath=items[]metadataname)
kubectl logs -f $pod
Output
[hellip]
DB20000I The SQL command completed successfully
GRANT ALL ON ps_table TO PUBLIC
DB20000I The SQL command completed successfully
GRANT ALL ON ps_history TO PUBLIC
DB20000I The SQL command completed successfully
Database mydb has been configured
IBM Cloud55
Deploying Data Server Manager (DSM) with the GUI
IBM Cloud56
Deploying Data Server Manager (DSM) with the GUI (2)
IBM Cloud57
Getting the URL of Data Server Manager
We need to query Kubernetes for the URL of the DSM GUI
binbash
export NODE_PORT=$(kubectl get --namespace stock-trader-data -o jsonpath=spec
ports[1]nodePort services dsm-01-ibm-dsm-dev)
export NODE_IP=$(kubectl get nodes --namespace stock-trader-data -o jsonpath=
items[0]statusaddresses[0]address)
echo https$NODE_IP$NODE_PORT
=gt https1921682710030462 (can be different on your system)
IBM Cloud58
Accessing Data Server Manager
IBM Cloud59
Data Server Manager HomepageAll Db2 OLTP instances running in the
same namespace as DSM will be auto-
discovered and monitored by DSM
IBM Cloud60
DSM Kubernetes resources (12)$ helm status dsm-01 --tlsLAST DEPLOYED Mon Sep 16 120102 2019NAMESPACE stock-trader-dataSTATUS DEPLOYED
RESOURCES==gt v1RoleBindingNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGEdsm-01-repository NodePort 1000233 ltnonegt 5000032695TCP5500032203TCP 8mdsm-01-ibm-dsm-dev NodePort 100085 ltnonegt 1108032444TCP1108130462TCP 8m
==gt v1beta1DeploymentNAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGEdsm-01-repository 1 1 1 1 8mdsm-01-ibm-dsm-dev 1 1 1 1 8m
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdsm-01-repository-76f87d47d4-dlqh4 11 Running 0 8mdsm-01-ibm-dsm-dev-b976d89bd-dflqn 22 Running 0 8m
2 RoleBindings
2 Services
1x Db2 (repodb)
1x DSM
2 Deployments
2 Pods
1 Db2 1 DSM
IBM Cloud61
DSM Kubernetes resources (22)
[hellip]==gt v1SecretNAME TYPE DATA AGEdsm-01-repository-db2-passwd Opaque 1 8mdsm-01-ibm-dsm-dev-dsm-passwd Opaque 1 8m
==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGEdsm-01-repository-data-stor Bound vol14 20Gi RWO 8mdsm-01-ibm-dsm-dev-datavolume Bound vol12 20Gi RWO 8m
==gt v1ServiceAccountNAME SECRETS AGEdsm-repodb-dsm-01-repository 1 8mdsm-dsm-01-ibm-dsm-dev 1 8m
==gt v1RoleNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
2 Secrets 1 DSM
asmin 1 Db2
instance owner
2 PVCs 1 DSM
Db2
3 Roles
IBM Cloud62
Additional Resources
IBM Cloud63
Additional Resources ndash Kubernetes Docker Helm
Kubernetes
minus httpskubernetesiodocstutorialskubernetes-basics
Kubernetes in the Enterprise eBook
minus ibmbizBdYA4i
Docker
minus httpsdocsdockercomget-started
Docker Hub
minus httpshubdockercom
Helm
minus httpshelmshdocs
IBM Cloud64
Additional Resources ndash IBM Cloud Private OpenShift
IBM Cloud Private Documentation
minus httpswwwibmcomsupportknowledgecenterenSSBS6K_320kc_welcome_containershtml
Deploy IBM Cloud Private Community Edition using Vagrant
minus httpsgithubcomIBMdeploy-ibm-cloud-privateblobmasterdocsdeploy-vagrantmd
Red Hat OpenShift Container Platform Documentation
minus httpsdocsopenshiftcomcontainer-platform41welcomeindexhtml
IBM Cloud65
Additional Resources ndash Db2 Db2Wh DSMDb2 Integration into IBM Cloud Private
minus httpsdeveloperibmcomrecipestutorialsdb2-integration-into-ibm-cloud-private
Db2 on IBM Cloud Private with Red Hat OpenShift
minus httpsdeveloperibmcomrecipestutorialsibm-db2-on-ibm-cloud-private-with-redhat-openshift
IBM Db2 Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-db2oltp-dev
IBM Data Server Manager Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-dsm-dev
Deploying Db2 Warehouse SMP using Kubernetes
minus httpswwwibmcomsupportknowledgecenterenSSCJDQcomibmswgimdashdbdocadmindeploy_kubernetes_smphtml
Deploying Db2 Warehouse SMP and MPP on IBM Cloud Pak for Data
minus httpswwwibmcomsupportknowledgecenterenSSQNUZ_210comibmicpdatadoczenadmindb-reqshtmldb-reqs__db2warehouse
IBM Cloud66
Presentation on Db2 and Docker from Db2 Aktuell 2018
IBM Cloud67
Summary
IBM Cloud68
Summary
Micro Services and Containers
Kubernetes Basics
Deploying Db2 on Kubernetes
minus Db2 OLTP Single Server
minus Db2 OLTP HADR
minus Data Server Manager (DSM)
Additional Resources
Summary
IBM Cloud69
Claus Huempel IBM Deutschland GmbH
Karl-Arnold-Platz 1a
Technical Sales Professional 40474 Duesseldorf
Hybrid Data Management Germany
Mobile +49-177-3627278
Email chuempeldeibmcom
Thank You
IBM Cloud70
IBM Cloud7
Microservices ndash the first key to cloud native applicationsMaking development amp deployment more efficient
Microservices benefits
bull Improves fault isolation
Larger applications can remain largely
unaffected by the failure of a single
module
bull Eliminates long-term commitment to
a single technology stack
Try out a new technology stack on an
individual service and roll it back if
required
bull Easier development
A new developer can more easily
understand the functionality of a service
bull Easier deployment
Auto provision auto scale and provide
auto-redundancy
Microservice
Data
Access
Layer
Business
Logic
DB
UIUI
Microservice
Microservice
Monolithic
ArchitectureMicroservices
Architecture
DB
Microservice
Microservice
DB
Microservice
DB
This is not a claim that a microservice-based application approach is always better for every use case scenario
IBM Cloud8
Containers ndash the second key to cloud native applicationsReducing operational and development costs
Containers virtual software in the way that virtual machines have virtualized hardware
Virtual machines vs containers
Hypervisor
Infrastructure
Guest
OS
Guest
OS
Guest
OS
BinsLibs LibsBins BinsLibs
App 1 App 2 App 3
Operating System
Infrastructure
BinsLibs BinsLibs BinsLibs
App 1 App 2 App 3
Container Engine
overhea
d
Containers can be 2 ndash 3 times more resource
efficient than virtual machines
On average Docker developers ship software 7x
more frequently
BV
IBM Cloud9
Container automation and orchestration is essentialEnter Kubernetes
Containers are revolutionizing IT
But they require orchestration
Kubernetes - κυβερνήτης
Means ldquohelmsmanrdquo or ldquopilotrdquo
IBM Cloud10
Private Clouds address the new IT realityCreated by digital transformation
Method Development Deployment Environment
Waterfall Monolithic Bare metal On-Premises
Agile Programming N-Tier Virtual Server Off-Premises
Agile DevOps Microservices Containers Cloud
Hypervisor
Infrastructure
GuestOS
GuestOS
GuestOS
BinsLibs BinsLibs BinsLibs
App 1 App 2 App 3
Operating System
Infrastructure
BinsLibs BinsLibs BinsLibs
App 1 App 2 App 3
Container Engine
Tim
e t
o v
alu
e
Perc
ep
tio
n o
f co
st
IBM Cloud11
Public Cloud + Private Cloud = Hybrid Cloud Different cloud options
Public CloudOn-Premises
Private Cloud
Hosted Private
CloudHybrid Cloud
Hardware
Deployment and
Management
Vendor Customer Vendor
Shared between
vendor and
customer
Hardware Sharing
ModelShared Dedicated Dedicated
Partially shared
and partially
dedicated
Scalability High Medium High High
Low Cost Yes Sometimes Sometimes Sometimes
Predictable Cost No Yes Yes No
Utility Billing Yes No Depends on vendor Partial
Flexibility Yes Limited Limited Yes
Customization
CapabilitiesNo Yes Depends on vendor Partial
Enhanced Security
and ComplianceNo Yes Yes Yes
Instant
ProvisioningYes Yes Yes Yes
A ldquoHybrid Cloudrdquo is a highly orchestrated environment where all sources act as one
A ldquoMulti-cloudrdquo environment simply refers to the use of multiple cloud sources of any kind without necessarily being orchestrated
IBM Cloud12
Why care about Private CloudsAdoption brings agility and efficiency
Cost Efficient amp Scalable
Infrastructure
Accelerate Time to Market
Build package amp deploy applications in
containers run at scale with Kubernetes
Refactor applications into microservices
amp modernize monolithic applications
Manage Data at Scale
Access govern amp analyze your data at
scale accelerate your journey to AI
50 Benefit
3-Year $54 Million Cost Savings 255 ROI
Business Value Assessment Customer Output
Standard On-Premises vs IBM Cloud Private
Data CenterSystem Utilization amp Server Reduction
75 BenefitManage PerformanceElasticity Bursting High Availability
35 BenefitDevOpsFaster Deployments
30 BenefitDeployment EfficiencyContainers amp Microservices
50 BenefitImproved SecurityManagement amp Risk Reduction
IBM Cloud13
Private Cloud Platform Market LeadersOpenShift and IBM Cloud Private
IBM Cloud Private
IBM Cloud14
Kubernetes Basics
IBM Cloud15
Kubernetes Basics
Kubernetes Overview
minusOpen Source Project
minus Features
minusArchitecture
Kubernetes Workloads
minus Pods and YAML
minus Controllers
Kubernetes Networking
minus Services
Kubernetes Storage
minus Volume types
minus Persistent volumes
minus Persistent volume claims
Kubernetes Security
minus Secrets
IBM Cloud Private Catalog
minusHelm Charts
minusHelm CLI
IBM Cloud16
Kubernetes ndash Open Source Project
Greek work for ldquoHelmsmanrdquo
Itrsquos Open Source - httpsgithubcomkuberneteskubernetes
Itrsquos a graduated project of Cloud Native Computing Foundation httpscncfio
Popularly known as ldquoContainer Orchestratorrdquo
It is a modern ldquoCluster Managerrdquo for automating deployment scaling and management of containerized applications
IBM Cloud17
Kubernetes ndash Features (1)
Automatic binpacking
minus Automatically places containers on nodes Mix critical and best-effort workloads in order to drive up utilization
Horizontal scaling
minus Scale application up or down with a simple command with a UI or automatically based on CPU usage
Automated rollouts and rollbacks
minus Kubernetes progressively rolls out changes to the application or its configuration while monitoring application health to ensure that it doesnrsquot kill all instances at the same time
Storage orchestration
minus Automatically mount the storage system of your choice whether from local public or SAN such as iSCSI Gluster Ceph Cinder Flocker NFS or IBM Spectrum Scale
IBM Cloud18
Kubernetes ndash Features (2)
Self-healing
minus Restart containers that fail replace and reschedules containers when nodes die kill containers that do not respond to user defined health checks
Service discovery and load balancing
minus No need to modify the application to use an unfamiliar service discovery mechanism Kubernetes gives containers their own IP addresses and a single DNS name for a set of containers
Secret and configuration management
minus Deploy and update secrets and application configuration without rebuilding your image and without exposing secrets in your stack configuration
Batch Execution
minus In addition to services Kubernetes can manage your batch and CI workloads replacing containers that fail if desired
IBM Cloud19
Kubernetes Architecture
Kubernetes Cluster
Kubelet
Worker NodeKubelet
Worker NodeKubelet
Worker Node
Master Node
API Server
Scheduler ControllerDistributed etcd
key-value datastore
Image Registry
Container -
1Container -
2Container -
3Container -
4Container -
5Container -
6Container -
7Container -
8Container -
n
Kubernetes REST API
Command
LineWeb UI
IBM Cloud20
Kubernetes WorkloadsPod ndash the basic building block for Kubernetes
Smallest and simplest unit in Kubernetes object model
Pod encapsulates an application container (or multiple containers) storage resources a unique network IP and options that govern how the container should run
Pod is a unit of deployment
Pod runs one or more containers as a unit
Docker is the container runtime used in IBM Cloud Private
One-container-per-pod model is most common use case
Kubernetes manages the pod rather than containers directly
Pods can run multiple containers that need to work together and toshare resources
Pods are designed as relatively ephemeral disposable entities
Pods do not self-heal by themselves ndash a higher level abstractiondoes this
IBM Cloud21
Kubernetes ConfigurationsCreate YAML for creating resources on KubernetesYAML ndash Yet Another Markup Language or YAML Ainrsquot Markup Language
Types of structures required in Kubernetes
minus Maps
minus Lists
YAML Maps - let you associate name value pair For example---apiVersion v1kind pod
YAML Maps ndash Create a key that maps to another map---apiVersion v1kind podmetadata
name db2labels
app db2
IBM Cloud22
Kubernetes Configurations ndash Create YAML (continued)YAML Lists are literally a sequence of objects Members in the list can also be maps
---apiVersion v1kind podmetadata
name db2labels
app db2spec
containers- name front-endimage nginxports
- containerPort 80- name db2-oltpimage storeibmcorpdb2_developer_c11144ports
- containerPort 50000
A YAML manifest has four components to define a Kubernetes resourcebull apiVersionbull kindbull metadatabull spec
IBM Cloud23
Kubernetes Workloads ndash Create a Pod
Create a nginx pod ndash icp01yaml--- Simple yaml file to create an nginx podapiVersion v1kind Podmetadata
name nginxlabels
app nginxspec
containers- name nginx
image nginx179ports- containerPort 80
Create the pod
$ kubectl apply -f icp01yaml
podnginx created
Check pod status
$ kubectl get pods
NAME READY STATUS RESTARTS AGE
nginx 11 Running 0 13s
IBM Cloud24
Kubernetes Workloads - ControllersControllers can create and manage pods for you
ReplicaSet
minus A ReplicaSet ensures that a specified number of pod replicas are running at any given time
Deployments
minus Deployment is a higher-level concept that manages ReplicaSets and provides declarative updates to pods
minus Example Create a deployment to rollout a ReplicaSet
StatefulSets
minus StatefulSets represent a set of pods with unique persistent identities and stable hostnames that are maintained regardless where they are scheduled
minus Examples Db2 Redis IBM MQ
DaemonSets
minus A DaemonSet ensures that nodes (all or some) run a copy of pod As nodes are added pods are added to them
minus Example Cluster storage daemon such as glusterd ceph logs collection on each node
Jobs CronJobs
minus A job creates one or more pods and ensures that a specified number of them successfully terminate
IBM Cloud25
Kubernetes Network - Services
Without services Pods are not visible outside the cluster
To enable communication from outside world to the Pods services are created
Internal Service Endpoints ndash Available inside the cluster only
External Service Endpoints - DNS names C-Names or A-records available to access pods
With the help of labels and selectors the services are tied to the pods
Service Types
minus ClusterIP ndash Service is reachable only from inside of the cluster
minus NodePort ndash Service is reachable through NodeIPNodePort
minus LoadBalancer ndash Service is reachable through an external load balancer mapped to NodeIPNodePort address
IBM Cloud26
Kubernetes Storage ndash Volume types
Host-based
minus EmptyDir
minus HostPath
Block Storage
minus IBM Block Storage
minus Amazon EBS
minus GCE Persistent Disk
minus vSphere Volumes
Distributed File System
minus IBM Spectrum Scale
minus NFS
minus Ceph
minus GlusterFS
minus Amazon EFS
minus Azure File System
Other
minus Flocker
minus iSCSI
minus Git Repository
minus Quobyte
IBM Cloud27
Kubernetes Storage ndash Persistence in Pods
Pods are ephemeral and stateless
Applications need persistent storage
Volumes is a way to get persistence to a Pod
Kubernetes volumes are similar to Docker volumes but are managed differently
All containers in a Pod can access the volume
Volumes are associated with the lifecycle of a Pod
Directories in a host are exposed as volumes in Pod
Volumes may be based on a variety of back-end storage types
IBM Cloud28
Kubernetes StoragePersistent volume and persistent volume claim
The Kubernetes Volume abstraction provides
minusPersistent Volume (PV) ndash Provisioned by an administrator
minusPersistent Volume Claim (PVC) ndash Requested by an user and Heketi provisions PVC ndash which creates a PV
minus Storage Class (SC) ndash Storage profiles offered by admins
Persistent
Volume
Block Storage Distributed File System IBM
Spectrum Scale
Worker Node
Pod 1 Pod 1
Persistent
Volume
Claim
IBM Cloud29
Kubernetes SecretsDecouple container with sensitive information
Secret holds sensitive information such as password OAuth tokens and more
Secret is an abstraction to decouple sensitive data
To use a secret Pod needs to reference the secret
Secret can be used in a Pod as files in a volume mounted on one or more containers or used by kubelet when pulling images for the Pod
$ kubectl -n stocktrader
create secret generic db2
--from-literal=id=db2psc
--from-literal=pwd=password
--from-literal=host=dev-ibm-db2oltp-devdefaultsvcclusterlocal
--from-literal=port=50000
--from-literal=db=PSDB
IBM Cloud30
IBM Cloud Private catalog ndash Helm Charts
Db2 chart
DSM chart
IBM Cloud31
IBM Cloud Private catalog ndash What is a Helm Chart
Helm is the package manager in IBM Cloud Private
Tiller is the server that serves the Helm content
Helm charts help to define install and upgrade software in an automated fashion
Helm charts can be deployed using GUI or command line
Software packages are available from IBM Charts Repository
Available at httpsgithubcomIBMcharts
IBM Cloud Private catalog requires internet connectivity to show available charts
In an air-gap environment you can build your own Local Charts repository
IBM Cloud32
IBM Charts Repository httpsgithubcomIBMchartstreemasterstable
Db2 chart
DSM chart
IBM Cloud33
Helm command line ndash Helm and Tiller
Helm is the client and Tiller is the server ndash runs on master node
$ helm version
Client v272+icp
Error cannot connect to Tiller
Use of --tls is required to do Helm operations
$ helm version --tls
Client v272+icp
Server v272+icp
Helm and Tiller version must be same ndash do not download Helm from Internet
IBM Cloud34
Deploying Db2 on Kubernetes
IBM Cloud35
Db2-based Containers running on Kubernetes (Sep 2019)Product Version Worker
Nodes
Pods PVCs Comments
Db2 OLTP 11144 1 1 1
Db2 OLTP HADR 11144 3 5 6 1x Db2 primary 1x Db2 standby 3x etcd for cluster
manager addntl PVC for HADR setup
Data Server
Manager
215 1 2 2 1x DSM 1x Db2 repository database
Includes Db2 111 engine
Db2 Warehouse
SMP
3100 1 1 1 Includes Db2 111 engine
Db2 Warehouse
MPP
3100 3+ 3+ 1 Includes Db2 111 engine
Requires IBM Cloud Pak for Data
Coming soon
minus Red Hat OpenShift Kubernetes support
minus Db2 v115 engine
IBM Cloud36
IBM Cloud Private Kubernetes platform
IBM Cloud37
Before deploying Db2 OLTP to Kubernetes a couple of stepsneed to be performed
Creating a new namespace (optional)
Configuring a pod security policy
Configuring an image pull secret
Configuring the service account
IBM Cloud38
Creating the Namespace for the Db2 OLTP containers
We will create new namespace where all our Pods for Db2 OLTP Db2 OLTP HADR and Data Server Manager will run
Create the namespace for example stock-trader-data
$ kubectl create namespace stock-trader-data
namespacestock-trader-data created
Switch the context to the newly created namespace
$ kubectl config set-context $(kubectl config current-context)
--namespace=stock-trader-data
Context mycluster-context modified
Verify pods There should be no pods running as we just created the namespace$ kubectl get podsNo resources found
IBM Cloud39
Configuring Pod Security Policy for Db2$ cat pre01yamlapiVersion extensionsv1beta1kind PodSecurityPolicymetadata
name db2-privilegesspec
allowPrivilegeEscalation trueprivileged falseallowedCapabilities- SETPCAP- MKNOD- AUDIT_WRITE- CHOWN- NET_RAW- DAC_OVERRIDE- FOWNER- FSETID- KILL- SETGID- SETUID- NET_BIND_SERVICE- SYS_CHROOT- SETFCAP- SYS_RESOURCE- IPC_OWNER- SYS_NICEfsGroup
rule RunAsAnyhostIPC true
hostNetwork falsehostPID falsehostPorts- max 65535
min 1runAsUser
rule RunAsAnyseLinux
rule RunAsAnysupplementalGroups
rule RunAsAnyvolumes-
Configure the pod security policy$ kubectl apply -f pre01yamlpodsecuritypolicyextensionsdb2-privileges configured
Verify the results$ kubectl get psp
db2-privileges false SETPCAPMKNODAUDIT_WRITECHOWNNET_RAWDAC_OVERRIDEFOWNERFSETIDKILLSETGIDSETUIDNET_BIND_SERVICESYS_CHROOTSETFCAPSYS_RESOURCEIPC_OWNERSYS_NICE RunAsAny RunAsAny RunAsAny RunAsAnyfalse
IBM Cloud40
Configuring Image Pull Secret for Db2
We need to create a image pull secret to give Kubernetes the credentials to pull the Db2 Developer-C and DSM images from Docker Hub
The username password and email are the credentials form Docker Hub
Note that you need to subscribe the Db2 and DSM images in Docker Hub first
Configure the image pull secret$ kubectl create secret docker-registry dockerhub
--docker-username=ltyour dockerhub usernamegt--docker-password=ltyour dockerhub passwordgt--docker-email=ltyour dockerhub emailgt--namespace=ltyour namespacegt
secretdockerhub created
Verify the result$ kubectl get secretsNAME TYPE DATA AGEdefault-token-mwvpl kubernetesioservice-account-token 3 17ddockerhub kubernetesiodockerconfigjson 1 13m
IBM Cloud41
Configuring Service Account for Db2$ more pre04yaml---kind ClusterRoleapiVersion rbacauthorizationk8siov1metadataname db2-privileges-cluster-role
rules- apiGroups [extensions]resources [podsecuritypolicies]verbs [use]resourceNames- db2-privileges
---kind ClusterRoleBindingapiVersion rbacauthorizationk8siov1metadataname db2-privileges-cluster-role-binding
roleRefkind ClusterRolename db2-privileges-cluster-roleapiGroup rbacauthorizationk8sio
subjects- kind ServiceAccountname defaultnamespace stock-trader-data
The YAML specification file that defines the cluster role and the cluster role binding for the service account
Configure the service account$ kubectl apply -f pre04yamlclusterrolerbacauthorizationk8siodb2-privileges-cluster-role createdclusterrolebindingrbacauthorizationk8siodb2-privileges-cluster-role-binding created
Verify the results$ kubectl get psp
db2-privileges false SETPCAPMKNODAUDIT_WRITECHOWNNET_RAWDAC_OVERRIDEFOWNERFSETIDKILLSETGIDSETUIDNET_BIND_SERVICESYS_CHROOTSETFCAPSYS_RESOURCEIPC_OWNERSYS_NICE RunAsAny RunAsAny RunAsAnyRunAsAny false
IBM Cloud42
Helm Charts for Db2 and DSM
IBM Cloud43
Helm install command to deploy Db2 OLTP on Kubernetes
Installing Db2 OLTP server with one database in 2 minutes
$ helm install --name db2-01 ibm-chartsibm-db2oltp-dev
--tls
--set db2instinstname=db2inst1
--set db2instpassword=passw0rd
--set optionsdatabaseName=MYDB
--set dataVolumesize=20Gi
Size of the
Db2 data
volume
Name of database that
will be created
If not specified no
database will be
created
Instance
owner name
Instance owner
password
Db2 OLTP
Helm chart
name
Helm release
name
different for each
deployment
Additional parameters available for example to enable Oracle compatibilitySee httpsgithubcomIBMchartstreemasterstableibm-db2oltp-dev
IBM Cloud44
Letrsquos verify if we can connect to the MYDB database (1)
Get list of running pods and verify that Db2 OLTP pod is running
$ kubectl get podsNAME READY STATUS RESTARTS AGEdb2-01-ibm-db2oltp-dev-0 11 Running 1 7h57m
Review the logs of the Db2 OLTP container
$ kubectl logs -f db2-01-ibm-db2oltp-dev-009152019 160430 0 0 SQL1063N DB2START processing was successfulSQL1063N DB2START processing was successful() Starting TEXT SEARCH service CIE00001 Operation completed successfullyssh-keygen generating new host keys RSA1 RSA DSA ECDSA ED25519() All databases are now active() Setup has completed
IBM Cloud45
Letrsquos verify if we can connect to the MYDB database (2)
Login to the Db2 OLTP container and connect to MYDB Db2 database
$ kubectl exec -it db2-01-ibm-db2oltp-dev-0 --binbash su - db2inst1Last login Sun Sep 15 161711 UTC 2019$ db2 connect to MYDB
Database Connection Information
Database server = DB2LINUXX8664 11144SQL authorization ID = DB2INST1Local database alias = MYDB
IBM Cloud46
Cataloging the MYDB database
We need to catalog the MYDB database to access from Db2 client
binbash
NODE_PORT=$(kubectl get --namespace stock-trader-data
-o jsonpath=specports[0]nodePort services db2-01-ibm-db2oltp-dev-db2)
echo Cataloging node db2tcp1
db2 -v uncatalog node DB2TCP1
db2 -v catalog tcpip node DB2TCP1 remote 19216827100 server $NODE_PORT
echo Cataloging database MYDB at node db2tcp1
db2 -v uncatalog database MYDB
db2 -v catalog database MYDB at node DB2TCP1
db2 terminate
We get the Db2 port
from the Db2 OLTP
helm release service
definition
IBM Cloud47
Kubernetes resources for Db2 OLTP$ helm status db2-01 --tlsNAME db2-01LAST DEPLOYED Sun Sep 15 081114 2019NAMESPACE stock-trader-dataSTATUS DEPLOYEDRESOURCES==gt v1SecretNAME TYPE DATA AGEdb2-01-ibm-db2oltp-dev Opaque 1 1s==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
db2-01-data-stor Bound vol12 20Gi RWO 1s
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
db2-01-ibm-db2oltp-dev-db2 NodePort 100050 ltnonegt 5000030463TCP5500032236TCP 1sdb2-01-ibm-db2oltp-dev ClusterIP None ltnonegt 50000TCP55000TCP60006TCP60007TCP 1s==gt v1StatefulSetNAME DESIRED CURRENT AGE
db2-01-ibm-db2oltp-dev 1 1 1s
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdb2-01-ibm-db2oltp-dev-0 01 Init01 0 1s 1 Pod runs
the Db2
container
2 Services for
Db2 1x external
1x internal
1 StatefulSet
DESIRED = 1
1 PVC (RWO) for db
files logs amp config
1 Secret
Db2 instance
owner password
IBM Cloud48
Helm install command for deploying Db2 OLTP HADR
Setting up a Db2 OLTP v111 HADR cluster pair in 5 minutes with 1 command
helm install --name db2-02 ibm-chartsibm-db2oltp-dev
--tls
--set db2instinstname=db2inst1
--set db2instpassword=passw0rd
--set optionsdatabaseName=HADB
--set dataVolumesize=20Gi--set hadrenabled=true
Additional parameter
hadrenabled set to true to
indicate that we want a
HADR setup
IBM Cloud49
Verify that Db2 HADR is working
IBM Cloud50
Kubernetes resources for Db2 OTLP HADRNAME db2-02LAST DEPLOYED Tue Sep 17 082433 2019NAMESPACE stock-trader-dataSTATUS DEPLOYEDRESOURCES==gt v1SecretNAME TYPE DATA AGEdb2-02-ibm-db2oltp-dev Opaque 1 1s==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
db2-02-hadr-stor Bound vol09 20Gi RWX 1s
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
db2-02-ibm-db2oltp-dev-db2 NodePort 100061 ltnonegt 5000032422TCP5500032181TCP 1sdb2-02-ibm-db2oltp-dev ClusterIP None ltnonegt 50000TCP55000TCP60006TCP60007TCP 1sdb2-02-ibm-db2oltp-dev-etcd ClusterIP None ltnonegt 2380TCP2379TCP 1s==gt v1StatefulSetNAME DESIRED CURRENT AGE
db2-02-ibm-db2oltp-dev 2 2 1s
==gt v1beta2StatefulSet
db2-02-ibm-db2oltp-dev-etcd 3 0 1s
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdb2-02-ibm-db2oltp-dev-0 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-1 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-etcd-0 01 ContainerCreating 0 1sdb2-02-ibm-db2oltp-dev-etcd-1 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-etcd-2 01 Pending 0 1s
5 Pods
2x Db2 3x etcd
3 Services
2x Db2 1x etcd
2 StatefulSets
Db2 DESIRED=2
etcd DESIRED=3
1 PVC (RWX)
for HADR setup (1)
1 Secret
Db2 instance
owner password
(1) 5 addntl PVCs are being created
implicitly for 2x Db2 and 3x etcd
IBM Cloud51
Kubernetes Job to deploy SQL $ cat single04yamlapiVersion batchv1kind Jobmetadata
name db2-01-create-database-schemaspec
templatespec
containers- name db2-01-create-database-schema
image storeibmcorpdb2_developer_c11144-x86_64command [ binsh-cscriptsdb2-setupsh ]volumeMounts- name db2-createschema
mountPath scriptssecurityContext
capabilitiesadd [SYS_RESOURCE IPC_OWNER SYS_NICE]
env- name LICENSE
value accept- name DB2INSTANCE
value db2inst1- name DB2INST1_PASSWORD
valueFromsecretKeyRef
name db2-01-ibm-db2oltp-devkey password
- name DB2_SERVICE_NAMEvalue db2-01-ibm-db2oltp-dev
- name DBNAMEvalue mydb
restartPolicy Nevervolumes- name db2-createschema
configMapname db2-createschemadefaultMode 0744
backoffLimit 1---apiVersion v1data
db2-setupsh |binshexport SETUPDIR=vardb2_setupsource $SETUPDIRincludedb2_constantssource $SETUPDIRincludedb2_common_functionsif getent passwd $DB2INSTANCE gt devnull 2gtamp1 then
echo () Previous setup has not been detected Creating create_users
fiif create_instance then
exit 1fistart_db2cp scriptsdb2-createschemash databasedb2-createschemashchmod +x databasedb2-createschemashsu - $DB2INSTANCE -c databasedb2-createschemash
$DB2_SERVICE_NAME $DB2INSTANCEldquo$DB2INST1_PASSWORD $DBNAME
IBM Cloud52
Kubernetes Job to deploy SQL (contrsquod)db2-createschemash |
binshDB2_SERVICE_NAME=$1DB2INSTANCE=$2DB2INST1_PASSWORD=$3DBNAME=$4echo Configure schema for database $DBNAME on host $DB2_SERVICE_NAMEdb2 catalog tcpip node DB2NODE remote $DB2_SERVICE_NAME server 50000db2 catalog db $DBNAME as $DBNAME at node DB2NODEdb2 terminatedb2 activate database $DBNAME user $DB2INSTANCE using $DB2INST1_PASSWORDdb2 connect to $DBNAME user $DB2INSTANCE using $DB2INST1_PASSWORDsleep 2db2 -tvmf scriptsps-bp-tbspsqlsleep 10db2 -tvmf scriptsps-tablessqlecho Database $DBNAME has been configured
ps-bp-tbspsql |CREATE BUFFERPOOL BP32K PAGESIZE 32KCREATE TABLESPACE TS32 PAGESIZE 32K BUFFERPOOL BP32K
ps-tablessql |CREATE TABLE PS_TABLE(PS_TABLE_ID INTEGER NOT NULL GENERATED ALWAYS AS IDENTITY (START WITH 100000 INCREMENT BY 5) [hellip] IN TS32INSERT INTO PS_TABLE (SSNFIRST_NAMELAST_NAMEJOB_CODEDEPTSALARYDOB) WITH TEMP1 [hellip] CREATE TABLE PS_HISTORY ( FIRSTNAME VARCHAR(20) NOT NULL LASTNAME VARCHAR(20) NOT NULL JOBCODE CHAR(4) NOT NULL ) IN TS32 GRANT ALL ON ps_table TO PUBLICGRANT ALL ON ps_history TO PUBLIC
kind ConfigMapmetadata
name db2-createschema
IBM Cloud53
Deploying the Job to run the SQL
We deploy the Kubernetes job that runs the SQL on the MYDB database
$ kubectl apply ndashf single04yaml
jobbatchdb2-01-create-database-schema created
configmapdb2-createschema configured
We verify that the job has been created
$ kubectl get jobs
NAME COMPLETIONS DURATION AGE
db2-01-create-database-schema 01 0s 0s
Eventually the job completes
$ kubectl get jobs
NAME COMPLETIONS DURATION AGE
db2-01-create-database-schema 11 109s 45m
IBM Cloud54
Verifying the logs from the Job that runs the SQL on MYDBWe run a script to retrieve the logs form the job
binbash
kubectl config set-context $(kubectl config current-context) --namespace=stock-trader-data
pod=$(kubectl get pods --selector=job-name=db2-01-create-database-schema --output=jsonpath=items[]metadataname)
kubectl logs -f $pod
Output
[hellip]
DB20000I The SQL command completed successfully
GRANT ALL ON ps_table TO PUBLIC
DB20000I The SQL command completed successfully
GRANT ALL ON ps_history TO PUBLIC
DB20000I The SQL command completed successfully
Database mydb has been configured
IBM Cloud55
Deploying Data Server Manager (DSM) with the GUI
IBM Cloud56
Deploying Data Server Manager (DSM) with the GUI (2)
IBM Cloud57
Getting the URL of Data Server Manager
We need to query Kubernetes for the URL of the DSM GUI
binbash
export NODE_PORT=$(kubectl get --namespace stock-trader-data -o jsonpath=spec
ports[1]nodePort services dsm-01-ibm-dsm-dev)
export NODE_IP=$(kubectl get nodes --namespace stock-trader-data -o jsonpath=
items[0]statusaddresses[0]address)
echo https$NODE_IP$NODE_PORT
=gt https1921682710030462 (can be different on your system)
IBM Cloud58
Accessing Data Server Manager
IBM Cloud59
Data Server Manager HomepageAll Db2 OLTP instances running in the
same namespace as DSM will be auto-
discovered and monitored by DSM
IBM Cloud60
DSM Kubernetes resources (12)$ helm status dsm-01 --tlsLAST DEPLOYED Mon Sep 16 120102 2019NAMESPACE stock-trader-dataSTATUS DEPLOYED
RESOURCES==gt v1RoleBindingNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGEdsm-01-repository NodePort 1000233 ltnonegt 5000032695TCP5500032203TCP 8mdsm-01-ibm-dsm-dev NodePort 100085 ltnonegt 1108032444TCP1108130462TCP 8m
==gt v1beta1DeploymentNAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGEdsm-01-repository 1 1 1 1 8mdsm-01-ibm-dsm-dev 1 1 1 1 8m
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdsm-01-repository-76f87d47d4-dlqh4 11 Running 0 8mdsm-01-ibm-dsm-dev-b976d89bd-dflqn 22 Running 0 8m
2 RoleBindings
2 Services
1x Db2 (repodb)
1x DSM
2 Deployments
2 Pods
1 Db2 1 DSM
IBM Cloud61
DSM Kubernetes resources (22)
[hellip]==gt v1SecretNAME TYPE DATA AGEdsm-01-repository-db2-passwd Opaque 1 8mdsm-01-ibm-dsm-dev-dsm-passwd Opaque 1 8m
==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGEdsm-01-repository-data-stor Bound vol14 20Gi RWO 8mdsm-01-ibm-dsm-dev-datavolume Bound vol12 20Gi RWO 8m
==gt v1ServiceAccountNAME SECRETS AGEdsm-repodb-dsm-01-repository 1 8mdsm-dsm-01-ibm-dsm-dev 1 8m
==gt v1RoleNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
2 Secrets 1 DSM
asmin 1 Db2
instance owner
2 PVCs 1 DSM
Db2
3 Roles
IBM Cloud62
Additional Resources
IBM Cloud63
Additional Resources ndash Kubernetes Docker Helm
Kubernetes
minus httpskubernetesiodocstutorialskubernetes-basics
Kubernetes in the Enterprise eBook
minus ibmbizBdYA4i
Docker
minus httpsdocsdockercomget-started
Docker Hub
minus httpshubdockercom
Helm
minus httpshelmshdocs
IBM Cloud64
Additional Resources ndash IBM Cloud Private OpenShift
IBM Cloud Private Documentation
minus httpswwwibmcomsupportknowledgecenterenSSBS6K_320kc_welcome_containershtml
Deploy IBM Cloud Private Community Edition using Vagrant
minus httpsgithubcomIBMdeploy-ibm-cloud-privateblobmasterdocsdeploy-vagrantmd
Red Hat OpenShift Container Platform Documentation
minus httpsdocsopenshiftcomcontainer-platform41welcomeindexhtml
IBM Cloud65
Additional Resources ndash Db2 Db2Wh DSMDb2 Integration into IBM Cloud Private
minus httpsdeveloperibmcomrecipestutorialsdb2-integration-into-ibm-cloud-private
Db2 on IBM Cloud Private with Red Hat OpenShift
minus httpsdeveloperibmcomrecipestutorialsibm-db2-on-ibm-cloud-private-with-redhat-openshift
IBM Db2 Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-db2oltp-dev
IBM Data Server Manager Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-dsm-dev
Deploying Db2 Warehouse SMP using Kubernetes
minus httpswwwibmcomsupportknowledgecenterenSSCJDQcomibmswgimdashdbdocadmindeploy_kubernetes_smphtml
Deploying Db2 Warehouse SMP and MPP on IBM Cloud Pak for Data
minus httpswwwibmcomsupportknowledgecenterenSSQNUZ_210comibmicpdatadoczenadmindb-reqshtmldb-reqs__db2warehouse
IBM Cloud66
Presentation on Db2 and Docker from Db2 Aktuell 2018
IBM Cloud67
Summary
IBM Cloud68
Summary
Micro Services and Containers
Kubernetes Basics
Deploying Db2 on Kubernetes
minus Db2 OLTP Single Server
minus Db2 OLTP HADR
minus Data Server Manager (DSM)
Additional Resources
Summary
IBM Cloud69
Claus Huempel IBM Deutschland GmbH
Karl-Arnold-Platz 1a
Technical Sales Professional 40474 Duesseldorf
Hybrid Data Management Germany
Mobile +49-177-3627278
Email chuempeldeibmcom
Thank You
IBM Cloud70
IBM Cloud8
Containers ndash the second key to cloud native applicationsReducing operational and development costs
Containers virtual software in the way that virtual machines have virtualized hardware
Virtual machines vs containers
Hypervisor
Infrastructure
Guest
OS
Guest
OS
Guest
OS
BinsLibs LibsBins BinsLibs
App 1 App 2 App 3
Operating System
Infrastructure
BinsLibs BinsLibs BinsLibs
App 1 App 2 App 3
Container Engine
overhea
d
Containers can be 2 ndash 3 times more resource
efficient than virtual machines
On average Docker developers ship software 7x
more frequently
BV
IBM Cloud9
Container automation and orchestration is essentialEnter Kubernetes
Containers are revolutionizing IT
But they require orchestration
Kubernetes - κυβερνήτης
Means ldquohelmsmanrdquo or ldquopilotrdquo
IBM Cloud10
Private Clouds address the new IT realityCreated by digital transformation
Method Development Deployment Environment
Waterfall Monolithic Bare metal On-Premises
Agile Programming N-Tier Virtual Server Off-Premises
Agile DevOps Microservices Containers Cloud
Hypervisor
Infrastructure
GuestOS
GuestOS
GuestOS
BinsLibs BinsLibs BinsLibs
App 1 App 2 App 3
Operating System
Infrastructure
BinsLibs BinsLibs BinsLibs
App 1 App 2 App 3
Container Engine
Tim
e t
o v
alu
e
Perc
ep
tio
n o
f co
st
IBM Cloud11
Public Cloud + Private Cloud = Hybrid Cloud Different cloud options
Public CloudOn-Premises
Private Cloud
Hosted Private
CloudHybrid Cloud
Hardware
Deployment and
Management
Vendor Customer Vendor
Shared between
vendor and
customer
Hardware Sharing
ModelShared Dedicated Dedicated
Partially shared
and partially
dedicated
Scalability High Medium High High
Low Cost Yes Sometimes Sometimes Sometimes
Predictable Cost No Yes Yes No
Utility Billing Yes No Depends on vendor Partial
Flexibility Yes Limited Limited Yes
Customization
CapabilitiesNo Yes Depends on vendor Partial
Enhanced Security
and ComplianceNo Yes Yes Yes
Instant
ProvisioningYes Yes Yes Yes
A ldquoHybrid Cloudrdquo is a highly orchestrated environment where all sources act as one
A ldquoMulti-cloudrdquo environment simply refers to the use of multiple cloud sources of any kind without necessarily being orchestrated
IBM Cloud12
Why care about Private CloudsAdoption brings agility and efficiency
Cost Efficient amp Scalable
Infrastructure
Accelerate Time to Market
Build package amp deploy applications in
containers run at scale with Kubernetes
Refactor applications into microservices
amp modernize monolithic applications
Manage Data at Scale
Access govern amp analyze your data at
scale accelerate your journey to AI
50 Benefit
3-Year $54 Million Cost Savings 255 ROI
Business Value Assessment Customer Output
Standard On-Premises vs IBM Cloud Private
Data CenterSystem Utilization amp Server Reduction
75 BenefitManage PerformanceElasticity Bursting High Availability
35 BenefitDevOpsFaster Deployments
30 BenefitDeployment EfficiencyContainers amp Microservices
50 BenefitImproved SecurityManagement amp Risk Reduction
IBM Cloud13
Private Cloud Platform Market LeadersOpenShift and IBM Cloud Private
IBM Cloud Private
IBM Cloud14
Kubernetes Basics
IBM Cloud15
Kubernetes Basics
Kubernetes Overview
minusOpen Source Project
minus Features
minusArchitecture
Kubernetes Workloads
minus Pods and YAML
minus Controllers
Kubernetes Networking
minus Services
Kubernetes Storage
minus Volume types
minus Persistent volumes
minus Persistent volume claims
Kubernetes Security
minus Secrets
IBM Cloud Private Catalog
minusHelm Charts
minusHelm CLI
IBM Cloud16
Kubernetes ndash Open Source Project
Greek work for ldquoHelmsmanrdquo
Itrsquos Open Source - httpsgithubcomkuberneteskubernetes
Itrsquos a graduated project of Cloud Native Computing Foundation httpscncfio
Popularly known as ldquoContainer Orchestratorrdquo
It is a modern ldquoCluster Managerrdquo for automating deployment scaling and management of containerized applications
IBM Cloud17
Kubernetes ndash Features (1)
Automatic binpacking
minus Automatically places containers on nodes Mix critical and best-effort workloads in order to drive up utilization
Horizontal scaling
minus Scale application up or down with a simple command with a UI or automatically based on CPU usage
Automated rollouts and rollbacks
minus Kubernetes progressively rolls out changes to the application or its configuration while monitoring application health to ensure that it doesnrsquot kill all instances at the same time
Storage orchestration
minus Automatically mount the storage system of your choice whether from local public or SAN such as iSCSI Gluster Ceph Cinder Flocker NFS or IBM Spectrum Scale
IBM Cloud18
Kubernetes ndash Features (2)
Self-healing
minus Restart containers that fail replace and reschedules containers when nodes die kill containers that do not respond to user defined health checks
Service discovery and load balancing
minus No need to modify the application to use an unfamiliar service discovery mechanism Kubernetes gives containers their own IP addresses and a single DNS name for a set of containers
Secret and configuration management
minus Deploy and update secrets and application configuration without rebuilding your image and without exposing secrets in your stack configuration
Batch Execution
minus In addition to services Kubernetes can manage your batch and CI workloads replacing containers that fail if desired
IBM Cloud19
Kubernetes Architecture
Kubernetes Cluster
Kubelet
Worker NodeKubelet
Worker NodeKubelet
Worker Node
Master Node
API Server
Scheduler ControllerDistributed etcd
key-value datastore
Image Registry
Container -
1Container -
2Container -
3Container -
4Container -
5Container -
6Container -
7Container -
8Container -
n
Kubernetes REST API
Command
LineWeb UI
IBM Cloud20
Kubernetes WorkloadsPod ndash the basic building block for Kubernetes
Smallest and simplest unit in Kubernetes object model
Pod encapsulates an application container (or multiple containers) storage resources a unique network IP and options that govern how the container should run
Pod is a unit of deployment
Pod runs one or more containers as a unit
Docker is the container runtime used in IBM Cloud Private
One-container-per-pod model is most common use case
Kubernetes manages the pod rather than containers directly
Pods can run multiple containers that need to work together and toshare resources
Pods are designed as relatively ephemeral disposable entities
Pods do not self-heal by themselves ndash a higher level abstractiondoes this
IBM Cloud21
Kubernetes ConfigurationsCreate YAML for creating resources on KubernetesYAML ndash Yet Another Markup Language or YAML Ainrsquot Markup Language
Types of structures required in Kubernetes
minus Maps
minus Lists
YAML Maps - let you associate name value pair For example---apiVersion v1kind pod
YAML Maps ndash Create a key that maps to another map---apiVersion v1kind podmetadata
name db2labels
app db2
IBM Cloud22
Kubernetes Configurations ndash Create YAML (continued)YAML Lists are literally a sequence of objects Members in the list can also be maps
---apiVersion v1kind podmetadata
name db2labels
app db2spec
containers- name front-endimage nginxports
- containerPort 80- name db2-oltpimage storeibmcorpdb2_developer_c11144ports
- containerPort 50000
A YAML manifest has four components to define a Kubernetes resourcebull apiVersionbull kindbull metadatabull spec
IBM Cloud23
Kubernetes Workloads ndash Create a Pod
Create a nginx pod ndash icp01yaml--- Simple yaml file to create an nginx podapiVersion v1kind Podmetadata
name nginxlabels
app nginxspec
containers- name nginx
image nginx179ports- containerPort 80
Create the pod
$ kubectl apply -f icp01yaml
podnginx created
Check pod status
$ kubectl get pods
NAME READY STATUS RESTARTS AGE
nginx 11 Running 0 13s
IBM Cloud24
Kubernetes Workloads - ControllersControllers can create and manage pods for you
ReplicaSet
minus A ReplicaSet ensures that a specified number of pod replicas are running at any given time
Deployments
minus Deployment is a higher-level concept that manages ReplicaSets and provides declarative updates to pods
minus Example Create a deployment to rollout a ReplicaSet
StatefulSets
minus StatefulSets represent a set of pods with unique persistent identities and stable hostnames that are maintained regardless where they are scheduled
minus Examples Db2 Redis IBM MQ
DaemonSets
minus A DaemonSet ensures that nodes (all or some) run a copy of pod As nodes are added pods are added to them
minus Example Cluster storage daemon such as glusterd ceph logs collection on each node
Jobs CronJobs
minus A job creates one or more pods and ensures that a specified number of them successfully terminate
IBM Cloud25
Kubernetes Network - Services
Without services Pods are not visible outside the cluster
To enable communication from outside world to the Pods services are created
Internal Service Endpoints ndash Available inside the cluster only
External Service Endpoints - DNS names C-Names or A-records available to access pods
With the help of labels and selectors the services are tied to the pods
Service Types
minus ClusterIP ndash Service is reachable only from inside of the cluster
minus NodePort ndash Service is reachable through NodeIPNodePort
minus LoadBalancer ndash Service is reachable through an external load balancer mapped to NodeIPNodePort address
IBM Cloud26
Kubernetes Storage ndash Volume types
Host-based
minus EmptyDir
minus HostPath
Block Storage
minus IBM Block Storage
minus Amazon EBS
minus GCE Persistent Disk
minus vSphere Volumes
Distributed File System
minus IBM Spectrum Scale
minus NFS
minus Ceph
minus GlusterFS
minus Amazon EFS
minus Azure File System
Other
minus Flocker
minus iSCSI
minus Git Repository
minus Quobyte
IBM Cloud27
Kubernetes Storage ndash Persistence in Pods
Pods are ephemeral and stateless
Applications need persistent storage
Volumes is a way to get persistence to a Pod
Kubernetes volumes are similar to Docker volumes but are managed differently
All containers in a Pod can access the volume
Volumes are associated with the lifecycle of a Pod
Directories in a host are exposed as volumes in Pod
Volumes may be based on a variety of back-end storage types
IBM Cloud28
Kubernetes StoragePersistent volume and persistent volume claim
The Kubernetes Volume abstraction provides
minusPersistent Volume (PV) ndash Provisioned by an administrator
minusPersistent Volume Claim (PVC) ndash Requested by an user and Heketi provisions PVC ndash which creates a PV
minus Storage Class (SC) ndash Storage profiles offered by admins
Persistent
Volume
Block Storage Distributed File System IBM
Spectrum Scale
Worker Node
Pod 1 Pod 1
Persistent
Volume
Claim
IBM Cloud29
Kubernetes SecretsDecouple container with sensitive information
Secret holds sensitive information such as password OAuth tokens and more
Secret is an abstraction to decouple sensitive data
To use a secret Pod needs to reference the secret
Secret can be used in a Pod as files in a volume mounted on one or more containers or used by kubelet when pulling images for the Pod
$ kubectl -n stocktrader
create secret generic db2
--from-literal=id=db2psc
--from-literal=pwd=password
--from-literal=host=dev-ibm-db2oltp-devdefaultsvcclusterlocal
--from-literal=port=50000
--from-literal=db=PSDB
IBM Cloud30
IBM Cloud Private catalog ndash Helm Charts
Db2 chart
DSM chart
IBM Cloud31
IBM Cloud Private catalog ndash What is a Helm Chart
Helm is the package manager in IBM Cloud Private
Tiller is the server that serves the Helm content
Helm charts help to define install and upgrade software in an automated fashion
Helm charts can be deployed using GUI or command line
Software packages are available from IBM Charts Repository
Available at httpsgithubcomIBMcharts
IBM Cloud Private catalog requires internet connectivity to show available charts
In an air-gap environment you can build your own Local Charts repository
IBM Cloud32
IBM Charts Repository httpsgithubcomIBMchartstreemasterstable
Db2 chart
DSM chart
IBM Cloud33
Helm command line ndash Helm and Tiller
Helm is the client and Tiller is the server ndash runs on master node
$ helm version
Client v272+icp
Error cannot connect to Tiller
Use of --tls is required to do Helm operations
$ helm version --tls
Client v272+icp
Server v272+icp
Helm and Tiller version must be same ndash do not download Helm from Internet
IBM Cloud34
Deploying Db2 on Kubernetes
IBM Cloud35
Db2-based Containers running on Kubernetes (Sep 2019)Product Version Worker
Nodes
Pods PVCs Comments
Db2 OLTP 11144 1 1 1
Db2 OLTP HADR 11144 3 5 6 1x Db2 primary 1x Db2 standby 3x etcd for cluster
manager addntl PVC for HADR setup
Data Server
Manager
215 1 2 2 1x DSM 1x Db2 repository database
Includes Db2 111 engine
Db2 Warehouse
SMP
3100 1 1 1 Includes Db2 111 engine
Db2 Warehouse
MPP
3100 3+ 3+ 1 Includes Db2 111 engine
Requires IBM Cloud Pak for Data
Coming soon
minus Red Hat OpenShift Kubernetes support
minus Db2 v115 engine
IBM Cloud36
IBM Cloud Private Kubernetes platform
IBM Cloud37
Before deploying Db2 OLTP to Kubernetes a couple of stepsneed to be performed
Creating a new namespace (optional)
Configuring a pod security policy
Configuring an image pull secret
Configuring the service account
IBM Cloud38
Creating the Namespace for the Db2 OLTP containers
We will create new namespace where all our Pods for Db2 OLTP Db2 OLTP HADR and Data Server Manager will run
Create the namespace for example stock-trader-data
$ kubectl create namespace stock-trader-data
namespacestock-trader-data created
Switch the context to the newly created namespace
$ kubectl config set-context $(kubectl config current-context)
--namespace=stock-trader-data
Context mycluster-context modified
Verify pods There should be no pods running as we just created the namespace$ kubectl get podsNo resources found
IBM Cloud39
Configuring Pod Security Policy for Db2$ cat pre01yamlapiVersion extensionsv1beta1kind PodSecurityPolicymetadata
name db2-privilegesspec
allowPrivilegeEscalation trueprivileged falseallowedCapabilities- SETPCAP- MKNOD- AUDIT_WRITE- CHOWN- NET_RAW- DAC_OVERRIDE- FOWNER- FSETID- KILL- SETGID- SETUID- NET_BIND_SERVICE- SYS_CHROOT- SETFCAP- SYS_RESOURCE- IPC_OWNER- SYS_NICEfsGroup
rule RunAsAnyhostIPC true
hostNetwork falsehostPID falsehostPorts- max 65535
min 1runAsUser
rule RunAsAnyseLinux
rule RunAsAnysupplementalGroups
rule RunAsAnyvolumes-
Configure the pod security policy$ kubectl apply -f pre01yamlpodsecuritypolicyextensionsdb2-privileges configured
Verify the results$ kubectl get psp
db2-privileges false SETPCAPMKNODAUDIT_WRITECHOWNNET_RAWDAC_OVERRIDEFOWNERFSETIDKILLSETGIDSETUIDNET_BIND_SERVICESYS_CHROOTSETFCAPSYS_RESOURCEIPC_OWNERSYS_NICE RunAsAny RunAsAny RunAsAny RunAsAnyfalse
IBM Cloud40
Configuring Image Pull Secret for Db2
We need to create a image pull secret to give Kubernetes the credentials to pull the Db2 Developer-C and DSM images from Docker Hub
The username password and email are the credentials form Docker Hub
Note that you need to subscribe the Db2 and DSM images in Docker Hub first
Configure the image pull secret$ kubectl create secret docker-registry dockerhub
--docker-username=ltyour dockerhub usernamegt--docker-password=ltyour dockerhub passwordgt--docker-email=ltyour dockerhub emailgt--namespace=ltyour namespacegt
secretdockerhub created
Verify the result$ kubectl get secretsNAME TYPE DATA AGEdefault-token-mwvpl kubernetesioservice-account-token 3 17ddockerhub kubernetesiodockerconfigjson 1 13m
IBM Cloud41
Configuring Service Account for Db2$ more pre04yaml---kind ClusterRoleapiVersion rbacauthorizationk8siov1metadataname db2-privileges-cluster-role
rules- apiGroups [extensions]resources [podsecuritypolicies]verbs [use]resourceNames- db2-privileges
---kind ClusterRoleBindingapiVersion rbacauthorizationk8siov1metadataname db2-privileges-cluster-role-binding
roleRefkind ClusterRolename db2-privileges-cluster-roleapiGroup rbacauthorizationk8sio
subjects- kind ServiceAccountname defaultnamespace stock-trader-data
The YAML specification file that defines the cluster role and the cluster role binding for the service account
Configure the service account$ kubectl apply -f pre04yamlclusterrolerbacauthorizationk8siodb2-privileges-cluster-role createdclusterrolebindingrbacauthorizationk8siodb2-privileges-cluster-role-binding created
Verify the results$ kubectl get psp
db2-privileges false SETPCAPMKNODAUDIT_WRITECHOWNNET_RAWDAC_OVERRIDEFOWNERFSETIDKILLSETGIDSETUIDNET_BIND_SERVICESYS_CHROOTSETFCAPSYS_RESOURCEIPC_OWNERSYS_NICE RunAsAny RunAsAny RunAsAnyRunAsAny false
IBM Cloud42
Helm Charts for Db2 and DSM
IBM Cloud43
Helm install command to deploy Db2 OLTP on Kubernetes
Installing Db2 OLTP server with one database in 2 minutes
$ helm install --name db2-01 ibm-chartsibm-db2oltp-dev
--tls
--set db2instinstname=db2inst1
--set db2instpassword=passw0rd
--set optionsdatabaseName=MYDB
--set dataVolumesize=20Gi
Size of the
Db2 data
volume
Name of database that
will be created
If not specified no
database will be
created
Instance
owner name
Instance owner
password
Db2 OLTP
Helm chart
name
Helm release
name
different for each
deployment
Additional parameters available for example to enable Oracle compatibilitySee httpsgithubcomIBMchartstreemasterstableibm-db2oltp-dev
IBM Cloud44
Letrsquos verify if we can connect to the MYDB database (1)
Get list of running pods and verify that Db2 OLTP pod is running
$ kubectl get podsNAME READY STATUS RESTARTS AGEdb2-01-ibm-db2oltp-dev-0 11 Running 1 7h57m
Review the logs of the Db2 OLTP container
$ kubectl logs -f db2-01-ibm-db2oltp-dev-009152019 160430 0 0 SQL1063N DB2START processing was successfulSQL1063N DB2START processing was successful() Starting TEXT SEARCH service CIE00001 Operation completed successfullyssh-keygen generating new host keys RSA1 RSA DSA ECDSA ED25519() All databases are now active() Setup has completed
IBM Cloud45
Letrsquos verify if we can connect to the MYDB database (2)
Login to the Db2 OLTP container and connect to MYDB Db2 database
$ kubectl exec -it db2-01-ibm-db2oltp-dev-0 --binbash su - db2inst1Last login Sun Sep 15 161711 UTC 2019$ db2 connect to MYDB
Database Connection Information
Database server = DB2LINUXX8664 11144SQL authorization ID = DB2INST1Local database alias = MYDB
IBM Cloud46
Cataloging the MYDB database
We need to catalog the MYDB database to access from Db2 client
binbash
NODE_PORT=$(kubectl get --namespace stock-trader-data
-o jsonpath=specports[0]nodePort services db2-01-ibm-db2oltp-dev-db2)
echo Cataloging node db2tcp1
db2 -v uncatalog node DB2TCP1
db2 -v catalog tcpip node DB2TCP1 remote 19216827100 server $NODE_PORT
echo Cataloging database MYDB at node db2tcp1
db2 -v uncatalog database MYDB
db2 -v catalog database MYDB at node DB2TCP1
db2 terminate
We get the Db2 port
from the Db2 OLTP
helm release service
definition
IBM Cloud47
Kubernetes resources for Db2 OLTP$ helm status db2-01 --tlsNAME db2-01LAST DEPLOYED Sun Sep 15 081114 2019NAMESPACE stock-trader-dataSTATUS DEPLOYEDRESOURCES==gt v1SecretNAME TYPE DATA AGEdb2-01-ibm-db2oltp-dev Opaque 1 1s==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
db2-01-data-stor Bound vol12 20Gi RWO 1s
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
db2-01-ibm-db2oltp-dev-db2 NodePort 100050 ltnonegt 5000030463TCP5500032236TCP 1sdb2-01-ibm-db2oltp-dev ClusterIP None ltnonegt 50000TCP55000TCP60006TCP60007TCP 1s==gt v1StatefulSetNAME DESIRED CURRENT AGE
db2-01-ibm-db2oltp-dev 1 1 1s
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdb2-01-ibm-db2oltp-dev-0 01 Init01 0 1s 1 Pod runs
the Db2
container
2 Services for
Db2 1x external
1x internal
1 StatefulSet
DESIRED = 1
1 PVC (RWO) for db
files logs amp config
1 Secret
Db2 instance
owner password
IBM Cloud48
Helm install command for deploying Db2 OLTP HADR
Setting up a Db2 OLTP v111 HADR cluster pair in 5 minutes with 1 command
helm install --name db2-02 ibm-chartsibm-db2oltp-dev
--tls
--set db2instinstname=db2inst1
--set db2instpassword=passw0rd
--set optionsdatabaseName=HADB
--set dataVolumesize=20Gi--set hadrenabled=true
Additional parameter
hadrenabled set to true to
indicate that we want a
HADR setup
IBM Cloud49
Verify that Db2 HADR is working
IBM Cloud50
Kubernetes resources for Db2 OTLP HADRNAME db2-02LAST DEPLOYED Tue Sep 17 082433 2019NAMESPACE stock-trader-dataSTATUS DEPLOYEDRESOURCES==gt v1SecretNAME TYPE DATA AGEdb2-02-ibm-db2oltp-dev Opaque 1 1s==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
db2-02-hadr-stor Bound vol09 20Gi RWX 1s
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
db2-02-ibm-db2oltp-dev-db2 NodePort 100061 ltnonegt 5000032422TCP5500032181TCP 1sdb2-02-ibm-db2oltp-dev ClusterIP None ltnonegt 50000TCP55000TCP60006TCP60007TCP 1sdb2-02-ibm-db2oltp-dev-etcd ClusterIP None ltnonegt 2380TCP2379TCP 1s==gt v1StatefulSetNAME DESIRED CURRENT AGE
db2-02-ibm-db2oltp-dev 2 2 1s
==gt v1beta2StatefulSet
db2-02-ibm-db2oltp-dev-etcd 3 0 1s
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdb2-02-ibm-db2oltp-dev-0 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-1 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-etcd-0 01 ContainerCreating 0 1sdb2-02-ibm-db2oltp-dev-etcd-1 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-etcd-2 01 Pending 0 1s
5 Pods
2x Db2 3x etcd
3 Services
2x Db2 1x etcd
2 StatefulSets
Db2 DESIRED=2
etcd DESIRED=3
1 PVC (RWX)
for HADR setup (1)
1 Secret
Db2 instance
owner password
(1) 5 addntl PVCs are being created
implicitly for 2x Db2 and 3x etcd
IBM Cloud51
Kubernetes Job to deploy SQL $ cat single04yamlapiVersion batchv1kind Jobmetadata
name db2-01-create-database-schemaspec
templatespec
containers- name db2-01-create-database-schema
image storeibmcorpdb2_developer_c11144-x86_64command [ binsh-cscriptsdb2-setupsh ]volumeMounts- name db2-createschema
mountPath scriptssecurityContext
capabilitiesadd [SYS_RESOURCE IPC_OWNER SYS_NICE]
env- name LICENSE
value accept- name DB2INSTANCE
value db2inst1- name DB2INST1_PASSWORD
valueFromsecretKeyRef
name db2-01-ibm-db2oltp-devkey password
- name DB2_SERVICE_NAMEvalue db2-01-ibm-db2oltp-dev
- name DBNAMEvalue mydb
restartPolicy Nevervolumes- name db2-createschema
configMapname db2-createschemadefaultMode 0744
backoffLimit 1---apiVersion v1data
db2-setupsh |binshexport SETUPDIR=vardb2_setupsource $SETUPDIRincludedb2_constantssource $SETUPDIRincludedb2_common_functionsif getent passwd $DB2INSTANCE gt devnull 2gtamp1 then
echo () Previous setup has not been detected Creating create_users
fiif create_instance then
exit 1fistart_db2cp scriptsdb2-createschemash databasedb2-createschemashchmod +x databasedb2-createschemashsu - $DB2INSTANCE -c databasedb2-createschemash
$DB2_SERVICE_NAME $DB2INSTANCEldquo$DB2INST1_PASSWORD $DBNAME
IBM Cloud52
Kubernetes Job to deploy SQL (contrsquod)db2-createschemash |
binshDB2_SERVICE_NAME=$1DB2INSTANCE=$2DB2INST1_PASSWORD=$3DBNAME=$4echo Configure schema for database $DBNAME on host $DB2_SERVICE_NAMEdb2 catalog tcpip node DB2NODE remote $DB2_SERVICE_NAME server 50000db2 catalog db $DBNAME as $DBNAME at node DB2NODEdb2 terminatedb2 activate database $DBNAME user $DB2INSTANCE using $DB2INST1_PASSWORDdb2 connect to $DBNAME user $DB2INSTANCE using $DB2INST1_PASSWORDsleep 2db2 -tvmf scriptsps-bp-tbspsqlsleep 10db2 -tvmf scriptsps-tablessqlecho Database $DBNAME has been configured
ps-bp-tbspsql |CREATE BUFFERPOOL BP32K PAGESIZE 32KCREATE TABLESPACE TS32 PAGESIZE 32K BUFFERPOOL BP32K
ps-tablessql |CREATE TABLE PS_TABLE(PS_TABLE_ID INTEGER NOT NULL GENERATED ALWAYS AS IDENTITY (START WITH 100000 INCREMENT BY 5) [hellip] IN TS32INSERT INTO PS_TABLE (SSNFIRST_NAMELAST_NAMEJOB_CODEDEPTSALARYDOB) WITH TEMP1 [hellip] CREATE TABLE PS_HISTORY ( FIRSTNAME VARCHAR(20) NOT NULL LASTNAME VARCHAR(20) NOT NULL JOBCODE CHAR(4) NOT NULL ) IN TS32 GRANT ALL ON ps_table TO PUBLICGRANT ALL ON ps_history TO PUBLIC
kind ConfigMapmetadata
name db2-createschema
IBM Cloud53
Deploying the Job to run the SQL
We deploy the Kubernetes job that runs the SQL on the MYDB database
$ kubectl apply ndashf single04yaml
jobbatchdb2-01-create-database-schema created
configmapdb2-createschema configured
We verify that the job has been created
$ kubectl get jobs
NAME COMPLETIONS DURATION AGE
db2-01-create-database-schema 01 0s 0s
Eventually the job completes
$ kubectl get jobs
NAME COMPLETIONS DURATION AGE
db2-01-create-database-schema 11 109s 45m
IBM Cloud54
Verifying the logs from the Job that runs the SQL on MYDBWe run a script to retrieve the logs form the job
binbash
kubectl config set-context $(kubectl config current-context) --namespace=stock-trader-data
pod=$(kubectl get pods --selector=job-name=db2-01-create-database-schema --output=jsonpath=items[]metadataname)
kubectl logs -f $pod
Output
[hellip]
DB20000I The SQL command completed successfully
GRANT ALL ON ps_table TO PUBLIC
DB20000I The SQL command completed successfully
GRANT ALL ON ps_history TO PUBLIC
DB20000I The SQL command completed successfully
Database mydb has been configured
IBM Cloud55
Deploying Data Server Manager (DSM) with the GUI
IBM Cloud56
Deploying Data Server Manager (DSM) with the GUI (2)
IBM Cloud57
Getting the URL of Data Server Manager
We need to query Kubernetes for the URL of the DSM GUI
binbash
export NODE_PORT=$(kubectl get --namespace stock-trader-data -o jsonpath=spec
ports[1]nodePort services dsm-01-ibm-dsm-dev)
export NODE_IP=$(kubectl get nodes --namespace stock-trader-data -o jsonpath=
items[0]statusaddresses[0]address)
echo https$NODE_IP$NODE_PORT
=gt https1921682710030462 (can be different on your system)
IBM Cloud58
Accessing Data Server Manager
IBM Cloud59
Data Server Manager HomepageAll Db2 OLTP instances running in the
same namespace as DSM will be auto-
discovered and monitored by DSM
IBM Cloud60
DSM Kubernetes resources (12)$ helm status dsm-01 --tlsLAST DEPLOYED Mon Sep 16 120102 2019NAMESPACE stock-trader-dataSTATUS DEPLOYED
RESOURCES==gt v1RoleBindingNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGEdsm-01-repository NodePort 1000233 ltnonegt 5000032695TCP5500032203TCP 8mdsm-01-ibm-dsm-dev NodePort 100085 ltnonegt 1108032444TCP1108130462TCP 8m
==gt v1beta1DeploymentNAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGEdsm-01-repository 1 1 1 1 8mdsm-01-ibm-dsm-dev 1 1 1 1 8m
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdsm-01-repository-76f87d47d4-dlqh4 11 Running 0 8mdsm-01-ibm-dsm-dev-b976d89bd-dflqn 22 Running 0 8m
2 RoleBindings
2 Services
1x Db2 (repodb)
1x DSM
2 Deployments
2 Pods
1 Db2 1 DSM
IBM Cloud61
DSM Kubernetes resources (22)
[hellip]==gt v1SecretNAME TYPE DATA AGEdsm-01-repository-db2-passwd Opaque 1 8mdsm-01-ibm-dsm-dev-dsm-passwd Opaque 1 8m
==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGEdsm-01-repository-data-stor Bound vol14 20Gi RWO 8mdsm-01-ibm-dsm-dev-datavolume Bound vol12 20Gi RWO 8m
==gt v1ServiceAccountNAME SECRETS AGEdsm-repodb-dsm-01-repository 1 8mdsm-dsm-01-ibm-dsm-dev 1 8m
==gt v1RoleNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
2 Secrets 1 DSM
asmin 1 Db2
instance owner
2 PVCs 1 DSM
Db2
3 Roles
IBM Cloud62
Additional Resources
IBM Cloud63
Additional Resources ndash Kubernetes Docker Helm
Kubernetes
minus httpskubernetesiodocstutorialskubernetes-basics
Kubernetes in the Enterprise eBook
minus ibmbizBdYA4i
Docker
minus httpsdocsdockercomget-started
Docker Hub
minus httpshubdockercom
Helm
minus httpshelmshdocs
IBM Cloud64
Additional Resources ndash IBM Cloud Private OpenShift
IBM Cloud Private Documentation
minus httpswwwibmcomsupportknowledgecenterenSSBS6K_320kc_welcome_containershtml
Deploy IBM Cloud Private Community Edition using Vagrant
minus httpsgithubcomIBMdeploy-ibm-cloud-privateblobmasterdocsdeploy-vagrantmd
Red Hat OpenShift Container Platform Documentation
minus httpsdocsopenshiftcomcontainer-platform41welcomeindexhtml
IBM Cloud65
Additional Resources ndash Db2 Db2Wh DSMDb2 Integration into IBM Cloud Private
minus httpsdeveloperibmcomrecipestutorialsdb2-integration-into-ibm-cloud-private
Db2 on IBM Cloud Private with Red Hat OpenShift
minus httpsdeveloperibmcomrecipestutorialsibm-db2-on-ibm-cloud-private-with-redhat-openshift
IBM Db2 Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-db2oltp-dev
IBM Data Server Manager Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-dsm-dev
Deploying Db2 Warehouse SMP using Kubernetes
minus httpswwwibmcomsupportknowledgecenterenSSCJDQcomibmswgimdashdbdocadmindeploy_kubernetes_smphtml
Deploying Db2 Warehouse SMP and MPP on IBM Cloud Pak for Data
minus httpswwwibmcomsupportknowledgecenterenSSQNUZ_210comibmicpdatadoczenadmindb-reqshtmldb-reqs__db2warehouse
IBM Cloud66
Presentation on Db2 and Docker from Db2 Aktuell 2018
IBM Cloud67
Summary
IBM Cloud68
Summary
Micro Services and Containers
Kubernetes Basics
Deploying Db2 on Kubernetes
minus Db2 OLTP Single Server
minus Db2 OLTP HADR
minus Data Server Manager (DSM)
Additional Resources
Summary
IBM Cloud69
Claus Huempel IBM Deutschland GmbH
Karl-Arnold-Platz 1a
Technical Sales Professional 40474 Duesseldorf
Hybrid Data Management Germany
Mobile +49-177-3627278
Email chuempeldeibmcom
Thank You
IBM Cloud70
IBM Cloud9
Container automation and orchestration is essentialEnter Kubernetes
Containers are revolutionizing IT
But they require orchestration
Kubernetes - κυβερνήτης
Means ldquohelmsmanrdquo or ldquopilotrdquo
IBM Cloud10
Private Clouds address the new IT realityCreated by digital transformation
Method Development Deployment Environment
Waterfall Monolithic Bare metal On-Premises
Agile Programming N-Tier Virtual Server Off-Premises
Agile DevOps Microservices Containers Cloud
Hypervisor
Infrastructure
GuestOS
GuestOS
GuestOS
BinsLibs BinsLibs BinsLibs
App 1 App 2 App 3
Operating System
Infrastructure
BinsLibs BinsLibs BinsLibs
App 1 App 2 App 3
Container Engine
Tim
e t
o v
alu
e
Perc
ep
tio
n o
f co
st
IBM Cloud11
Public Cloud + Private Cloud = Hybrid Cloud Different cloud options
Public CloudOn-Premises
Private Cloud
Hosted Private
CloudHybrid Cloud
Hardware
Deployment and
Management
Vendor Customer Vendor
Shared between
vendor and
customer
Hardware Sharing
ModelShared Dedicated Dedicated
Partially shared
and partially
dedicated
Scalability High Medium High High
Low Cost Yes Sometimes Sometimes Sometimes
Predictable Cost No Yes Yes No
Utility Billing Yes No Depends on vendor Partial
Flexibility Yes Limited Limited Yes
Customization
CapabilitiesNo Yes Depends on vendor Partial
Enhanced Security
and ComplianceNo Yes Yes Yes
Instant
ProvisioningYes Yes Yes Yes
A ldquoHybrid Cloudrdquo is a highly orchestrated environment where all sources act as one
A ldquoMulti-cloudrdquo environment simply refers to the use of multiple cloud sources of any kind without necessarily being orchestrated
IBM Cloud12
Why care about Private CloudsAdoption brings agility and efficiency
Cost Efficient amp Scalable
Infrastructure
Accelerate Time to Market
Build package amp deploy applications in
containers run at scale with Kubernetes
Refactor applications into microservices
amp modernize monolithic applications
Manage Data at Scale
Access govern amp analyze your data at
scale accelerate your journey to AI
50 Benefit
3-Year $54 Million Cost Savings 255 ROI
Business Value Assessment Customer Output
Standard On-Premises vs IBM Cloud Private
Data CenterSystem Utilization amp Server Reduction
75 BenefitManage PerformanceElasticity Bursting High Availability
35 BenefitDevOpsFaster Deployments
30 BenefitDeployment EfficiencyContainers amp Microservices
50 BenefitImproved SecurityManagement amp Risk Reduction
IBM Cloud13
Private Cloud Platform Market LeadersOpenShift and IBM Cloud Private
IBM Cloud Private
IBM Cloud14
Kubernetes Basics
IBM Cloud15
Kubernetes Basics
Kubernetes Overview
minusOpen Source Project
minus Features
minusArchitecture
Kubernetes Workloads
minus Pods and YAML
minus Controllers
Kubernetes Networking
minus Services
Kubernetes Storage
minus Volume types
minus Persistent volumes
minus Persistent volume claims
Kubernetes Security
minus Secrets
IBM Cloud Private Catalog
minusHelm Charts
minusHelm CLI
IBM Cloud16
Kubernetes ndash Open Source Project
Greek work for ldquoHelmsmanrdquo
Itrsquos Open Source - httpsgithubcomkuberneteskubernetes
Itrsquos a graduated project of Cloud Native Computing Foundation httpscncfio
Popularly known as ldquoContainer Orchestratorrdquo
It is a modern ldquoCluster Managerrdquo for automating deployment scaling and management of containerized applications
IBM Cloud17
Kubernetes ndash Features (1)
Automatic binpacking
minus Automatically places containers on nodes Mix critical and best-effort workloads in order to drive up utilization
Horizontal scaling
minus Scale application up or down with a simple command with a UI or automatically based on CPU usage
Automated rollouts and rollbacks
minus Kubernetes progressively rolls out changes to the application or its configuration while monitoring application health to ensure that it doesnrsquot kill all instances at the same time
Storage orchestration
minus Automatically mount the storage system of your choice whether from local public or SAN such as iSCSI Gluster Ceph Cinder Flocker NFS or IBM Spectrum Scale
IBM Cloud18
Kubernetes ndash Features (2)
Self-healing
minus Restart containers that fail replace and reschedules containers when nodes die kill containers that do not respond to user defined health checks
Service discovery and load balancing
minus No need to modify the application to use an unfamiliar service discovery mechanism Kubernetes gives containers their own IP addresses and a single DNS name for a set of containers
Secret and configuration management
minus Deploy and update secrets and application configuration without rebuilding your image and without exposing secrets in your stack configuration
Batch Execution
minus In addition to services Kubernetes can manage your batch and CI workloads replacing containers that fail if desired
IBM Cloud19
Kubernetes Architecture
Kubernetes Cluster
Kubelet
Worker NodeKubelet
Worker NodeKubelet
Worker Node
Master Node
API Server
Scheduler ControllerDistributed etcd
key-value datastore
Image Registry
Container -
1Container -
2Container -
3Container -
4Container -
5Container -
6Container -
7Container -
8Container -
n
Kubernetes REST API
Command
LineWeb UI
IBM Cloud20
Kubernetes WorkloadsPod ndash the basic building block for Kubernetes
Smallest and simplest unit in Kubernetes object model
Pod encapsulates an application container (or multiple containers) storage resources a unique network IP and options that govern how the container should run
Pod is a unit of deployment
Pod runs one or more containers as a unit
Docker is the container runtime used in IBM Cloud Private
One-container-per-pod model is most common use case
Kubernetes manages the pod rather than containers directly
Pods can run multiple containers that need to work together and toshare resources
Pods are designed as relatively ephemeral disposable entities
Pods do not self-heal by themselves ndash a higher level abstractiondoes this
IBM Cloud21
Kubernetes ConfigurationsCreate YAML for creating resources on KubernetesYAML ndash Yet Another Markup Language or YAML Ainrsquot Markup Language
Types of structures required in Kubernetes
minus Maps
minus Lists
YAML Maps - let you associate name value pair For example---apiVersion v1kind pod
YAML Maps ndash Create a key that maps to another map---apiVersion v1kind podmetadata
name db2labels
app db2
IBM Cloud22
Kubernetes Configurations ndash Create YAML (continued)YAML Lists are literally a sequence of objects Members in the list can also be maps
---apiVersion v1kind podmetadata
name db2labels
app db2spec
containers- name front-endimage nginxports
- containerPort 80- name db2-oltpimage storeibmcorpdb2_developer_c11144ports
- containerPort 50000
A YAML manifest has four components to define a Kubernetes resourcebull apiVersionbull kindbull metadatabull spec
IBM Cloud23
Kubernetes Workloads ndash Create a Pod
Create a nginx pod ndash icp01yaml--- Simple yaml file to create an nginx podapiVersion v1kind Podmetadata
name nginxlabels
app nginxspec
containers- name nginx
image nginx179ports- containerPort 80
Create the pod
$ kubectl apply -f icp01yaml
podnginx created
Check pod status
$ kubectl get pods
NAME READY STATUS RESTARTS AGE
nginx 11 Running 0 13s
IBM Cloud24
Kubernetes Workloads - ControllersControllers can create and manage pods for you
ReplicaSet
minus A ReplicaSet ensures that a specified number of pod replicas are running at any given time
Deployments
minus Deployment is a higher-level concept that manages ReplicaSets and provides declarative updates to pods
minus Example Create a deployment to rollout a ReplicaSet
StatefulSets
minus StatefulSets represent a set of pods with unique persistent identities and stable hostnames that are maintained regardless where they are scheduled
minus Examples Db2 Redis IBM MQ
DaemonSets
minus A DaemonSet ensures that nodes (all or some) run a copy of pod As nodes are added pods are added to them
minus Example Cluster storage daemon such as glusterd ceph logs collection on each node
Jobs CronJobs
minus A job creates one or more pods and ensures that a specified number of them successfully terminate
IBM Cloud25
Kubernetes Network - Services
Without services Pods are not visible outside the cluster
To enable communication from outside world to the Pods services are created
Internal Service Endpoints ndash Available inside the cluster only
External Service Endpoints - DNS names C-Names or A-records available to access pods
With the help of labels and selectors the services are tied to the pods
Service Types
minus ClusterIP ndash Service is reachable only from inside of the cluster
minus NodePort ndash Service is reachable through NodeIPNodePort
minus LoadBalancer ndash Service is reachable through an external load balancer mapped to NodeIPNodePort address
IBM Cloud26
Kubernetes Storage ndash Volume types
Host-based
minus EmptyDir
minus HostPath
Block Storage
minus IBM Block Storage
minus Amazon EBS
minus GCE Persistent Disk
minus vSphere Volumes
Distributed File System
minus IBM Spectrum Scale
minus NFS
minus Ceph
minus GlusterFS
minus Amazon EFS
minus Azure File System
Other
minus Flocker
minus iSCSI
minus Git Repository
minus Quobyte
IBM Cloud27
Kubernetes Storage ndash Persistence in Pods
Pods are ephemeral and stateless
Applications need persistent storage
Volumes is a way to get persistence to a Pod
Kubernetes volumes are similar to Docker volumes but are managed differently
All containers in a Pod can access the volume
Volumes are associated with the lifecycle of a Pod
Directories in a host are exposed as volumes in Pod
Volumes may be based on a variety of back-end storage types
IBM Cloud28
Kubernetes StoragePersistent volume and persistent volume claim
The Kubernetes Volume abstraction provides
minusPersistent Volume (PV) ndash Provisioned by an administrator
minusPersistent Volume Claim (PVC) ndash Requested by an user and Heketi provisions PVC ndash which creates a PV
minus Storage Class (SC) ndash Storage profiles offered by admins
Persistent
Volume
Block Storage Distributed File System IBM
Spectrum Scale
Worker Node
Pod 1 Pod 1
Persistent
Volume
Claim
IBM Cloud29
Kubernetes SecretsDecouple container with sensitive information
Secret holds sensitive information such as password OAuth tokens and more
Secret is an abstraction to decouple sensitive data
To use a secret Pod needs to reference the secret
Secret can be used in a Pod as files in a volume mounted on one or more containers or used by kubelet when pulling images for the Pod
$ kubectl -n stocktrader
create secret generic db2
--from-literal=id=db2psc
--from-literal=pwd=password
--from-literal=host=dev-ibm-db2oltp-devdefaultsvcclusterlocal
--from-literal=port=50000
--from-literal=db=PSDB
IBM Cloud30
IBM Cloud Private catalog ndash Helm Charts
Db2 chart
DSM chart
IBM Cloud31
IBM Cloud Private catalog ndash What is a Helm Chart
Helm is the package manager in IBM Cloud Private
Tiller is the server that serves the Helm content
Helm charts help to define install and upgrade software in an automated fashion
Helm charts can be deployed using GUI or command line
Software packages are available from IBM Charts Repository
Available at httpsgithubcomIBMcharts
IBM Cloud Private catalog requires internet connectivity to show available charts
In an air-gap environment you can build your own Local Charts repository
IBM Cloud32
IBM Charts Repository httpsgithubcomIBMchartstreemasterstable
Db2 chart
DSM chart
IBM Cloud33
Helm command line ndash Helm and Tiller
Helm is the client and Tiller is the server ndash runs on master node
$ helm version
Client v272+icp
Error cannot connect to Tiller
Use of --tls is required to do Helm operations
$ helm version --tls
Client v272+icp
Server v272+icp
Helm and Tiller version must be same ndash do not download Helm from Internet
IBM Cloud34
Deploying Db2 on Kubernetes
IBM Cloud35
Db2-based Containers running on Kubernetes (Sep 2019)Product Version Worker
Nodes
Pods PVCs Comments
Db2 OLTP 11144 1 1 1
Db2 OLTP HADR 11144 3 5 6 1x Db2 primary 1x Db2 standby 3x etcd for cluster
manager addntl PVC for HADR setup
Data Server
Manager
215 1 2 2 1x DSM 1x Db2 repository database
Includes Db2 111 engine
Db2 Warehouse
SMP
3100 1 1 1 Includes Db2 111 engine
Db2 Warehouse
MPP
3100 3+ 3+ 1 Includes Db2 111 engine
Requires IBM Cloud Pak for Data
Coming soon
minus Red Hat OpenShift Kubernetes support
minus Db2 v115 engine
IBM Cloud36
IBM Cloud Private Kubernetes platform
IBM Cloud37
Before deploying Db2 OLTP to Kubernetes a couple of stepsneed to be performed
Creating a new namespace (optional)
Configuring a pod security policy
Configuring an image pull secret
Configuring the service account
IBM Cloud38
Creating the Namespace for the Db2 OLTP containers
We will create new namespace where all our Pods for Db2 OLTP Db2 OLTP HADR and Data Server Manager will run
Create the namespace for example stock-trader-data
$ kubectl create namespace stock-trader-data
namespacestock-trader-data created
Switch the context to the newly created namespace
$ kubectl config set-context $(kubectl config current-context)
--namespace=stock-trader-data
Context mycluster-context modified
Verify pods There should be no pods running as we just created the namespace$ kubectl get podsNo resources found
IBM Cloud39
Configuring Pod Security Policy for Db2$ cat pre01yamlapiVersion extensionsv1beta1kind PodSecurityPolicymetadata
name db2-privilegesspec
allowPrivilegeEscalation trueprivileged falseallowedCapabilities- SETPCAP- MKNOD- AUDIT_WRITE- CHOWN- NET_RAW- DAC_OVERRIDE- FOWNER- FSETID- KILL- SETGID- SETUID- NET_BIND_SERVICE- SYS_CHROOT- SETFCAP- SYS_RESOURCE- IPC_OWNER- SYS_NICEfsGroup
rule RunAsAnyhostIPC true
hostNetwork falsehostPID falsehostPorts- max 65535
min 1runAsUser
rule RunAsAnyseLinux
rule RunAsAnysupplementalGroups
rule RunAsAnyvolumes-
Configure the pod security policy$ kubectl apply -f pre01yamlpodsecuritypolicyextensionsdb2-privileges configured
Verify the results$ kubectl get psp
db2-privileges false SETPCAPMKNODAUDIT_WRITECHOWNNET_RAWDAC_OVERRIDEFOWNERFSETIDKILLSETGIDSETUIDNET_BIND_SERVICESYS_CHROOTSETFCAPSYS_RESOURCEIPC_OWNERSYS_NICE RunAsAny RunAsAny RunAsAny RunAsAnyfalse
IBM Cloud40
Configuring Image Pull Secret for Db2
We need to create a image pull secret to give Kubernetes the credentials to pull the Db2 Developer-C and DSM images from Docker Hub
The username password and email are the credentials form Docker Hub
Note that you need to subscribe the Db2 and DSM images in Docker Hub first
Configure the image pull secret$ kubectl create secret docker-registry dockerhub
--docker-username=ltyour dockerhub usernamegt--docker-password=ltyour dockerhub passwordgt--docker-email=ltyour dockerhub emailgt--namespace=ltyour namespacegt
secretdockerhub created
Verify the result$ kubectl get secretsNAME TYPE DATA AGEdefault-token-mwvpl kubernetesioservice-account-token 3 17ddockerhub kubernetesiodockerconfigjson 1 13m
IBM Cloud41
Configuring Service Account for Db2$ more pre04yaml---kind ClusterRoleapiVersion rbacauthorizationk8siov1metadataname db2-privileges-cluster-role
rules- apiGroups [extensions]resources [podsecuritypolicies]verbs [use]resourceNames- db2-privileges
---kind ClusterRoleBindingapiVersion rbacauthorizationk8siov1metadataname db2-privileges-cluster-role-binding
roleRefkind ClusterRolename db2-privileges-cluster-roleapiGroup rbacauthorizationk8sio
subjects- kind ServiceAccountname defaultnamespace stock-trader-data
The YAML specification file that defines the cluster role and the cluster role binding for the service account
Configure the service account$ kubectl apply -f pre04yamlclusterrolerbacauthorizationk8siodb2-privileges-cluster-role createdclusterrolebindingrbacauthorizationk8siodb2-privileges-cluster-role-binding created
Verify the results$ kubectl get psp
db2-privileges false SETPCAPMKNODAUDIT_WRITECHOWNNET_RAWDAC_OVERRIDEFOWNERFSETIDKILLSETGIDSETUIDNET_BIND_SERVICESYS_CHROOTSETFCAPSYS_RESOURCEIPC_OWNERSYS_NICE RunAsAny RunAsAny RunAsAnyRunAsAny false
IBM Cloud42
Helm Charts for Db2 and DSM
IBM Cloud43
Helm install command to deploy Db2 OLTP on Kubernetes
Installing Db2 OLTP server with one database in 2 minutes
$ helm install --name db2-01 ibm-chartsibm-db2oltp-dev
--tls
--set db2instinstname=db2inst1
--set db2instpassword=passw0rd
--set optionsdatabaseName=MYDB
--set dataVolumesize=20Gi
Size of the
Db2 data
volume
Name of database that
will be created
If not specified no
database will be
created
Instance
owner name
Instance owner
password
Db2 OLTP
Helm chart
name
Helm release
name
different for each
deployment
Additional parameters available for example to enable Oracle compatibilitySee httpsgithubcomIBMchartstreemasterstableibm-db2oltp-dev
IBM Cloud44
Letrsquos verify if we can connect to the MYDB database (1)
Get list of running pods and verify that Db2 OLTP pod is running
$ kubectl get podsNAME READY STATUS RESTARTS AGEdb2-01-ibm-db2oltp-dev-0 11 Running 1 7h57m
Review the logs of the Db2 OLTP container
$ kubectl logs -f db2-01-ibm-db2oltp-dev-009152019 160430 0 0 SQL1063N DB2START processing was successfulSQL1063N DB2START processing was successful() Starting TEXT SEARCH service CIE00001 Operation completed successfullyssh-keygen generating new host keys RSA1 RSA DSA ECDSA ED25519() All databases are now active() Setup has completed
IBM Cloud45
Letrsquos verify if we can connect to the MYDB database (2)
Login to the Db2 OLTP container and connect to MYDB Db2 database
$ kubectl exec -it db2-01-ibm-db2oltp-dev-0 --binbash su - db2inst1Last login Sun Sep 15 161711 UTC 2019$ db2 connect to MYDB
Database Connection Information
Database server = DB2LINUXX8664 11144SQL authorization ID = DB2INST1Local database alias = MYDB
IBM Cloud46
Cataloging the MYDB database
We need to catalog the MYDB database to access from Db2 client
binbash
NODE_PORT=$(kubectl get --namespace stock-trader-data
-o jsonpath=specports[0]nodePort services db2-01-ibm-db2oltp-dev-db2)
echo Cataloging node db2tcp1
db2 -v uncatalog node DB2TCP1
db2 -v catalog tcpip node DB2TCP1 remote 19216827100 server $NODE_PORT
echo Cataloging database MYDB at node db2tcp1
db2 -v uncatalog database MYDB
db2 -v catalog database MYDB at node DB2TCP1
db2 terminate
We get the Db2 port
from the Db2 OLTP
helm release service
definition
IBM Cloud47
Kubernetes resources for Db2 OLTP$ helm status db2-01 --tlsNAME db2-01LAST DEPLOYED Sun Sep 15 081114 2019NAMESPACE stock-trader-dataSTATUS DEPLOYEDRESOURCES==gt v1SecretNAME TYPE DATA AGEdb2-01-ibm-db2oltp-dev Opaque 1 1s==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
db2-01-data-stor Bound vol12 20Gi RWO 1s
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
db2-01-ibm-db2oltp-dev-db2 NodePort 100050 ltnonegt 5000030463TCP5500032236TCP 1sdb2-01-ibm-db2oltp-dev ClusterIP None ltnonegt 50000TCP55000TCP60006TCP60007TCP 1s==gt v1StatefulSetNAME DESIRED CURRENT AGE
db2-01-ibm-db2oltp-dev 1 1 1s
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdb2-01-ibm-db2oltp-dev-0 01 Init01 0 1s 1 Pod runs
the Db2
container
2 Services for
Db2 1x external
1x internal
1 StatefulSet
DESIRED = 1
1 PVC (RWO) for db
files logs amp config
1 Secret
Db2 instance
owner password
IBM Cloud48
Helm install command for deploying Db2 OLTP HADR
Setting up a Db2 OLTP v111 HADR cluster pair in 5 minutes with 1 command
helm install --name db2-02 ibm-chartsibm-db2oltp-dev
--tls
--set db2instinstname=db2inst1
--set db2instpassword=passw0rd
--set optionsdatabaseName=HADB
--set dataVolumesize=20Gi--set hadrenabled=true
Additional parameter
hadrenabled set to true to
indicate that we want a
HADR setup
IBM Cloud49
Verify that Db2 HADR is working
IBM Cloud50
Kubernetes resources for Db2 OTLP HADRNAME db2-02LAST DEPLOYED Tue Sep 17 082433 2019NAMESPACE stock-trader-dataSTATUS DEPLOYEDRESOURCES==gt v1SecretNAME TYPE DATA AGEdb2-02-ibm-db2oltp-dev Opaque 1 1s==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
db2-02-hadr-stor Bound vol09 20Gi RWX 1s
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
db2-02-ibm-db2oltp-dev-db2 NodePort 100061 ltnonegt 5000032422TCP5500032181TCP 1sdb2-02-ibm-db2oltp-dev ClusterIP None ltnonegt 50000TCP55000TCP60006TCP60007TCP 1sdb2-02-ibm-db2oltp-dev-etcd ClusterIP None ltnonegt 2380TCP2379TCP 1s==gt v1StatefulSetNAME DESIRED CURRENT AGE
db2-02-ibm-db2oltp-dev 2 2 1s
==gt v1beta2StatefulSet
db2-02-ibm-db2oltp-dev-etcd 3 0 1s
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdb2-02-ibm-db2oltp-dev-0 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-1 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-etcd-0 01 ContainerCreating 0 1sdb2-02-ibm-db2oltp-dev-etcd-1 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-etcd-2 01 Pending 0 1s
5 Pods
2x Db2 3x etcd
3 Services
2x Db2 1x etcd
2 StatefulSets
Db2 DESIRED=2
etcd DESIRED=3
1 PVC (RWX)
for HADR setup (1)
1 Secret
Db2 instance
owner password
(1) 5 addntl PVCs are being created
implicitly for 2x Db2 and 3x etcd
IBM Cloud51
Kubernetes Job to deploy SQL $ cat single04yamlapiVersion batchv1kind Jobmetadata
name db2-01-create-database-schemaspec
templatespec
containers- name db2-01-create-database-schema
image storeibmcorpdb2_developer_c11144-x86_64command [ binsh-cscriptsdb2-setupsh ]volumeMounts- name db2-createschema
mountPath scriptssecurityContext
capabilitiesadd [SYS_RESOURCE IPC_OWNER SYS_NICE]
env- name LICENSE
value accept- name DB2INSTANCE
value db2inst1- name DB2INST1_PASSWORD
valueFromsecretKeyRef
name db2-01-ibm-db2oltp-devkey password
- name DB2_SERVICE_NAMEvalue db2-01-ibm-db2oltp-dev
- name DBNAMEvalue mydb
restartPolicy Nevervolumes- name db2-createschema
configMapname db2-createschemadefaultMode 0744
backoffLimit 1---apiVersion v1data
db2-setupsh |binshexport SETUPDIR=vardb2_setupsource $SETUPDIRincludedb2_constantssource $SETUPDIRincludedb2_common_functionsif getent passwd $DB2INSTANCE gt devnull 2gtamp1 then
echo () Previous setup has not been detected Creating create_users
fiif create_instance then
exit 1fistart_db2cp scriptsdb2-createschemash databasedb2-createschemashchmod +x databasedb2-createschemashsu - $DB2INSTANCE -c databasedb2-createschemash
$DB2_SERVICE_NAME $DB2INSTANCEldquo$DB2INST1_PASSWORD $DBNAME
IBM Cloud52
Kubernetes Job to deploy SQL (contrsquod)db2-createschemash |
binshDB2_SERVICE_NAME=$1DB2INSTANCE=$2DB2INST1_PASSWORD=$3DBNAME=$4echo Configure schema for database $DBNAME on host $DB2_SERVICE_NAMEdb2 catalog tcpip node DB2NODE remote $DB2_SERVICE_NAME server 50000db2 catalog db $DBNAME as $DBNAME at node DB2NODEdb2 terminatedb2 activate database $DBNAME user $DB2INSTANCE using $DB2INST1_PASSWORDdb2 connect to $DBNAME user $DB2INSTANCE using $DB2INST1_PASSWORDsleep 2db2 -tvmf scriptsps-bp-tbspsqlsleep 10db2 -tvmf scriptsps-tablessqlecho Database $DBNAME has been configured
ps-bp-tbspsql |CREATE BUFFERPOOL BP32K PAGESIZE 32KCREATE TABLESPACE TS32 PAGESIZE 32K BUFFERPOOL BP32K
ps-tablessql |CREATE TABLE PS_TABLE(PS_TABLE_ID INTEGER NOT NULL GENERATED ALWAYS AS IDENTITY (START WITH 100000 INCREMENT BY 5) [hellip] IN TS32INSERT INTO PS_TABLE (SSNFIRST_NAMELAST_NAMEJOB_CODEDEPTSALARYDOB) WITH TEMP1 [hellip] CREATE TABLE PS_HISTORY ( FIRSTNAME VARCHAR(20) NOT NULL LASTNAME VARCHAR(20) NOT NULL JOBCODE CHAR(4) NOT NULL ) IN TS32 GRANT ALL ON ps_table TO PUBLICGRANT ALL ON ps_history TO PUBLIC
kind ConfigMapmetadata
name db2-createschema
IBM Cloud53
Deploying the Job to run the SQL
We deploy the Kubernetes job that runs the SQL on the MYDB database
$ kubectl apply ndashf single04yaml
jobbatchdb2-01-create-database-schema created
configmapdb2-createschema configured
We verify that the job has been created
$ kubectl get jobs
NAME COMPLETIONS DURATION AGE
db2-01-create-database-schema 01 0s 0s
Eventually the job completes
$ kubectl get jobs
NAME COMPLETIONS DURATION AGE
db2-01-create-database-schema 11 109s 45m
IBM Cloud54
Verifying the logs from the Job that runs the SQL on MYDBWe run a script to retrieve the logs form the job
binbash
kubectl config set-context $(kubectl config current-context) --namespace=stock-trader-data
pod=$(kubectl get pods --selector=job-name=db2-01-create-database-schema --output=jsonpath=items[]metadataname)
kubectl logs -f $pod
Output
[hellip]
DB20000I The SQL command completed successfully
GRANT ALL ON ps_table TO PUBLIC
DB20000I The SQL command completed successfully
GRANT ALL ON ps_history TO PUBLIC
DB20000I The SQL command completed successfully
Database mydb has been configured
IBM Cloud55
Deploying Data Server Manager (DSM) with the GUI
IBM Cloud56
Deploying Data Server Manager (DSM) with the GUI (2)
IBM Cloud57
Getting the URL of Data Server Manager
We need to query Kubernetes for the URL of the DSM GUI
binbash
export NODE_PORT=$(kubectl get --namespace stock-trader-data -o jsonpath=spec
ports[1]nodePort services dsm-01-ibm-dsm-dev)
export NODE_IP=$(kubectl get nodes --namespace stock-trader-data -o jsonpath=
items[0]statusaddresses[0]address)
echo https$NODE_IP$NODE_PORT
=gt https1921682710030462 (can be different on your system)
IBM Cloud58
Accessing Data Server Manager
IBM Cloud59
Data Server Manager HomepageAll Db2 OLTP instances running in the
same namespace as DSM will be auto-
discovered and monitored by DSM
IBM Cloud60
DSM Kubernetes resources (12)$ helm status dsm-01 --tlsLAST DEPLOYED Mon Sep 16 120102 2019NAMESPACE stock-trader-dataSTATUS DEPLOYED
RESOURCES==gt v1RoleBindingNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGEdsm-01-repository NodePort 1000233 ltnonegt 5000032695TCP5500032203TCP 8mdsm-01-ibm-dsm-dev NodePort 100085 ltnonegt 1108032444TCP1108130462TCP 8m
==gt v1beta1DeploymentNAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGEdsm-01-repository 1 1 1 1 8mdsm-01-ibm-dsm-dev 1 1 1 1 8m
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdsm-01-repository-76f87d47d4-dlqh4 11 Running 0 8mdsm-01-ibm-dsm-dev-b976d89bd-dflqn 22 Running 0 8m
2 RoleBindings
2 Services
1x Db2 (repodb)
1x DSM
2 Deployments
2 Pods
1 Db2 1 DSM
IBM Cloud61
DSM Kubernetes resources (22)
[hellip]==gt v1SecretNAME TYPE DATA AGEdsm-01-repository-db2-passwd Opaque 1 8mdsm-01-ibm-dsm-dev-dsm-passwd Opaque 1 8m
==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGEdsm-01-repository-data-stor Bound vol14 20Gi RWO 8mdsm-01-ibm-dsm-dev-datavolume Bound vol12 20Gi RWO 8m
==gt v1ServiceAccountNAME SECRETS AGEdsm-repodb-dsm-01-repository 1 8mdsm-dsm-01-ibm-dsm-dev 1 8m
==gt v1RoleNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
2 Secrets 1 DSM
asmin 1 Db2
instance owner
2 PVCs 1 DSM
Db2
3 Roles
IBM Cloud62
Additional Resources
IBM Cloud63
Additional Resources ndash Kubernetes Docker Helm
Kubernetes
minus httpskubernetesiodocstutorialskubernetes-basics
Kubernetes in the Enterprise eBook
minus ibmbizBdYA4i
Docker
minus httpsdocsdockercomget-started
Docker Hub
minus httpshubdockercom
Helm
minus httpshelmshdocs
IBM Cloud64
Additional Resources ndash IBM Cloud Private OpenShift
IBM Cloud Private Documentation
minus httpswwwibmcomsupportknowledgecenterenSSBS6K_320kc_welcome_containershtml
Deploy IBM Cloud Private Community Edition using Vagrant
minus httpsgithubcomIBMdeploy-ibm-cloud-privateblobmasterdocsdeploy-vagrantmd
Red Hat OpenShift Container Platform Documentation
minus httpsdocsopenshiftcomcontainer-platform41welcomeindexhtml
IBM Cloud65
Additional Resources ndash Db2 Db2Wh DSMDb2 Integration into IBM Cloud Private
minus httpsdeveloperibmcomrecipestutorialsdb2-integration-into-ibm-cloud-private
Db2 on IBM Cloud Private with Red Hat OpenShift
minus httpsdeveloperibmcomrecipestutorialsibm-db2-on-ibm-cloud-private-with-redhat-openshift
IBM Db2 Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-db2oltp-dev
IBM Data Server Manager Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-dsm-dev
Deploying Db2 Warehouse SMP using Kubernetes
minus httpswwwibmcomsupportknowledgecenterenSSCJDQcomibmswgimdashdbdocadmindeploy_kubernetes_smphtml
Deploying Db2 Warehouse SMP and MPP on IBM Cloud Pak for Data
minus httpswwwibmcomsupportknowledgecenterenSSQNUZ_210comibmicpdatadoczenadmindb-reqshtmldb-reqs__db2warehouse
IBM Cloud66
Presentation on Db2 and Docker from Db2 Aktuell 2018
IBM Cloud67
Summary
IBM Cloud68
Summary
Micro Services and Containers
Kubernetes Basics
Deploying Db2 on Kubernetes
minus Db2 OLTP Single Server
minus Db2 OLTP HADR
minus Data Server Manager (DSM)
Additional Resources
Summary
IBM Cloud69
Claus Huempel IBM Deutschland GmbH
Karl-Arnold-Platz 1a
Technical Sales Professional 40474 Duesseldorf
Hybrid Data Management Germany
Mobile +49-177-3627278
Email chuempeldeibmcom
Thank You
IBM Cloud70
IBM Cloud10
Private Clouds address the new IT realityCreated by digital transformation
Method Development Deployment Environment
Waterfall Monolithic Bare metal On-Premises
Agile Programming N-Tier Virtual Server Off-Premises
Agile DevOps Microservices Containers Cloud
Hypervisor
Infrastructure
GuestOS
GuestOS
GuestOS
BinsLibs BinsLibs BinsLibs
App 1 App 2 App 3
Operating System
Infrastructure
BinsLibs BinsLibs BinsLibs
App 1 App 2 App 3
Container Engine
Tim
e t
o v
alu
e
Perc
ep
tio
n o
f co
st
IBM Cloud11
Public Cloud + Private Cloud = Hybrid Cloud Different cloud options
Public CloudOn-Premises
Private Cloud
Hosted Private
CloudHybrid Cloud
Hardware
Deployment and
Management
Vendor Customer Vendor
Shared between
vendor and
customer
Hardware Sharing
ModelShared Dedicated Dedicated
Partially shared
and partially
dedicated
Scalability High Medium High High
Low Cost Yes Sometimes Sometimes Sometimes
Predictable Cost No Yes Yes No
Utility Billing Yes No Depends on vendor Partial
Flexibility Yes Limited Limited Yes
Customization
CapabilitiesNo Yes Depends on vendor Partial
Enhanced Security
and ComplianceNo Yes Yes Yes
Instant
ProvisioningYes Yes Yes Yes
A ldquoHybrid Cloudrdquo is a highly orchestrated environment where all sources act as one
A ldquoMulti-cloudrdquo environment simply refers to the use of multiple cloud sources of any kind without necessarily being orchestrated
IBM Cloud12
Why care about Private CloudsAdoption brings agility and efficiency
Cost Efficient amp Scalable
Infrastructure
Accelerate Time to Market
Build package amp deploy applications in
containers run at scale with Kubernetes
Refactor applications into microservices
amp modernize monolithic applications
Manage Data at Scale
Access govern amp analyze your data at
scale accelerate your journey to AI
50 Benefit
3-Year $54 Million Cost Savings 255 ROI
Business Value Assessment Customer Output
Standard On-Premises vs IBM Cloud Private
Data CenterSystem Utilization amp Server Reduction
75 BenefitManage PerformanceElasticity Bursting High Availability
35 BenefitDevOpsFaster Deployments
30 BenefitDeployment EfficiencyContainers amp Microservices
50 BenefitImproved SecurityManagement amp Risk Reduction
IBM Cloud13
Private Cloud Platform Market LeadersOpenShift and IBM Cloud Private
IBM Cloud Private
IBM Cloud14
Kubernetes Basics
IBM Cloud15
Kubernetes Basics
Kubernetes Overview
minusOpen Source Project
minus Features
minusArchitecture
Kubernetes Workloads
minus Pods and YAML
minus Controllers
Kubernetes Networking
minus Services
Kubernetes Storage
minus Volume types
minus Persistent volumes
minus Persistent volume claims
Kubernetes Security
minus Secrets
IBM Cloud Private Catalog
minusHelm Charts
minusHelm CLI
IBM Cloud16
Kubernetes ndash Open Source Project
Greek work for ldquoHelmsmanrdquo
Itrsquos Open Source - httpsgithubcomkuberneteskubernetes
Itrsquos a graduated project of Cloud Native Computing Foundation httpscncfio
Popularly known as ldquoContainer Orchestratorrdquo
It is a modern ldquoCluster Managerrdquo for automating deployment scaling and management of containerized applications
IBM Cloud17
Kubernetes ndash Features (1)
Automatic binpacking
minus Automatically places containers on nodes Mix critical and best-effort workloads in order to drive up utilization
Horizontal scaling
minus Scale application up or down with a simple command with a UI or automatically based on CPU usage
Automated rollouts and rollbacks
minus Kubernetes progressively rolls out changes to the application or its configuration while monitoring application health to ensure that it doesnrsquot kill all instances at the same time
Storage orchestration
minus Automatically mount the storage system of your choice whether from local public or SAN such as iSCSI Gluster Ceph Cinder Flocker NFS or IBM Spectrum Scale
IBM Cloud18
Kubernetes ndash Features (2)
Self-healing
minus Restart containers that fail replace and reschedules containers when nodes die kill containers that do not respond to user defined health checks
Service discovery and load balancing
minus No need to modify the application to use an unfamiliar service discovery mechanism Kubernetes gives containers their own IP addresses and a single DNS name for a set of containers
Secret and configuration management
minus Deploy and update secrets and application configuration without rebuilding your image and without exposing secrets in your stack configuration
Batch Execution
minus In addition to services Kubernetes can manage your batch and CI workloads replacing containers that fail if desired
IBM Cloud19
Kubernetes Architecture
Kubernetes Cluster
Kubelet
Worker NodeKubelet
Worker NodeKubelet
Worker Node
Master Node
API Server
Scheduler ControllerDistributed etcd
key-value datastore
Image Registry
Container -
1Container -
2Container -
3Container -
4Container -
5Container -
6Container -
7Container -
8Container -
n
Kubernetes REST API
Command
LineWeb UI
IBM Cloud20
Kubernetes WorkloadsPod ndash the basic building block for Kubernetes
Smallest and simplest unit in Kubernetes object model
Pod encapsulates an application container (or multiple containers) storage resources a unique network IP and options that govern how the container should run
Pod is a unit of deployment
Pod runs one or more containers as a unit
Docker is the container runtime used in IBM Cloud Private
One-container-per-pod model is most common use case
Kubernetes manages the pod rather than containers directly
Pods can run multiple containers that need to work together and toshare resources
Pods are designed as relatively ephemeral disposable entities
Pods do not self-heal by themselves ndash a higher level abstractiondoes this
IBM Cloud21
Kubernetes ConfigurationsCreate YAML for creating resources on KubernetesYAML ndash Yet Another Markup Language or YAML Ainrsquot Markup Language
Types of structures required in Kubernetes
minus Maps
minus Lists
YAML Maps - let you associate name value pair For example---apiVersion v1kind pod
YAML Maps ndash Create a key that maps to another map---apiVersion v1kind podmetadata
name db2labels
app db2
IBM Cloud22
Kubernetes Configurations ndash Create YAML (continued)YAML Lists are literally a sequence of objects Members in the list can also be maps
---apiVersion v1kind podmetadata
name db2labels
app db2spec
containers- name front-endimage nginxports
- containerPort 80- name db2-oltpimage storeibmcorpdb2_developer_c11144ports
- containerPort 50000
A YAML manifest has four components to define a Kubernetes resourcebull apiVersionbull kindbull metadatabull spec
IBM Cloud23
Kubernetes Workloads ndash Create a Pod
Create a nginx pod ndash icp01yaml--- Simple yaml file to create an nginx podapiVersion v1kind Podmetadata
name nginxlabels
app nginxspec
containers- name nginx
image nginx179ports- containerPort 80
Create the pod
$ kubectl apply -f icp01yaml
podnginx created
Check pod status
$ kubectl get pods
NAME READY STATUS RESTARTS AGE
nginx 11 Running 0 13s
IBM Cloud24
Kubernetes Workloads - ControllersControllers can create and manage pods for you
ReplicaSet
minus A ReplicaSet ensures that a specified number of pod replicas are running at any given time
Deployments
minus Deployment is a higher-level concept that manages ReplicaSets and provides declarative updates to pods
minus Example Create a deployment to rollout a ReplicaSet
StatefulSets
minus StatefulSets represent a set of pods with unique persistent identities and stable hostnames that are maintained regardless where they are scheduled
minus Examples Db2 Redis IBM MQ
DaemonSets
minus A DaemonSet ensures that nodes (all or some) run a copy of pod As nodes are added pods are added to them
minus Example Cluster storage daemon such as glusterd ceph logs collection on each node
Jobs CronJobs
minus A job creates one or more pods and ensures that a specified number of them successfully terminate
IBM Cloud25
Kubernetes Network - Services
Without services Pods are not visible outside the cluster
To enable communication from outside world to the Pods services are created
Internal Service Endpoints ndash Available inside the cluster only
External Service Endpoints - DNS names C-Names or A-records available to access pods
With the help of labels and selectors the services are tied to the pods
Service Types
minus ClusterIP ndash Service is reachable only from inside of the cluster
minus NodePort ndash Service is reachable through NodeIPNodePort
minus LoadBalancer ndash Service is reachable through an external load balancer mapped to NodeIPNodePort address
IBM Cloud26
Kubernetes Storage ndash Volume types
Host-based
minus EmptyDir
minus HostPath
Block Storage
minus IBM Block Storage
minus Amazon EBS
minus GCE Persistent Disk
minus vSphere Volumes
Distributed File System
minus IBM Spectrum Scale
minus NFS
minus Ceph
minus GlusterFS
minus Amazon EFS
minus Azure File System
Other
minus Flocker
minus iSCSI
minus Git Repository
minus Quobyte
IBM Cloud27
Kubernetes Storage ndash Persistence in Pods
Pods are ephemeral and stateless
Applications need persistent storage
Volumes is a way to get persistence to a Pod
Kubernetes volumes are similar to Docker volumes but are managed differently
All containers in a Pod can access the volume
Volumes are associated with the lifecycle of a Pod
Directories in a host are exposed as volumes in Pod
Volumes may be based on a variety of back-end storage types
IBM Cloud28
Kubernetes StoragePersistent volume and persistent volume claim
The Kubernetes Volume abstraction provides
minusPersistent Volume (PV) ndash Provisioned by an administrator
minusPersistent Volume Claim (PVC) ndash Requested by an user and Heketi provisions PVC ndash which creates a PV
minus Storage Class (SC) ndash Storage profiles offered by admins
Persistent
Volume
Block Storage Distributed File System IBM
Spectrum Scale
Worker Node
Pod 1 Pod 1
Persistent
Volume
Claim
IBM Cloud29
Kubernetes SecretsDecouple container with sensitive information
Secret holds sensitive information such as password OAuth tokens and more
Secret is an abstraction to decouple sensitive data
To use a secret Pod needs to reference the secret
Secret can be used in a Pod as files in a volume mounted on one or more containers or used by kubelet when pulling images for the Pod
$ kubectl -n stocktrader
create secret generic db2
--from-literal=id=db2psc
--from-literal=pwd=password
--from-literal=host=dev-ibm-db2oltp-devdefaultsvcclusterlocal
--from-literal=port=50000
--from-literal=db=PSDB
IBM Cloud30
IBM Cloud Private catalog ndash Helm Charts
Db2 chart
DSM chart
IBM Cloud31
IBM Cloud Private catalog ndash What is a Helm Chart
Helm is the package manager in IBM Cloud Private
Tiller is the server that serves the Helm content
Helm charts help to define install and upgrade software in an automated fashion
Helm charts can be deployed using GUI or command line
Software packages are available from IBM Charts Repository
Available at httpsgithubcomIBMcharts
IBM Cloud Private catalog requires internet connectivity to show available charts
In an air-gap environment you can build your own Local Charts repository
IBM Cloud32
IBM Charts Repository httpsgithubcomIBMchartstreemasterstable
Db2 chart
DSM chart
IBM Cloud33
Helm command line ndash Helm and Tiller
Helm is the client and Tiller is the server ndash runs on master node
$ helm version
Client v272+icp
Error cannot connect to Tiller
Use of --tls is required to do Helm operations
$ helm version --tls
Client v272+icp
Server v272+icp
Helm and Tiller version must be same ndash do not download Helm from Internet
IBM Cloud34
Deploying Db2 on Kubernetes
IBM Cloud35
Db2-based Containers running on Kubernetes (Sep 2019)Product Version Worker
Nodes
Pods PVCs Comments
Db2 OLTP 11144 1 1 1
Db2 OLTP HADR 11144 3 5 6 1x Db2 primary 1x Db2 standby 3x etcd for cluster
manager addntl PVC for HADR setup
Data Server
Manager
215 1 2 2 1x DSM 1x Db2 repository database
Includes Db2 111 engine
Db2 Warehouse
SMP
3100 1 1 1 Includes Db2 111 engine
Db2 Warehouse
MPP
3100 3+ 3+ 1 Includes Db2 111 engine
Requires IBM Cloud Pak for Data
Coming soon
minus Red Hat OpenShift Kubernetes support
minus Db2 v115 engine
IBM Cloud36
IBM Cloud Private Kubernetes platform
IBM Cloud37
Before deploying Db2 OLTP to Kubernetes a couple of stepsneed to be performed
Creating a new namespace (optional)
Configuring a pod security policy
Configuring an image pull secret
Configuring the service account
IBM Cloud38
Creating the Namespace for the Db2 OLTP containers
We will create new namespace where all our Pods for Db2 OLTP Db2 OLTP HADR and Data Server Manager will run
Create the namespace for example stock-trader-data
$ kubectl create namespace stock-trader-data
namespacestock-trader-data created
Switch the context to the newly created namespace
$ kubectl config set-context $(kubectl config current-context)
--namespace=stock-trader-data
Context mycluster-context modified
Verify pods There should be no pods running as we just created the namespace$ kubectl get podsNo resources found
IBM Cloud39
Configuring Pod Security Policy for Db2$ cat pre01yamlapiVersion extensionsv1beta1kind PodSecurityPolicymetadata
name db2-privilegesspec
allowPrivilegeEscalation trueprivileged falseallowedCapabilities- SETPCAP- MKNOD- AUDIT_WRITE- CHOWN- NET_RAW- DAC_OVERRIDE- FOWNER- FSETID- KILL- SETGID- SETUID- NET_BIND_SERVICE- SYS_CHROOT- SETFCAP- SYS_RESOURCE- IPC_OWNER- SYS_NICEfsGroup
rule RunAsAnyhostIPC true
hostNetwork falsehostPID falsehostPorts- max 65535
min 1runAsUser
rule RunAsAnyseLinux
rule RunAsAnysupplementalGroups
rule RunAsAnyvolumes-
Configure the pod security policy$ kubectl apply -f pre01yamlpodsecuritypolicyextensionsdb2-privileges configured
Verify the results$ kubectl get psp
db2-privileges false SETPCAPMKNODAUDIT_WRITECHOWNNET_RAWDAC_OVERRIDEFOWNERFSETIDKILLSETGIDSETUIDNET_BIND_SERVICESYS_CHROOTSETFCAPSYS_RESOURCEIPC_OWNERSYS_NICE RunAsAny RunAsAny RunAsAny RunAsAnyfalse
IBM Cloud40
Configuring Image Pull Secret for Db2
We need to create a image pull secret to give Kubernetes the credentials to pull the Db2 Developer-C and DSM images from Docker Hub
The username password and email are the credentials form Docker Hub
Note that you need to subscribe the Db2 and DSM images in Docker Hub first
Configure the image pull secret$ kubectl create secret docker-registry dockerhub
--docker-username=ltyour dockerhub usernamegt--docker-password=ltyour dockerhub passwordgt--docker-email=ltyour dockerhub emailgt--namespace=ltyour namespacegt
secretdockerhub created
Verify the result$ kubectl get secretsNAME TYPE DATA AGEdefault-token-mwvpl kubernetesioservice-account-token 3 17ddockerhub kubernetesiodockerconfigjson 1 13m
IBM Cloud41
Configuring Service Account for Db2$ more pre04yaml---kind ClusterRoleapiVersion rbacauthorizationk8siov1metadataname db2-privileges-cluster-role
rules- apiGroups [extensions]resources [podsecuritypolicies]verbs [use]resourceNames- db2-privileges
---kind ClusterRoleBindingapiVersion rbacauthorizationk8siov1metadataname db2-privileges-cluster-role-binding
roleRefkind ClusterRolename db2-privileges-cluster-roleapiGroup rbacauthorizationk8sio
subjects- kind ServiceAccountname defaultnamespace stock-trader-data
The YAML specification file that defines the cluster role and the cluster role binding for the service account
Configure the service account$ kubectl apply -f pre04yamlclusterrolerbacauthorizationk8siodb2-privileges-cluster-role createdclusterrolebindingrbacauthorizationk8siodb2-privileges-cluster-role-binding created
Verify the results$ kubectl get psp
db2-privileges false SETPCAPMKNODAUDIT_WRITECHOWNNET_RAWDAC_OVERRIDEFOWNERFSETIDKILLSETGIDSETUIDNET_BIND_SERVICESYS_CHROOTSETFCAPSYS_RESOURCEIPC_OWNERSYS_NICE RunAsAny RunAsAny RunAsAnyRunAsAny false
IBM Cloud42
Helm Charts for Db2 and DSM
IBM Cloud43
Helm install command to deploy Db2 OLTP on Kubernetes
Installing Db2 OLTP server with one database in 2 minutes
$ helm install --name db2-01 ibm-chartsibm-db2oltp-dev
--tls
--set db2instinstname=db2inst1
--set db2instpassword=passw0rd
--set optionsdatabaseName=MYDB
--set dataVolumesize=20Gi
Size of the
Db2 data
volume
Name of database that
will be created
If not specified no
database will be
created
Instance
owner name
Instance owner
password
Db2 OLTP
Helm chart
name
Helm release
name
different for each
deployment
Additional parameters available for example to enable Oracle compatibilitySee httpsgithubcomIBMchartstreemasterstableibm-db2oltp-dev
IBM Cloud44
Letrsquos verify if we can connect to the MYDB database (1)
Get list of running pods and verify that Db2 OLTP pod is running
$ kubectl get podsNAME READY STATUS RESTARTS AGEdb2-01-ibm-db2oltp-dev-0 11 Running 1 7h57m
Review the logs of the Db2 OLTP container
$ kubectl logs -f db2-01-ibm-db2oltp-dev-009152019 160430 0 0 SQL1063N DB2START processing was successfulSQL1063N DB2START processing was successful() Starting TEXT SEARCH service CIE00001 Operation completed successfullyssh-keygen generating new host keys RSA1 RSA DSA ECDSA ED25519() All databases are now active() Setup has completed
IBM Cloud45
Letrsquos verify if we can connect to the MYDB database (2)
Login to the Db2 OLTP container and connect to MYDB Db2 database
$ kubectl exec -it db2-01-ibm-db2oltp-dev-0 --binbash su - db2inst1Last login Sun Sep 15 161711 UTC 2019$ db2 connect to MYDB
Database Connection Information
Database server = DB2LINUXX8664 11144SQL authorization ID = DB2INST1Local database alias = MYDB
IBM Cloud46
Cataloging the MYDB database
We need to catalog the MYDB database to access from Db2 client
binbash
NODE_PORT=$(kubectl get --namespace stock-trader-data
-o jsonpath=specports[0]nodePort services db2-01-ibm-db2oltp-dev-db2)
echo Cataloging node db2tcp1
db2 -v uncatalog node DB2TCP1
db2 -v catalog tcpip node DB2TCP1 remote 19216827100 server $NODE_PORT
echo Cataloging database MYDB at node db2tcp1
db2 -v uncatalog database MYDB
db2 -v catalog database MYDB at node DB2TCP1
db2 terminate
We get the Db2 port
from the Db2 OLTP
helm release service
definition
IBM Cloud47
Kubernetes resources for Db2 OLTP$ helm status db2-01 --tlsNAME db2-01LAST DEPLOYED Sun Sep 15 081114 2019NAMESPACE stock-trader-dataSTATUS DEPLOYEDRESOURCES==gt v1SecretNAME TYPE DATA AGEdb2-01-ibm-db2oltp-dev Opaque 1 1s==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
db2-01-data-stor Bound vol12 20Gi RWO 1s
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
db2-01-ibm-db2oltp-dev-db2 NodePort 100050 ltnonegt 5000030463TCP5500032236TCP 1sdb2-01-ibm-db2oltp-dev ClusterIP None ltnonegt 50000TCP55000TCP60006TCP60007TCP 1s==gt v1StatefulSetNAME DESIRED CURRENT AGE
db2-01-ibm-db2oltp-dev 1 1 1s
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdb2-01-ibm-db2oltp-dev-0 01 Init01 0 1s 1 Pod runs
the Db2
container
2 Services for
Db2 1x external
1x internal
1 StatefulSet
DESIRED = 1
1 PVC (RWO) for db
files logs amp config
1 Secret
Db2 instance
owner password
IBM Cloud48
Helm install command for deploying Db2 OLTP HADR
Setting up a Db2 OLTP v111 HADR cluster pair in 5 minutes with 1 command
helm install --name db2-02 ibm-chartsibm-db2oltp-dev
--tls
--set db2instinstname=db2inst1
--set db2instpassword=passw0rd
--set optionsdatabaseName=HADB
--set dataVolumesize=20Gi--set hadrenabled=true
Additional parameter
hadrenabled set to true to
indicate that we want a
HADR setup
IBM Cloud49
Verify that Db2 HADR is working
IBM Cloud50
Kubernetes resources for Db2 OTLP HADRNAME db2-02LAST DEPLOYED Tue Sep 17 082433 2019NAMESPACE stock-trader-dataSTATUS DEPLOYEDRESOURCES==gt v1SecretNAME TYPE DATA AGEdb2-02-ibm-db2oltp-dev Opaque 1 1s==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
db2-02-hadr-stor Bound vol09 20Gi RWX 1s
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
db2-02-ibm-db2oltp-dev-db2 NodePort 100061 ltnonegt 5000032422TCP5500032181TCP 1sdb2-02-ibm-db2oltp-dev ClusterIP None ltnonegt 50000TCP55000TCP60006TCP60007TCP 1sdb2-02-ibm-db2oltp-dev-etcd ClusterIP None ltnonegt 2380TCP2379TCP 1s==gt v1StatefulSetNAME DESIRED CURRENT AGE
db2-02-ibm-db2oltp-dev 2 2 1s
==gt v1beta2StatefulSet
db2-02-ibm-db2oltp-dev-etcd 3 0 1s
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdb2-02-ibm-db2oltp-dev-0 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-1 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-etcd-0 01 ContainerCreating 0 1sdb2-02-ibm-db2oltp-dev-etcd-1 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-etcd-2 01 Pending 0 1s
5 Pods
2x Db2 3x etcd
3 Services
2x Db2 1x etcd
2 StatefulSets
Db2 DESIRED=2
etcd DESIRED=3
1 PVC (RWX)
for HADR setup (1)
1 Secret
Db2 instance
owner password
(1) 5 addntl PVCs are being created
implicitly for 2x Db2 and 3x etcd
IBM Cloud51
Kubernetes Job to deploy SQL $ cat single04yamlapiVersion batchv1kind Jobmetadata
name db2-01-create-database-schemaspec
templatespec
containers- name db2-01-create-database-schema
image storeibmcorpdb2_developer_c11144-x86_64command [ binsh-cscriptsdb2-setupsh ]volumeMounts- name db2-createschema
mountPath scriptssecurityContext
capabilitiesadd [SYS_RESOURCE IPC_OWNER SYS_NICE]
env- name LICENSE
value accept- name DB2INSTANCE
value db2inst1- name DB2INST1_PASSWORD
valueFromsecretKeyRef
name db2-01-ibm-db2oltp-devkey password
- name DB2_SERVICE_NAMEvalue db2-01-ibm-db2oltp-dev
- name DBNAMEvalue mydb
restartPolicy Nevervolumes- name db2-createschema
configMapname db2-createschemadefaultMode 0744
backoffLimit 1---apiVersion v1data
db2-setupsh |binshexport SETUPDIR=vardb2_setupsource $SETUPDIRincludedb2_constantssource $SETUPDIRincludedb2_common_functionsif getent passwd $DB2INSTANCE gt devnull 2gtamp1 then
echo () Previous setup has not been detected Creating create_users
fiif create_instance then
exit 1fistart_db2cp scriptsdb2-createschemash databasedb2-createschemashchmod +x databasedb2-createschemashsu - $DB2INSTANCE -c databasedb2-createschemash
$DB2_SERVICE_NAME $DB2INSTANCEldquo$DB2INST1_PASSWORD $DBNAME
IBM Cloud52
Kubernetes Job to deploy SQL (contrsquod)db2-createschemash |
binshDB2_SERVICE_NAME=$1DB2INSTANCE=$2DB2INST1_PASSWORD=$3DBNAME=$4echo Configure schema for database $DBNAME on host $DB2_SERVICE_NAMEdb2 catalog tcpip node DB2NODE remote $DB2_SERVICE_NAME server 50000db2 catalog db $DBNAME as $DBNAME at node DB2NODEdb2 terminatedb2 activate database $DBNAME user $DB2INSTANCE using $DB2INST1_PASSWORDdb2 connect to $DBNAME user $DB2INSTANCE using $DB2INST1_PASSWORDsleep 2db2 -tvmf scriptsps-bp-tbspsqlsleep 10db2 -tvmf scriptsps-tablessqlecho Database $DBNAME has been configured
ps-bp-tbspsql |CREATE BUFFERPOOL BP32K PAGESIZE 32KCREATE TABLESPACE TS32 PAGESIZE 32K BUFFERPOOL BP32K
ps-tablessql |CREATE TABLE PS_TABLE(PS_TABLE_ID INTEGER NOT NULL GENERATED ALWAYS AS IDENTITY (START WITH 100000 INCREMENT BY 5) [hellip] IN TS32INSERT INTO PS_TABLE (SSNFIRST_NAMELAST_NAMEJOB_CODEDEPTSALARYDOB) WITH TEMP1 [hellip] CREATE TABLE PS_HISTORY ( FIRSTNAME VARCHAR(20) NOT NULL LASTNAME VARCHAR(20) NOT NULL JOBCODE CHAR(4) NOT NULL ) IN TS32 GRANT ALL ON ps_table TO PUBLICGRANT ALL ON ps_history TO PUBLIC
kind ConfigMapmetadata
name db2-createschema
IBM Cloud53
Deploying the Job to run the SQL
We deploy the Kubernetes job that runs the SQL on the MYDB database
$ kubectl apply ndashf single04yaml
jobbatchdb2-01-create-database-schema created
configmapdb2-createschema configured
We verify that the job has been created
$ kubectl get jobs
NAME COMPLETIONS DURATION AGE
db2-01-create-database-schema 01 0s 0s
Eventually the job completes
$ kubectl get jobs
NAME COMPLETIONS DURATION AGE
db2-01-create-database-schema 11 109s 45m
IBM Cloud54
Verifying the logs from the Job that runs the SQL on MYDBWe run a script to retrieve the logs form the job
binbash
kubectl config set-context $(kubectl config current-context) --namespace=stock-trader-data
pod=$(kubectl get pods --selector=job-name=db2-01-create-database-schema --output=jsonpath=items[]metadataname)
kubectl logs -f $pod
Output
[hellip]
DB20000I The SQL command completed successfully
GRANT ALL ON ps_table TO PUBLIC
DB20000I The SQL command completed successfully
GRANT ALL ON ps_history TO PUBLIC
DB20000I The SQL command completed successfully
Database mydb has been configured
IBM Cloud55
Deploying Data Server Manager (DSM) with the GUI
IBM Cloud56
Deploying Data Server Manager (DSM) with the GUI (2)
IBM Cloud57
Getting the URL of Data Server Manager
We need to query Kubernetes for the URL of the DSM GUI
binbash
export NODE_PORT=$(kubectl get --namespace stock-trader-data -o jsonpath=spec
ports[1]nodePort services dsm-01-ibm-dsm-dev)
export NODE_IP=$(kubectl get nodes --namespace stock-trader-data -o jsonpath=
items[0]statusaddresses[0]address)
echo https$NODE_IP$NODE_PORT
=gt https1921682710030462 (can be different on your system)
IBM Cloud58
Accessing Data Server Manager
IBM Cloud59
Data Server Manager HomepageAll Db2 OLTP instances running in the
same namespace as DSM will be auto-
discovered and monitored by DSM
IBM Cloud60
DSM Kubernetes resources (12)$ helm status dsm-01 --tlsLAST DEPLOYED Mon Sep 16 120102 2019NAMESPACE stock-trader-dataSTATUS DEPLOYED
RESOURCES==gt v1RoleBindingNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGEdsm-01-repository NodePort 1000233 ltnonegt 5000032695TCP5500032203TCP 8mdsm-01-ibm-dsm-dev NodePort 100085 ltnonegt 1108032444TCP1108130462TCP 8m
==gt v1beta1DeploymentNAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGEdsm-01-repository 1 1 1 1 8mdsm-01-ibm-dsm-dev 1 1 1 1 8m
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdsm-01-repository-76f87d47d4-dlqh4 11 Running 0 8mdsm-01-ibm-dsm-dev-b976d89bd-dflqn 22 Running 0 8m
2 RoleBindings
2 Services
1x Db2 (repodb)
1x DSM
2 Deployments
2 Pods
1 Db2 1 DSM
IBM Cloud61
DSM Kubernetes resources (22)
[hellip]==gt v1SecretNAME TYPE DATA AGEdsm-01-repository-db2-passwd Opaque 1 8mdsm-01-ibm-dsm-dev-dsm-passwd Opaque 1 8m
==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGEdsm-01-repository-data-stor Bound vol14 20Gi RWO 8mdsm-01-ibm-dsm-dev-datavolume Bound vol12 20Gi RWO 8m
==gt v1ServiceAccountNAME SECRETS AGEdsm-repodb-dsm-01-repository 1 8mdsm-dsm-01-ibm-dsm-dev 1 8m
==gt v1RoleNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
2 Secrets 1 DSM
asmin 1 Db2
instance owner
2 PVCs 1 DSM
Db2
3 Roles
IBM Cloud62
Additional Resources
IBM Cloud63
Additional Resources ndash Kubernetes Docker Helm
Kubernetes
minus httpskubernetesiodocstutorialskubernetes-basics
Kubernetes in the Enterprise eBook
minus ibmbizBdYA4i
Docker
minus httpsdocsdockercomget-started
Docker Hub
minus httpshubdockercom
Helm
minus httpshelmshdocs
IBM Cloud64
Additional Resources ndash IBM Cloud Private OpenShift
IBM Cloud Private Documentation
minus httpswwwibmcomsupportknowledgecenterenSSBS6K_320kc_welcome_containershtml
Deploy IBM Cloud Private Community Edition using Vagrant
minus httpsgithubcomIBMdeploy-ibm-cloud-privateblobmasterdocsdeploy-vagrantmd
Red Hat OpenShift Container Platform Documentation
minus httpsdocsopenshiftcomcontainer-platform41welcomeindexhtml
IBM Cloud65
Additional Resources ndash Db2 Db2Wh DSMDb2 Integration into IBM Cloud Private
minus httpsdeveloperibmcomrecipestutorialsdb2-integration-into-ibm-cloud-private
Db2 on IBM Cloud Private with Red Hat OpenShift
minus httpsdeveloperibmcomrecipestutorialsibm-db2-on-ibm-cloud-private-with-redhat-openshift
IBM Db2 Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-db2oltp-dev
IBM Data Server Manager Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-dsm-dev
Deploying Db2 Warehouse SMP using Kubernetes
minus httpswwwibmcomsupportknowledgecenterenSSCJDQcomibmswgimdashdbdocadmindeploy_kubernetes_smphtml
Deploying Db2 Warehouse SMP and MPP on IBM Cloud Pak for Data
minus httpswwwibmcomsupportknowledgecenterenSSQNUZ_210comibmicpdatadoczenadmindb-reqshtmldb-reqs__db2warehouse
IBM Cloud66
Presentation on Db2 and Docker from Db2 Aktuell 2018
IBM Cloud67
Summary
IBM Cloud68
Summary
Micro Services and Containers
Kubernetes Basics
Deploying Db2 on Kubernetes
minus Db2 OLTP Single Server
minus Db2 OLTP HADR
minus Data Server Manager (DSM)
Additional Resources
Summary
IBM Cloud69
Claus Huempel IBM Deutschland GmbH
Karl-Arnold-Platz 1a
Technical Sales Professional 40474 Duesseldorf
Hybrid Data Management Germany
Mobile +49-177-3627278
Email chuempeldeibmcom
Thank You
IBM Cloud70
IBM Cloud11
Public Cloud + Private Cloud = Hybrid Cloud Different cloud options
Public CloudOn-Premises
Private Cloud
Hosted Private
CloudHybrid Cloud
Hardware
Deployment and
Management
Vendor Customer Vendor
Shared between
vendor and
customer
Hardware Sharing
ModelShared Dedicated Dedicated
Partially shared
and partially
dedicated
Scalability High Medium High High
Low Cost Yes Sometimes Sometimes Sometimes
Predictable Cost No Yes Yes No
Utility Billing Yes No Depends on vendor Partial
Flexibility Yes Limited Limited Yes
Customization
CapabilitiesNo Yes Depends on vendor Partial
Enhanced Security
and ComplianceNo Yes Yes Yes
Instant
ProvisioningYes Yes Yes Yes
A ldquoHybrid Cloudrdquo is a highly orchestrated environment where all sources act as one
A ldquoMulti-cloudrdquo environment simply refers to the use of multiple cloud sources of any kind without necessarily being orchestrated
IBM Cloud12
Why care about Private CloudsAdoption brings agility and efficiency
Cost Efficient amp Scalable
Infrastructure
Accelerate Time to Market
Build package amp deploy applications in
containers run at scale with Kubernetes
Refactor applications into microservices
amp modernize monolithic applications
Manage Data at Scale
Access govern amp analyze your data at
scale accelerate your journey to AI
50 Benefit
3-Year $54 Million Cost Savings 255 ROI
Business Value Assessment Customer Output
Standard On-Premises vs IBM Cloud Private
Data CenterSystem Utilization amp Server Reduction
75 BenefitManage PerformanceElasticity Bursting High Availability
35 BenefitDevOpsFaster Deployments
30 BenefitDeployment EfficiencyContainers amp Microservices
50 BenefitImproved SecurityManagement amp Risk Reduction
IBM Cloud13
Private Cloud Platform Market LeadersOpenShift and IBM Cloud Private
IBM Cloud Private
IBM Cloud14
Kubernetes Basics
IBM Cloud15
Kubernetes Basics
Kubernetes Overview
minusOpen Source Project
minus Features
minusArchitecture
Kubernetes Workloads
minus Pods and YAML
minus Controllers
Kubernetes Networking
minus Services
Kubernetes Storage
minus Volume types
minus Persistent volumes
minus Persistent volume claims
Kubernetes Security
minus Secrets
IBM Cloud Private Catalog
minusHelm Charts
minusHelm CLI
IBM Cloud16
Kubernetes ndash Open Source Project
Greek work for ldquoHelmsmanrdquo
Itrsquos Open Source - httpsgithubcomkuberneteskubernetes
Itrsquos a graduated project of Cloud Native Computing Foundation httpscncfio
Popularly known as ldquoContainer Orchestratorrdquo
It is a modern ldquoCluster Managerrdquo for automating deployment scaling and management of containerized applications
IBM Cloud17
Kubernetes ndash Features (1)
Automatic binpacking
minus Automatically places containers on nodes Mix critical and best-effort workloads in order to drive up utilization
Horizontal scaling
minus Scale application up or down with a simple command with a UI or automatically based on CPU usage
Automated rollouts and rollbacks
minus Kubernetes progressively rolls out changes to the application or its configuration while monitoring application health to ensure that it doesnrsquot kill all instances at the same time
Storage orchestration
minus Automatically mount the storage system of your choice whether from local public or SAN such as iSCSI Gluster Ceph Cinder Flocker NFS or IBM Spectrum Scale
IBM Cloud18
Kubernetes ndash Features (2)
Self-healing
minus Restart containers that fail replace and reschedules containers when nodes die kill containers that do not respond to user defined health checks
Service discovery and load balancing
minus No need to modify the application to use an unfamiliar service discovery mechanism Kubernetes gives containers their own IP addresses and a single DNS name for a set of containers
Secret and configuration management
minus Deploy and update secrets and application configuration without rebuilding your image and without exposing secrets in your stack configuration
Batch Execution
minus In addition to services Kubernetes can manage your batch and CI workloads replacing containers that fail if desired
IBM Cloud19
Kubernetes Architecture
Kubernetes Cluster
Kubelet
Worker NodeKubelet
Worker NodeKubelet
Worker Node
Master Node
API Server
Scheduler ControllerDistributed etcd
key-value datastore
Image Registry
Container -
1Container -
2Container -
3Container -
4Container -
5Container -
6Container -
7Container -
8Container -
n
Kubernetes REST API
Command
LineWeb UI
IBM Cloud20
Kubernetes WorkloadsPod ndash the basic building block for Kubernetes
Smallest and simplest unit in Kubernetes object model
Pod encapsulates an application container (or multiple containers) storage resources a unique network IP and options that govern how the container should run
Pod is a unit of deployment
Pod runs one or more containers as a unit
Docker is the container runtime used in IBM Cloud Private
One-container-per-pod model is most common use case
Kubernetes manages the pod rather than containers directly
Pods can run multiple containers that need to work together and toshare resources
Pods are designed as relatively ephemeral disposable entities
Pods do not self-heal by themselves ndash a higher level abstractiondoes this
IBM Cloud21
Kubernetes ConfigurationsCreate YAML for creating resources on KubernetesYAML ndash Yet Another Markup Language or YAML Ainrsquot Markup Language
Types of structures required in Kubernetes
minus Maps
minus Lists
YAML Maps - let you associate name value pair For example---apiVersion v1kind pod
YAML Maps ndash Create a key that maps to another map---apiVersion v1kind podmetadata
name db2labels
app db2
IBM Cloud22
Kubernetes Configurations ndash Create YAML (continued)YAML Lists are literally a sequence of objects Members in the list can also be maps
---apiVersion v1kind podmetadata
name db2labels
app db2spec
containers- name front-endimage nginxports
- containerPort 80- name db2-oltpimage storeibmcorpdb2_developer_c11144ports
- containerPort 50000
A YAML manifest has four components to define a Kubernetes resourcebull apiVersionbull kindbull metadatabull spec
IBM Cloud23
Kubernetes Workloads ndash Create a Pod
Create a nginx pod ndash icp01yaml--- Simple yaml file to create an nginx podapiVersion v1kind Podmetadata
name nginxlabels
app nginxspec
containers- name nginx
image nginx179ports- containerPort 80
Create the pod
$ kubectl apply -f icp01yaml
podnginx created
Check pod status
$ kubectl get pods
NAME READY STATUS RESTARTS AGE
nginx 11 Running 0 13s
IBM Cloud24
Kubernetes Workloads - ControllersControllers can create and manage pods for you
ReplicaSet
minus A ReplicaSet ensures that a specified number of pod replicas are running at any given time
Deployments
minus Deployment is a higher-level concept that manages ReplicaSets and provides declarative updates to pods
minus Example Create a deployment to rollout a ReplicaSet
StatefulSets
minus StatefulSets represent a set of pods with unique persistent identities and stable hostnames that are maintained regardless where they are scheduled
minus Examples Db2 Redis IBM MQ
DaemonSets
minus A DaemonSet ensures that nodes (all or some) run a copy of pod As nodes are added pods are added to them
minus Example Cluster storage daemon such as glusterd ceph logs collection on each node
Jobs CronJobs
minus A job creates one or more pods and ensures that a specified number of them successfully terminate
IBM Cloud25
Kubernetes Network - Services
Without services Pods are not visible outside the cluster
To enable communication from outside world to the Pods services are created
Internal Service Endpoints ndash Available inside the cluster only
External Service Endpoints - DNS names C-Names or A-records available to access pods
With the help of labels and selectors the services are tied to the pods
Service Types
minus ClusterIP ndash Service is reachable only from inside of the cluster
minus NodePort ndash Service is reachable through NodeIPNodePort
minus LoadBalancer ndash Service is reachable through an external load balancer mapped to NodeIPNodePort address
IBM Cloud26
Kubernetes Storage ndash Volume types
Host-based
minus EmptyDir
minus HostPath
Block Storage
minus IBM Block Storage
minus Amazon EBS
minus GCE Persistent Disk
minus vSphere Volumes
Distributed File System
minus IBM Spectrum Scale
minus NFS
minus Ceph
minus GlusterFS
minus Amazon EFS
minus Azure File System
Other
minus Flocker
minus iSCSI
minus Git Repository
minus Quobyte
IBM Cloud27
Kubernetes Storage ndash Persistence in Pods
Pods are ephemeral and stateless
Applications need persistent storage
Volumes is a way to get persistence to a Pod
Kubernetes volumes are similar to Docker volumes but are managed differently
All containers in a Pod can access the volume
Volumes are associated with the lifecycle of a Pod
Directories in a host are exposed as volumes in Pod
Volumes may be based on a variety of back-end storage types
IBM Cloud28
Kubernetes StoragePersistent volume and persistent volume claim
The Kubernetes Volume abstraction provides
minusPersistent Volume (PV) ndash Provisioned by an administrator
minusPersistent Volume Claim (PVC) ndash Requested by an user and Heketi provisions PVC ndash which creates a PV
minus Storage Class (SC) ndash Storage profiles offered by admins
Persistent
Volume
Block Storage Distributed File System IBM
Spectrum Scale
Worker Node
Pod 1 Pod 1
Persistent
Volume
Claim
IBM Cloud29
Kubernetes SecretsDecouple container with sensitive information
Secret holds sensitive information such as password OAuth tokens and more
Secret is an abstraction to decouple sensitive data
To use a secret Pod needs to reference the secret
Secret can be used in a Pod as files in a volume mounted on one or more containers or used by kubelet when pulling images for the Pod
$ kubectl -n stocktrader
create secret generic db2
--from-literal=id=db2psc
--from-literal=pwd=password
--from-literal=host=dev-ibm-db2oltp-devdefaultsvcclusterlocal
--from-literal=port=50000
--from-literal=db=PSDB
IBM Cloud30
IBM Cloud Private catalog ndash Helm Charts
Db2 chart
DSM chart
IBM Cloud31
IBM Cloud Private catalog ndash What is a Helm Chart
Helm is the package manager in IBM Cloud Private
Tiller is the server that serves the Helm content
Helm charts help to define install and upgrade software in an automated fashion
Helm charts can be deployed using GUI or command line
Software packages are available from IBM Charts Repository
Available at httpsgithubcomIBMcharts
IBM Cloud Private catalog requires internet connectivity to show available charts
In an air-gap environment you can build your own Local Charts repository
IBM Cloud32
IBM Charts Repository httpsgithubcomIBMchartstreemasterstable
Db2 chart
DSM chart
IBM Cloud33
Helm command line ndash Helm and Tiller
Helm is the client and Tiller is the server ndash runs on master node
$ helm version
Client v272+icp
Error cannot connect to Tiller
Use of --tls is required to do Helm operations
$ helm version --tls
Client v272+icp
Server v272+icp
Helm and Tiller version must be same ndash do not download Helm from Internet
IBM Cloud34
Deploying Db2 on Kubernetes
IBM Cloud35
Db2-based Containers running on Kubernetes (Sep 2019)Product Version Worker
Nodes
Pods PVCs Comments
Db2 OLTP 11144 1 1 1
Db2 OLTP HADR 11144 3 5 6 1x Db2 primary 1x Db2 standby 3x etcd for cluster
manager addntl PVC for HADR setup
Data Server
Manager
215 1 2 2 1x DSM 1x Db2 repository database
Includes Db2 111 engine
Db2 Warehouse
SMP
3100 1 1 1 Includes Db2 111 engine
Db2 Warehouse
MPP
3100 3+ 3+ 1 Includes Db2 111 engine
Requires IBM Cloud Pak for Data
Coming soon
minus Red Hat OpenShift Kubernetes support
minus Db2 v115 engine
IBM Cloud36
IBM Cloud Private Kubernetes platform
IBM Cloud37
Before deploying Db2 OLTP to Kubernetes a couple of stepsneed to be performed
Creating a new namespace (optional)
Configuring a pod security policy
Configuring an image pull secret
Configuring the service account
IBM Cloud38
Creating the Namespace for the Db2 OLTP containers
We will create new namespace where all our Pods for Db2 OLTP Db2 OLTP HADR and Data Server Manager will run
Create the namespace for example stock-trader-data
$ kubectl create namespace stock-trader-data
namespacestock-trader-data created
Switch the context to the newly created namespace
$ kubectl config set-context $(kubectl config current-context)
--namespace=stock-trader-data
Context mycluster-context modified
Verify pods There should be no pods running as we just created the namespace$ kubectl get podsNo resources found
IBM Cloud39
Configuring Pod Security Policy for Db2$ cat pre01yamlapiVersion extensionsv1beta1kind PodSecurityPolicymetadata
name db2-privilegesspec
allowPrivilegeEscalation trueprivileged falseallowedCapabilities- SETPCAP- MKNOD- AUDIT_WRITE- CHOWN- NET_RAW- DAC_OVERRIDE- FOWNER- FSETID- KILL- SETGID- SETUID- NET_BIND_SERVICE- SYS_CHROOT- SETFCAP- SYS_RESOURCE- IPC_OWNER- SYS_NICEfsGroup
rule RunAsAnyhostIPC true
hostNetwork falsehostPID falsehostPorts- max 65535
min 1runAsUser
rule RunAsAnyseLinux
rule RunAsAnysupplementalGroups
rule RunAsAnyvolumes-
Configure the pod security policy$ kubectl apply -f pre01yamlpodsecuritypolicyextensionsdb2-privileges configured
Verify the results$ kubectl get psp
db2-privileges false SETPCAPMKNODAUDIT_WRITECHOWNNET_RAWDAC_OVERRIDEFOWNERFSETIDKILLSETGIDSETUIDNET_BIND_SERVICESYS_CHROOTSETFCAPSYS_RESOURCEIPC_OWNERSYS_NICE RunAsAny RunAsAny RunAsAny RunAsAnyfalse
IBM Cloud40
Configuring Image Pull Secret for Db2
We need to create a image pull secret to give Kubernetes the credentials to pull the Db2 Developer-C and DSM images from Docker Hub
The username password and email are the credentials form Docker Hub
Note that you need to subscribe the Db2 and DSM images in Docker Hub first
Configure the image pull secret$ kubectl create secret docker-registry dockerhub
--docker-username=ltyour dockerhub usernamegt--docker-password=ltyour dockerhub passwordgt--docker-email=ltyour dockerhub emailgt--namespace=ltyour namespacegt
secretdockerhub created
Verify the result$ kubectl get secretsNAME TYPE DATA AGEdefault-token-mwvpl kubernetesioservice-account-token 3 17ddockerhub kubernetesiodockerconfigjson 1 13m
IBM Cloud41
Configuring Service Account for Db2$ more pre04yaml---kind ClusterRoleapiVersion rbacauthorizationk8siov1metadataname db2-privileges-cluster-role
rules- apiGroups [extensions]resources [podsecuritypolicies]verbs [use]resourceNames- db2-privileges
---kind ClusterRoleBindingapiVersion rbacauthorizationk8siov1metadataname db2-privileges-cluster-role-binding
roleRefkind ClusterRolename db2-privileges-cluster-roleapiGroup rbacauthorizationk8sio
subjects- kind ServiceAccountname defaultnamespace stock-trader-data
The YAML specification file that defines the cluster role and the cluster role binding for the service account
Configure the service account$ kubectl apply -f pre04yamlclusterrolerbacauthorizationk8siodb2-privileges-cluster-role createdclusterrolebindingrbacauthorizationk8siodb2-privileges-cluster-role-binding created
Verify the results$ kubectl get psp
db2-privileges false SETPCAPMKNODAUDIT_WRITECHOWNNET_RAWDAC_OVERRIDEFOWNERFSETIDKILLSETGIDSETUIDNET_BIND_SERVICESYS_CHROOTSETFCAPSYS_RESOURCEIPC_OWNERSYS_NICE RunAsAny RunAsAny RunAsAnyRunAsAny false
IBM Cloud42
Helm Charts for Db2 and DSM
IBM Cloud43
Helm install command to deploy Db2 OLTP on Kubernetes
Installing Db2 OLTP server with one database in 2 minutes
$ helm install --name db2-01 ibm-chartsibm-db2oltp-dev
--tls
--set db2instinstname=db2inst1
--set db2instpassword=passw0rd
--set optionsdatabaseName=MYDB
--set dataVolumesize=20Gi
Size of the
Db2 data
volume
Name of database that
will be created
If not specified no
database will be
created
Instance
owner name
Instance owner
password
Db2 OLTP
Helm chart
name
Helm release
name
different for each
deployment
Additional parameters available for example to enable Oracle compatibilitySee httpsgithubcomIBMchartstreemasterstableibm-db2oltp-dev
IBM Cloud44
Letrsquos verify if we can connect to the MYDB database (1)
Get list of running pods and verify that Db2 OLTP pod is running
$ kubectl get podsNAME READY STATUS RESTARTS AGEdb2-01-ibm-db2oltp-dev-0 11 Running 1 7h57m
Review the logs of the Db2 OLTP container
$ kubectl logs -f db2-01-ibm-db2oltp-dev-009152019 160430 0 0 SQL1063N DB2START processing was successfulSQL1063N DB2START processing was successful() Starting TEXT SEARCH service CIE00001 Operation completed successfullyssh-keygen generating new host keys RSA1 RSA DSA ECDSA ED25519() All databases are now active() Setup has completed
IBM Cloud45
Letrsquos verify if we can connect to the MYDB database (2)
Login to the Db2 OLTP container and connect to MYDB Db2 database
$ kubectl exec -it db2-01-ibm-db2oltp-dev-0 --binbash su - db2inst1Last login Sun Sep 15 161711 UTC 2019$ db2 connect to MYDB
Database Connection Information
Database server = DB2LINUXX8664 11144SQL authorization ID = DB2INST1Local database alias = MYDB
IBM Cloud46
Cataloging the MYDB database
We need to catalog the MYDB database to access from Db2 client
binbash
NODE_PORT=$(kubectl get --namespace stock-trader-data
-o jsonpath=specports[0]nodePort services db2-01-ibm-db2oltp-dev-db2)
echo Cataloging node db2tcp1
db2 -v uncatalog node DB2TCP1
db2 -v catalog tcpip node DB2TCP1 remote 19216827100 server $NODE_PORT
echo Cataloging database MYDB at node db2tcp1
db2 -v uncatalog database MYDB
db2 -v catalog database MYDB at node DB2TCP1
db2 terminate
We get the Db2 port
from the Db2 OLTP
helm release service
definition
IBM Cloud47
Kubernetes resources for Db2 OLTP$ helm status db2-01 --tlsNAME db2-01LAST DEPLOYED Sun Sep 15 081114 2019NAMESPACE stock-trader-dataSTATUS DEPLOYEDRESOURCES==gt v1SecretNAME TYPE DATA AGEdb2-01-ibm-db2oltp-dev Opaque 1 1s==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
db2-01-data-stor Bound vol12 20Gi RWO 1s
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
db2-01-ibm-db2oltp-dev-db2 NodePort 100050 ltnonegt 5000030463TCP5500032236TCP 1sdb2-01-ibm-db2oltp-dev ClusterIP None ltnonegt 50000TCP55000TCP60006TCP60007TCP 1s==gt v1StatefulSetNAME DESIRED CURRENT AGE
db2-01-ibm-db2oltp-dev 1 1 1s
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdb2-01-ibm-db2oltp-dev-0 01 Init01 0 1s 1 Pod runs
the Db2
container
2 Services for
Db2 1x external
1x internal
1 StatefulSet
DESIRED = 1
1 PVC (RWO) for db
files logs amp config
1 Secret
Db2 instance
owner password
IBM Cloud48
Helm install command for deploying Db2 OLTP HADR
Setting up a Db2 OLTP v111 HADR cluster pair in 5 minutes with 1 command
helm install --name db2-02 ibm-chartsibm-db2oltp-dev
--tls
--set db2instinstname=db2inst1
--set db2instpassword=passw0rd
--set optionsdatabaseName=HADB
--set dataVolumesize=20Gi--set hadrenabled=true
Additional parameter
hadrenabled set to true to
indicate that we want a
HADR setup
IBM Cloud49
Verify that Db2 HADR is working
IBM Cloud50
Kubernetes resources for Db2 OTLP HADRNAME db2-02LAST DEPLOYED Tue Sep 17 082433 2019NAMESPACE stock-trader-dataSTATUS DEPLOYEDRESOURCES==gt v1SecretNAME TYPE DATA AGEdb2-02-ibm-db2oltp-dev Opaque 1 1s==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
db2-02-hadr-stor Bound vol09 20Gi RWX 1s
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
db2-02-ibm-db2oltp-dev-db2 NodePort 100061 ltnonegt 5000032422TCP5500032181TCP 1sdb2-02-ibm-db2oltp-dev ClusterIP None ltnonegt 50000TCP55000TCP60006TCP60007TCP 1sdb2-02-ibm-db2oltp-dev-etcd ClusterIP None ltnonegt 2380TCP2379TCP 1s==gt v1StatefulSetNAME DESIRED CURRENT AGE
db2-02-ibm-db2oltp-dev 2 2 1s
==gt v1beta2StatefulSet
db2-02-ibm-db2oltp-dev-etcd 3 0 1s
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdb2-02-ibm-db2oltp-dev-0 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-1 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-etcd-0 01 ContainerCreating 0 1sdb2-02-ibm-db2oltp-dev-etcd-1 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-etcd-2 01 Pending 0 1s
5 Pods
2x Db2 3x etcd
3 Services
2x Db2 1x etcd
2 StatefulSets
Db2 DESIRED=2
etcd DESIRED=3
1 PVC (RWX)
for HADR setup (1)
1 Secret
Db2 instance
owner password
(1) 5 addntl PVCs are being created
implicitly for 2x Db2 and 3x etcd
IBM Cloud51
Kubernetes Job to deploy SQL $ cat single04yamlapiVersion batchv1kind Jobmetadata
name db2-01-create-database-schemaspec
templatespec
containers- name db2-01-create-database-schema
image storeibmcorpdb2_developer_c11144-x86_64command [ binsh-cscriptsdb2-setupsh ]volumeMounts- name db2-createschema
mountPath scriptssecurityContext
capabilitiesadd [SYS_RESOURCE IPC_OWNER SYS_NICE]
env- name LICENSE
value accept- name DB2INSTANCE
value db2inst1- name DB2INST1_PASSWORD
valueFromsecretKeyRef
name db2-01-ibm-db2oltp-devkey password
- name DB2_SERVICE_NAMEvalue db2-01-ibm-db2oltp-dev
- name DBNAMEvalue mydb
restartPolicy Nevervolumes- name db2-createschema
configMapname db2-createschemadefaultMode 0744
backoffLimit 1---apiVersion v1data
db2-setupsh |binshexport SETUPDIR=vardb2_setupsource $SETUPDIRincludedb2_constantssource $SETUPDIRincludedb2_common_functionsif getent passwd $DB2INSTANCE gt devnull 2gtamp1 then
echo () Previous setup has not been detected Creating create_users
fiif create_instance then
exit 1fistart_db2cp scriptsdb2-createschemash databasedb2-createschemashchmod +x databasedb2-createschemashsu - $DB2INSTANCE -c databasedb2-createschemash
$DB2_SERVICE_NAME $DB2INSTANCEldquo$DB2INST1_PASSWORD $DBNAME
IBM Cloud52
Kubernetes Job to deploy SQL (contrsquod)db2-createschemash |
binshDB2_SERVICE_NAME=$1DB2INSTANCE=$2DB2INST1_PASSWORD=$3DBNAME=$4echo Configure schema for database $DBNAME on host $DB2_SERVICE_NAMEdb2 catalog tcpip node DB2NODE remote $DB2_SERVICE_NAME server 50000db2 catalog db $DBNAME as $DBNAME at node DB2NODEdb2 terminatedb2 activate database $DBNAME user $DB2INSTANCE using $DB2INST1_PASSWORDdb2 connect to $DBNAME user $DB2INSTANCE using $DB2INST1_PASSWORDsleep 2db2 -tvmf scriptsps-bp-tbspsqlsleep 10db2 -tvmf scriptsps-tablessqlecho Database $DBNAME has been configured
ps-bp-tbspsql |CREATE BUFFERPOOL BP32K PAGESIZE 32KCREATE TABLESPACE TS32 PAGESIZE 32K BUFFERPOOL BP32K
ps-tablessql |CREATE TABLE PS_TABLE(PS_TABLE_ID INTEGER NOT NULL GENERATED ALWAYS AS IDENTITY (START WITH 100000 INCREMENT BY 5) [hellip] IN TS32INSERT INTO PS_TABLE (SSNFIRST_NAMELAST_NAMEJOB_CODEDEPTSALARYDOB) WITH TEMP1 [hellip] CREATE TABLE PS_HISTORY ( FIRSTNAME VARCHAR(20) NOT NULL LASTNAME VARCHAR(20) NOT NULL JOBCODE CHAR(4) NOT NULL ) IN TS32 GRANT ALL ON ps_table TO PUBLICGRANT ALL ON ps_history TO PUBLIC
kind ConfigMapmetadata
name db2-createschema
IBM Cloud53
Deploying the Job to run the SQL
We deploy the Kubernetes job that runs the SQL on the MYDB database
$ kubectl apply ndashf single04yaml
jobbatchdb2-01-create-database-schema created
configmapdb2-createschema configured
We verify that the job has been created
$ kubectl get jobs
NAME COMPLETIONS DURATION AGE
db2-01-create-database-schema 01 0s 0s
Eventually the job completes
$ kubectl get jobs
NAME COMPLETIONS DURATION AGE
db2-01-create-database-schema 11 109s 45m
IBM Cloud54
Verifying the logs from the Job that runs the SQL on MYDBWe run a script to retrieve the logs form the job
binbash
kubectl config set-context $(kubectl config current-context) --namespace=stock-trader-data
pod=$(kubectl get pods --selector=job-name=db2-01-create-database-schema --output=jsonpath=items[]metadataname)
kubectl logs -f $pod
Output
[hellip]
DB20000I The SQL command completed successfully
GRANT ALL ON ps_table TO PUBLIC
DB20000I The SQL command completed successfully
GRANT ALL ON ps_history TO PUBLIC
DB20000I The SQL command completed successfully
Database mydb has been configured
IBM Cloud55
Deploying Data Server Manager (DSM) with the GUI
IBM Cloud56
Deploying Data Server Manager (DSM) with the GUI (2)
IBM Cloud57
Getting the URL of Data Server Manager
We need to query Kubernetes for the URL of the DSM GUI
binbash
export NODE_PORT=$(kubectl get --namespace stock-trader-data -o jsonpath=spec
ports[1]nodePort services dsm-01-ibm-dsm-dev)
export NODE_IP=$(kubectl get nodes --namespace stock-trader-data -o jsonpath=
items[0]statusaddresses[0]address)
echo https$NODE_IP$NODE_PORT
=gt https1921682710030462 (can be different on your system)
IBM Cloud58
Accessing Data Server Manager
IBM Cloud59
Data Server Manager HomepageAll Db2 OLTP instances running in the
same namespace as DSM will be auto-
discovered and monitored by DSM
IBM Cloud60
DSM Kubernetes resources (12)$ helm status dsm-01 --tlsLAST DEPLOYED Mon Sep 16 120102 2019NAMESPACE stock-trader-dataSTATUS DEPLOYED
RESOURCES==gt v1RoleBindingNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGEdsm-01-repository NodePort 1000233 ltnonegt 5000032695TCP5500032203TCP 8mdsm-01-ibm-dsm-dev NodePort 100085 ltnonegt 1108032444TCP1108130462TCP 8m
==gt v1beta1DeploymentNAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGEdsm-01-repository 1 1 1 1 8mdsm-01-ibm-dsm-dev 1 1 1 1 8m
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdsm-01-repository-76f87d47d4-dlqh4 11 Running 0 8mdsm-01-ibm-dsm-dev-b976d89bd-dflqn 22 Running 0 8m
2 RoleBindings
2 Services
1x Db2 (repodb)
1x DSM
2 Deployments
2 Pods
1 Db2 1 DSM
IBM Cloud61
DSM Kubernetes resources (22)
[hellip]==gt v1SecretNAME TYPE DATA AGEdsm-01-repository-db2-passwd Opaque 1 8mdsm-01-ibm-dsm-dev-dsm-passwd Opaque 1 8m
==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGEdsm-01-repository-data-stor Bound vol14 20Gi RWO 8mdsm-01-ibm-dsm-dev-datavolume Bound vol12 20Gi RWO 8m
==gt v1ServiceAccountNAME SECRETS AGEdsm-repodb-dsm-01-repository 1 8mdsm-dsm-01-ibm-dsm-dev 1 8m
==gt v1RoleNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
2 Secrets 1 DSM
asmin 1 Db2
instance owner
2 PVCs 1 DSM
Db2
3 Roles
IBM Cloud62
Additional Resources
IBM Cloud63
Additional Resources ndash Kubernetes Docker Helm
Kubernetes
minus httpskubernetesiodocstutorialskubernetes-basics
Kubernetes in the Enterprise eBook
minus ibmbizBdYA4i
Docker
minus httpsdocsdockercomget-started
Docker Hub
minus httpshubdockercom
Helm
minus httpshelmshdocs
IBM Cloud64
Additional Resources ndash IBM Cloud Private OpenShift
IBM Cloud Private Documentation
minus httpswwwibmcomsupportknowledgecenterenSSBS6K_320kc_welcome_containershtml
Deploy IBM Cloud Private Community Edition using Vagrant
minus httpsgithubcomIBMdeploy-ibm-cloud-privateblobmasterdocsdeploy-vagrantmd
Red Hat OpenShift Container Platform Documentation
minus httpsdocsopenshiftcomcontainer-platform41welcomeindexhtml
IBM Cloud65
Additional Resources ndash Db2 Db2Wh DSMDb2 Integration into IBM Cloud Private
minus httpsdeveloperibmcomrecipestutorialsdb2-integration-into-ibm-cloud-private
Db2 on IBM Cloud Private with Red Hat OpenShift
minus httpsdeveloperibmcomrecipestutorialsibm-db2-on-ibm-cloud-private-with-redhat-openshift
IBM Db2 Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-db2oltp-dev
IBM Data Server Manager Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-dsm-dev
Deploying Db2 Warehouse SMP using Kubernetes
minus httpswwwibmcomsupportknowledgecenterenSSCJDQcomibmswgimdashdbdocadmindeploy_kubernetes_smphtml
Deploying Db2 Warehouse SMP and MPP on IBM Cloud Pak for Data
minus httpswwwibmcomsupportknowledgecenterenSSQNUZ_210comibmicpdatadoczenadmindb-reqshtmldb-reqs__db2warehouse
IBM Cloud66
Presentation on Db2 and Docker from Db2 Aktuell 2018
IBM Cloud67
Summary
IBM Cloud68
Summary
Micro Services and Containers
Kubernetes Basics
Deploying Db2 on Kubernetes
minus Db2 OLTP Single Server
minus Db2 OLTP HADR
minus Data Server Manager (DSM)
Additional Resources
Summary
IBM Cloud69
Claus Huempel IBM Deutschland GmbH
Karl-Arnold-Platz 1a
Technical Sales Professional 40474 Duesseldorf
Hybrid Data Management Germany
Mobile +49-177-3627278
Email chuempeldeibmcom
Thank You
IBM Cloud70
IBM Cloud12
Why care about Private CloudsAdoption brings agility and efficiency
Cost Efficient amp Scalable
Infrastructure
Accelerate Time to Market
Build package amp deploy applications in
containers run at scale with Kubernetes
Refactor applications into microservices
amp modernize monolithic applications
Manage Data at Scale
Access govern amp analyze your data at
scale accelerate your journey to AI
50 Benefit
3-Year $54 Million Cost Savings 255 ROI
Business Value Assessment Customer Output
Standard On-Premises vs IBM Cloud Private
Data CenterSystem Utilization amp Server Reduction
75 BenefitManage PerformanceElasticity Bursting High Availability
35 BenefitDevOpsFaster Deployments
30 BenefitDeployment EfficiencyContainers amp Microservices
50 BenefitImproved SecurityManagement amp Risk Reduction
IBM Cloud13
Private Cloud Platform Market LeadersOpenShift and IBM Cloud Private
IBM Cloud Private
IBM Cloud14
Kubernetes Basics
IBM Cloud15
Kubernetes Basics
Kubernetes Overview
minusOpen Source Project
minus Features
minusArchitecture
Kubernetes Workloads
minus Pods and YAML
minus Controllers
Kubernetes Networking
minus Services
Kubernetes Storage
minus Volume types
minus Persistent volumes
minus Persistent volume claims
Kubernetes Security
minus Secrets
IBM Cloud Private Catalog
minusHelm Charts
minusHelm CLI
IBM Cloud16
Kubernetes ndash Open Source Project
Greek work for ldquoHelmsmanrdquo
Itrsquos Open Source - httpsgithubcomkuberneteskubernetes
Itrsquos a graduated project of Cloud Native Computing Foundation httpscncfio
Popularly known as ldquoContainer Orchestratorrdquo
It is a modern ldquoCluster Managerrdquo for automating deployment scaling and management of containerized applications
IBM Cloud17
Kubernetes ndash Features (1)
Automatic binpacking
minus Automatically places containers on nodes Mix critical and best-effort workloads in order to drive up utilization
Horizontal scaling
minus Scale application up or down with a simple command with a UI or automatically based on CPU usage
Automated rollouts and rollbacks
minus Kubernetes progressively rolls out changes to the application or its configuration while monitoring application health to ensure that it doesnrsquot kill all instances at the same time
Storage orchestration
minus Automatically mount the storage system of your choice whether from local public or SAN such as iSCSI Gluster Ceph Cinder Flocker NFS or IBM Spectrum Scale
IBM Cloud18
Kubernetes ndash Features (2)
Self-healing
minus Restart containers that fail replace and reschedules containers when nodes die kill containers that do not respond to user defined health checks
Service discovery and load balancing
minus No need to modify the application to use an unfamiliar service discovery mechanism Kubernetes gives containers their own IP addresses and a single DNS name for a set of containers
Secret and configuration management
minus Deploy and update secrets and application configuration without rebuilding your image and without exposing secrets in your stack configuration
Batch Execution
minus In addition to services Kubernetes can manage your batch and CI workloads replacing containers that fail if desired
IBM Cloud19
Kubernetes Architecture
Kubernetes Cluster
Kubelet
Worker NodeKubelet
Worker NodeKubelet
Worker Node
Master Node
API Server
Scheduler ControllerDistributed etcd
key-value datastore
Image Registry
Container -
1Container -
2Container -
3Container -
4Container -
5Container -
6Container -
7Container -
8Container -
n
Kubernetes REST API
Command
LineWeb UI
IBM Cloud20
Kubernetes WorkloadsPod ndash the basic building block for Kubernetes
Smallest and simplest unit in Kubernetes object model
Pod encapsulates an application container (or multiple containers) storage resources a unique network IP and options that govern how the container should run
Pod is a unit of deployment
Pod runs one or more containers as a unit
Docker is the container runtime used in IBM Cloud Private
One-container-per-pod model is most common use case
Kubernetes manages the pod rather than containers directly
Pods can run multiple containers that need to work together and toshare resources
Pods are designed as relatively ephemeral disposable entities
Pods do not self-heal by themselves ndash a higher level abstractiondoes this
IBM Cloud21
Kubernetes ConfigurationsCreate YAML for creating resources on KubernetesYAML ndash Yet Another Markup Language or YAML Ainrsquot Markup Language
Types of structures required in Kubernetes
minus Maps
minus Lists
YAML Maps - let you associate name value pair For example---apiVersion v1kind pod
YAML Maps ndash Create a key that maps to another map---apiVersion v1kind podmetadata
name db2labels
app db2
IBM Cloud22
Kubernetes Configurations ndash Create YAML (continued)YAML Lists are literally a sequence of objects Members in the list can also be maps
---apiVersion v1kind podmetadata
name db2labels
app db2spec
containers- name front-endimage nginxports
- containerPort 80- name db2-oltpimage storeibmcorpdb2_developer_c11144ports
- containerPort 50000
A YAML manifest has four components to define a Kubernetes resourcebull apiVersionbull kindbull metadatabull spec
IBM Cloud23
Kubernetes Workloads ndash Create a Pod
Create a nginx pod ndash icp01yaml--- Simple yaml file to create an nginx podapiVersion v1kind Podmetadata
name nginxlabels
app nginxspec
containers- name nginx
image nginx179ports- containerPort 80
Create the pod
$ kubectl apply -f icp01yaml
podnginx created
Check pod status
$ kubectl get pods
NAME READY STATUS RESTARTS AGE
nginx 11 Running 0 13s
IBM Cloud24
Kubernetes Workloads - ControllersControllers can create and manage pods for you
ReplicaSet
minus A ReplicaSet ensures that a specified number of pod replicas are running at any given time
Deployments
minus Deployment is a higher-level concept that manages ReplicaSets and provides declarative updates to pods
minus Example Create a deployment to rollout a ReplicaSet
StatefulSets
minus StatefulSets represent a set of pods with unique persistent identities and stable hostnames that are maintained regardless where they are scheduled
minus Examples Db2 Redis IBM MQ
DaemonSets
minus A DaemonSet ensures that nodes (all or some) run a copy of pod As nodes are added pods are added to them
minus Example Cluster storage daemon such as glusterd ceph logs collection on each node
Jobs CronJobs
minus A job creates one or more pods and ensures that a specified number of them successfully terminate
IBM Cloud25
Kubernetes Network - Services
Without services Pods are not visible outside the cluster
To enable communication from outside world to the Pods services are created
Internal Service Endpoints ndash Available inside the cluster only
External Service Endpoints - DNS names C-Names or A-records available to access pods
With the help of labels and selectors the services are tied to the pods
Service Types
minus ClusterIP ndash Service is reachable only from inside of the cluster
minus NodePort ndash Service is reachable through NodeIPNodePort
minus LoadBalancer ndash Service is reachable through an external load balancer mapped to NodeIPNodePort address
IBM Cloud26
Kubernetes Storage ndash Volume types
Host-based
minus EmptyDir
minus HostPath
Block Storage
minus IBM Block Storage
minus Amazon EBS
minus GCE Persistent Disk
minus vSphere Volumes
Distributed File System
minus IBM Spectrum Scale
minus NFS
minus Ceph
minus GlusterFS
minus Amazon EFS
minus Azure File System
Other
minus Flocker
minus iSCSI
minus Git Repository
minus Quobyte
IBM Cloud27
Kubernetes Storage ndash Persistence in Pods
Pods are ephemeral and stateless
Applications need persistent storage
Volumes is a way to get persistence to a Pod
Kubernetes volumes are similar to Docker volumes but are managed differently
All containers in a Pod can access the volume
Volumes are associated with the lifecycle of a Pod
Directories in a host are exposed as volumes in Pod
Volumes may be based on a variety of back-end storage types
IBM Cloud28
Kubernetes StoragePersistent volume and persistent volume claim
The Kubernetes Volume abstraction provides
minusPersistent Volume (PV) ndash Provisioned by an administrator
minusPersistent Volume Claim (PVC) ndash Requested by an user and Heketi provisions PVC ndash which creates a PV
minus Storage Class (SC) ndash Storage profiles offered by admins
Persistent
Volume
Block Storage Distributed File System IBM
Spectrum Scale
Worker Node
Pod 1 Pod 1
Persistent
Volume
Claim
IBM Cloud29
Kubernetes SecretsDecouple container with sensitive information
Secret holds sensitive information such as password OAuth tokens and more
Secret is an abstraction to decouple sensitive data
To use a secret Pod needs to reference the secret
Secret can be used in a Pod as files in a volume mounted on one or more containers or used by kubelet when pulling images for the Pod
$ kubectl -n stocktrader
create secret generic db2
--from-literal=id=db2psc
--from-literal=pwd=password
--from-literal=host=dev-ibm-db2oltp-devdefaultsvcclusterlocal
--from-literal=port=50000
--from-literal=db=PSDB
IBM Cloud30
IBM Cloud Private catalog ndash Helm Charts
Db2 chart
DSM chart
IBM Cloud31
IBM Cloud Private catalog ndash What is a Helm Chart
Helm is the package manager in IBM Cloud Private
Tiller is the server that serves the Helm content
Helm charts help to define install and upgrade software in an automated fashion
Helm charts can be deployed using GUI or command line
Software packages are available from IBM Charts Repository
Available at httpsgithubcomIBMcharts
IBM Cloud Private catalog requires internet connectivity to show available charts
In an air-gap environment you can build your own Local Charts repository
IBM Cloud32
IBM Charts Repository httpsgithubcomIBMchartstreemasterstable
Db2 chart
DSM chart
IBM Cloud33
Helm command line ndash Helm and Tiller
Helm is the client and Tiller is the server ndash runs on master node
$ helm version
Client v272+icp
Error cannot connect to Tiller
Use of --tls is required to do Helm operations
$ helm version --tls
Client v272+icp
Server v272+icp
Helm and Tiller version must be same ndash do not download Helm from Internet
IBM Cloud34
Deploying Db2 on Kubernetes
IBM Cloud35
Db2-based Containers running on Kubernetes (Sep 2019)Product Version Worker
Nodes
Pods PVCs Comments
Db2 OLTP 11144 1 1 1
Db2 OLTP HADR 11144 3 5 6 1x Db2 primary 1x Db2 standby 3x etcd for cluster
manager addntl PVC for HADR setup
Data Server
Manager
215 1 2 2 1x DSM 1x Db2 repository database
Includes Db2 111 engine
Db2 Warehouse
SMP
3100 1 1 1 Includes Db2 111 engine
Db2 Warehouse
MPP
3100 3+ 3+ 1 Includes Db2 111 engine
Requires IBM Cloud Pak for Data
Coming soon
minus Red Hat OpenShift Kubernetes support
minus Db2 v115 engine
IBM Cloud36
IBM Cloud Private Kubernetes platform
IBM Cloud37
Before deploying Db2 OLTP to Kubernetes a couple of stepsneed to be performed
Creating a new namespace (optional)
Configuring a pod security policy
Configuring an image pull secret
Configuring the service account
IBM Cloud38
Creating the Namespace for the Db2 OLTP containers
We will create new namespace where all our Pods for Db2 OLTP Db2 OLTP HADR and Data Server Manager will run
Create the namespace for example stock-trader-data
$ kubectl create namespace stock-trader-data
namespacestock-trader-data created
Switch the context to the newly created namespace
$ kubectl config set-context $(kubectl config current-context)
--namespace=stock-trader-data
Context mycluster-context modified
Verify pods There should be no pods running as we just created the namespace$ kubectl get podsNo resources found
IBM Cloud39
Configuring Pod Security Policy for Db2$ cat pre01yamlapiVersion extensionsv1beta1kind PodSecurityPolicymetadata
name db2-privilegesspec
allowPrivilegeEscalation trueprivileged falseallowedCapabilities- SETPCAP- MKNOD- AUDIT_WRITE- CHOWN- NET_RAW- DAC_OVERRIDE- FOWNER- FSETID- KILL- SETGID- SETUID- NET_BIND_SERVICE- SYS_CHROOT- SETFCAP- SYS_RESOURCE- IPC_OWNER- SYS_NICEfsGroup
rule RunAsAnyhostIPC true
hostNetwork falsehostPID falsehostPorts- max 65535
min 1runAsUser
rule RunAsAnyseLinux
rule RunAsAnysupplementalGroups
rule RunAsAnyvolumes-
Configure the pod security policy$ kubectl apply -f pre01yamlpodsecuritypolicyextensionsdb2-privileges configured
Verify the results$ kubectl get psp
db2-privileges false SETPCAPMKNODAUDIT_WRITECHOWNNET_RAWDAC_OVERRIDEFOWNERFSETIDKILLSETGIDSETUIDNET_BIND_SERVICESYS_CHROOTSETFCAPSYS_RESOURCEIPC_OWNERSYS_NICE RunAsAny RunAsAny RunAsAny RunAsAnyfalse
IBM Cloud40
Configuring Image Pull Secret for Db2
We need to create a image pull secret to give Kubernetes the credentials to pull the Db2 Developer-C and DSM images from Docker Hub
The username password and email are the credentials form Docker Hub
Note that you need to subscribe the Db2 and DSM images in Docker Hub first
Configure the image pull secret$ kubectl create secret docker-registry dockerhub
--docker-username=ltyour dockerhub usernamegt--docker-password=ltyour dockerhub passwordgt--docker-email=ltyour dockerhub emailgt--namespace=ltyour namespacegt
secretdockerhub created
Verify the result$ kubectl get secretsNAME TYPE DATA AGEdefault-token-mwvpl kubernetesioservice-account-token 3 17ddockerhub kubernetesiodockerconfigjson 1 13m
IBM Cloud41
Configuring Service Account for Db2$ more pre04yaml---kind ClusterRoleapiVersion rbacauthorizationk8siov1metadataname db2-privileges-cluster-role
rules- apiGroups [extensions]resources [podsecuritypolicies]verbs [use]resourceNames- db2-privileges
---kind ClusterRoleBindingapiVersion rbacauthorizationk8siov1metadataname db2-privileges-cluster-role-binding
roleRefkind ClusterRolename db2-privileges-cluster-roleapiGroup rbacauthorizationk8sio
subjects- kind ServiceAccountname defaultnamespace stock-trader-data
The YAML specification file that defines the cluster role and the cluster role binding for the service account
Configure the service account$ kubectl apply -f pre04yamlclusterrolerbacauthorizationk8siodb2-privileges-cluster-role createdclusterrolebindingrbacauthorizationk8siodb2-privileges-cluster-role-binding created
Verify the results$ kubectl get psp
db2-privileges false SETPCAPMKNODAUDIT_WRITECHOWNNET_RAWDAC_OVERRIDEFOWNERFSETIDKILLSETGIDSETUIDNET_BIND_SERVICESYS_CHROOTSETFCAPSYS_RESOURCEIPC_OWNERSYS_NICE RunAsAny RunAsAny RunAsAnyRunAsAny false
IBM Cloud42
Helm Charts for Db2 and DSM
IBM Cloud43
Helm install command to deploy Db2 OLTP on Kubernetes
Installing Db2 OLTP server with one database in 2 minutes
$ helm install --name db2-01 ibm-chartsibm-db2oltp-dev
--tls
--set db2instinstname=db2inst1
--set db2instpassword=passw0rd
--set optionsdatabaseName=MYDB
--set dataVolumesize=20Gi
Size of the
Db2 data
volume
Name of database that
will be created
If not specified no
database will be
created
Instance
owner name
Instance owner
password
Db2 OLTP
Helm chart
name
Helm release
name
different for each
deployment
Additional parameters available for example to enable Oracle compatibilitySee httpsgithubcomIBMchartstreemasterstableibm-db2oltp-dev
IBM Cloud44
Letrsquos verify if we can connect to the MYDB database (1)
Get list of running pods and verify that Db2 OLTP pod is running
$ kubectl get podsNAME READY STATUS RESTARTS AGEdb2-01-ibm-db2oltp-dev-0 11 Running 1 7h57m
Review the logs of the Db2 OLTP container
$ kubectl logs -f db2-01-ibm-db2oltp-dev-009152019 160430 0 0 SQL1063N DB2START processing was successfulSQL1063N DB2START processing was successful() Starting TEXT SEARCH service CIE00001 Operation completed successfullyssh-keygen generating new host keys RSA1 RSA DSA ECDSA ED25519() All databases are now active() Setup has completed
IBM Cloud45
Letrsquos verify if we can connect to the MYDB database (2)
Login to the Db2 OLTP container and connect to MYDB Db2 database
$ kubectl exec -it db2-01-ibm-db2oltp-dev-0 --binbash su - db2inst1Last login Sun Sep 15 161711 UTC 2019$ db2 connect to MYDB
Database Connection Information
Database server = DB2LINUXX8664 11144SQL authorization ID = DB2INST1Local database alias = MYDB
IBM Cloud46
Cataloging the MYDB database
We need to catalog the MYDB database to access from Db2 client
binbash
NODE_PORT=$(kubectl get --namespace stock-trader-data
-o jsonpath=specports[0]nodePort services db2-01-ibm-db2oltp-dev-db2)
echo Cataloging node db2tcp1
db2 -v uncatalog node DB2TCP1
db2 -v catalog tcpip node DB2TCP1 remote 19216827100 server $NODE_PORT
echo Cataloging database MYDB at node db2tcp1
db2 -v uncatalog database MYDB
db2 -v catalog database MYDB at node DB2TCP1
db2 terminate
We get the Db2 port
from the Db2 OLTP
helm release service
definition
IBM Cloud47
Kubernetes resources for Db2 OLTP$ helm status db2-01 --tlsNAME db2-01LAST DEPLOYED Sun Sep 15 081114 2019NAMESPACE stock-trader-dataSTATUS DEPLOYEDRESOURCES==gt v1SecretNAME TYPE DATA AGEdb2-01-ibm-db2oltp-dev Opaque 1 1s==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
db2-01-data-stor Bound vol12 20Gi RWO 1s
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
db2-01-ibm-db2oltp-dev-db2 NodePort 100050 ltnonegt 5000030463TCP5500032236TCP 1sdb2-01-ibm-db2oltp-dev ClusterIP None ltnonegt 50000TCP55000TCP60006TCP60007TCP 1s==gt v1StatefulSetNAME DESIRED CURRENT AGE
db2-01-ibm-db2oltp-dev 1 1 1s
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdb2-01-ibm-db2oltp-dev-0 01 Init01 0 1s 1 Pod runs
the Db2
container
2 Services for
Db2 1x external
1x internal
1 StatefulSet
DESIRED = 1
1 PVC (RWO) for db
files logs amp config
1 Secret
Db2 instance
owner password
IBM Cloud48
Helm install command for deploying Db2 OLTP HADR
Setting up a Db2 OLTP v111 HADR cluster pair in 5 minutes with 1 command
helm install --name db2-02 ibm-chartsibm-db2oltp-dev
--tls
--set db2instinstname=db2inst1
--set db2instpassword=passw0rd
--set optionsdatabaseName=HADB
--set dataVolumesize=20Gi--set hadrenabled=true
Additional parameter
hadrenabled set to true to
indicate that we want a
HADR setup
IBM Cloud49
Verify that Db2 HADR is working
IBM Cloud50
Kubernetes resources for Db2 OTLP HADRNAME db2-02LAST DEPLOYED Tue Sep 17 082433 2019NAMESPACE stock-trader-dataSTATUS DEPLOYEDRESOURCES==gt v1SecretNAME TYPE DATA AGEdb2-02-ibm-db2oltp-dev Opaque 1 1s==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
db2-02-hadr-stor Bound vol09 20Gi RWX 1s
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
db2-02-ibm-db2oltp-dev-db2 NodePort 100061 ltnonegt 5000032422TCP5500032181TCP 1sdb2-02-ibm-db2oltp-dev ClusterIP None ltnonegt 50000TCP55000TCP60006TCP60007TCP 1sdb2-02-ibm-db2oltp-dev-etcd ClusterIP None ltnonegt 2380TCP2379TCP 1s==gt v1StatefulSetNAME DESIRED CURRENT AGE
db2-02-ibm-db2oltp-dev 2 2 1s
==gt v1beta2StatefulSet
db2-02-ibm-db2oltp-dev-etcd 3 0 1s
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdb2-02-ibm-db2oltp-dev-0 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-1 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-etcd-0 01 ContainerCreating 0 1sdb2-02-ibm-db2oltp-dev-etcd-1 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-etcd-2 01 Pending 0 1s
5 Pods
2x Db2 3x etcd
3 Services
2x Db2 1x etcd
2 StatefulSets
Db2 DESIRED=2
etcd DESIRED=3
1 PVC (RWX)
for HADR setup (1)
1 Secret
Db2 instance
owner password
(1) 5 addntl PVCs are being created
implicitly for 2x Db2 and 3x etcd
IBM Cloud51
Kubernetes Job to deploy SQL $ cat single04yamlapiVersion batchv1kind Jobmetadata
name db2-01-create-database-schemaspec
templatespec
containers- name db2-01-create-database-schema
image storeibmcorpdb2_developer_c11144-x86_64command [ binsh-cscriptsdb2-setupsh ]volumeMounts- name db2-createschema
mountPath scriptssecurityContext
capabilitiesadd [SYS_RESOURCE IPC_OWNER SYS_NICE]
env- name LICENSE
value accept- name DB2INSTANCE
value db2inst1- name DB2INST1_PASSWORD
valueFromsecretKeyRef
name db2-01-ibm-db2oltp-devkey password
- name DB2_SERVICE_NAMEvalue db2-01-ibm-db2oltp-dev
- name DBNAMEvalue mydb
restartPolicy Nevervolumes- name db2-createschema
configMapname db2-createschemadefaultMode 0744
backoffLimit 1---apiVersion v1data
db2-setupsh |binshexport SETUPDIR=vardb2_setupsource $SETUPDIRincludedb2_constantssource $SETUPDIRincludedb2_common_functionsif getent passwd $DB2INSTANCE gt devnull 2gtamp1 then
echo () Previous setup has not been detected Creating create_users
fiif create_instance then
exit 1fistart_db2cp scriptsdb2-createschemash databasedb2-createschemashchmod +x databasedb2-createschemashsu - $DB2INSTANCE -c databasedb2-createschemash
$DB2_SERVICE_NAME $DB2INSTANCEldquo$DB2INST1_PASSWORD $DBNAME
IBM Cloud52
Kubernetes Job to deploy SQL (contrsquod)db2-createschemash |
binshDB2_SERVICE_NAME=$1DB2INSTANCE=$2DB2INST1_PASSWORD=$3DBNAME=$4echo Configure schema for database $DBNAME on host $DB2_SERVICE_NAMEdb2 catalog tcpip node DB2NODE remote $DB2_SERVICE_NAME server 50000db2 catalog db $DBNAME as $DBNAME at node DB2NODEdb2 terminatedb2 activate database $DBNAME user $DB2INSTANCE using $DB2INST1_PASSWORDdb2 connect to $DBNAME user $DB2INSTANCE using $DB2INST1_PASSWORDsleep 2db2 -tvmf scriptsps-bp-tbspsqlsleep 10db2 -tvmf scriptsps-tablessqlecho Database $DBNAME has been configured
ps-bp-tbspsql |CREATE BUFFERPOOL BP32K PAGESIZE 32KCREATE TABLESPACE TS32 PAGESIZE 32K BUFFERPOOL BP32K
ps-tablessql |CREATE TABLE PS_TABLE(PS_TABLE_ID INTEGER NOT NULL GENERATED ALWAYS AS IDENTITY (START WITH 100000 INCREMENT BY 5) [hellip] IN TS32INSERT INTO PS_TABLE (SSNFIRST_NAMELAST_NAMEJOB_CODEDEPTSALARYDOB) WITH TEMP1 [hellip] CREATE TABLE PS_HISTORY ( FIRSTNAME VARCHAR(20) NOT NULL LASTNAME VARCHAR(20) NOT NULL JOBCODE CHAR(4) NOT NULL ) IN TS32 GRANT ALL ON ps_table TO PUBLICGRANT ALL ON ps_history TO PUBLIC
kind ConfigMapmetadata
name db2-createschema
IBM Cloud53
Deploying the Job to run the SQL
We deploy the Kubernetes job that runs the SQL on the MYDB database
$ kubectl apply ndashf single04yaml
jobbatchdb2-01-create-database-schema created
configmapdb2-createschema configured
We verify that the job has been created
$ kubectl get jobs
NAME COMPLETIONS DURATION AGE
db2-01-create-database-schema 01 0s 0s
Eventually the job completes
$ kubectl get jobs
NAME COMPLETIONS DURATION AGE
db2-01-create-database-schema 11 109s 45m
IBM Cloud54
Verifying the logs from the Job that runs the SQL on MYDBWe run a script to retrieve the logs form the job
binbash
kubectl config set-context $(kubectl config current-context) --namespace=stock-trader-data
pod=$(kubectl get pods --selector=job-name=db2-01-create-database-schema --output=jsonpath=items[]metadataname)
kubectl logs -f $pod
Output
[hellip]
DB20000I The SQL command completed successfully
GRANT ALL ON ps_table TO PUBLIC
DB20000I The SQL command completed successfully
GRANT ALL ON ps_history TO PUBLIC
DB20000I The SQL command completed successfully
Database mydb has been configured
IBM Cloud55
Deploying Data Server Manager (DSM) with the GUI
IBM Cloud56
Deploying Data Server Manager (DSM) with the GUI (2)
IBM Cloud57
Getting the URL of Data Server Manager
We need to query Kubernetes for the URL of the DSM GUI
binbash
export NODE_PORT=$(kubectl get --namespace stock-trader-data -o jsonpath=spec
ports[1]nodePort services dsm-01-ibm-dsm-dev)
export NODE_IP=$(kubectl get nodes --namespace stock-trader-data -o jsonpath=
items[0]statusaddresses[0]address)
echo https$NODE_IP$NODE_PORT
=gt https1921682710030462 (can be different on your system)
IBM Cloud58
Accessing Data Server Manager
IBM Cloud59
Data Server Manager HomepageAll Db2 OLTP instances running in the
same namespace as DSM will be auto-
discovered and monitored by DSM
IBM Cloud60
DSM Kubernetes resources (12)$ helm status dsm-01 --tlsLAST DEPLOYED Mon Sep 16 120102 2019NAMESPACE stock-trader-dataSTATUS DEPLOYED
RESOURCES==gt v1RoleBindingNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGEdsm-01-repository NodePort 1000233 ltnonegt 5000032695TCP5500032203TCP 8mdsm-01-ibm-dsm-dev NodePort 100085 ltnonegt 1108032444TCP1108130462TCP 8m
==gt v1beta1DeploymentNAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGEdsm-01-repository 1 1 1 1 8mdsm-01-ibm-dsm-dev 1 1 1 1 8m
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdsm-01-repository-76f87d47d4-dlqh4 11 Running 0 8mdsm-01-ibm-dsm-dev-b976d89bd-dflqn 22 Running 0 8m
2 RoleBindings
2 Services
1x Db2 (repodb)
1x DSM
2 Deployments
2 Pods
1 Db2 1 DSM
IBM Cloud61
DSM Kubernetes resources (22)
[hellip]==gt v1SecretNAME TYPE DATA AGEdsm-01-repository-db2-passwd Opaque 1 8mdsm-01-ibm-dsm-dev-dsm-passwd Opaque 1 8m
==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGEdsm-01-repository-data-stor Bound vol14 20Gi RWO 8mdsm-01-ibm-dsm-dev-datavolume Bound vol12 20Gi RWO 8m
==gt v1ServiceAccountNAME SECRETS AGEdsm-repodb-dsm-01-repository 1 8mdsm-dsm-01-ibm-dsm-dev 1 8m
==gt v1RoleNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
2 Secrets 1 DSM
asmin 1 Db2
instance owner
2 PVCs 1 DSM
Db2
3 Roles
IBM Cloud62
Additional Resources
IBM Cloud63
Additional Resources ndash Kubernetes Docker Helm
Kubernetes
minus httpskubernetesiodocstutorialskubernetes-basics
Kubernetes in the Enterprise eBook
minus ibmbizBdYA4i
Docker
minus httpsdocsdockercomget-started
Docker Hub
minus httpshubdockercom
Helm
minus httpshelmshdocs
IBM Cloud64
Additional Resources ndash IBM Cloud Private OpenShift
IBM Cloud Private Documentation
minus httpswwwibmcomsupportknowledgecenterenSSBS6K_320kc_welcome_containershtml
Deploy IBM Cloud Private Community Edition using Vagrant
minus httpsgithubcomIBMdeploy-ibm-cloud-privateblobmasterdocsdeploy-vagrantmd
Red Hat OpenShift Container Platform Documentation
minus httpsdocsopenshiftcomcontainer-platform41welcomeindexhtml
IBM Cloud65
Additional Resources ndash Db2 Db2Wh DSMDb2 Integration into IBM Cloud Private
minus httpsdeveloperibmcomrecipestutorialsdb2-integration-into-ibm-cloud-private
Db2 on IBM Cloud Private with Red Hat OpenShift
minus httpsdeveloperibmcomrecipestutorialsibm-db2-on-ibm-cloud-private-with-redhat-openshift
IBM Db2 Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-db2oltp-dev
IBM Data Server Manager Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-dsm-dev
Deploying Db2 Warehouse SMP using Kubernetes
minus httpswwwibmcomsupportknowledgecenterenSSCJDQcomibmswgimdashdbdocadmindeploy_kubernetes_smphtml
Deploying Db2 Warehouse SMP and MPP on IBM Cloud Pak for Data
minus httpswwwibmcomsupportknowledgecenterenSSQNUZ_210comibmicpdatadoczenadmindb-reqshtmldb-reqs__db2warehouse
IBM Cloud66
Presentation on Db2 and Docker from Db2 Aktuell 2018
IBM Cloud67
Summary
IBM Cloud68
Summary
Micro Services and Containers
Kubernetes Basics
Deploying Db2 on Kubernetes
minus Db2 OLTP Single Server
minus Db2 OLTP HADR
minus Data Server Manager (DSM)
Additional Resources
Summary
IBM Cloud69
Claus Huempel IBM Deutschland GmbH
Karl-Arnold-Platz 1a
Technical Sales Professional 40474 Duesseldorf
Hybrid Data Management Germany
Mobile +49-177-3627278
Email chuempeldeibmcom
Thank You
IBM Cloud70
IBM Cloud13
Private Cloud Platform Market LeadersOpenShift and IBM Cloud Private
IBM Cloud Private
IBM Cloud14
Kubernetes Basics
IBM Cloud15
Kubernetes Basics
Kubernetes Overview
minusOpen Source Project
minus Features
minusArchitecture
Kubernetes Workloads
minus Pods and YAML
minus Controllers
Kubernetes Networking
minus Services
Kubernetes Storage
minus Volume types
minus Persistent volumes
minus Persistent volume claims
Kubernetes Security
minus Secrets
IBM Cloud Private Catalog
minusHelm Charts
minusHelm CLI
IBM Cloud16
Kubernetes ndash Open Source Project
Greek work for ldquoHelmsmanrdquo
Itrsquos Open Source - httpsgithubcomkuberneteskubernetes
Itrsquos a graduated project of Cloud Native Computing Foundation httpscncfio
Popularly known as ldquoContainer Orchestratorrdquo
It is a modern ldquoCluster Managerrdquo for automating deployment scaling and management of containerized applications
IBM Cloud17
Kubernetes ndash Features (1)
Automatic binpacking
minus Automatically places containers on nodes Mix critical and best-effort workloads in order to drive up utilization
Horizontal scaling
minus Scale application up or down with a simple command with a UI or automatically based on CPU usage
Automated rollouts and rollbacks
minus Kubernetes progressively rolls out changes to the application or its configuration while monitoring application health to ensure that it doesnrsquot kill all instances at the same time
Storage orchestration
minus Automatically mount the storage system of your choice whether from local public or SAN such as iSCSI Gluster Ceph Cinder Flocker NFS or IBM Spectrum Scale
IBM Cloud18
Kubernetes ndash Features (2)
Self-healing
minus Restart containers that fail replace and reschedules containers when nodes die kill containers that do not respond to user defined health checks
Service discovery and load balancing
minus No need to modify the application to use an unfamiliar service discovery mechanism Kubernetes gives containers their own IP addresses and a single DNS name for a set of containers
Secret and configuration management
minus Deploy and update secrets and application configuration without rebuilding your image and without exposing secrets in your stack configuration
Batch Execution
minus In addition to services Kubernetes can manage your batch and CI workloads replacing containers that fail if desired
IBM Cloud19
Kubernetes Architecture
Kubernetes Cluster
Kubelet
Worker NodeKubelet
Worker NodeKubelet
Worker Node
Master Node
API Server
Scheduler ControllerDistributed etcd
key-value datastore
Image Registry
Container -
1Container -
2Container -
3Container -
4Container -
5Container -
6Container -
7Container -
8Container -
n
Kubernetes REST API
Command
LineWeb UI
IBM Cloud20
Kubernetes WorkloadsPod ndash the basic building block for Kubernetes
Smallest and simplest unit in Kubernetes object model
Pod encapsulates an application container (or multiple containers) storage resources a unique network IP and options that govern how the container should run
Pod is a unit of deployment
Pod runs one or more containers as a unit
Docker is the container runtime used in IBM Cloud Private
One-container-per-pod model is most common use case
Kubernetes manages the pod rather than containers directly
Pods can run multiple containers that need to work together and toshare resources
Pods are designed as relatively ephemeral disposable entities
Pods do not self-heal by themselves ndash a higher level abstractiondoes this
IBM Cloud21
Kubernetes ConfigurationsCreate YAML for creating resources on KubernetesYAML ndash Yet Another Markup Language or YAML Ainrsquot Markup Language
Types of structures required in Kubernetes
minus Maps
minus Lists
YAML Maps - let you associate name value pair For example---apiVersion v1kind pod
YAML Maps ndash Create a key that maps to another map---apiVersion v1kind podmetadata
name db2labels
app db2
IBM Cloud22
Kubernetes Configurations ndash Create YAML (continued)YAML Lists are literally a sequence of objects Members in the list can also be maps
---apiVersion v1kind podmetadata
name db2labels
app db2spec
containers- name front-endimage nginxports
- containerPort 80- name db2-oltpimage storeibmcorpdb2_developer_c11144ports
- containerPort 50000
A YAML manifest has four components to define a Kubernetes resourcebull apiVersionbull kindbull metadatabull spec
IBM Cloud23
Kubernetes Workloads ndash Create a Pod
Create a nginx pod ndash icp01yaml--- Simple yaml file to create an nginx podapiVersion v1kind Podmetadata
name nginxlabels
app nginxspec
containers- name nginx
image nginx179ports- containerPort 80
Create the pod
$ kubectl apply -f icp01yaml
podnginx created
Check pod status
$ kubectl get pods
NAME READY STATUS RESTARTS AGE
nginx 11 Running 0 13s
IBM Cloud24
Kubernetes Workloads - ControllersControllers can create and manage pods for you
ReplicaSet
minus A ReplicaSet ensures that a specified number of pod replicas are running at any given time
Deployments
minus Deployment is a higher-level concept that manages ReplicaSets and provides declarative updates to pods
minus Example Create a deployment to rollout a ReplicaSet
StatefulSets
minus StatefulSets represent a set of pods with unique persistent identities and stable hostnames that are maintained regardless where they are scheduled
minus Examples Db2 Redis IBM MQ
DaemonSets
minus A DaemonSet ensures that nodes (all or some) run a copy of pod As nodes are added pods are added to them
minus Example Cluster storage daemon such as glusterd ceph logs collection on each node
Jobs CronJobs
minus A job creates one or more pods and ensures that a specified number of them successfully terminate
IBM Cloud25
Kubernetes Network - Services
Without services Pods are not visible outside the cluster
To enable communication from outside world to the Pods services are created
Internal Service Endpoints ndash Available inside the cluster only
External Service Endpoints - DNS names C-Names or A-records available to access pods
With the help of labels and selectors the services are tied to the pods
Service Types
minus ClusterIP ndash Service is reachable only from inside of the cluster
minus NodePort ndash Service is reachable through NodeIPNodePort
minus LoadBalancer ndash Service is reachable through an external load balancer mapped to NodeIPNodePort address
IBM Cloud26
Kubernetes Storage ndash Volume types
Host-based
minus EmptyDir
minus HostPath
Block Storage
minus IBM Block Storage
minus Amazon EBS
minus GCE Persistent Disk
minus vSphere Volumes
Distributed File System
minus IBM Spectrum Scale
minus NFS
minus Ceph
minus GlusterFS
minus Amazon EFS
minus Azure File System
Other
minus Flocker
minus iSCSI
minus Git Repository
minus Quobyte
IBM Cloud27
Kubernetes Storage ndash Persistence in Pods
Pods are ephemeral and stateless
Applications need persistent storage
Volumes is a way to get persistence to a Pod
Kubernetes volumes are similar to Docker volumes but are managed differently
All containers in a Pod can access the volume
Volumes are associated with the lifecycle of a Pod
Directories in a host are exposed as volumes in Pod
Volumes may be based on a variety of back-end storage types
IBM Cloud28
Kubernetes StoragePersistent volume and persistent volume claim
The Kubernetes Volume abstraction provides
minusPersistent Volume (PV) ndash Provisioned by an administrator
minusPersistent Volume Claim (PVC) ndash Requested by an user and Heketi provisions PVC ndash which creates a PV
minus Storage Class (SC) ndash Storage profiles offered by admins
Persistent
Volume
Block Storage Distributed File System IBM
Spectrum Scale
Worker Node
Pod 1 Pod 1
Persistent
Volume
Claim
IBM Cloud29
Kubernetes SecretsDecouple container with sensitive information
Secret holds sensitive information such as password OAuth tokens and more
Secret is an abstraction to decouple sensitive data
To use a secret Pod needs to reference the secret
Secret can be used in a Pod as files in a volume mounted on one or more containers or used by kubelet when pulling images for the Pod
$ kubectl -n stocktrader
create secret generic db2
--from-literal=id=db2psc
--from-literal=pwd=password
--from-literal=host=dev-ibm-db2oltp-devdefaultsvcclusterlocal
--from-literal=port=50000
--from-literal=db=PSDB
IBM Cloud30
IBM Cloud Private catalog ndash Helm Charts
Db2 chart
DSM chart
IBM Cloud31
IBM Cloud Private catalog ndash What is a Helm Chart
Helm is the package manager in IBM Cloud Private
Tiller is the server that serves the Helm content
Helm charts help to define install and upgrade software in an automated fashion
Helm charts can be deployed using GUI or command line
Software packages are available from IBM Charts Repository
Available at httpsgithubcomIBMcharts
IBM Cloud Private catalog requires internet connectivity to show available charts
In an air-gap environment you can build your own Local Charts repository
IBM Cloud32
IBM Charts Repository httpsgithubcomIBMchartstreemasterstable
Db2 chart
DSM chart
IBM Cloud33
Helm command line ndash Helm and Tiller
Helm is the client and Tiller is the server ndash runs on master node
$ helm version
Client v272+icp
Error cannot connect to Tiller
Use of --tls is required to do Helm operations
$ helm version --tls
Client v272+icp
Server v272+icp
Helm and Tiller version must be same ndash do not download Helm from Internet
IBM Cloud34
Deploying Db2 on Kubernetes
IBM Cloud35
Db2-based Containers running on Kubernetes (Sep 2019)Product Version Worker
Nodes
Pods PVCs Comments
Db2 OLTP 11144 1 1 1
Db2 OLTP HADR 11144 3 5 6 1x Db2 primary 1x Db2 standby 3x etcd for cluster
manager addntl PVC for HADR setup
Data Server
Manager
215 1 2 2 1x DSM 1x Db2 repository database
Includes Db2 111 engine
Db2 Warehouse
SMP
3100 1 1 1 Includes Db2 111 engine
Db2 Warehouse
MPP
3100 3+ 3+ 1 Includes Db2 111 engine
Requires IBM Cloud Pak for Data
Coming soon
minus Red Hat OpenShift Kubernetes support
minus Db2 v115 engine
IBM Cloud36
IBM Cloud Private Kubernetes platform
IBM Cloud37
Before deploying Db2 OLTP to Kubernetes a couple of stepsneed to be performed
Creating a new namespace (optional)
Configuring a pod security policy
Configuring an image pull secret
Configuring the service account
IBM Cloud38
Creating the Namespace for the Db2 OLTP containers
We will create new namespace where all our Pods for Db2 OLTP Db2 OLTP HADR and Data Server Manager will run
Create the namespace for example stock-trader-data
$ kubectl create namespace stock-trader-data
namespacestock-trader-data created
Switch the context to the newly created namespace
$ kubectl config set-context $(kubectl config current-context)
--namespace=stock-trader-data
Context mycluster-context modified
Verify pods There should be no pods running as we just created the namespace$ kubectl get podsNo resources found
IBM Cloud39
Configuring Pod Security Policy for Db2$ cat pre01yamlapiVersion extensionsv1beta1kind PodSecurityPolicymetadata
name db2-privilegesspec
allowPrivilegeEscalation trueprivileged falseallowedCapabilities- SETPCAP- MKNOD- AUDIT_WRITE- CHOWN- NET_RAW- DAC_OVERRIDE- FOWNER- FSETID- KILL- SETGID- SETUID- NET_BIND_SERVICE- SYS_CHROOT- SETFCAP- SYS_RESOURCE- IPC_OWNER- SYS_NICEfsGroup
rule RunAsAnyhostIPC true
hostNetwork falsehostPID falsehostPorts- max 65535
min 1runAsUser
rule RunAsAnyseLinux
rule RunAsAnysupplementalGroups
rule RunAsAnyvolumes-
Configure the pod security policy$ kubectl apply -f pre01yamlpodsecuritypolicyextensionsdb2-privileges configured
Verify the results$ kubectl get psp
db2-privileges false SETPCAPMKNODAUDIT_WRITECHOWNNET_RAWDAC_OVERRIDEFOWNERFSETIDKILLSETGIDSETUIDNET_BIND_SERVICESYS_CHROOTSETFCAPSYS_RESOURCEIPC_OWNERSYS_NICE RunAsAny RunAsAny RunAsAny RunAsAnyfalse
IBM Cloud40
Configuring Image Pull Secret for Db2
We need to create a image pull secret to give Kubernetes the credentials to pull the Db2 Developer-C and DSM images from Docker Hub
The username password and email are the credentials form Docker Hub
Note that you need to subscribe the Db2 and DSM images in Docker Hub first
Configure the image pull secret$ kubectl create secret docker-registry dockerhub
--docker-username=ltyour dockerhub usernamegt--docker-password=ltyour dockerhub passwordgt--docker-email=ltyour dockerhub emailgt--namespace=ltyour namespacegt
secretdockerhub created
Verify the result$ kubectl get secretsNAME TYPE DATA AGEdefault-token-mwvpl kubernetesioservice-account-token 3 17ddockerhub kubernetesiodockerconfigjson 1 13m
IBM Cloud41
Configuring Service Account for Db2$ more pre04yaml---kind ClusterRoleapiVersion rbacauthorizationk8siov1metadataname db2-privileges-cluster-role
rules- apiGroups [extensions]resources [podsecuritypolicies]verbs [use]resourceNames- db2-privileges
---kind ClusterRoleBindingapiVersion rbacauthorizationk8siov1metadataname db2-privileges-cluster-role-binding
roleRefkind ClusterRolename db2-privileges-cluster-roleapiGroup rbacauthorizationk8sio
subjects- kind ServiceAccountname defaultnamespace stock-trader-data
The YAML specification file that defines the cluster role and the cluster role binding for the service account
Configure the service account$ kubectl apply -f pre04yamlclusterrolerbacauthorizationk8siodb2-privileges-cluster-role createdclusterrolebindingrbacauthorizationk8siodb2-privileges-cluster-role-binding created
Verify the results$ kubectl get psp
db2-privileges false SETPCAPMKNODAUDIT_WRITECHOWNNET_RAWDAC_OVERRIDEFOWNERFSETIDKILLSETGIDSETUIDNET_BIND_SERVICESYS_CHROOTSETFCAPSYS_RESOURCEIPC_OWNERSYS_NICE RunAsAny RunAsAny RunAsAnyRunAsAny false
IBM Cloud42
Helm Charts for Db2 and DSM
IBM Cloud43
Helm install command to deploy Db2 OLTP on Kubernetes
Installing Db2 OLTP server with one database in 2 minutes
$ helm install --name db2-01 ibm-chartsibm-db2oltp-dev
--tls
--set db2instinstname=db2inst1
--set db2instpassword=passw0rd
--set optionsdatabaseName=MYDB
--set dataVolumesize=20Gi
Size of the
Db2 data
volume
Name of database that
will be created
If not specified no
database will be
created
Instance
owner name
Instance owner
password
Db2 OLTP
Helm chart
name
Helm release
name
different for each
deployment
Additional parameters available for example to enable Oracle compatibilitySee httpsgithubcomIBMchartstreemasterstableibm-db2oltp-dev
IBM Cloud44
Letrsquos verify if we can connect to the MYDB database (1)
Get list of running pods and verify that Db2 OLTP pod is running
$ kubectl get podsNAME READY STATUS RESTARTS AGEdb2-01-ibm-db2oltp-dev-0 11 Running 1 7h57m
Review the logs of the Db2 OLTP container
$ kubectl logs -f db2-01-ibm-db2oltp-dev-009152019 160430 0 0 SQL1063N DB2START processing was successfulSQL1063N DB2START processing was successful() Starting TEXT SEARCH service CIE00001 Operation completed successfullyssh-keygen generating new host keys RSA1 RSA DSA ECDSA ED25519() All databases are now active() Setup has completed
IBM Cloud45
Letrsquos verify if we can connect to the MYDB database (2)
Login to the Db2 OLTP container and connect to MYDB Db2 database
$ kubectl exec -it db2-01-ibm-db2oltp-dev-0 --binbash su - db2inst1Last login Sun Sep 15 161711 UTC 2019$ db2 connect to MYDB
Database Connection Information
Database server = DB2LINUXX8664 11144SQL authorization ID = DB2INST1Local database alias = MYDB
IBM Cloud46
Cataloging the MYDB database
We need to catalog the MYDB database to access from Db2 client
binbash
NODE_PORT=$(kubectl get --namespace stock-trader-data
-o jsonpath=specports[0]nodePort services db2-01-ibm-db2oltp-dev-db2)
echo Cataloging node db2tcp1
db2 -v uncatalog node DB2TCP1
db2 -v catalog tcpip node DB2TCP1 remote 19216827100 server $NODE_PORT
echo Cataloging database MYDB at node db2tcp1
db2 -v uncatalog database MYDB
db2 -v catalog database MYDB at node DB2TCP1
db2 terminate
We get the Db2 port
from the Db2 OLTP
helm release service
definition
IBM Cloud47
Kubernetes resources for Db2 OLTP$ helm status db2-01 --tlsNAME db2-01LAST DEPLOYED Sun Sep 15 081114 2019NAMESPACE stock-trader-dataSTATUS DEPLOYEDRESOURCES==gt v1SecretNAME TYPE DATA AGEdb2-01-ibm-db2oltp-dev Opaque 1 1s==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
db2-01-data-stor Bound vol12 20Gi RWO 1s
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
db2-01-ibm-db2oltp-dev-db2 NodePort 100050 ltnonegt 5000030463TCP5500032236TCP 1sdb2-01-ibm-db2oltp-dev ClusterIP None ltnonegt 50000TCP55000TCP60006TCP60007TCP 1s==gt v1StatefulSetNAME DESIRED CURRENT AGE
db2-01-ibm-db2oltp-dev 1 1 1s
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdb2-01-ibm-db2oltp-dev-0 01 Init01 0 1s 1 Pod runs
the Db2
container
2 Services for
Db2 1x external
1x internal
1 StatefulSet
DESIRED = 1
1 PVC (RWO) for db
files logs amp config
1 Secret
Db2 instance
owner password
IBM Cloud48
Helm install command for deploying Db2 OLTP HADR
Setting up a Db2 OLTP v111 HADR cluster pair in 5 minutes with 1 command
helm install --name db2-02 ibm-chartsibm-db2oltp-dev
--tls
--set db2instinstname=db2inst1
--set db2instpassword=passw0rd
--set optionsdatabaseName=HADB
--set dataVolumesize=20Gi--set hadrenabled=true
Additional parameter
hadrenabled set to true to
indicate that we want a
HADR setup
IBM Cloud49
Verify that Db2 HADR is working
IBM Cloud50
Kubernetes resources for Db2 OTLP HADRNAME db2-02LAST DEPLOYED Tue Sep 17 082433 2019NAMESPACE stock-trader-dataSTATUS DEPLOYEDRESOURCES==gt v1SecretNAME TYPE DATA AGEdb2-02-ibm-db2oltp-dev Opaque 1 1s==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
db2-02-hadr-stor Bound vol09 20Gi RWX 1s
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
db2-02-ibm-db2oltp-dev-db2 NodePort 100061 ltnonegt 5000032422TCP5500032181TCP 1sdb2-02-ibm-db2oltp-dev ClusterIP None ltnonegt 50000TCP55000TCP60006TCP60007TCP 1sdb2-02-ibm-db2oltp-dev-etcd ClusterIP None ltnonegt 2380TCP2379TCP 1s==gt v1StatefulSetNAME DESIRED CURRENT AGE
db2-02-ibm-db2oltp-dev 2 2 1s
==gt v1beta2StatefulSet
db2-02-ibm-db2oltp-dev-etcd 3 0 1s
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdb2-02-ibm-db2oltp-dev-0 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-1 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-etcd-0 01 ContainerCreating 0 1sdb2-02-ibm-db2oltp-dev-etcd-1 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-etcd-2 01 Pending 0 1s
5 Pods
2x Db2 3x etcd
3 Services
2x Db2 1x etcd
2 StatefulSets
Db2 DESIRED=2
etcd DESIRED=3
1 PVC (RWX)
for HADR setup (1)
1 Secret
Db2 instance
owner password
(1) 5 addntl PVCs are being created
implicitly for 2x Db2 and 3x etcd
IBM Cloud51
Kubernetes Job to deploy SQL $ cat single04yamlapiVersion batchv1kind Jobmetadata
name db2-01-create-database-schemaspec
templatespec
containers- name db2-01-create-database-schema
image storeibmcorpdb2_developer_c11144-x86_64command [ binsh-cscriptsdb2-setupsh ]volumeMounts- name db2-createschema
mountPath scriptssecurityContext
capabilitiesadd [SYS_RESOURCE IPC_OWNER SYS_NICE]
env- name LICENSE
value accept- name DB2INSTANCE
value db2inst1- name DB2INST1_PASSWORD
valueFromsecretKeyRef
name db2-01-ibm-db2oltp-devkey password
- name DB2_SERVICE_NAMEvalue db2-01-ibm-db2oltp-dev
- name DBNAMEvalue mydb
restartPolicy Nevervolumes- name db2-createschema
configMapname db2-createschemadefaultMode 0744
backoffLimit 1---apiVersion v1data
db2-setupsh |binshexport SETUPDIR=vardb2_setupsource $SETUPDIRincludedb2_constantssource $SETUPDIRincludedb2_common_functionsif getent passwd $DB2INSTANCE gt devnull 2gtamp1 then
echo () Previous setup has not been detected Creating create_users
fiif create_instance then
exit 1fistart_db2cp scriptsdb2-createschemash databasedb2-createschemashchmod +x databasedb2-createschemashsu - $DB2INSTANCE -c databasedb2-createschemash
$DB2_SERVICE_NAME $DB2INSTANCEldquo$DB2INST1_PASSWORD $DBNAME
IBM Cloud52
Kubernetes Job to deploy SQL (contrsquod)db2-createschemash |
binshDB2_SERVICE_NAME=$1DB2INSTANCE=$2DB2INST1_PASSWORD=$3DBNAME=$4echo Configure schema for database $DBNAME on host $DB2_SERVICE_NAMEdb2 catalog tcpip node DB2NODE remote $DB2_SERVICE_NAME server 50000db2 catalog db $DBNAME as $DBNAME at node DB2NODEdb2 terminatedb2 activate database $DBNAME user $DB2INSTANCE using $DB2INST1_PASSWORDdb2 connect to $DBNAME user $DB2INSTANCE using $DB2INST1_PASSWORDsleep 2db2 -tvmf scriptsps-bp-tbspsqlsleep 10db2 -tvmf scriptsps-tablessqlecho Database $DBNAME has been configured
ps-bp-tbspsql |CREATE BUFFERPOOL BP32K PAGESIZE 32KCREATE TABLESPACE TS32 PAGESIZE 32K BUFFERPOOL BP32K
ps-tablessql |CREATE TABLE PS_TABLE(PS_TABLE_ID INTEGER NOT NULL GENERATED ALWAYS AS IDENTITY (START WITH 100000 INCREMENT BY 5) [hellip] IN TS32INSERT INTO PS_TABLE (SSNFIRST_NAMELAST_NAMEJOB_CODEDEPTSALARYDOB) WITH TEMP1 [hellip] CREATE TABLE PS_HISTORY ( FIRSTNAME VARCHAR(20) NOT NULL LASTNAME VARCHAR(20) NOT NULL JOBCODE CHAR(4) NOT NULL ) IN TS32 GRANT ALL ON ps_table TO PUBLICGRANT ALL ON ps_history TO PUBLIC
kind ConfigMapmetadata
name db2-createschema
IBM Cloud53
Deploying the Job to run the SQL
We deploy the Kubernetes job that runs the SQL on the MYDB database
$ kubectl apply ndashf single04yaml
jobbatchdb2-01-create-database-schema created
configmapdb2-createschema configured
We verify that the job has been created
$ kubectl get jobs
NAME COMPLETIONS DURATION AGE
db2-01-create-database-schema 01 0s 0s
Eventually the job completes
$ kubectl get jobs
NAME COMPLETIONS DURATION AGE
db2-01-create-database-schema 11 109s 45m
IBM Cloud54
Verifying the logs from the Job that runs the SQL on MYDBWe run a script to retrieve the logs form the job
binbash
kubectl config set-context $(kubectl config current-context) --namespace=stock-trader-data
pod=$(kubectl get pods --selector=job-name=db2-01-create-database-schema --output=jsonpath=items[]metadataname)
kubectl logs -f $pod
Output
[hellip]
DB20000I The SQL command completed successfully
GRANT ALL ON ps_table TO PUBLIC
DB20000I The SQL command completed successfully
GRANT ALL ON ps_history TO PUBLIC
DB20000I The SQL command completed successfully
Database mydb has been configured
IBM Cloud55
Deploying Data Server Manager (DSM) with the GUI
IBM Cloud56
Deploying Data Server Manager (DSM) with the GUI (2)
IBM Cloud57
Getting the URL of Data Server Manager
We need to query Kubernetes for the URL of the DSM GUI
binbash
export NODE_PORT=$(kubectl get --namespace stock-trader-data -o jsonpath=spec
ports[1]nodePort services dsm-01-ibm-dsm-dev)
export NODE_IP=$(kubectl get nodes --namespace stock-trader-data -o jsonpath=
items[0]statusaddresses[0]address)
echo https$NODE_IP$NODE_PORT
=gt https1921682710030462 (can be different on your system)
IBM Cloud58
Accessing Data Server Manager
IBM Cloud59
Data Server Manager HomepageAll Db2 OLTP instances running in the
same namespace as DSM will be auto-
discovered and monitored by DSM
IBM Cloud60
DSM Kubernetes resources (12)$ helm status dsm-01 --tlsLAST DEPLOYED Mon Sep 16 120102 2019NAMESPACE stock-trader-dataSTATUS DEPLOYED
RESOURCES==gt v1RoleBindingNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGEdsm-01-repository NodePort 1000233 ltnonegt 5000032695TCP5500032203TCP 8mdsm-01-ibm-dsm-dev NodePort 100085 ltnonegt 1108032444TCP1108130462TCP 8m
==gt v1beta1DeploymentNAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGEdsm-01-repository 1 1 1 1 8mdsm-01-ibm-dsm-dev 1 1 1 1 8m
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdsm-01-repository-76f87d47d4-dlqh4 11 Running 0 8mdsm-01-ibm-dsm-dev-b976d89bd-dflqn 22 Running 0 8m
2 RoleBindings
2 Services
1x Db2 (repodb)
1x DSM
2 Deployments
2 Pods
1 Db2 1 DSM
IBM Cloud61
DSM Kubernetes resources (22)
[hellip]==gt v1SecretNAME TYPE DATA AGEdsm-01-repository-db2-passwd Opaque 1 8mdsm-01-ibm-dsm-dev-dsm-passwd Opaque 1 8m
==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGEdsm-01-repository-data-stor Bound vol14 20Gi RWO 8mdsm-01-ibm-dsm-dev-datavolume Bound vol12 20Gi RWO 8m
==gt v1ServiceAccountNAME SECRETS AGEdsm-repodb-dsm-01-repository 1 8mdsm-dsm-01-ibm-dsm-dev 1 8m
==gt v1RoleNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
2 Secrets 1 DSM
asmin 1 Db2
instance owner
2 PVCs 1 DSM
Db2
3 Roles
IBM Cloud62
Additional Resources
IBM Cloud63
Additional Resources ndash Kubernetes Docker Helm
Kubernetes
minus httpskubernetesiodocstutorialskubernetes-basics
Kubernetes in the Enterprise eBook
minus ibmbizBdYA4i
Docker
minus httpsdocsdockercomget-started
Docker Hub
minus httpshubdockercom
Helm
minus httpshelmshdocs
IBM Cloud64
Additional Resources ndash IBM Cloud Private OpenShift
IBM Cloud Private Documentation
minus httpswwwibmcomsupportknowledgecenterenSSBS6K_320kc_welcome_containershtml
Deploy IBM Cloud Private Community Edition using Vagrant
minus httpsgithubcomIBMdeploy-ibm-cloud-privateblobmasterdocsdeploy-vagrantmd
Red Hat OpenShift Container Platform Documentation
minus httpsdocsopenshiftcomcontainer-platform41welcomeindexhtml
IBM Cloud65
Additional Resources ndash Db2 Db2Wh DSMDb2 Integration into IBM Cloud Private
minus httpsdeveloperibmcomrecipestutorialsdb2-integration-into-ibm-cloud-private
Db2 on IBM Cloud Private with Red Hat OpenShift
minus httpsdeveloperibmcomrecipestutorialsibm-db2-on-ibm-cloud-private-with-redhat-openshift
IBM Db2 Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-db2oltp-dev
IBM Data Server Manager Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-dsm-dev
Deploying Db2 Warehouse SMP using Kubernetes
minus httpswwwibmcomsupportknowledgecenterenSSCJDQcomibmswgimdashdbdocadmindeploy_kubernetes_smphtml
Deploying Db2 Warehouse SMP and MPP on IBM Cloud Pak for Data
minus httpswwwibmcomsupportknowledgecenterenSSQNUZ_210comibmicpdatadoczenadmindb-reqshtmldb-reqs__db2warehouse
IBM Cloud66
Presentation on Db2 and Docker from Db2 Aktuell 2018
IBM Cloud67
Summary
IBM Cloud68
Summary
Micro Services and Containers
Kubernetes Basics
Deploying Db2 on Kubernetes
minus Db2 OLTP Single Server
minus Db2 OLTP HADR
minus Data Server Manager (DSM)
Additional Resources
Summary
IBM Cloud69
Claus Huempel IBM Deutschland GmbH
Karl-Arnold-Platz 1a
Technical Sales Professional 40474 Duesseldorf
Hybrid Data Management Germany
Mobile +49-177-3627278
Email chuempeldeibmcom
Thank You
IBM Cloud70
IBM Cloud14
Kubernetes Basics
IBM Cloud15
Kubernetes Basics
Kubernetes Overview
minusOpen Source Project
minus Features
minusArchitecture
Kubernetes Workloads
minus Pods and YAML
minus Controllers
Kubernetes Networking
minus Services
Kubernetes Storage
minus Volume types
minus Persistent volumes
minus Persistent volume claims
Kubernetes Security
minus Secrets
IBM Cloud Private Catalog
minusHelm Charts
minusHelm CLI
IBM Cloud16
Kubernetes ndash Open Source Project
Greek work for ldquoHelmsmanrdquo
Itrsquos Open Source - httpsgithubcomkuberneteskubernetes
Itrsquos a graduated project of Cloud Native Computing Foundation httpscncfio
Popularly known as ldquoContainer Orchestratorrdquo
It is a modern ldquoCluster Managerrdquo for automating deployment scaling and management of containerized applications
IBM Cloud17
Kubernetes ndash Features (1)
Automatic binpacking
minus Automatically places containers on nodes Mix critical and best-effort workloads in order to drive up utilization
Horizontal scaling
minus Scale application up or down with a simple command with a UI or automatically based on CPU usage
Automated rollouts and rollbacks
minus Kubernetes progressively rolls out changes to the application or its configuration while monitoring application health to ensure that it doesnrsquot kill all instances at the same time
Storage orchestration
minus Automatically mount the storage system of your choice whether from local public or SAN such as iSCSI Gluster Ceph Cinder Flocker NFS or IBM Spectrum Scale
IBM Cloud18
Kubernetes ndash Features (2)
Self-healing
minus Restart containers that fail replace and reschedules containers when nodes die kill containers that do not respond to user defined health checks
Service discovery and load balancing
minus No need to modify the application to use an unfamiliar service discovery mechanism Kubernetes gives containers their own IP addresses and a single DNS name for a set of containers
Secret and configuration management
minus Deploy and update secrets and application configuration without rebuilding your image and without exposing secrets in your stack configuration
Batch Execution
minus In addition to services Kubernetes can manage your batch and CI workloads replacing containers that fail if desired
IBM Cloud19
Kubernetes Architecture
Kubernetes Cluster
Kubelet
Worker NodeKubelet
Worker NodeKubelet
Worker Node
Master Node
API Server
Scheduler ControllerDistributed etcd
key-value datastore
Image Registry
Container -
1Container -
2Container -
3Container -
4Container -
5Container -
6Container -
7Container -
8Container -
n
Kubernetes REST API
Command
LineWeb UI
IBM Cloud20
Kubernetes WorkloadsPod ndash the basic building block for Kubernetes
Smallest and simplest unit in Kubernetes object model
Pod encapsulates an application container (or multiple containers) storage resources a unique network IP and options that govern how the container should run
Pod is a unit of deployment
Pod runs one or more containers as a unit
Docker is the container runtime used in IBM Cloud Private
One-container-per-pod model is most common use case
Kubernetes manages the pod rather than containers directly
Pods can run multiple containers that need to work together and toshare resources
Pods are designed as relatively ephemeral disposable entities
Pods do not self-heal by themselves ndash a higher level abstractiondoes this
IBM Cloud21
Kubernetes ConfigurationsCreate YAML for creating resources on KubernetesYAML ndash Yet Another Markup Language or YAML Ainrsquot Markup Language
Types of structures required in Kubernetes
minus Maps
minus Lists
YAML Maps - let you associate name value pair For example---apiVersion v1kind pod
YAML Maps ndash Create a key that maps to another map---apiVersion v1kind podmetadata
name db2labels
app db2
IBM Cloud22
Kubernetes Configurations ndash Create YAML (continued)YAML Lists are literally a sequence of objects Members in the list can also be maps
---apiVersion v1kind podmetadata
name db2labels
app db2spec
containers- name front-endimage nginxports
- containerPort 80- name db2-oltpimage storeibmcorpdb2_developer_c11144ports
- containerPort 50000
A YAML manifest has four components to define a Kubernetes resourcebull apiVersionbull kindbull metadatabull spec
IBM Cloud23
Kubernetes Workloads ndash Create a Pod
Create a nginx pod ndash icp01yaml--- Simple yaml file to create an nginx podapiVersion v1kind Podmetadata
name nginxlabels
app nginxspec
containers- name nginx
image nginx179ports- containerPort 80
Create the pod
$ kubectl apply -f icp01yaml
podnginx created
Check pod status
$ kubectl get pods
NAME READY STATUS RESTARTS AGE
nginx 11 Running 0 13s
IBM Cloud24
Kubernetes Workloads - ControllersControllers can create and manage pods for you
ReplicaSet
minus A ReplicaSet ensures that a specified number of pod replicas are running at any given time
Deployments
minus Deployment is a higher-level concept that manages ReplicaSets and provides declarative updates to pods
minus Example Create a deployment to rollout a ReplicaSet
StatefulSets
minus StatefulSets represent a set of pods with unique persistent identities and stable hostnames that are maintained regardless where they are scheduled
minus Examples Db2 Redis IBM MQ
DaemonSets
minus A DaemonSet ensures that nodes (all or some) run a copy of pod As nodes are added pods are added to them
minus Example Cluster storage daemon such as glusterd ceph logs collection on each node
Jobs CronJobs
minus A job creates one or more pods and ensures that a specified number of them successfully terminate
IBM Cloud25
Kubernetes Network - Services
Without services Pods are not visible outside the cluster
To enable communication from outside world to the Pods services are created
Internal Service Endpoints ndash Available inside the cluster only
External Service Endpoints - DNS names C-Names or A-records available to access pods
With the help of labels and selectors the services are tied to the pods
Service Types
minus ClusterIP ndash Service is reachable only from inside of the cluster
minus NodePort ndash Service is reachable through NodeIPNodePort
minus LoadBalancer ndash Service is reachable through an external load balancer mapped to NodeIPNodePort address
IBM Cloud26
Kubernetes Storage ndash Volume types
Host-based
minus EmptyDir
minus HostPath
Block Storage
minus IBM Block Storage
minus Amazon EBS
minus GCE Persistent Disk
minus vSphere Volumes
Distributed File System
minus IBM Spectrum Scale
minus NFS
minus Ceph
minus GlusterFS
minus Amazon EFS
minus Azure File System
Other
minus Flocker
minus iSCSI
minus Git Repository
minus Quobyte
IBM Cloud27
Kubernetes Storage ndash Persistence in Pods
Pods are ephemeral and stateless
Applications need persistent storage
Volumes is a way to get persistence to a Pod
Kubernetes volumes are similar to Docker volumes but are managed differently
All containers in a Pod can access the volume
Volumes are associated with the lifecycle of a Pod
Directories in a host are exposed as volumes in Pod
Volumes may be based on a variety of back-end storage types
IBM Cloud28
Kubernetes StoragePersistent volume and persistent volume claim
The Kubernetes Volume abstraction provides
minusPersistent Volume (PV) ndash Provisioned by an administrator
minusPersistent Volume Claim (PVC) ndash Requested by an user and Heketi provisions PVC ndash which creates a PV
minus Storage Class (SC) ndash Storage profiles offered by admins
Persistent
Volume
Block Storage Distributed File System IBM
Spectrum Scale
Worker Node
Pod 1 Pod 1
Persistent
Volume
Claim
IBM Cloud29
Kubernetes SecretsDecouple container with sensitive information
Secret holds sensitive information such as password OAuth tokens and more
Secret is an abstraction to decouple sensitive data
To use a secret Pod needs to reference the secret
Secret can be used in a Pod as files in a volume mounted on one or more containers or used by kubelet when pulling images for the Pod
$ kubectl -n stocktrader
create secret generic db2
--from-literal=id=db2psc
--from-literal=pwd=password
--from-literal=host=dev-ibm-db2oltp-devdefaultsvcclusterlocal
--from-literal=port=50000
--from-literal=db=PSDB
IBM Cloud30
IBM Cloud Private catalog ndash Helm Charts
Db2 chart
DSM chart
IBM Cloud31
IBM Cloud Private catalog ndash What is a Helm Chart
Helm is the package manager in IBM Cloud Private
Tiller is the server that serves the Helm content
Helm charts help to define install and upgrade software in an automated fashion
Helm charts can be deployed using GUI or command line
Software packages are available from IBM Charts Repository
Available at httpsgithubcomIBMcharts
IBM Cloud Private catalog requires internet connectivity to show available charts
In an air-gap environment you can build your own Local Charts repository
IBM Cloud32
IBM Charts Repository httpsgithubcomIBMchartstreemasterstable
Db2 chart
DSM chart
IBM Cloud33
Helm command line ndash Helm and Tiller
Helm is the client and Tiller is the server ndash runs on master node
$ helm version
Client v272+icp
Error cannot connect to Tiller
Use of --tls is required to do Helm operations
$ helm version --tls
Client v272+icp
Server v272+icp
Helm and Tiller version must be same ndash do not download Helm from Internet
IBM Cloud34
Deploying Db2 on Kubernetes
IBM Cloud35
Db2-based Containers running on Kubernetes (Sep 2019)Product Version Worker
Nodes
Pods PVCs Comments
Db2 OLTP 11144 1 1 1
Db2 OLTP HADR 11144 3 5 6 1x Db2 primary 1x Db2 standby 3x etcd for cluster
manager addntl PVC for HADR setup
Data Server
Manager
215 1 2 2 1x DSM 1x Db2 repository database
Includes Db2 111 engine
Db2 Warehouse
SMP
3100 1 1 1 Includes Db2 111 engine
Db2 Warehouse
MPP
3100 3+ 3+ 1 Includes Db2 111 engine
Requires IBM Cloud Pak for Data
Coming soon
minus Red Hat OpenShift Kubernetes support
minus Db2 v115 engine
IBM Cloud36
IBM Cloud Private Kubernetes platform
IBM Cloud37
Before deploying Db2 OLTP to Kubernetes a couple of stepsneed to be performed
Creating a new namespace (optional)
Configuring a pod security policy
Configuring an image pull secret
Configuring the service account
IBM Cloud38
Creating the Namespace for the Db2 OLTP containers
We will create new namespace where all our Pods for Db2 OLTP Db2 OLTP HADR and Data Server Manager will run
Create the namespace for example stock-trader-data
$ kubectl create namespace stock-trader-data
namespacestock-trader-data created
Switch the context to the newly created namespace
$ kubectl config set-context $(kubectl config current-context)
--namespace=stock-trader-data
Context mycluster-context modified
Verify pods There should be no pods running as we just created the namespace$ kubectl get podsNo resources found
IBM Cloud39
Configuring Pod Security Policy for Db2$ cat pre01yamlapiVersion extensionsv1beta1kind PodSecurityPolicymetadata
name db2-privilegesspec
allowPrivilegeEscalation trueprivileged falseallowedCapabilities- SETPCAP- MKNOD- AUDIT_WRITE- CHOWN- NET_RAW- DAC_OVERRIDE- FOWNER- FSETID- KILL- SETGID- SETUID- NET_BIND_SERVICE- SYS_CHROOT- SETFCAP- SYS_RESOURCE- IPC_OWNER- SYS_NICEfsGroup
rule RunAsAnyhostIPC true
hostNetwork falsehostPID falsehostPorts- max 65535
min 1runAsUser
rule RunAsAnyseLinux
rule RunAsAnysupplementalGroups
rule RunAsAnyvolumes-
Configure the pod security policy$ kubectl apply -f pre01yamlpodsecuritypolicyextensionsdb2-privileges configured
Verify the results$ kubectl get psp
db2-privileges false SETPCAPMKNODAUDIT_WRITECHOWNNET_RAWDAC_OVERRIDEFOWNERFSETIDKILLSETGIDSETUIDNET_BIND_SERVICESYS_CHROOTSETFCAPSYS_RESOURCEIPC_OWNERSYS_NICE RunAsAny RunAsAny RunAsAny RunAsAnyfalse
IBM Cloud40
Configuring Image Pull Secret for Db2
We need to create a image pull secret to give Kubernetes the credentials to pull the Db2 Developer-C and DSM images from Docker Hub
The username password and email are the credentials form Docker Hub
Note that you need to subscribe the Db2 and DSM images in Docker Hub first
Configure the image pull secret$ kubectl create secret docker-registry dockerhub
--docker-username=ltyour dockerhub usernamegt--docker-password=ltyour dockerhub passwordgt--docker-email=ltyour dockerhub emailgt--namespace=ltyour namespacegt
secretdockerhub created
Verify the result$ kubectl get secretsNAME TYPE DATA AGEdefault-token-mwvpl kubernetesioservice-account-token 3 17ddockerhub kubernetesiodockerconfigjson 1 13m
IBM Cloud41
Configuring Service Account for Db2$ more pre04yaml---kind ClusterRoleapiVersion rbacauthorizationk8siov1metadataname db2-privileges-cluster-role
rules- apiGroups [extensions]resources [podsecuritypolicies]verbs [use]resourceNames- db2-privileges
---kind ClusterRoleBindingapiVersion rbacauthorizationk8siov1metadataname db2-privileges-cluster-role-binding
roleRefkind ClusterRolename db2-privileges-cluster-roleapiGroup rbacauthorizationk8sio
subjects- kind ServiceAccountname defaultnamespace stock-trader-data
The YAML specification file that defines the cluster role and the cluster role binding for the service account
Configure the service account$ kubectl apply -f pre04yamlclusterrolerbacauthorizationk8siodb2-privileges-cluster-role createdclusterrolebindingrbacauthorizationk8siodb2-privileges-cluster-role-binding created
Verify the results$ kubectl get psp
db2-privileges false SETPCAPMKNODAUDIT_WRITECHOWNNET_RAWDAC_OVERRIDEFOWNERFSETIDKILLSETGIDSETUIDNET_BIND_SERVICESYS_CHROOTSETFCAPSYS_RESOURCEIPC_OWNERSYS_NICE RunAsAny RunAsAny RunAsAnyRunAsAny false
IBM Cloud42
Helm Charts for Db2 and DSM
IBM Cloud43
Helm install command to deploy Db2 OLTP on Kubernetes
Installing Db2 OLTP server with one database in 2 minutes
$ helm install --name db2-01 ibm-chartsibm-db2oltp-dev
--tls
--set db2instinstname=db2inst1
--set db2instpassword=passw0rd
--set optionsdatabaseName=MYDB
--set dataVolumesize=20Gi
Size of the
Db2 data
volume
Name of database that
will be created
If not specified no
database will be
created
Instance
owner name
Instance owner
password
Db2 OLTP
Helm chart
name
Helm release
name
different for each
deployment
Additional parameters available for example to enable Oracle compatibilitySee httpsgithubcomIBMchartstreemasterstableibm-db2oltp-dev
IBM Cloud44
Letrsquos verify if we can connect to the MYDB database (1)
Get list of running pods and verify that Db2 OLTP pod is running
$ kubectl get podsNAME READY STATUS RESTARTS AGEdb2-01-ibm-db2oltp-dev-0 11 Running 1 7h57m
Review the logs of the Db2 OLTP container
$ kubectl logs -f db2-01-ibm-db2oltp-dev-009152019 160430 0 0 SQL1063N DB2START processing was successfulSQL1063N DB2START processing was successful() Starting TEXT SEARCH service CIE00001 Operation completed successfullyssh-keygen generating new host keys RSA1 RSA DSA ECDSA ED25519() All databases are now active() Setup has completed
IBM Cloud45
Letrsquos verify if we can connect to the MYDB database (2)
Login to the Db2 OLTP container and connect to MYDB Db2 database
$ kubectl exec -it db2-01-ibm-db2oltp-dev-0 --binbash su - db2inst1Last login Sun Sep 15 161711 UTC 2019$ db2 connect to MYDB
Database Connection Information
Database server = DB2LINUXX8664 11144SQL authorization ID = DB2INST1Local database alias = MYDB
IBM Cloud46
Cataloging the MYDB database
We need to catalog the MYDB database to access from Db2 client
binbash
NODE_PORT=$(kubectl get --namespace stock-trader-data
-o jsonpath=specports[0]nodePort services db2-01-ibm-db2oltp-dev-db2)
echo Cataloging node db2tcp1
db2 -v uncatalog node DB2TCP1
db2 -v catalog tcpip node DB2TCP1 remote 19216827100 server $NODE_PORT
echo Cataloging database MYDB at node db2tcp1
db2 -v uncatalog database MYDB
db2 -v catalog database MYDB at node DB2TCP1
db2 terminate
We get the Db2 port
from the Db2 OLTP
helm release service
definition
IBM Cloud47
Kubernetes resources for Db2 OLTP$ helm status db2-01 --tlsNAME db2-01LAST DEPLOYED Sun Sep 15 081114 2019NAMESPACE stock-trader-dataSTATUS DEPLOYEDRESOURCES==gt v1SecretNAME TYPE DATA AGEdb2-01-ibm-db2oltp-dev Opaque 1 1s==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
db2-01-data-stor Bound vol12 20Gi RWO 1s
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
db2-01-ibm-db2oltp-dev-db2 NodePort 100050 ltnonegt 5000030463TCP5500032236TCP 1sdb2-01-ibm-db2oltp-dev ClusterIP None ltnonegt 50000TCP55000TCP60006TCP60007TCP 1s==gt v1StatefulSetNAME DESIRED CURRENT AGE
db2-01-ibm-db2oltp-dev 1 1 1s
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdb2-01-ibm-db2oltp-dev-0 01 Init01 0 1s 1 Pod runs
the Db2
container
2 Services for
Db2 1x external
1x internal
1 StatefulSet
DESIRED = 1
1 PVC (RWO) for db
files logs amp config
1 Secret
Db2 instance
owner password
IBM Cloud48
Helm install command for deploying Db2 OLTP HADR
Setting up a Db2 OLTP v111 HADR cluster pair in 5 minutes with 1 command
helm install --name db2-02 ibm-chartsibm-db2oltp-dev
--tls
--set db2instinstname=db2inst1
--set db2instpassword=passw0rd
--set optionsdatabaseName=HADB
--set dataVolumesize=20Gi--set hadrenabled=true
Additional parameter
hadrenabled set to true to
indicate that we want a
HADR setup
IBM Cloud49
Verify that Db2 HADR is working
IBM Cloud50
Kubernetes resources for Db2 OTLP HADRNAME db2-02LAST DEPLOYED Tue Sep 17 082433 2019NAMESPACE stock-trader-dataSTATUS DEPLOYEDRESOURCES==gt v1SecretNAME TYPE DATA AGEdb2-02-ibm-db2oltp-dev Opaque 1 1s==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
db2-02-hadr-stor Bound vol09 20Gi RWX 1s
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
db2-02-ibm-db2oltp-dev-db2 NodePort 100061 ltnonegt 5000032422TCP5500032181TCP 1sdb2-02-ibm-db2oltp-dev ClusterIP None ltnonegt 50000TCP55000TCP60006TCP60007TCP 1sdb2-02-ibm-db2oltp-dev-etcd ClusterIP None ltnonegt 2380TCP2379TCP 1s==gt v1StatefulSetNAME DESIRED CURRENT AGE
db2-02-ibm-db2oltp-dev 2 2 1s
==gt v1beta2StatefulSet
db2-02-ibm-db2oltp-dev-etcd 3 0 1s
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdb2-02-ibm-db2oltp-dev-0 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-1 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-etcd-0 01 ContainerCreating 0 1sdb2-02-ibm-db2oltp-dev-etcd-1 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-etcd-2 01 Pending 0 1s
5 Pods
2x Db2 3x etcd
3 Services
2x Db2 1x etcd
2 StatefulSets
Db2 DESIRED=2
etcd DESIRED=3
1 PVC (RWX)
for HADR setup (1)
1 Secret
Db2 instance
owner password
(1) 5 addntl PVCs are being created
implicitly for 2x Db2 and 3x etcd
IBM Cloud51
Kubernetes Job to deploy SQL $ cat single04yamlapiVersion batchv1kind Jobmetadata
name db2-01-create-database-schemaspec
templatespec
containers- name db2-01-create-database-schema
image storeibmcorpdb2_developer_c11144-x86_64command [ binsh-cscriptsdb2-setupsh ]volumeMounts- name db2-createschema
mountPath scriptssecurityContext
capabilitiesadd [SYS_RESOURCE IPC_OWNER SYS_NICE]
env- name LICENSE
value accept- name DB2INSTANCE
value db2inst1- name DB2INST1_PASSWORD
valueFromsecretKeyRef
name db2-01-ibm-db2oltp-devkey password
- name DB2_SERVICE_NAMEvalue db2-01-ibm-db2oltp-dev
- name DBNAMEvalue mydb
restartPolicy Nevervolumes- name db2-createschema
configMapname db2-createschemadefaultMode 0744
backoffLimit 1---apiVersion v1data
db2-setupsh |binshexport SETUPDIR=vardb2_setupsource $SETUPDIRincludedb2_constantssource $SETUPDIRincludedb2_common_functionsif getent passwd $DB2INSTANCE gt devnull 2gtamp1 then
echo () Previous setup has not been detected Creating create_users
fiif create_instance then
exit 1fistart_db2cp scriptsdb2-createschemash databasedb2-createschemashchmod +x databasedb2-createschemashsu - $DB2INSTANCE -c databasedb2-createschemash
$DB2_SERVICE_NAME $DB2INSTANCEldquo$DB2INST1_PASSWORD $DBNAME
IBM Cloud52
Kubernetes Job to deploy SQL (contrsquod)db2-createschemash |
binshDB2_SERVICE_NAME=$1DB2INSTANCE=$2DB2INST1_PASSWORD=$3DBNAME=$4echo Configure schema for database $DBNAME on host $DB2_SERVICE_NAMEdb2 catalog tcpip node DB2NODE remote $DB2_SERVICE_NAME server 50000db2 catalog db $DBNAME as $DBNAME at node DB2NODEdb2 terminatedb2 activate database $DBNAME user $DB2INSTANCE using $DB2INST1_PASSWORDdb2 connect to $DBNAME user $DB2INSTANCE using $DB2INST1_PASSWORDsleep 2db2 -tvmf scriptsps-bp-tbspsqlsleep 10db2 -tvmf scriptsps-tablessqlecho Database $DBNAME has been configured
ps-bp-tbspsql |CREATE BUFFERPOOL BP32K PAGESIZE 32KCREATE TABLESPACE TS32 PAGESIZE 32K BUFFERPOOL BP32K
ps-tablessql |CREATE TABLE PS_TABLE(PS_TABLE_ID INTEGER NOT NULL GENERATED ALWAYS AS IDENTITY (START WITH 100000 INCREMENT BY 5) [hellip] IN TS32INSERT INTO PS_TABLE (SSNFIRST_NAMELAST_NAMEJOB_CODEDEPTSALARYDOB) WITH TEMP1 [hellip] CREATE TABLE PS_HISTORY ( FIRSTNAME VARCHAR(20) NOT NULL LASTNAME VARCHAR(20) NOT NULL JOBCODE CHAR(4) NOT NULL ) IN TS32 GRANT ALL ON ps_table TO PUBLICGRANT ALL ON ps_history TO PUBLIC
kind ConfigMapmetadata
name db2-createschema
IBM Cloud53
Deploying the Job to run the SQL
We deploy the Kubernetes job that runs the SQL on the MYDB database
$ kubectl apply ndashf single04yaml
jobbatchdb2-01-create-database-schema created
configmapdb2-createschema configured
We verify that the job has been created
$ kubectl get jobs
NAME COMPLETIONS DURATION AGE
db2-01-create-database-schema 01 0s 0s
Eventually the job completes
$ kubectl get jobs
NAME COMPLETIONS DURATION AGE
db2-01-create-database-schema 11 109s 45m
IBM Cloud54
Verifying the logs from the Job that runs the SQL on MYDBWe run a script to retrieve the logs form the job
binbash
kubectl config set-context $(kubectl config current-context) --namespace=stock-trader-data
pod=$(kubectl get pods --selector=job-name=db2-01-create-database-schema --output=jsonpath=items[]metadataname)
kubectl logs -f $pod
Output
[hellip]
DB20000I The SQL command completed successfully
GRANT ALL ON ps_table TO PUBLIC
DB20000I The SQL command completed successfully
GRANT ALL ON ps_history TO PUBLIC
DB20000I The SQL command completed successfully
Database mydb has been configured
IBM Cloud55
Deploying Data Server Manager (DSM) with the GUI
IBM Cloud56
Deploying Data Server Manager (DSM) with the GUI (2)
IBM Cloud57
Getting the URL of Data Server Manager
We need to query Kubernetes for the URL of the DSM GUI
binbash
export NODE_PORT=$(kubectl get --namespace stock-trader-data -o jsonpath=spec
ports[1]nodePort services dsm-01-ibm-dsm-dev)
export NODE_IP=$(kubectl get nodes --namespace stock-trader-data -o jsonpath=
items[0]statusaddresses[0]address)
echo https$NODE_IP$NODE_PORT
=gt https1921682710030462 (can be different on your system)
IBM Cloud58
Accessing Data Server Manager
IBM Cloud59
Data Server Manager HomepageAll Db2 OLTP instances running in the
same namespace as DSM will be auto-
discovered and monitored by DSM
IBM Cloud60
DSM Kubernetes resources (12)$ helm status dsm-01 --tlsLAST DEPLOYED Mon Sep 16 120102 2019NAMESPACE stock-trader-dataSTATUS DEPLOYED
RESOURCES==gt v1RoleBindingNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGEdsm-01-repository NodePort 1000233 ltnonegt 5000032695TCP5500032203TCP 8mdsm-01-ibm-dsm-dev NodePort 100085 ltnonegt 1108032444TCP1108130462TCP 8m
==gt v1beta1DeploymentNAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGEdsm-01-repository 1 1 1 1 8mdsm-01-ibm-dsm-dev 1 1 1 1 8m
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdsm-01-repository-76f87d47d4-dlqh4 11 Running 0 8mdsm-01-ibm-dsm-dev-b976d89bd-dflqn 22 Running 0 8m
2 RoleBindings
2 Services
1x Db2 (repodb)
1x DSM
2 Deployments
2 Pods
1 Db2 1 DSM
IBM Cloud61
DSM Kubernetes resources (22)
[hellip]==gt v1SecretNAME TYPE DATA AGEdsm-01-repository-db2-passwd Opaque 1 8mdsm-01-ibm-dsm-dev-dsm-passwd Opaque 1 8m
==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGEdsm-01-repository-data-stor Bound vol14 20Gi RWO 8mdsm-01-ibm-dsm-dev-datavolume Bound vol12 20Gi RWO 8m
==gt v1ServiceAccountNAME SECRETS AGEdsm-repodb-dsm-01-repository 1 8mdsm-dsm-01-ibm-dsm-dev 1 8m
==gt v1RoleNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
2 Secrets 1 DSM
asmin 1 Db2
instance owner
2 PVCs 1 DSM
Db2
3 Roles
IBM Cloud62
Additional Resources
IBM Cloud63
Additional Resources ndash Kubernetes Docker Helm
Kubernetes
minus httpskubernetesiodocstutorialskubernetes-basics
Kubernetes in the Enterprise eBook
minus ibmbizBdYA4i
Docker
minus httpsdocsdockercomget-started
Docker Hub
minus httpshubdockercom
Helm
minus httpshelmshdocs
IBM Cloud64
Additional Resources ndash IBM Cloud Private OpenShift
IBM Cloud Private Documentation
minus httpswwwibmcomsupportknowledgecenterenSSBS6K_320kc_welcome_containershtml
Deploy IBM Cloud Private Community Edition using Vagrant
minus httpsgithubcomIBMdeploy-ibm-cloud-privateblobmasterdocsdeploy-vagrantmd
Red Hat OpenShift Container Platform Documentation
minus httpsdocsopenshiftcomcontainer-platform41welcomeindexhtml
IBM Cloud65
Additional Resources ndash Db2 Db2Wh DSMDb2 Integration into IBM Cloud Private
minus httpsdeveloperibmcomrecipestutorialsdb2-integration-into-ibm-cloud-private
Db2 on IBM Cloud Private with Red Hat OpenShift
minus httpsdeveloperibmcomrecipestutorialsibm-db2-on-ibm-cloud-private-with-redhat-openshift
IBM Db2 Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-db2oltp-dev
IBM Data Server Manager Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-dsm-dev
Deploying Db2 Warehouse SMP using Kubernetes
minus httpswwwibmcomsupportknowledgecenterenSSCJDQcomibmswgimdashdbdocadmindeploy_kubernetes_smphtml
Deploying Db2 Warehouse SMP and MPP on IBM Cloud Pak for Data
minus httpswwwibmcomsupportknowledgecenterenSSQNUZ_210comibmicpdatadoczenadmindb-reqshtmldb-reqs__db2warehouse
IBM Cloud66
Presentation on Db2 and Docker from Db2 Aktuell 2018
IBM Cloud67
Summary
IBM Cloud68
Summary
Micro Services and Containers
Kubernetes Basics
Deploying Db2 on Kubernetes
minus Db2 OLTP Single Server
minus Db2 OLTP HADR
minus Data Server Manager (DSM)
Additional Resources
Summary
IBM Cloud69
Claus Huempel IBM Deutschland GmbH
Karl-Arnold-Platz 1a
Technical Sales Professional 40474 Duesseldorf
Hybrid Data Management Germany
Mobile +49-177-3627278
Email chuempeldeibmcom
Thank You
IBM Cloud70
IBM Cloud15
Kubernetes Basics
Kubernetes Overview
minusOpen Source Project
minus Features
minusArchitecture
Kubernetes Workloads
minus Pods and YAML
minus Controllers
Kubernetes Networking
minus Services
Kubernetes Storage
minus Volume types
minus Persistent volumes
minus Persistent volume claims
Kubernetes Security
minus Secrets
IBM Cloud Private Catalog
minusHelm Charts
minusHelm CLI
IBM Cloud16
Kubernetes ndash Open Source Project
Greek work for ldquoHelmsmanrdquo
Itrsquos Open Source - httpsgithubcomkuberneteskubernetes
Itrsquos a graduated project of Cloud Native Computing Foundation httpscncfio
Popularly known as ldquoContainer Orchestratorrdquo
It is a modern ldquoCluster Managerrdquo for automating deployment scaling and management of containerized applications
IBM Cloud17
Kubernetes ndash Features (1)
Automatic binpacking
minus Automatically places containers on nodes Mix critical and best-effort workloads in order to drive up utilization
Horizontal scaling
minus Scale application up or down with a simple command with a UI or automatically based on CPU usage
Automated rollouts and rollbacks
minus Kubernetes progressively rolls out changes to the application or its configuration while monitoring application health to ensure that it doesnrsquot kill all instances at the same time
Storage orchestration
minus Automatically mount the storage system of your choice whether from local public or SAN such as iSCSI Gluster Ceph Cinder Flocker NFS or IBM Spectrum Scale
IBM Cloud18
Kubernetes ndash Features (2)
Self-healing
minus Restart containers that fail replace and reschedules containers when nodes die kill containers that do not respond to user defined health checks
Service discovery and load balancing
minus No need to modify the application to use an unfamiliar service discovery mechanism Kubernetes gives containers their own IP addresses and a single DNS name for a set of containers
Secret and configuration management
minus Deploy and update secrets and application configuration without rebuilding your image and without exposing secrets in your stack configuration
Batch Execution
minus In addition to services Kubernetes can manage your batch and CI workloads replacing containers that fail if desired
IBM Cloud19
Kubernetes Architecture
Kubernetes Cluster
Kubelet
Worker NodeKubelet
Worker NodeKubelet
Worker Node
Master Node
API Server
Scheduler ControllerDistributed etcd
key-value datastore
Image Registry
Container -
1Container -
2Container -
3Container -
4Container -
5Container -
6Container -
7Container -
8Container -
n
Kubernetes REST API
Command
LineWeb UI
IBM Cloud20
Kubernetes WorkloadsPod ndash the basic building block for Kubernetes
Smallest and simplest unit in Kubernetes object model
Pod encapsulates an application container (or multiple containers) storage resources a unique network IP and options that govern how the container should run
Pod is a unit of deployment
Pod runs one or more containers as a unit
Docker is the container runtime used in IBM Cloud Private
One-container-per-pod model is most common use case
Kubernetes manages the pod rather than containers directly
Pods can run multiple containers that need to work together and toshare resources
Pods are designed as relatively ephemeral disposable entities
Pods do not self-heal by themselves ndash a higher level abstractiondoes this
IBM Cloud21
Kubernetes ConfigurationsCreate YAML for creating resources on KubernetesYAML ndash Yet Another Markup Language or YAML Ainrsquot Markup Language
Types of structures required in Kubernetes
minus Maps
minus Lists
YAML Maps - let you associate name value pair For example---apiVersion v1kind pod
YAML Maps ndash Create a key that maps to another map---apiVersion v1kind podmetadata
name db2labels
app db2
IBM Cloud22
Kubernetes Configurations ndash Create YAML (continued)YAML Lists are literally a sequence of objects Members in the list can also be maps
---apiVersion v1kind podmetadata
name db2labels
app db2spec
containers- name front-endimage nginxports
- containerPort 80- name db2-oltpimage storeibmcorpdb2_developer_c11144ports
- containerPort 50000
A YAML manifest has four components to define a Kubernetes resourcebull apiVersionbull kindbull metadatabull spec
IBM Cloud23
Kubernetes Workloads ndash Create a Pod
Create a nginx pod ndash icp01yaml--- Simple yaml file to create an nginx podapiVersion v1kind Podmetadata
name nginxlabels
app nginxspec
containers- name nginx
image nginx179ports- containerPort 80
Create the pod
$ kubectl apply -f icp01yaml
podnginx created
Check pod status
$ kubectl get pods
NAME READY STATUS RESTARTS AGE
nginx 11 Running 0 13s
IBM Cloud24
Kubernetes Workloads - ControllersControllers can create and manage pods for you
ReplicaSet
minus A ReplicaSet ensures that a specified number of pod replicas are running at any given time
Deployments
minus Deployment is a higher-level concept that manages ReplicaSets and provides declarative updates to pods
minus Example Create a deployment to rollout a ReplicaSet
StatefulSets
minus StatefulSets represent a set of pods with unique persistent identities and stable hostnames that are maintained regardless where they are scheduled
minus Examples Db2 Redis IBM MQ
DaemonSets
minus A DaemonSet ensures that nodes (all or some) run a copy of pod As nodes are added pods are added to them
minus Example Cluster storage daemon such as glusterd ceph logs collection on each node
Jobs CronJobs
minus A job creates one or more pods and ensures that a specified number of them successfully terminate
IBM Cloud25
Kubernetes Network - Services
Without services Pods are not visible outside the cluster
To enable communication from outside world to the Pods services are created
Internal Service Endpoints ndash Available inside the cluster only
External Service Endpoints - DNS names C-Names or A-records available to access pods
With the help of labels and selectors the services are tied to the pods
Service Types
minus ClusterIP ndash Service is reachable only from inside of the cluster
minus NodePort ndash Service is reachable through NodeIPNodePort
minus LoadBalancer ndash Service is reachable through an external load balancer mapped to NodeIPNodePort address
IBM Cloud26
Kubernetes Storage ndash Volume types
Host-based
minus EmptyDir
minus HostPath
Block Storage
minus IBM Block Storage
minus Amazon EBS
minus GCE Persistent Disk
minus vSphere Volumes
Distributed File System
minus IBM Spectrum Scale
minus NFS
minus Ceph
minus GlusterFS
minus Amazon EFS
minus Azure File System
Other
minus Flocker
minus iSCSI
minus Git Repository
minus Quobyte
IBM Cloud27
Kubernetes Storage ndash Persistence in Pods
Pods are ephemeral and stateless
Applications need persistent storage
Volumes is a way to get persistence to a Pod
Kubernetes volumes are similar to Docker volumes but are managed differently
All containers in a Pod can access the volume
Volumes are associated with the lifecycle of a Pod
Directories in a host are exposed as volumes in Pod
Volumes may be based on a variety of back-end storage types
IBM Cloud28
Kubernetes StoragePersistent volume and persistent volume claim
The Kubernetes Volume abstraction provides
minusPersistent Volume (PV) ndash Provisioned by an administrator
minusPersistent Volume Claim (PVC) ndash Requested by an user and Heketi provisions PVC ndash which creates a PV
minus Storage Class (SC) ndash Storage profiles offered by admins
Persistent
Volume
Block Storage Distributed File System IBM
Spectrum Scale
Worker Node
Pod 1 Pod 1
Persistent
Volume
Claim
IBM Cloud29
Kubernetes SecretsDecouple container with sensitive information
Secret holds sensitive information such as password OAuth tokens and more
Secret is an abstraction to decouple sensitive data
To use a secret Pod needs to reference the secret
Secret can be used in a Pod as files in a volume mounted on one or more containers or used by kubelet when pulling images for the Pod
$ kubectl -n stocktrader
create secret generic db2
--from-literal=id=db2psc
--from-literal=pwd=password
--from-literal=host=dev-ibm-db2oltp-devdefaultsvcclusterlocal
--from-literal=port=50000
--from-literal=db=PSDB
IBM Cloud30
IBM Cloud Private catalog ndash Helm Charts
Db2 chart
DSM chart
IBM Cloud31
IBM Cloud Private catalog ndash What is a Helm Chart
Helm is the package manager in IBM Cloud Private
Tiller is the server that serves the Helm content
Helm charts help to define install and upgrade software in an automated fashion
Helm charts can be deployed using GUI or command line
Software packages are available from IBM Charts Repository
Available at httpsgithubcomIBMcharts
IBM Cloud Private catalog requires internet connectivity to show available charts
In an air-gap environment you can build your own Local Charts repository
IBM Cloud32
IBM Charts Repository httpsgithubcomIBMchartstreemasterstable
Db2 chart
DSM chart
IBM Cloud33
Helm command line ndash Helm and Tiller
Helm is the client and Tiller is the server ndash runs on master node
$ helm version
Client v272+icp
Error cannot connect to Tiller
Use of --tls is required to do Helm operations
$ helm version --tls
Client v272+icp
Server v272+icp
Helm and Tiller version must be same ndash do not download Helm from Internet
IBM Cloud34
Deploying Db2 on Kubernetes
IBM Cloud35
Db2-based Containers running on Kubernetes (Sep 2019)Product Version Worker
Nodes
Pods PVCs Comments
Db2 OLTP 11144 1 1 1
Db2 OLTP HADR 11144 3 5 6 1x Db2 primary 1x Db2 standby 3x etcd for cluster
manager addntl PVC for HADR setup
Data Server
Manager
215 1 2 2 1x DSM 1x Db2 repository database
Includes Db2 111 engine
Db2 Warehouse
SMP
3100 1 1 1 Includes Db2 111 engine
Db2 Warehouse
MPP
3100 3+ 3+ 1 Includes Db2 111 engine
Requires IBM Cloud Pak for Data
Coming soon
minus Red Hat OpenShift Kubernetes support
minus Db2 v115 engine
IBM Cloud36
IBM Cloud Private Kubernetes platform
IBM Cloud37
Before deploying Db2 OLTP to Kubernetes a couple of stepsneed to be performed
Creating a new namespace (optional)
Configuring a pod security policy
Configuring an image pull secret
Configuring the service account
IBM Cloud38
Creating the Namespace for the Db2 OLTP containers
We will create new namespace where all our Pods for Db2 OLTP Db2 OLTP HADR and Data Server Manager will run
Create the namespace for example stock-trader-data
$ kubectl create namespace stock-trader-data
namespacestock-trader-data created
Switch the context to the newly created namespace
$ kubectl config set-context $(kubectl config current-context)
--namespace=stock-trader-data
Context mycluster-context modified
Verify pods There should be no pods running as we just created the namespace$ kubectl get podsNo resources found
IBM Cloud39
Configuring Pod Security Policy for Db2$ cat pre01yamlapiVersion extensionsv1beta1kind PodSecurityPolicymetadata
name db2-privilegesspec
allowPrivilegeEscalation trueprivileged falseallowedCapabilities- SETPCAP- MKNOD- AUDIT_WRITE- CHOWN- NET_RAW- DAC_OVERRIDE- FOWNER- FSETID- KILL- SETGID- SETUID- NET_BIND_SERVICE- SYS_CHROOT- SETFCAP- SYS_RESOURCE- IPC_OWNER- SYS_NICEfsGroup
rule RunAsAnyhostIPC true
hostNetwork falsehostPID falsehostPorts- max 65535
min 1runAsUser
rule RunAsAnyseLinux
rule RunAsAnysupplementalGroups
rule RunAsAnyvolumes-
Configure the pod security policy$ kubectl apply -f pre01yamlpodsecuritypolicyextensionsdb2-privileges configured
Verify the results$ kubectl get psp
db2-privileges false SETPCAPMKNODAUDIT_WRITECHOWNNET_RAWDAC_OVERRIDEFOWNERFSETIDKILLSETGIDSETUIDNET_BIND_SERVICESYS_CHROOTSETFCAPSYS_RESOURCEIPC_OWNERSYS_NICE RunAsAny RunAsAny RunAsAny RunAsAnyfalse
IBM Cloud40
Configuring Image Pull Secret for Db2
We need to create a image pull secret to give Kubernetes the credentials to pull the Db2 Developer-C and DSM images from Docker Hub
The username password and email are the credentials form Docker Hub
Note that you need to subscribe the Db2 and DSM images in Docker Hub first
Configure the image pull secret$ kubectl create secret docker-registry dockerhub
--docker-username=ltyour dockerhub usernamegt--docker-password=ltyour dockerhub passwordgt--docker-email=ltyour dockerhub emailgt--namespace=ltyour namespacegt
secretdockerhub created
Verify the result$ kubectl get secretsNAME TYPE DATA AGEdefault-token-mwvpl kubernetesioservice-account-token 3 17ddockerhub kubernetesiodockerconfigjson 1 13m
IBM Cloud41
Configuring Service Account for Db2$ more pre04yaml---kind ClusterRoleapiVersion rbacauthorizationk8siov1metadataname db2-privileges-cluster-role
rules- apiGroups [extensions]resources [podsecuritypolicies]verbs [use]resourceNames- db2-privileges
---kind ClusterRoleBindingapiVersion rbacauthorizationk8siov1metadataname db2-privileges-cluster-role-binding
roleRefkind ClusterRolename db2-privileges-cluster-roleapiGroup rbacauthorizationk8sio
subjects- kind ServiceAccountname defaultnamespace stock-trader-data
The YAML specification file that defines the cluster role and the cluster role binding for the service account
Configure the service account$ kubectl apply -f pre04yamlclusterrolerbacauthorizationk8siodb2-privileges-cluster-role createdclusterrolebindingrbacauthorizationk8siodb2-privileges-cluster-role-binding created
Verify the results$ kubectl get psp
db2-privileges false SETPCAPMKNODAUDIT_WRITECHOWNNET_RAWDAC_OVERRIDEFOWNERFSETIDKILLSETGIDSETUIDNET_BIND_SERVICESYS_CHROOTSETFCAPSYS_RESOURCEIPC_OWNERSYS_NICE RunAsAny RunAsAny RunAsAnyRunAsAny false
IBM Cloud42
Helm Charts for Db2 and DSM
IBM Cloud43
Helm install command to deploy Db2 OLTP on Kubernetes
Installing Db2 OLTP server with one database in 2 minutes
$ helm install --name db2-01 ibm-chartsibm-db2oltp-dev
--tls
--set db2instinstname=db2inst1
--set db2instpassword=passw0rd
--set optionsdatabaseName=MYDB
--set dataVolumesize=20Gi
Size of the
Db2 data
volume
Name of database that
will be created
If not specified no
database will be
created
Instance
owner name
Instance owner
password
Db2 OLTP
Helm chart
name
Helm release
name
different for each
deployment
Additional parameters available for example to enable Oracle compatibilitySee httpsgithubcomIBMchartstreemasterstableibm-db2oltp-dev
IBM Cloud44
Letrsquos verify if we can connect to the MYDB database (1)
Get list of running pods and verify that Db2 OLTP pod is running
$ kubectl get podsNAME READY STATUS RESTARTS AGEdb2-01-ibm-db2oltp-dev-0 11 Running 1 7h57m
Review the logs of the Db2 OLTP container
$ kubectl logs -f db2-01-ibm-db2oltp-dev-009152019 160430 0 0 SQL1063N DB2START processing was successfulSQL1063N DB2START processing was successful() Starting TEXT SEARCH service CIE00001 Operation completed successfullyssh-keygen generating new host keys RSA1 RSA DSA ECDSA ED25519() All databases are now active() Setup has completed
IBM Cloud45
Letrsquos verify if we can connect to the MYDB database (2)
Login to the Db2 OLTP container and connect to MYDB Db2 database
$ kubectl exec -it db2-01-ibm-db2oltp-dev-0 --binbash su - db2inst1Last login Sun Sep 15 161711 UTC 2019$ db2 connect to MYDB
Database Connection Information
Database server = DB2LINUXX8664 11144SQL authorization ID = DB2INST1Local database alias = MYDB
IBM Cloud46
Cataloging the MYDB database
We need to catalog the MYDB database to access from Db2 client
binbash
NODE_PORT=$(kubectl get --namespace stock-trader-data
-o jsonpath=specports[0]nodePort services db2-01-ibm-db2oltp-dev-db2)
echo Cataloging node db2tcp1
db2 -v uncatalog node DB2TCP1
db2 -v catalog tcpip node DB2TCP1 remote 19216827100 server $NODE_PORT
echo Cataloging database MYDB at node db2tcp1
db2 -v uncatalog database MYDB
db2 -v catalog database MYDB at node DB2TCP1
db2 terminate
We get the Db2 port
from the Db2 OLTP
helm release service
definition
IBM Cloud47
Kubernetes resources for Db2 OLTP$ helm status db2-01 --tlsNAME db2-01LAST DEPLOYED Sun Sep 15 081114 2019NAMESPACE stock-trader-dataSTATUS DEPLOYEDRESOURCES==gt v1SecretNAME TYPE DATA AGEdb2-01-ibm-db2oltp-dev Opaque 1 1s==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
db2-01-data-stor Bound vol12 20Gi RWO 1s
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
db2-01-ibm-db2oltp-dev-db2 NodePort 100050 ltnonegt 5000030463TCP5500032236TCP 1sdb2-01-ibm-db2oltp-dev ClusterIP None ltnonegt 50000TCP55000TCP60006TCP60007TCP 1s==gt v1StatefulSetNAME DESIRED CURRENT AGE
db2-01-ibm-db2oltp-dev 1 1 1s
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdb2-01-ibm-db2oltp-dev-0 01 Init01 0 1s 1 Pod runs
the Db2
container
2 Services for
Db2 1x external
1x internal
1 StatefulSet
DESIRED = 1
1 PVC (RWO) for db
files logs amp config
1 Secret
Db2 instance
owner password
IBM Cloud48
Helm install command for deploying Db2 OLTP HADR
Setting up a Db2 OLTP v111 HADR cluster pair in 5 minutes with 1 command
helm install --name db2-02 ibm-chartsibm-db2oltp-dev
--tls
--set db2instinstname=db2inst1
--set db2instpassword=passw0rd
--set optionsdatabaseName=HADB
--set dataVolumesize=20Gi--set hadrenabled=true
Additional parameter
hadrenabled set to true to
indicate that we want a
HADR setup
IBM Cloud49
Verify that Db2 HADR is working
IBM Cloud50
Kubernetes resources for Db2 OTLP HADRNAME db2-02LAST DEPLOYED Tue Sep 17 082433 2019NAMESPACE stock-trader-dataSTATUS DEPLOYEDRESOURCES==gt v1SecretNAME TYPE DATA AGEdb2-02-ibm-db2oltp-dev Opaque 1 1s==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
db2-02-hadr-stor Bound vol09 20Gi RWX 1s
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
db2-02-ibm-db2oltp-dev-db2 NodePort 100061 ltnonegt 5000032422TCP5500032181TCP 1sdb2-02-ibm-db2oltp-dev ClusterIP None ltnonegt 50000TCP55000TCP60006TCP60007TCP 1sdb2-02-ibm-db2oltp-dev-etcd ClusterIP None ltnonegt 2380TCP2379TCP 1s==gt v1StatefulSetNAME DESIRED CURRENT AGE
db2-02-ibm-db2oltp-dev 2 2 1s
==gt v1beta2StatefulSet
db2-02-ibm-db2oltp-dev-etcd 3 0 1s
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdb2-02-ibm-db2oltp-dev-0 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-1 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-etcd-0 01 ContainerCreating 0 1sdb2-02-ibm-db2oltp-dev-etcd-1 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-etcd-2 01 Pending 0 1s
5 Pods
2x Db2 3x etcd
3 Services
2x Db2 1x etcd
2 StatefulSets
Db2 DESIRED=2
etcd DESIRED=3
1 PVC (RWX)
for HADR setup (1)
1 Secret
Db2 instance
owner password
(1) 5 addntl PVCs are being created
implicitly for 2x Db2 and 3x etcd
IBM Cloud51
Kubernetes Job to deploy SQL $ cat single04yamlapiVersion batchv1kind Jobmetadata
name db2-01-create-database-schemaspec
templatespec
containers- name db2-01-create-database-schema
image storeibmcorpdb2_developer_c11144-x86_64command [ binsh-cscriptsdb2-setupsh ]volumeMounts- name db2-createschema
mountPath scriptssecurityContext
capabilitiesadd [SYS_RESOURCE IPC_OWNER SYS_NICE]
env- name LICENSE
value accept- name DB2INSTANCE
value db2inst1- name DB2INST1_PASSWORD
valueFromsecretKeyRef
name db2-01-ibm-db2oltp-devkey password
- name DB2_SERVICE_NAMEvalue db2-01-ibm-db2oltp-dev
- name DBNAMEvalue mydb
restartPolicy Nevervolumes- name db2-createschema
configMapname db2-createschemadefaultMode 0744
backoffLimit 1---apiVersion v1data
db2-setupsh |binshexport SETUPDIR=vardb2_setupsource $SETUPDIRincludedb2_constantssource $SETUPDIRincludedb2_common_functionsif getent passwd $DB2INSTANCE gt devnull 2gtamp1 then
echo () Previous setup has not been detected Creating create_users
fiif create_instance then
exit 1fistart_db2cp scriptsdb2-createschemash databasedb2-createschemashchmod +x databasedb2-createschemashsu - $DB2INSTANCE -c databasedb2-createschemash
$DB2_SERVICE_NAME $DB2INSTANCEldquo$DB2INST1_PASSWORD $DBNAME
IBM Cloud52
Kubernetes Job to deploy SQL (contrsquod)db2-createschemash |
binshDB2_SERVICE_NAME=$1DB2INSTANCE=$2DB2INST1_PASSWORD=$3DBNAME=$4echo Configure schema for database $DBNAME on host $DB2_SERVICE_NAMEdb2 catalog tcpip node DB2NODE remote $DB2_SERVICE_NAME server 50000db2 catalog db $DBNAME as $DBNAME at node DB2NODEdb2 terminatedb2 activate database $DBNAME user $DB2INSTANCE using $DB2INST1_PASSWORDdb2 connect to $DBNAME user $DB2INSTANCE using $DB2INST1_PASSWORDsleep 2db2 -tvmf scriptsps-bp-tbspsqlsleep 10db2 -tvmf scriptsps-tablessqlecho Database $DBNAME has been configured
ps-bp-tbspsql |CREATE BUFFERPOOL BP32K PAGESIZE 32KCREATE TABLESPACE TS32 PAGESIZE 32K BUFFERPOOL BP32K
ps-tablessql |CREATE TABLE PS_TABLE(PS_TABLE_ID INTEGER NOT NULL GENERATED ALWAYS AS IDENTITY (START WITH 100000 INCREMENT BY 5) [hellip] IN TS32INSERT INTO PS_TABLE (SSNFIRST_NAMELAST_NAMEJOB_CODEDEPTSALARYDOB) WITH TEMP1 [hellip] CREATE TABLE PS_HISTORY ( FIRSTNAME VARCHAR(20) NOT NULL LASTNAME VARCHAR(20) NOT NULL JOBCODE CHAR(4) NOT NULL ) IN TS32 GRANT ALL ON ps_table TO PUBLICGRANT ALL ON ps_history TO PUBLIC
kind ConfigMapmetadata
name db2-createschema
IBM Cloud53
Deploying the Job to run the SQL
We deploy the Kubernetes job that runs the SQL on the MYDB database
$ kubectl apply ndashf single04yaml
jobbatchdb2-01-create-database-schema created
configmapdb2-createschema configured
We verify that the job has been created
$ kubectl get jobs
NAME COMPLETIONS DURATION AGE
db2-01-create-database-schema 01 0s 0s
Eventually the job completes
$ kubectl get jobs
NAME COMPLETIONS DURATION AGE
db2-01-create-database-schema 11 109s 45m
IBM Cloud54
Verifying the logs from the Job that runs the SQL on MYDBWe run a script to retrieve the logs form the job
binbash
kubectl config set-context $(kubectl config current-context) --namespace=stock-trader-data
pod=$(kubectl get pods --selector=job-name=db2-01-create-database-schema --output=jsonpath=items[]metadataname)
kubectl logs -f $pod
Output
[hellip]
DB20000I The SQL command completed successfully
GRANT ALL ON ps_table TO PUBLIC
DB20000I The SQL command completed successfully
GRANT ALL ON ps_history TO PUBLIC
DB20000I The SQL command completed successfully
Database mydb has been configured
IBM Cloud55
Deploying Data Server Manager (DSM) with the GUI
IBM Cloud56
Deploying Data Server Manager (DSM) with the GUI (2)
IBM Cloud57
Getting the URL of Data Server Manager
We need to query Kubernetes for the URL of the DSM GUI
binbash
export NODE_PORT=$(kubectl get --namespace stock-trader-data -o jsonpath=spec
ports[1]nodePort services dsm-01-ibm-dsm-dev)
export NODE_IP=$(kubectl get nodes --namespace stock-trader-data -o jsonpath=
items[0]statusaddresses[0]address)
echo https$NODE_IP$NODE_PORT
=gt https1921682710030462 (can be different on your system)
IBM Cloud58
Accessing Data Server Manager
IBM Cloud59
Data Server Manager HomepageAll Db2 OLTP instances running in the
same namespace as DSM will be auto-
discovered and monitored by DSM
IBM Cloud60
DSM Kubernetes resources (12)$ helm status dsm-01 --tlsLAST DEPLOYED Mon Sep 16 120102 2019NAMESPACE stock-trader-dataSTATUS DEPLOYED
RESOURCES==gt v1RoleBindingNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGEdsm-01-repository NodePort 1000233 ltnonegt 5000032695TCP5500032203TCP 8mdsm-01-ibm-dsm-dev NodePort 100085 ltnonegt 1108032444TCP1108130462TCP 8m
==gt v1beta1DeploymentNAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGEdsm-01-repository 1 1 1 1 8mdsm-01-ibm-dsm-dev 1 1 1 1 8m
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdsm-01-repository-76f87d47d4-dlqh4 11 Running 0 8mdsm-01-ibm-dsm-dev-b976d89bd-dflqn 22 Running 0 8m
2 RoleBindings
2 Services
1x Db2 (repodb)
1x DSM
2 Deployments
2 Pods
1 Db2 1 DSM
IBM Cloud61
DSM Kubernetes resources (22)
[hellip]==gt v1SecretNAME TYPE DATA AGEdsm-01-repository-db2-passwd Opaque 1 8mdsm-01-ibm-dsm-dev-dsm-passwd Opaque 1 8m
==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGEdsm-01-repository-data-stor Bound vol14 20Gi RWO 8mdsm-01-ibm-dsm-dev-datavolume Bound vol12 20Gi RWO 8m
==gt v1ServiceAccountNAME SECRETS AGEdsm-repodb-dsm-01-repository 1 8mdsm-dsm-01-ibm-dsm-dev 1 8m
==gt v1RoleNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
2 Secrets 1 DSM
asmin 1 Db2
instance owner
2 PVCs 1 DSM
Db2
3 Roles
IBM Cloud62
Additional Resources
IBM Cloud63
Additional Resources ndash Kubernetes Docker Helm
Kubernetes
minus httpskubernetesiodocstutorialskubernetes-basics
Kubernetes in the Enterprise eBook
minus ibmbizBdYA4i
Docker
minus httpsdocsdockercomget-started
Docker Hub
minus httpshubdockercom
Helm
minus httpshelmshdocs
IBM Cloud64
Additional Resources ndash IBM Cloud Private OpenShift
IBM Cloud Private Documentation
minus httpswwwibmcomsupportknowledgecenterenSSBS6K_320kc_welcome_containershtml
Deploy IBM Cloud Private Community Edition using Vagrant
minus httpsgithubcomIBMdeploy-ibm-cloud-privateblobmasterdocsdeploy-vagrantmd
Red Hat OpenShift Container Platform Documentation
minus httpsdocsopenshiftcomcontainer-platform41welcomeindexhtml
IBM Cloud65
Additional Resources ndash Db2 Db2Wh DSMDb2 Integration into IBM Cloud Private
minus httpsdeveloperibmcomrecipestutorialsdb2-integration-into-ibm-cloud-private
Db2 on IBM Cloud Private with Red Hat OpenShift
minus httpsdeveloperibmcomrecipestutorialsibm-db2-on-ibm-cloud-private-with-redhat-openshift
IBM Db2 Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-db2oltp-dev
IBM Data Server Manager Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-dsm-dev
Deploying Db2 Warehouse SMP using Kubernetes
minus httpswwwibmcomsupportknowledgecenterenSSCJDQcomibmswgimdashdbdocadmindeploy_kubernetes_smphtml
Deploying Db2 Warehouse SMP and MPP on IBM Cloud Pak for Data
minus httpswwwibmcomsupportknowledgecenterenSSQNUZ_210comibmicpdatadoczenadmindb-reqshtmldb-reqs__db2warehouse
IBM Cloud66
Presentation on Db2 and Docker from Db2 Aktuell 2018
IBM Cloud67
Summary
IBM Cloud68
Summary
Micro Services and Containers
Kubernetes Basics
Deploying Db2 on Kubernetes
minus Db2 OLTP Single Server
minus Db2 OLTP HADR
minus Data Server Manager (DSM)
Additional Resources
Summary
IBM Cloud69
Claus Huempel IBM Deutschland GmbH
Karl-Arnold-Platz 1a
Technical Sales Professional 40474 Duesseldorf
Hybrid Data Management Germany
Mobile +49-177-3627278
Email chuempeldeibmcom
Thank You
IBM Cloud70
IBM Cloud16
Kubernetes ndash Open Source Project
Greek work for ldquoHelmsmanrdquo
Itrsquos Open Source - httpsgithubcomkuberneteskubernetes
Itrsquos a graduated project of Cloud Native Computing Foundation httpscncfio
Popularly known as ldquoContainer Orchestratorrdquo
It is a modern ldquoCluster Managerrdquo for automating deployment scaling and management of containerized applications
IBM Cloud17
Kubernetes ndash Features (1)
Automatic binpacking
minus Automatically places containers on nodes Mix critical and best-effort workloads in order to drive up utilization
Horizontal scaling
minus Scale application up or down with a simple command with a UI or automatically based on CPU usage
Automated rollouts and rollbacks
minus Kubernetes progressively rolls out changes to the application or its configuration while monitoring application health to ensure that it doesnrsquot kill all instances at the same time
Storage orchestration
minus Automatically mount the storage system of your choice whether from local public or SAN such as iSCSI Gluster Ceph Cinder Flocker NFS or IBM Spectrum Scale
IBM Cloud18
Kubernetes ndash Features (2)
Self-healing
minus Restart containers that fail replace and reschedules containers when nodes die kill containers that do not respond to user defined health checks
Service discovery and load balancing
minus No need to modify the application to use an unfamiliar service discovery mechanism Kubernetes gives containers their own IP addresses and a single DNS name for a set of containers
Secret and configuration management
minus Deploy and update secrets and application configuration without rebuilding your image and without exposing secrets in your stack configuration
Batch Execution
minus In addition to services Kubernetes can manage your batch and CI workloads replacing containers that fail if desired
IBM Cloud19
Kubernetes Architecture
Kubernetes Cluster
Kubelet
Worker NodeKubelet
Worker NodeKubelet
Worker Node
Master Node
API Server
Scheduler ControllerDistributed etcd
key-value datastore
Image Registry
Container -
1Container -
2Container -
3Container -
4Container -
5Container -
6Container -
7Container -
8Container -
n
Kubernetes REST API
Command
LineWeb UI
IBM Cloud20
Kubernetes WorkloadsPod ndash the basic building block for Kubernetes
Smallest and simplest unit in Kubernetes object model
Pod encapsulates an application container (or multiple containers) storage resources a unique network IP and options that govern how the container should run
Pod is a unit of deployment
Pod runs one or more containers as a unit
Docker is the container runtime used in IBM Cloud Private
One-container-per-pod model is most common use case
Kubernetes manages the pod rather than containers directly
Pods can run multiple containers that need to work together and toshare resources
Pods are designed as relatively ephemeral disposable entities
Pods do not self-heal by themselves ndash a higher level abstractiondoes this
IBM Cloud21
Kubernetes ConfigurationsCreate YAML for creating resources on KubernetesYAML ndash Yet Another Markup Language or YAML Ainrsquot Markup Language
Types of structures required in Kubernetes
minus Maps
minus Lists
YAML Maps - let you associate name value pair For example---apiVersion v1kind pod
YAML Maps ndash Create a key that maps to another map---apiVersion v1kind podmetadata
name db2labels
app db2
IBM Cloud22
Kubernetes Configurations ndash Create YAML (continued)YAML Lists are literally a sequence of objects Members in the list can also be maps
---apiVersion v1kind podmetadata
name db2labels
app db2spec
containers- name front-endimage nginxports
- containerPort 80- name db2-oltpimage storeibmcorpdb2_developer_c11144ports
- containerPort 50000
A YAML manifest has four components to define a Kubernetes resourcebull apiVersionbull kindbull metadatabull spec
IBM Cloud23
Kubernetes Workloads ndash Create a Pod
Create a nginx pod ndash icp01yaml--- Simple yaml file to create an nginx podapiVersion v1kind Podmetadata
name nginxlabels
app nginxspec
containers- name nginx
image nginx179ports- containerPort 80
Create the pod
$ kubectl apply -f icp01yaml
podnginx created
Check pod status
$ kubectl get pods
NAME READY STATUS RESTARTS AGE
nginx 11 Running 0 13s
IBM Cloud24
Kubernetes Workloads - ControllersControllers can create and manage pods for you
ReplicaSet
minus A ReplicaSet ensures that a specified number of pod replicas are running at any given time
Deployments
minus Deployment is a higher-level concept that manages ReplicaSets and provides declarative updates to pods
minus Example Create a deployment to rollout a ReplicaSet
StatefulSets
minus StatefulSets represent a set of pods with unique persistent identities and stable hostnames that are maintained regardless where they are scheduled
minus Examples Db2 Redis IBM MQ
DaemonSets
minus A DaemonSet ensures that nodes (all or some) run a copy of pod As nodes are added pods are added to them
minus Example Cluster storage daemon such as glusterd ceph logs collection on each node
Jobs CronJobs
minus A job creates one or more pods and ensures that a specified number of them successfully terminate
IBM Cloud25
Kubernetes Network - Services
Without services Pods are not visible outside the cluster
To enable communication from outside world to the Pods services are created
Internal Service Endpoints ndash Available inside the cluster only
External Service Endpoints - DNS names C-Names or A-records available to access pods
With the help of labels and selectors the services are tied to the pods
Service Types
minus ClusterIP ndash Service is reachable only from inside of the cluster
minus NodePort ndash Service is reachable through NodeIPNodePort
minus LoadBalancer ndash Service is reachable through an external load balancer mapped to NodeIPNodePort address
IBM Cloud26
Kubernetes Storage ndash Volume types
Host-based
minus EmptyDir
minus HostPath
Block Storage
minus IBM Block Storage
minus Amazon EBS
minus GCE Persistent Disk
minus vSphere Volumes
Distributed File System
minus IBM Spectrum Scale
minus NFS
minus Ceph
minus GlusterFS
minus Amazon EFS
minus Azure File System
Other
minus Flocker
minus iSCSI
minus Git Repository
minus Quobyte
IBM Cloud27
Kubernetes Storage ndash Persistence in Pods
Pods are ephemeral and stateless
Applications need persistent storage
Volumes is a way to get persistence to a Pod
Kubernetes volumes are similar to Docker volumes but are managed differently
All containers in a Pod can access the volume
Volumes are associated with the lifecycle of a Pod
Directories in a host are exposed as volumes in Pod
Volumes may be based on a variety of back-end storage types
IBM Cloud28
Kubernetes StoragePersistent volume and persistent volume claim
The Kubernetes Volume abstraction provides
minusPersistent Volume (PV) ndash Provisioned by an administrator
minusPersistent Volume Claim (PVC) ndash Requested by an user and Heketi provisions PVC ndash which creates a PV
minus Storage Class (SC) ndash Storage profiles offered by admins
Persistent
Volume
Block Storage Distributed File System IBM
Spectrum Scale
Worker Node
Pod 1 Pod 1
Persistent
Volume
Claim
IBM Cloud29
Kubernetes SecretsDecouple container with sensitive information
Secret holds sensitive information such as password OAuth tokens and more
Secret is an abstraction to decouple sensitive data
To use a secret Pod needs to reference the secret
Secret can be used in a Pod as files in a volume mounted on one or more containers or used by kubelet when pulling images for the Pod
$ kubectl -n stocktrader
create secret generic db2
--from-literal=id=db2psc
--from-literal=pwd=password
--from-literal=host=dev-ibm-db2oltp-devdefaultsvcclusterlocal
--from-literal=port=50000
--from-literal=db=PSDB
IBM Cloud30
IBM Cloud Private catalog ndash Helm Charts
Db2 chart
DSM chart
IBM Cloud31
IBM Cloud Private catalog ndash What is a Helm Chart
Helm is the package manager in IBM Cloud Private
Tiller is the server that serves the Helm content
Helm charts help to define install and upgrade software in an automated fashion
Helm charts can be deployed using GUI or command line
Software packages are available from IBM Charts Repository
Available at httpsgithubcomIBMcharts
IBM Cloud Private catalog requires internet connectivity to show available charts
In an air-gap environment you can build your own Local Charts repository
IBM Cloud32
IBM Charts Repository httpsgithubcomIBMchartstreemasterstable
Db2 chart
DSM chart
IBM Cloud33
Helm command line ndash Helm and Tiller
Helm is the client and Tiller is the server ndash runs on master node
$ helm version
Client v272+icp
Error cannot connect to Tiller
Use of --tls is required to do Helm operations
$ helm version --tls
Client v272+icp
Server v272+icp
Helm and Tiller version must be same ndash do not download Helm from Internet
IBM Cloud34
Deploying Db2 on Kubernetes
IBM Cloud35
Db2-based Containers running on Kubernetes (Sep 2019)Product Version Worker
Nodes
Pods PVCs Comments
Db2 OLTP 11144 1 1 1
Db2 OLTP HADR 11144 3 5 6 1x Db2 primary 1x Db2 standby 3x etcd for cluster
manager addntl PVC for HADR setup
Data Server
Manager
215 1 2 2 1x DSM 1x Db2 repository database
Includes Db2 111 engine
Db2 Warehouse
SMP
3100 1 1 1 Includes Db2 111 engine
Db2 Warehouse
MPP
3100 3+ 3+ 1 Includes Db2 111 engine
Requires IBM Cloud Pak for Data
Coming soon
minus Red Hat OpenShift Kubernetes support
minus Db2 v115 engine
IBM Cloud36
IBM Cloud Private Kubernetes platform
IBM Cloud37
Before deploying Db2 OLTP to Kubernetes a couple of stepsneed to be performed
Creating a new namespace (optional)
Configuring a pod security policy
Configuring an image pull secret
Configuring the service account
IBM Cloud38
Creating the Namespace for the Db2 OLTP containers
We will create new namespace where all our Pods for Db2 OLTP Db2 OLTP HADR and Data Server Manager will run
Create the namespace for example stock-trader-data
$ kubectl create namespace stock-trader-data
namespacestock-trader-data created
Switch the context to the newly created namespace
$ kubectl config set-context $(kubectl config current-context)
--namespace=stock-trader-data
Context mycluster-context modified
Verify pods There should be no pods running as we just created the namespace$ kubectl get podsNo resources found
IBM Cloud39
Configuring Pod Security Policy for Db2$ cat pre01yamlapiVersion extensionsv1beta1kind PodSecurityPolicymetadata
name db2-privilegesspec
allowPrivilegeEscalation trueprivileged falseallowedCapabilities- SETPCAP- MKNOD- AUDIT_WRITE- CHOWN- NET_RAW- DAC_OVERRIDE- FOWNER- FSETID- KILL- SETGID- SETUID- NET_BIND_SERVICE- SYS_CHROOT- SETFCAP- SYS_RESOURCE- IPC_OWNER- SYS_NICEfsGroup
rule RunAsAnyhostIPC true
hostNetwork falsehostPID falsehostPorts- max 65535
min 1runAsUser
rule RunAsAnyseLinux
rule RunAsAnysupplementalGroups
rule RunAsAnyvolumes-
Configure the pod security policy$ kubectl apply -f pre01yamlpodsecuritypolicyextensionsdb2-privileges configured
Verify the results$ kubectl get psp
db2-privileges false SETPCAPMKNODAUDIT_WRITECHOWNNET_RAWDAC_OVERRIDEFOWNERFSETIDKILLSETGIDSETUIDNET_BIND_SERVICESYS_CHROOTSETFCAPSYS_RESOURCEIPC_OWNERSYS_NICE RunAsAny RunAsAny RunAsAny RunAsAnyfalse
IBM Cloud40
Configuring Image Pull Secret for Db2
We need to create a image pull secret to give Kubernetes the credentials to pull the Db2 Developer-C and DSM images from Docker Hub
The username password and email are the credentials form Docker Hub
Note that you need to subscribe the Db2 and DSM images in Docker Hub first
Configure the image pull secret$ kubectl create secret docker-registry dockerhub
--docker-username=ltyour dockerhub usernamegt--docker-password=ltyour dockerhub passwordgt--docker-email=ltyour dockerhub emailgt--namespace=ltyour namespacegt
secretdockerhub created
Verify the result$ kubectl get secretsNAME TYPE DATA AGEdefault-token-mwvpl kubernetesioservice-account-token 3 17ddockerhub kubernetesiodockerconfigjson 1 13m
IBM Cloud41
Configuring Service Account for Db2$ more pre04yaml---kind ClusterRoleapiVersion rbacauthorizationk8siov1metadataname db2-privileges-cluster-role
rules- apiGroups [extensions]resources [podsecuritypolicies]verbs [use]resourceNames- db2-privileges
---kind ClusterRoleBindingapiVersion rbacauthorizationk8siov1metadataname db2-privileges-cluster-role-binding
roleRefkind ClusterRolename db2-privileges-cluster-roleapiGroup rbacauthorizationk8sio
subjects- kind ServiceAccountname defaultnamespace stock-trader-data
The YAML specification file that defines the cluster role and the cluster role binding for the service account
Configure the service account$ kubectl apply -f pre04yamlclusterrolerbacauthorizationk8siodb2-privileges-cluster-role createdclusterrolebindingrbacauthorizationk8siodb2-privileges-cluster-role-binding created
Verify the results$ kubectl get psp
db2-privileges false SETPCAPMKNODAUDIT_WRITECHOWNNET_RAWDAC_OVERRIDEFOWNERFSETIDKILLSETGIDSETUIDNET_BIND_SERVICESYS_CHROOTSETFCAPSYS_RESOURCEIPC_OWNERSYS_NICE RunAsAny RunAsAny RunAsAnyRunAsAny false
IBM Cloud42
Helm Charts for Db2 and DSM
IBM Cloud43
Helm install command to deploy Db2 OLTP on Kubernetes
Installing Db2 OLTP server with one database in 2 minutes
$ helm install --name db2-01 ibm-chartsibm-db2oltp-dev
--tls
--set db2instinstname=db2inst1
--set db2instpassword=passw0rd
--set optionsdatabaseName=MYDB
--set dataVolumesize=20Gi
Size of the
Db2 data
volume
Name of database that
will be created
If not specified no
database will be
created
Instance
owner name
Instance owner
password
Db2 OLTP
Helm chart
name
Helm release
name
different for each
deployment
Additional parameters available for example to enable Oracle compatibilitySee httpsgithubcomIBMchartstreemasterstableibm-db2oltp-dev
IBM Cloud44
Letrsquos verify if we can connect to the MYDB database (1)
Get list of running pods and verify that Db2 OLTP pod is running
$ kubectl get podsNAME READY STATUS RESTARTS AGEdb2-01-ibm-db2oltp-dev-0 11 Running 1 7h57m
Review the logs of the Db2 OLTP container
$ kubectl logs -f db2-01-ibm-db2oltp-dev-009152019 160430 0 0 SQL1063N DB2START processing was successfulSQL1063N DB2START processing was successful() Starting TEXT SEARCH service CIE00001 Operation completed successfullyssh-keygen generating new host keys RSA1 RSA DSA ECDSA ED25519() All databases are now active() Setup has completed
IBM Cloud45
Letrsquos verify if we can connect to the MYDB database (2)
Login to the Db2 OLTP container and connect to MYDB Db2 database
$ kubectl exec -it db2-01-ibm-db2oltp-dev-0 --binbash su - db2inst1Last login Sun Sep 15 161711 UTC 2019$ db2 connect to MYDB
Database Connection Information
Database server = DB2LINUXX8664 11144SQL authorization ID = DB2INST1Local database alias = MYDB
IBM Cloud46
Cataloging the MYDB database
We need to catalog the MYDB database to access from Db2 client
binbash
NODE_PORT=$(kubectl get --namespace stock-trader-data
-o jsonpath=specports[0]nodePort services db2-01-ibm-db2oltp-dev-db2)
echo Cataloging node db2tcp1
db2 -v uncatalog node DB2TCP1
db2 -v catalog tcpip node DB2TCP1 remote 19216827100 server $NODE_PORT
echo Cataloging database MYDB at node db2tcp1
db2 -v uncatalog database MYDB
db2 -v catalog database MYDB at node DB2TCP1
db2 terminate
We get the Db2 port
from the Db2 OLTP
helm release service
definition
IBM Cloud47
Kubernetes resources for Db2 OLTP$ helm status db2-01 --tlsNAME db2-01LAST DEPLOYED Sun Sep 15 081114 2019NAMESPACE stock-trader-dataSTATUS DEPLOYEDRESOURCES==gt v1SecretNAME TYPE DATA AGEdb2-01-ibm-db2oltp-dev Opaque 1 1s==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
db2-01-data-stor Bound vol12 20Gi RWO 1s
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
db2-01-ibm-db2oltp-dev-db2 NodePort 100050 ltnonegt 5000030463TCP5500032236TCP 1sdb2-01-ibm-db2oltp-dev ClusterIP None ltnonegt 50000TCP55000TCP60006TCP60007TCP 1s==gt v1StatefulSetNAME DESIRED CURRENT AGE
db2-01-ibm-db2oltp-dev 1 1 1s
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdb2-01-ibm-db2oltp-dev-0 01 Init01 0 1s 1 Pod runs
the Db2
container
2 Services for
Db2 1x external
1x internal
1 StatefulSet
DESIRED = 1
1 PVC (RWO) for db
files logs amp config
1 Secret
Db2 instance
owner password
IBM Cloud48
Helm install command for deploying Db2 OLTP HADR
Setting up a Db2 OLTP v111 HADR cluster pair in 5 minutes with 1 command
helm install --name db2-02 ibm-chartsibm-db2oltp-dev
--tls
--set db2instinstname=db2inst1
--set db2instpassword=passw0rd
--set optionsdatabaseName=HADB
--set dataVolumesize=20Gi--set hadrenabled=true
Additional parameter
hadrenabled set to true to
indicate that we want a
HADR setup
IBM Cloud49
Verify that Db2 HADR is working
IBM Cloud50
Kubernetes resources for Db2 OTLP HADRNAME db2-02LAST DEPLOYED Tue Sep 17 082433 2019NAMESPACE stock-trader-dataSTATUS DEPLOYEDRESOURCES==gt v1SecretNAME TYPE DATA AGEdb2-02-ibm-db2oltp-dev Opaque 1 1s==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
db2-02-hadr-stor Bound vol09 20Gi RWX 1s
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
db2-02-ibm-db2oltp-dev-db2 NodePort 100061 ltnonegt 5000032422TCP5500032181TCP 1sdb2-02-ibm-db2oltp-dev ClusterIP None ltnonegt 50000TCP55000TCP60006TCP60007TCP 1sdb2-02-ibm-db2oltp-dev-etcd ClusterIP None ltnonegt 2380TCP2379TCP 1s==gt v1StatefulSetNAME DESIRED CURRENT AGE
db2-02-ibm-db2oltp-dev 2 2 1s
==gt v1beta2StatefulSet
db2-02-ibm-db2oltp-dev-etcd 3 0 1s
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdb2-02-ibm-db2oltp-dev-0 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-1 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-etcd-0 01 ContainerCreating 0 1sdb2-02-ibm-db2oltp-dev-etcd-1 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-etcd-2 01 Pending 0 1s
5 Pods
2x Db2 3x etcd
3 Services
2x Db2 1x etcd
2 StatefulSets
Db2 DESIRED=2
etcd DESIRED=3
1 PVC (RWX)
for HADR setup (1)
1 Secret
Db2 instance
owner password
(1) 5 addntl PVCs are being created
implicitly for 2x Db2 and 3x etcd
IBM Cloud51
Kubernetes Job to deploy SQL $ cat single04yamlapiVersion batchv1kind Jobmetadata
name db2-01-create-database-schemaspec
templatespec
containers- name db2-01-create-database-schema
image storeibmcorpdb2_developer_c11144-x86_64command [ binsh-cscriptsdb2-setupsh ]volumeMounts- name db2-createschema
mountPath scriptssecurityContext
capabilitiesadd [SYS_RESOURCE IPC_OWNER SYS_NICE]
env- name LICENSE
value accept- name DB2INSTANCE
value db2inst1- name DB2INST1_PASSWORD
valueFromsecretKeyRef
name db2-01-ibm-db2oltp-devkey password
- name DB2_SERVICE_NAMEvalue db2-01-ibm-db2oltp-dev
- name DBNAMEvalue mydb
restartPolicy Nevervolumes- name db2-createschema
configMapname db2-createschemadefaultMode 0744
backoffLimit 1---apiVersion v1data
db2-setupsh |binshexport SETUPDIR=vardb2_setupsource $SETUPDIRincludedb2_constantssource $SETUPDIRincludedb2_common_functionsif getent passwd $DB2INSTANCE gt devnull 2gtamp1 then
echo () Previous setup has not been detected Creating create_users
fiif create_instance then
exit 1fistart_db2cp scriptsdb2-createschemash databasedb2-createschemashchmod +x databasedb2-createschemashsu - $DB2INSTANCE -c databasedb2-createschemash
$DB2_SERVICE_NAME $DB2INSTANCEldquo$DB2INST1_PASSWORD $DBNAME
IBM Cloud52
Kubernetes Job to deploy SQL (contrsquod)db2-createschemash |
binshDB2_SERVICE_NAME=$1DB2INSTANCE=$2DB2INST1_PASSWORD=$3DBNAME=$4echo Configure schema for database $DBNAME on host $DB2_SERVICE_NAMEdb2 catalog tcpip node DB2NODE remote $DB2_SERVICE_NAME server 50000db2 catalog db $DBNAME as $DBNAME at node DB2NODEdb2 terminatedb2 activate database $DBNAME user $DB2INSTANCE using $DB2INST1_PASSWORDdb2 connect to $DBNAME user $DB2INSTANCE using $DB2INST1_PASSWORDsleep 2db2 -tvmf scriptsps-bp-tbspsqlsleep 10db2 -tvmf scriptsps-tablessqlecho Database $DBNAME has been configured
ps-bp-tbspsql |CREATE BUFFERPOOL BP32K PAGESIZE 32KCREATE TABLESPACE TS32 PAGESIZE 32K BUFFERPOOL BP32K
ps-tablessql |CREATE TABLE PS_TABLE(PS_TABLE_ID INTEGER NOT NULL GENERATED ALWAYS AS IDENTITY (START WITH 100000 INCREMENT BY 5) [hellip] IN TS32INSERT INTO PS_TABLE (SSNFIRST_NAMELAST_NAMEJOB_CODEDEPTSALARYDOB) WITH TEMP1 [hellip] CREATE TABLE PS_HISTORY ( FIRSTNAME VARCHAR(20) NOT NULL LASTNAME VARCHAR(20) NOT NULL JOBCODE CHAR(4) NOT NULL ) IN TS32 GRANT ALL ON ps_table TO PUBLICGRANT ALL ON ps_history TO PUBLIC
kind ConfigMapmetadata
name db2-createschema
IBM Cloud53
Deploying the Job to run the SQL
We deploy the Kubernetes job that runs the SQL on the MYDB database
$ kubectl apply ndashf single04yaml
jobbatchdb2-01-create-database-schema created
configmapdb2-createschema configured
We verify that the job has been created
$ kubectl get jobs
NAME COMPLETIONS DURATION AGE
db2-01-create-database-schema 01 0s 0s
Eventually the job completes
$ kubectl get jobs
NAME COMPLETIONS DURATION AGE
db2-01-create-database-schema 11 109s 45m
IBM Cloud54
Verifying the logs from the Job that runs the SQL on MYDBWe run a script to retrieve the logs form the job
binbash
kubectl config set-context $(kubectl config current-context) --namespace=stock-trader-data
pod=$(kubectl get pods --selector=job-name=db2-01-create-database-schema --output=jsonpath=items[]metadataname)
kubectl logs -f $pod
Output
[hellip]
DB20000I The SQL command completed successfully
GRANT ALL ON ps_table TO PUBLIC
DB20000I The SQL command completed successfully
GRANT ALL ON ps_history TO PUBLIC
DB20000I The SQL command completed successfully
Database mydb has been configured
IBM Cloud55
Deploying Data Server Manager (DSM) with the GUI
IBM Cloud56
Deploying Data Server Manager (DSM) with the GUI (2)
IBM Cloud57
Getting the URL of Data Server Manager
We need to query Kubernetes for the URL of the DSM GUI
binbash
export NODE_PORT=$(kubectl get --namespace stock-trader-data -o jsonpath=spec
ports[1]nodePort services dsm-01-ibm-dsm-dev)
export NODE_IP=$(kubectl get nodes --namespace stock-trader-data -o jsonpath=
items[0]statusaddresses[0]address)
echo https$NODE_IP$NODE_PORT
=gt https1921682710030462 (can be different on your system)
IBM Cloud58
Accessing Data Server Manager
IBM Cloud59
Data Server Manager HomepageAll Db2 OLTP instances running in the
same namespace as DSM will be auto-
discovered and monitored by DSM
IBM Cloud60
DSM Kubernetes resources (12)$ helm status dsm-01 --tlsLAST DEPLOYED Mon Sep 16 120102 2019NAMESPACE stock-trader-dataSTATUS DEPLOYED
RESOURCES==gt v1RoleBindingNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGEdsm-01-repository NodePort 1000233 ltnonegt 5000032695TCP5500032203TCP 8mdsm-01-ibm-dsm-dev NodePort 100085 ltnonegt 1108032444TCP1108130462TCP 8m
==gt v1beta1DeploymentNAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGEdsm-01-repository 1 1 1 1 8mdsm-01-ibm-dsm-dev 1 1 1 1 8m
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdsm-01-repository-76f87d47d4-dlqh4 11 Running 0 8mdsm-01-ibm-dsm-dev-b976d89bd-dflqn 22 Running 0 8m
2 RoleBindings
2 Services
1x Db2 (repodb)
1x DSM
2 Deployments
2 Pods
1 Db2 1 DSM
IBM Cloud61
DSM Kubernetes resources (22)
[hellip]==gt v1SecretNAME TYPE DATA AGEdsm-01-repository-db2-passwd Opaque 1 8mdsm-01-ibm-dsm-dev-dsm-passwd Opaque 1 8m
==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGEdsm-01-repository-data-stor Bound vol14 20Gi RWO 8mdsm-01-ibm-dsm-dev-datavolume Bound vol12 20Gi RWO 8m
==gt v1ServiceAccountNAME SECRETS AGEdsm-repodb-dsm-01-repository 1 8mdsm-dsm-01-ibm-dsm-dev 1 8m
==gt v1RoleNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
2 Secrets 1 DSM
asmin 1 Db2
instance owner
2 PVCs 1 DSM
Db2
3 Roles
IBM Cloud62
Additional Resources
IBM Cloud63
Additional Resources ndash Kubernetes Docker Helm
Kubernetes
minus httpskubernetesiodocstutorialskubernetes-basics
Kubernetes in the Enterprise eBook
minus ibmbizBdYA4i
Docker
minus httpsdocsdockercomget-started
Docker Hub
minus httpshubdockercom
Helm
minus httpshelmshdocs
IBM Cloud64
Additional Resources ndash IBM Cloud Private OpenShift
IBM Cloud Private Documentation
minus httpswwwibmcomsupportknowledgecenterenSSBS6K_320kc_welcome_containershtml
Deploy IBM Cloud Private Community Edition using Vagrant
minus httpsgithubcomIBMdeploy-ibm-cloud-privateblobmasterdocsdeploy-vagrantmd
Red Hat OpenShift Container Platform Documentation
minus httpsdocsopenshiftcomcontainer-platform41welcomeindexhtml
IBM Cloud65
Additional Resources ndash Db2 Db2Wh DSMDb2 Integration into IBM Cloud Private
minus httpsdeveloperibmcomrecipestutorialsdb2-integration-into-ibm-cloud-private
Db2 on IBM Cloud Private with Red Hat OpenShift
minus httpsdeveloperibmcomrecipestutorialsibm-db2-on-ibm-cloud-private-with-redhat-openshift
IBM Db2 Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-db2oltp-dev
IBM Data Server Manager Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-dsm-dev
Deploying Db2 Warehouse SMP using Kubernetes
minus httpswwwibmcomsupportknowledgecenterenSSCJDQcomibmswgimdashdbdocadmindeploy_kubernetes_smphtml
Deploying Db2 Warehouse SMP and MPP on IBM Cloud Pak for Data
minus httpswwwibmcomsupportknowledgecenterenSSQNUZ_210comibmicpdatadoczenadmindb-reqshtmldb-reqs__db2warehouse
IBM Cloud66
Presentation on Db2 and Docker from Db2 Aktuell 2018
IBM Cloud67
Summary
IBM Cloud68
Summary
Micro Services and Containers
Kubernetes Basics
Deploying Db2 on Kubernetes
minus Db2 OLTP Single Server
minus Db2 OLTP HADR
minus Data Server Manager (DSM)
Additional Resources
Summary
IBM Cloud69
Claus Huempel IBM Deutschland GmbH
Karl-Arnold-Platz 1a
Technical Sales Professional 40474 Duesseldorf
Hybrid Data Management Germany
Mobile +49-177-3627278
Email chuempeldeibmcom
Thank You
IBM Cloud70
IBM Cloud17
Kubernetes ndash Features (1)
Automatic binpacking
minus Automatically places containers on nodes Mix critical and best-effort workloads in order to drive up utilization
Horizontal scaling
minus Scale application up or down with a simple command with a UI or automatically based on CPU usage
Automated rollouts and rollbacks
minus Kubernetes progressively rolls out changes to the application or its configuration while monitoring application health to ensure that it doesnrsquot kill all instances at the same time
Storage orchestration
minus Automatically mount the storage system of your choice whether from local public or SAN such as iSCSI Gluster Ceph Cinder Flocker NFS or IBM Spectrum Scale
IBM Cloud18
Kubernetes ndash Features (2)
Self-healing
minus Restart containers that fail replace and reschedules containers when nodes die kill containers that do not respond to user defined health checks
Service discovery and load balancing
minus No need to modify the application to use an unfamiliar service discovery mechanism Kubernetes gives containers their own IP addresses and a single DNS name for a set of containers
Secret and configuration management
minus Deploy and update secrets and application configuration without rebuilding your image and without exposing secrets in your stack configuration
Batch Execution
minus In addition to services Kubernetes can manage your batch and CI workloads replacing containers that fail if desired
IBM Cloud19
Kubernetes Architecture
Kubernetes Cluster
Kubelet
Worker NodeKubelet
Worker NodeKubelet
Worker Node
Master Node
API Server
Scheduler ControllerDistributed etcd
key-value datastore
Image Registry
Container -
1Container -
2Container -
3Container -
4Container -
5Container -
6Container -
7Container -
8Container -
n
Kubernetes REST API
Command
LineWeb UI
IBM Cloud20
Kubernetes WorkloadsPod ndash the basic building block for Kubernetes
Smallest and simplest unit in Kubernetes object model
Pod encapsulates an application container (or multiple containers) storage resources a unique network IP and options that govern how the container should run
Pod is a unit of deployment
Pod runs one or more containers as a unit
Docker is the container runtime used in IBM Cloud Private
One-container-per-pod model is most common use case
Kubernetes manages the pod rather than containers directly
Pods can run multiple containers that need to work together and toshare resources
Pods are designed as relatively ephemeral disposable entities
Pods do not self-heal by themselves ndash a higher level abstractiondoes this
IBM Cloud21
Kubernetes ConfigurationsCreate YAML for creating resources on KubernetesYAML ndash Yet Another Markup Language or YAML Ainrsquot Markup Language
Types of structures required in Kubernetes
minus Maps
minus Lists
YAML Maps - let you associate name value pair For example---apiVersion v1kind pod
YAML Maps ndash Create a key that maps to another map---apiVersion v1kind podmetadata
name db2labels
app db2
IBM Cloud22
Kubernetes Configurations ndash Create YAML (continued)YAML Lists are literally a sequence of objects Members in the list can also be maps
---apiVersion v1kind podmetadata
name db2labels
app db2spec
containers- name front-endimage nginxports
- containerPort 80- name db2-oltpimage storeibmcorpdb2_developer_c11144ports
- containerPort 50000
A YAML manifest has four components to define a Kubernetes resourcebull apiVersionbull kindbull metadatabull spec
IBM Cloud23
Kubernetes Workloads ndash Create a Pod
Create a nginx pod ndash icp01yaml--- Simple yaml file to create an nginx podapiVersion v1kind Podmetadata
name nginxlabels
app nginxspec
containers- name nginx
image nginx179ports- containerPort 80
Create the pod
$ kubectl apply -f icp01yaml
podnginx created
Check pod status
$ kubectl get pods
NAME READY STATUS RESTARTS AGE
nginx 11 Running 0 13s
IBM Cloud24
Kubernetes Workloads - ControllersControllers can create and manage pods for you
ReplicaSet
minus A ReplicaSet ensures that a specified number of pod replicas are running at any given time
Deployments
minus Deployment is a higher-level concept that manages ReplicaSets and provides declarative updates to pods
minus Example Create a deployment to rollout a ReplicaSet
StatefulSets
minus StatefulSets represent a set of pods with unique persistent identities and stable hostnames that are maintained regardless where they are scheduled
minus Examples Db2 Redis IBM MQ
DaemonSets
minus A DaemonSet ensures that nodes (all or some) run a copy of pod As nodes are added pods are added to them
minus Example Cluster storage daemon such as glusterd ceph logs collection on each node
Jobs CronJobs
minus A job creates one or more pods and ensures that a specified number of them successfully terminate
IBM Cloud25
Kubernetes Network - Services
Without services Pods are not visible outside the cluster
To enable communication from outside world to the Pods services are created
Internal Service Endpoints ndash Available inside the cluster only
External Service Endpoints - DNS names C-Names or A-records available to access pods
With the help of labels and selectors the services are tied to the pods
Service Types
minus ClusterIP ndash Service is reachable only from inside of the cluster
minus NodePort ndash Service is reachable through NodeIPNodePort
minus LoadBalancer ndash Service is reachable through an external load balancer mapped to NodeIPNodePort address
IBM Cloud26
Kubernetes Storage ndash Volume types
Host-based
minus EmptyDir
minus HostPath
Block Storage
minus IBM Block Storage
minus Amazon EBS
minus GCE Persistent Disk
minus vSphere Volumes
Distributed File System
minus IBM Spectrum Scale
minus NFS
minus Ceph
minus GlusterFS
minus Amazon EFS
minus Azure File System
Other
minus Flocker
minus iSCSI
minus Git Repository
minus Quobyte
IBM Cloud27
Kubernetes Storage ndash Persistence in Pods
Pods are ephemeral and stateless
Applications need persistent storage
Volumes is a way to get persistence to a Pod
Kubernetes volumes are similar to Docker volumes but are managed differently
All containers in a Pod can access the volume
Volumes are associated with the lifecycle of a Pod
Directories in a host are exposed as volumes in Pod
Volumes may be based on a variety of back-end storage types
IBM Cloud28
Kubernetes StoragePersistent volume and persistent volume claim
The Kubernetes Volume abstraction provides
minusPersistent Volume (PV) ndash Provisioned by an administrator
minusPersistent Volume Claim (PVC) ndash Requested by an user and Heketi provisions PVC ndash which creates a PV
minus Storage Class (SC) ndash Storage profiles offered by admins
Persistent
Volume
Block Storage Distributed File System IBM
Spectrum Scale
Worker Node
Pod 1 Pod 1
Persistent
Volume
Claim
IBM Cloud29
Kubernetes SecretsDecouple container with sensitive information
Secret holds sensitive information such as password OAuth tokens and more
Secret is an abstraction to decouple sensitive data
To use a secret Pod needs to reference the secret
Secret can be used in a Pod as files in a volume mounted on one or more containers or used by kubelet when pulling images for the Pod
$ kubectl -n stocktrader
create secret generic db2
--from-literal=id=db2psc
--from-literal=pwd=password
--from-literal=host=dev-ibm-db2oltp-devdefaultsvcclusterlocal
--from-literal=port=50000
--from-literal=db=PSDB
IBM Cloud30
IBM Cloud Private catalog ndash Helm Charts
Db2 chart
DSM chart
IBM Cloud31
IBM Cloud Private catalog ndash What is a Helm Chart
Helm is the package manager in IBM Cloud Private
Tiller is the server that serves the Helm content
Helm charts help to define install and upgrade software in an automated fashion
Helm charts can be deployed using GUI or command line
Software packages are available from IBM Charts Repository
Available at httpsgithubcomIBMcharts
IBM Cloud Private catalog requires internet connectivity to show available charts
In an air-gap environment you can build your own Local Charts repository
IBM Cloud32
IBM Charts Repository httpsgithubcomIBMchartstreemasterstable
Db2 chart
DSM chart
IBM Cloud33
Helm command line ndash Helm and Tiller
Helm is the client and Tiller is the server ndash runs on master node
$ helm version
Client v272+icp
Error cannot connect to Tiller
Use of --tls is required to do Helm operations
$ helm version --tls
Client v272+icp
Server v272+icp
Helm and Tiller version must be same ndash do not download Helm from Internet
IBM Cloud34
Deploying Db2 on Kubernetes
IBM Cloud35
Db2-based Containers running on Kubernetes (Sep 2019)Product Version Worker
Nodes
Pods PVCs Comments
Db2 OLTP 11144 1 1 1
Db2 OLTP HADR 11144 3 5 6 1x Db2 primary 1x Db2 standby 3x etcd for cluster
manager addntl PVC for HADR setup
Data Server
Manager
215 1 2 2 1x DSM 1x Db2 repository database
Includes Db2 111 engine
Db2 Warehouse
SMP
3100 1 1 1 Includes Db2 111 engine
Db2 Warehouse
MPP
3100 3+ 3+ 1 Includes Db2 111 engine
Requires IBM Cloud Pak for Data
Coming soon
minus Red Hat OpenShift Kubernetes support
minus Db2 v115 engine
IBM Cloud36
IBM Cloud Private Kubernetes platform
IBM Cloud37
Before deploying Db2 OLTP to Kubernetes a couple of stepsneed to be performed
Creating a new namespace (optional)
Configuring a pod security policy
Configuring an image pull secret
Configuring the service account
IBM Cloud38
Creating the Namespace for the Db2 OLTP containers
We will create new namespace where all our Pods for Db2 OLTP Db2 OLTP HADR and Data Server Manager will run
Create the namespace for example stock-trader-data
$ kubectl create namespace stock-trader-data
namespacestock-trader-data created
Switch the context to the newly created namespace
$ kubectl config set-context $(kubectl config current-context)
--namespace=stock-trader-data
Context mycluster-context modified
Verify pods There should be no pods running as we just created the namespace$ kubectl get podsNo resources found
IBM Cloud39
Configuring Pod Security Policy for Db2$ cat pre01yamlapiVersion extensionsv1beta1kind PodSecurityPolicymetadata
name db2-privilegesspec
allowPrivilegeEscalation trueprivileged falseallowedCapabilities- SETPCAP- MKNOD- AUDIT_WRITE- CHOWN- NET_RAW- DAC_OVERRIDE- FOWNER- FSETID- KILL- SETGID- SETUID- NET_BIND_SERVICE- SYS_CHROOT- SETFCAP- SYS_RESOURCE- IPC_OWNER- SYS_NICEfsGroup
rule RunAsAnyhostIPC true
hostNetwork falsehostPID falsehostPorts- max 65535
min 1runAsUser
rule RunAsAnyseLinux
rule RunAsAnysupplementalGroups
rule RunAsAnyvolumes-
Configure the pod security policy$ kubectl apply -f pre01yamlpodsecuritypolicyextensionsdb2-privileges configured
Verify the results$ kubectl get psp
db2-privileges false SETPCAPMKNODAUDIT_WRITECHOWNNET_RAWDAC_OVERRIDEFOWNERFSETIDKILLSETGIDSETUIDNET_BIND_SERVICESYS_CHROOTSETFCAPSYS_RESOURCEIPC_OWNERSYS_NICE RunAsAny RunAsAny RunAsAny RunAsAnyfalse
IBM Cloud40
Configuring Image Pull Secret for Db2
We need to create a image pull secret to give Kubernetes the credentials to pull the Db2 Developer-C and DSM images from Docker Hub
The username password and email are the credentials form Docker Hub
Note that you need to subscribe the Db2 and DSM images in Docker Hub first
Configure the image pull secret$ kubectl create secret docker-registry dockerhub
--docker-username=ltyour dockerhub usernamegt--docker-password=ltyour dockerhub passwordgt--docker-email=ltyour dockerhub emailgt--namespace=ltyour namespacegt
secretdockerhub created
Verify the result$ kubectl get secretsNAME TYPE DATA AGEdefault-token-mwvpl kubernetesioservice-account-token 3 17ddockerhub kubernetesiodockerconfigjson 1 13m
IBM Cloud41
Configuring Service Account for Db2$ more pre04yaml---kind ClusterRoleapiVersion rbacauthorizationk8siov1metadataname db2-privileges-cluster-role
rules- apiGroups [extensions]resources [podsecuritypolicies]verbs [use]resourceNames- db2-privileges
---kind ClusterRoleBindingapiVersion rbacauthorizationk8siov1metadataname db2-privileges-cluster-role-binding
roleRefkind ClusterRolename db2-privileges-cluster-roleapiGroup rbacauthorizationk8sio
subjects- kind ServiceAccountname defaultnamespace stock-trader-data
The YAML specification file that defines the cluster role and the cluster role binding for the service account
Configure the service account$ kubectl apply -f pre04yamlclusterrolerbacauthorizationk8siodb2-privileges-cluster-role createdclusterrolebindingrbacauthorizationk8siodb2-privileges-cluster-role-binding created
Verify the results$ kubectl get psp
db2-privileges false SETPCAPMKNODAUDIT_WRITECHOWNNET_RAWDAC_OVERRIDEFOWNERFSETIDKILLSETGIDSETUIDNET_BIND_SERVICESYS_CHROOTSETFCAPSYS_RESOURCEIPC_OWNERSYS_NICE RunAsAny RunAsAny RunAsAnyRunAsAny false
IBM Cloud42
Helm Charts for Db2 and DSM
IBM Cloud43
Helm install command to deploy Db2 OLTP on Kubernetes
Installing Db2 OLTP server with one database in 2 minutes
$ helm install --name db2-01 ibm-chartsibm-db2oltp-dev
--tls
--set db2instinstname=db2inst1
--set db2instpassword=passw0rd
--set optionsdatabaseName=MYDB
--set dataVolumesize=20Gi
Size of the
Db2 data
volume
Name of database that
will be created
If not specified no
database will be
created
Instance
owner name
Instance owner
password
Db2 OLTP
Helm chart
name
Helm release
name
different for each
deployment
Additional parameters available for example to enable Oracle compatibilitySee httpsgithubcomIBMchartstreemasterstableibm-db2oltp-dev
IBM Cloud44
Letrsquos verify if we can connect to the MYDB database (1)
Get list of running pods and verify that Db2 OLTP pod is running
$ kubectl get podsNAME READY STATUS RESTARTS AGEdb2-01-ibm-db2oltp-dev-0 11 Running 1 7h57m
Review the logs of the Db2 OLTP container
$ kubectl logs -f db2-01-ibm-db2oltp-dev-009152019 160430 0 0 SQL1063N DB2START processing was successfulSQL1063N DB2START processing was successful() Starting TEXT SEARCH service CIE00001 Operation completed successfullyssh-keygen generating new host keys RSA1 RSA DSA ECDSA ED25519() All databases are now active() Setup has completed
IBM Cloud45
Letrsquos verify if we can connect to the MYDB database (2)
Login to the Db2 OLTP container and connect to MYDB Db2 database
$ kubectl exec -it db2-01-ibm-db2oltp-dev-0 --binbash su - db2inst1Last login Sun Sep 15 161711 UTC 2019$ db2 connect to MYDB
Database Connection Information
Database server = DB2LINUXX8664 11144SQL authorization ID = DB2INST1Local database alias = MYDB
IBM Cloud46
Cataloging the MYDB database
We need to catalog the MYDB database to access from Db2 client
binbash
NODE_PORT=$(kubectl get --namespace stock-trader-data
-o jsonpath=specports[0]nodePort services db2-01-ibm-db2oltp-dev-db2)
echo Cataloging node db2tcp1
db2 -v uncatalog node DB2TCP1
db2 -v catalog tcpip node DB2TCP1 remote 19216827100 server $NODE_PORT
echo Cataloging database MYDB at node db2tcp1
db2 -v uncatalog database MYDB
db2 -v catalog database MYDB at node DB2TCP1
db2 terminate
We get the Db2 port
from the Db2 OLTP
helm release service
definition
IBM Cloud47
Kubernetes resources for Db2 OLTP$ helm status db2-01 --tlsNAME db2-01LAST DEPLOYED Sun Sep 15 081114 2019NAMESPACE stock-trader-dataSTATUS DEPLOYEDRESOURCES==gt v1SecretNAME TYPE DATA AGEdb2-01-ibm-db2oltp-dev Opaque 1 1s==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
db2-01-data-stor Bound vol12 20Gi RWO 1s
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
db2-01-ibm-db2oltp-dev-db2 NodePort 100050 ltnonegt 5000030463TCP5500032236TCP 1sdb2-01-ibm-db2oltp-dev ClusterIP None ltnonegt 50000TCP55000TCP60006TCP60007TCP 1s==gt v1StatefulSetNAME DESIRED CURRENT AGE
db2-01-ibm-db2oltp-dev 1 1 1s
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdb2-01-ibm-db2oltp-dev-0 01 Init01 0 1s 1 Pod runs
the Db2
container
2 Services for
Db2 1x external
1x internal
1 StatefulSet
DESIRED = 1
1 PVC (RWO) for db
files logs amp config
1 Secret
Db2 instance
owner password
IBM Cloud48
Helm install command for deploying Db2 OLTP HADR
Setting up a Db2 OLTP v111 HADR cluster pair in 5 minutes with 1 command
helm install --name db2-02 ibm-chartsibm-db2oltp-dev
--tls
--set db2instinstname=db2inst1
--set db2instpassword=passw0rd
--set optionsdatabaseName=HADB
--set dataVolumesize=20Gi--set hadrenabled=true
Additional parameter
hadrenabled set to true to
indicate that we want a
HADR setup
IBM Cloud49
Verify that Db2 HADR is working
IBM Cloud50
Kubernetes resources for Db2 OTLP HADRNAME db2-02LAST DEPLOYED Tue Sep 17 082433 2019NAMESPACE stock-trader-dataSTATUS DEPLOYEDRESOURCES==gt v1SecretNAME TYPE DATA AGEdb2-02-ibm-db2oltp-dev Opaque 1 1s==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
db2-02-hadr-stor Bound vol09 20Gi RWX 1s
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
db2-02-ibm-db2oltp-dev-db2 NodePort 100061 ltnonegt 5000032422TCP5500032181TCP 1sdb2-02-ibm-db2oltp-dev ClusterIP None ltnonegt 50000TCP55000TCP60006TCP60007TCP 1sdb2-02-ibm-db2oltp-dev-etcd ClusterIP None ltnonegt 2380TCP2379TCP 1s==gt v1StatefulSetNAME DESIRED CURRENT AGE
db2-02-ibm-db2oltp-dev 2 2 1s
==gt v1beta2StatefulSet
db2-02-ibm-db2oltp-dev-etcd 3 0 1s
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdb2-02-ibm-db2oltp-dev-0 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-1 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-etcd-0 01 ContainerCreating 0 1sdb2-02-ibm-db2oltp-dev-etcd-1 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-etcd-2 01 Pending 0 1s
5 Pods
2x Db2 3x etcd
3 Services
2x Db2 1x etcd
2 StatefulSets
Db2 DESIRED=2
etcd DESIRED=3
1 PVC (RWX)
for HADR setup (1)
1 Secret
Db2 instance
owner password
(1) 5 addntl PVCs are being created
implicitly for 2x Db2 and 3x etcd
IBM Cloud51
Kubernetes Job to deploy SQL $ cat single04yamlapiVersion batchv1kind Jobmetadata
name db2-01-create-database-schemaspec
templatespec
containers- name db2-01-create-database-schema
image storeibmcorpdb2_developer_c11144-x86_64command [ binsh-cscriptsdb2-setupsh ]volumeMounts- name db2-createschema
mountPath scriptssecurityContext
capabilitiesadd [SYS_RESOURCE IPC_OWNER SYS_NICE]
env- name LICENSE
value accept- name DB2INSTANCE
value db2inst1- name DB2INST1_PASSWORD
valueFromsecretKeyRef
name db2-01-ibm-db2oltp-devkey password
- name DB2_SERVICE_NAMEvalue db2-01-ibm-db2oltp-dev
- name DBNAMEvalue mydb
restartPolicy Nevervolumes- name db2-createschema
configMapname db2-createschemadefaultMode 0744
backoffLimit 1---apiVersion v1data
db2-setupsh |binshexport SETUPDIR=vardb2_setupsource $SETUPDIRincludedb2_constantssource $SETUPDIRincludedb2_common_functionsif getent passwd $DB2INSTANCE gt devnull 2gtamp1 then
echo () Previous setup has not been detected Creating create_users
fiif create_instance then
exit 1fistart_db2cp scriptsdb2-createschemash databasedb2-createschemashchmod +x databasedb2-createschemashsu - $DB2INSTANCE -c databasedb2-createschemash
$DB2_SERVICE_NAME $DB2INSTANCEldquo$DB2INST1_PASSWORD $DBNAME
IBM Cloud52
Kubernetes Job to deploy SQL (contrsquod)db2-createschemash |
binshDB2_SERVICE_NAME=$1DB2INSTANCE=$2DB2INST1_PASSWORD=$3DBNAME=$4echo Configure schema for database $DBNAME on host $DB2_SERVICE_NAMEdb2 catalog tcpip node DB2NODE remote $DB2_SERVICE_NAME server 50000db2 catalog db $DBNAME as $DBNAME at node DB2NODEdb2 terminatedb2 activate database $DBNAME user $DB2INSTANCE using $DB2INST1_PASSWORDdb2 connect to $DBNAME user $DB2INSTANCE using $DB2INST1_PASSWORDsleep 2db2 -tvmf scriptsps-bp-tbspsqlsleep 10db2 -tvmf scriptsps-tablessqlecho Database $DBNAME has been configured
ps-bp-tbspsql |CREATE BUFFERPOOL BP32K PAGESIZE 32KCREATE TABLESPACE TS32 PAGESIZE 32K BUFFERPOOL BP32K
ps-tablessql |CREATE TABLE PS_TABLE(PS_TABLE_ID INTEGER NOT NULL GENERATED ALWAYS AS IDENTITY (START WITH 100000 INCREMENT BY 5) [hellip] IN TS32INSERT INTO PS_TABLE (SSNFIRST_NAMELAST_NAMEJOB_CODEDEPTSALARYDOB) WITH TEMP1 [hellip] CREATE TABLE PS_HISTORY ( FIRSTNAME VARCHAR(20) NOT NULL LASTNAME VARCHAR(20) NOT NULL JOBCODE CHAR(4) NOT NULL ) IN TS32 GRANT ALL ON ps_table TO PUBLICGRANT ALL ON ps_history TO PUBLIC
kind ConfigMapmetadata
name db2-createschema
IBM Cloud53
Deploying the Job to run the SQL
We deploy the Kubernetes job that runs the SQL on the MYDB database
$ kubectl apply ndashf single04yaml
jobbatchdb2-01-create-database-schema created
configmapdb2-createschema configured
We verify that the job has been created
$ kubectl get jobs
NAME COMPLETIONS DURATION AGE
db2-01-create-database-schema 01 0s 0s
Eventually the job completes
$ kubectl get jobs
NAME COMPLETIONS DURATION AGE
db2-01-create-database-schema 11 109s 45m
IBM Cloud54
Verifying the logs from the Job that runs the SQL on MYDBWe run a script to retrieve the logs form the job
binbash
kubectl config set-context $(kubectl config current-context) --namespace=stock-trader-data
pod=$(kubectl get pods --selector=job-name=db2-01-create-database-schema --output=jsonpath=items[]metadataname)
kubectl logs -f $pod
Output
[hellip]
DB20000I The SQL command completed successfully
GRANT ALL ON ps_table TO PUBLIC
DB20000I The SQL command completed successfully
GRANT ALL ON ps_history TO PUBLIC
DB20000I The SQL command completed successfully
Database mydb has been configured
IBM Cloud55
Deploying Data Server Manager (DSM) with the GUI
IBM Cloud56
Deploying Data Server Manager (DSM) with the GUI (2)
IBM Cloud57
Getting the URL of Data Server Manager
We need to query Kubernetes for the URL of the DSM GUI
binbash
export NODE_PORT=$(kubectl get --namespace stock-trader-data -o jsonpath=spec
ports[1]nodePort services dsm-01-ibm-dsm-dev)
export NODE_IP=$(kubectl get nodes --namespace stock-trader-data -o jsonpath=
items[0]statusaddresses[0]address)
echo https$NODE_IP$NODE_PORT
=gt https1921682710030462 (can be different on your system)
IBM Cloud58
Accessing Data Server Manager
IBM Cloud59
Data Server Manager HomepageAll Db2 OLTP instances running in the
same namespace as DSM will be auto-
discovered and monitored by DSM
IBM Cloud60
DSM Kubernetes resources (12)$ helm status dsm-01 --tlsLAST DEPLOYED Mon Sep 16 120102 2019NAMESPACE stock-trader-dataSTATUS DEPLOYED
RESOURCES==gt v1RoleBindingNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGEdsm-01-repository NodePort 1000233 ltnonegt 5000032695TCP5500032203TCP 8mdsm-01-ibm-dsm-dev NodePort 100085 ltnonegt 1108032444TCP1108130462TCP 8m
==gt v1beta1DeploymentNAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGEdsm-01-repository 1 1 1 1 8mdsm-01-ibm-dsm-dev 1 1 1 1 8m
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdsm-01-repository-76f87d47d4-dlqh4 11 Running 0 8mdsm-01-ibm-dsm-dev-b976d89bd-dflqn 22 Running 0 8m
2 RoleBindings
2 Services
1x Db2 (repodb)
1x DSM
2 Deployments
2 Pods
1 Db2 1 DSM
IBM Cloud61
DSM Kubernetes resources (22)
[hellip]==gt v1SecretNAME TYPE DATA AGEdsm-01-repository-db2-passwd Opaque 1 8mdsm-01-ibm-dsm-dev-dsm-passwd Opaque 1 8m
==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGEdsm-01-repository-data-stor Bound vol14 20Gi RWO 8mdsm-01-ibm-dsm-dev-datavolume Bound vol12 20Gi RWO 8m
==gt v1ServiceAccountNAME SECRETS AGEdsm-repodb-dsm-01-repository 1 8mdsm-dsm-01-ibm-dsm-dev 1 8m
==gt v1RoleNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
2 Secrets 1 DSM
asmin 1 Db2
instance owner
2 PVCs 1 DSM
Db2
3 Roles
IBM Cloud62
Additional Resources
IBM Cloud63
Additional Resources ndash Kubernetes Docker Helm
Kubernetes
minus httpskubernetesiodocstutorialskubernetes-basics
Kubernetes in the Enterprise eBook
minus ibmbizBdYA4i
Docker
minus httpsdocsdockercomget-started
Docker Hub
minus httpshubdockercom
Helm
minus httpshelmshdocs
IBM Cloud64
Additional Resources ndash IBM Cloud Private OpenShift
IBM Cloud Private Documentation
minus httpswwwibmcomsupportknowledgecenterenSSBS6K_320kc_welcome_containershtml
Deploy IBM Cloud Private Community Edition using Vagrant
minus httpsgithubcomIBMdeploy-ibm-cloud-privateblobmasterdocsdeploy-vagrantmd
Red Hat OpenShift Container Platform Documentation
minus httpsdocsopenshiftcomcontainer-platform41welcomeindexhtml
IBM Cloud65
Additional Resources ndash Db2 Db2Wh DSMDb2 Integration into IBM Cloud Private
minus httpsdeveloperibmcomrecipestutorialsdb2-integration-into-ibm-cloud-private
Db2 on IBM Cloud Private with Red Hat OpenShift
minus httpsdeveloperibmcomrecipestutorialsibm-db2-on-ibm-cloud-private-with-redhat-openshift
IBM Db2 Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-db2oltp-dev
IBM Data Server Manager Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-dsm-dev
Deploying Db2 Warehouse SMP using Kubernetes
minus httpswwwibmcomsupportknowledgecenterenSSCJDQcomibmswgimdashdbdocadmindeploy_kubernetes_smphtml
Deploying Db2 Warehouse SMP and MPP on IBM Cloud Pak for Data
minus httpswwwibmcomsupportknowledgecenterenSSQNUZ_210comibmicpdatadoczenadmindb-reqshtmldb-reqs__db2warehouse
IBM Cloud66
Presentation on Db2 and Docker from Db2 Aktuell 2018
IBM Cloud67
Summary
IBM Cloud68
Summary
Micro Services and Containers
Kubernetes Basics
Deploying Db2 on Kubernetes
minus Db2 OLTP Single Server
minus Db2 OLTP HADR
minus Data Server Manager (DSM)
Additional Resources
Summary
IBM Cloud69
Claus Huempel IBM Deutschland GmbH
Karl-Arnold-Platz 1a
Technical Sales Professional 40474 Duesseldorf
Hybrid Data Management Germany
Mobile +49-177-3627278
Email chuempeldeibmcom
Thank You
IBM Cloud70
IBM Cloud18
Kubernetes ndash Features (2)
Self-healing
minus Restart containers that fail replace and reschedules containers when nodes die kill containers that do not respond to user defined health checks
Service discovery and load balancing
minus No need to modify the application to use an unfamiliar service discovery mechanism Kubernetes gives containers their own IP addresses and a single DNS name for a set of containers
Secret and configuration management
minus Deploy and update secrets and application configuration without rebuilding your image and without exposing secrets in your stack configuration
Batch Execution
minus In addition to services Kubernetes can manage your batch and CI workloads replacing containers that fail if desired
IBM Cloud19
Kubernetes Architecture
Kubernetes Cluster
Kubelet
Worker NodeKubelet
Worker NodeKubelet
Worker Node
Master Node
API Server
Scheduler ControllerDistributed etcd
key-value datastore
Image Registry
Container -
1Container -
2Container -
3Container -
4Container -
5Container -
6Container -
7Container -
8Container -
n
Kubernetes REST API
Command
LineWeb UI
IBM Cloud20
Kubernetes WorkloadsPod ndash the basic building block for Kubernetes
Smallest and simplest unit in Kubernetes object model
Pod encapsulates an application container (or multiple containers) storage resources a unique network IP and options that govern how the container should run
Pod is a unit of deployment
Pod runs one or more containers as a unit
Docker is the container runtime used in IBM Cloud Private
One-container-per-pod model is most common use case
Kubernetes manages the pod rather than containers directly
Pods can run multiple containers that need to work together and toshare resources
Pods are designed as relatively ephemeral disposable entities
Pods do not self-heal by themselves ndash a higher level abstractiondoes this
IBM Cloud21
Kubernetes ConfigurationsCreate YAML for creating resources on KubernetesYAML ndash Yet Another Markup Language or YAML Ainrsquot Markup Language
Types of structures required in Kubernetes
minus Maps
minus Lists
YAML Maps - let you associate name value pair For example---apiVersion v1kind pod
YAML Maps ndash Create a key that maps to another map---apiVersion v1kind podmetadata
name db2labels
app db2
IBM Cloud22
Kubernetes Configurations ndash Create YAML (continued)YAML Lists are literally a sequence of objects Members in the list can also be maps
---apiVersion v1kind podmetadata
name db2labels
app db2spec
containers- name front-endimage nginxports
- containerPort 80- name db2-oltpimage storeibmcorpdb2_developer_c11144ports
- containerPort 50000
A YAML manifest has four components to define a Kubernetes resourcebull apiVersionbull kindbull metadatabull spec
IBM Cloud23
Kubernetes Workloads ndash Create a Pod
Create a nginx pod ndash icp01yaml--- Simple yaml file to create an nginx podapiVersion v1kind Podmetadata
name nginxlabels
app nginxspec
containers- name nginx
image nginx179ports- containerPort 80
Create the pod
$ kubectl apply -f icp01yaml
podnginx created
Check pod status
$ kubectl get pods
NAME READY STATUS RESTARTS AGE
nginx 11 Running 0 13s
IBM Cloud24
Kubernetes Workloads - ControllersControllers can create and manage pods for you
ReplicaSet
minus A ReplicaSet ensures that a specified number of pod replicas are running at any given time
Deployments
minus Deployment is a higher-level concept that manages ReplicaSets and provides declarative updates to pods
minus Example Create a deployment to rollout a ReplicaSet
StatefulSets
minus StatefulSets represent a set of pods with unique persistent identities and stable hostnames that are maintained regardless where they are scheduled
minus Examples Db2 Redis IBM MQ
DaemonSets
minus A DaemonSet ensures that nodes (all or some) run a copy of pod As nodes are added pods are added to them
minus Example Cluster storage daemon such as glusterd ceph logs collection on each node
Jobs CronJobs
minus A job creates one or more pods and ensures that a specified number of them successfully terminate
IBM Cloud25
Kubernetes Network - Services
Without services Pods are not visible outside the cluster
To enable communication from outside world to the Pods services are created
Internal Service Endpoints ndash Available inside the cluster only
External Service Endpoints - DNS names C-Names or A-records available to access pods
With the help of labels and selectors the services are tied to the pods
Service Types
minus ClusterIP ndash Service is reachable only from inside of the cluster
minus NodePort ndash Service is reachable through NodeIPNodePort
minus LoadBalancer ndash Service is reachable through an external load balancer mapped to NodeIPNodePort address
IBM Cloud26
Kubernetes Storage ndash Volume types
Host-based
minus EmptyDir
minus HostPath
Block Storage
minus IBM Block Storage
minus Amazon EBS
minus GCE Persistent Disk
minus vSphere Volumes
Distributed File System
minus IBM Spectrum Scale
minus NFS
minus Ceph
minus GlusterFS
minus Amazon EFS
minus Azure File System
Other
minus Flocker
minus iSCSI
minus Git Repository
minus Quobyte
IBM Cloud27
Kubernetes Storage ndash Persistence in Pods
Pods are ephemeral and stateless
Applications need persistent storage
Volumes is a way to get persistence to a Pod
Kubernetes volumes are similar to Docker volumes but are managed differently
All containers in a Pod can access the volume
Volumes are associated with the lifecycle of a Pod
Directories in a host are exposed as volumes in Pod
Volumes may be based on a variety of back-end storage types
IBM Cloud28
Kubernetes StoragePersistent volume and persistent volume claim
The Kubernetes Volume abstraction provides
minusPersistent Volume (PV) ndash Provisioned by an administrator
minusPersistent Volume Claim (PVC) ndash Requested by an user and Heketi provisions PVC ndash which creates a PV
minus Storage Class (SC) ndash Storage profiles offered by admins
Persistent
Volume
Block Storage Distributed File System IBM
Spectrum Scale
Worker Node
Pod 1 Pod 1
Persistent
Volume
Claim
IBM Cloud29
Kubernetes SecretsDecouple container with sensitive information
Secret holds sensitive information such as password OAuth tokens and more
Secret is an abstraction to decouple sensitive data
To use a secret Pod needs to reference the secret
Secret can be used in a Pod as files in a volume mounted on one or more containers or used by kubelet when pulling images for the Pod
$ kubectl -n stocktrader
create secret generic db2
--from-literal=id=db2psc
--from-literal=pwd=password
--from-literal=host=dev-ibm-db2oltp-devdefaultsvcclusterlocal
--from-literal=port=50000
--from-literal=db=PSDB
IBM Cloud30
IBM Cloud Private catalog ndash Helm Charts
Db2 chart
DSM chart
IBM Cloud31
IBM Cloud Private catalog ndash What is a Helm Chart
Helm is the package manager in IBM Cloud Private
Tiller is the server that serves the Helm content
Helm charts help to define install and upgrade software in an automated fashion
Helm charts can be deployed using GUI or command line
Software packages are available from IBM Charts Repository
Available at httpsgithubcomIBMcharts
IBM Cloud Private catalog requires internet connectivity to show available charts
In an air-gap environment you can build your own Local Charts repository
IBM Cloud32
IBM Charts Repository httpsgithubcomIBMchartstreemasterstable
Db2 chart
DSM chart
IBM Cloud33
Helm command line ndash Helm and Tiller
Helm is the client and Tiller is the server ndash runs on master node
$ helm version
Client v272+icp
Error cannot connect to Tiller
Use of --tls is required to do Helm operations
$ helm version --tls
Client v272+icp
Server v272+icp
Helm and Tiller version must be same ndash do not download Helm from Internet
IBM Cloud34
Deploying Db2 on Kubernetes
IBM Cloud35
Db2-based Containers running on Kubernetes (Sep 2019)Product Version Worker
Nodes
Pods PVCs Comments
Db2 OLTP 11144 1 1 1
Db2 OLTP HADR 11144 3 5 6 1x Db2 primary 1x Db2 standby 3x etcd for cluster
manager addntl PVC for HADR setup
Data Server
Manager
215 1 2 2 1x DSM 1x Db2 repository database
Includes Db2 111 engine
Db2 Warehouse
SMP
3100 1 1 1 Includes Db2 111 engine
Db2 Warehouse
MPP
3100 3+ 3+ 1 Includes Db2 111 engine
Requires IBM Cloud Pak for Data
Coming soon
minus Red Hat OpenShift Kubernetes support
minus Db2 v115 engine
IBM Cloud36
IBM Cloud Private Kubernetes platform
IBM Cloud37
Before deploying Db2 OLTP to Kubernetes a couple of stepsneed to be performed
Creating a new namespace (optional)
Configuring a pod security policy
Configuring an image pull secret
Configuring the service account
IBM Cloud38
Creating the Namespace for the Db2 OLTP containers
We will create new namespace where all our Pods for Db2 OLTP Db2 OLTP HADR and Data Server Manager will run
Create the namespace for example stock-trader-data
$ kubectl create namespace stock-trader-data
namespacestock-trader-data created
Switch the context to the newly created namespace
$ kubectl config set-context $(kubectl config current-context)
--namespace=stock-trader-data
Context mycluster-context modified
Verify pods There should be no pods running as we just created the namespace$ kubectl get podsNo resources found
IBM Cloud39
Configuring Pod Security Policy for Db2$ cat pre01yamlapiVersion extensionsv1beta1kind PodSecurityPolicymetadata
name db2-privilegesspec
allowPrivilegeEscalation trueprivileged falseallowedCapabilities- SETPCAP- MKNOD- AUDIT_WRITE- CHOWN- NET_RAW- DAC_OVERRIDE- FOWNER- FSETID- KILL- SETGID- SETUID- NET_BIND_SERVICE- SYS_CHROOT- SETFCAP- SYS_RESOURCE- IPC_OWNER- SYS_NICEfsGroup
rule RunAsAnyhostIPC true
hostNetwork falsehostPID falsehostPorts- max 65535
min 1runAsUser
rule RunAsAnyseLinux
rule RunAsAnysupplementalGroups
rule RunAsAnyvolumes-
Configure the pod security policy$ kubectl apply -f pre01yamlpodsecuritypolicyextensionsdb2-privileges configured
Verify the results$ kubectl get psp
db2-privileges false SETPCAPMKNODAUDIT_WRITECHOWNNET_RAWDAC_OVERRIDEFOWNERFSETIDKILLSETGIDSETUIDNET_BIND_SERVICESYS_CHROOTSETFCAPSYS_RESOURCEIPC_OWNERSYS_NICE RunAsAny RunAsAny RunAsAny RunAsAnyfalse
IBM Cloud40
Configuring Image Pull Secret for Db2
We need to create a image pull secret to give Kubernetes the credentials to pull the Db2 Developer-C and DSM images from Docker Hub
The username password and email are the credentials form Docker Hub
Note that you need to subscribe the Db2 and DSM images in Docker Hub first
Configure the image pull secret$ kubectl create secret docker-registry dockerhub
--docker-username=ltyour dockerhub usernamegt--docker-password=ltyour dockerhub passwordgt--docker-email=ltyour dockerhub emailgt--namespace=ltyour namespacegt
secretdockerhub created
Verify the result$ kubectl get secretsNAME TYPE DATA AGEdefault-token-mwvpl kubernetesioservice-account-token 3 17ddockerhub kubernetesiodockerconfigjson 1 13m
IBM Cloud41
Configuring Service Account for Db2$ more pre04yaml---kind ClusterRoleapiVersion rbacauthorizationk8siov1metadataname db2-privileges-cluster-role
rules- apiGroups [extensions]resources [podsecuritypolicies]verbs [use]resourceNames- db2-privileges
---kind ClusterRoleBindingapiVersion rbacauthorizationk8siov1metadataname db2-privileges-cluster-role-binding
roleRefkind ClusterRolename db2-privileges-cluster-roleapiGroup rbacauthorizationk8sio
subjects- kind ServiceAccountname defaultnamespace stock-trader-data
The YAML specification file that defines the cluster role and the cluster role binding for the service account
Configure the service account$ kubectl apply -f pre04yamlclusterrolerbacauthorizationk8siodb2-privileges-cluster-role createdclusterrolebindingrbacauthorizationk8siodb2-privileges-cluster-role-binding created
Verify the results$ kubectl get psp
db2-privileges false SETPCAPMKNODAUDIT_WRITECHOWNNET_RAWDAC_OVERRIDEFOWNERFSETIDKILLSETGIDSETUIDNET_BIND_SERVICESYS_CHROOTSETFCAPSYS_RESOURCEIPC_OWNERSYS_NICE RunAsAny RunAsAny RunAsAnyRunAsAny false
IBM Cloud42
Helm Charts for Db2 and DSM
IBM Cloud43
Helm install command to deploy Db2 OLTP on Kubernetes
Installing Db2 OLTP server with one database in 2 minutes
$ helm install --name db2-01 ibm-chartsibm-db2oltp-dev
--tls
--set db2instinstname=db2inst1
--set db2instpassword=passw0rd
--set optionsdatabaseName=MYDB
--set dataVolumesize=20Gi
Size of the
Db2 data
volume
Name of database that
will be created
If not specified no
database will be
created
Instance
owner name
Instance owner
password
Db2 OLTP
Helm chart
name
Helm release
name
different for each
deployment
Additional parameters available for example to enable Oracle compatibilitySee httpsgithubcomIBMchartstreemasterstableibm-db2oltp-dev
IBM Cloud44
Letrsquos verify if we can connect to the MYDB database (1)
Get list of running pods and verify that Db2 OLTP pod is running
$ kubectl get podsNAME READY STATUS RESTARTS AGEdb2-01-ibm-db2oltp-dev-0 11 Running 1 7h57m
Review the logs of the Db2 OLTP container
$ kubectl logs -f db2-01-ibm-db2oltp-dev-009152019 160430 0 0 SQL1063N DB2START processing was successfulSQL1063N DB2START processing was successful() Starting TEXT SEARCH service CIE00001 Operation completed successfullyssh-keygen generating new host keys RSA1 RSA DSA ECDSA ED25519() All databases are now active() Setup has completed
IBM Cloud45
Letrsquos verify if we can connect to the MYDB database (2)
Login to the Db2 OLTP container and connect to MYDB Db2 database
$ kubectl exec -it db2-01-ibm-db2oltp-dev-0 --binbash su - db2inst1Last login Sun Sep 15 161711 UTC 2019$ db2 connect to MYDB
Database Connection Information
Database server = DB2LINUXX8664 11144SQL authorization ID = DB2INST1Local database alias = MYDB
IBM Cloud46
Cataloging the MYDB database
We need to catalog the MYDB database to access from Db2 client
binbash
NODE_PORT=$(kubectl get --namespace stock-trader-data
-o jsonpath=specports[0]nodePort services db2-01-ibm-db2oltp-dev-db2)
echo Cataloging node db2tcp1
db2 -v uncatalog node DB2TCP1
db2 -v catalog tcpip node DB2TCP1 remote 19216827100 server $NODE_PORT
echo Cataloging database MYDB at node db2tcp1
db2 -v uncatalog database MYDB
db2 -v catalog database MYDB at node DB2TCP1
db2 terminate
We get the Db2 port
from the Db2 OLTP
helm release service
definition
IBM Cloud47
Kubernetes resources for Db2 OLTP$ helm status db2-01 --tlsNAME db2-01LAST DEPLOYED Sun Sep 15 081114 2019NAMESPACE stock-trader-dataSTATUS DEPLOYEDRESOURCES==gt v1SecretNAME TYPE DATA AGEdb2-01-ibm-db2oltp-dev Opaque 1 1s==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
db2-01-data-stor Bound vol12 20Gi RWO 1s
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
db2-01-ibm-db2oltp-dev-db2 NodePort 100050 ltnonegt 5000030463TCP5500032236TCP 1sdb2-01-ibm-db2oltp-dev ClusterIP None ltnonegt 50000TCP55000TCP60006TCP60007TCP 1s==gt v1StatefulSetNAME DESIRED CURRENT AGE
db2-01-ibm-db2oltp-dev 1 1 1s
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdb2-01-ibm-db2oltp-dev-0 01 Init01 0 1s 1 Pod runs
the Db2
container
2 Services for
Db2 1x external
1x internal
1 StatefulSet
DESIRED = 1
1 PVC (RWO) for db
files logs amp config
1 Secret
Db2 instance
owner password
IBM Cloud48
Helm install command for deploying Db2 OLTP HADR
Setting up a Db2 OLTP v111 HADR cluster pair in 5 minutes with 1 command
helm install --name db2-02 ibm-chartsibm-db2oltp-dev
--tls
--set db2instinstname=db2inst1
--set db2instpassword=passw0rd
--set optionsdatabaseName=HADB
--set dataVolumesize=20Gi--set hadrenabled=true
Additional parameter
hadrenabled set to true to
indicate that we want a
HADR setup
IBM Cloud49
Verify that Db2 HADR is working
IBM Cloud50
Kubernetes resources for Db2 OTLP HADRNAME db2-02LAST DEPLOYED Tue Sep 17 082433 2019NAMESPACE stock-trader-dataSTATUS DEPLOYEDRESOURCES==gt v1SecretNAME TYPE DATA AGEdb2-02-ibm-db2oltp-dev Opaque 1 1s==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
db2-02-hadr-stor Bound vol09 20Gi RWX 1s
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
db2-02-ibm-db2oltp-dev-db2 NodePort 100061 ltnonegt 5000032422TCP5500032181TCP 1sdb2-02-ibm-db2oltp-dev ClusterIP None ltnonegt 50000TCP55000TCP60006TCP60007TCP 1sdb2-02-ibm-db2oltp-dev-etcd ClusterIP None ltnonegt 2380TCP2379TCP 1s==gt v1StatefulSetNAME DESIRED CURRENT AGE
db2-02-ibm-db2oltp-dev 2 2 1s
==gt v1beta2StatefulSet
db2-02-ibm-db2oltp-dev-etcd 3 0 1s
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdb2-02-ibm-db2oltp-dev-0 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-1 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-etcd-0 01 ContainerCreating 0 1sdb2-02-ibm-db2oltp-dev-etcd-1 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-etcd-2 01 Pending 0 1s
5 Pods
2x Db2 3x etcd
3 Services
2x Db2 1x etcd
2 StatefulSets
Db2 DESIRED=2
etcd DESIRED=3
1 PVC (RWX)
for HADR setup (1)
1 Secret
Db2 instance
owner password
(1) 5 addntl PVCs are being created
implicitly for 2x Db2 and 3x etcd
IBM Cloud51
Kubernetes Job to deploy SQL $ cat single04yamlapiVersion batchv1kind Jobmetadata
name db2-01-create-database-schemaspec
templatespec
containers- name db2-01-create-database-schema
image storeibmcorpdb2_developer_c11144-x86_64command [ binsh-cscriptsdb2-setupsh ]volumeMounts- name db2-createschema
mountPath scriptssecurityContext
capabilitiesadd [SYS_RESOURCE IPC_OWNER SYS_NICE]
env- name LICENSE
value accept- name DB2INSTANCE
value db2inst1- name DB2INST1_PASSWORD
valueFromsecretKeyRef
name db2-01-ibm-db2oltp-devkey password
- name DB2_SERVICE_NAMEvalue db2-01-ibm-db2oltp-dev
- name DBNAMEvalue mydb
restartPolicy Nevervolumes- name db2-createschema
configMapname db2-createschemadefaultMode 0744
backoffLimit 1---apiVersion v1data
db2-setupsh |binshexport SETUPDIR=vardb2_setupsource $SETUPDIRincludedb2_constantssource $SETUPDIRincludedb2_common_functionsif getent passwd $DB2INSTANCE gt devnull 2gtamp1 then
echo () Previous setup has not been detected Creating create_users
fiif create_instance then
exit 1fistart_db2cp scriptsdb2-createschemash databasedb2-createschemashchmod +x databasedb2-createschemashsu - $DB2INSTANCE -c databasedb2-createschemash
$DB2_SERVICE_NAME $DB2INSTANCEldquo$DB2INST1_PASSWORD $DBNAME
IBM Cloud52
Kubernetes Job to deploy SQL (contrsquod)db2-createschemash |
binshDB2_SERVICE_NAME=$1DB2INSTANCE=$2DB2INST1_PASSWORD=$3DBNAME=$4echo Configure schema for database $DBNAME on host $DB2_SERVICE_NAMEdb2 catalog tcpip node DB2NODE remote $DB2_SERVICE_NAME server 50000db2 catalog db $DBNAME as $DBNAME at node DB2NODEdb2 terminatedb2 activate database $DBNAME user $DB2INSTANCE using $DB2INST1_PASSWORDdb2 connect to $DBNAME user $DB2INSTANCE using $DB2INST1_PASSWORDsleep 2db2 -tvmf scriptsps-bp-tbspsqlsleep 10db2 -tvmf scriptsps-tablessqlecho Database $DBNAME has been configured
ps-bp-tbspsql |CREATE BUFFERPOOL BP32K PAGESIZE 32KCREATE TABLESPACE TS32 PAGESIZE 32K BUFFERPOOL BP32K
ps-tablessql |CREATE TABLE PS_TABLE(PS_TABLE_ID INTEGER NOT NULL GENERATED ALWAYS AS IDENTITY (START WITH 100000 INCREMENT BY 5) [hellip] IN TS32INSERT INTO PS_TABLE (SSNFIRST_NAMELAST_NAMEJOB_CODEDEPTSALARYDOB) WITH TEMP1 [hellip] CREATE TABLE PS_HISTORY ( FIRSTNAME VARCHAR(20) NOT NULL LASTNAME VARCHAR(20) NOT NULL JOBCODE CHAR(4) NOT NULL ) IN TS32 GRANT ALL ON ps_table TO PUBLICGRANT ALL ON ps_history TO PUBLIC
kind ConfigMapmetadata
name db2-createschema
IBM Cloud53
Deploying the Job to run the SQL
We deploy the Kubernetes job that runs the SQL on the MYDB database
$ kubectl apply ndashf single04yaml
jobbatchdb2-01-create-database-schema created
configmapdb2-createschema configured
We verify that the job has been created
$ kubectl get jobs
NAME COMPLETIONS DURATION AGE
db2-01-create-database-schema 01 0s 0s
Eventually the job completes
$ kubectl get jobs
NAME COMPLETIONS DURATION AGE
db2-01-create-database-schema 11 109s 45m
IBM Cloud54
Verifying the logs from the Job that runs the SQL on MYDBWe run a script to retrieve the logs form the job
binbash
kubectl config set-context $(kubectl config current-context) --namespace=stock-trader-data
pod=$(kubectl get pods --selector=job-name=db2-01-create-database-schema --output=jsonpath=items[]metadataname)
kubectl logs -f $pod
Output
[hellip]
DB20000I The SQL command completed successfully
GRANT ALL ON ps_table TO PUBLIC
DB20000I The SQL command completed successfully
GRANT ALL ON ps_history TO PUBLIC
DB20000I The SQL command completed successfully
Database mydb has been configured
IBM Cloud55
Deploying Data Server Manager (DSM) with the GUI
IBM Cloud56
Deploying Data Server Manager (DSM) with the GUI (2)
IBM Cloud57
Getting the URL of Data Server Manager
We need to query Kubernetes for the URL of the DSM GUI
binbash
export NODE_PORT=$(kubectl get --namespace stock-trader-data -o jsonpath=spec
ports[1]nodePort services dsm-01-ibm-dsm-dev)
export NODE_IP=$(kubectl get nodes --namespace stock-trader-data -o jsonpath=
items[0]statusaddresses[0]address)
echo https$NODE_IP$NODE_PORT
=gt https1921682710030462 (can be different on your system)
IBM Cloud58
Accessing Data Server Manager
IBM Cloud59
Data Server Manager HomepageAll Db2 OLTP instances running in the
same namespace as DSM will be auto-
discovered and monitored by DSM
IBM Cloud60
DSM Kubernetes resources (12)$ helm status dsm-01 --tlsLAST DEPLOYED Mon Sep 16 120102 2019NAMESPACE stock-trader-dataSTATUS DEPLOYED
RESOURCES==gt v1RoleBindingNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGEdsm-01-repository NodePort 1000233 ltnonegt 5000032695TCP5500032203TCP 8mdsm-01-ibm-dsm-dev NodePort 100085 ltnonegt 1108032444TCP1108130462TCP 8m
==gt v1beta1DeploymentNAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGEdsm-01-repository 1 1 1 1 8mdsm-01-ibm-dsm-dev 1 1 1 1 8m
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdsm-01-repository-76f87d47d4-dlqh4 11 Running 0 8mdsm-01-ibm-dsm-dev-b976d89bd-dflqn 22 Running 0 8m
2 RoleBindings
2 Services
1x Db2 (repodb)
1x DSM
2 Deployments
2 Pods
1 Db2 1 DSM
IBM Cloud61
DSM Kubernetes resources (22)
[hellip]==gt v1SecretNAME TYPE DATA AGEdsm-01-repository-db2-passwd Opaque 1 8mdsm-01-ibm-dsm-dev-dsm-passwd Opaque 1 8m
==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGEdsm-01-repository-data-stor Bound vol14 20Gi RWO 8mdsm-01-ibm-dsm-dev-datavolume Bound vol12 20Gi RWO 8m
==gt v1ServiceAccountNAME SECRETS AGEdsm-repodb-dsm-01-repository 1 8mdsm-dsm-01-ibm-dsm-dev 1 8m
==gt v1RoleNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
2 Secrets 1 DSM
asmin 1 Db2
instance owner
2 PVCs 1 DSM
Db2
3 Roles
IBM Cloud62
Additional Resources
IBM Cloud63
Additional Resources ndash Kubernetes Docker Helm
Kubernetes
minus httpskubernetesiodocstutorialskubernetes-basics
Kubernetes in the Enterprise eBook
minus ibmbizBdYA4i
Docker
minus httpsdocsdockercomget-started
Docker Hub
minus httpshubdockercom
Helm
minus httpshelmshdocs
IBM Cloud64
Additional Resources ndash IBM Cloud Private OpenShift
IBM Cloud Private Documentation
minus httpswwwibmcomsupportknowledgecenterenSSBS6K_320kc_welcome_containershtml
Deploy IBM Cloud Private Community Edition using Vagrant
minus httpsgithubcomIBMdeploy-ibm-cloud-privateblobmasterdocsdeploy-vagrantmd
Red Hat OpenShift Container Platform Documentation
minus httpsdocsopenshiftcomcontainer-platform41welcomeindexhtml
IBM Cloud65
Additional Resources ndash Db2 Db2Wh DSMDb2 Integration into IBM Cloud Private
minus httpsdeveloperibmcomrecipestutorialsdb2-integration-into-ibm-cloud-private
Db2 on IBM Cloud Private with Red Hat OpenShift
minus httpsdeveloperibmcomrecipestutorialsibm-db2-on-ibm-cloud-private-with-redhat-openshift
IBM Db2 Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-db2oltp-dev
IBM Data Server Manager Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-dsm-dev
Deploying Db2 Warehouse SMP using Kubernetes
minus httpswwwibmcomsupportknowledgecenterenSSCJDQcomibmswgimdashdbdocadmindeploy_kubernetes_smphtml
Deploying Db2 Warehouse SMP and MPP on IBM Cloud Pak for Data
minus httpswwwibmcomsupportknowledgecenterenSSQNUZ_210comibmicpdatadoczenadmindb-reqshtmldb-reqs__db2warehouse
IBM Cloud66
Presentation on Db2 and Docker from Db2 Aktuell 2018
IBM Cloud67
Summary
IBM Cloud68
Summary
Micro Services and Containers
Kubernetes Basics
Deploying Db2 on Kubernetes
minus Db2 OLTP Single Server
minus Db2 OLTP HADR
minus Data Server Manager (DSM)
Additional Resources
Summary
IBM Cloud69
Claus Huempel IBM Deutschland GmbH
Karl-Arnold-Platz 1a
Technical Sales Professional 40474 Duesseldorf
Hybrid Data Management Germany
Mobile +49-177-3627278
Email chuempeldeibmcom
Thank You
IBM Cloud70
IBM Cloud19
Kubernetes Architecture
Kubernetes Cluster
Kubelet
Worker NodeKubelet
Worker NodeKubelet
Worker Node
Master Node
API Server
Scheduler ControllerDistributed etcd
key-value datastore
Image Registry
Container -
1Container -
2Container -
3Container -
4Container -
5Container -
6Container -
7Container -
8Container -
n
Kubernetes REST API
Command
LineWeb UI
IBM Cloud20
Kubernetes WorkloadsPod ndash the basic building block for Kubernetes
Smallest and simplest unit in Kubernetes object model
Pod encapsulates an application container (or multiple containers) storage resources a unique network IP and options that govern how the container should run
Pod is a unit of deployment
Pod runs one or more containers as a unit
Docker is the container runtime used in IBM Cloud Private
One-container-per-pod model is most common use case
Kubernetes manages the pod rather than containers directly
Pods can run multiple containers that need to work together and toshare resources
Pods are designed as relatively ephemeral disposable entities
Pods do not self-heal by themselves ndash a higher level abstractiondoes this
IBM Cloud21
Kubernetes ConfigurationsCreate YAML for creating resources on KubernetesYAML ndash Yet Another Markup Language or YAML Ainrsquot Markup Language
Types of structures required in Kubernetes
minus Maps
minus Lists
YAML Maps - let you associate name value pair For example---apiVersion v1kind pod
YAML Maps ndash Create a key that maps to another map---apiVersion v1kind podmetadata
name db2labels
app db2
IBM Cloud22
Kubernetes Configurations ndash Create YAML (continued)YAML Lists are literally a sequence of objects Members in the list can also be maps
---apiVersion v1kind podmetadata
name db2labels
app db2spec
containers- name front-endimage nginxports
- containerPort 80- name db2-oltpimage storeibmcorpdb2_developer_c11144ports
- containerPort 50000
A YAML manifest has four components to define a Kubernetes resourcebull apiVersionbull kindbull metadatabull spec
IBM Cloud23
Kubernetes Workloads ndash Create a Pod
Create a nginx pod ndash icp01yaml--- Simple yaml file to create an nginx podapiVersion v1kind Podmetadata
name nginxlabels
app nginxspec
containers- name nginx
image nginx179ports- containerPort 80
Create the pod
$ kubectl apply -f icp01yaml
podnginx created
Check pod status
$ kubectl get pods
NAME READY STATUS RESTARTS AGE
nginx 11 Running 0 13s
IBM Cloud24
Kubernetes Workloads - ControllersControllers can create and manage pods for you
ReplicaSet
minus A ReplicaSet ensures that a specified number of pod replicas are running at any given time
Deployments
minus Deployment is a higher-level concept that manages ReplicaSets and provides declarative updates to pods
minus Example Create a deployment to rollout a ReplicaSet
StatefulSets
minus StatefulSets represent a set of pods with unique persistent identities and stable hostnames that are maintained regardless where they are scheduled
minus Examples Db2 Redis IBM MQ
DaemonSets
minus A DaemonSet ensures that nodes (all or some) run a copy of pod As nodes are added pods are added to them
minus Example Cluster storage daemon such as glusterd ceph logs collection on each node
Jobs CronJobs
minus A job creates one or more pods and ensures that a specified number of them successfully terminate
IBM Cloud25
Kubernetes Network - Services
Without services Pods are not visible outside the cluster
To enable communication from outside world to the Pods services are created
Internal Service Endpoints ndash Available inside the cluster only
External Service Endpoints - DNS names C-Names or A-records available to access pods
With the help of labels and selectors the services are tied to the pods
Service Types
minus ClusterIP ndash Service is reachable only from inside of the cluster
minus NodePort ndash Service is reachable through NodeIPNodePort
minus LoadBalancer ndash Service is reachable through an external load balancer mapped to NodeIPNodePort address
IBM Cloud26
Kubernetes Storage ndash Volume types
Host-based
minus EmptyDir
minus HostPath
Block Storage
minus IBM Block Storage
minus Amazon EBS
minus GCE Persistent Disk
minus vSphere Volumes
Distributed File System
minus IBM Spectrum Scale
minus NFS
minus Ceph
minus GlusterFS
minus Amazon EFS
minus Azure File System
Other
minus Flocker
minus iSCSI
minus Git Repository
minus Quobyte
IBM Cloud27
Kubernetes Storage ndash Persistence in Pods
Pods are ephemeral and stateless
Applications need persistent storage
Volumes is a way to get persistence to a Pod
Kubernetes volumes are similar to Docker volumes but are managed differently
All containers in a Pod can access the volume
Volumes are associated with the lifecycle of a Pod
Directories in a host are exposed as volumes in Pod
Volumes may be based on a variety of back-end storage types
IBM Cloud28
Kubernetes StoragePersistent volume and persistent volume claim
The Kubernetes Volume abstraction provides
minusPersistent Volume (PV) ndash Provisioned by an administrator
minusPersistent Volume Claim (PVC) ndash Requested by an user and Heketi provisions PVC ndash which creates a PV
minus Storage Class (SC) ndash Storage profiles offered by admins
Persistent
Volume
Block Storage Distributed File System IBM
Spectrum Scale
Worker Node
Pod 1 Pod 1
Persistent
Volume
Claim
IBM Cloud29
Kubernetes SecretsDecouple container with sensitive information
Secret holds sensitive information such as password OAuth tokens and more
Secret is an abstraction to decouple sensitive data
To use a secret Pod needs to reference the secret
Secret can be used in a Pod as files in a volume mounted on one or more containers or used by kubelet when pulling images for the Pod
$ kubectl -n stocktrader
create secret generic db2
--from-literal=id=db2psc
--from-literal=pwd=password
--from-literal=host=dev-ibm-db2oltp-devdefaultsvcclusterlocal
--from-literal=port=50000
--from-literal=db=PSDB
IBM Cloud30
IBM Cloud Private catalog ndash Helm Charts
Db2 chart
DSM chart
IBM Cloud31
IBM Cloud Private catalog ndash What is a Helm Chart
Helm is the package manager in IBM Cloud Private
Tiller is the server that serves the Helm content
Helm charts help to define install and upgrade software in an automated fashion
Helm charts can be deployed using GUI or command line
Software packages are available from IBM Charts Repository
Available at httpsgithubcomIBMcharts
IBM Cloud Private catalog requires internet connectivity to show available charts
In an air-gap environment you can build your own Local Charts repository
IBM Cloud32
IBM Charts Repository httpsgithubcomIBMchartstreemasterstable
Db2 chart
DSM chart
IBM Cloud33
Helm command line ndash Helm and Tiller
Helm is the client and Tiller is the server ndash runs on master node
$ helm version
Client v272+icp
Error cannot connect to Tiller
Use of --tls is required to do Helm operations
$ helm version --tls
Client v272+icp
Server v272+icp
Helm and Tiller version must be same ndash do not download Helm from Internet
IBM Cloud34
Deploying Db2 on Kubernetes
IBM Cloud35
Db2-based Containers running on Kubernetes (Sep 2019)Product Version Worker
Nodes
Pods PVCs Comments
Db2 OLTP 11144 1 1 1
Db2 OLTP HADR 11144 3 5 6 1x Db2 primary 1x Db2 standby 3x etcd for cluster
manager addntl PVC for HADR setup
Data Server
Manager
215 1 2 2 1x DSM 1x Db2 repository database
Includes Db2 111 engine
Db2 Warehouse
SMP
3100 1 1 1 Includes Db2 111 engine
Db2 Warehouse
MPP
3100 3+ 3+ 1 Includes Db2 111 engine
Requires IBM Cloud Pak for Data
Coming soon
minus Red Hat OpenShift Kubernetes support
minus Db2 v115 engine
IBM Cloud36
IBM Cloud Private Kubernetes platform
IBM Cloud37
Before deploying Db2 OLTP to Kubernetes a couple of stepsneed to be performed
Creating a new namespace (optional)
Configuring a pod security policy
Configuring an image pull secret
Configuring the service account
IBM Cloud38
Creating the Namespace for the Db2 OLTP containers
We will create new namespace where all our Pods for Db2 OLTP Db2 OLTP HADR and Data Server Manager will run
Create the namespace for example stock-trader-data
$ kubectl create namespace stock-trader-data
namespacestock-trader-data created
Switch the context to the newly created namespace
$ kubectl config set-context $(kubectl config current-context)
--namespace=stock-trader-data
Context mycluster-context modified
Verify pods There should be no pods running as we just created the namespace$ kubectl get podsNo resources found
IBM Cloud39
Configuring Pod Security Policy for Db2$ cat pre01yamlapiVersion extensionsv1beta1kind PodSecurityPolicymetadata
name db2-privilegesspec
allowPrivilegeEscalation trueprivileged falseallowedCapabilities- SETPCAP- MKNOD- AUDIT_WRITE- CHOWN- NET_RAW- DAC_OVERRIDE- FOWNER- FSETID- KILL- SETGID- SETUID- NET_BIND_SERVICE- SYS_CHROOT- SETFCAP- SYS_RESOURCE- IPC_OWNER- SYS_NICEfsGroup
rule RunAsAnyhostIPC true
hostNetwork falsehostPID falsehostPorts- max 65535
min 1runAsUser
rule RunAsAnyseLinux
rule RunAsAnysupplementalGroups
rule RunAsAnyvolumes-
Configure the pod security policy$ kubectl apply -f pre01yamlpodsecuritypolicyextensionsdb2-privileges configured
Verify the results$ kubectl get psp
db2-privileges false SETPCAPMKNODAUDIT_WRITECHOWNNET_RAWDAC_OVERRIDEFOWNERFSETIDKILLSETGIDSETUIDNET_BIND_SERVICESYS_CHROOTSETFCAPSYS_RESOURCEIPC_OWNERSYS_NICE RunAsAny RunAsAny RunAsAny RunAsAnyfalse
IBM Cloud40
Configuring Image Pull Secret for Db2
We need to create a image pull secret to give Kubernetes the credentials to pull the Db2 Developer-C and DSM images from Docker Hub
The username password and email are the credentials form Docker Hub
Note that you need to subscribe the Db2 and DSM images in Docker Hub first
Configure the image pull secret$ kubectl create secret docker-registry dockerhub
--docker-username=ltyour dockerhub usernamegt--docker-password=ltyour dockerhub passwordgt--docker-email=ltyour dockerhub emailgt--namespace=ltyour namespacegt
secretdockerhub created
Verify the result$ kubectl get secretsNAME TYPE DATA AGEdefault-token-mwvpl kubernetesioservice-account-token 3 17ddockerhub kubernetesiodockerconfigjson 1 13m
IBM Cloud41
Configuring Service Account for Db2$ more pre04yaml---kind ClusterRoleapiVersion rbacauthorizationk8siov1metadataname db2-privileges-cluster-role
rules- apiGroups [extensions]resources [podsecuritypolicies]verbs [use]resourceNames- db2-privileges
---kind ClusterRoleBindingapiVersion rbacauthorizationk8siov1metadataname db2-privileges-cluster-role-binding
roleRefkind ClusterRolename db2-privileges-cluster-roleapiGroup rbacauthorizationk8sio
subjects- kind ServiceAccountname defaultnamespace stock-trader-data
The YAML specification file that defines the cluster role and the cluster role binding for the service account
Configure the service account$ kubectl apply -f pre04yamlclusterrolerbacauthorizationk8siodb2-privileges-cluster-role createdclusterrolebindingrbacauthorizationk8siodb2-privileges-cluster-role-binding created
Verify the results$ kubectl get psp
db2-privileges false SETPCAPMKNODAUDIT_WRITECHOWNNET_RAWDAC_OVERRIDEFOWNERFSETIDKILLSETGIDSETUIDNET_BIND_SERVICESYS_CHROOTSETFCAPSYS_RESOURCEIPC_OWNERSYS_NICE RunAsAny RunAsAny RunAsAnyRunAsAny false
IBM Cloud42
Helm Charts for Db2 and DSM
IBM Cloud43
Helm install command to deploy Db2 OLTP on Kubernetes
Installing Db2 OLTP server with one database in 2 minutes
$ helm install --name db2-01 ibm-chartsibm-db2oltp-dev
--tls
--set db2instinstname=db2inst1
--set db2instpassword=passw0rd
--set optionsdatabaseName=MYDB
--set dataVolumesize=20Gi
Size of the
Db2 data
volume
Name of database that
will be created
If not specified no
database will be
created
Instance
owner name
Instance owner
password
Db2 OLTP
Helm chart
name
Helm release
name
different for each
deployment
Additional parameters available for example to enable Oracle compatibilitySee httpsgithubcomIBMchartstreemasterstableibm-db2oltp-dev
IBM Cloud44
Letrsquos verify if we can connect to the MYDB database (1)
Get list of running pods and verify that Db2 OLTP pod is running
$ kubectl get podsNAME READY STATUS RESTARTS AGEdb2-01-ibm-db2oltp-dev-0 11 Running 1 7h57m
Review the logs of the Db2 OLTP container
$ kubectl logs -f db2-01-ibm-db2oltp-dev-009152019 160430 0 0 SQL1063N DB2START processing was successfulSQL1063N DB2START processing was successful() Starting TEXT SEARCH service CIE00001 Operation completed successfullyssh-keygen generating new host keys RSA1 RSA DSA ECDSA ED25519() All databases are now active() Setup has completed
IBM Cloud45
Letrsquos verify if we can connect to the MYDB database (2)
Login to the Db2 OLTP container and connect to MYDB Db2 database
$ kubectl exec -it db2-01-ibm-db2oltp-dev-0 --binbash su - db2inst1Last login Sun Sep 15 161711 UTC 2019$ db2 connect to MYDB
Database Connection Information
Database server = DB2LINUXX8664 11144SQL authorization ID = DB2INST1Local database alias = MYDB
IBM Cloud46
Cataloging the MYDB database
We need to catalog the MYDB database to access from Db2 client
binbash
NODE_PORT=$(kubectl get --namespace stock-trader-data
-o jsonpath=specports[0]nodePort services db2-01-ibm-db2oltp-dev-db2)
echo Cataloging node db2tcp1
db2 -v uncatalog node DB2TCP1
db2 -v catalog tcpip node DB2TCP1 remote 19216827100 server $NODE_PORT
echo Cataloging database MYDB at node db2tcp1
db2 -v uncatalog database MYDB
db2 -v catalog database MYDB at node DB2TCP1
db2 terminate
We get the Db2 port
from the Db2 OLTP
helm release service
definition
IBM Cloud47
Kubernetes resources for Db2 OLTP$ helm status db2-01 --tlsNAME db2-01LAST DEPLOYED Sun Sep 15 081114 2019NAMESPACE stock-trader-dataSTATUS DEPLOYEDRESOURCES==gt v1SecretNAME TYPE DATA AGEdb2-01-ibm-db2oltp-dev Opaque 1 1s==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
db2-01-data-stor Bound vol12 20Gi RWO 1s
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
db2-01-ibm-db2oltp-dev-db2 NodePort 100050 ltnonegt 5000030463TCP5500032236TCP 1sdb2-01-ibm-db2oltp-dev ClusterIP None ltnonegt 50000TCP55000TCP60006TCP60007TCP 1s==gt v1StatefulSetNAME DESIRED CURRENT AGE
db2-01-ibm-db2oltp-dev 1 1 1s
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdb2-01-ibm-db2oltp-dev-0 01 Init01 0 1s 1 Pod runs
the Db2
container
2 Services for
Db2 1x external
1x internal
1 StatefulSet
DESIRED = 1
1 PVC (RWO) for db
files logs amp config
1 Secret
Db2 instance
owner password
IBM Cloud48
Helm install command for deploying Db2 OLTP HADR
Setting up a Db2 OLTP v111 HADR cluster pair in 5 minutes with 1 command
helm install --name db2-02 ibm-chartsibm-db2oltp-dev
--tls
--set db2instinstname=db2inst1
--set db2instpassword=passw0rd
--set optionsdatabaseName=HADB
--set dataVolumesize=20Gi--set hadrenabled=true
Additional parameter
hadrenabled set to true to
indicate that we want a
HADR setup
IBM Cloud49
Verify that Db2 HADR is working
IBM Cloud50
Kubernetes resources for Db2 OTLP HADRNAME db2-02LAST DEPLOYED Tue Sep 17 082433 2019NAMESPACE stock-trader-dataSTATUS DEPLOYEDRESOURCES==gt v1SecretNAME TYPE DATA AGEdb2-02-ibm-db2oltp-dev Opaque 1 1s==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
db2-02-hadr-stor Bound vol09 20Gi RWX 1s
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
db2-02-ibm-db2oltp-dev-db2 NodePort 100061 ltnonegt 5000032422TCP5500032181TCP 1sdb2-02-ibm-db2oltp-dev ClusterIP None ltnonegt 50000TCP55000TCP60006TCP60007TCP 1sdb2-02-ibm-db2oltp-dev-etcd ClusterIP None ltnonegt 2380TCP2379TCP 1s==gt v1StatefulSetNAME DESIRED CURRENT AGE
db2-02-ibm-db2oltp-dev 2 2 1s
==gt v1beta2StatefulSet
db2-02-ibm-db2oltp-dev-etcd 3 0 1s
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdb2-02-ibm-db2oltp-dev-0 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-1 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-etcd-0 01 ContainerCreating 0 1sdb2-02-ibm-db2oltp-dev-etcd-1 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-etcd-2 01 Pending 0 1s
5 Pods
2x Db2 3x etcd
3 Services
2x Db2 1x etcd
2 StatefulSets
Db2 DESIRED=2
etcd DESIRED=3
1 PVC (RWX)
for HADR setup (1)
1 Secret
Db2 instance
owner password
(1) 5 addntl PVCs are being created
implicitly for 2x Db2 and 3x etcd
IBM Cloud51
Kubernetes Job to deploy SQL $ cat single04yamlapiVersion batchv1kind Jobmetadata
name db2-01-create-database-schemaspec
templatespec
containers- name db2-01-create-database-schema
image storeibmcorpdb2_developer_c11144-x86_64command [ binsh-cscriptsdb2-setupsh ]volumeMounts- name db2-createschema
mountPath scriptssecurityContext
capabilitiesadd [SYS_RESOURCE IPC_OWNER SYS_NICE]
env- name LICENSE
value accept- name DB2INSTANCE
value db2inst1- name DB2INST1_PASSWORD
valueFromsecretKeyRef
name db2-01-ibm-db2oltp-devkey password
- name DB2_SERVICE_NAMEvalue db2-01-ibm-db2oltp-dev
- name DBNAMEvalue mydb
restartPolicy Nevervolumes- name db2-createschema
configMapname db2-createschemadefaultMode 0744
backoffLimit 1---apiVersion v1data
db2-setupsh |binshexport SETUPDIR=vardb2_setupsource $SETUPDIRincludedb2_constantssource $SETUPDIRincludedb2_common_functionsif getent passwd $DB2INSTANCE gt devnull 2gtamp1 then
echo () Previous setup has not been detected Creating create_users
fiif create_instance then
exit 1fistart_db2cp scriptsdb2-createschemash databasedb2-createschemashchmod +x databasedb2-createschemashsu - $DB2INSTANCE -c databasedb2-createschemash
$DB2_SERVICE_NAME $DB2INSTANCEldquo$DB2INST1_PASSWORD $DBNAME
IBM Cloud52
Kubernetes Job to deploy SQL (contrsquod)db2-createschemash |
binshDB2_SERVICE_NAME=$1DB2INSTANCE=$2DB2INST1_PASSWORD=$3DBNAME=$4echo Configure schema for database $DBNAME on host $DB2_SERVICE_NAMEdb2 catalog tcpip node DB2NODE remote $DB2_SERVICE_NAME server 50000db2 catalog db $DBNAME as $DBNAME at node DB2NODEdb2 terminatedb2 activate database $DBNAME user $DB2INSTANCE using $DB2INST1_PASSWORDdb2 connect to $DBNAME user $DB2INSTANCE using $DB2INST1_PASSWORDsleep 2db2 -tvmf scriptsps-bp-tbspsqlsleep 10db2 -tvmf scriptsps-tablessqlecho Database $DBNAME has been configured
ps-bp-tbspsql |CREATE BUFFERPOOL BP32K PAGESIZE 32KCREATE TABLESPACE TS32 PAGESIZE 32K BUFFERPOOL BP32K
ps-tablessql |CREATE TABLE PS_TABLE(PS_TABLE_ID INTEGER NOT NULL GENERATED ALWAYS AS IDENTITY (START WITH 100000 INCREMENT BY 5) [hellip] IN TS32INSERT INTO PS_TABLE (SSNFIRST_NAMELAST_NAMEJOB_CODEDEPTSALARYDOB) WITH TEMP1 [hellip] CREATE TABLE PS_HISTORY ( FIRSTNAME VARCHAR(20) NOT NULL LASTNAME VARCHAR(20) NOT NULL JOBCODE CHAR(4) NOT NULL ) IN TS32 GRANT ALL ON ps_table TO PUBLICGRANT ALL ON ps_history TO PUBLIC
kind ConfigMapmetadata
name db2-createschema
IBM Cloud53
Deploying the Job to run the SQL
We deploy the Kubernetes job that runs the SQL on the MYDB database
$ kubectl apply ndashf single04yaml
jobbatchdb2-01-create-database-schema created
configmapdb2-createschema configured
We verify that the job has been created
$ kubectl get jobs
NAME COMPLETIONS DURATION AGE
db2-01-create-database-schema 01 0s 0s
Eventually the job completes
$ kubectl get jobs
NAME COMPLETIONS DURATION AGE
db2-01-create-database-schema 11 109s 45m
IBM Cloud54
Verifying the logs from the Job that runs the SQL on MYDBWe run a script to retrieve the logs form the job
binbash
kubectl config set-context $(kubectl config current-context) --namespace=stock-trader-data
pod=$(kubectl get pods --selector=job-name=db2-01-create-database-schema --output=jsonpath=items[]metadataname)
kubectl logs -f $pod
Output
[hellip]
DB20000I The SQL command completed successfully
GRANT ALL ON ps_table TO PUBLIC
DB20000I The SQL command completed successfully
GRANT ALL ON ps_history TO PUBLIC
DB20000I The SQL command completed successfully
Database mydb has been configured
IBM Cloud55
Deploying Data Server Manager (DSM) with the GUI
IBM Cloud56
Deploying Data Server Manager (DSM) with the GUI (2)
IBM Cloud57
Getting the URL of Data Server Manager
We need to query Kubernetes for the URL of the DSM GUI
binbash
export NODE_PORT=$(kubectl get --namespace stock-trader-data -o jsonpath=spec
ports[1]nodePort services dsm-01-ibm-dsm-dev)
export NODE_IP=$(kubectl get nodes --namespace stock-trader-data -o jsonpath=
items[0]statusaddresses[0]address)
echo https$NODE_IP$NODE_PORT
=gt https1921682710030462 (can be different on your system)
IBM Cloud58
Accessing Data Server Manager
IBM Cloud59
Data Server Manager HomepageAll Db2 OLTP instances running in the
same namespace as DSM will be auto-
discovered and monitored by DSM
IBM Cloud60
DSM Kubernetes resources (12)$ helm status dsm-01 --tlsLAST DEPLOYED Mon Sep 16 120102 2019NAMESPACE stock-trader-dataSTATUS DEPLOYED
RESOURCES==gt v1RoleBindingNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGEdsm-01-repository NodePort 1000233 ltnonegt 5000032695TCP5500032203TCP 8mdsm-01-ibm-dsm-dev NodePort 100085 ltnonegt 1108032444TCP1108130462TCP 8m
==gt v1beta1DeploymentNAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGEdsm-01-repository 1 1 1 1 8mdsm-01-ibm-dsm-dev 1 1 1 1 8m
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdsm-01-repository-76f87d47d4-dlqh4 11 Running 0 8mdsm-01-ibm-dsm-dev-b976d89bd-dflqn 22 Running 0 8m
2 RoleBindings
2 Services
1x Db2 (repodb)
1x DSM
2 Deployments
2 Pods
1 Db2 1 DSM
IBM Cloud61
DSM Kubernetes resources (22)
[hellip]==gt v1SecretNAME TYPE DATA AGEdsm-01-repository-db2-passwd Opaque 1 8mdsm-01-ibm-dsm-dev-dsm-passwd Opaque 1 8m
==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGEdsm-01-repository-data-stor Bound vol14 20Gi RWO 8mdsm-01-ibm-dsm-dev-datavolume Bound vol12 20Gi RWO 8m
==gt v1ServiceAccountNAME SECRETS AGEdsm-repodb-dsm-01-repository 1 8mdsm-dsm-01-ibm-dsm-dev 1 8m
==gt v1RoleNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
2 Secrets 1 DSM
asmin 1 Db2
instance owner
2 PVCs 1 DSM
Db2
3 Roles
IBM Cloud62
Additional Resources
IBM Cloud63
Additional Resources ndash Kubernetes Docker Helm
Kubernetes
minus httpskubernetesiodocstutorialskubernetes-basics
Kubernetes in the Enterprise eBook
minus ibmbizBdYA4i
Docker
minus httpsdocsdockercomget-started
Docker Hub
minus httpshubdockercom
Helm
minus httpshelmshdocs
IBM Cloud64
Additional Resources ndash IBM Cloud Private OpenShift
IBM Cloud Private Documentation
minus httpswwwibmcomsupportknowledgecenterenSSBS6K_320kc_welcome_containershtml
Deploy IBM Cloud Private Community Edition using Vagrant
minus httpsgithubcomIBMdeploy-ibm-cloud-privateblobmasterdocsdeploy-vagrantmd
Red Hat OpenShift Container Platform Documentation
minus httpsdocsopenshiftcomcontainer-platform41welcomeindexhtml
IBM Cloud65
Additional Resources ndash Db2 Db2Wh DSMDb2 Integration into IBM Cloud Private
minus httpsdeveloperibmcomrecipestutorialsdb2-integration-into-ibm-cloud-private
Db2 on IBM Cloud Private with Red Hat OpenShift
minus httpsdeveloperibmcomrecipestutorialsibm-db2-on-ibm-cloud-private-with-redhat-openshift
IBM Db2 Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-db2oltp-dev
IBM Data Server Manager Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-dsm-dev
Deploying Db2 Warehouse SMP using Kubernetes
minus httpswwwibmcomsupportknowledgecenterenSSCJDQcomibmswgimdashdbdocadmindeploy_kubernetes_smphtml
Deploying Db2 Warehouse SMP and MPP on IBM Cloud Pak for Data
minus httpswwwibmcomsupportknowledgecenterenSSQNUZ_210comibmicpdatadoczenadmindb-reqshtmldb-reqs__db2warehouse
IBM Cloud66
Presentation on Db2 and Docker from Db2 Aktuell 2018
IBM Cloud67
Summary
IBM Cloud68
Summary
Micro Services and Containers
Kubernetes Basics
Deploying Db2 on Kubernetes
minus Db2 OLTP Single Server
minus Db2 OLTP HADR
minus Data Server Manager (DSM)
Additional Resources
Summary
IBM Cloud69
Claus Huempel IBM Deutschland GmbH
Karl-Arnold-Platz 1a
Technical Sales Professional 40474 Duesseldorf
Hybrid Data Management Germany
Mobile +49-177-3627278
Email chuempeldeibmcom
Thank You
IBM Cloud70
IBM Cloud20
Kubernetes WorkloadsPod ndash the basic building block for Kubernetes
Smallest and simplest unit in Kubernetes object model
Pod encapsulates an application container (or multiple containers) storage resources a unique network IP and options that govern how the container should run
Pod is a unit of deployment
Pod runs one or more containers as a unit
Docker is the container runtime used in IBM Cloud Private
One-container-per-pod model is most common use case
Kubernetes manages the pod rather than containers directly
Pods can run multiple containers that need to work together and toshare resources
Pods are designed as relatively ephemeral disposable entities
Pods do not self-heal by themselves ndash a higher level abstractiondoes this
IBM Cloud21
Kubernetes ConfigurationsCreate YAML for creating resources on KubernetesYAML ndash Yet Another Markup Language or YAML Ainrsquot Markup Language
Types of structures required in Kubernetes
minus Maps
minus Lists
YAML Maps - let you associate name value pair For example---apiVersion v1kind pod
YAML Maps ndash Create a key that maps to another map---apiVersion v1kind podmetadata
name db2labels
app db2
IBM Cloud22
Kubernetes Configurations ndash Create YAML (continued)YAML Lists are literally a sequence of objects Members in the list can also be maps
---apiVersion v1kind podmetadata
name db2labels
app db2spec
containers- name front-endimage nginxports
- containerPort 80- name db2-oltpimage storeibmcorpdb2_developer_c11144ports
- containerPort 50000
A YAML manifest has four components to define a Kubernetes resourcebull apiVersionbull kindbull metadatabull spec
IBM Cloud23
Kubernetes Workloads ndash Create a Pod
Create a nginx pod ndash icp01yaml--- Simple yaml file to create an nginx podapiVersion v1kind Podmetadata
name nginxlabels
app nginxspec
containers- name nginx
image nginx179ports- containerPort 80
Create the pod
$ kubectl apply -f icp01yaml
podnginx created
Check pod status
$ kubectl get pods
NAME READY STATUS RESTARTS AGE
nginx 11 Running 0 13s
IBM Cloud24
Kubernetes Workloads - ControllersControllers can create and manage pods for you
ReplicaSet
minus A ReplicaSet ensures that a specified number of pod replicas are running at any given time
Deployments
minus Deployment is a higher-level concept that manages ReplicaSets and provides declarative updates to pods
minus Example Create a deployment to rollout a ReplicaSet
StatefulSets
minus StatefulSets represent a set of pods with unique persistent identities and stable hostnames that are maintained regardless where they are scheduled
minus Examples Db2 Redis IBM MQ
DaemonSets
minus A DaemonSet ensures that nodes (all or some) run a copy of pod As nodes are added pods are added to them
minus Example Cluster storage daemon such as glusterd ceph logs collection on each node
Jobs CronJobs
minus A job creates one or more pods and ensures that a specified number of them successfully terminate
IBM Cloud25
Kubernetes Network - Services
Without services Pods are not visible outside the cluster
To enable communication from outside world to the Pods services are created
Internal Service Endpoints ndash Available inside the cluster only
External Service Endpoints - DNS names C-Names or A-records available to access pods
With the help of labels and selectors the services are tied to the pods
Service Types
minus ClusterIP ndash Service is reachable only from inside of the cluster
minus NodePort ndash Service is reachable through NodeIPNodePort
minus LoadBalancer ndash Service is reachable through an external load balancer mapped to NodeIPNodePort address
IBM Cloud26
Kubernetes Storage ndash Volume types
Host-based
minus EmptyDir
minus HostPath
Block Storage
minus IBM Block Storage
minus Amazon EBS
minus GCE Persistent Disk
minus vSphere Volumes
Distributed File System
minus IBM Spectrum Scale
minus NFS
minus Ceph
minus GlusterFS
minus Amazon EFS
minus Azure File System
Other
minus Flocker
minus iSCSI
minus Git Repository
minus Quobyte
IBM Cloud27
Kubernetes Storage ndash Persistence in Pods
Pods are ephemeral and stateless
Applications need persistent storage
Volumes is a way to get persistence to a Pod
Kubernetes volumes are similar to Docker volumes but are managed differently
All containers in a Pod can access the volume
Volumes are associated with the lifecycle of a Pod
Directories in a host are exposed as volumes in Pod
Volumes may be based on a variety of back-end storage types
IBM Cloud28
Kubernetes StoragePersistent volume and persistent volume claim
The Kubernetes Volume abstraction provides
minusPersistent Volume (PV) ndash Provisioned by an administrator
minusPersistent Volume Claim (PVC) ndash Requested by an user and Heketi provisions PVC ndash which creates a PV
minus Storage Class (SC) ndash Storage profiles offered by admins
Persistent
Volume
Block Storage Distributed File System IBM
Spectrum Scale
Worker Node
Pod 1 Pod 1
Persistent
Volume
Claim
IBM Cloud29
Kubernetes SecretsDecouple container with sensitive information
Secret holds sensitive information such as password OAuth tokens and more
Secret is an abstraction to decouple sensitive data
To use a secret Pod needs to reference the secret
Secret can be used in a Pod as files in a volume mounted on one or more containers or used by kubelet when pulling images for the Pod
$ kubectl -n stocktrader
create secret generic db2
--from-literal=id=db2psc
--from-literal=pwd=password
--from-literal=host=dev-ibm-db2oltp-devdefaultsvcclusterlocal
--from-literal=port=50000
--from-literal=db=PSDB
IBM Cloud30
IBM Cloud Private catalog ndash Helm Charts
Db2 chart
DSM chart
IBM Cloud31
IBM Cloud Private catalog ndash What is a Helm Chart
Helm is the package manager in IBM Cloud Private
Tiller is the server that serves the Helm content
Helm charts help to define install and upgrade software in an automated fashion
Helm charts can be deployed using GUI or command line
Software packages are available from IBM Charts Repository
Available at httpsgithubcomIBMcharts
IBM Cloud Private catalog requires internet connectivity to show available charts
In an air-gap environment you can build your own Local Charts repository
IBM Cloud32
IBM Charts Repository httpsgithubcomIBMchartstreemasterstable
Db2 chart
DSM chart
IBM Cloud33
Helm command line ndash Helm and Tiller
Helm is the client and Tiller is the server ndash runs on master node
$ helm version
Client v272+icp
Error cannot connect to Tiller
Use of --tls is required to do Helm operations
$ helm version --tls
Client v272+icp
Server v272+icp
Helm and Tiller version must be same ndash do not download Helm from Internet
IBM Cloud34
Deploying Db2 on Kubernetes
IBM Cloud35
Db2-based Containers running on Kubernetes (Sep 2019)Product Version Worker
Nodes
Pods PVCs Comments
Db2 OLTP 11144 1 1 1
Db2 OLTP HADR 11144 3 5 6 1x Db2 primary 1x Db2 standby 3x etcd for cluster
manager addntl PVC for HADR setup
Data Server
Manager
215 1 2 2 1x DSM 1x Db2 repository database
Includes Db2 111 engine
Db2 Warehouse
SMP
3100 1 1 1 Includes Db2 111 engine
Db2 Warehouse
MPP
3100 3+ 3+ 1 Includes Db2 111 engine
Requires IBM Cloud Pak for Data
Coming soon
minus Red Hat OpenShift Kubernetes support
minus Db2 v115 engine
IBM Cloud36
IBM Cloud Private Kubernetes platform
IBM Cloud37
Before deploying Db2 OLTP to Kubernetes a couple of stepsneed to be performed
Creating a new namespace (optional)
Configuring a pod security policy
Configuring an image pull secret
Configuring the service account
IBM Cloud38
Creating the Namespace for the Db2 OLTP containers
We will create new namespace where all our Pods for Db2 OLTP Db2 OLTP HADR and Data Server Manager will run
Create the namespace for example stock-trader-data
$ kubectl create namespace stock-trader-data
namespacestock-trader-data created
Switch the context to the newly created namespace
$ kubectl config set-context $(kubectl config current-context)
--namespace=stock-trader-data
Context mycluster-context modified
Verify pods There should be no pods running as we just created the namespace$ kubectl get podsNo resources found
IBM Cloud39
Configuring Pod Security Policy for Db2$ cat pre01yamlapiVersion extensionsv1beta1kind PodSecurityPolicymetadata
name db2-privilegesspec
allowPrivilegeEscalation trueprivileged falseallowedCapabilities- SETPCAP- MKNOD- AUDIT_WRITE- CHOWN- NET_RAW- DAC_OVERRIDE- FOWNER- FSETID- KILL- SETGID- SETUID- NET_BIND_SERVICE- SYS_CHROOT- SETFCAP- SYS_RESOURCE- IPC_OWNER- SYS_NICEfsGroup
rule RunAsAnyhostIPC true
hostNetwork falsehostPID falsehostPorts- max 65535
min 1runAsUser
rule RunAsAnyseLinux
rule RunAsAnysupplementalGroups
rule RunAsAnyvolumes-
Configure the pod security policy$ kubectl apply -f pre01yamlpodsecuritypolicyextensionsdb2-privileges configured
Verify the results$ kubectl get psp
db2-privileges false SETPCAPMKNODAUDIT_WRITECHOWNNET_RAWDAC_OVERRIDEFOWNERFSETIDKILLSETGIDSETUIDNET_BIND_SERVICESYS_CHROOTSETFCAPSYS_RESOURCEIPC_OWNERSYS_NICE RunAsAny RunAsAny RunAsAny RunAsAnyfalse
IBM Cloud40
Configuring Image Pull Secret for Db2
We need to create a image pull secret to give Kubernetes the credentials to pull the Db2 Developer-C and DSM images from Docker Hub
The username password and email are the credentials form Docker Hub
Note that you need to subscribe the Db2 and DSM images in Docker Hub first
Configure the image pull secret$ kubectl create secret docker-registry dockerhub
--docker-username=ltyour dockerhub usernamegt--docker-password=ltyour dockerhub passwordgt--docker-email=ltyour dockerhub emailgt--namespace=ltyour namespacegt
secretdockerhub created
Verify the result$ kubectl get secretsNAME TYPE DATA AGEdefault-token-mwvpl kubernetesioservice-account-token 3 17ddockerhub kubernetesiodockerconfigjson 1 13m
IBM Cloud41
Configuring Service Account for Db2$ more pre04yaml---kind ClusterRoleapiVersion rbacauthorizationk8siov1metadataname db2-privileges-cluster-role
rules- apiGroups [extensions]resources [podsecuritypolicies]verbs [use]resourceNames- db2-privileges
---kind ClusterRoleBindingapiVersion rbacauthorizationk8siov1metadataname db2-privileges-cluster-role-binding
roleRefkind ClusterRolename db2-privileges-cluster-roleapiGroup rbacauthorizationk8sio
subjects- kind ServiceAccountname defaultnamespace stock-trader-data
The YAML specification file that defines the cluster role and the cluster role binding for the service account
Configure the service account$ kubectl apply -f pre04yamlclusterrolerbacauthorizationk8siodb2-privileges-cluster-role createdclusterrolebindingrbacauthorizationk8siodb2-privileges-cluster-role-binding created
Verify the results$ kubectl get psp
db2-privileges false SETPCAPMKNODAUDIT_WRITECHOWNNET_RAWDAC_OVERRIDEFOWNERFSETIDKILLSETGIDSETUIDNET_BIND_SERVICESYS_CHROOTSETFCAPSYS_RESOURCEIPC_OWNERSYS_NICE RunAsAny RunAsAny RunAsAnyRunAsAny false
IBM Cloud42
Helm Charts for Db2 and DSM
IBM Cloud43
Helm install command to deploy Db2 OLTP on Kubernetes
Installing Db2 OLTP server with one database in 2 minutes
$ helm install --name db2-01 ibm-chartsibm-db2oltp-dev
--tls
--set db2instinstname=db2inst1
--set db2instpassword=passw0rd
--set optionsdatabaseName=MYDB
--set dataVolumesize=20Gi
Size of the
Db2 data
volume
Name of database that
will be created
If not specified no
database will be
created
Instance
owner name
Instance owner
password
Db2 OLTP
Helm chart
name
Helm release
name
different for each
deployment
Additional parameters available for example to enable Oracle compatibilitySee httpsgithubcomIBMchartstreemasterstableibm-db2oltp-dev
IBM Cloud44
Letrsquos verify if we can connect to the MYDB database (1)
Get list of running pods and verify that Db2 OLTP pod is running
$ kubectl get podsNAME READY STATUS RESTARTS AGEdb2-01-ibm-db2oltp-dev-0 11 Running 1 7h57m
Review the logs of the Db2 OLTP container
$ kubectl logs -f db2-01-ibm-db2oltp-dev-009152019 160430 0 0 SQL1063N DB2START processing was successfulSQL1063N DB2START processing was successful() Starting TEXT SEARCH service CIE00001 Operation completed successfullyssh-keygen generating new host keys RSA1 RSA DSA ECDSA ED25519() All databases are now active() Setup has completed
IBM Cloud45
Letrsquos verify if we can connect to the MYDB database (2)
Login to the Db2 OLTP container and connect to MYDB Db2 database
$ kubectl exec -it db2-01-ibm-db2oltp-dev-0 --binbash su - db2inst1Last login Sun Sep 15 161711 UTC 2019$ db2 connect to MYDB
Database Connection Information
Database server = DB2LINUXX8664 11144SQL authorization ID = DB2INST1Local database alias = MYDB
IBM Cloud46
Cataloging the MYDB database
We need to catalog the MYDB database to access from Db2 client
binbash
NODE_PORT=$(kubectl get --namespace stock-trader-data
-o jsonpath=specports[0]nodePort services db2-01-ibm-db2oltp-dev-db2)
echo Cataloging node db2tcp1
db2 -v uncatalog node DB2TCP1
db2 -v catalog tcpip node DB2TCP1 remote 19216827100 server $NODE_PORT
echo Cataloging database MYDB at node db2tcp1
db2 -v uncatalog database MYDB
db2 -v catalog database MYDB at node DB2TCP1
db2 terminate
We get the Db2 port
from the Db2 OLTP
helm release service
definition
IBM Cloud47
Kubernetes resources for Db2 OLTP$ helm status db2-01 --tlsNAME db2-01LAST DEPLOYED Sun Sep 15 081114 2019NAMESPACE stock-trader-dataSTATUS DEPLOYEDRESOURCES==gt v1SecretNAME TYPE DATA AGEdb2-01-ibm-db2oltp-dev Opaque 1 1s==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
db2-01-data-stor Bound vol12 20Gi RWO 1s
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
db2-01-ibm-db2oltp-dev-db2 NodePort 100050 ltnonegt 5000030463TCP5500032236TCP 1sdb2-01-ibm-db2oltp-dev ClusterIP None ltnonegt 50000TCP55000TCP60006TCP60007TCP 1s==gt v1StatefulSetNAME DESIRED CURRENT AGE
db2-01-ibm-db2oltp-dev 1 1 1s
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdb2-01-ibm-db2oltp-dev-0 01 Init01 0 1s 1 Pod runs
the Db2
container
2 Services for
Db2 1x external
1x internal
1 StatefulSet
DESIRED = 1
1 PVC (RWO) for db
files logs amp config
1 Secret
Db2 instance
owner password
IBM Cloud48
Helm install command for deploying Db2 OLTP HADR
Setting up a Db2 OLTP v111 HADR cluster pair in 5 minutes with 1 command
helm install --name db2-02 ibm-chartsibm-db2oltp-dev
--tls
--set db2instinstname=db2inst1
--set db2instpassword=passw0rd
--set optionsdatabaseName=HADB
--set dataVolumesize=20Gi--set hadrenabled=true
Additional parameter
hadrenabled set to true to
indicate that we want a
HADR setup
IBM Cloud49
Verify that Db2 HADR is working
IBM Cloud50
Kubernetes resources for Db2 OTLP HADRNAME db2-02LAST DEPLOYED Tue Sep 17 082433 2019NAMESPACE stock-trader-dataSTATUS DEPLOYEDRESOURCES==gt v1SecretNAME TYPE DATA AGEdb2-02-ibm-db2oltp-dev Opaque 1 1s==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
db2-02-hadr-stor Bound vol09 20Gi RWX 1s
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
db2-02-ibm-db2oltp-dev-db2 NodePort 100061 ltnonegt 5000032422TCP5500032181TCP 1sdb2-02-ibm-db2oltp-dev ClusterIP None ltnonegt 50000TCP55000TCP60006TCP60007TCP 1sdb2-02-ibm-db2oltp-dev-etcd ClusterIP None ltnonegt 2380TCP2379TCP 1s==gt v1StatefulSetNAME DESIRED CURRENT AGE
db2-02-ibm-db2oltp-dev 2 2 1s
==gt v1beta2StatefulSet
db2-02-ibm-db2oltp-dev-etcd 3 0 1s
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdb2-02-ibm-db2oltp-dev-0 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-1 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-etcd-0 01 ContainerCreating 0 1sdb2-02-ibm-db2oltp-dev-etcd-1 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-etcd-2 01 Pending 0 1s
5 Pods
2x Db2 3x etcd
3 Services
2x Db2 1x etcd
2 StatefulSets
Db2 DESIRED=2
etcd DESIRED=3
1 PVC (RWX)
for HADR setup (1)
1 Secret
Db2 instance
owner password
(1) 5 addntl PVCs are being created
implicitly for 2x Db2 and 3x etcd
IBM Cloud51
Kubernetes Job to deploy SQL $ cat single04yamlapiVersion batchv1kind Jobmetadata
name db2-01-create-database-schemaspec
templatespec
containers- name db2-01-create-database-schema
image storeibmcorpdb2_developer_c11144-x86_64command [ binsh-cscriptsdb2-setupsh ]volumeMounts- name db2-createschema
mountPath scriptssecurityContext
capabilitiesadd [SYS_RESOURCE IPC_OWNER SYS_NICE]
env- name LICENSE
value accept- name DB2INSTANCE
value db2inst1- name DB2INST1_PASSWORD
valueFromsecretKeyRef
name db2-01-ibm-db2oltp-devkey password
- name DB2_SERVICE_NAMEvalue db2-01-ibm-db2oltp-dev
- name DBNAMEvalue mydb
restartPolicy Nevervolumes- name db2-createschema
configMapname db2-createschemadefaultMode 0744
backoffLimit 1---apiVersion v1data
db2-setupsh |binshexport SETUPDIR=vardb2_setupsource $SETUPDIRincludedb2_constantssource $SETUPDIRincludedb2_common_functionsif getent passwd $DB2INSTANCE gt devnull 2gtamp1 then
echo () Previous setup has not been detected Creating create_users
fiif create_instance then
exit 1fistart_db2cp scriptsdb2-createschemash databasedb2-createschemashchmod +x databasedb2-createschemashsu - $DB2INSTANCE -c databasedb2-createschemash
$DB2_SERVICE_NAME $DB2INSTANCEldquo$DB2INST1_PASSWORD $DBNAME
IBM Cloud52
Kubernetes Job to deploy SQL (contrsquod)db2-createschemash |
binshDB2_SERVICE_NAME=$1DB2INSTANCE=$2DB2INST1_PASSWORD=$3DBNAME=$4echo Configure schema for database $DBNAME on host $DB2_SERVICE_NAMEdb2 catalog tcpip node DB2NODE remote $DB2_SERVICE_NAME server 50000db2 catalog db $DBNAME as $DBNAME at node DB2NODEdb2 terminatedb2 activate database $DBNAME user $DB2INSTANCE using $DB2INST1_PASSWORDdb2 connect to $DBNAME user $DB2INSTANCE using $DB2INST1_PASSWORDsleep 2db2 -tvmf scriptsps-bp-tbspsqlsleep 10db2 -tvmf scriptsps-tablessqlecho Database $DBNAME has been configured
ps-bp-tbspsql |CREATE BUFFERPOOL BP32K PAGESIZE 32KCREATE TABLESPACE TS32 PAGESIZE 32K BUFFERPOOL BP32K
ps-tablessql |CREATE TABLE PS_TABLE(PS_TABLE_ID INTEGER NOT NULL GENERATED ALWAYS AS IDENTITY (START WITH 100000 INCREMENT BY 5) [hellip] IN TS32INSERT INTO PS_TABLE (SSNFIRST_NAMELAST_NAMEJOB_CODEDEPTSALARYDOB) WITH TEMP1 [hellip] CREATE TABLE PS_HISTORY ( FIRSTNAME VARCHAR(20) NOT NULL LASTNAME VARCHAR(20) NOT NULL JOBCODE CHAR(4) NOT NULL ) IN TS32 GRANT ALL ON ps_table TO PUBLICGRANT ALL ON ps_history TO PUBLIC
kind ConfigMapmetadata
name db2-createschema
IBM Cloud53
Deploying the Job to run the SQL
We deploy the Kubernetes job that runs the SQL on the MYDB database
$ kubectl apply ndashf single04yaml
jobbatchdb2-01-create-database-schema created
configmapdb2-createschema configured
We verify that the job has been created
$ kubectl get jobs
NAME COMPLETIONS DURATION AGE
db2-01-create-database-schema 01 0s 0s
Eventually the job completes
$ kubectl get jobs
NAME COMPLETIONS DURATION AGE
db2-01-create-database-schema 11 109s 45m
IBM Cloud54
Verifying the logs from the Job that runs the SQL on MYDBWe run a script to retrieve the logs form the job
binbash
kubectl config set-context $(kubectl config current-context) --namespace=stock-trader-data
pod=$(kubectl get pods --selector=job-name=db2-01-create-database-schema --output=jsonpath=items[]metadataname)
kubectl logs -f $pod
Output
[hellip]
DB20000I The SQL command completed successfully
GRANT ALL ON ps_table TO PUBLIC
DB20000I The SQL command completed successfully
GRANT ALL ON ps_history TO PUBLIC
DB20000I The SQL command completed successfully
Database mydb has been configured
IBM Cloud55
Deploying Data Server Manager (DSM) with the GUI
IBM Cloud56
Deploying Data Server Manager (DSM) with the GUI (2)
IBM Cloud57
Getting the URL of Data Server Manager
We need to query Kubernetes for the URL of the DSM GUI
binbash
export NODE_PORT=$(kubectl get --namespace stock-trader-data -o jsonpath=spec
ports[1]nodePort services dsm-01-ibm-dsm-dev)
export NODE_IP=$(kubectl get nodes --namespace stock-trader-data -o jsonpath=
items[0]statusaddresses[0]address)
echo https$NODE_IP$NODE_PORT
=gt https1921682710030462 (can be different on your system)
IBM Cloud58
Accessing Data Server Manager
IBM Cloud59
Data Server Manager HomepageAll Db2 OLTP instances running in the
same namespace as DSM will be auto-
discovered and monitored by DSM
IBM Cloud60
DSM Kubernetes resources (12)$ helm status dsm-01 --tlsLAST DEPLOYED Mon Sep 16 120102 2019NAMESPACE stock-trader-dataSTATUS DEPLOYED
RESOURCES==gt v1RoleBindingNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGEdsm-01-repository NodePort 1000233 ltnonegt 5000032695TCP5500032203TCP 8mdsm-01-ibm-dsm-dev NodePort 100085 ltnonegt 1108032444TCP1108130462TCP 8m
==gt v1beta1DeploymentNAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGEdsm-01-repository 1 1 1 1 8mdsm-01-ibm-dsm-dev 1 1 1 1 8m
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdsm-01-repository-76f87d47d4-dlqh4 11 Running 0 8mdsm-01-ibm-dsm-dev-b976d89bd-dflqn 22 Running 0 8m
2 RoleBindings
2 Services
1x Db2 (repodb)
1x DSM
2 Deployments
2 Pods
1 Db2 1 DSM
IBM Cloud61
DSM Kubernetes resources (22)
[hellip]==gt v1SecretNAME TYPE DATA AGEdsm-01-repository-db2-passwd Opaque 1 8mdsm-01-ibm-dsm-dev-dsm-passwd Opaque 1 8m
==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGEdsm-01-repository-data-stor Bound vol14 20Gi RWO 8mdsm-01-ibm-dsm-dev-datavolume Bound vol12 20Gi RWO 8m
==gt v1ServiceAccountNAME SECRETS AGEdsm-repodb-dsm-01-repository 1 8mdsm-dsm-01-ibm-dsm-dev 1 8m
==gt v1RoleNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
2 Secrets 1 DSM
asmin 1 Db2
instance owner
2 PVCs 1 DSM
Db2
3 Roles
IBM Cloud62
Additional Resources
IBM Cloud63
Additional Resources ndash Kubernetes Docker Helm
Kubernetes
minus httpskubernetesiodocstutorialskubernetes-basics
Kubernetes in the Enterprise eBook
minus ibmbizBdYA4i
Docker
minus httpsdocsdockercomget-started
Docker Hub
minus httpshubdockercom
Helm
minus httpshelmshdocs
IBM Cloud64
Additional Resources ndash IBM Cloud Private OpenShift
IBM Cloud Private Documentation
minus httpswwwibmcomsupportknowledgecenterenSSBS6K_320kc_welcome_containershtml
Deploy IBM Cloud Private Community Edition using Vagrant
minus httpsgithubcomIBMdeploy-ibm-cloud-privateblobmasterdocsdeploy-vagrantmd
Red Hat OpenShift Container Platform Documentation
minus httpsdocsopenshiftcomcontainer-platform41welcomeindexhtml
IBM Cloud65
Additional Resources ndash Db2 Db2Wh DSMDb2 Integration into IBM Cloud Private
minus httpsdeveloperibmcomrecipestutorialsdb2-integration-into-ibm-cloud-private
Db2 on IBM Cloud Private with Red Hat OpenShift
minus httpsdeveloperibmcomrecipestutorialsibm-db2-on-ibm-cloud-private-with-redhat-openshift
IBM Db2 Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-db2oltp-dev
IBM Data Server Manager Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-dsm-dev
Deploying Db2 Warehouse SMP using Kubernetes
minus httpswwwibmcomsupportknowledgecenterenSSCJDQcomibmswgimdashdbdocadmindeploy_kubernetes_smphtml
Deploying Db2 Warehouse SMP and MPP on IBM Cloud Pak for Data
minus httpswwwibmcomsupportknowledgecenterenSSQNUZ_210comibmicpdatadoczenadmindb-reqshtmldb-reqs__db2warehouse
IBM Cloud66
Presentation on Db2 and Docker from Db2 Aktuell 2018
IBM Cloud67
Summary
IBM Cloud68
Summary
Micro Services and Containers
Kubernetes Basics
Deploying Db2 on Kubernetes
minus Db2 OLTP Single Server
minus Db2 OLTP HADR
minus Data Server Manager (DSM)
Additional Resources
Summary
IBM Cloud69
Claus Huempel IBM Deutschland GmbH
Karl-Arnold-Platz 1a
Technical Sales Professional 40474 Duesseldorf
Hybrid Data Management Germany
Mobile +49-177-3627278
Email chuempeldeibmcom
Thank You
IBM Cloud70
IBM Cloud21
Kubernetes ConfigurationsCreate YAML for creating resources on KubernetesYAML ndash Yet Another Markup Language or YAML Ainrsquot Markup Language
Types of structures required in Kubernetes
minus Maps
minus Lists
YAML Maps - let you associate name value pair For example---apiVersion v1kind pod
YAML Maps ndash Create a key that maps to another map---apiVersion v1kind podmetadata
name db2labels
app db2
IBM Cloud22
Kubernetes Configurations ndash Create YAML (continued)YAML Lists are literally a sequence of objects Members in the list can also be maps
---apiVersion v1kind podmetadata
name db2labels
app db2spec
containers- name front-endimage nginxports
- containerPort 80- name db2-oltpimage storeibmcorpdb2_developer_c11144ports
- containerPort 50000
A YAML manifest has four components to define a Kubernetes resourcebull apiVersionbull kindbull metadatabull spec
IBM Cloud23
Kubernetes Workloads ndash Create a Pod
Create a nginx pod ndash icp01yaml--- Simple yaml file to create an nginx podapiVersion v1kind Podmetadata
name nginxlabels
app nginxspec
containers- name nginx
image nginx179ports- containerPort 80
Create the pod
$ kubectl apply -f icp01yaml
podnginx created
Check pod status
$ kubectl get pods
NAME READY STATUS RESTARTS AGE
nginx 11 Running 0 13s
IBM Cloud24
Kubernetes Workloads - ControllersControllers can create and manage pods for you
ReplicaSet
minus A ReplicaSet ensures that a specified number of pod replicas are running at any given time
Deployments
minus Deployment is a higher-level concept that manages ReplicaSets and provides declarative updates to pods
minus Example Create a deployment to rollout a ReplicaSet
StatefulSets
minus StatefulSets represent a set of pods with unique persistent identities and stable hostnames that are maintained regardless where they are scheduled
minus Examples Db2 Redis IBM MQ
DaemonSets
minus A DaemonSet ensures that nodes (all or some) run a copy of pod As nodes are added pods are added to them
minus Example Cluster storage daemon such as glusterd ceph logs collection on each node
Jobs CronJobs
minus A job creates one or more pods and ensures that a specified number of them successfully terminate
IBM Cloud25
Kubernetes Network - Services
Without services Pods are not visible outside the cluster
To enable communication from outside world to the Pods services are created
Internal Service Endpoints ndash Available inside the cluster only
External Service Endpoints - DNS names C-Names or A-records available to access pods
With the help of labels and selectors the services are tied to the pods
Service Types
minus ClusterIP ndash Service is reachable only from inside of the cluster
minus NodePort ndash Service is reachable through NodeIPNodePort
minus LoadBalancer ndash Service is reachable through an external load balancer mapped to NodeIPNodePort address
IBM Cloud26
Kubernetes Storage ndash Volume types
Host-based
minus EmptyDir
minus HostPath
Block Storage
minus IBM Block Storage
minus Amazon EBS
minus GCE Persistent Disk
minus vSphere Volumes
Distributed File System
minus IBM Spectrum Scale
minus NFS
minus Ceph
minus GlusterFS
minus Amazon EFS
minus Azure File System
Other
minus Flocker
minus iSCSI
minus Git Repository
minus Quobyte
IBM Cloud27
Kubernetes Storage ndash Persistence in Pods
Pods are ephemeral and stateless
Applications need persistent storage
Volumes is a way to get persistence to a Pod
Kubernetes volumes are similar to Docker volumes but are managed differently
All containers in a Pod can access the volume
Volumes are associated with the lifecycle of a Pod
Directories in a host are exposed as volumes in Pod
Volumes may be based on a variety of back-end storage types
IBM Cloud28
Kubernetes StoragePersistent volume and persistent volume claim
The Kubernetes Volume abstraction provides
minusPersistent Volume (PV) ndash Provisioned by an administrator
minusPersistent Volume Claim (PVC) ndash Requested by an user and Heketi provisions PVC ndash which creates a PV
minus Storage Class (SC) ndash Storage profiles offered by admins
Persistent
Volume
Block Storage Distributed File System IBM
Spectrum Scale
Worker Node
Pod 1 Pod 1
Persistent
Volume
Claim
IBM Cloud29
Kubernetes SecretsDecouple container with sensitive information
Secret holds sensitive information such as password OAuth tokens and more
Secret is an abstraction to decouple sensitive data
To use a secret Pod needs to reference the secret
Secret can be used in a Pod as files in a volume mounted on one or more containers or used by kubelet when pulling images for the Pod
$ kubectl -n stocktrader
create secret generic db2
--from-literal=id=db2psc
--from-literal=pwd=password
--from-literal=host=dev-ibm-db2oltp-devdefaultsvcclusterlocal
--from-literal=port=50000
--from-literal=db=PSDB
IBM Cloud30
IBM Cloud Private catalog ndash Helm Charts
Db2 chart
DSM chart
IBM Cloud31
IBM Cloud Private catalog ndash What is a Helm Chart
Helm is the package manager in IBM Cloud Private
Tiller is the server that serves the Helm content
Helm charts help to define install and upgrade software in an automated fashion
Helm charts can be deployed using GUI or command line
Software packages are available from IBM Charts Repository
Available at httpsgithubcomIBMcharts
IBM Cloud Private catalog requires internet connectivity to show available charts
In an air-gap environment you can build your own Local Charts repository
IBM Cloud32
IBM Charts Repository httpsgithubcomIBMchartstreemasterstable
Db2 chart
DSM chart
IBM Cloud33
Helm command line ndash Helm and Tiller
Helm is the client and Tiller is the server ndash runs on master node
$ helm version
Client v272+icp
Error cannot connect to Tiller
Use of --tls is required to do Helm operations
$ helm version --tls
Client v272+icp
Server v272+icp
Helm and Tiller version must be same ndash do not download Helm from Internet
IBM Cloud34
Deploying Db2 on Kubernetes
IBM Cloud35
Db2-based Containers running on Kubernetes (Sep 2019)Product Version Worker
Nodes
Pods PVCs Comments
Db2 OLTP 11144 1 1 1
Db2 OLTP HADR 11144 3 5 6 1x Db2 primary 1x Db2 standby 3x etcd for cluster
manager addntl PVC for HADR setup
Data Server
Manager
215 1 2 2 1x DSM 1x Db2 repository database
Includes Db2 111 engine
Db2 Warehouse
SMP
3100 1 1 1 Includes Db2 111 engine
Db2 Warehouse
MPP
3100 3+ 3+ 1 Includes Db2 111 engine
Requires IBM Cloud Pak for Data
Coming soon
minus Red Hat OpenShift Kubernetes support
minus Db2 v115 engine
IBM Cloud36
IBM Cloud Private Kubernetes platform
IBM Cloud37
Before deploying Db2 OLTP to Kubernetes a couple of stepsneed to be performed
Creating a new namespace (optional)
Configuring a pod security policy
Configuring an image pull secret
Configuring the service account
IBM Cloud38
Creating the Namespace for the Db2 OLTP containers
We will create new namespace where all our Pods for Db2 OLTP Db2 OLTP HADR and Data Server Manager will run
Create the namespace for example stock-trader-data
$ kubectl create namespace stock-trader-data
namespacestock-trader-data created
Switch the context to the newly created namespace
$ kubectl config set-context $(kubectl config current-context)
--namespace=stock-trader-data
Context mycluster-context modified
Verify pods There should be no pods running as we just created the namespace$ kubectl get podsNo resources found
IBM Cloud39
Configuring Pod Security Policy for Db2$ cat pre01yamlapiVersion extensionsv1beta1kind PodSecurityPolicymetadata
name db2-privilegesspec
allowPrivilegeEscalation trueprivileged falseallowedCapabilities- SETPCAP- MKNOD- AUDIT_WRITE- CHOWN- NET_RAW- DAC_OVERRIDE- FOWNER- FSETID- KILL- SETGID- SETUID- NET_BIND_SERVICE- SYS_CHROOT- SETFCAP- SYS_RESOURCE- IPC_OWNER- SYS_NICEfsGroup
rule RunAsAnyhostIPC true
hostNetwork falsehostPID falsehostPorts- max 65535
min 1runAsUser
rule RunAsAnyseLinux
rule RunAsAnysupplementalGroups
rule RunAsAnyvolumes-
Configure the pod security policy$ kubectl apply -f pre01yamlpodsecuritypolicyextensionsdb2-privileges configured
Verify the results$ kubectl get psp
db2-privileges false SETPCAPMKNODAUDIT_WRITECHOWNNET_RAWDAC_OVERRIDEFOWNERFSETIDKILLSETGIDSETUIDNET_BIND_SERVICESYS_CHROOTSETFCAPSYS_RESOURCEIPC_OWNERSYS_NICE RunAsAny RunAsAny RunAsAny RunAsAnyfalse
IBM Cloud40
Configuring Image Pull Secret for Db2
We need to create a image pull secret to give Kubernetes the credentials to pull the Db2 Developer-C and DSM images from Docker Hub
The username password and email are the credentials form Docker Hub
Note that you need to subscribe the Db2 and DSM images in Docker Hub first
Configure the image pull secret$ kubectl create secret docker-registry dockerhub
--docker-username=ltyour dockerhub usernamegt--docker-password=ltyour dockerhub passwordgt--docker-email=ltyour dockerhub emailgt--namespace=ltyour namespacegt
secretdockerhub created
Verify the result$ kubectl get secretsNAME TYPE DATA AGEdefault-token-mwvpl kubernetesioservice-account-token 3 17ddockerhub kubernetesiodockerconfigjson 1 13m
IBM Cloud41
Configuring Service Account for Db2$ more pre04yaml---kind ClusterRoleapiVersion rbacauthorizationk8siov1metadataname db2-privileges-cluster-role
rules- apiGroups [extensions]resources [podsecuritypolicies]verbs [use]resourceNames- db2-privileges
---kind ClusterRoleBindingapiVersion rbacauthorizationk8siov1metadataname db2-privileges-cluster-role-binding
roleRefkind ClusterRolename db2-privileges-cluster-roleapiGroup rbacauthorizationk8sio
subjects- kind ServiceAccountname defaultnamespace stock-trader-data
The YAML specification file that defines the cluster role and the cluster role binding for the service account
Configure the service account$ kubectl apply -f pre04yamlclusterrolerbacauthorizationk8siodb2-privileges-cluster-role createdclusterrolebindingrbacauthorizationk8siodb2-privileges-cluster-role-binding created
Verify the results$ kubectl get psp
db2-privileges false SETPCAPMKNODAUDIT_WRITECHOWNNET_RAWDAC_OVERRIDEFOWNERFSETIDKILLSETGIDSETUIDNET_BIND_SERVICESYS_CHROOTSETFCAPSYS_RESOURCEIPC_OWNERSYS_NICE RunAsAny RunAsAny RunAsAnyRunAsAny false
IBM Cloud42
Helm Charts for Db2 and DSM
IBM Cloud43
Helm install command to deploy Db2 OLTP on Kubernetes
Installing Db2 OLTP server with one database in 2 minutes
$ helm install --name db2-01 ibm-chartsibm-db2oltp-dev
--tls
--set db2instinstname=db2inst1
--set db2instpassword=passw0rd
--set optionsdatabaseName=MYDB
--set dataVolumesize=20Gi
Size of the
Db2 data
volume
Name of database that
will be created
If not specified no
database will be
created
Instance
owner name
Instance owner
password
Db2 OLTP
Helm chart
name
Helm release
name
different for each
deployment
Additional parameters available for example to enable Oracle compatibilitySee httpsgithubcomIBMchartstreemasterstableibm-db2oltp-dev
IBM Cloud44
Letrsquos verify if we can connect to the MYDB database (1)
Get list of running pods and verify that Db2 OLTP pod is running
$ kubectl get podsNAME READY STATUS RESTARTS AGEdb2-01-ibm-db2oltp-dev-0 11 Running 1 7h57m
Review the logs of the Db2 OLTP container
$ kubectl logs -f db2-01-ibm-db2oltp-dev-009152019 160430 0 0 SQL1063N DB2START processing was successfulSQL1063N DB2START processing was successful() Starting TEXT SEARCH service CIE00001 Operation completed successfullyssh-keygen generating new host keys RSA1 RSA DSA ECDSA ED25519() All databases are now active() Setup has completed
IBM Cloud45
Letrsquos verify if we can connect to the MYDB database (2)
Login to the Db2 OLTP container and connect to MYDB Db2 database
$ kubectl exec -it db2-01-ibm-db2oltp-dev-0 --binbash su - db2inst1Last login Sun Sep 15 161711 UTC 2019$ db2 connect to MYDB
Database Connection Information
Database server = DB2LINUXX8664 11144SQL authorization ID = DB2INST1Local database alias = MYDB
IBM Cloud46
Cataloging the MYDB database
We need to catalog the MYDB database to access from Db2 client
binbash
NODE_PORT=$(kubectl get --namespace stock-trader-data
-o jsonpath=specports[0]nodePort services db2-01-ibm-db2oltp-dev-db2)
echo Cataloging node db2tcp1
db2 -v uncatalog node DB2TCP1
db2 -v catalog tcpip node DB2TCP1 remote 19216827100 server $NODE_PORT
echo Cataloging database MYDB at node db2tcp1
db2 -v uncatalog database MYDB
db2 -v catalog database MYDB at node DB2TCP1
db2 terminate
We get the Db2 port
from the Db2 OLTP
helm release service
definition
IBM Cloud47
Kubernetes resources for Db2 OLTP$ helm status db2-01 --tlsNAME db2-01LAST DEPLOYED Sun Sep 15 081114 2019NAMESPACE stock-trader-dataSTATUS DEPLOYEDRESOURCES==gt v1SecretNAME TYPE DATA AGEdb2-01-ibm-db2oltp-dev Opaque 1 1s==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
db2-01-data-stor Bound vol12 20Gi RWO 1s
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
db2-01-ibm-db2oltp-dev-db2 NodePort 100050 ltnonegt 5000030463TCP5500032236TCP 1sdb2-01-ibm-db2oltp-dev ClusterIP None ltnonegt 50000TCP55000TCP60006TCP60007TCP 1s==gt v1StatefulSetNAME DESIRED CURRENT AGE
db2-01-ibm-db2oltp-dev 1 1 1s
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdb2-01-ibm-db2oltp-dev-0 01 Init01 0 1s 1 Pod runs
the Db2
container
2 Services for
Db2 1x external
1x internal
1 StatefulSet
DESIRED = 1
1 PVC (RWO) for db
files logs amp config
1 Secret
Db2 instance
owner password
IBM Cloud48
Helm install command for deploying Db2 OLTP HADR
Setting up a Db2 OLTP v111 HADR cluster pair in 5 minutes with 1 command
helm install --name db2-02 ibm-chartsibm-db2oltp-dev
--tls
--set db2instinstname=db2inst1
--set db2instpassword=passw0rd
--set optionsdatabaseName=HADB
--set dataVolumesize=20Gi--set hadrenabled=true
Additional parameter
hadrenabled set to true to
indicate that we want a
HADR setup
IBM Cloud49
Verify that Db2 HADR is working
IBM Cloud50
Kubernetes resources for Db2 OTLP HADRNAME db2-02LAST DEPLOYED Tue Sep 17 082433 2019NAMESPACE stock-trader-dataSTATUS DEPLOYEDRESOURCES==gt v1SecretNAME TYPE DATA AGEdb2-02-ibm-db2oltp-dev Opaque 1 1s==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
db2-02-hadr-stor Bound vol09 20Gi RWX 1s
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
db2-02-ibm-db2oltp-dev-db2 NodePort 100061 ltnonegt 5000032422TCP5500032181TCP 1sdb2-02-ibm-db2oltp-dev ClusterIP None ltnonegt 50000TCP55000TCP60006TCP60007TCP 1sdb2-02-ibm-db2oltp-dev-etcd ClusterIP None ltnonegt 2380TCP2379TCP 1s==gt v1StatefulSetNAME DESIRED CURRENT AGE
db2-02-ibm-db2oltp-dev 2 2 1s
==gt v1beta2StatefulSet
db2-02-ibm-db2oltp-dev-etcd 3 0 1s
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdb2-02-ibm-db2oltp-dev-0 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-1 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-etcd-0 01 ContainerCreating 0 1sdb2-02-ibm-db2oltp-dev-etcd-1 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-etcd-2 01 Pending 0 1s
5 Pods
2x Db2 3x etcd
3 Services
2x Db2 1x etcd
2 StatefulSets
Db2 DESIRED=2
etcd DESIRED=3
1 PVC (RWX)
for HADR setup (1)
1 Secret
Db2 instance
owner password
(1) 5 addntl PVCs are being created
implicitly for 2x Db2 and 3x etcd
IBM Cloud51
Kubernetes Job to deploy SQL $ cat single04yamlapiVersion batchv1kind Jobmetadata
name db2-01-create-database-schemaspec
templatespec
containers- name db2-01-create-database-schema
image storeibmcorpdb2_developer_c11144-x86_64command [ binsh-cscriptsdb2-setupsh ]volumeMounts- name db2-createschema
mountPath scriptssecurityContext
capabilitiesadd [SYS_RESOURCE IPC_OWNER SYS_NICE]
env- name LICENSE
value accept- name DB2INSTANCE
value db2inst1- name DB2INST1_PASSWORD
valueFromsecretKeyRef
name db2-01-ibm-db2oltp-devkey password
- name DB2_SERVICE_NAMEvalue db2-01-ibm-db2oltp-dev
- name DBNAMEvalue mydb
restartPolicy Nevervolumes- name db2-createschema
configMapname db2-createschemadefaultMode 0744
backoffLimit 1---apiVersion v1data
db2-setupsh |binshexport SETUPDIR=vardb2_setupsource $SETUPDIRincludedb2_constantssource $SETUPDIRincludedb2_common_functionsif getent passwd $DB2INSTANCE gt devnull 2gtamp1 then
echo () Previous setup has not been detected Creating create_users
fiif create_instance then
exit 1fistart_db2cp scriptsdb2-createschemash databasedb2-createschemashchmod +x databasedb2-createschemashsu - $DB2INSTANCE -c databasedb2-createschemash
$DB2_SERVICE_NAME $DB2INSTANCEldquo$DB2INST1_PASSWORD $DBNAME
IBM Cloud52
Kubernetes Job to deploy SQL (contrsquod)db2-createschemash |
binshDB2_SERVICE_NAME=$1DB2INSTANCE=$2DB2INST1_PASSWORD=$3DBNAME=$4echo Configure schema for database $DBNAME on host $DB2_SERVICE_NAMEdb2 catalog tcpip node DB2NODE remote $DB2_SERVICE_NAME server 50000db2 catalog db $DBNAME as $DBNAME at node DB2NODEdb2 terminatedb2 activate database $DBNAME user $DB2INSTANCE using $DB2INST1_PASSWORDdb2 connect to $DBNAME user $DB2INSTANCE using $DB2INST1_PASSWORDsleep 2db2 -tvmf scriptsps-bp-tbspsqlsleep 10db2 -tvmf scriptsps-tablessqlecho Database $DBNAME has been configured
ps-bp-tbspsql |CREATE BUFFERPOOL BP32K PAGESIZE 32KCREATE TABLESPACE TS32 PAGESIZE 32K BUFFERPOOL BP32K
ps-tablessql |CREATE TABLE PS_TABLE(PS_TABLE_ID INTEGER NOT NULL GENERATED ALWAYS AS IDENTITY (START WITH 100000 INCREMENT BY 5) [hellip] IN TS32INSERT INTO PS_TABLE (SSNFIRST_NAMELAST_NAMEJOB_CODEDEPTSALARYDOB) WITH TEMP1 [hellip] CREATE TABLE PS_HISTORY ( FIRSTNAME VARCHAR(20) NOT NULL LASTNAME VARCHAR(20) NOT NULL JOBCODE CHAR(4) NOT NULL ) IN TS32 GRANT ALL ON ps_table TO PUBLICGRANT ALL ON ps_history TO PUBLIC
kind ConfigMapmetadata
name db2-createschema
IBM Cloud53
Deploying the Job to run the SQL
We deploy the Kubernetes job that runs the SQL on the MYDB database
$ kubectl apply ndashf single04yaml
jobbatchdb2-01-create-database-schema created
configmapdb2-createschema configured
We verify that the job has been created
$ kubectl get jobs
NAME COMPLETIONS DURATION AGE
db2-01-create-database-schema 01 0s 0s
Eventually the job completes
$ kubectl get jobs
NAME COMPLETIONS DURATION AGE
db2-01-create-database-schema 11 109s 45m
IBM Cloud54
Verifying the logs from the Job that runs the SQL on MYDBWe run a script to retrieve the logs form the job
binbash
kubectl config set-context $(kubectl config current-context) --namespace=stock-trader-data
pod=$(kubectl get pods --selector=job-name=db2-01-create-database-schema --output=jsonpath=items[]metadataname)
kubectl logs -f $pod
Output
[hellip]
DB20000I The SQL command completed successfully
GRANT ALL ON ps_table TO PUBLIC
DB20000I The SQL command completed successfully
GRANT ALL ON ps_history TO PUBLIC
DB20000I The SQL command completed successfully
Database mydb has been configured
IBM Cloud55
Deploying Data Server Manager (DSM) with the GUI
IBM Cloud56
Deploying Data Server Manager (DSM) with the GUI (2)
IBM Cloud57
Getting the URL of Data Server Manager
We need to query Kubernetes for the URL of the DSM GUI
binbash
export NODE_PORT=$(kubectl get --namespace stock-trader-data -o jsonpath=spec
ports[1]nodePort services dsm-01-ibm-dsm-dev)
export NODE_IP=$(kubectl get nodes --namespace stock-trader-data -o jsonpath=
items[0]statusaddresses[0]address)
echo https$NODE_IP$NODE_PORT
=gt https1921682710030462 (can be different on your system)
IBM Cloud58
Accessing Data Server Manager
IBM Cloud59
Data Server Manager HomepageAll Db2 OLTP instances running in the
same namespace as DSM will be auto-
discovered and monitored by DSM
IBM Cloud60
DSM Kubernetes resources (12)$ helm status dsm-01 --tlsLAST DEPLOYED Mon Sep 16 120102 2019NAMESPACE stock-trader-dataSTATUS DEPLOYED
RESOURCES==gt v1RoleBindingNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGEdsm-01-repository NodePort 1000233 ltnonegt 5000032695TCP5500032203TCP 8mdsm-01-ibm-dsm-dev NodePort 100085 ltnonegt 1108032444TCP1108130462TCP 8m
==gt v1beta1DeploymentNAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGEdsm-01-repository 1 1 1 1 8mdsm-01-ibm-dsm-dev 1 1 1 1 8m
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdsm-01-repository-76f87d47d4-dlqh4 11 Running 0 8mdsm-01-ibm-dsm-dev-b976d89bd-dflqn 22 Running 0 8m
2 RoleBindings
2 Services
1x Db2 (repodb)
1x DSM
2 Deployments
2 Pods
1 Db2 1 DSM
IBM Cloud61
DSM Kubernetes resources (22)
[hellip]==gt v1SecretNAME TYPE DATA AGEdsm-01-repository-db2-passwd Opaque 1 8mdsm-01-ibm-dsm-dev-dsm-passwd Opaque 1 8m
==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGEdsm-01-repository-data-stor Bound vol14 20Gi RWO 8mdsm-01-ibm-dsm-dev-datavolume Bound vol12 20Gi RWO 8m
==gt v1ServiceAccountNAME SECRETS AGEdsm-repodb-dsm-01-repository 1 8mdsm-dsm-01-ibm-dsm-dev 1 8m
==gt v1RoleNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
2 Secrets 1 DSM
asmin 1 Db2
instance owner
2 PVCs 1 DSM
Db2
3 Roles
IBM Cloud62
Additional Resources
IBM Cloud63
Additional Resources ndash Kubernetes Docker Helm
Kubernetes
minus httpskubernetesiodocstutorialskubernetes-basics
Kubernetes in the Enterprise eBook
minus ibmbizBdYA4i
Docker
minus httpsdocsdockercomget-started
Docker Hub
minus httpshubdockercom
Helm
minus httpshelmshdocs
IBM Cloud64
Additional Resources ndash IBM Cloud Private OpenShift
IBM Cloud Private Documentation
minus httpswwwibmcomsupportknowledgecenterenSSBS6K_320kc_welcome_containershtml
Deploy IBM Cloud Private Community Edition using Vagrant
minus httpsgithubcomIBMdeploy-ibm-cloud-privateblobmasterdocsdeploy-vagrantmd
Red Hat OpenShift Container Platform Documentation
minus httpsdocsopenshiftcomcontainer-platform41welcomeindexhtml
IBM Cloud65
Additional Resources ndash Db2 Db2Wh DSMDb2 Integration into IBM Cloud Private
minus httpsdeveloperibmcomrecipestutorialsdb2-integration-into-ibm-cloud-private
Db2 on IBM Cloud Private with Red Hat OpenShift
minus httpsdeveloperibmcomrecipestutorialsibm-db2-on-ibm-cloud-private-with-redhat-openshift
IBM Db2 Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-db2oltp-dev
IBM Data Server Manager Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-dsm-dev
Deploying Db2 Warehouse SMP using Kubernetes
minus httpswwwibmcomsupportknowledgecenterenSSCJDQcomibmswgimdashdbdocadmindeploy_kubernetes_smphtml
Deploying Db2 Warehouse SMP and MPP on IBM Cloud Pak for Data
minus httpswwwibmcomsupportknowledgecenterenSSQNUZ_210comibmicpdatadoczenadmindb-reqshtmldb-reqs__db2warehouse
IBM Cloud66
Presentation on Db2 and Docker from Db2 Aktuell 2018
IBM Cloud67
Summary
IBM Cloud68
Summary
Micro Services and Containers
Kubernetes Basics
Deploying Db2 on Kubernetes
minus Db2 OLTP Single Server
minus Db2 OLTP HADR
minus Data Server Manager (DSM)
Additional Resources
Summary
IBM Cloud69
Claus Huempel IBM Deutschland GmbH
Karl-Arnold-Platz 1a
Technical Sales Professional 40474 Duesseldorf
Hybrid Data Management Germany
Mobile +49-177-3627278
Email chuempeldeibmcom
Thank You
IBM Cloud70
IBM Cloud22
Kubernetes Configurations ndash Create YAML (continued)YAML Lists are literally a sequence of objects Members in the list can also be maps
---apiVersion v1kind podmetadata
name db2labels
app db2spec
containers- name front-endimage nginxports
- containerPort 80- name db2-oltpimage storeibmcorpdb2_developer_c11144ports
- containerPort 50000
A YAML manifest has four components to define a Kubernetes resourcebull apiVersionbull kindbull metadatabull spec
IBM Cloud23
Kubernetes Workloads ndash Create a Pod
Create a nginx pod ndash icp01yaml--- Simple yaml file to create an nginx podapiVersion v1kind Podmetadata
name nginxlabels
app nginxspec
containers- name nginx
image nginx179ports- containerPort 80
Create the pod
$ kubectl apply -f icp01yaml
podnginx created
Check pod status
$ kubectl get pods
NAME READY STATUS RESTARTS AGE
nginx 11 Running 0 13s
IBM Cloud24
Kubernetes Workloads - ControllersControllers can create and manage pods for you
ReplicaSet
minus A ReplicaSet ensures that a specified number of pod replicas are running at any given time
Deployments
minus Deployment is a higher-level concept that manages ReplicaSets and provides declarative updates to pods
minus Example Create a deployment to rollout a ReplicaSet
StatefulSets
minus StatefulSets represent a set of pods with unique persistent identities and stable hostnames that are maintained regardless where they are scheduled
minus Examples Db2 Redis IBM MQ
DaemonSets
minus A DaemonSet ensures that nodes (all or some) run a copy of pod As nodes are added pods are added to them
minus Example Cluster storage daemon such as glusterd ceph logs collection on each node
Jobs CronJobs
minus A job creates one or more pods and ensures that a specified number of them successfully terminate
IBM Cloud25
Kubernetes Network - Services
Without services Pods are not visible outside the cluster
To enable communication from outside world to the Pods services are created
Internal Service Endpoints ndash Available inside the cluster only
External Service Endpoints - DNS names C-Names or A-records available to access pods
With the help of labels and selectors the services are tied to the pods
Service Types
minus ClusterIP ndash Service is reachable only from inside of the cluster
minus NodePort ndash Service is reachable through NodeIPNodePort
minus LoadBalancer ndash Service is reachable through an external load balancer mapped to NodeIPNodePort address
IBM Cloud26
Kubernetes Storage ndash Volume types
Host-based
minus EmptyDir
minus HostPath
Block Storage
minus IBM Block Storage
minus Amazon EBS
minus GCE Persistent Disk
minus vSphere Volumes
Distributed File System
minus IBM Spectrum Scale
minus NFS
minus Ceph
minus GlusterFS
minus Amazon EFS
minus Azure File System
Other
minus Flocker
minus iSCSI
minus Git Repository
minus Quobyte
IBM Cloud27
Kubernetes Storage ndash Persistence in Pods
Pods are ephemeral and stateless
Applications need persistent storage
Volumes is a way to get persistence to a Pod
Kubernetes volumes are similar to Docker volumes but are managed differently
All containers in a Pod can access the volume
Volumes are associated with the lifecycle of a Pod
Directories in a host are exposed as volumes in Pod
Volumes may be based on a variety of back-end storage types
IBM Cloud28
Kubernetes StoragePersistent volume and persistent volume claim
The Kubernetes Volume abstraction provides
minusPersistent Volume (PV) ndash Provisioned by an administrator
minusPersistent Volume Claim (PVC) ndash Requested by an user and Heketi provisions PVC ndash which creates a PV
minus Storage Class (SC) ndash Storage profiles offered by admins
Persistent
Volume
Block Storage Distributed File System IBM
Spectrum Scale
Worker Node
Pod 1 Pod 1
Persistent
Volume
Claim
IBM Cloud29
Kubernetes SecretsDecouple container with sensitive information
Secret holds sensitive information such as password OAuth tokens and more
Secret is an abstraction to decouple sensitive data
To use a secret Pod needs to reference the secret
Secret can be used in a Pod as files in a volume mounted on one or more containers or used by kubelet when pulling images for the Pod
$ kubectl -n stocktrader
create secret generic db2
--from-literal=id=db2psc
--from-literal=pwd=password
--from-literal=host=dev-ibm-db2oltp-devdefaultsvcclusterlocal
--from-literal=port=50000
--from-literal=db=PSDB
IBM Cloud30
IBM Cloud Private catalog ndash Helm Charts
Db2 chart
DSM chart
IBM Cloud31
IBM Cloud Private catalog ndash What is a Helm Chart
Helm is the package manager in IBM Cloud Private
Tiller is the server that serves the Helm content
Helm charts help to define install and upgrade software in an automated fashion
Helm charts can be deployed using GUI or command line
Software packages are available from IBM Charts Repository
Available at httpsgithubcomIBMcharts
IBM Cloud Private catalog requires internet connectivity to show available charts
In an air-gap environment you can build your own Local Charts repository
IBM Cloud32
IBM Charts Repository httpsgithubcomIBMchartstreemasterstable
Db2 chart
DSM chart
IBM Cloud33
Helm command line ndash Helm and Tiller
Helm is the client and Tiller is the server ndash runs on master node
$ helm version
Client v272+icp
Error cannot connect to Tiller
Use of --tls is required to do Helm operations
$ helm version --tls
Client v272+icp
Server v272+icp
Helm and Tiller version must be same ndash do not download Helm from Internet
IBM Cloud34
Deploying Db2 on Kubernetes
IBM Cloud35
Db2-based Containers running on Kubernetes (Sep 2019)Product Version Worker
Nodes
Pods PVCs Comments
Db2 OLTP 11144 1 1 1
Db2 OLTP HADR 11144 3 5 6 1x Db2 primary 1x Db2 standby 3x etcd for cluster
manager addntl PVC for HADR setup
Data Server
Manager
215 1 2 2 1x DSM 1x Db2 repository database
Includes Db2 111 engine
Db2 Warehouse
SMP
3100 1 1 1 Includes Db2 111 engine
Db2 Warehouse
MPP
3100 3+ 3+ 1 Includes Db2 111 engine
Requires IBM Cloud Pak for Data
Coming soon
minus Red Hat OpenShift Kubernetes support
minus Db2 v115 engine
IBM Cloud36
IBM Cloud Private Kubernetes platform
IBM Cloud37
Before deploying Db2 OLTP to Kubernetes a couple of stepsneed to be performed
Creating a new namespace (optional)
Configuring a pod security policy
Configuring an image pull secret
Configuring the service account
IBM Cloud38
Creating the Namespace for the Db2 OLTP containers
We will create new namespace where all our Pods for Db2 OLTP Db2 OLTP HADR and Data Server Manager will run
Create the namespace for example stock-trader-data
$ kubectl create namespace stock-trader-data
namespacestock-trader-data created
Switch the context to the newly created namespace
$ kubectl config set-context $(kubectl config current-context)
--namespace=stock-trader-data
Context mycluster-context modified
Verify pods There should be no pods running as we just created the namespace$ kubectl get podsNo resources found
IBM Cloud39
Configuring Pod Security Policy for Db2$ cat pre01yamlapiVersion extensionsv1beta1kind PodSecurityPolicymetadata
name db2-privilegesspec
allowPrivilegeEscalation trueprivileged falseallowedCapabilities- SETPCAP- MKNOD- AUDIT_WRITE- CHOWN- NET_RAW- DAC_OVERRIDE- FOWNER- FSETID- KILL- SETGID- SETUID- NET_BIND_SERVICE- SYS_CHROOT- SETFCAP- SYS_RESOURCE- IPC_OWNER- SYS_NICEfsGroup
rule RunAsAnyhostIPC true
hostNetwork falsehostPID falsehostPorts- max 65535
min 1runAsUser
rule RunAsAnyseLinux
rule RunAsAnysupplementalGroups
rule RunAsAnyvolumes-
Configure the pod security policy$ kubectl apply -f pre01yamlpodsecuritypolicyextensionsdb2-privileges configured
Verify the results$ kubectl get psp
db2-privileges false SETPCAPMKNODAUDIT_WRITECHOWNNET_RAWDAC_OVERRIDEFOWNERFSETIDKILLSETGIDSETUIDNET_BIND_SERVICESYS_CHROOTSETFCAPSYS_RESOURCEIPC_OWNERSYS_NICE RunAsAny RunAsAny RunAsAny RunAsAnyfalse
IBM Cloud40
Configuring Image Pull Secret for Db2
We need to create a image pull secret to give Kubernetes the credentials to pull the Db2 Developer-C and DSM images from Docker Hub
The username password and email are the credentials form Docker Hub
Note that you need to subscribe the Db2 and DSM images in Docker Hub first
Configure the image pull secret$ kubectl create secret docker-registry dockerhub
--docker-username=ltyour dockerhub usernamegt--docker-password=ltyour dockerhub passwordgt--docker-email=ltyour dockerhub emailgt--namespace=ltyour namespacegt
secretdockerhub created
Verify the result$ kubectl get secretsNAME TYPE DATA AGEdefault-token-mwvpl kubernetesioservice-account-token 3 17ddockerhub kubernetesiodockerconfigjson 1 13m
IBM Cloud41
Configuring Service Account for Db2$ more pre04yaml---kind ClusterRoleapiVersion rbacauthorizationk8siov1metadataname db2-privileges-cluster-role
rules- apiGroups [extensions]resources [podsecuritypolicies]verbs [use]resourceNames- db2-privileges
---kind ClusterRoleBindingapiVersion rbacauthorizationk8siov1metadataname db2-privileges-cluster-role-binding
roleRefkind ClusterRolename db2-privileges-cluster-roleapiGroup rbacauthorizationk8sio
subjects- kind ServiceAccountname defaultnamespace stock-trader-data
The YAML specification file that defines the cluster role and the cluster role binding for the service account
Configure the service account$ kubectl apply -f pre04yamlclusterrolerbacauthorizationk8siodb2-privileges-cluster-role createdclusterrolebindingrbacauthorizationk8siodb2-privileges-cluster-role-binding created
Verify the results$ kubectl get psp
db2-privileges false SETPCAPMKNODAUDIT_WRITECHOWNNET_RAWDAC_OVERRIDEFOWNERFSETIDKILLSETGIDSETUIDNET_BIND_SERVICESYS_CHROOTSETFCAPSYS_RESOURCEIPC_OWNERSYS_NICE RunAsAny RunAsAny RunAsAnyRunAsAny false
IBM Cloud42
Helm Charts for Db2 and DSM
IBM Cloud43
Helm install command to deploy Db2 OLTP on Kubernetes
Installing Db2 OLTP server with one database in 2 minutes
$ helm install --name db2-01 ibm-chartsibm-db2oltp-dev
--tls
--set db2instinstname=db2inst1
--set db2instpassword=passw0rd
--set optionsdatabaseName=MYDB
--set dataVolumesize=20Gi
Size of the
Db2 data
volume
Name of database that
will be created
If not specified no
database will be
created
Instance
owner name
Instance owner
password
Db2 OLTP
Helm chart
name
Helm release
name
different for each
deployment
Additional parameters available for example to enable Oracle compatibilitySee httpsgithubcomIBMchartstreemasterstableibm-db2oltp-dev
IBM Cloud44
Letrsquos verify if we can connect to the MYDB database (1)
Get list of running pods and verify that Db2 OLTP pod is running
$ kubectl get podsNAME READY STATUS RESTARTS AGEdb2-01-ibm-db2oltp-dev-0 11 Running 1 7h57m
Review the logs of the Db2 OLTP container
$ kubectl logs -f db2-01-ibm-db2oltp-dev-009152019 160430 0 0 SQL1063N DB2START processing was successfulSQL1063N DB2START processing was successful() Starting TEXT SEARCH service CIE00001 Operation completed successfullyssh-keygen generating new host keys RSA1 RSA DSA ECDSA ED25519() All databases are now active() Setup has completed
IBM Cloud45
Letrsquos verify if we can connect to the MYDB database (2)
Login to the Db2 OLTP container and connect to MYDB Db2 database
$ kubectl exec -it db2-01-ibm-db2oltp-dev-0 --binbash su - db2inst1Last login Sun Sep 15 161711 UTC 2019$ db2 connect to MYDB
Database Connection Information
Database server = DB2LINUXX8664 11144SQL authorization ID = DB2INST1Local database alias = MYDB
IBM Cloud46
Cataloging the MYDB database
We need to catalog the MYDB database to access from Db2 client
binbash
NODE_PORT=$(kubectl get --namespace stock-trader-data
-o jsonpath=specports[0]nodePort services db2-01-ibm-db2oltp-dev-db2)
echo Cataloging node db2tcp1
db2 -v uncatalog node DB2TCP1
db2 -v catalog tcpip node DB2TCP1 remote 19216827100 server $NODE_PORT
echo Cataloging database MYDB at node db2tcp1
db2 -v uncatalog database MYDB
db2 -v catalog database MYDB at node DB2TCP1
db2 terminate
We get the Db2 port
from the Db2 OLTP
helm release service
definition
IBM Cloud47
Kubernetes resources for Db2 OLTP$ helm status db2-01 --tlsNAME db2-01LAST DEPLOYED Sun Sep 15 081114 2019NAMESPACE stock-trader-dataSTATUS DEPLOYEDRESOURCES==gt v1SecretNAME TYPE DATA AGEdb2-01-ibm-db2oltp-dev Opaque 1 1s==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
db2-01-data-stor Bound vol12 20Gi RWO 1s
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
db2-01-ibm-db2oltp-dev-db2 NodePort 100050 ltnonegt 5000030463TCP5500032236TCP 1sdb2-01-ibm-db2oltp-dev ClusterIP None ltnonegt 50000TCP55000TCP60006TCP60007TCP 1s==gt v1StatefulSetNAME DESIRED CURRENT AGE
db2-01-ibm-db2oltp-dev 1 1 1s
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdb2-01-ibm-db2oltp-dev-0 01 Init01 0 1s 1 Pod runs
the Db2
container
2 Services for
Db2 1x external
1x internal
1 StatefulSet
DESIRED = 1
1 PVC (RWO) for db
files logs amp config
1 Secret
Db2 instance
owner password
IBM Cloud48
Helm install command for deploying Db2 OLTP HADR
Setting up a Db2 OLTP v111 HADR cluster pair in 5 minutes with 1 command
helm install --name db2-02 ibm-chartsibm-db2oltp-dev
--tls
--set db2instinstname=db2inst1
--set db2instpassword=passw0rd
--set optionsdatabaseName=HADB
--set dataVolumesize=20Gi--set hadrenabled=true
Additional parameter
hadrenabled set to true to
indicate that we want a
HADR setup
IBM Cloud49
Verify that Db2 HADR is working
IBM Cloud50
Kubernetes resources for Db2 OTLP HADRNAME db2-02LAST DEPLOYED Tue Sep 17 082433 2019NAMESPACE stock-trader-dataSTATUS DEPLOYEDRESOURCES==gt v1SecretNAME TYPE DATA AGEdb2-02-ibm-db2oltp-dev Opaque 1 1s==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
db2-02-hadr-stor Bound vol09 20Gi RWX 1s
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
db2-02-ibm-db2oltp-dev-db2 NodePort 100061 ltnonegt 5000032422TCP5500032181TCP 1sdb2-02-ibm-db2oltp-dev ClusterIP None ltnonegt 50000TCP55000TCP60006TCP60007TCP 1sdb2-02-ibm-db2oltp-dev-etcd ClusterIP None ltnonegt 2380TCP2379TCP 1s==gt v1StatefulSetNAME DESIRED CURRENT AGE
db2-02-ibm-db2oltp-dev 2 2 1s
==gt v1beta2StatefulSet
db2-02-ibm-db2oltp-dev-etcd 3 0 1s
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdb2-02-ibm-db2oltp-dev-0 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-1 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-etcd-0 01 ContainerCreating 0 1sdb2-02-ibm-db2oltp-dev-etcd-1 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-etcd-2 01 Pending 0 1s
5 Pods
2x Db2 3x etcd
3 Services
2x Db2 1x etcd
2 StatefulSets
Db2 DESIRED=2
etcd DESIRED=3
1 PVC (RWX)
for HADR setup (1)
1 Secret
Db2 instance
owner password
(1) 5 addntl PVCs are being created
implicitly for 2x Db2 and 3x etcd
IBM Cloud51
Kubernetes Job to deploy SQL $ cat single04yamlapiVersion batchv1kind Jobmetadata
name db2-01-create-database-schemaspec
templatespec
containers- name db2-01-create-database-schema
image storeibmcorpdb2_developer_c11144-x86_64command [ binsh-cscriptsdb2-setupsh ]volumeMounts- name db2-createschema
mountPath scriptssecurityContext
capabilitiesadd [SYS_RESOURCE IPC_OWNER SYS_NICE]
env- name LICENSE
value accept- name DB2INSTANCE
value db2inst1- name DB2INST1_PASSWORD
valueFromsecretKeyRef
name db2-01-ibm-db2oltp-devkey password
- name DB2_SERVICE_NAMEvalue db2-01-ibm-db2oltp-dev
- name DBNAMEvalue mydb
restartPolicy Nevervolumes- name db2-createschema
configMapname db2-createschemadefaultMode 0744
backoffLimit 1---apiVersion v1data
db2-setupsh |binshexport SETUPDIR=vardb2_setupsource $SETUPDIRincludedb2_constantssource $SETUPDIRincludedb2_common_functionsif getent passwd $DB2INSTANCE gt devnull 2gtamp1 then
echo () Previous setup has not been detected Creating create_users
fiif create_instance then
exit 1fistart_db2cp scriptsdb2-createschemash databasedb2-createschemashchmod +x databasedb2-createschemashsu - $DB2INSTANCE -c databasedb2-createschemash
$DB2_SERVICE_NAME $DB2INSTANCEldquo$DB2INST1_PASSWORD $DBNAME
IBM Cloud52
Kubernetes Job to deploy SQL (contrsquod)db2-createschemash |
binshDB2_SERVICE_NAME=$1DB2INSTANCE=$2DB2INST1_PASSWORD=$3DBNAME=$4echo Configure schema for database $DBNAME on host $DB2_SERVICE_NAMEdb2 catalog tcpip node DB2NODE remote $DB2_SERVICE_NAME server 50000db2 catalog db $DBNAME as $DBNAME at node DB2NODEdb2 terminatedb2 activate database $DBNAME user $DB2INSTANCE using $DB2INST1_PASSWORDdb2 connect to $DBNAME user $DB2INSTANCE using $DB2INST1_PASSWORDsleep 2db2 -tvmf scriptsps-bp-tbspsqlsleep 10db2 -tvmf scriptsps-tablessqlecho Database $DBNAME has been configured
ps-bp-tbspsql |CREATE BUFFERPOOL BP32K PAGESIZE 32KCREATE TABLESPACE TS32 PAGESIZE 32K BUFFERPOOL BP32K
ps-tablessql |CREATE TABLE PS_TABLE(PS_TABLE_ID INTEGER NOT NULL GENERATED ALWAYS AS IDENTITY (START WITH 100000 INCREMENT BY 5) [hellip] IN TS32INSERT INTO PS_TABLE (SSNFIRST_NAMELAST_NAMEJOB_CODEDEPTSALARYDOB) WITH TEMP1 [hellip] CREATE TABLE PS_HISTORY ( FIRSTNAME VARCHAR(20) NOT NULL LASTNAME VARCHAR(20) NOT NULL JOBCODE CHAR(4) NOT NULL ) IN TS32 GRANT ALL ON ps_table TO PUBLICGRANT ALL ON ps_history TO PUBLIC
kind ConfigMapmetadata
name db2-createschema
IBM Cloud53
Deploying the Job to run the SQL
We deploy the Kubernetes job that runs the SQL on the MYDB database
$ kubectl apply ndashf single04yaml
jobbatchdb2-01-create-database-schema created
configmapdb2-createschema configured
We verify that the job has been created
$ kubectl get jobs
NAME COMPLETIONS DURATION AGE
db2-01-create-database-schema 01 0s 0s
Eventually the job completes
$ kubectl get jobs
NAME COMPLETIONS DURATION AGE
db2-01-create-database-schema 11 109s 45m
IBM Cloud54
Verifying the logs from the Job that runs the SQL on MYDBWe run a script to retrieve the logs form the job
binbash
kubectl config set-context $(kubectl config current-context) --namespace=stock-trader-data
pod=$(kubectl get pods --selector=job-name=db2-01-create-database-schema --output=jsonpath=items[]metadataname)
kubectl logs -f $pod
Output
[hellip]
DB20000I The SQL command completed successfully
GRANT ALL ON ps_table TO PUBLIC
DB20000I The SQL command completed successfully
GRANT ALL ON ps_history TO PUBLIC
DB20000I The SQL command completed successfully
Database mydb has been configured
IBM Cloud55
Deploying Data Server Manager (DSM) with the GUI
IBM Cloud56
Deploying Data Server Manager (DSM) with the GUI (2)
IBM Cloud57
Getting the URL of Data Server Manager
We need to query Kubernetes for the URL of the DSM GUI
binbash
export NODE_PORT=$(kubectl get --namespace stock-trader-data -o jsonpath=spec
ports[1]nodePort services dsm-01-ibm-dsm-dev)
export NODE_IP=$(kubectl get nodes --namespace stock-trader-data -o jsonpath=
items[0]statusaddresses[0]address)
echo https$NODE_IP$NODE_PORT
=gt https1921682710030462 (can be different on your system)
IBM Cloud58
Accessing Data Server Manager
IBM Cloud59
Data Server Manager HomepageAll Db2 OLTP instances running in the
same namespace as DSM will be auto-
discovered and monitored by DSM
IBM Cloud60
DSM Kubernetes resources (12)$ helm status dsm-01 --tlsLAST DEPLOYED Mon Sep 16 120102 2019NAMESPACE stock-trader-dataSTATUS DEPLOYED
RESOURCES==gt v1RoleBindingNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGEdsm-01-repository NodePort 1000233 ltnonegt 5000032695TCP5500032203TCP 8mdsm-01-ibm-dsm-dev NodePort 100085 ltnonegt 1108032444TCP1108130462TCP 8m
==gt v1beta1DeploymentNAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGEdsm-01-repository 1 1 1 1 8mdsm-01-ibm-dsm-dev 1 1 1 1 8m
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdsm-01-repository-76f87d47d4-dlqh4 11 Running 0 8mdsm-01-ibm-dsm-dev-b976d89bd-dflqn 22 Running 0 8m
2 RoleBindings
2 Services
1x Db2 (repodb)
1x DSM
2 Deployments
2 Pods
1 Db2 1 DSM
IBM Cloud61
DSM Kubernetes resources (22)
[hellip]==gt v1SecretNAME TYPE DATA AGEdsm-01-repository-db2-passwd Opaque 1 8mdsm-01-ibm-dsm-dev-dsm-passwd Opaque 1 8m
==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGEdsm-01-repository-data-stor Bound vol14 20Gi RWO 8mdsm-01-ibm-dsm-dev-datavolume Bound vol12 20Gi RWO 8m
==gt v1ServiceAccountNAME SECRETS AGEdsm-repodb-dsm-01-repository 1 8mdsm-dsm-01-ibm-dsm-dev 1 8m
==gt v1RoleNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
2 Secrets 1 DSM
asmin 1 Db2
instance owner
2 PVCs 1 DSM
Db2
3 Roles
IBM Cloud62
Additional Resources
IBM Cloud63
Additional Resources ndash Kubernetes Docker Helm
Kubernetes
minus httpskubernetesiodocstutorialskubernetes-basics
Kubernetes in the Enterprise eBook
minus ibmbizBdYA4i
Docker
minus httpsdocsdockercomget-started
Docker Hub
minus httpshubdockercom
Helm
minus httpshelmshdocs
IBM Cloud64
Additional Resources ndash IBM Cloud Private OpenShift
IBM Cloud Private Documentation
minus httpswwwibmcomsupportknowledgecenterenSSBS6K_320kc_welcome_containershtml
Deploy IBM Cloud Private Community Edition using Vagrant
minus httpsgithubcomIBMdeploy-ibm-cloud-privateblobmasterdocsdeploy-vagrantmd
Red Hat OpenShift Container Platform Documentation
minus httpsdocsopenshiftcomcontainer-platform41welcomeindexhtml
IBM Cloud65
Additional Resources ndash Db2 Db2Wh DSMDb2 Integration into IBM Cloud Private
minus httpsdeveloperibmcomrecipestutorialsdb2-integration-into-ibm-cloud-private
Db2 on IBM Cloud Private with Red Hat OpenShift
minus httpsdeveloperibmcomrecipestutorialsibm-db2-on-ibm-cloud-private-with-redhat-openshift
IBM Db2 Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-db2oltp-dev
IBM Data Server Manager Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-dsm-dev
Deploying Db2 Warehouse SMP using Kubernetes
minus httpswwwibmcomsupportknowledgecenterenSSCJDQcomibmswgimdashdbdocadmindeploy_kubernetes_smphtml
Deploying Db2 Warehouse SMP and MPP on IBM Cloud Pak for Data
minus httpswwwibmcomsupportknowledgecenterenSSQNUZ_210comibmicpdatadoczenadmindb-reqshtmldb-reqs__db2warehouse
IBM Cloud66
Presentation on Db2 and Docker from Db2 Aktuell 2018
IBM Cloud67
Summary
IBM Cloud68
Summary
Micro Services and Containers
Kubernetes Basics
Deploying Db2 on Kubernetes
minus Db2 OLTP Single Server
minus Db2 OLTP HADR
minus Data Server Manager (DSM)
Additional Resources
Summary
IBM Cloud69
Claus Huempel IBM Deutschland GmbH
Karl-Arnold-Platz 1a
Technical Sales Professional 40474 Duesseldorf
Hybrid Data Management Germany
Mobile +49-177-3627278
Email chuempeldeibmcom
Thank You
IBM Cloud70
IBM Cloud23
Kubernetes Workloads ndash Create a Pod
Create a nginx pod ndash icp01yaml--- Simple yaml file to create an nginx podapiVersion v1kind Podmetadata
name nginxlabels
app nginxspec
containers- name nginx
image nginx179ports- containerPort 80
Create the pod
$ kubectl apply -f icp01yaml
podnginx created
Check pod status
$ kubectl get pods
NAME READY STATUS RESTARTS AGE
nginx 11 Running 0 13s
IBM Cloud24
Kubernetes Workloads - ControllersControllers can create and manage pods for you
ReplicaSet
minus A ReplicaSet ensures that a specified number of pod replicas are running at any given time
Deployments
minus Deployment is a higher-level concept that manages ReplicaSets and provides declarative updates to pods
minus Example Create a deployment to rollout a ReplicaSet
StatefulSets
minus StatefulSets represent a set of pods with unique persistent identities and stable hostnames that are maintained regardless where they are scheduled
minus Examples Db2 Redis IBM MQ
DaemonSets
minus A DaemonSet ensures that nodes (all or some) run a copy of pod As nodes are added pods are added to them
minus Example Cluster storage daemon such as glusterd ceph logs collection on each node
Jobs CronJobs
minus A job creates one or more pods and ensures that a specified number of them successfully terminate
IBM Cloud25
Kubernetes Network - Services
Without services Pods are not visible outside the cluster
To enable communication from outside world to the Pods services are created
Internal Service Endpoints ndash Available inside the cluster only
External Service Endpoints - DNS names C-Names or A-records available to access pods
With the help of labels and selectors the services are tied to the pods
Service Types
minus ClusterIP ndash Service is reachable only from inside of the cluster
minus NodePort ndash Service is reachable through NodeIPNodePort
minus LoadBalancer ndash Service is reachable through an external load balancer mapped to NodeIPNodePort address
IBM Cloud26
Kubernetes Storage ndash Volume types
Host-based
minus EmptyDir
minus HostPath
Block Storage
minus IBM Block Storage
minus Amazon EBS
minus GCE Persistent Disk
minus vSphere Volumes
Distributed File System
minus IBM Spectrum Scale
minus NFS
minus Ceph
minus GlusterFS
minus Amazon EFS
minus Azure File System
Other
minus Flocker
minus iSCSI
minus Git Repository
minus Quobyte
IBM Cloud27
Kubernetes Storage ndash Persistence in Pods
Pods are ephemeral and stateless
Applications need persistent storage
Volumes is a way to get persistence to a Pod
Kubernetes volumes are similar to Docker volumes but are managed differently
All containers in a Pod can access the volume
Volumes are associated with the lifecycle of a Pod
Directories in a host are exposed as volumes in Pod
Volumes may be based on a variety of back-end storage types
IBM Cloud28
Kubernetes StoragePersistent volume and persistent volume claim
The Kubernetes Volume abstraction provides
minusPersistent Volume (PV) ndash Provisioned by an administrator
minusPersistent Volume Claim (PVC) ndash Requested by an user and Heketi provisions PVC ndash which creates a PV
minus Storage Class (SC) ndash Storage profiles offered by admins
Persistent
Volume
Block Storage Distributed File System IBM
Spectrum Scale
Worker Node
Pod 1 Pod 1
Persistent
Volume
Claim
IBM Cloud29
Kubernetes SecretsDecouple container with sensitive information
Secret holds sensitive information such as password OAuth tokens and more
Secret is an abstraction to decouple sensitive data
To use a secret Pod needs to reference the secret
Secret can be used in a Pod as files in a volume mounted on one or more containers or used by kubelet when pulling images for the Pod
$ kubectl -n stocktrader
create secret generic db2
--from-literal=id=db2psc
--from-literal=pwd=password
--from-literal=host=dev-ibm-db2oltp-devdefaultsvcclusterlocal
--from-literal=port=50000
--from-literal=db=PSDB
IBM Cloud30
IBM Cloud Private catalog ndash Helm Charts
Db2 chart
DSM chart
IBM Cloud31
IBM Cloud Private catalog ndash What is a Helm Chart
Helm is the package manager in IBM Cloud Private
Tiller is the server that serves the Helm content
Helm charts help to define install and upgrade software in an automated fashion
Helm charts can be deployed using GUI or command line
Software packages are available from IBM Charts Repository
Available at httpsgithubcomIBMcharts
IBM Cloud Private catalog requires internet connectivity to show available charts
In an air-gap environment you can build your own Local Charts repository
IBM Cloud32
IBM Charts Repository httpsgithubcomIBMchartstreemasterstable
Db2 chart
DSM chart
IBM Cloud33
Helm command line ndash Helm and Tiller
Helm is the client and Tiller is the server ndash runs on master node
$ helm version
Client v272+icp
Error cannot connect to Tiller
Use of --tls is required to do Helm operations
$ helm version --tls
Client v272+icp
Server v272+icp
Helm and Tiller version must be same ndash do not download Helm from Internet
IBM Cloud34
Deploying Db2 on Kubernetes
IBM Cloud35
Db2-based Containers running on Kubernetes (Sep 2019)Product Version Worker
Nodes
Pods PVCs Comments
Db2 OLTP 11144 1 1 1
Db2 OLTP HADR 11144 3 5 6 1x Db2 primary 1x Db2 standby 3x etcd for cluster
manager addntl PVC for HADR setup
Data Server
Manager
215 1 2 2 1x DSM 1x Db2 repository database
Includes Db2 111 engine
Db2 Warehouse
SMP
3100 1 1 1 Includes Db2 111 engine
Db2 Warehouse
MPP
3100 3+ 3+ 1 Includes Db2 111 engine
Requires IBM Cloud Pak for Data
Coming soon
minus Red Hat OpenShift Kubernetes support
minus Db2 v115 engine
IBM Cloud36
IBM Cloud Private Kubernetes platform
IBM Cloud37
Before deploying Db2 OLTP to Kubernetes a couple of stepsneed to be performed
Creating a new namespace (optional)
Configuring a pod security policy
Configuring an image pull secret
Configuring the service account
IBM Cloud38
Creating the Namespace for the Db2 OLTP containers
We will create new namespace where all our Pods for Db2 OLTP Db2 OLTP HADR and Data Server Manager will run
Create the namespace for example stock-trader-data
$ kubectl create namespace stock-trader-data
namespacestock-trader-data created
Switch the context to the newly created namespace
$ kubectl config set-context $(kubectl config current-context)
--namespace=stock-trader-data
Context mycluster-context modified
Verify pods There should be no pods running as we just created the namespace$ kubectl get podsNo resources found
IBM Cloud39
Configuring Pod Security Policy for Db2$ cat pre01yamlapiVersion extensionsv1beta1kind PodSecurityPolicymetadata
name db2-privilegesspec
allowPrivilegeEscalation trueprivileged falseallowedCapabilities- SETPCAP- MKNOD- AUDIT_WRITE- CHOWN- NET_RAW- DAC_OVERRIDE- FOWNER- FSETID- KILL- SETGID- SETUID- NET_BIND_SERVICE- SYS_CHROOT- SETFCAP- SYS_RESOURCE- IPC_OWNER- SYS_NICEfsGroup
rule RunAsAnyhostIPC true
hostNetwork falsehostPID falsehostPorts- max 65535
min 1runAsUser
rule RunAsAnyseLinux
rule RunAsAnysupplementalGroups
rule RunAsAnyvolumes-
Configure the pod security policy$ kubectl apply -f pre01yamlpodsecuritypolicyextensionsdb2-privileges configured
Verify the results$ kubectl get psp
db2-privileges false SETPCAPMKNODAUDIT_WRITECHOWNNET_RAWDAC_OVERRIDEFOWNERFSETIDKILLSETGIDSETUIDNET_BIND_SERVICESYS_CHROOTSETFCAPSYS_RESOURCEIPC_OWNERSYS_NICE RunAsAny RunAsAny RunAsAny RunAsAnyfalse
IBM Cloud40
Configuring Image Pull Secret for Db2
We need to create a image pull secret to give Kubernetes the credentials to pull the Db2 Developer-C and DSM images from Docker Hub
The username password and email are the credentials form Docker Hub
Note that you need to subscribe the Db2 and DSM images in Docker Hub first
Configure the image pull secret$ kubectl create secret docker-registry dockerhub
--docker-username=ltyour dockerhub usernamegt--docker-password=ltyour dockerhub passwordgt--docker-email=ltyour dockerhub emailgt--namespace=ltyour namespacegt
secretdockerhub created
Verify the result$ kubectl get secretsNAME TYPE DATA AGEdefault-token-mwvpl kubernetesioservice-account-token 3 17ddockerhub kubernetesiodockerconfigjson 1 13m
IBM Cloud41
Configuring Service Account for Db2$ more pre04yaml---kind ClusterRoleapiVersion rbacauthorizationk8siov1metadataname db2-privileges-cluster-role
rules- apiGroups [extensions]resources [podsecuritypolicies]verbs [use]resourceNames- db2-privileges
---kind ClusterRoleBindingapiVersion rbacauthorizationk8siov1metadataname db2-privileges-cluster-role-binding
roleRefkind ClusterRolename db2-privileges-cluster-roleapiGroup rbacauthorizationk8sio
subjects- kind ServiceAccountname defaultnamespace stock-trader-data
The YAML specification file that defines the cluster role and the cluster role binding for the service account
Configure the service account$ kubectl apply -f pre04yamlclusterrolerbacauthorizationk8siodb2-privileges-cluster-role createdclusterrolebindingrbacauthorizationk8siodb2-privileges-cluster-role-binding created
Verify the results$ kubectl get psp
db2-privileges false SETPCAPMKNODAUDIT_WRITECHOWNNET_RAWDAC_OVERRIDEFOWNERFSETIDKILLSETGIDSETUIDNET_BIND_SERVICESYS_CHROOTSETFCAPSYS_RESOURCEIPC_OWNERSYS_NICE RunAsAny RunAsAny RunAsAnyRunAsAny false
IBM Cloud42
Helm Charts for Db2 and DSM
IBM Cloud43
Helm install command to deploy Db2 OLTP on Kubernetes
Installing Db2 OLTP server with one database in 2 minutes
$ helm install --name db2-01 ibm-chartsibm-db2oltp-dev
--tls
--set db2instinstname=db2inst1
--set db2instpassword=passw0rd
--set optionsdatabaseName=MYDB
--set dataVolumesize=20Gi
Size of the
Db2 data
volume
Name of database that
will be created
If not specified no
database will be
created
Instance
owner name
Instance owner
password
Db2 OLTP
Helm chart
name
Helm release
name
different for each
deployment
Additional parameters available for example to enable Oracle compatibilitySee httpsgithubcomIBMchartstreemasterstableibm-db2oltp-dev
IBM Cloud44
Letrsquos verify if we can connect to the MYDB database (1)
Get list of running pods and verify that Db2 OLTP pod is running
$ kubectl get podsNAME READY STATUS RESTARTS AGEdb2-01-ibm-db2oltp-dev-0 11 Running 1 7h57m
Review the logs of the Db2 OLTP container
$ kubectl logs -f db2-01-ibm-db2oltp-dev-009152019 160430 0 0 SQL1063N DB2START processing was successfulSQL1063N DB2START processing was successful() Starting TEXT SEARCH service CIE00001 Operation completed successfullyssh-keygen generating new host keys RSA1 RSA DSA ECDSA ED25519() All databases are now active() Setup has completed
IBM Cloud45
Letrsquos verify if we can connect to the MYDB database (2)
Login to the Db2 OLTP container and connect to MYDB Db2 database
$ kubectl exec -it db2-01-ibm-db2oltp-dev-0 --binbash su - db2inst1Last login Sun Sep 15 161711 UTC 2019$ db2 connect to MYDB
Database Connection Information
Database server = DB2LINUXX8664 11144SQL authorization ID = DB2INST1Local database alias = MYDB
IBM Cloud46
Cataloging the MYDB database
We need to catalog the MYDB database to access from Db2 client
binbash
NODE_PORT=$(kubectl get --namespace stock-trader-data
-o jsonpath=specports[0]nodePort services db2-01-ibm-db2oltp-dev-db2)
echo Cataloging node db2tcp1
db2 -v uncatalog node DB2TCP1
db2 -v catalog tcpip node DB2TCP1 remote 19216827100 server $NODE_PORT
echo Cataloging database MYDB at node db2tcp1
db2 -v uncatalog database MYDB
db2 -v catalog database MYDB at node DB2TCP1
db2 terminate
We get the Db2 port
from the Db2 OLTP
helm release service
definition
IBM Cloud47
Kubernetes resources for Db2 OLTP$ helm status db2-01 --tlsNAME db2-01LAST DEPLOYED Sun Sep 15 081114 2019NAMESPACE stock-trader-dataSTATUS DEPLOYEDRESOURCES==gt v1SecretNAME TYPE DATA AGEdb2-01-ibm-db2oltp-dev Opaque 1 1s==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
db2-01-data-stor Bound vol12 20Gi RWO 1s
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
db2-01-ibm-db2oltp-dev-db2 NodePort 100050 ltnonegt 5000030463TCP5500032236TCP 1sdb2-01-ibm-db2oltp-dev ClusterIP None ltnonegt 50000TCP55000TCP60006TCP60007TCP 1s==gt v1StatefulSetNAME DESIRED CURRENT AGE
db2-01-ibm-db2oltp-dev 1 1 1s
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdb2-01-ibm-db2oltp-dev-0 01 Init01 0 1s 1 Pod runs
the Db2
container
2 Services for
Db2 1x external
1x internal
1 StatefulSet
DESIRED = 1
1 PVC (RWO) for db
files logs amp config
1 Secret
Db2 instance
owner password
IBM Cloud48
Helm install command for deploying Db2 OLTP HADR
Setting up a Db2 OLTP v111 HADR cluster pair in 5 minutes with 1 command
helm install --name db2-02 ibm-chartsibm-db2oltp-dev
--tls
--set db2instinstname=db2inst1
--set db2instpassword=passw0rd
--set optionsdatabaseName=HADB
--set dataVolumesize=20Gi--set hadrenabled=true
Additional parameter
hadrenabled set to true to
indicate that we want a
HADR setup
IBM Cloud49
Verify that Db2 HADR is working
IBM Cloud50
Kubernetes resources for Db2 OTLP HADRNAME db2-02LAST DEPLOYED Tue Sep 17 082433 2019NAMESPACE stock-trader-dataSTATUS DEPLOYEDRESOURCES==gt v1SecretNAME TYPE DATA AGEdb2-02-ibm-db2oltp-dev Opaque 1 1s==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
db2-02-hadr-stor Bound vol09 20Gi RWX 1s
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
db2-02-ibm-db2oltp-dev-db2 NodePort 100061 ltnonegt 5000032422TCP5500032181TCP 1sdb2-02-ibm-db2oltp-dev ClusterIP None ltnonegt 50000TCP55000TCP60006TCP60007TCP 1sdb2-02-ibm-db2oltp-dev-etcd ClusterIP None ltnonegt 2380TCP2379TCP 1s==gt v1StatefulSetNAME DESIRED CURRENT AGE
db2-02-ibm-db2oltp-dev 2 2 1s
==gt v1beta2StatefulSet
db2-02-ibm-db2oltp-dev-etcd 3 0 1s
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdb2-02-ibm-db2oltp-dev-0 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-1 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-etcd-0 01 ContainerCreating 0 1sdb2-02-ibm-db2oltp-dev-etcd-1 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-etcd-2 01 Pending 0 1s
5 Pods
2x Db2 3x etcd
3 Services
2x Db2 1x etcd
2 StatefulSets
Db2 DESIRED=2
etcd DESIRED=3
1 PVC (RWX)
for HADR setup (1)
1 Secret
Db2 instance
owner password
(1) 5 addntl PVCs are being created
implicitly for 2x Db2 and 3x etcd
IBM Cloud51
Kubernetes Job to deploy SQL $ cat single04yamlapiVersion batchv1kind Jobmetadata
name db2-01-create-database-schemaspec
templatespec
containers- name db2-01-create-database-schema
image storeibmcorpdb2_developer_c11144-x86_64command [ binsh-cscriptsdb2-setupsh ]volumeMounts- name db2-createschema
mountPath scriptssecurityContext
capabilitiesadd [SYS_RESOURCE IPC_OWNER SYS_NICE]
env- name LICENSE
value accept- name DB2INSTANCE
value db2inst1- name DB2INST1_PASSWORD
valueFromsecretKeyRef
name db2-01-ibm-db2oltp-devkey password
- name DB2_SERVICE_NAMEvalue db2-01-ibm-db2oltp-dev
- name DBNAMEvalue mydb
restartPolicy Nevervolumes- name db2-createschema
configMapname db2-createschemadefaultMode 0744
backoffLimit 1---apiVersion v1data
db2-setupsh |binshexport SETUPDIR=vardb2_setupsource $SETUPDIRincludedb2_constantssource $SETUPDIRincludedb2_common_functionsif getent passwd $DB2INSTANCE gt devnull 2gtamp1 then
echo () Previous setup has not been detected Creating create_users
fiif create_instance then
exit 1fistart_db2cp scriptsdb2-createschemash databasedb2-createschemashchmod +x databasedb2-createschemashsu - $DB2INSTANCE -c databasedb2-createschemash
$DB2_SERVICE_NAME $DB2INSTANCEldquo$DB2INST1_PASSWORD $DBNAME
IBM Cloud52
Kubernetes Job to deploy SQL (contrsquod)db2-createschemash |
binshDB2_SERVICE_NAME=$1DB2INSTANCE=$2DB2INST1_PASSWORD=$3DBNAME=$4echo Configure schema for database $DBNAME on host $DB2_SERVICE_NAMEdb2 catalog tcpip node DB2NODE remote $DB2_SERVICE_NAME server 50000db2 catalog db $DBNAME as $DBNAME at node DB2NODEdb2 terminatedb2 activate database $DBNAME user $DB2INSTANCE using $DB2INST1_PASSWORDdb2 connect to $DBNAME user $DB2INSTANCE using $DB2INST1_PASSWORDsleep 2db2 -tvmf scriptsps-bp-tbspsqlsleep 10db2 -tvmf scriptsps-tablessqlecho Database $DBNAME has been configured
ps-bp-tbspsql |CREATE BUFFERPOOL BP32K PAGESIZE 32KCREATE TABLESPACE TS32 PAGESIZE 32K BUFFERPOOL BP32K
ps-tablessql |CREATE TABLE PS_TABLE(PS_TABLE_ID INTEGER NOT NULL GENERATED ALWAYS AS IDENTITY (START WITH 100000 INCREMENT BY 5) [hellip] IN TS32INSERT INTO PS_TABLE (SSNFIRST_NAMELAST_NAMEJOB_CODEDEPTSALARYDOB) WITH TEMP1 [hellip] CREATE TABLE PS_HISTORY ( FIRSTNAME VARCHAR(20) NOT NULL LASTNAME VARCHAR(20) NOT NULL JOBCODE CHAR(4) NOT NULL ) IN TS32 GRANT ALL ON ps_table TO PUBLICGRANT ALL ON ps_history TO PUBLIC
kind ConfigMapmetadata
name db2-createschema
IBM Cloud53
Deploying the Job to run the SQL
We deploy the Kubernetes job that runs the SQL on the MYDB database
$ kubectl apply ndashf single04yaml
jobbatchdb2-01-create-database-schema created
configmapdb2-createschema configured
We verify that the job has been created
$ kubectl get jobs
NAME COMPLETIONS DURATION AGE
db2-01-create-database-schema 01 0s 0s
Eventually the job completes
$ kubectl get jobs
NAME COMPLETIONS DURATION AGE
db2-01-create-database-schema 11 109s 45m
IBM Cloud54
Verifying the logs from the Job that runs the SQL on MYDBWe run a script to retrieve the logs form the job
binbash
kubectl config set-context $(kubectl config current-context) --namespace=stock-trader-data
pod=$(kubectl get pods --selector=job-name=db2-01-create-database-schema --output=jsonpath=items[]metadataname)
kubectl logs -f $pod
Output
[hellip]
DB20000I The SQL command completed successfully
GRANT ALL ON ps_table TO PUBLIC
DB20000I The SQL command completed successfully
GRANT ALL ON ps_history TO PUBLIC
DB20000I The SQL command completed successfully
Database mydb has been configured
IBM Cloud55
Deploying Data Server Manager (DSM) with the GUI
IBM Cloud56
Deploying Data Server Manager (DSM) with the GUI (2)
IBM Cloud57
Getting the URL of Data Server Manager
We need to query Kubernetes for the URL of the DSM GUI
binbash
export NODE_PORT=$(kubectl get --namespace stock-trader-data -o jsonpath=spec
ports[1]nodePort services dsm-01-ibm-dsm-dev)
export NODE_IP=$(kubectl get nodes --namespace stock-trader-data -o jsonpath=
items[0]statusaddresses[0]address)
echo https$NODE_IP$NODE_PORT
=gt https1921682710030462 (can be different on your system)
IBM Cloud58
Accessing Data Server Manager
IBM Cloud59
Data Server Manager HomepageAll Db2 OLTP instances running in the
same namespace as DSM will be auto-
discovered and monitored by DSM
IBM Cloud60
DSM Kubernetes resources (12)$ helm status dsm-01 --tlsLAST DEPLOYED Mon Sep 16 120102 2019NAMESPACE stock-trader-dataSTATUS DEPLOYED
RESOURCES==gt v1RoleBindingNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGEdsm-01-repository NodePort 1000233 ltnonegt 5000032695TCP5500032203TCP 8mdsm-01-ibm-dsm-dev NodePort 100085 ltnonegt 1108032444TCP1108130462TCP 8m
==gt v1beta1DeploymentNAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGEdsm-01-repository 1 1 1 1 8mdsm-01-ibm-dsm-dev 1 1 1 1 8m
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdsm-01-repository-76f87d47d4-dlqh4 11 Running 0 8mdsm-01-ibm-dsm-dev-b976d89bd-dflqn 22 Running 0 8m
2 RoleBindings
2 Services
1x Db2 (repodb)
1x DSM
2 Deployments
2 Pods
1 Db2 1 DSM
IBM Cloud61
DSM Kubernetes resources (22)
[hellip]==gt v1SecretNAME TYPE DATA AGEdsm-01-repository-db2-passwd Opaque 1 8mdsm-01-ibm-dsm-dev-dsm-passwd Opaque 1 8m
==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGEdsm-01-repository-data-stor Bound vol14 20Gi RWO 8mdsm-01-ibm-dsm-dev-datavolume Bound vol12 20Gi RWO 8m
==gt v1ServiceAccountNAME SECRETS AGEdsm-repodb-dsm-01-repository 1 8mdsm-dsm-01-ibm-dsm-dev 1 8m
==gt v1RoleNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
2 Secrets 1 DSM
asmin 1 Db2
instance owner
2 PVCs 1 DSM
Db2
3 Roles
IBM Cloud62
Additional Resources
IBM Cloud63
Additional Resources ndash Kubernetes Docker Helm
Kubernetes
minus httpskubernetesiodocstutorialskubernetes-basics
Kubernetes in the Enterprise eBook
minus ibmbizBdYA4i
Docker
minus httpsdocsdockercomget-started
Docker Hub
minus httpshubdockercom
Helm
minus httpshelmshdocs
IBM Cloud64
Additional Resources ndash IBM Cloud Private OpenShift
IBM Cloud Private Documentation
minus httpswwwibmcomsupportknowledgecenterenSSBS6K_320kc_welcome_containershtml
Deploy IBM Cloud Private Community Edition using Vagrant
minus httpsgithubcomIBMdeploy-ibm-cloud-privateblobmasterdocsdeploy-vagrantmd
Red Hat OpenShift Container Platform Documentation
minus httpsdocsopenshiftcomcontainer-platform41welcomeindexhtml
IBM Cloud65
Additional Resources ndash Db2 Db2Wh DSMDb2 Integration into IBM Cloud Private
minus httpsdeveloperibmcomrecipestutorialsdb2-integration-into-ibm-cloud-private
Db2 on IBM Cloud Private with Red Hat OpenShift
minus httpsdeveloperibmcomrecipestutorialsibm-db2-on-ibm-cloud-private-with-redhat-openshift
IBM Db2 Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-db2oltp-dev
IBM Data Server Manager Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-dsm-dev
Deploying Db2 Warehouse SMP using Kubernetes
minus httpswwwibmcomsupportknowledgecenterenSSCJDQcomibmswgimdashdbdocadmindeploy_kubernetes_smphtml
Deploying Db2 Warehouse SMP and MPP on IBM Cloud Pak for Data
minus httpswwwibmcomsupportknowledgecenterenSSQNUZ_210comibmicpdatadoczenadmindb-reqshtmldb-reqs__db2warehouse
IBM Cloud66
Presentation on Db2 and Docker from Db2 Aktuell 2018
IBM Cloud67
Summary
IBM Cloud68
Summary
Micro Services and Containers
Kubernetes Basics
Deploying Db2 on Kubernetes
minus Db2 OLTP Single Server
minus Db2 OLTP HADR
minus Data Server Manager (DSM)
Additional Resources
Summary
IBM Cloud69
Claus Huempel IBM Deutschland GmbH
Karl-Arnold-Platz 1a
Technical Sales Professional 40474 Duesseldorf
Hybrid Data Management Germany
Mobile +49-177-3627278
Email chuempeldeibmcom
Thank You
IBM Cloud70
IBM Cloud24
Kubernetes Workloads - ControllersControllers can create and manage pods for you
ReplicaSet
minus A ReplicaSet ensures that a specified number of pod replicas are running at any given time
Deployments
minus Deployment is a higher-level concept that manages ReplicaSets and provides declarative updates to pods
minus Example Create a deployment to rollout a ReplicaSet
StatefulSets
minus StatefulSets represent a set of pods with unique persistent identities and stable hostnames that are maintained regardless where they are scheduled
minus Examples Db2 Redis IBM MQ
DaemonSets
minus A DaemonSet ensures that nodes (all or some) run a copy of pod As nodes are added pods are added to them
minus Example Cluster storage daemon such as glusterd ceph logs collection on each node
Jobs CronJobs
minus A job creates one or more pods and ensures that a specified number of them successfully terminate
IBM Cloud25
Kubernetes Network - Services
Without services Pods are not visible outside the cluster
To enable communication from outside world to the Pods services are created
Internal Service Endpoints ndash Available inside the cluster only
External Service Endpoints - DNS names C-Names or A-records available to access pods
With the help of labels and selectors the services are tied to the pods
Service Types
minus ClusterIP ndash Service is reachable only from inside of the cluster
minus NodePort ndash Service is reachable through NodeIPNodePort
minus LoadBalancer ndash Service is reachable through an external load balancer mapped to NodeIPNodePort address
IBM Cloud26
Kubernetes Storage ndash Volume types
Host-based
minus EmptyDir
minus HostPath
Block Storage
minus IBM Block Storage
minus Amazon EBS
minus GCE Persistent Disk
minus vSphere Volumes
Distributed File System
minus IBM Spectrum Scale
minus NFS
minus Ceph
minus GlusterFS
minus Amazon EFS
minus Azure File System
Other
minus Flocker
minus iSCSI
minus Git Repository
minus Quobyte
IBM Cloud27
Kubernetes Storage ndash Persistence in Pods
Pods are ephemeral and stateless
Applications need persistent storage
Volumes is a way to get persistence to a Pod
Kubernetes volumes are similar to Docker volumes but are managed differently
All containers in a Pod can access the volume
Volumes are associated with the lifecycle of a Pod
Directories in a host are exposed as volumes in Pod
Volumes may be based on a variety of back-end storage types
IBM Cloud28
Kubernetes StoragePersistent volume and persistent volume claim
The Kubernetes Volume abstraction provides
minusPersistent Volume (PV) ndash Provisioned by an administrator
minusPersistent Volume Claim (PVC) ndash Requested by an user and Heketi provisions PVC ndash which creates a PV
minus Storage Class (SC) ndash Storage profiles offered by admins
Persistent
Volume
Block Storage Distributed File System IBM
Spectrum Scale
Worker Node
Pod 1 Pod 1
Persistent
Volume
Claim
IBM Cloud29
Kubernetes SecretsDecouple container with sensitive information
Secret holds sensitive information such as password OAuth tokens and more
Secret is an abstraction to decouple sensitive data
To use a secret Pod needs to reference the secret
Secret can be used in a Pod as files in a volume mounted on one or more containers or used by kubelet when pulling images for the Pod
$ kubectl -n stocktrader
create secret generic db2
--from-literal=id=db2psc
--from-literal=pwd=password
--from-literal=host=dev-ibm-db2oltp-devdefaultsvcclusterlocal
--from-literal=port=50000
--from-literal=db=PSDB
IBM Cloud30
IBM Cloud Private catalog ndash Helm Charts
Db2 chart
DSM chart
IBM Cloud31
IBM Cloud Private catalog ndash What is a Helm Chart
Helm is the package manager in IBM Cloud Private
Tiller is the server that serves the Helm content
Helm charts help to define install and upgrade software in an automated fashion
Helm charts can be deployed using GUI or command line
Software packages are available from IBM Charts Repository
Available at httpsgithubcomIBMcharts
IBM Cloud Private catalog requires internet connectivity to show available charts
In an air-gap environment you can build your own Local Charts repository
IBM Cloud32
IBM Charts Repository httpsgithubcomIBMchartstreemasterstable
Db2 chart
DSM chart
IBM Cloud33
Helm command line ndash Helm and Tiller
Helm is the client and Tiller is the server ndash runs on master node
$ helm version
Client v272+icp
Error cannot connect to Tiller
Use of --tls is required to do Helm operations
$ helm version --tls
Client v272+icp
Server v272+icp
Helm and Tiller version must be same ndash do not download Helm from Internet
IBM Cloud34
Deploying Db2 on Kubernetes
IBM Cloud35
Db2-based Containers running on Kubernetes (Sep 2019)Product Version Worker
Nodes
Pods PVCs Comments
Db2 OLTP 11144 1 1 1
Db2 OLTP HADR 11144 3 5 6 1x Db2 primary 1x Db2 standby 3x etcd for cluster
manager addntl PVC for HADR setup
Data Server
Manager
215 1 2 2 1x DSM 1x Db2 repository database
Includes Db2 111 engine
Db2 Warehouse
SMP
3100 1 1 1 Includes Db2 111 engine
Db2 Warehouse
MPP
3100 3+ 3+ 1 Includes Db2 111 engine
Requires IBM Cloud Pak for Data
Coming soon
minus Red Hat OpenShift Kubernetes support
minus Db2 v115 engine
IBM Cloud36
IBM Cloud Private Kubernetes platform
IBM Cloud37
Before deploying Db2 OLTP to Kubernetes a couple of stepsneed to be performed
Creating a new namespace (optional)
Configuring a pod security policy
Configuring an image pull secret
Configuring the service account
IBM Cloud38
Creating the Namespace for the Db2 OLTP containers
We will create new namespace where all our Pods for Db2 OLTP Db2 OLTP HADR and Data Server Manager will run
Create the namespace for example stock-trader-data
$ kubectl create namespace stock-trader-data
namespacestock-trader-data created
Switch the context to the newly created namespace
$ kubectl config set-context $(kubectl config current-context)
--namespace=stock-trader-data
Context mycluster-context modified
Verify pods There should be no pods running as we just created the namespace$ kubectl get podsNo resources found
IBM Cloud39
Configuring Pod Security Policy for Db2$ cat pre01yamlapiVersion extensionsv1beta1kind PodSecurityPolicymetadata
name db2-privilegesspec
allowPrivilegeEscalation trueprivileged falseallowedCapabilities- SETPCAP- MKNOD- AUDIT_WRITE- CHOWN- NET_RAW- DAC_OVERRIDE- FOWNER- FSETID- KILL- SETGID- SETUID- NET_BIND_SERVICE- SYS_CHROOT- SETFCAP- SYS_RESOURCE- IPC_OWNER- SYS_NICEfsGroup
rule RunAsAnyhostIPC true
hostNetwork falsehostPID falsehostPorts- max 65535
min 1runAsUser
rule RunAsAnyseLinux
rule RunAsAnysupplementalGroups
rule RunAsAnyvolumes-
Configure the pod security policy$ kubectl apply -f pre01yamlpodsecuritypolicyextensionsdb2-privileges configured
Verify the results$ kubectl get psp
db2-privileges false SETPCAPMKNODAUDIT_WRITECHOWNNET_RAWDAC_OVERRIDEFOWNERFSETIDKILLSETGIDSETUIDNET_BIND_SERVICESYS_CHROOTSETFCAPSYS_RESOURCEIPC_OWNERSYS_NICE RunAsAny RunAsAny RunAsAny RunAsAnyfalse
IBM Cloud40
Configuring Image Pull Secret for Db2
We need to create a image pull secret to give Kubernetes the credentials to pull the Db2 Developer-C and DSM images from Docker Hub
The username password and email are the credentials form Docker Hub
Note that you need to subscribe the Db2 and DSM images in Docker Hub first
Configure the image pull secret$ kubectl create secret docker-registry dockerhub
--docker-username=ltyour dockerhub usernamegt--docker-password=ltyour dockerhub passwordgt--docker-email=ltyour dockerhub emailgt--namespace=ltyour namespacegt
secretdockerhub created
Verify the result$ kubectl get secretsNAME TYPE DATA AGEdefault-token-mwvpl kubernetesioservice-account-token 3 17ddockerhub kubernetesiodockerconfigjson 1 13m
IBM Cloud41
Configuring Service Account for Db2$ more pre04yaml---kind ClusterRoleapiVersion rbacauthorizationk8siov1metadataname db2-privileges-cluster-role
rules- apiGroups [extensions]resources [podsecuritypolicies]verbs [use]resourceNames- db2-privileges
---kind ClusterRoleBindingapiVersion rbacauthorizationk8siov1metadataname db2-privileges-cluster-role-binding
roleRefkind ClusterRolename db2-privileges-cluster-roleapiGroup rbacauthorizationk8sio
subjects- kind ServiceAccountname defaultnamespace stock-trader-data
The YAML specification file that defines the cluster role and the cluster role binding for the service account
Configure the service account$ kubectl apply -f pre04yamlclusterrolerbacauthorizationk8siodb2-privileges-cluster-role createdclusterrolebindingrbacauthorizationk8siodb2-privileges-cluster-role-binding created
Verify the results$ kubectl get psp
db2-privileges false SETPCAPMKNODAUDIT_WRITECHOWNNET_RAWDAC_OVERRIDEFOWNERFSETIDKILLSETGIDSETUIDNET_BIND_SERVICESYS_CHROOTSETFCAPSYS_RESOURCEIPC_OWNERSYS_NICE RunAsAny RunAsAny RunAsAnyRunAsAny false
IBM Cloud42
Helm Charts for Db2 and DSM
IBM Cloud43
Helm install command to deploy Db2 OLTP on Kubernetes
Installing Db2 OLTP server with one database in 2 minutes
$ helm install --name db2-01 ibm-chartsibm-db2oltp-dev
--tls
--set db2instinstname=db2inst1
--set db2instpassword=passw0rd
--set optionsdatabaseName=MYDB
--set dataVolumesize=20Gi
Size of the
Db2 data
volume
Name of database that
will be created
If not specified no
database will be
created
Instance
owner name
Instance owner
password
Db2 OLTP
Helm chart
name
Helm release
name
different for each
deployment
Additional parameters available for example to enable Oracle compatibilitySee httpsgithubcomIBMchartstreemasterstableibm-db2oltp-dev
IBM Cloud44
Letrsquos verify if we can connect to the MYDB database (1)
Get list of running pods and verify that Db2 OLTP pod is running
$ kubectl get podsNAME READY STATUS RESTARTS AGEdb2-01-ibm-db2oltp-dev-0 11 Running 1 7h57m
Review the logs of the Db2 OLTP container
$ kubectl logs -f db2-01-ibm-db2oltp-dev-009152019 160430 0 0 SQL1063N DB2START processing was successfulSQL1063N DB2START processing was successful() Starting TEXT SEARCH service CIE00001 Operation completed successfullyssh-keygen generating new host keys RSA1 RSA DSA ECDSA ED25519() All databases are now active() Setup has completed
IBM Cloud45
Letrsquos verify if we can connect to the MYDB database (2)
Login to the Db2 OLTP container and connect to MYDB Db2 database
$ kubectl exec -it db2-01-ibm-db2oltp-dev-0 --binbash su - db2inst1Last login Sun Sep 15 161711 UTC 2019$ db2 connect to MYDB
Database Connection Information
Database server = DB2LINUXX8664 11144SQL authorization ID = DB2INST1Local database alias = MYDB
IBM Cloud46
Cataloging the MYDB database
We need to catalog the MYDB database to access from Db2 client
binbash
NODE_PORT=$(kubectl get --namespace stock-trader-data
-o jsonpath=specports[0]nodePort services db2-01-ibm-db2oltp-dev-db2)
echo Cataloging node db2tcp1
db2 -v uncatalog node DB2TCP1
db2 -v catalog tcpip node DB2TCP1 remote 19216827100 server $NODE_PORT
echo Cataloging database MYDB at node db2tcp1
db2 -v uncatalog database MYDB
db2 -v catalog database MYDB at node DB2TCP1
db2 terminate
We get the Db2 port
from the Db2 OLTP
helm release service
definition
IBM Cloud47
Kubernetes resources for Db2 OLTP$ helm status db2-01 --tlsNAME db2-01LAST DEPLOYED Sun Sep 15 081114 2019NAMESPACE stock-trader-dataSTATUS DEPLOYEDRESOURCES==gt v1SecretNAME TYPE DATA AGEdb2-01-ibm-db2oltp-dev Opaque 1 1s==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
db2-01-data-stor Bound vol12 20Gi RWO 1s
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
db2-01-ibm-db2oltp-dev-db2 NodePort 100050 ltnonegt 5000030463TCP5500032236TCP 1sdb2-01-ibm-db2oltp-dev ClusterIP None ltnonegt 50000TCP55000TCP60006TCP60007TCP 1s==gt v1StatefulSetNAME DESIRED CURRENT AGE
db2-01-ibm-db2oltp-dev 1 1 1s
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdb2-01-ibm-db2oltp-dev-0 01 Init01 0 1s 1 Pod runs
the Db2
container
2 Services for
Db2 1x external
1x internal
1 StatefulSet
DESIRED = 1
1 PVC (RWO) for db
files logs amp config
1 Secret
Db2 instance
owner password
IBM Cloud48
Helm install command for deploying Db2 OLTP HADR
Setting up a Db2 OLTP v111 HADR cluster pair in 5 minutes with 1 command
helm install --name db2-02 ibm-chartsibm-db2oltp-dev
--tls
--set db2instinstname=db2inst1
--set db2instpassword=passw0rd
--set optionsdatabaseName=HADB
--set dataVolumesize=20Gi--set hadrenabled=true
Additional parameter
hadrenabled set to true to
indicate that we want a
HADR setup
IBM Cloud49
Verify that Db2 HADR is working
IBM Cloud50
Kubernetes resources for Db2 OTLP HADRNAME db2-02LAST DEPLOYED Tue Sep 17 082433 2019NAMESPACE stock-trader-dataSTATUS DEPLOYEDRESOURCES==gt v1SecretNAME TYPE DATA AGEdb2-02-ibm-db2oltp-dev Opaque 1 1s==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
db2-02-hadr-stor Bound vol09 20Gi RWX 1s
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
db2-02-ibm-db2oltp-dev-db2 NodePort 100061 ltnonegt 5000032422TCP5500032181TCP 1sdb2-02-ibm-db2oltp-dev ClusterIP None ltnonegt 50000TCP55000TCP60006TCP60007TCP 1sdb2-02-ibm-db2oltp-dev-etcd ClusterIP None ltnonegt 2380TCP2379TCP 1s==gt v1StatefulSetNAME DESIRED CURRENT AGE
db2-02-ibm-db2oltp-dev 2 2 1s
==gt v1beta2StatefulSet
db2-02-ibm-db2oltp-dev-etcd 3 0 1s
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdb2-02-ibm-db2oltp-dev-0 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-1 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-etcd-0 01 ContainerCreating 0 1sdb2-02-ibm-db2oltp-dev-etcd-1 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-etcd-2 01 Pending 0 1s
5 Pods
2x Db2 3x etcd
3 Services
2x Db2 1x etcd
2 StatefulSets
Db2 DESIRED=2
etcd DESIRED=3
1 PVC (RWX)
for HADR setup (1)
1 Secret
Db2 instance
owner password
(1) 5 addntl PVCs are being created
implicitly for 2x Db2 and 3x etcd
IBM Cloud51
Kubernetes Job to deploy SQL $ cat single04yamlapiVersion batchv1kind Jobmetadata
name db2-01-create-database-schemaspec
templatespec
containers- name db2-01-create-database-schema
image storeibmcorpdb2_developer_c11144-x86_64command [ binsh-cscriptsdb2-setupsh ]volumeMounts- name db2-createschema
mountPath scriptssecurityContext
capabilitiesadd [SYS_RESOURCE IPC_OWNER SYS_NICE]
env- name LICENSE
value accept- name DB2INSTANCE
value db2inst1- name DB2INST1_PASSWORD
valueFromsecretKeyRef
name db2-01-ibm-db2oltp-devkey password
- name DB2_SERVICE_NAMEvalue db2-01-ibm-db2oltp-dev
- name DBNAMEvalue mydb
restartPolicy Nevervolumes- name db2-createschema
configMapname db2-createschemadefaultMode 0744
backoffLimit 1---apiVersion v1data
db2-setupsh |binshexport SETUPDIR=vardb2_setupsource $SETUPDIRincludedb2_constantssource $SETUPDIRincludedb2_common_functionsif getent passwd $DB2INSTANCE gt devnull 2gtamp1 then
echo () Previous setup has not been detected Creating create_users
fiif create_instance then
exit 1fistart_db2cp scriptsdb2-createschemash databasedb2-createschemashchmod +x databasedb2-createschemashsu - $DB2INSTANCE -c databasedb2-createschemash
$DB2_SERVICE_NAME $DB2INSTANCEldquo$DB2INST1_PASSWORD $DBNAME
IBM Cloud52
Kubernetes Job to deploy SQL (contrsquod)db2-createschemash |
binshDB2_SERVICE_NAME=$1DB2INSTANCE=$2DB2INST1_PASSWORD=$3DBNAME=$4echo Configure schema for database $DBNAME on host $DB2_SERVICE_NAMEdb2 catalog tcpip node DB2NODE remote $DB2_SERVICE_NAME server 50000db2 catalog db $DBNAME as $DBNAME at node DB2NODEdb2 terminatedb2 activate database $DBNAME user $DB2INSTANCE using $DB2INST1_PASSWORDdb2 connect to $DBNAME user $DB2INSTANCE using $DB2INST1_PASSWORDsleep 2db2 -tvmf scriptsps-bp-tbspsqlsleep 10db2 -tvmf scriptsps-tablessqlecho Database $DBNAME has been configured
ps-bp-tbspsql |CREATE BUFFERPOOL BP32K PAGESIZE 32KCREATE TABLESPACE TS32 PAGESIZE 32K BUFFERPOOL BP32K
ps-tablessql |CREATE TABLE PS_TABLE(PS_TABLE_ID INTEGER NOT NULL GENERATED ALWAYS AS IDENTITY (START WITH 100000 INCREMENT BY 5) [hellip] IN TS32INSERT INTO PS_TABLE (SSNFIRST_NAMELAST_NAMEJOB_CODEDEPTSALARYDOB) WITH TEMP1 [hellip] CREATE TABLE PS_HISTORY ( FIRSTNAME VARCHAR(20) NOT NULL LASTNAME VARCHAR(20) NOT NULL JOBCODE CHAR(4) NOT NULL ) IN TS32 GRANT ALL ON ps_table TO PUBLICGRANT ALL ON ps_history TO PUBLIC
kind ConfigMapmetadata
name db2-createschema
IBM Cloud53
Deploying the Job to run the SQL
We deploy the Kubernetes job that runs the SQL on the MYDB database
$ kubectl apply ndashf single04yaml
jobbatchdb2-01-create-database-schema created
configmapdb2-createschema configured
We verify that the job has been created
$ kubectl get jobs
NAME COMPLETIONS DURATION AGE
db2-01-create-database-schema 01 0s 0s
Eventually the job completes
$ kubectl get jobs
NAME COMPLETIONS DURATION AGE
db2-01-create-database-schema 11 109s 45m
IBM Cloud54
Verifying the logs from the Job that runs the SQL on MYDBWe run a script to retrieve the logs form the job
binbash
kubectl config set-context $(kubectl config current-context) --namespace=stock-trader-data
pod=$(kubectl get pods --selector=job-name=db2-01-create-database-schema --output=jsonpath=items[]metadataname)
kubectl logs -f $pod
Output
[hellip]
DB20000I The SQL command completed successfully
GRANT ALL ON ps_table TO PUBLIC
DB20000I The SQL command completed successfully
GRANT ALL ON ps_history TO PUBLIC
DB20000I The SQL command completed successfully
Database mydb has been configured
IBM Cloud55
Deploying Data Server Manager (DSM) with the GUI
IBM Cloud56
Deploying Data Server Manager (DSM) with the GUI (2)
IBM Cloud57
Getting the URL of Data Server Manager
We need to query Kubernetes for the URL of the DSM GUI
binbash
export NODE_PORT=$(kubectl get --namespace stock-trader-data -o jsonpath=spec
ports[1]nodePort services dsm-01-ibm-dsm-dev)
export NODE_IP=$(kubectl get nodes --namespace stock-trader-data -o jsonpath=
items[0]statusaddresses[0]address)
echo https$NODE_IP$NODE_PORT
=gt https1921682710030462 (can be different on your system)
IBM Cloud58
Accessing Data Server Manager
IBM Cloud59
Data Server Manager HomepageAll Db2 OLTP instances running in the
same namespace as DSM will be auto-
discovered and monitored by DSM
IBM Cloud60
DSM Kubernetes resources (12)$ helm status dsm-01 --tlsLAST DEPLOYED Mon Sep 16 120102 2019NAMESPACE stock-trader-dataSTATUS DEPLOYED
RESOURCES==gt v1RoleBindingNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGEdsm-01-repository NodePort 1000233 ltnonegt 5000032695TCP5500032203TCP 8mdsm-01-ibm-dsm-dev NodePort 100085 ltnonegt 1108032444TCP1108130462TCP 8m
==gt v1beta1DeploymentNAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGEdsm-01-repository 1 1 1 1 8mdsm-01-ibm-dsm-dev 1 1 1 1 8m
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdsm-01-repository-76f87d47d4-dlqh4 11 Running 0 8mdsm-01-ibm-dsm-dev-b976d89bd-dflqn 22 Running 0 8m
2 RoleBindings
2 Services
1x Db2 (repodb)
1x DSM
2 Deployments
2 Pods
1 Db2 1 DSM
IBM Cloud61
DSM Kubernetes resources (22)
[hellip]==gt v1SecretNAME TYPE DATA AGEdsm-01-repository-db2-passwd Opaque 1 8mdsm-01-ibm-dsm-dev-dsm-passwd Opaque 1 8m
==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGEdsm-01-repository-data-stor Bound vol14 20Gi RWO 8mdsm-01-ibm-dsm-dev-datavolume Bound vol12 20Gi RWO 8m
==gt v1ServiceAccountNAME SECRETS AGEdsm-repodb-dsm-01-repository 1 8mdsm-dsm-01-ibm-dsm-dev 1 8m
==gt v1RoleNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
2 Secrets 1 DSM
asmin 1 Db2
instance owner
2 PVCs 1 DSM
Db2
3 Roles
IBM Cloud62
Additional Resources
IBM Cloud63
Additional Resources ndash Kubernetes Docker Helm
Kubernetes
minus httpskubernetesiodocstutorialskubernetes-basics
Kubernetes in the Enterprise eBook
minus ibmbizBdYA4i
Docker
minus httpsdocsdockercomget-started
Docker Hub
minus httpshubdockercom
Helm
minus httpshelmshdocs
IBM Cloud64
Additional Resources ndash IBM Cloud Private OpenShift
IBM Cloud Private Documentation
minus httpswwwibmcomsupportknowledgecenterenSSBS6K_320kc_welcome_containershtml
Deploy IBM Cloud Private Community Edition using Vagrant
minus httpsgithubcomIBMdeploy-ibm-cloud-privateblobmasterdocsdeploy-vagrantmd
Red Hat OpenShift Container Platform Documentation
minus httpsdocsopenshiftcomcontainer-platform41welcomeindexhtml
IBM Cloud65
Additional Resources ndash Db2 Db2Wh DSMDb2 Integration into IBM Cloud Private
minus httpsdeveloperibmcomrecipestutorialsdb2-integration-into-ibm-cloud-private
Db2 on IBM Cloud Private with Red Hat OpenShift
minus httpsdeveloperibmcomrecipestutorialsibm-db2-on-ibm-cloud-private-with-redhat-openshift
IBM Db2 Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-db2oltp-dev
IBM Data Server Manager Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-dsm-dev
Deploying Db2 Warehouse SMP using Kubernetes
minus httpswwwibmcomsupportknowledgecenterenSSCJDQcomibmswgimdashdbdocadmindeploy_kubernetes_smphtml
Deploying Db2 Warehouse SMP and MPP on IBM Cloud Pak for Data
minus httpswwwibmcomsupportknowledgecenterenSSQNUZ_210comibmicpdatadoczenadmindb-reqshtmldb-reqs__db2warehouse
IBM Cloud66
Presentation on Db2 and Docker from Db2 Aktuell 2018
IBM Cloud67
Summary
IBM Cloud68
Summary
Micro Services and Containers
Kubernetes Basics
Deploying Db2 on Kubernetes
minus Db2 OLTP Single Server
minus Db2 OLTP HADR
minus Data Server Manager (DSM)
Additional Resources
Summary
IBM Cloud69
Claus Huempel IBM Deutschland GmbH
Karl-Arnold-Platz 1a
Technical Sales Professional 40474 Duesseldorf
Hybrid Data Management Germany
Mobile +49-177-3627278
Email chuempeldeibmcom
Thank You
IBM Cloud70
IBM Cloud25
Kubernetes Network - Services
Without services Pods are not visible outside the cluster
To enable communication from outside world to the Pods services are created
Internal Service Endpoints ndash Available inside the cluster only
External Service Endpoints - DNS names C-Names or A-records available to access pods
With the help of labels and selectors the services are tied to the pods
Service Types
minus ClusterIP ndash Service is reachable only from inside of the cluster
minus NodePort ndash Service is reachable through NodeIPNodePort
minus LoadBalancer ndash Service is reachable through an external load balancer mapped to NodeIPNodePort address
IBM Cloud26
Kubernetes Storage ndash Volume types
Host-based
minus EmptyDir
minus HostPath
Block Storage
minus IBM Block Storage
minus Amazon EBS
minus GCE Persistent Disk
minus vSphere Volumes
Distributed File System
minus IBM Spectrum Scale
minus NFS
minus Ceph
minus GlusterFS
minus Amazon EFS
minus Azure File System
Other
minus Flocker
minus iSCSI
minus Git Repository
minus Quobyte
IBM Cloud27
Kubernetes Storage ndash Persistence in Pods
Pods are ephemeral and stateless
Applications need persistent storage
Volumes is a way to get persistence to a Pod
Kubernetes volumes are similar to Docker volumes but are managed differently
All containers in a Pod can access the volume
Volumes are associated with the lifecycle of a Pod
Directories in a host are exposed as volumes in Pod
Volumes may be based on a variety of back-end storage types
IBM Cloud28
Kubernetes StoragePersistent volume and persistent volume claim
The Kubernetes Volume abstraction provides
minusPersistent Volume (PV) ndash Provisioned by an administrator
minusPersistent Volume Claim (PVC) ndash Requested by an user and Heketi provisions PVC ndash which creates a PV
minus Storage Class (SC) ndash Storage profiles offered by admins
Persistent
Volume
Block Storage Distributed File System IBM
Spectrum Scale
Worker Node
Pod 1 Pod 1
Persistent
Volume
Claim
IBM Cloud29
Kubernetes SecretsDecouple container with sensitive information
Secret holds sensitive information such as password OAuth tokens and more
Secret is an abstraction to decouple sensitive data
To use a secret Pod needs to reference the secret
Secret can be used in a Pod as files in a volume mounted on one or more containers or used by kubelet when pulling images for the Pod
$ kubectl -n stocktrader
create secret generic db2
--from-literal=id=db2psc
--from-literal=pwd=password
--from-literal=host=dev-ibm-db2oltp-devdefaultsvcclusterlocal
--from-literal=port=50000
--from-literal=db=PSDB
IBM Cloud30
IBM Cloud Private catalog ndash Helm Charts
Db2 chart
DSM chart
IBM Cloud31
IBM Cloud Private catalog ndash What is a Helm Chart
Helm is the package manager in IBM Cloud Private
Tiller is the server that serves the Helm content
Helm charts help to define install and upgrade software in an automated fashion
Helm charts can be deployed using GUI or command line
Software packages are available from IBM Charts Repository
Available at httpsgithubcomIBMcharts
IBM Cloud Private catalog requires internet connectivity to show available charts
In an air-gap environment you can build your own Local Charts repository
IBM Cloud32
IBM Charts Repository httpsgithubcomIBMchartstreemasterstable
Db2 chart
DSM chart
IBM Cloud33
Helm command line ndash Helm and Tiller
Helm is the client and Tiller is the server ndash runs on master node
$ helm version
Client v272+icp
Error cannot connect to Tiller
Use of --tls is required to do Helm operations
$ helm version --tls
Client v272+icp
Server v272+icp
Helm and Tiller version must be same ndash do not download Helm from Internet
IBM Cloud34
Deploying Db2 on Kubernetes
IBM Cloud35
Db2-based Containers running on Kubernetes (Sep 2019)Product Version Worker
Nodes
Pods PVCs Comments
Db2 OLTP 11144 1 1 1
Db2 OLTP HADR 11144 3 5 6 1x Db2 primary 1x Db2 standby 3x etcd for cluster
manager addntl PVC for HADR setup
Data Server
Manager
215 1 2 2 1x DSM 1x Db2 repository database
Includes Db2 111 engine
Db2 Warehouse
SMP
3100 1 1 1 Includes Db2 111 engine
Db2 Warehouse
MPP
3100 3+ 3+ 1 Includes Db2 111 engine
Requires IBM Cloud Pak for Data
Coming soon
minus Red Hat OpenShift Kubernetes support
minus Db2 v115 engine
IBM Cloud36
IBM Cloud Private Kubernetes platform
IBM Cloud37
Before deploying Db2 OLTP to Kubernetes a couple of stepsneed to be performed
Creating a new namespace (optional)
Configuring a pod security policy
Configuring an image pull secret
Configuring the service account
IBM Cloud38
Creating the Namespace for the Db2 OLTP containers
We will create new namespace where all our Pods for Db2 OLTP Db2 OLTP HADR and Data Server Manager will run
Create the namespace for example stock-trader-data
$ kubectl create namespace stock-trader-data
namespacestock-trader-data created
Switch the context to the newly created namespace
$ kubectl config set-context $(kubectl config current-context)
--namespace=stock-trader-data
Context mycluster-context modified
Verify pods There should be no pods running as we just created the namespace$ kubectl get podsNo resources found
IBM Cloud39
Configuring Pod Security Policy for Db2$ cat pre01yamlapiVersion extensionsv1beta1kind PodSecurityPolicymetadata
name db2-privilegesspec
allowPrivilegeEscalation trueprivileged falseallowedCapabilities- SETPCAP- MKNOD- AUDIT_WRITE- CHOWN- NET_RAW- DAC_OVERRIDE- FOWNER- FSETID- KILL- SETGID- SETUID- NET_BIND_SERVICE- SYS_CHROOT- SETFCAP- SYS_RESOURCE- IPC_OWNER- SYS_NICEfsGroup
rule RunAsAnyhostIPC true
hostNetwork falsehostPID falsehostPorts- max 65535
min 1runAsUser
rule RunAsAnyseLinux
rule RunAsAnysupplementalGroups
rule RunAsAnyvolumes-
Configure the pod security policy$ kubectl apply -f pre01yamlpodsecuritypolicyextensionsdb2-privileges configured
Verify the results$ kubectl get psp
db2-privileges false SETPCAPMKNODAUDIT_WRITECHOWNNET_RAWDAC_OVERRIDEFOWNERFSETIDKILLSETGIDSETUIDNET_BIND_SERVICESYS_CHROOTSETFCAPSYS_RESOURCEIPC_OWNERSYS_NICE RunAsAny RunAsAny RunAsAny RunAsAnyfalse
IBM Cloud40
Configuring Image Pull Secret for Db2
We need to create a image pull secret to give Kubernetes the credentials to pull the Db2 Developer-C and DSM images from Docker Hub
The username password and email are the credentials form Docker Hub
Note that you need to subscribe the Db2 and DSM images in Docker Hub first
Configure the image pull secret$ kubectl create secret docker-registry dockerhub
--docker-username=ltyour dockerhub usernamegt--docker-password=ltyour dockerhub passwordgt--docker-email=ltyour dockerhub emailgt--namespace=ltyour namespacegt
secretdockerhub created
Verify the result$ kubectl get secretsNAME TYPE DATA AGEdefault-token-mwvpl kubernetesioservice-account-token 3 17ddockerhub kubernetesiodockerconfigjson 1 13m
IBM Cloud41
Configuring Service Account for Db2$ more pre04yaml---kind ClusterRoleapiVersion rbacauthorizationk8siov1metadataname db2-privileges-cluster-role
rules- apiGroups [extensions]resources [podsecuritypolicies]verbs [use]resourceNames- db2-privileges
---kind ClusterRoleBindingapiVersion rbacauthorizationk8siov1metadataname db2-privileges-cluster-role-binding
roleRefkind ClusterRolename db2-privileges-cluster-roleapiGroup rbacauthorizationk8sio
subjects- kind ServiceAccountname defaultnamespace stock-trader-data
The YAML specification file that defines the cluster role and the cluster role binding for the service account
Configure the service account$ kubectl apply -f pre04yamlclusterrolerbacauthorizationk8siodb2-privileges-cluster-role createdclusterrolebindingrbacauthorizationk8siodb2-privileges-cluster-role-binding created
Verify the results$ kubectl get psp
db2-privileges false SETPCAPMKNODAUDIT_WRITECHOWNNET_RAWDAC_OVERRIDEFOWNERFSETIDKILLSETGIDSETUIDNET_BIND_SERVICESYS_CHROOTSETFCAPSYS_RESOURCEIPC_OWNERSYS_NICE RunAsAny RunAsAny RunAsAnyRunAsAny false
IBM Cloud42
Helm Charts for Db2 and DSM
IBM Cloud43
Helm install command to deploy Db2 OLTP on Kubernetes
Installing Db2 OLTP server with one database in 2 minutes
$ helm install --name db2-01 ibm-chartsibm-db2oltp-dev
--tls
--set db2instinstname=db2inst1
--set db2instpassword=passw0rd
--set optionsdatabaseName=MYDB
--set dataVolumesize=20Gi
Size of the
Db2 data
volume
Name of database that
will be created
If not specified no
database will be
created
Instance
owner name
Instance owner
password
Db2 OLTP
Helm chart
name
Helm release
name
different for each
deployment
Additional parameters available for example to enable Oracle compatibilitySee httpsgithubcomIBMchartstreemasterstableibm-db2oltp-dev
IBM Cloud44
Letrsquos verify if we can connect to the MYDB database (1)
Get list of running pods and verify that Db2 OLTP pod is running
$ kubectl get podsNAME READY STATUS RESTARTS AGEdb2-01-ibm-db2oltp-dev-0 11 Running 1 7h57m
Review the logs of the Db2 OLTP container
$ kubectl logs -f db2-01-ibm-db2oltp-dev-009152019 160430 0 0 SQL1063N DB2START processing was successfulSQL1063N DB2START processing was successful() Starting TEXT SEARCH service CIE00001 Operation completed successfullyssh-keygen generating new host keys RSA1 RSA DSA ECDSA ED25519() All databases are now active() Setup has completed
IBM Cloud45
Letrsquos verify if we can connect to the MYDB database (2)
Login to the Db2 OLTP container and connect to MYDB Db2 database
$ kubectl exec -it db2-01-ibm-db2oltp-dev-0 --binbash su - db2inst1Last login Sun Sep 15 161711 UTC 2019$ db2 connect to MYDB
Database Connection Information
Database server = DB2LINUXX8664 11144SQL authorization ID = DB2INST1Local database alias = MYDB
IBM Cloud46
Cataloging the MYDB database
We need to catalog the MYDB database to access from Db2 client
binbash
NODE_PORT=$(kubectl get --namespace stock-trader-data
-o jsonpath=specports[0]nodePort services db2-01-ibm-db2oltp-dev-db2)
echo Cataloging node db2tcp1
db2 -v uncatalog node DB2TCP1
db2 -v catalog tcpip node DB2TCP1 remote 19216827100 server $NODE_PORT
echo Cataloging database MYDB at node db2tcp1
db2 -v uncatalog database MYDB
db2 -v catalog database MYDB at node DB2TCP1
db2 terminate
We get the Db2 port
from the Db2 OLTP
helm release service
definition
IBM Cloud47
Kubernetes resources for Db2 OLTP$ helm status db2-01 --tlsNAME db2-01LAST DEPLOYED Sun Sep 15 081114 2019NAMESPACE stock-trader-dataSTATUS DEPLOYEDRESOURCES==gt v1SecretNAME TYPE DATA AGEdb2-01-ibm-db2oltp-dev Opaque 1 1s==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
db2-01-data-stor Bound vol12 20Gi RWO 1s
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
db2-01-ibm-db2oltp-dev-db2 NodePort 100050 ltnonegt 5000030463TCP5500032236TCP 1sdb2-01-ibm-db2oltp-dev ClusterIP None ltnonegt 50000TCP55000TCP60006TCP60007TCP 1s==gt v1StatefulSetNAME DESIRED CURRENT AGE
db2-01-ibm-db2oltp-dev 1 1 1s
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdb2-01-ibm-db2oltp-dev-0 01 Init01 0 1s 1 Pod runs
the Db2
container
2 Services for
Db2 1x external
1x internal
1 StatefulSet
DESIRED = 1
1 PVC (RWO) for db
files logs amp config
1 Secret
Db2 instance
owner password
IBM Cloud48
Helm install command for deploying Db2 OLTP HADR
Setting up a Db2 OLTP v111 HADR cluster pair in 5 minutes with 1 command
helm install --name db2-02 ibm-chartsibm-db2oltp-dev
--tls
--set db2instinstname=db2inst1
--set db2instpassword=passw0rd
--set optionsdatabaseName=HADB
--set dataVolumesize=20Gi--set hadrenabled=true
Additional parameter
hadrenabled set to true to
indicate that we want a
HADR setup
IBM Cloud49
Verify that Db2 HADR is working
IBM Cloud50
Kubernetes resources for Db2 OTLP HADRNAME db2-02LAST DEPLOYED Tue Sep 17 082433 2019NAMESPACE stock-trader-dataSTATUS DEPLOYEDRESOURCES==gt v1SecretNAME TYPE DATA AGEdb2-02-ibm-db2oltp-dev Opaque 1 1s==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
db2-02-hadr-stor Bound vol09 20Gi RWX 1s
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
db2-02-ibm-db2oltp-dev-db2 NodePort 100061 ltnonegt 5000032422TCP5500032181TCP 1sdb2-02-ibm-db2oltp-dev ClusterIP None ltnonegt 50000TCP55000TCP60006TCP60007TCP 1sdb2-02-ibm-db2oltp-dev-etcd ClusterIP None ltnonegt 2380TCP2379TCP 1s==gt v1StatefulSetNAME DESIRED CURRENT AGE
db2-02-ibm-db2oltp-dev 2 2 1s
==gt v1beta2StatefulSet
db2-02-ibm-db2oltp-dev-etcd 3 0 1s
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdb2-02-ibm-db2oltp-dev-0 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-1 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-etcd-0 01 ContainerCreating 0 1sdb2-02-ibm-db2oltp-dev-etcd-1 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-etcd-2 01 Pending 0 1s
5 Pods
2x Db2 3x etcd
3 Services
2x Db2 1x etcd
2 StatefulSets
Db2 DESIRED=2
etcd DESIRED=3
1 PVC (RWX)
for HADR setup (1)
1 Secret
Db2 instance
owner password
(1) 5 addntl PVCs are being created
implicitly for 2x Db2 and 3x etcd
IBM Cloud51
Kubernetes Job to deploy SQL $ cat single04yamlapiVersion batchv1kind Jobmetadata
name db2-01-create-database-schemaspec
templatespec
containers- name db2-01-create-database-schema
image storeibmcorpdb2_developer_c11144-x86_64command [ binsh-cscriptsdb2-setupsh ]volumeMounts- name db2-createschema
mountPath scriptssecurityContext
capabilitiesadd [SYS_RESOURCE IPC_OWNER SYS_NICE]
env- name LICENSE
value accept- name DB2INSTANCE
value db2inst1- name DB2INST1_PASSWORD
valueFromsecretKeyRef
name db2-01-ibm-db2oltp-devkey password
- name DB2_SERVICE_NAMEvalue db2-01-ibm-db2oltp-dev
- name DBNAMEvalue mydb
restartPolicy Nevervolumes- name db2-createschema
configMapname db2-createschemadefaultMode 0744
backoffLimit 1---apiVersion v1data
db2-setupsh |binshexport SETUPDIR=vardb2_setupsource $SETUPDIRincludedb2_constantssource $SETUPDIRincludedb2_common_functionsif getent passwd $DB2INSTANCE gt devnull 2gtamp1 then
echo () Previous setup has not been detected Creating create_users
fiif create_instance then
exit 1fistart_db2cp scriptsdb2-createschemash databasedb2-createschemashchmod +x databasedb2-createschemashsu - $DB2INSTANCE -c databasedb2-createschemash
$DB2_SERVICE_NAME $DB2INSTANCEldquo$DB2INST1_PASSWORD $DBNAME
IBM Cloud52
Kubernetes Job to deploy SQL (contrsquod)db2-createschemash |
binshDB2_SERVICE_NAME=$1DB2INSTANCE=$2DB2INST1_PASSWORD=$3DBNAME=$4echo Configure schema for database $DBNAME on host $DB2_SERVICE_NAMEdb2 catalog tcpip node DB2NODE remote $DB2_SERVICE_NAME server 50000db2 catalog db $DBNAME as $DBNAME at node DB2NODEdb2 terminatedb2 activate database $DBNAME user $DB2INSTANCE using $DB2INST1_PASSWORDdb2 connect to $DBNAME user $DB2INSTANCE using $DB2INST1_PASSWORDsleep 2db2 -tvmf scriptsps-bp-tbspsqlsleep 10db2 -tvmf scriptsps-tablessqlecho Database $DBNAME has been configured
ps-bp-tbspsql |CREATE BUFFERPOOL BP32K PAGESIZE 32KCREATE TABLESPACE TS32 PAGESIZE 32K BUFFERPOOL BP32K
ps-tablessql |CREATE TABLE PS_TABLE(PS_TABLE_ID INTEGER NOT NULL GENERATED ALWAYS AS IDENTITY (START WITH 100000 INCREMENT BY 5) [hellip] IN TS32INSERT INTO PS_TABLE (SSNFIRST_NAMELAST_NAMEJOB_CODEDEPTSALARYDOB) WITH TEMP1 [hellip] CREATE TABLE PS_HISTORY ( FIRSTNAME VARCHAR(20) NOT NULL LASTNAME VARCHAR(20) NOT NULL JOBCODE CHAR(4) NOT NULL ) IN TS32 GRANT ALL ON ps_table TO PUBLICGRANT ALL ON ps_history TO PUBLIC
kind ConfigMapmetadata
name db2-createschema
IBM Cloud53
Deploying the Job to run the SQL
We deploy the Kubernetes job that runs the SQL on the MYDB database
$ kubectl apply ndashf single04yaml
jobbatchdb2-01-create-database-schema created
configmapdb2-createschema configured
We verify that the job has been created
$ kubectl get jobs
NAME COMPLETIONS DURATION AGE
db2-01-create-database-schema 01 0s 0s
Eventually the job completes
$ kubectl get jobs
NAME COMPLETIONS DURATION AGE
db2-01-create-database-schema 11 109s 45m
IBM Cloud54
Verifying the logs from the Job that runs the SQL on MYDBWe run a script to retrieve the logs form the job
binbash
kubectl config set-context $(kubectl config current-context) --namespace=stock-trader-data
pod=$(kubectl get pods --selector=job-name=db2-01-create-database-schema --output=jsonpath=items[]metadataname)
kubectl logs -f $pod
Output
[hellip]
DB20000I The SQL command completed successfully
GRANT ALL ON ps_table TO PUBLIC
DB20000I The SQL command completed successfully
GRANT ALL ON ps_history TO PUBLIC
DB20000I The SQL command completed successfully
Database mydb has been configured
IBM Cloud55
Deploying Data Server Manager (DSM) with the GUI
IBM Cloud56
Deploying Data Server Manager (DSM) with the GUI (2)
IBM Cloud57
Getting the URL of Data Server Manager
We need to query Kubernetes for the URL of the DSM GUI
binbash
export NODE_PORT=$(kubectl get --namespace stock-trader-data -o jsonpath=spec
ports[1]nodePort services dsm-01-ibm-dsm-dev)
export NODE_IP=$(kubectl get nodes --namespace stock-trader-data -o jsonpath=
items[0]statusaddresses[0]address)
echo https$NODE_IP$NODE_PORT
=gt https1921682710030462 (can be different on your system)
IBM Cloud58
Accessing Data Server Manager
IBM Cloud59
Data Server Manager HomepageAll Db2 OLTP instances running in the
same namespace as DSM will be auto-
discovered and monitored by DSM
IBM Cloud60
DSM Kubernetes resources (12)$ helm status dsm-01 --tlsLAST DEPLOYED Mon Sep 16 120102 2019NAMESPACE stock-trader-dataSTATUS DEPLOYED
RESOURCES==gt v1RoleBindingNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGEdsm-01-repository NodePort 1000233 ltnonegt 5000032695TCP5500032203TCP 8mdsm-01-ibm-dsm-dev NodePort 100085 ltnonegt 1108032444TCP1108130462TCP 8m
==gt v1beta1DeploymentNAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGEdsm-01-repository 1 1 1 1 8mdsm-01-ibm-dsm-dev 1 1 1 1 8m
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdsm-01-repository-76f87d47d4-dlqh4 11 Running 0 8mdsm-01-ibm-dsm-dev-b976d89bd-dflqn 22 Running 0 8m
2 RoleBindings
2 Services
1x Db2 (repodb)
1x DSM
2 Deployments
2 Pods
1 Db2 1 DSM
IBM Cloud61
DSM Kubernetes resources (22)
[hellip]==gt v1SecretNAME TYPE DATA AGEdsm-01-repository-db2-passwd Opaque 1 8mdsm-01-ibm-dsm-dev-dsm-passwd Opaque 1 8m
==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGEdsm-01-repository-data-stor Bound vol14 20Gi RWO 8mdsm-01-ibm-dsm-dev-datavolume Bound vol12 20Gi RWO 8m
==gt v1ServiceAccountNAME SECRETS AGEdsm-repodb-dsm-01-repository 1 8mdsm-dsm-01-ibm-dsm-dev 1 8m
==gt v1RoleNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
2 Secrets 1 DSM
asmin 1 Db2
instance owner
2 PVCs 1 DSM
Db2
3 Roles
IBM Cloud62
Additional Resources
IBM Cloud63
Additional Resources ndash Kubernetes Docker Helm
Kubernetes
minus httpskubernetesiodocstutorialskubernetes-basics
Kubernetes in the Enterprise eBook
minus ibmbizBdYA4i
Docker
minus httpsdocsdockercomget-started
Docker Hub
minus httpshubdockercom
Helm
minus httpshelmshdocs
IBM Cloud64
Additional Resources ndash IBM Cloud Private OpenShift
IBM Cloud Private Documentation
minus httpswwwibmcomsupportknowledgecenterenSSBS6K_320kc_welcome_containershtml
Deploy IBM Cloud Private Community Edition using Vagrant
minus httpsgithubcomIBMdeploy-ibm-cloud-privateblobmasterdocsdeploy-vagrantmd
Red Hat OpenShift Container Platform Documentation
minus httpsdocsopenshiftcomcontainer-platform41welcomeindexhtml
IBM Cloud65
Additional Resources ndash Db2 Db2Wh DSMDb2 Integration into IBM Cloud Private
minus httpsdeveloperibmcomrecipestutorialsdb2-integration-into-ibm-cloud-private
Db2 on IBM Cloud Private with Red Hat OpenShift
minus httpsdeveloperibmcomrecipestutorialsibm-db2-on-ibm-cloud-private-with-redhat-openshift
IBM Db2 Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-db2oltp-dev
IBM Data Server Manager Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-dsm-dev
Deploying Db2 Warehouse SMP using Kubernetes
minus httpswwwibmcomsupportknowledgecenterenSSCJDQcomibmswgimdashdbdocadmindeploy_kubernetes_smphtml
Deploying Db2 Warehouse SMP and MPP on IBM Cloud Pak for Data
minus httpswwwibmcomsupportknowledgecenterenSSQNUZ_210comibmicpdatadoczenadmindb-reqshtmldb-reqs__db2warehouse
IBM Cloud66
Presentation on Db2 and Docker from Db2 Aktuell 2018
IBM Cloud67
Summary
IBM Cloud68
Summary
Micro Services and Containers
Kubernetes Basics
Deploying Db2 on Kubernetes
minus Db2 OLTP Single Server
minus Db2 OLTP HADR
minus Data Server Manager (DSM)
Additional Resources
Summary
IBM Cloud69
Claus Huempel IBM Deutschland GmbH
Karl-Arnold-Platz 1a
Technical Sales Professional 40474 Duesseldorf
Hybrid Data Management Germany
Mobile +49-177-3627278
Email chuempeldeibmcom
Thank You
IBM Cloud70
IBM Cloud26
Kubernetes Storage ndash Volume types
Host-based
minus EmptyDir
minus HostPath
Block Storage
minus IBM Block Storage
minus Amazon EBS
minus GCE Persistent Disk
minus vSphere Volumes
Distributed File System
minus IBM Spectrum Scale
minus NFS
minus Ceph
minus GlusterFS
minus Amazon EFS
minus Azure File System
Other
minus Flocker
minus iSCSI
minus Git Repository
minus Quobyte
IBM Cloud27
Kubernetes Storage ndash Persistence in Pods
Pods are ephemeral and stateless
Applications need persistent storage
Volumes is a way to get persistence to a Pod
Kubernetes volumes are similar to Docker volumes but are managed differently
All containers in a Pod can access the volume
Volumes are associated with the lifecycle of a Pod
Directories in a host are exposed as volumes in Pod
Volumes may be based on a variety of back-end storage types
IBM Cloud28
Kubernetes StoragePersistent volume and persistent volume claim
The Kubernetes Volume abstraction provides
minusPersistent Volume (PV) ndash Provisioned by an administrator
minusPersistent Volume Claim (PVC) ndash Requested by an user and Heketi provisions PVC ndash which creates a PV
minus Storage Class (SC) ndash Storage profiles offered by admins
Persistent
Volume
Block Storage Distributed File System IBM
Spectrum Scale
Worker Node
Pod 1 Pod 1
Persistent
Volume
Claim
IBM Cloud29
Kubernetes SecretsDecouple container with sensitive information
Secret holds sensitive information such as password OAuth tokens and more
Secret is an abstraction to decouple sensitive data
To use a secret Pod needs to reference the secret
Secret can be used in a Pod as files in a volume mounted on one or more containers or used by kubelet when pulling images for the Pod
$ kubectl -n stocktrader
create secret generic db2
--from-literal=id=db2psc
--from-literal=pwd=password
--from-literal=host=dev-ibm-db2oltp-devdefaultsvcclusterlocal
--from-literal=port=50000
--from-literal=db=PSDB
IBM Cloud30
IBM Cloud Private catalog ndash Helm Charts
Db2 chart
DSM chart
IBM Cloud31
IBM Cloud Private catalog ndash What is a Helm Chart
Helm is the package manager in IBM Cloud Private
Tiller is the server that serves the Helm content
Helm charts help to define install and upgrade software in an automated fashion
Helm charts can be deployed using GUI or command line
Software packages are available from IBM Charts Repository
Available at httpsgithubcomIBMcharts
IBM Cloud Private catalog requires internet connectivity to show available charts
In an air-gap environment you can build your own Local Charts repository
IBM Cloud32
IBM Charts Repository httpsgithubcomIBMchartstreemasterstable
Db2 chart
DSM chart
IBM Cloud33
Helm command line ndash Helm and Tiller
Helm is the client and Tiller is the server ndash runs on master node
$ helm version
Client v272+icp
Error cannot connect to Tiller
Use of --tls is required to do Helm operations
$ helm version --tls
Client v272+icp
Server v272+icp
Helm and Tiller version must be same ndash do not download Helm from Internet
IBM Cloud34
Deploying Db2 on Kubernetes
IBM Cloud35
Db2-based Containers running on Kubernetes (Sep 2019)Product Version Worker
Nodes
Pods PVCs Comments
Db2 OLTP 11144 1 1 1
Db2 OLTP HADR 11144 3 5 6 1x Db2 primary 1x Db2 standby 3x etcd for cluster
manager addntl PVC for HADR setup
Data Server
Manager
215 1 2 2 1x DSM 1x Db2 repository database
Includes Db2 111 engine
Db2 Warehouse
SMP
3100 1 1 1 Includes Db2 111 engine
Db2 Warehouse
MPP
3100 3+ 3+ 1 Includes Db2 111 engine
Requires IBM Cloud Pak for Data
Coming soon
minus Red Hat OpenShift Kubernetes support
minus Db2 v115 engine
IBM Cloud36
IBM Cloud Private Kubernetes platform
IBM Cloud37
Before deploying Db2 OLTP to Kubernetes a couple of stepsneed to be performed
Creating a new namespace (optional)
Configuring a pod security policy
Configuring an image pull secret
Configuring the service account
IBM Cloud38
Creating the Namespace for the Db2 OLTP containers
We will create new namespace where all our Pods for Db2 OLTP Db2 OLTP HADR and Data Server Manager will run
Create the namespace for example stock-trader-data
$ kubectl create namespace stock-trader-data
namespacestock-trader-data created
Switch the context to the newly created namespace
$ kubectl config set-context $(kubectl config current-context)
--namespace=stock-trader-data
Context mycluster-context modified
Verify pods There should be no pods running as we just created the namespace$ kubectl get podsNo resources found
IBM Cloud39
Configuring Pod Security Policy for Db2$ cat pre01yamlapiVersion extensionsv1beta1kind PodSecurityPolicymetadata
name db2-privilegesspec
allowPrivilegeEscalation trueprivileged falseallowedCapabilities- SETPCAP- MKNOD- AUDIT_WRITE- CHOWN- NET_RAW- DAC_OVERRIDE- FOWNER- FSETID- KILL- SETGID- SETUID- NET_BIND_SERVICE- SYS_CHROOT- SETFCAP- SYS_RESOURCE- IPC_OWNER- SYS_NICEfsGroup
rule RunAsAnyhostIPC true
hostNetwork falsehostPID falsehostPorts- max 65535
min 1runAsUser
rule RunAsAnyseLinux
rule RunAsAnysupplementalGroups
rule RunAsAnyvolumes-
Configure the pod security policy$ kubectl apply -f pre01yamlpodsecuritypolicyextensionsdb2-privileges configured
Verify the results$ kubectl get psp
db2-privileges false SETPCAPMKNODAUDIT_WRITECHOWNNET_RAWDAC_OVERRIDEFOWNERFSETIDKILLSETGIDSETUIDNET_BIND_SERVICESYS_CHROOTSETFCAPSYS_RESOURCEIPC_OWNERSYS_NICE RunAsAny RunAsAny RunAsAny RunAsAnyfalse
IBM Cloud40
Configuring Image Pull Secret for Db2
We need to create a image pull secret to give Kubernetes the credentials to pull the Db2 Developer-C and DSM images from Docker Hub
The username password and email are the credentials form Docker Hub
Note that you need to subscribe the Db2 and DSM images in Docker Hub first
Configure the image pull secret$ kubectl create secret docker-registry dockerhub
--docker-username=ltyour dockerhub usernamegt--docker-password=ltyour dockerhub passwordgt--docker-email=ltyour dockerhub emailgt--namespace=ltyour namespacegt
secretdockerhub created
Verify the result$ kubectl get secretsNAME TYPE DATA AGEdefault-token-mwvpl kubernetesioservice-account-token 3 17ddockerhub kubernetesiodockerconfigjson 1 13m
IBM Cloud41
Configuring Service Account for Db2$ more pre04yaml---kind ClusterRoleapiVersion rbacauthorizationk8siov1metadataname db2-privileges-cluster-role
rules- apiGroups [extensions]resources [podsecuritypolicies]verbs [use]resourceNames- db2-privileges
---kind ClusterRoleBindingapiVersion rbacauthorizationk8siov1metadataname db2-privileges-cluster-role-binding
roleRefkind ClusterRolename db2-privileges-cluster-roleapiGroup rbacauthorizationk8sio
subjects- kind ServiceAccountname defaultnamespace stock-trader-data
The YAML specification file that defines the cluster role and the cluster role binding for the service account
Configure the service account$ kubectl apply -f pre04yamlclusterrolerbacauthorizationk8siodb2-privileges-cluster-role createdclusterrolebindingrbacauthorizationk8siodb2-privileges-cluster-role-binding created
Verify the results$ kubectl get psp
db2-privileges false SETPCAPMKNODAUDIT_WRITECHOWNNET_RAWDAC_OVERRIDEFOWNERFSETIDKILLSETGIDSETUIDNET_BIND_SERVICESYS_CHROOTSETFCAPSYS_RESOURCEIPC_OWNERSYS_NICE RunAsAny RunAsAny RunAsAnyRunAsAny false
IBM Cloud42
Helm Charts for Db2 and DSM
IBM Cloud43
Helm install command to deploy Db2 OLTP on Kubernetes
Installing Db2 OLTP server with one database in 2 minutes
$ helm install --name db2-01 ibm-chartsibm-db2oltp-dev
--tls
--set db2instinstname=db2inst1
--set db2instpassword=passw0rd
--set optionsdatabaseName=MYDB
--set dataVolumesize=20Gi
Size of the
Db2 data
volume
Name of database that
will be created
If not specified no
database will be
created
Instance
owner name
Instance owner
password
Db2 OLTP
Helm chart
name
Helm release
name
different for each
deployment
Additional parameters available for example to enable Oracle compatibilitySee httpsgithubcomIBMchartstreemasterstableibm-db2oltp-dev
IBM Cloud44
Letrsquos verify if we can connect to the MYDB database (1)
Get list of running pods and verify that Db2 OLTP pod is running
$ kubectl get podsNAME READY STATUS RESTARTS AGEdb2-01-ibm-db2oltp-dev-0 11 Running 1 7h57m
Review the logs of the Db2 OLTP container
$ kubectl logs -f db2-01-ibm-db2oltp-dev-009152019 160430 0 0 SQL1063N DB2START processing was successfulSQL1063N DB2START processing was successful() Starting TEXT SEARCH service CIE00001 Operation completed successfullyssh-keygen generating new host keys RSA1 RSA DSA ECDSA ED25519() All databases are now active() Setup has completed
IBM Cloud45
Letrsquos verify if we can connect to the MYDB database (2)
Login to the Db2 OLTP container and connect to MYDB Db2 database
$ kubectl exec -it db2-01-ibm-db2oltp-dev-0 --binbash su - db2inst1Last login Sun Sep 15 161711 UTC 2019$ db2 connect to MYDB
Database Connection Information
Database server = DB2LINUXX8664 11144SQL authorization ID = DB2INST1Local database alias = MYDB
IBM Cloud46
Cataloging the MYDB database
We need to catalog the MYDB database to access from Db2 client
binbash
NODE_PORT=$(kubectl get --namespace stock-trader-data
-o jsonpath=specports[0]nodePort services db2-01-ibm-db2oltp-dev-db2)
echo Cataloging node db2tcp1
db2 -v uncatalog node DB2TCP1
db2 -v catalog tcpip node DB2TCP1 remote 19216827100 server $NODE_PORT
echo Cataloging database MYDB at node db2tcp1
db2 -v uncatalog database MYDB
db2 -v catalog database MYDB at node DB2TCP1
db2 terminate
We get the Db2 port
from the Db2 OLTP
helm release service
definition
IBM Cloud47
Kubernetes resources for Db2 OLTP$ helm status db2-01 --tlsNAME db2-01LAST DEPLOYED Sun Sep 15 081114 2019NAMESPACE stock-trader-dataSTATUS DEPLOYEDRESOURCES==gt v1SecretNAME TYPE DATA AGEdb2-01-ibm-db2oltp-dev Opaque 1 1s==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
db2-01-data-stor Bound vol12 20Gi RWO 1s
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
db2-01-ibm-db2oltp-dev-db2 NodePort 100050 ltnonegt 5000030463TCP5500032236TCP 1sdb2-01-ibm-db2oltp-dev ClusterIP None ltnonegt 50000TCP55000TCP60006TCP60007TCP 1s==gt v1StatefulSetNAME DESIRED CURRENT AGE
db2-01-ibm-db2oltp-dev 1 1 1s
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdb2-01-ibm-db2oltp-dev-0 01 Init01 0 1s 1 Pod runs
the Db2
container
2 Services for
Db2 1x external
1x internal
1 StatefulSet
DESIRED = 1
1 PVC (RWO) for db
files logs amp config
1 Secret
Db2 instance
owner password
IBM Cloud48
Helm install command for deploying Db2 OLTP HADR
Setting up a Db2 OLTP v111 HADR cluster pair in 5 minutes with 1 command
helm install --name db2-02 ibm-chartsibm-db2oltp-dev
--tls
--set db2instinstname=db2inst1
--set db2instpassword=passw0rd
--set optionsdatabaseName=HADB
--set dataVolumesize=20Gi--set hadrenabled=true
Additional parameter
hadrenabled set to true to
indicate that we want a
HADR setup
IBM Cloud49
Verify that Db2 HADR is working
IBM Cloud50
Kubernetes resources for Db2 OTLP HADRNAME db2-02LAST DEPLOYED Tue Sep 17 082433 2019NAMESPACE stock-trader-dataSTATUS DEPLOYEDRESOURCES==gt v1SecretNAME TYPE DATA AGEdb2-02-ibm-db2oltp-dev Opaque 1 1s==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
db2-02-hadr-stor Bound vol09 20Gi RWX 1s
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
db2-02-ibm-db2oltp-dev-db2 NodePort 100061 ltnonegt 5000032422TCP5500032181TCP 1sdb2-02-ibm-db2oltp-dev ClusterIP None ltnonegt 50000TCP55000TCP60006TCP60007TCP 1sdb2-02-ibm-db2oltp-dev-etcd ClusterIP None ltnonegt 2380TCP2379TCP 1s==gt v1StatefulSetNAME DESIRED CURRENT AGE
db2-02-ibm-db2oltp-dev 2 2 1s
==gt v1beta2StatefulSet
db2-02-ibm-db2oltp-dev-etcd 3 0 1s
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdb2-02-ibm-db2oltp-dev-0 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-1 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-etcd-0 01 ContainerCreating 0 1sdb2-02-ibm-db2oltp-dev-etcd-1 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-etcd-2 01 Pending 0 1s
5 Pods
2x Db2 3x etcd
3 Services
2x Db2 1x etcd
2 StatefulSets
Db2 DESIRED=2
etcd DESIRED=3
1 PVC (RWX)
for HADR setup (1)
1 Secret
Db2 instance
owner password
(1) 5 addntl PVCs are being created
implicitly for 2x Db2 and 3x etcd
IBM Cloud51
Kubernetes Job to deploy SQL $ cat single04yamlapiVersion batchv1kind Jobmetadata
name db2-01-create-database-schemaspec
templatespec
containers- name db2-01-create-database-schema
image storeibmcorpdb2_developer_c11144-x86_64command [ binsh-cscriptsdb2-setupsh ]volumeMounts- name db2-createschema
mountPath scriptssecurityContext
capabilitiesadd [SYS_RESOURCE IPC_OWNER SYS_NICE]
env- name LICENSE
value accept- name DB2INSTANCE
value db2inst1- name DB2INST1_PASSWORD
valueFromsecretKeyRef
name db2-01-ibm-db2oltp-devkey password
- name DB2_SERVICE_NAMEvalue db2-01-ibm-db2oltp-dev
- name DBNAMEvalue mydb
restartPolicy Nevervolumes- name db2-createschema
configMapname db2-createschemadefaultMode 0744
backoffLimit 1---apiVersion v1data
db2-setupsh |binshexport SETUPDIR=vardb2_setupsource $SETUPDIRincludedb2_constantssource $SETUPDIRincludedb2_common_functionsif getent passwd $DB2INSTANCE gt devnull 2gtamp1 then
echo () Previous setup has not been detected Creating create_users
fiif create_instance then
exit 1fistart_db2cp scriptsdb2-createschemash databasedb2-createschemashchmod +x databasedb2-createschemashsu - $DB2INSTANCE -c databasedb2-createschemash
$DB2_SERVICE_NAME $DB2INSTANCEldquo$DB2INST1_PASSWORD $DBNAME
IBM Cloud52
Kubernetes Job to deploy SQL (contrsquod)db2-createschemash |
binshDB2_SERVICE_NAME=$1DB2INSTANCE=$2DB2INST1_PASSWORD=$3DBNAME=$4echo Configure schema for database $DBNAME on host $DB2_SERVICE_NAMEdb2 catalog tcpip node DB2NODE remote $DB2_SERVICE_NAME server 50000db2 catalog db $DBNAME as $DBNAME at node DB2NODEdb2 terminatedb2 activate database $DBNAME user $DB2INSTANCE using $DB2INST1_PASSWORDdb2 connect to $DBNAME user $DB2INSTANCE using $DB2INST1_PASSWORDsleep 2db2 -tvmf scriptsps-bp-tbspsqlsleep 10db2 -tvmf scriptsps-tablessqlecho Database $DBNAME has been configured
ps-bp-tbspsql |CREATE BUFFERPOOL BP32K PAGESIZE 32KCREATE TABLESPACE TS32 PAGESIZE 32K BUFFERPOOL BP32K
ps-tablessql |CREATE TABLE PS_TABLE(PS_TABLE_ID INTEGER NOT NULL GENERATED ALWAYS AS IDENTITY (START WITH 100000 INCREMENT BY 5) [hellip] IN TS32INSERT INTO PS_TABLE (SSNFIRST_NAMELAST_NAMEJOB_CODEDEPTSALARYDOB) WITH TEMP1 [hellip] CREATE TABLE PS_HISTORY ( FIRSTNAME VARCHAR(20) NOT NULL LASTNAME VARCHAR(20) NOT NULL JOBCODE CHAR(4) NOT NULL ) IN TS32 GRANT ALL ON ps_table TO PUBLICGRANT ALL ON ps_history TO PUBLIC
kind ConfigMapmetadata
name db2-createschema
IBM Cloud53
Deploying the Job to run the SQL
We deploy the Kubernetes job that runs the SQL on the MYDB database
$ kubectl apply ndashf single04yaml
jobbatchdb2-01-create-database-schema created
configmapdb2-createschema configured
We verify that the job has been created
$ kubectl get jobs
NAME COMPLETIONS DURATION AGE
db2-01-create-database-schema 01 0s 0s
Eventually the job completes
$ kubectl get jobs
NAME COMPLETIONS DURATION AGE
db2-01-create-database-schema 11 109s 45m
IBM Cloud54
Verifying the logs from the Job that runs the SQL on MYDBWe run a script to retrieve the logs form the job
binbash
kubectl config set-context $(kubectl config current-context) --namespace=stock-trader-data
pod=$(kubectl get pods --selector=job-name=db2-01-create-database-schema --output=jsonpath=items[]metadataname)
kubectl logs -f $pod
Output
[hellip]
DB20000I The SQL command completed successfully
GRANT ALL ON ps_table TO PUBLIC
DB20000I The SQL command completed successfully
GRANT ALL ON ps_history TO PUBLIC
DB20000I The SQL command completed successfully
Database mydb has been configured
IBM Cloud55
Deploying Data Server Manager (DSM) with the GUI
IBM Cloud56
Deploying Data Server Manager (DSM) with the GUI (2)
IBM Cloud57
Getting the URL of Data Server Manager
We need to query Kubernetes for the URL of the DSM GUI
binbash
export NODE_PORT=$(kubectl get --namespace stock-trader-data -o jsonpath=spec
ports[1]nodePort services dsm-01-ibm-dsm-dev)
export NODE_IP=$(kubectl get nodes --namespace stock-trader-data -o jsonpath=
items[0]statusaddresses[0]address)
echo https$NODE_IP$NODE_PORT
=gt https1921682710030462 (can be different on your system)
IBM Cloud58
Accessing Data Server Manager
IBM Cloud59
Data Server Manager HomepageAll Db2 OLTP instances running in the
same namespace as DSM will be auto-
discovered and monitored by DSM
IBM Cloud60
DSM Kubernetes resources (12)$ helm status dsm-01 --tlsLAST DEPLOYED Mon Sep 16 120102 2019NAMESPACE stock-trader-dataSTATUS DEPLOYED
RESOURCES==gt v1RoleBindingNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGEdsm-01-repository NodePort 1000233 ltnonegt 5000032695TCP5500032203TCP 8mdsm-01-ibm-dsm-dev NodePort 100085 ltnonegt 1108032444TCP1108130462TCP 8m
==gt v1beta1DeploymentNAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGEdsm-01-repository 1 1 1 1 8mdsm-01-ibm-dsm-dev 1 1 1 1 8m
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdsm-01-repository-76f87d47d4-dlqh4 11 Running 0 8mdsm-01-ibm-dsm-dev-b976d89bd-dflqn 22 Running 0 8m
2 RoleBindings
2 Services
1x Db2 (repodb)
1x DSM
2 Deployments
2 Pods
1 Db2 1 DSM
IBM Cloud61
DSM Kubernetes resources (22)
[hellip]==gt v1SecretNAME TYPE DATA AGEdsm-01-repository-db2-passwd Opaque 1 8mdsm-01-ibm-dsm-dev-dsm-passwd Opaque 1 8m
==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGEdsm-01-repository-data-stor Bound vol14 20Gi RWO 8mdsm-01-ibm-dsm-dev-datavolume Bound vol12 20Gi RWO 8m
==gt v1ServiceAccountNAME SECRETS AGEdsm-repodb-dsm-01-repository 1 8mdsm-dsm-01-ibm-dsm-dev 1 8m
==gt v1RoleNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
2 Secrets 1 DSM
asmin 1 Db2
instance owner
2 PVCs 1 DSM
Db2
3 Roles
IBM Cloud62
Additional Resources
IBM Cloud63
Additional Resources ndash Kubernetes Docker Helm
Kubernetes
minus httpskubernetesiodocstutorialskubernetes-basics
Kubernetes in the Enterprise eBook
minus ibmbizBdYA4i
Docker
minus httpsdocsdockercomget-started
Docker Hub
minus httpshubdockercom
Helm
minus httpshelmshdocs
IBM Cloud64
Additional Resources ndash IBM Cloud Private OpenShift
IBM Cloud Private Documentation
minus httpswwwibmcomsupportknowledgecenterenSSBS6K_320kc_welcome_containershtml
Deploy IBM Cloud Private Community Edition using Vagrant
minus httpsgithubcomIBMdeploy-ibm-cloud-privateblobmasterdocsdeploy-vagrantmd
Red Hat OpenShift Container Platform Documentation
minus httpsdocsopenshiftcomcontainer-platform41welcomeindexhtml
IBM Cloud65
Additional Resources ndash Db2 Db2Wh DSMDb2 Integration into IBM Cloud Private
minus httpsdeveloperibmcomrecipestutorialsdb2-integration-into-ibm-cloud-private
Db2 on IBM Cloud Private with Red Hat OpenShift
minus httpsdeveloperibmcomrecipestutorialsibm-db2-on-ibm-cloud-private-with-redhat-openshift
IBM Db2 Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-db2oltp-dev
IBM Data Server Manager Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-dsm-dev
Deploying Db2 Warehouse SMP using Kubernetes
minus httpswwwibmcomsupportknowledgecenterenSSCJDQcomibmswgimdashdbdocadmindeploy_kubernetes_smphtml
Deploying Db2 Warehouse SMP and MPP on IBM Cloud Pak for Data
minus httpswwwibmcomsupportknowledgecenterenSSQNUZ_210comibmicpdatadoczenadmindb-reqshtmldb-reqs__db2warehouse
IBM Cloud66
Presentation on Db2 and Docker from Db2 Aktuell 2018
IBM Cloud67
Summary
IBM Cloud68
Summary
Micro Services and Containers
Kubernetes Basics
Deploying Db2 on Kubernetes
minus Db2 OLTP Single Server
minus Db2 OLTP HADR
minus Data Server Manager (DSM)
Additional Resources
Summary
IBM Cloud69
Claus Huempel IBM Deutschland GmbH
Karl-Arnold-Platz 1a
Technical Sales Professional 40474 Duesseldorf
Hybrid Data Management Germany
Mobile +49-177-3627278
Email chuempeldeibmcom
Thank You
IBM Cloud70
IBM Cloud27
Kubernetes Storage ndash Persistence in Pods
Pods are ephemeral and stateless
Applications need persistent storage
Volumes is a way to get persistence to a Pod
Kubernetes volumes are similar to Docker volumes but are managed differently
All containers in a Pod can access the volume
Volumes are associated with the lifecycle of a Pod
Directories in a host are exposed as volumes in Pod
Volumes may be based on a variety of back-end storage types
IBM Cloud28
Kubernetes StoragePersistent volume and persistent volume claim
The Kubernetes Volume abstraction provides
minusPersistent Volume (PV) ndash Provisioned by an administrator
minusPersistent Volume Claim (PVC) ndash Requested by an user and Heketi provisions PVC ndash which creates a PV
minus Storage Class (SC) ndash Storage profiles offered by admins
Persistent
Volume
Block Storage Distributed File System IBM
Spectrum Scale
Worker Node
Pod 1 Pod 1
Persistent
Volume
Claim
IBM Cloud29
Kubernetes SecretsDecouple container with sensitive information
Secret holds sensitive information such as password OAuth tokens and more
Secret is an abstraction to decouple sensitive data
To use a secret Pod needs to reference the secret
Secret can be used in a Pod as files in a volume mounted on one or more containers or used by kubelet when pulling images for the Pod
$ kubectl -n stocktrader
create secret generic db2
--from-literal=id=db2psc
--from-literal=pwd=password
--from-literal=host=dev-ibm-db2oltp-devdefaultsvcclusterlocal
--from-literal=port=50000
--from-literal=db=PSDB
IBM Cloud30
IBM Cloud Private catalog ndash Helm Charts
Db2 chart
DSM chart
IBM Cloud31
IBM Cloud Private catalog ndash What is a Helm Chart
Helm is the package manager in IBM Cloud Private
Tiller is the server that serves the Helm content
Helm charts help to define install and upgrade software in an automated fashion
Helm charts can be deployed using GUI or command line
Software packages are available from IBM Charts Repository
Available at httpsgithubcomIBMcharts
IBM Cloud Private catalog requires internet connectivity to show available charts
In an air-gap environment you can build your own Local Charts repository
IBM Cloud32
IBM Charts Repository httpsgithubcomIBMchartstreemasterstable
Db2 chart
DSM chart
IBM Cloud33
Helm command line ndash Helm and Tiller
Helm is the client and Tiller is the server ndash runs on master node
$ helm version
Client v272+icp
Error cannot connect to Tiller
Use of --tls is required to do Helm operations
$ helm version --tls
Client v272+icp
Server v272+icp
Helm and Tiller version must be same ndash do not download Helm from Internet
IBM Cloud34
Deploying Db2 on Kubernetes
IBM Cloud35
Db2-based Containers running on Kubernetes (Sep 2019)Product Version Worker
Nodes
Pods PVCs Comments
Db2 OLTP 11144 1 1 1
Db2 OLTP HADR 11144 3 5 6 1x Db2 primary 1x Db2 standby 3x etcd for cluster
manager addntl PVC for HADR setup
Data Server
Manager
215 1 2 2 1x DSM 1x Db2 repository database
Includes Db2 111 engine
Db2 Warehouse
SMP
3100 1 1 1 Includes Db2 111 engine
Db2 Warehouse
MPP
3100 3+ 3+ 1 Includes Db2 111 engine
Requires IBM Cloud Pak for Data
Coming soon
minus Red Hat OpenShift Kubernetes support
minus Db2 v115 engine
IBM Cloud36
IBM Cloud Private Kubernetes platform
IBM Cloud37
Before deploying Db2 OLTP to Kubernetes a couple of stepsneed to be performed
Creating a new namespace (optional)
Configuring a pod security policy
Configuring an image pull secret
Configuring the service account
IBM Cloud38
Creating the Namespace for the Db2 OLTP containers
We will create new namespace where all our Pods for Db2 OLTP Db2 OLTP HADR and Data Server Manager will run
Create the namespace for example stock-trader-data
$ kubectl create namespace stock-trader-data
namespacestock-trader-data created
Switch the context to the newly created namespace
$ kubectl config set-context $(kubectl config current-context)
--namespace=stock-trader-data
Context mycluster-context modified
Verify pods There should be no pods running as we just created the namespace$ kubectl get podsNo resources found
IBM Cloud39
Configuring Pod Security Policy for Db2$ cat pre01yamlapiVersion extensionsv1beta1kind PodSecurityPolicymetadata
name db2-privilegesspec
allowPrivilegeEscalation trueprivileged falseallowedCapabilities- SETPCAP- MKNOD- AUDIT_WRITE- CHOWN- NET_RAW- DAC_OVERRIDE- FOWNER- FSETID- KILL- SETGID- SETUID- NET_BIND_SERVICE- SYS_CHROOT- SETFCAP- SYS_RESOURCE- IPC_OWNER- SYS_NICEfsGroup
rule RunAsAnyhostIPC true
hostNetwork falsehostPID falsehostPorts- max 65535
min 1runAsUser
rule RunAsAnyseLinux
rule RunAsAnysupplementalGroups
rule RunAsAnyvolumes-
Configure the pod security policy$ kubectl apply -f pre01yamlpodsecuritypolicyextensionsdb2-privileges configured
Verify the results$ kubectl get psp
db2-privileges false SETPCAPMKNODAUDIT_WRITECHOWNNET_RAWDAC_OVERRIDEFOWNERFSETIDKILLSETGIDSETUIDNET_BIND_SERVICESYS_CHROOTSETFCAPSYS_RESOURCEIPC_OWNERSYS_NICE RunAsAny RunAsAny RunAsAny RunAsAnyfalse
IBM Cloud40
Configuring Image Pull Secret for Db2
We need to create a image pull secret to give Kubernetes the credentials to pull the Db2 Developer-C and DSM images from Docker Hub
The username password and email are the credentials form Docker Hub
Note that you need to subscribe the Db2 and DSM images in Docker Hub first
Configure the image pull secret$ kubectl create secret docker-registry dockerhub
--docker-username=ltyour dockerhub usernamegt--docker-password=ltyour dockerhub passwordgt--docker-email=ltyour dockerhub emailgt--namespace=ltyour namespacegt
secretdockerhub created
Verify the result$ kubectl get secretsNAME TYPE DATA AGEdefault-token-mwvpl kubernetesioservice-account-token 3 17ddockerhub kubernetesiodockerconfigjson 1 13m
IBM Cloud41
Configuring Service Account for Db2$ more pre04yaml---kind ClusterRoleapiVersion rbacauthorizationk8siov1metadataname db2-privileges-cluster-role
rules- apiGroups [extensions]resources [podsecuritypolicies]verbs [use]resourceNames- db2-privileges
---kind ClusterRoleBindingapiVersion rbacauthorizationk8siov1metadataname db2-privileges-cluster-role-binding
roleRefkind ClusterRolename db2-privileges-cluster-roleapiGroup rbacauthorizationk8sio
subjects- kind ServiceAccountname defaultnamespace stock-trader-data
The YAML specification file that defines the cluster role and the cluster role binding for the service account
Configure the service account$ kubectl apply -f pre04yamlclusterrolerbacauthorizationk8siodb2-privileges-cluster-role createdclusterrolebindingrbacauthorizationk8siodb2-privileges-cluster-role-binding created
Verify the results$ kubectl get psp
db2-privileges false SETPCAPMKNODAUDIT_WRITECHOWNNET_RAWDAC_OVERRIDEFOWNERFSETIDKILLSETGIDSETUIDNET_BIND_SERVICESYS_CHROOTSETFCAPSYS_RESOURCEIPC_OWNERSYS_NICE RunAsAny RunAsAny RunAsAnyRunAsAny false
IBM Cloud42
Helm Charts for Db2 and DSM
IBM Cloud43
Helm install command to deploy Db2 OLTP on Kubernetes
Installing Db2 OLTP server with one database in 2 minutes
$ helm install --name db2-01 ibm-chartsibm-db2oltp-dev
--tls
--set db2instinstname=db2inst1
--set db2instpassword=passw0rd
--set optionsdatabaseName=MYDB
--set dataVolumesize=20Gi
Size of the
Db2 data
volume
Name of database that
will be created
If not specified no
database will be
created
Instance
owner name
Instance owner
password
Db2 OLTP
Helm chart
name
Helm release
name
different for each
deployment
Additional parameters available for example to enable Oracle compatibilitySee httpsgithubcomIBMchartstreemasterstableibm-db2oltp-dev
IBM Cloud44
Letrsquos verify if we can connect to the MYDB database (1)
Get list of running pods and verify that Db2 OLTP pod is running
$ kubectl get podsNAME READY STATUS RESTARTS AGEdb2-01-ibm-db2oltp-dev-0 11 Running 1 7h57m
Review the logs of the Db2 OLTP container
$ kubectl logs -f db2-01-ibm-db2oltp-dev-009152019 160430 0 0 SQL1063N DB2START processing was successfulSQL1063N DB2START processing was successful() Starting TEXT SEARCH service CIE00001 Operation completed successfullyssh-keygen generating new host keys RSA1 RSA DSA ECDSA ED25519() All databases are now active() Setup has completed
IBM Cloud45
Letrsquos verify if we can connect to the MYDB database (2)
Login to the Db2 OLTP container and connect to MYDB Db2 database
$ kubectl exec -it db2-01-ibm-db2oltp-dev-0 --binbash su - db2inst1Last login Sun Sep 15 161711 UTC 2019$ db2 connect to MYDB
Database Connection Information
Database server = DB2LINUXX8664 11144SQL authorization ID = DB2INST1Local database alias = MYDB
IBM Cloud46
Cataloging the MYDB database
We need to catalog the MYDB database to access from Db2 client
binbash
NODE_PORT=$(kubectl get --namespace stock-trader-data
-o jsonpath=specports[0]nodePort services db2-01-ibm-db2oltp-dev-db2)
echo Cataloging node db2tcp1
db2 -v uncatalog node DB2TCP1
db2 -v catalog tcpip node DB2TCP1 remote 19216827100 server $NODE_PORT
echo Cataloging database MYDB at node db2tcp1
db2 -v uncatalog database MYDB
db2 -v catalog database MYDB at node DB2TCP1
db2 terminate
We get the Db2 port
from the Db2 OLTP
helm release service
definition
IBM Cloud47
Kubernetes resources for Db2 OLTP$ helm status db2-01 --tlsNAME db2-01LAST DEPLOYED Sun Sep 15 081114 2019NAMESPACE stock-trader-dataSTATUS DEPLOYEDRESOURCES==gt v1SecretNAME TYPE DATA AGEdb2-01-ibm-db2oltp-dev Opaque 1 1s==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
db2-01-data-stor Bound vol12 20Gi RWO 1s
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
db2-01-ibm-db2oltp-dev-db2 NodePort 100050 ltnonegt 5000030463TCP5500032236TCP 1sdb2-01-ibm-db2oltp-dev ClusterIP None ltnonegt 50000TCP55000TCP60006TCP60007TCP 1s==gt v1StatefulSetNAME DESIRED CURRENT AGE
db2-01-ibm-db2oltp-dev 1 1 1s
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdb2-01-ibm-db2oltp-dev-0 01 Init01 0 1s 1 Pod runs
the Db2
container
2 Services for
Db2 1x external
1x internal
1 StatefulSet
DESIRED = 1
1 PVC (RWO) for db
files logs amp config
1 Secret
Db2 instance
owner password
IBM Cloud48
Helm install command for deploying Db2 OLTP HADR
Setting up a Db2 OLTP v111 HADR cluster pair in 5 minutes with 1 command
helm install --name db2-02 ibm-chartsibm-db2oltp-dev
--tls
--set db2instinstname=db2inst1
--set db2instpassword=passw0rd
--set optionsdatabaseName=HADB
--set dataVolumesize=20Gi--set hadrenabled=true
Additional parameter
hadrenabled set to true to
indicate that we want a
HADR setup
IBM Cloud49
Verify that Db2 HADR is working
IBM Cloud50
Kubernetes resources for Db2 OTLP HADRNAME db2-02LAST DEPLOYED Tue Sep 17 082433 2019NAMESPACE stock-trader-dataSTATUS DEPLOYEDRESOURCES==gt v1SecretNAME TYPE DATA AGEdb2-02-ibm-db2oltp-dev Opaque 1 1s==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
db2-02-hadr-stor Bound vol09 20Gi RWX 1s
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
db2-02-ibm-db2oltp-dev-db2 NodePort 100061 ltnonegt 5000032422TCP5500032181TCP 1sdb2-02-ibm-db2oltp-dev ClusterIP None ltnonegt 50000TCP55000TCP60006TCP60007TCP 1sdb2-02-ibm-db2oltp-dev-etcd ClusterIP None ltnonegt 2380TCP2379TCP 1s==gt v1StatefulSetNAME DESIRED CURRENT AGE
db2-02-ibm-db2oltp-dev 2 2 1s
==gt v1beta2StatefulSet
db2-02-ibm-db2oltp-dev-etcd 3 0 1s
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdb2-02-ibm-db2oltp-dev-0 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-1 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-etcd-0 01 ContainerCreating 0 1sdb2-02-ibm-db2oltp-dev-etcd-1 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-etcd-2 01 Pending 0 1s
5 Pods
2x Db2 3x etcd
3 Services
2x Db2 1x etcd
2 StatefulSets
Db2 DESIRED=2
etcd DESIRED=3
1 PVC (RWX)
for HADR setup (1)
1 Secret
Db2 instance
owner password
(1) 5 addntl PVCs are being created
implicitly for 2x Db2 and 3x etcd
IBM Cloud51
Kubernetes Job to deploy SQL $ cat single04yamlapiVersion batchv1kind Jobmetadata
name db2-01-create-database-schemaspec
templatespec
containers- name db2-01-create-database-schema
image storeibmcorpdb2_developer_c11144-x86_64command [ binsh-cscriptsdb2-setupsh ]volumeMounts- name db2-createschema
mountPath scriptssecurityContext
capabilitiesadd [SYS_RESOURCE IPC_OWNER SYS_NICE]
env- name LICENSE
value accept- name DB2INSTANCE
value db2inst1- name DB2INST1_PASSWORD
valueFromsecretKeyRef
name db2-01-ibm-db2oltp-devkey password
- name DB2_SERVICE_NAMEvalue db2-01-ibm-db2oltp-dev
- name DBNAMEvalue mydb
restartPolicy Nevervolumes- name db2-createschema
configMapname db2-createschemadefaultMode 0744
backoffLimit 1---apiVersion v1data
db2-setupsh |binshexport SETUPDIR=vardb2_setupsource $SETUPDIRincludedb2_constantssource $SETUPDIRincludedb2_common_functionsif getent passwd $DB2INSTANCE gt devnull 2gtamp1 then
echo () Previous setup has not been detected Creating create_users
fiif create_instance then
exit 1fistart_db2cp scriptsdb2-createschemash databasedb2-createschemashchmod +x databasedb2-createschemashsu - $DB2INSTANCE -c databasedb2-createschemash
$DB2_SERVICE_NAME $DB2INSTANCEldquo$DB2INST1_PASSWORD $DBNAME
IBM Cloud52
Kubernetes Job to deploy SQL (contrsquod)db2-createschemash |
binshDB2_SERVICE_NAME=$1DB2INSTANCE=$2DB2INST1_PASSWORD=$3DBNAME=$4echo Configure schema for database $DBNAME on host $DB2_SERVICE_NAMEdb2 catalog tcpip node DB2NODE remote $DB2_SERVICE_NAME server 50000db2 catalog db $DBNAME as $DBNAME at node DB2NODEdb2 terminatedb2 activate database $DBNAME user $DB2INSTANCE using $DB2INST1_PASSWORDdb2 connect to $DBNAME user $DB2INSTANCE using $DB2INST1_PASSWORDsleep 2db2 -tvmf scriptsps-bp-tbspsqlsleep 10db2 -tvmf scriptsps-tablessqlecho Database $DBNAME has been configured
ps-bp-tbspsql |CREATE BUFFERPOOL BP32K PAGESIZE 32KCREATE TABLESPACE TS32 PAGESIZE 32K BUFFERPOOL BP32K
ps-tablessql |CREATE TABLE PS_TABLE(PS_TABLE_ID INTEGER NOT NULL GENERATED ALWAYS AS IDENTITY (START WITH 100000 INCREMENT BY 5) [hellip] IN TS32INSERT INTO PS_TABLE (SSNFIRST_NAMELAST_NAMEJOB_CODEDEPTSALARYDOB) WITH TEMP1 [hellip] CREATE TABLE PS_HISTORY ( FIRSTNAME VARCHAR(20) NOT NULL LASTNAME VARCHAR(20) NOT NULL JOBCODE CHAR(4) NOT NULL ) IN TS32 GRANT ALL ON ps_table TO PUBLICGRANT ALL ON ps_history TO PUBLIC
kind ConfigMapmetadata
name db2-createschema
IBM Cloud53
Deploying the Job to run the SQL
We deploy the Kubernetes job that runs the SQL on the MYDB database
$ kubectl apply ndashf single04yaml
jobbatchdb2-01-create-database-schema created
configmapdb2-createschema configured
We verify that the job has been created
$ kubectl get jobs
NAME COMPLETIONS DURATION AGE
db2-01-create-database-schema 01 0s 0s
Eventually the job completes
$ kubectl get jobs
NAME COMPLETIONS DURATION AGE
db2-01-create-database-schema 11 109s 45m
IBM Cloud54
Verifying the logs from the Job that runs the SQL on MYDBWe run a script to retrieve the logs form the job
binbash
kubectl config set-context $(kubectl config current-context) --namespace=stock-trader-data
pod=$(kubectl get pods --selector=job-name=db2-01-create-database-schema --output=jsonpath=items[]metadataname)
kubectl logs -f $pod
Output
[hellip]
DB20000I The SQL command completed successfully
GRANT ALL ON ps_table TO PUBLIC
DB20000I The SQL command completed successfully
GRANT ALL ON ps_history TO PUBLIC
DB20000I The SQL command completed successfully
Database mydb has been configured
IBM Cloud55
Deploying Data Server Manager (DSM) with the GUI
IBM Cloud56
Deploying Data Server Manager (DSM) with the GUI (2)
IBM Cloud57
Getting the URL of Data Server Manager
We need to query Kubernetes for the URL of the DSM GUI
binbash
export NODE_PORT=$(kubectl get --namespace stock-trader-data -o jsonpath=spec
ports[1]nodePort services dsm-01-ibm-dsm-dev)
export NODE_IP=$(kubectl get nodes --namespace stock-trader-data -o jsonpath=
items[0]statusaddresses[0]address)
echo https$NODE_IP$NODE_PORT
=gt https1921682710030462 (can be different on your system)
IBM Cloud58
Accessing Data Server Manager
IBM Cloud59
Data Server Manager HomepageAll Db2 OLTP instances running in the
same namespace as DSM will be auto-
discovered and monitored by DSM
IBM Cloud60
DSM Kubernetes resources (12)$ helm status dsm-01 --tlsLAST DEPLOYED Mon Sep 16 120102 2019NAMESPACE stock-trader-dataSTATUS DEPLOYED
RESOURCES==gt v1RoleBindingNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGEdsm-01-repository NodePort 1000233 ltnonegt 5000032695TCP5500032203TCP 8mdsm-01-ibm-dsm-dev NodePort 100085 ltnonegt 1108032444TCP1108130462TCP 8m
==gt v1beta1DeploymentNAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGEdsm-01-repository 1 1 1 1 8mdsm-01-ibm-dsm-dev 1 1 1 1 8m
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdsm-01-repository-76f87d47d4-dlqh4 11 Running 0 8mdsm-01-ibm-dsm-dev-b976d89bd-dflqn 22 Running 0 8m
2 RoleBindings
2 Services
1x Db2 (repodb)
1x DSM
2 Deployments
2 Pods
1 Db2 1 DSM
IBM Cloud61
DSM Kubernetes resources (22)
[hellip]==gt v1SecretNAME TYPE DATA AGEdsm-01-repository-db2-passwd Opaque 1 8mdsm-01-ibm-dsm-dev-dsm-passwd Opaque 1 8m
==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGEdsm-01-repository-data-stor Bound vol14 20Gi RWO 8mdsm-01-ibm-dsm-dev-datavolume Bound vol12 20Gi RWO 8m
==gt v1ServiceAccountNAME SECRETS AGEdsm-repodb-dsm-01-repository 1 8mdsm-dsm-01-ibm-dsm-dev 1 8m
==gt v1RoleNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
2 Secrets 1 DSM
asmin 1 Db2
instance owner
2 PVCs 1 DSM
Db2
3 Roles
IBM Cloud62
Additional Resources
IBM Cloud63
Additional Resources ndash Kubernetes Docker Helm
Kubernetes
minus httpskubernetesiodocstutorialskubernetes-basics
Kubernetes in the Enterprise eBook
minus ibmbizBdYA4i
Docker
minus httpsdocsdockercomget-started
Docker Hub
minus httpshubdockercom
Helm
minus httpshelmshdocs
IBM Cloud64
Additional Resources ndash IBM Cloud Private OpenShift
IBM Cloud Private Documentation
minus httpswwwibmcomsupportknowledgecenterenSSBS6K_320kc_welcome_containershtml
Deploy IBM Cloud Private Community Edition using Vagrant
minus httpsgithubcomIBMdeploy-ibm-cloud-privateblobmasterdocsdeploy-vagrantmd
Red Hat OpenShift Container Platform Documentation
minus httpsdocsopenshiftcomcontainer-platform41welcomeindexhtml
IBM Cloud65
Additional Resources ndash Db2 Db2Wh DSMDb2 Integration into IBM Cloud Private
minus httpsdeveloperibmcomrecipestutorialsdb2-integration-into-ibm-cloud-private
Db2 on IBM Cloud Private with Red Hat OpenShift
minus httpsdeveloperibmcomrecipestutorialsibm-db2-on-ibm-cloud-private-with-redhat-openshift
IBM Db2 Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-db2oltp-dev
IBM Data Server Manager Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-dsm-dev
Deploying Db2 Warehouse SMP using Kubernetes
minus httpswwwibmcomsupportknowledgecenterenSSCJDQcomibmswgimdashdbdocadmindeploy_kubernetes_smphtml
Deploying Db2 Warehouse SMP and MPP on IBM Cloud Pak for Data
minus httpswwwibmcomsupportknowledgecenterenSSQNUZ_210comibmicpdatadoczenadmindb-reqshtmldb-reqs__db2warehouse
IBM Cloud66
Presentation on Db2 and Docker from Db2 Aktuell 2018
IBM Cloud67
Summary
IBM Cloud68
Summary
Micro Services and Containers
Kubernetes Basics
Deploying Db2 on Kubernetes
minus Db2 OLTP Single Server
minus Db2 OLTP HADR
minus Data Server Manager (DSM)
Additional Resources
Summary
IBM Cloud69
Claus Huempel IBM Deutschland GmbH
Karl-Arnold-Platz 1a
Technical Sales Professional 40474 Duesseldorf
Hybrid Data Management Germany
Mobile +49-177-3627278
Email chuempeldeibmcom
Thank You
IBM Cloud70
IBM Cloud28
Kubernetes StoragePersistent volume and persistent volume claim
The Kubernetes Volume abstraction provides
minusPersistent Volume (PV) ndash Provisioned by an administrator
minusPersistent Volume Claim (PVC) ndash Requested by an user and Heketi provisions PVC ndash which creates a PV
minus Storage Class (SC) ndash Storage profiles offered by admins
Persistent
Volume
Block Storage Distributed File System IBM
Spectrum Scale
Worker Node
Pod 1 Pod 1
Persistent
Volume
Claim
IBM Cloud29
Kubernetes SecretsDecouple container with sensitive information
Secret holds sensitive information such as password OAuth tokens and more
Secret is an abstraction to decouple sensitive data
To use a secret Pod needs to reference the secret
Secret can be used in a Pod as files in a volume mounted on one or more containers or used by kubelet when pulling images for the Pod
$ kubectl -n stocktrader
create secret generic db2
--from-literal=id=db2psc
--from-literal=pwd=password
--from-literal=host=dev-ibm-db2oltp-devdefaultsvcclusterlocal
--from-literal=port=50000
--from-literal=db=PSDB
IBM Cloud30
IBM Cloud Private catalog ndash Helm Charts
Db2 chart
DSM chart
IBM Cloud31
IBM Cloud Private catalog ndash What is a Helm Chart
Helm is the package manager in IBM Cloud Private
Tiller is the server that serves the Helm content
Helm charts help to define install and upgrade software in an automated fashion
Helm charts can be deployed using GUI or command line
Software packages are available from IBM Charts Repository
Available at httpsgithubcomIBMcharts
IBM Cloud Private catalog requires internet connectivity to show available charts
In an air-gap environment you can build your own Local Charts repository
IBM Cloud32
IBM Charts Repository httpsgithubcomIBMchartstreemasterstable
Db2 chart
DSM chart
IBM Cloud33
Helm command line ndash Helm and Tiller
Helm is the client and Tiller is the server ndash runs on master node
$ helm version
Client v272+icp
Error cannot connect to Tiller
Use of --tls is required to do Helm operations
$ helm version --tls
Client v272+icp
Server v272+icp
Helm and Tiller version must be same ndash do not download Helm from Internet
IBM Cloud34
Deploying Db2 on Kubernetes
IBM Cloud35
Db2-based Containers running on Kubernetes (Sep 2019)Product Version Worker
Nodes
Pods PVCs Comments
Db2 OLTP 11144 1 1 1
Db2 OLTP HADR 11144 3 5 6 1x Db2 primary 1x Db2 standby 3x etcd for cluster
manager addntl PVC for HADR setup
Data Server
Manager
215 1 2 2 1x DSM 1x Db2 repository database
Includes Db2 111 engine
Db2 Warehouse
SMP
3100 1 1 1 Includes Db2 111 engine
Db2 Warehouse
MPP
3100 3+ 3+ 1 Includes Db2 111 engine
Requires IBM Cloud Pak for Data
Coming soon
minus Red Hat OpenShift Kubernetes support
minus Db2 v115 engine
IBM Cloud36
IBM Cloud Private Kubernetes platform
IBM Cloud37
Before deploying Db2 OLTP to Kubernetes a couple of stepsneed to be performed
Creating a new namespace (optional)
Configuring a pod security policy
Configuring an image pull secret
Configuring the service account
IBM Cloud38
Creating the Namespace for the Db2 OLTP containers
We will create new namespace where all our Pods for Db2 OLTP Db2 OLTP HADR and Data Server Manager will run
Create the namespace for example stock-trader-data
$ kubectl create namespace stock-trader-data
namespacestock-trader-data created
Switch the context to the newly created namespace
$ kubectl config set-context $(kubectl config current-context)
--namespace=stock-trader-data
Context mycluster-context modified
Verify pods There should be no pods running as we just created the namespace$ kubectl get podsNo resources found
IBM Cloud39
Configuring Pod Security Policy for Db2$ cat pre01yamlapiVersion extensionsv1beta1kind PodSecurityPolicymetadata
name db2-privilegesspec
allowPrivilegeEscalation trueprivileged falseallowedCapabilities- SETPCAP- MKNOD- AUDIT_WRITE- CHOWN- NET_RAW- DAC_OVERRIDE- FOWNER- FSETID- KILL- SETGID- SETUID- NET_BIND_SERVICE- SYS_CHROOT- SETFCAP- SYS_RESOURCE- IPC_OWNER- SYS_NICEfsGroup
rule RunAsAnyhostIPC true
hostNetwork falsehostPID falsehostPorts- max 65535
min 1runAsUser
rule RunAsAnyseLinux
rule RunAsAnysupplementalGroups
rule RunAsAnyvolumes-
Configure the pod security policy$ kubectl apply -f pre01yamlpodsecuritypolicyextensionsdb2-privileges configured
Verify the results$ kubectl get psp
db2-privileges false SETPCAPMKNODAUDIT_WRITECHOWNNET_RAWDAC_OVERRIDEFOWNERFSETIDKILLSETGIDSETUIDNET_BIND_SERVICESYS_CHROOTSETFCAPSYS_RESOURCEIPC_OWNERSYS_NICE RunAsAny RunAsAny RunAsAny RunAsAnyfalse
IBM Cloud40
Configuring Image Pull Secret for Db2
We need to create a image pull secret to give Kubernetes the credentials to pull the Db2 Developer-C and DSM images from Docker Hub
The username password and email are the credentials form Docker Hub
Note that you need to subscribe the Db2 and DSM images in Docker Hub first
Configure the image pull secret$ kubectl create secret docker-registry dockerhub
--docker-username=ltyour dockerhub usernamegt--docker-password=ltyour dockerhub passwordgt--docker-email=ltyour dockerhub emailgt--namespace=ltyour namespacegt
secretdockerhub created
Verify the result$ kubectl get secretsNAME TYPE DATA AGEdefault-token-mwvpl kubernetesioservice-account-token 3 17ddockerhub kubernetesiodockerconfigjson 1 13m
IBM Cloud41
Configuring Service Account for Db2$ more pre04yaml---kind ClusterRoleapiVersion rbacauthorizationk8siov1metadataname db2-privileges-cluster-role
rules- apiGroups [extensions]resources [podsecuritypolicies]verbs [use]resourceNames- db2-privileges
---kind ClusterRoleBindingapiVersion rbacauthorizationk8siov1metadataname db2-privileges-cluster-role-binding
roleRefkind ClusterRolename db2-privileges-cluster-roleapiGroup rbacauthorizationk8sio
subjects- kind ServiceAccountname defaultnamespace stock-trader-data
The YAML specification file that defines the cluster role and the cluster role binding for the service account
Configure the service account$ kubectl apply -f pre04yamlclusterrolerbacauthorizationk8siodb2-privileges-cluster-role createdclusterrolebindingrbacauthorizationk8siodb2-privileges-cluster-role-binding created
Verify the results$ kubectl get psp
db2-privileges false SETPCAPMKNODAUDIT_WRITECHOWNNET_RAWDAC_OVERRIDEFOWNERFSETIDKILLSETGIDSETUIDNET_BIND_SERVICESYS_CHROOTSETFCAPSYS_RESOURCEIPC_OWNERSYS_NICE RunAsAny RunAsAny RunAsAnyRunAsAny false
IBM Cloud42
Helm Charts for Db2 and DSM
IBM Cloud43
Helm install command to deploy Db2 OLTP on Kubernetes
Installing Db2 OLTP server with one database in 2 minutes
$ helm install --name db2-01 ibm-chartsibm-db2oltp-dev
--tls
--set db2instinstname=db2inst1
--set db2instpassword=passw0rd
--set optionsdatabaseName=MYDB
--set dataVolumesize=20Gi
Size of the
Db2 data
volume
Name of database that
will be created
If not specified no
database will be
created
Instance
owner name
Instance owner
password
Db2 OLTP
Helm chart
name
Helm release
name
different for each
deployment
Additional parameters available for example to enable Oracle compatibilitySee httpsgithubcomIBMchartstreemasterstableibm-db2oltp-dev
IBM Cloud44
Letrsquos verify if we can connect to the MYDB database (1)
Get list of running pods and verify that Db2 OLTP pod is running
$ kubectl get podsNAME READY STATUS RESTARTS AGEdb2-01-ibm-db2oltp-dev-0 11 Running 1 7h57m
Review the logs of the Db2 OLTP container
$ kubectl logs -f db2-01-ibm-db2oltp-dev-009152019 160430 0 0 SQL1063N DB2START processing was successfulSQL1063N DB2START processing was successful() Starting TEXT SEARCH service CIE00001 Operation completed successfullyssh-keygen generating new host keys RSA1 RSA DSA ECDSA ED25519() All databases are now active() Setup has completed
IBM Cloud45
Letrsquos verify if we can connect to the MYDB database (2)
Login to the Db2 OLTP container and connect to MYDB Db2 database
$ kubectl exec -it db2-01-ibm-db2oltp-dev-0 --binbash su - db2inst1Last login Sun Sep 15 161711 UTC 2019$ db2 connect to MYDB
Database Connection Information
Database server = DB2LINUXX8664 11144SQL authorization ID = DB2INST1Local database alias = MYDB
IBM Cloud46
Cataloging the MYDB database
We need to catalog the MYDB database to access from Db2 client
binbash
NODE_PORT=$(kubectl get --namespace stock-trader-data
-o jsonpath=specports[0]nodePort services db2-01-ibm-db2oltp-dev-db2)
echo Cataloging node db2tcp1
db2 -v uncatalog node DB2TCP1
db2 -v catalog tcpip node DB2TCP1 remote 19216827100 server $NODE_PORT
echo Cataloging database MYDB at node db2tcp1
db2 -v uncatalog database MYDB
db2 -v catalog database MYDB at node DB2TCP1
db2 terminate
We get the Db2 port
from the Db2 OLTP
helm release service
definition
IBM Cloud47
Kubernetes resources for Db2 OLTP$ helm status db2-01 --tlsNAME db2-01LAST DEPLOYED Sun Sep 15 081114 2019NAMESPACE stock-trader-dataSTATUS DEPLOYEDRESOURCES==gt v1SecretNAME TYPE DATA AGEdb2-01-ibm-db2oltp-dev Opaque 1 1s==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
db2-01-data-stor Bound vol12 20Gi RWO 1s
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
db2-01-ibm-db2oltp-dev-db2 NodePort 100050 ltnonegt 5000030463TCP5500032236TCP 1sdb2-01-ibm-db2oltp-dev ClusterIP None ltnonegt 50000TCP55000TCP60006TCP60007TCP 1s==gt v1StatefulSetNAME DESIRED CURRENT AGE
db2-01-ibm-db2oltp-dev 1 1 1s
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdb2-01-ibm-db2oltp-dev-0 01 Init01 0 1s 1 Pod runs
the Db2
container
2 Services for
Db2 1x external
1x internal
1 StatefulSet
DESIRED = 1
1 PVC (RWO) for db
files logs amp config
1 Secret
Db2 instance
owner password
IBM Cloud48
Helm install command for deploying Db2 OLTP HADR
Setting up a Db2 OLTP v111 HADR cluster pair in 5 minutes with 1 command
helm install --name db2-02 ibm-chartsibm-db2oltp-dev
--tls
--set db2instinstname=db2inst1
--set db2instpassword=passw0rd
--set optionsdatabaseName=HADB
--set dataVolumesize=20Gi--set hadrenabled=true
Additional parameter
hadrenabled set to true to
indicate that we want a
HADR setup
IBM Cloud49
Verify that Db2 HADR is working
IBM Cloud50
Kubernetes resources for Db2 OTLP HADRNAME db2-02LAST DEPLOYED Tue Sep 17 082433 2019NAMESPACE stock-trader-dataSTATUS DEPLOYEDRESOURCES==gt v1SecretNAME TYPE DATA AGEdb2-02-ibm-db2oltp-dev Opaque 1 1s==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
db2-02-hadr-stor Bound vol09 20Gi RWX 1s
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
db2-02-ibm-db2oltp-dev-db2 NodePort 100061 ltnonegt 5000032422TCP5500032181TCP 1sdb2-02-ibm-db2oltp-dev ClusterIP None ltnonegt 50000TCP55000TCP60006TCP60007TCP 1sdb2-02-ibm-db2oltp-dev-etcd ClusterIP None ltnonegt 2380TCP2379TCP 1s==gt v1StatefulSetNAME DESIRED CURRENT AGE
db2-02-ibm-db2oltp-dev 2 2 1s
==gt v1beta2StatefulSet
db2-02-ibm-db2oltp-dev-etcd 3 0 1s
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdb2-02-ibm-db2oltp-dev-0 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-1 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-etcd-0 01 ContainerCreating 0 1sdb2-02-ibm-db2oltp-dev-etcd-1 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-etcd-2 01 Pending 0 1s
5 Pods
2x Db2 3x etcd
3 Services
2x Db2 1x etcd
2 StatefulSets
Db2 DESIRED=2
etcd DESIRED=3
1 PVC (RWX)
for HADR setup (1)
1 Secret
Db2 instance
owner password
(1) 5 addntl PVCs are being created
implicitly for 2x Db2 and 3x etcd
IBM Cloud51
Kubernetes Job to deploy SQL $ cat single04yamlapiVersion batchv1kind Jobmetadata
name db2-01-create-database-schemaspec
templatespec
containers- name db2-01-create-database-schema
image storeibmcorpdb2_developer_c11144-x86_64command [ binsh-cscriptsdb2-setupsh ]volumeMounts- name db2-createschema
mountPath scriptssecurityContext
capabilitiesadd [SYS_RESOURCE IPC_OWNER SYS_NICE]
env- name LICENSE
value accept- name DB2INSTANCE
value db2inst1- name DB2INST1_PASSWORD
valueFromsecretKeyRef
name db2-01-ibm-db2oltp-devkey password
- name DB2_SERVICE_NAMEvalue db2-01-ibm-db2oltp-dev
- name DBNAMEvalue mydb
restartPolicy Nevervolumes- name db2-createschema
configMapname db2-createschemadefaultMode 0744
backoffLimit 1---apiVersion v1data
db2-setupsh |binshexport SETUPDIR=vardb2_setupsource $SETUPDIRincludedb2_constantssource $SETUPDIRincludedb2_common_functionsif getent passwd $DB2INSTANCE gt devnull 2gtamp1 then
echo () Previous setup has not been detected Creating create_users
fiif create_instance then
exit 1fistart_db2cp scriptsdb2-createschemash databasedb2-createschemashchmod +x databasedb2-createschemashsu - $DB2INSTANCE -c databasedb2-createschemash
$DB2_SERVICE_NAME $DB2INSTANCEldquo$DB2INST1_PASSWORD $DBNAME
IBM Cloud52
Kubernetes Job to deploy SQL (contrsquod)db2-createschemash |
binshDB2_SERVICE_NAME=$1DB2INSTANCE=$2DB2INST1_PASSWORD=$3DBNAME=$4echo Configure schema for database $DBNAME on host $DB2_SERVICE_NAMEdb2 catalog tcpip node DB2NODE remote $DB2_SERVICE_NAME server 50000db2 catalog db $DBNAME as $DBNAME at node DB2NODEdb2 terminatedb2 activate database $DBNAME user $DB2INSTANCE using $DB2INST1_PASSWORDdb2 connect to $DBNAME user $DB2INSTANCE using $DB2INST1_PASSWORDsleep 2db2 -tvmf scriptsps-bp-tbspsqlsleep 10db2 -tvmf scriptsps-tablessqlecho Database $DBNAME has been configured
ps-bp-tbspsql |CREATE BUFFERPOOL BP32K PAGESIZE 32KCREATE TABLESPACE TS32 PAGESIZE 32K BUFFERPOOL BP32K
ps-tablessql |CREATE TABLE PS_TABLE(PS_TABLE_ID INTEGER NOT NULL GENERATED ALWAYS AS IDENTITY (START WITH 100000 INCREMENT BY 5) [hellip] IN TS32INSERT INTO PS_TABLE (SSNFIRST_NAMELAST_NAMEJOB_CODEDEPTSALARYDOB) WITH TEMP1 [hellip] CREATE TABLE PS_HISTORY ( FIRSTNAME VARCHAR(20) NOT NULL LASTNAME VARCHAR(20) NOT NULL JOBCODE CHAR(4) NOT NULL ) IN TS32 GRANT ALL ON ps_table TO PUBLICGRANT ALL ON ps_history TO PUBLIC
kind ConfigMapmetadata
name db2-createschema
IBM Cloud53
Deploying the Job to run the SQL
We deploy the Kubernetes job that runs the SQL on the MYDB database
$ kubectl apply ndashf single04yaml
jobbatchdb2-01-create-database-schema created
configmapdb2-createschema configured
We verify that the job has been created
$ kubectl get jobs
NAME COMPLETIONS DURATION AGE
db2-01-create-database-schema 01 0s 0s
Eventually the job completes
$ kubectl get jobs
NAME COMPLETIONS DURATION AGE
db2-01-create-database-schema 11 109s 45m
IBM Cloud54
Verifying the logs from the Job that runs the SQL on MYDBWe run a script to retrieve the logs form the job
binbash
kubectl config set-context $(kubectl config current-context) --namespace=stock-trader-data
pod=$(kubectl get pods --selector=job-name=db2-01-create-database-schema --output=jsonpath=items[]metadataname)
kubectl logs -f $pod
Output
[hellip]
DB20000I The SQL command completed successfully
GRANT ALL ON ps_table TO PUBLIC
DB20000I The SQL command completed successfully
GRANT ALL ON ps_history TO PUBLIC
DB20000I The SQL command completed successfully
Database mydb has been configured
IBM Cloud55
Deploying Data Server Manager (DSM) with the GUI
IBM Cloud56
Deploying Data Server Manager (DSM) with the GUI (2)
IBM Cloud57
Getting the URL of Data Server Manager
We need to query Kubernetes for the URL of the DSM GUI
binbash
export NODE_PORT=$(kubectl get --namespace stock-trader-data -o jsonpath=spec
ports[1]nodePort services dsm-01-ibm-dsm-dev)
export NODE_IP=$(kubectl get nodes --namespace stock-trader-data -o jsonpath=
items[0]statusaddresses[0]address)
echo https$NODE_IP$NODE_PORT
=gt https1921682710030462 (can be different on your system)
IBM Cloud58
Accessing Data Server Manager
IBM Cloud59
Data Server Manager HomepageAll Db2 OLTP instances running in the
same namespace as DSM will be auto-
discovered and monitored by DSM
IBM Cloud60
DSM Kubernetes resources (12)$ helm status dsm-01 --tlsLAST DEPLOYED Mon Sep 16 120102 2019NAMESPACE stock-trader-dataSTATUS DEPLOYED
RESOURCES==gt v1RoleBindingNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGEdsm-01-repository NodePort 1000233 ltnonegt 5000032695TCP5500032203TCP 8mdsm-01-ibm-dsm-dev NodePort 100085 ltnonegt 1108032444TCP1108130462TCP 8m
==gt v1beta1DeploymentNAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGEdsm-01-repository 1 1 1 1 8mdsm-01-ibm-dsm-dev 1 1 1 1 8m
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdsm-01-repository-76f87d47d4-dlqh4 11 Running 0 8mdsm-01-ibm-dsm-dev-b976d89bd-dflqn 22 Running 0 8m
2 RoleBindings
2 Services
1x Db2 (repodb)
1x DSM
2 Deployments
2 Pods
1 Db2 1 DSM
IBM Cloud61
DSM Kubernetes resources (22)
[hellip]==gt v1SecretNAME TYPE DATA AGEdsm-01-repository-db2-passwd Opaque 1 8mdsm-01-ibm-dsm-dev-dsm-passwd Opaque 1 8m
==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGEdsm-01-repository-data-stor Bound vol14 20Gi RWO 8mdsm-01-ibm-dsm-dev-datavolume Bound vol12 20Gi RWO 8m
==gt v1ServiceAccountNAME SECRETS AGEdsm-repodb-dsm-01-repository 1 8mdsm-dsm-01-ibm-dsm-dev 1 8m
==gt v1RoleNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
2 Secrets 1 DSM
asmin 1 Db2
instance owner
2 PVCs 1 DSM
Db2
3 Roles
IBM Cloud62
Additional Resources
IBM Cloud63
Additional Resources ndash Kubernetes Docker Helm
Kubernetes
minus httpskubernetesiodocstutorialskubernetes-basics
Kubernetes in the Enterprise eBook
minus ibmbizBdYA4i
Docker
minus httpsdocsdockercomget-started
Docker Hub
minus httpshubdockercom
Helm
minus httpshelmshdocs
IBM Cloud64
Additional Resources ndash IBM Cloud Private OpenShift
IBM Cloud Private Documentation
minus httpswwwibmcomsupportknowledgecenterenSSBS6K_320kc_welcome_containershtml
Deploy IBM Cloud Private Community Edition using Vagrant
minus httpsgithubcomIBMdeploy-ibm-cloud-privateblobmasterdocsdeploy-vagrantmd
Red Hat OpenShift Container Platform Documentation
minus httpsdocsopenshiftcomcontainer-platform41welcomeindexhtml
IBM Cloud65
Additional Resources ndash Db2 Db2Wh DSMDb2 Integration into IBM Cloud Private
minus httpsdeveloperibmcomrecipestutorialsdb2-integration-into-ibm-cloud-private
Db2 on IBM Cloud Private with Red Hat OpenShift
minus httpsdeveloperibmcomrecipestutorialsibm-db2-on-ibm-cloud-private-with-redhat-openshift
IBM Db2 Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-db2oltp-dev
IBM Data Server Manager Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-dsm-dev
Deploying Db2 Warehouse SMP using Kubernetes
minus httpswwwibmcomsupportknowledgecenterenSSCJDQcomibmswgimdashdbdocadmindeploy_kubernetes_smphtml
Deploying Db2 Warehouse SMP and MPP on IBM Cloud Pak for Data
minus httpswwwibmcomsupportknowledgecenterenSSQNUZ_210comibmicpdatadoczenadmindb-reqshtmldb-reqs__db2warehouse
IBM Cloud66
Presentation on Db2 and Docker from Db2 Aktuell 2018
IBM Cloud67
Summary
IBM Cloud68
Summary
Micro Services and Containers
Kubernetes Basics
Deploying Db2 on Kubernetes
minus Db2 OLTP Single Server
minus Db2 OLTP HADR
minus Data Server Manager (DSM)
Additional Resources
Summary
IBM Cloud69
Claus Huempel IBM Deutschland GmbH
Karl-Arnold-Platz 1a
Technical Sales Professional 40474 Duesseldorf
Hybrid Data Management Germany
Mobile +49-177-3627278
Email chuempeldeibmcom
Thank You
IBM Cloud70
IBM Cloud29
Kubernetes SecretsDecouple container with sensitive information
Secret holds sensitive information such as password OAuth tokens and more
Secret is an abstraction to decouple sensitive data
To use a secret Pod needs to reference the secret
Secret can be used in a Pod as files in a volume mounted on one or more containers or used by kubelet when pulling images for the Pod
$ kubectl -n stocktrader
create secret generic db2
--from-literal=id=db2psc
--from-literal=pwd=password
--from-literal=host=dev-ibm-db2oltp-devdefaultsvcclusterlocal
--from-literal=port=50000
--from-literal=db=PSDB
IBM Cloud30
IBM Cloud Private catalog ndash Helm Charts
Db2 chart
DSM chart
IBM Cloud31
IBM Cloud Private catalog ndash What is a Helm Chart
Helm is the package manager in IBM Cloud Private
Tiller is the server that serves the Helm content
Helm charts help to define install and upgrade software in an automated fashion
Helm charts can be deployed using GUI or command line
Software packages are available from IBM Charts Repository
Available at httpsgithubcomIBMcharts
IBM Cloud Private catalog requires internet connectivity to show available charts
In an air-gap environment you can build your own Local Charts repository
IBM Cloud32
IBM Charts Repository httpsgithubcomIBMchartstreemasterstable
Db2 chart
DSM chart
IBM Cloud33
Helm command line ndash Helm and Tiller
Helm is the client and Tiller is the server ndash runs on master node
$ helm version
Client v272+icp
Error cannot connect to Tiller
Use of --tls is required to do Helm operations
$ helm version --tls
Client v272+icp
Server v272+icp
Helm and Tiller version must be same ndash do not download Helm from Internet
IBM Cloud34
Deploying Db2 on Kubernetes
IBM Cloud35
Db2-based Containers running on Kubernetes (Sep 2019)Product Version Worker
Nodes
Pods PVCs Comments
Db2 OLTP 11144 1 1 1
Db2 OLTP HADR 11144 3 5 6 1x Db2 primary 1x Db2 standby 3x etcd for cluster
manager addntl PVC for HADR setup
Data Server
Manager
215 1 2 2 1x DSM 1x Db2 repository database
Includes Db2 111 engine
Db2 Warehouse
SMP
3100 1 1 1 Includes Db2 111 engine
Db2 Warehouse
MPP
3100 3+ 3+ 1 Includes Db2 111 engine
Requires IBM Cloud Pak for Data
Coming soon
minus Red Hat OpenShift Kubernetes support
minus Db2 v115 engine
IBM Cloud36
IBM Cloud Private Kubernetes platform
IBM Cloud37
Before deploying Db2 OLTP to Kubernetes a couple of stepsneed to be performed
Creating a new namespace (optional)
Configuring a pod security policy
Configuring an image pull secret
Configuring the service account
IBM Cloud38
Creating the Namespace for the Db2 OLTP containers
We will create new namespace where all our Pods for Db2 OLTP Db2 OLTP HADR and Data Server Manager will run
Create the namespace for example stock-trader-data
$ kubectl create namespace stock-trader-data
namespacestock-trader-data created
Switch the context to the newly created namespace
$ kubectl config set-context $(kubectl config current-context)
--namespace=stock-trader-data
Context mycluster-context modified
Verify pods There should be no pods running as we just created the namespace$ kubectl get podsNo resources found
IBM Cloud39
Configuring Pod Security Policy for Db2$ cat pre01yamlapiVersion extensionsv1beta1kind PodSecurityPolicymetadata
name db2-privilegesspec
allowPrivilegeEscalation trueprivileged falseallowedCapabilities- SETPCAP- MKNOD- AUDIT_WRITE- CHOWN- NET_RAW- DAC_OVERRIDE- FOWNER- FSETID- KILL- SETGID- SETUID- NET_BIND_SERVICE- SYS_CHROOT- SETFCAP- SYS_RESOURCE- IPC_OWNER- SYS_NICEfsGroup
rule RunAsAnyhostIPC true
hostNetwork falsehostPID falsehostPorts- max 65535
min 1runAsUser
rule RunAsAnyseLinux
rule RunAsAnysupplementalGroups
rule RunAsAnyvolumes-
Configure the pod security policy$ kubectl apply -f pre01yamlpodsecuritypolicyextensionsdb2-privileges configured
Verify the results$ kubectl get psp
db2-privileges false SETPCAPMKNODAUDIT_WRITECHOWNNET_RAWDAC_OVERRIDEFOWNERFSETIDKILLSETGIDSETUIDNET_BIND_SERVICESYS_CHROOTSETFCAPSYS_RESOURCEIPC_OWNERSYS_NICE RunAsAny RunAsAny RunAsAny RunAsAnyfalse
IBM Cloud40
Configuring Image Pull Secret for Db2
We need to create a image pull secret to give Kubernetes the credentials to pull the Db2 Developer-C and DSM images from Docker Hub
The username password and email are the credentials form Docker Hub
Note that you need to subscribe the Db2 and DSM images in Docker Hub first
Configure the image pull secret$ kubectl create secret docker-registry dockerhub
--docker-username=ltyour dockerhub usernamegt--docker-password=ltyour dockerhub passwordgt--docker-email=ltyour dockerhub emailgt--namespace=ltyour namespacegt
secretdockerhub created
Verify the result$ kubectl get secretsNAME TYPE DATA AGEdefault-token-mwvpl kubernetesioservice-account-token 3 17ddockerhub kubernetesiodockerconfigjson 1 13m
IBM Cloud41
Configuring Service Account for Db2$ more pre04yaml---kind ClusterRoleapiVersion rbacauthorizationk8siov1metadataname db2-privileges-cluster-role
rules- apiGroups [extensions]resources [podsecuritypolicies]verbs [use]resourceNames- db2-privileges
---kind ClusterRoleBindingapiVersion rbacauthorizationk8siov1metadataname db2-privileges-cluster-role-binding
roleRefkind ClusterRolename db2-privileges-cluster-roleapiGroup rbacauthorizationk8sio
subjects- kind ServiceAccountname defaultnamespace stock-trader-data
The YAML specification file that defines the cluster role and the cluster role binding for the service account
Configure the service account$ kubectl apply -f pre04yamlclusterrolerbacauthorizationk8siodb2-privileges-cluster-role createdclusterrolebindingrbacauthorizationk8siodb2-privileges-cluster-role-binding created
Verify the results$ kubectl get psp
db2-privileges false SETPCAPMKNODAUDIT_WRITECHOWNNET_RAWDAC_OVERRIDEFOWNERFSETIDKILLSETGIDSETUIDNET_BIND_SERVICESYS_CHROOTSETFCAPSYS_RESOURCEIPC_OWNERSYS_NICE RunAsAny RunAsAny RunAsAnyRunAsAny false
IBM Cloud42
Helm Charts for Db2 and DSM
IBM Cloud43
Helm install command to deploy Db2 OLTP on Kubernetes
Installing Db2 OLTP server with one database in 2 minutes
$ helm install --name db2-01 ibm-chartsibm-db2oltp-dev
--tls
--set db2instinstname=db2inst1
--set db2instpassword=passw0rd
--set optionsdatabaseName=MYDB
--set dataVolumesize=20Gi
Size of the
Db2 data
volume
Name of database that
will be created
If not specified no
database will be
created
Instance
owner name
Instance owner
password
Db2 OLTP
Helm chart
name
Helm release
name
different for each
deployment
Additional parameters available for example to enable Oracle compatibilitySee httpsgithubcomIBMchartstreemasterstableibm-db2oltp-dev
IBM Cloud44
Letrsquos verify if we can connect to the MYDB database (1)
Get list of running pods and verify that Db2 OLTP pod is running
$ kubectl get podsNAME READY STATUS RESTARTS AGEdb2-01-ibm-db2oltp-dev-0 11 Running 1 7h57m
Review the logs of the Db2 OLTP container
$ kubectl logs -f db2-01-ibm-db2oltp-dev-009152019 160430 0 0 SQL1063N DB2START processing was successfulSQL1063N DB2START processing was successful() Starting TEXT SEARCH service CIE00001 Operation completed successfullyssh-keygen generating new host keys RSA1 RSA DSA ECDSA ED25519() All databases are now active() Setup has completed
IBM Cloud45
Letrsquos verify if we can connect to the MYDB database (2)
Login to the Db2 OLTP container and connect to MYDB Db2 database
$ kubectl exec -it db2-01-ibm-db2oltp-dev-0 --binbash su - db2inst1Last login Sun Sep 15 161711 UTC 2019$ db2 connect to MYDB
Database Connection Information
Database server = DB2LINUXX8664 11144SQL authorization ID = DB2INST1Local database alias = MYDB
IBM Cloud46
Cataloging the MYDB database
We need to catalog the MYDB database to access from Db2 client
binbash
NODE_PORT=$(kubectl get --namespace stock-trader-data
-o jsonpath=specports[0]nodePort services db2-01-ibm-db2oltp-dev-db2)
echo Cataloging node db2tcp1
db2 -v uncatalog node DB2TCP1
db2 -v catalog tcpip node DB2TCP1 remote 19216827100 server $NODE_PORT
echo Cataloging database MYDB at node db2tcp1
db2 -v uncatalog database MYDB
db2 -v catalog database MYDB at node DB2TCP1
db2 terminate
We get the Db2 port
from the Db2 OLTP
helm release service
definition
IBM Cloud47
Kubernetes resources for Db2 OLTP$ helm status db2-01 --tlsNAME db2-01LAST DEPLOYED Sun Sep 15 081114 2019NAMESPACE stock-trader-dataSTATUS DEPLOYEDRESOURCES==gt v1SecretNAME TYPE DATA AGEdb2-01-ibm-db2oltp-dev Opaque 1 1s==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
db2-01-data-stor Bound vol12 20Gi RWO 1s
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
db2-01-ibm-db2oltp-dev-db2 NodePort 100050 ltnonegt 5000030463TCP5500032236TCP 1sdb2-01-ibm-db2oltp-dev ClusterIP None ltnonegt 50000TCP55000TCP60006TCP60007TCP 1s==gt v1StatefulSetNAME DESIRED CURRENT AGE
db2-01-ibm-db2oltp-dev 1 1 1s
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdb2-01-ibm-db2oltp-dev-0 01 Init01 0 1s 1 Pod runs
the Db2
container
2 Services for
Db2 1x external
1x internal
1 StatefulSet
DESIRED = 1
1 PVC (RWO) for db
files logs amp config
1 Secret
Db2 instance
owner password
IBM Cloud48
Helm install command for deploying Db2 OLTP HADR
Setting up a Db2 OLTP v111 HADR cluster pair in 5 minutes with 1 command
helm install --name db2-02 ibm-chartsibm-db2oltp-dev
--tls
--set db2instinstname=db2inst1
--set db2instpassword=passw0rd
--set optionsdatabaseName=HADB
--set dataVolumesize=20Gi--set hadrenabled=true
Additional parameter
hadrenabled set to true to
indicate that we want a
HADR setup
IBM Cloud49
Verify that Db2 HADR is working
IBM Cloud50
Kubernetes resources for Db2 OTLP HADRNAME db2-02LAST DEPLOYED Tue Sep 17 082433 2019NAMESPACE stock-trader-dataSTATUS DEPLOYEDRESOURCES==gt v1SecretNAME TYPE DATA AGEdb2-02-ibm-db2oltp-dev Opaque 1 1s==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
db2-02-hadr-stor Bound vol09 20Gi RWX 1s
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
db2-02-ibm-db2oltp-dev-db2 NodePort 100061 ltnonegt 5000032422TCP5500032181TCP 1sdb2-02-ibm-db2oltp-dev ClusterIP None ltnonegt 50000TCP55000TCP60006TCP60007TCP 1sdb2-02-ibm-db2oltp-dev-etcd ClusterIP None ltnonegt 2380TCP2379TCP 1s==gt v1StatefulSetNAME DESIRED CURRENT AGE
db2-02-ibm-db2oltp-dev 2 2 1s
==gt v1beta2StatefulSet
db2-02-ibm-db2oltp-dev-etcd 3 0 1s
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdb2-02-ibm-db2oltp-dev-0 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-1 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-etcd-0 01 ContainerCreating 0 1sdb2-02-ibm-db2oltp-dev-etcd-1 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-etcd-2 01 Pending 0 1s
5 Pods
2x Db2 3x etcd
3 Services
2x Db2 1x etcd
2 StatefulSets
Db2 DESIRED=2
etcd DESIRED=3
1 PVC (RWX)
for HADR setup (1)
1 Secret
Db2 instance
owner password
(1) 5 addntl PVCs are being created
implicitly for 2x Db2 and 3x etcd
IBM Cloud51
Kubernetes Job to deploy SQL $ cat single04yamlapiVersion batchv1kind Jobmetadata
name db2-01-create-database-schemaspec
templatespec
containers- name db2-01-create-database-schema
image storeibmcorpdb2_developer_c11144-x86_64command [ binsh-cscriptsdb2-setupsh ]volumeMounts- name db2-createschema
mountPath scriptssecurityContext
capabilitiesadd [SYS_RESOURCE IPC_OWNER SYS_NICE]
env- name LICENSE
value accept- name DB2INSTANCE
value db2inst1- name DB2INST1_PASSWORD
valueFromsecretKeyRef
name db2-01-ibm-db2oltp-devkey password
- name DB2_SERVICE_NAMEvalue db2-01-ibm-db2oltp-dev
- name DBNAMEvalue mydb
restartPolicy Nevervolumes- name db2-createschema
configMapname db2-createschemadefaultMode 0744
backoffLimit 1---apiVersion v1data
db2-setupsh |binshexport SETUPDIR=vardb2_setupsource $SETUPDIRincludedb2_constantssource $SETUPDIRincludedb2_common_functionsif getent passwd $DB2INSTANCE gt devnull 2gtamp1 then
echo () Previous setup has not been detected Creating create_users
fiif create_instance then
exit 1fistart_db2cp scriptsdb2-createschemash databasedb2-createschemashchmod +x databasedb2-createschemashsu - $DB2INSTANCE -c databasedb2-createschemash
$DB2_SERVICE_NAME $DB2INSTANCEldquo$DB2INST1_PASSWORD $DBNAME
IBM Cloud52
Kubernetes Job to deploy SQL (contrsquod)db2-createschemash |
binshDB2_SERVICE_NAME=$1DB2INSTANCE=$2DB2INST1_PASSWORD=$3DBNAME=$4echo Configure schema for database $DBNAME on host $DB2_SERVICE_NAMEdb2 catalog tcpip node DB2NODE remote $DB2_SERVICE_NAME server 50000db2 catalog db $DBNAME as $DBNAME at node DB2NODEdb2 terminatedb2 activate database $DBNAME user $DB2INSTANCE using $DB2INST1_PASSWORDdb2 connect to $DBNAME user $DB2INSTANCE using $DB2INST1_PASSWORDsleep 2db2 -tvmf scriptsps-bp-tbspsqlsleep 10db2 -tvmf scriptsps-tablessqlecho Database $DBNAME has been configured
ps-bp-tbspsql |CREATE BUFFERPOOL BP32K PAGESIZE 32KCREATE TABLESPACE TS32 PAGESIZE 32K BUFFERPOOL BP32K
ps-tablessql |CREATE TABLE PS_TABLE(PS_TABLE_ID INTEGER NOT NULL GENERATED ALWAYS AS IDENTITY (START WITH 100000 INCREMENT BY 5) [hellip] IN TS32INSERT INTO PS_TABLE (SSNFIRST_NAMELAST_NAMEJOB_CODEDEPTSALARYDOB) WITH TEMP1 [hellip] CREATE TABLE PS_HISTORY ( FIRSTNAME VARCHAR(20) NOT NULL LASTNAME VARCHAR(20) NOT NULL JOBCODE CHAR(4) NOT NULL ) IN TS32 GRANT ALL ON ps_table TO PUBLICGRANT ALL ON ps_history TO PUBLIC
kind ConfigMapmetadata
name db2-createschema
IBM Cloud53
Deploying the Job to run the SQL
We deploy the Kubernetes job that runs the SQL on the MYDB database
$ kubectl apply ndashf single04yaml
jobbatchdb2-01-create-database-schema created
configmapdb2-createschema configured
We verify that the job has been created
$ kubectl get jobs
NAME COMPLETIONS DURATION AGE
db2-01-create-database-schema 01 0s 0s
Eventually the job completes
$ kubectl get jobs
NAME COMPLETIONS DURATION AGE
db2-01-create-database-schema 11 109s 45m
IBM Cloud54
Verifying the logs from the Job that runs the SQL on MYDBWe run a script to retrieve the logs form the job
binbash
kubectl config set-context $(kubectl config current-context) --namespace=stock-trader-data
pod=$(kubectl get pods --selector=job-name=db2-01-create-database-schema --output=jsonpath=items[]metadataname)
kubectl logs -f $pod
Output
[hellip]
DB20000I The SQL command completed successfully
GRANT ALL ON ps_table TO PUBLIC
DB20000I The SQL command completed successfully
GRANT ALL ON ps_history TO PUBLIC
DB20000I The SQL command completed successfully
Database mydb has been configured
IBM Cloud55
Deploying Data Server Manager (DSM) with the GUI
IBM Cloud56
Deploying Data Server Manager (DSM) with the GUI (2)
IBM Cloud57
Getting the URL of Data Server Manager
We need to query Kubernetes for the URL of the DSM GUI
binbash
export NODE_PORT=$(kubectl get --namespace stock-trader-data -o jsonpath=spec
ports[1]nodePort services dsm-01-ibm-dsm-dev)
export NODE_IP=$(kubectl get nodes --namespace stock-trader-data -o jsonpath=
items[0]statusaddresses[0]address)
echo https$NODE_IP$NODE_PORT
=gt https1921682710030462 (can be different on your system)
IBM Cloud58
Accessing Data Server Manager
IBM Cloud59
Data Server Manager HomepageAll Db2 OLTP instances running in the
same namespace as DSM will be auto-
discovered and monitored by DSM
IBM Cloud60
DSM Kubernetes resources (12)$ helm status dsm-01 --tlsLAST DEPLOYED Mon Sep 16 120102 2019NAMESPACE stock-trader-dataSTATUS DEPLOYED
RESOURCES==gt v1RoleBindingNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGEdsm-01-repository NodePort 1000233 ltnonegt 5000032695TCP5500032203TCP 8mdsm-01-ibm-dsm-dev NodePort 100085 ltnonegt 1108032444TCP1108130462TCP 8m
==gt v1beta1DeploymentNAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGEdsm-01-repository 1 1 1 1 8mdsm-01-ibm-dsm-dev 1 1 1 1 8m
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdsm-01-repository-76f87d47d4-dlqh4 11 Running 0 8mdsm-01-ibm-dsm-dev-b976d89bd-dflqn 22 Running 0 8m
2 RoleBindings
2 Services
1x Db2 (repodb)
1x DSM
2 Deployments
2 Pods
1 Db2 1 DSM
IBM Cloud61
DSM Kubernetes resources (22)
[hellip]==gt v1SecretNAME TYPE DATA AGEdsm-01-repository-db2-passwd Opaque 1 8mdsm-01-ibm-dsm-dev-dsm-passwd Opaque 1 8m
==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGEdsm-01-repository-data-stor Bound vol14 20Gi RWO 8mdsm-01-ibm-dsm-dev-datavolume Bound vol12 20Gi RWO 8m
==gt v1ServiceAccountNAME SECRETS AGEdsm-repodb-dsm-01-repository 1 8mdsm-dsm-01-ibm-dsm-dev 1 8m
==gt v1RoleNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
2 Secrets 1 DSM
asmin 1 Db2
instance owner
2 PVCs 1 DSM
Db2
3 Roles
IBM Cloud62
Additional Resources
IBM Cloud63
Additional Resources ndash Kubernetes Docker Helm
Kubernetes
minus httpskubernetesiodocstutorialskubernetes-basics
Kubernetes in the Enterprise eBook
minus ibmbizBdYA4i
Docker
minus httpsdocsdockercomget-started
Docker Hub
minus httpshubdockercom
Helm
minus httpshelmshdocs
IBM Cloud64
Additional Resources ndash IBM Cloud Private OpenShift
IBM Cloud Private Documentation
minus httpswwwibmcomsupportknowledgecenterenSSBS6K_320kc_welcome_containershtml
Deploy IBM Cloud Private Community Edition using Vagrant
minus httpsgithubcomIBMdeploy-ibm-cloud-privateblobmasterdocsdeploy-vagrantmd
Red Hat OpenShift Container Platform Documentation
minus httpsdocsopenshiftcomcontainer-platform41welcomeindexhtml
IBM Cloud65
Additional Resources ndash Db2 Db2Wh DSMDb2 Integration into IBM Cloud Private
minus httpsdeveloperibmcomrecipestutorialsdb2-integration-into-ibm-cloud-private
Db2 on IBM Cloud Private with Red Hat OpenShift
minus httpsdeveloperibmcomrecipestutorialsibm-db2-on-ibm-cloud-private-with-redhat-openshift
IBM Db2 Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-db2oltp-dev
IBM Data Server Manager Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-dsm-dev
Deploying Db2 Warehouse SMP using Kubernetes
minus httpswwwibmcomsupportknowledgecenterenSSCJDQcomibmswgimdashdbdocadmindeploy_kubernetes_smphtml
Deploying Db2 Warehouse SMP and MPP on IBM Cloud Pak for Data
minus httpswwwibmcomsupportknowledgecenterenSSQNUZ_210comibmicpdatadoczenadmindb-reqshtmldb-reqs__db2warehouse
IBM Cloud66
Presentation on Db2 and Docker from Db2 Aktuell 2018
IBM Cloud67
Summary
IBM Cloud68
Summary
Micro Services and Containers
Kubernetes Basics
Deploying Db2 on Kubernetes
minus Db2 OLTP Single Server
minus Db2 OLTP HADR
minus Data Server Manager (DSM)
Additional Resources
Summary
IBM Cloud69
Claus Huempel IBM Deutschland GmbH
Karl-Arnold-Platz 1a
Technical Sales Professional 40474 Duesseldorf
Hybrid Data Management Germany
Mobile +49-177-3627278
Email chuempeldeibmcom
Thank You
IBM Cloud70
IBM Cloud30
IBM Cloud Private catalog ndash Helm Charts
Db2 chart
DSM chart
IBM Cloud31
IBM Cloud Private catalog ndash What is a Helm Chart
Helm is the package manager in IBM Cloud Private
Tiller is the server that serves the Helm content
Helm charts help to define install and upgrade software in an automated fashion
Helm charts can be deployed using GUI or command line
Software packages are available from IBM Charts Repository
Available at httpsgithubcomIBMcharts
IBM Cloud Private catalog requires internet connectivity to show available charts
In an air-gap environment you can build your own Local Charts repository
IBM Cloud32
IBM Charts Repository httpsgithubcomIBMchartstreemasterstable
Db2 chart
DSM chart
IBM Cloud33
Helm command line ndash Helm and Tiller
Helm is the client and Tiller is the server ndash runs on master node
$ helm version
Client v272+icp
Error cannot connect to Tiller
Use of --tls is required to do Helm operations
$ helm version --tls
Client v272+icp
Server v272+icp
Helm and Tiller version must be same ndash do not download Helm from Internet
IBM Cloud34
Deploying Db2 on Kubernetes
IBM Cloud35
Db2-based Containers running on Kubernetes (Sep 2019)Product Version Worker
Nodes
Pods PVCs Comments
Db2 OLTP 11144 1 1 1
Db2 OLTP HADR 11144 3 5 6 1x Db2 primary 1x Db2 standby 3x etcd for cluster
manager addntl PVC for HADR setup
Data Server
Manager
215 1 2 2 1x DSM 1x Db2 repository database
Includes Db2 111 engine
Db2 Warehouse
SMP
3100 1 1 1 Includes Db2 111 engine
Db2 Warehouse
MPP
3100 3+ 3+ 1 Includes Db2 111 engine
Requires IBM Cloud Pak for Data
Coming soon
minus Red Hat OpenShift Kubernetes support
minus Db2 v115 engine
IBM Cloud36
IBM Cloud Private Kubernetes platform
IBM Cloud37
Before deploying Db2 OLTP to Kubernetes a couple of stepsneed to be performed
Creating a new namespace (optional)
Configuring a pod security policy
Configuring an image pull secret
Configuring the service account
IBM Cloud38
Creating the Namespace for the Db2 OLTP containers
We will create new namespace where all our Pods for Db2 OLTP Db2 OLTP HADR and Data Server Manager will run
Create the namespace for example stock-trader-data
$ kubectl create namespace stock-trader-data
namespacestock-trader-data created
Switch the context to the newly created namespace
$ kubectl config set-context $(kubectl config current-context)
--namespace=stock-trader-data
Context mycluster-context modified
Verify pods There should be no pods running as we just created the namespace$ kubectl get podsNo resources found
IBM Cloud39
Configuring Pod Security Policy for Db2$ cat pre01yamlapiVersion extensionsv1beta1kind PodSecurityPolicymetadata
name db2-privilegesspec
allowPrivilegeEscalation trueprivileged falseallowedCapabilities- SETPCAP- MKNOD- AUDIT_WRITE- CHOWN- NET_RAW- DAC_OVERRIDE- FOWNER- FSETID- KILL- SETGID- SETUID- NET_BIND_SERVICE- SYS_CHROOT- SETFCAP- SYS_RESOURCE- IPC_OWNER- SYS_NICEfsGroup
rule RunAsAnyhostIPC true
hostNetwork falsehostPID falsehostPorts- max 65535
min 1runAsUser
rule RunAsAnyseLinux
rule RunAsAnysupplementalGroups
rule RunAsAnyvolumes-
Configure the pod security policy$ kubectl apply -f pre01yamlpodsecuritypolicyextensionsdb2-privileges configured
Verify the results$ kubectl get psp
db2-privileges false SETPCAPMKNODAUDIT_WRITECHOWNNET_RAWDAC_OVERRIDEFOWNERFSETIDKILLSETGIDSETUIDNET_BIND_SERVICESYS_CHROOTSETFCAPSYS_RESOURCEIPC_OWNERSYS_NICE RunAsAny RunAsAny RunAsAny RunAsAnyfalse
IBM Cloud40
Configuring Image Pull Secret for Db2
We need to create a image pull secret to give Kubernetes the credentials to pull the Db2 Developer-C and DSM images from Docker Hub
The username password and email are the credentials form Docker Hub
Note that you need to subscribe the Db2 and DSM images in Docker Hub first
Configure the image pull secret$ kubectl create secret docker-registry dockerhub
--docker-username=ltyour dockerhub usernamegt--docker-password=ltyour dockerhub passwordgt--docker-email=ltyour dockerhub emailgt--namespace=ltyour namespacegt
secretdockerhub created
Verify the result$ kubectl get secretsNAME TYPE DATA AGEdefault-token-mwvpl kubernetesioservice-account-token 3 17ddockerhub kubernetesiodockerconfigjson 1 13m
IBM Cloud41
Configuring Service Account for Db2$ more pre04yaml---kind ClusterRoleapiVersion rbacauthorizationk8siov1metadataname db2-privileges-cluster-role
rules- apiGroups [extensions]resources [podsecuritypolicies]verbs [use]resourceNames- db2-privileges
---kind ClusterRoleBindingapiVersion rbacauthorizationk8siov1metadataname db2-privileges-cluster-role-binding
roleRefkind ClusterRolename db2-privileges-cluster-roleapiGroup rbacauthorizationk8sio
subjects- kind ServiceAccountname defaultnamespace stock-trader-data
The YAML specification file that defines the cluster role and the cluster role binding for the service account
Configure the service account$ kubectl apply -f pre04yamlclusterrolerbacauthorizationk8siodb2-privileges-cluster-role createdclusterrolebindingrbacauthorizationk8siodb2-privileges-cluster-role-binding created
Verify the results$ kubectl get psp
db2-privileges false SETPCAPMKNODAUDIT_WRITECHOWNNET_RAWDAC_OVERRIDEFOWNERFSETIDKILLSETGIDSETUIDNET_BIND_SERVICESYS_CHROOTSETFCAPSYS_RESOURCEIPC_OWNERSYS_NICE RunAsAny RunAsAny RunAsAnyRunAsAny false
IBM Cloud42
Helm Charts for Db2 and DSM
IBM Cloud43
Helm install command to deploy Db2 OLTP on Kubernetes
Installing Db2 OLTP server with one database in 2 minutes
$ helm install --name db2-01 ibm-chartsibm-db2oltp-dev
--tls
--set db2instinstname=db2inst1
--set db2instpassword=passw0rd
--set optionsdatabaseName=MYDB
--set dataVolumesize=20Gi
Size of the
Db2 data
volume
Name of database that
will be created
If not specified no
database will be
created
Instance
owner name
Instance owner
password
Db2 OLTP
Helm chart
name
Helm release
name
different for each
deployment
Additional parameters available for example to enable Oracle compatibilitySee httpsgithubcomIBMchartstreemasterstableibm-db2oltp-dev
IBM Cloud44
Letrsquos verify if we can connect to the MYDB database (1)
Get list of running pods and verify that Db2 OLTP pod is running
$ kubectl get podsNAME READY STATUS RESTARTS AGEdb2-01-ibm-db2oltp-dev-0 11 Running 1 7h57m
Review the logs of the Db2 OLTP container
$ kubectl logs -f db2-01-ibm-db2oltp-dev-009152019 160430 0 0 SQL1063N DB2START processing was successfulSQL1063N DB2START processing was successful() Starting TEXT SEARCH service CIE00001 Operation completed successfullyssh-keygen generating new host keys RSA1 RSA DSA ECDSA ED25519() All databases are now active() Setup has completed
IBM Cloud45
Letrsquos verify if we can connect to the MYDB database (2)
Login to the Db2 OLTP container and connect to MYDB Db2 database
$ kubectl exec -it db2-01-ibm-db2oltp-dev-0 --binbash su - db2inst1Last login Sun Sep 15 161711 UTC 2019$ db2 connect to MYDB
Database Connection Information
Database server = DB2LINUXX8664 11144SQL authorization ID = DB2INST1Local database alias = MYDB
IBM Cloud46
Cataloging the MYDB database
We need to catalog the MYDB database to access from Db2 client
binbash
NODE_PORT=$(kubectl get --namespace stock-trader-data
-o jsonpath=specports[0]nodePort services db2-01-ibm-db2oltp-dev-db2)
echo Cataloging node db2tcp1
db2 -v uncatalog node DB2TCP1
db2 -v catalog tcpip node DB2TCP1 remote 19216827100 server $NODE_PORT
echo Cataloging database MYDB at node db2tcp1
db2 -v uncatalog database MYDB
db2 -v catalog database MYDB at node DB2TCP1
db2 terminate
We get the Db2 port
from the Db2 OLTP
helm release service
definition
IBM Cloud47
Kubernetes resources for Db2 OLTP$ helm status db2-01 --tlsNAME db2-01LAST DEPLOYED Sun Sep 15 081114 2019NAMESPACE stock-trader-dataSTATUS DEPLOYEDRESOURCES==gt v1SecretNAME TYPE DATA AGEdb2-01-ibm-db2oltp-dev Opaque 1 1s==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
db2-01-data-stor Bound vol12 20Gi RWO 1s
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
db2-01-ibm-db2oltp-dev-db2 NodePort 100050 ltnonegt 5000030463TCP5500032236TCP 1sdb2-01-ibm-db2oltp-dev ClusterIP None ltnonegt 50000TCP55000TCP60006TCP60007TCP 1s==gt v1StatefulSetNAME DESIRED CURRENT AGE
db2-01-ibm-db2oltp-dev 1 1 1s
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdb2-01-ibm-db2oltp-dev-0 01 Init01 0 1s 1 Pod runs
the Db2
container
2 Services for
Db2 1x external
1x internal
1 StatefulSet
DESIRED = 1
1 PVC (RWO) for db
files logs amp config
1 Secret
Db2 instance
owner password
IBM Cloud48
Helm install command for deploying Db2 OLTP HADR
Setting up a Db2 OLTP v111 HADR cluster pair in 5 minutes with 1 command
helm install --name db2-02 ibm-chartsibm-db2oltp-dev
--tls
--set db2instinstname=db2inst1
--set db2instpassword=passw0rd
--set optionsdatabaseName=HADB
--set dataVolumesize=20Gi--set hadrenabled=true
Additional parameter
hadrenabled set to true to
indicate that we want a
HADR setup
IBM Cloud49
Verify that Db2 HADR is working
IBM Cloud50
Kubernetes resources for Db2 OTLP HADRNAME db2-02LAST DEPLOYED Tue Sep 17 082433 2019NAMESPACE stock-trader-dataSTATUS DEPLOYEDRESOURCES==gt v1SecretNAME TYPE DATA AGEdb2-02-ibm-db2oltp-dev Opaque 1 1s==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
db2-02-hadr-stor Bound vol09 20Gi RWX 1s
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
db2-02-ibm-db2oltp-dev-db2 NodePort 100061 ltnonegt 5000032422TCP5500032181TCP 1sdb2-02-ibm-db2oltp-dev ClusterIP None ltnonegt 50000TCP55000TCP60006TCP60007TCP 1sdb2-02-ibm-db2oltp-dev-etcd ClusterIP None ltnonegt 2380TCP2379TCP 1s==gt v1StatefulSetNAME DESIRED CURRENT AGE
db2-02-ibm-db2oltp-dev 2 2 1s
==gt v1beta2StatefulSet
db2-02-ibm-db2oltp-dev-etcd 3 0 1s
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdb2-02-ibm-db2oltp-dev-0 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-1 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-etcd-0 01 ContainerCreating 0 1sdb2-02-ibm-db2oltp-dev-etcd-1 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-etcd-2 01 Pending 0 1s
5 Pods
2x Db2 3x etcd
3 Services
2x Db2 1x etcd
2 StatefulSets
Db2 DESIRED=2
etcd DESIRED=3
1 PVC (RWX)
for HADR setup (1)
1 Secret
Db2 instance
owner password
(1) 5 addntl PVCs are being created
implicitly for 2x Db2 and 3x etcd
IBM Cloud51
Kubernetes Job to deploy SQL $ cat single04yamlapiVersion batchv1kind Jobmetadata
name db2-01-create-database-schemaspec
templatespec
containers- name db2-01-create-database-schema
image storeibmcorpdb2_developer_c11144-x86_64command [ binsh-cscriptsdb2-setupsh ]volumeMounts- name db2-createschema
mountPath scriptssecurityContext
capabilitiesadd [SYS_RESOURCE IPC_OWNER SYS_NICE]
env- name LICENSE
value accept- name DB2INSTANCE
value db2inst1- name DB2INST1_PASSWORD
valueFromsecretKeyRef
name db2-01-ibm-db2oltp-devkey password
- name DB2_SERVICE_NAMEvalue db2-01-ibm-db2oltp-dev
- name DBNAMEvalue mydb
restartPolicy Nevervolumes- name db2-createschema
configMapname db2-createschemadefaultMode 0744
backoffLimit 1---apiVersion v1data
db2-setupsh |binshexport SETUPDIR=vardb2_setupsource $SETUPDIRincludedb2_constantssource $SETUPDIRincludedb2_common_functionsif getent passwd $DB2INSTANCE gt devnull 2gtamp1 then
echo () Previous setup has not been detected Creating create_users
fiif create_instance then
exit 1fistart_db2cp scriptsdb2-createschemash databasedb2-createschemashchmod +x databasedb2-createschemashsu - $DB2INSTANCE -c databasedb2-createschemash
$DB2_SERVICE_NAME $DB2INSTANCEldquo$DB2INST1_PASSWORD $DBNAME
IBM Cloud52
Kubernetes Job to deploy SQL (contrsquod)db2-createschemash |
binshDB2_SERVICE_NAME=$1DB2INSTANCE=$2DB2INST1_PASSWORD=$3DBNAME=$4echo Configure schema for database $DBNAME on host $DB2_SERVICE_NAMEdb2 catalog tcpip node DB2NODE remote $DB2_SERVICE_NAME server 50000db2 catalog db $DBNAME as $DBNAME at node DB2NODEdb2 terminatedb2 activate database $DBNAME user $DB2INSTANCE using $DB2INST1_PASSWORDdb2 connect to $DBNAME user $DB2INSTANCE using $DB2INST1_PASSWORDsleep 2db2 -tvmf scriptsps-bp-tbspsqlsleep 10db2 -tvmf scriptsps-tablessqlecho Database $DBNAME has been configured
ps-bp-tbspsql |CREATE BUFFERPOOL BP32K PAGESIZE 32KCREATE TABLESPACE TS32 PAGESIZE 32K BUFFERPOOL BP32K
ps-tablessql |CREATE TABLE PS_TABLE(PS_TABLE_ID INTEGER NOT NULL GENERATED ALWAYS AS IDENTITY (START WITH 100000 INCREMENT BY 5) [hellip] IN TS32INSERT INTO PS_TABLE (SSNFIRST_NAMELAST_NAMEJOB_CODEDEPTSALARYDOB) WITH TEMP1 [hellip] CREATE TABLE PS_HISTORY ( FIRSTNAME VARCHAR(20) NOT NULL LASTNAME VARCHAR(20) NOT NULL JOBCODE CHAR(4) NOT NULL ) IN TS32 GRANT ALL ON ps_table TO PUBLICGRANT ALL ON ps_history TO PUBLIC
kind ConfigMapmetadata
name db2-createschema
IBM Cloud53
Deploying the Job to run the SQL
We deploy the Kubernetes job that runs the SQL on the MYDB database
$ kubectl apply ndashf single04yaml
jobbatchdb2-01-create-database-schema created
configmapdb2-createschema configured
We verify that the job has been created
$ kubectl get jobs
NAME COMPLETIONS DURATION AGE
db2-01-create-database-schema 01 0s 0s
Eventually the job completes
$ kubectl get jobs
NAME COMPLETIONS DURATION AGE
db2-01-create-database-schema 11 109s 45m
IBM Cloud54
Verifying the logs from the Job that runs the SQL on MYDBWe run a script to retrieve the logs form the job
binbash
kubectl config set-context $(kubectl config current-context) --namespace=stock-trader-data
pod=$(kubectl get pods --selector=job-name=db2-01-create-database-schema --output=jsonpath=items[]metadataname)
kubectl logs -f $pod
Output
[hellip]
DB20000I The SQL command completed successfully
GRANT ALL ON ps_table TO PUBLIC
DB20000I The SQL command completed successfully
GRANT ALL ON ps_history TO PUBLIC
DB20000I The SQL command completed successfully
Database mydb has been configured
IBM Cloud55
Deploying Data Server Manager (DSM) with the GUI
IBM Cloud56
Deploying Data Server Manager (DSM) with the GUI (2)
IBM Cloud57
Getting the URL of Data Server Manager
We need to query Kubernetes for the URL of the DSM GUI
binbash
export NODE_PORT=$(kubectl get --namespace stock-trader-data -o jsonpath=spec
ports[1]nodePort services dsm-01-ibm-dsm-dev)
export NODE_IP=$(kubectl get nodes --namespace stock-trader-data -o jsonpath=
items[0]statusaddresses[0]address)
echo https$NODE_IP$NODE_PORT
=gt https1921682710030462 (can be different on your system)
IBM Cloud58
Accessing Data Server Manager
IBM Cloud59
Data Server Manager HomepageAll Db2 OLTP instances running in the
same namespace as DSM will be auto-
discovered and monitored by DSM
IBM Cloud60
DSM Kubernetes resources (12)$ helm status dsm-01 --tlsLAST DEPLOYED Mon Sep 16 120102 2019NAMESPACE stock-trader-dataSTATUS DEPLOYED
RESOURCES==gt v1RoleBindingNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGEdsm-01-repository NodePort 1000233 ltnonegt 5000032695TCP5500032203TCP 8mdsm-01-ibm-dsm-dev NodePort 100085 ltnonegt 1108032444TCP1108130462TCP 8m
==gt v1beta1DeploymentNAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGEdsm-01-repository 1 1 1 1 8mdsm-01-ibm-dsm-dev 1 1 1 1 8m
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdsm-01-repository-76f87d47d4-dlqh4 11 Running 0 8mdsm-01-ibm-dsm-dev-b976d89bd-dflqn 22 Running 0 8m
2 RoleBindings
2 Services
1x Db2 (repodb)
1x DSM
2 Deployments
2 Pods
1 Db2 1 DSM
IBM Cloud61
DSM Kubernetes resources (22)
[hellip]==gt v1SecretNAME TYPE DATA AGEdsm-01-repository-db2-passwd Opaque 1 8mdsm-01-ibm-dsm-dev-dsm-passwd Opaque 1 8m
==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGEdsm-01-repository-data-stor Bound vol14 20Gi RWO 8mdsm-01-ibm-dsm-dev-datavolume Bound vol12 20Gi RWO 8m
==gt v1ServiceAccountNAME SECRETS AGEdsm-repodb-dsm-01-repository 1 8mdsm-dsm-01-ibm-dsm-dev 1 8m
==gt v1RoleNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
2 Secrets 1 DSM
asmin 1 Db2
instance owner
2 PVCs 1 DSM
Db2
3 Roles
IBM Cloud62
Additional Resources
IBM Cloud63
Additional Resources ndash Kubernetes Docker Helm
Kubernetes
minus httpskubernetesiodocstutorialskubernetes-basics
Kubernetes in the Enterprise eBook
minus ibmbizBdYA4i
Docker
minus httpsdocsdockercomget-started
Docker Hub
minus httpshubdockercom
Helm
minus httpshelmshdocs
IBM Cloud64
Additional Resources ndash IBM Cloud Private OpenShift
IBM Cloud Private Documentation
minus httpswwwibmcomsupportknowledgecenterenSSBS6K_320kc_welcome_containershtml
Deploy IBM Cloud Private Community Edition using Vagrant
minus httpsgithubcomIBMdeploy-ibm-cloud-privateblobmasterdocsdeploy-vagrantmd
Red Hat OpenShift Container Platform Documentation
minus httpsdocsopenshiftcomcontainer-platform41welcomeindexhtml
IBM Cloud65
Additional Resources ndash Db2 Db2Wh DSMDb2 Integration into IBM Cloud Private
minus httpsdeveloperibmcomrecipestutorialsdb2-integration-into-ibm-cloud-private
Db2 on IBM Cloud Private with Red Hat OpenShift
minus httpsdeveloperibmcomrecipestutorialsibm-db2-on-ibm-cloud-private-with-redhat-openshift
IBM Db2 Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-db2oltp-dev
IBM Data Server Manager Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-dsm-dev
Deploying Db2 Warehouse SMP using Kubernetes
minus httpswwwibmcomsupportknowledgecenterenSSCJDQcomibmswgimdashdbdocadmindeploy_kubernetes_smphtml
Deploying Db2 Warehouse SMP and MPP on IBM Cloud Pak for Data
minus httpswwwibmcomsupportknowledgecenterenSSQNUZ_210comibmicpdatadoczenadmindb-reqshtmldb-reqs__db2warehouse
IBM Cloud66
Presentation on Db2 and Docker from Db2 Aktuell 2018
IBM Cloud67
Summary
IBM Cloud68
Summary
Micro Services and Containers
Kubernetes Basics
Deploying Db2 on Kubernetes
minus Db2 OLTP Single Server
minus Db2 OLTP HADR
minus Data Server Manager (DSM)
Additional Resources
Summary
IBM Cloud69
Claus Huempel IBM Deutschland GmbH
Karl-Arnold-Platz 1a
Technical Sales Professional 40474 Duesseldorf
Hybrid Data Management Germany
Mobile +49-177-3627278
Email chuempeldeibmcom
Thank You
IBM Cloud70
IBM Cloud31
IBM Cloud Private catalog ndash What is a Helm Chart
Helm is the package manager in IBM Cloud Private
Tiller is the server that serves the Helm content
Helm charts help to define install and upgrade software in an automated fashion
Helm charts can be deployed using GUI or command line
Software packages are available from IBM Charts Repository
Available at httpsgithubcomIBMcharts
IBM Cloud Private catalog requires internet connectivity to show available charts
In an air-gap environment you can build your own Local Charts repository
IBM Cloud32
IBM Charts Repository httpsgithubcomIBMchartstreemasterstable
Db2 chart
DSM chart
IBM Cloud33
Helm command line ndash Helm and Tiller
Helm is the client and Tiller is the server ndash runs on master node
$ helm version
Client v272+icp
Error cannot connect to Tiller
Use of --tls is required to do Helm operations
$ helm version --tls
Client v272+icp
Server v272+icp
Helm and Tiller version must be same ndash do not download Helm from Internet
IBM Cloud34
Deploying Db2 on Kubernetes
IBM Cloud35
Db2-based Containers running on Kubernetes (Sep 2019)Product Version Worker
Nodes
Pods PVCs Comments
Db2 OLTP 11144 1 1 1
Db2 OLTP HADR 11144 3 5 6 1x Db2 primary 1x Db2 standby 3x etcd for cluster
manager addntl PVC for HADR setup
Data Server
Manager
215 1 2 2 1x DSM 1x Db2 repository database
Includes Db2 111 engine
Db2 Warehouse
SMP
3100 1 1 1 Includes Db2 111 engine
Db2 Warehouse
MPP
3100 3+ 3+ 1 Includes Db2 111 engine
Requires IBM Cloud Pak for Data
Coming soon
minus Red Hat OpenShift Kubernetes support
minus Db2 v115 engine
IBM Cloud36
IBM Cloud Private Kubernetes platform
IBM Cloud37
Before deploying Db2 OLTP to Kubernetes a couple of stepsneed to be performed
Creating a new namespace (optional)
Configuring a pod security policy
Configuring an image pull secret
Configuring the service account
IBM Cloud38
Creating the Namespace for the Db2 OLTP containers
We will create new namespace where all our Pods for Db2 OLTP Db2 OLTP HADR and Data Server Manager will run
Create the namespace for example stock-trader-data
$ kubectl create namespace stock-trader-data
namespacestock-trader-data created
Switch the context to the newly created namespace
$ kubectl config set-context $(kubectl config current-context)
--namespace=stock-trader-data
Context mycluster-context modified
Verify pods There should be no pods running as we just created the namespace$ kubectl get podsNo resources found
IBM Cloud39
Configuring Pod Security Policy for Db2$ cat pre01yamlapiVersion extensionsv1beta1kind PodSecurityPolicymetadata
name db2-privilegesspec
allowPrivilegeEscalation trueprivileged falseallowedCapabilities- SETPCAP- MKNOD- AUDIT_WRITE- CHOWN- NET_RAW- DAC_OVERRIDE- FOWNER- FSETID- KILL- SETGID- SETUID- NET_BIND_SERVICE- SYS_CHROOT- SETFCAP- SYS_RESOURCE- IPC_OWNER- SYS_NICEfsGroup
rule RunAsAnyhostIPC true
hostNetwork falsehostPID falsehostPorts- max 65535
min 1runAsUser
rule RunAsAnyseLinux
rule RunAsAnysupplementalGroups
rule RunAsAnyvolumes-
Configure the pod security policy$ kubectl apply -f pre01yamlpodsecuritypolicyextensionsdb2-privileges configured
Verify the results$ kubectl get psp
db2-privileges false SETPCAPMKNODAUDIT_WRITECHOWNNET_RAWDAC_OVERRIDEFOWNERFSETIDKILLSETGIDSETUIDNET_BIND_SERVICESYS_CHROOTSETFCAPSYS_RESOURCEIPC_OWNERSYS_NICE RunAsAny RunAsAny RunAsAny RunAsAnyfalse
IBM Cloud40
Configuring Image Pull Secret for Db2
We need to create a image pull secret to give Kubernetes the credentials to pull the Db2 Developer-C and DSM images from Docker Hub
The username password and email are the credentials form Docker Hub
Note that you need to subscribe the Db2 and DSM images in Docker Hub first
Configure the image pull secret$ kubectl create secret docker-registry dockerhub
--docker-username=ltyour dockerhub usernamegt--docker-password=ltyour dockerhub passwordgt--docker-email=ltyour dockerhub emailgt--namespace=ltyour namespacegt
secretdockerhub created
Verify the result$ kubectl get secretsNAME TYPE DATA AGEdefault-token-mwvpl kubernetesioservice-account-token 3 17ddockerhub kubernetesiodockerconfigjson 1 13m
IBM Cloud41
Configuring Service Account for Db2$ more pre04yaml---kind ClusterRoleapiVersion rbacauthorizationk8siov1metadataname db2-privileges-cluster-role
rules- apiGroups [extensions]resources [podsecuritypolicies]verbs [use]resourceNames- db2-privileges
---kind ClusterRoleBindingapiVersion rbacauthorizationk8siov1metadataname db2-privileges-cluster-role-binding
roleRefkind ClusterRolename db2-privileges-cluster-roleapiGroup rbacauthorizationk8sio
subjects- kind ServiceAccountname defaultnamespace stock-trader-data
The YAML specification file that defines the cluster role and the cluster role binding for the service account
Configure the service account$ kubectl apply -f pre04yamlclusterrolerbacauthorizationk8siodb2-privileges-cluster-role createdclusterrolebindingrbacauthorizationk8siodb2-privileges-cluster-role-binding created
Verify the results$ kubectl get psp
db2-privileges false SETPCAPMKNODAUDIT_WRITECHOWNNET_RAWDAC_OVERRIDEFOWNERFSETIDKILLSETGIDSETUIDNET_BIND_SERVICESYS_CHROOTSETFCAPSYS_RESOURCEIPC_OWNERSYS_NICE RunAsAny RunAsAny RunAsAnyRunAsAny false
IBM Cloud42
Helm Charts for Db2 and DSM
IBM Cloud43
Helm install command to deploy Db2 OLTP on Kubernetes
Installing Db2 OLTP server with one database in 2 minutes
$ helm install --name db2-01 ibm-chartsibm-db2oltp-dev
--tls
--set db2instinstname=db2inst1
--set db2instpassword=passw0rd
--set optionsdatabaseName=MYDB
--set dataVolumesize=20Gi
Size of the
Db2 data
volume
Name of database that
will be created
If not specified no
database will be
created
Instance
owner name
Instance owner
password
Db2 OLTP
Helm chart
name
Helm release
name
different for each
deployment
Additional parameters available for example to enable Oracle compatibilitySee httpsgithubcomIBMchartstreemasterstableibm-db2oltp-dev
IBM Cloud44
Letrsquos verify if we can connect to the MYDB database (1)
Get list of running pods and verify that Db2 OLTP pod is running
$ kubectl get podsNAME READY STATUS RESTARTS AGEdb2-01-ibm-db2oltp-dev-0 11 Running 1 7h57m
Review the logs of the Db2 OLTP container
$ kubectl logs -f db2-01-ibm-db2oltp-dev-009152019 160430 0 0 SQL1063N DB2START processing was successfulSQL1063N DB2START processing was successful() Starting TEXT SEARCH service CIE00001 Operation completed successfullyssh-keygen generating new host keys RSA1 RSA DSA ECDSA ED25519() All databases are now active() Setup has completed
IBM Cloud45
Letrsquos verify if we can connect to the MYDB database (2)
Login to the Db2 OLTP container and connect to MYDB Db2 database
$ kubectl exec -it db2-01-ibm-db2oltp-dev-0 --binbash su - db2inst1Last login Sun Sep 15 161711 UTC 2019$ db2 connect to MYDB
Database Connection Information
Database server = DB2LINUXX8664 11144SQL authorization ID = DB2INST1Local database alias = MYDB
IBM Cloud46
Cataloging the MYDB database
We need to catalog the MYDB database to access from Db2 client
binbash
NODE_PORT=$(kubectl get --namespace stock-trader-data
-o jsonpath=specports[0]nodePort services db2-01-ibm-db2oltp-dev-db2)
echo Cataloging node db2tcp1
db2 -v uncatalog node DB2TCP1
db2 -v catalog tcpip node DB2TCP1 remote 19216827100 server $NODE_PORT
echo Cataloging database MYDB at node db2tcp1
db2 -v uncatalog database MYDB
db2 -v catalog database MYDB at node DB2TCP1
db2 terminate
We get the Db2 port
from the Db2 OLTP
helm release service
definition
IBM Cloud47
Kubernetes resources for Db2 OLTP$ helm status db2-01 --tlsNAME db2-01LAST DEPLOYED Sun Sep 15 081114 2019NAMESPACE stock-trader-dataSTATUS DEPLOYEDRESOURCES==gt v1SecretNAME TYPE DATA AGEdb2-01-ibm-db2oltp-dev Opaque 1 1s==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
db2-01-data-stor Bound vol12 20Gi RWO 1s
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
db2-01-ibm-db2oltp-dev-db2 NodePort 100050 ltnonegt 5000030463TCP5500032236TCP 1sdb2-01-ibm-db2oltp-dev ClusterIP None ltnonegt 50000TCP55000TCP60006TCP60007TCP 1s==gt v1StatefulSetNAME DESIRED CURRENT AGE
db2-01-ibm-db2oltp-dev 1 1 1s
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdb2-01-ibm-db2oltp-dev-0 01 Init01 0 1s 1 Pod runs
the Db2
container
2 Services for
Db2 1x external
1x internal
1 StatefulSet
DESIRED = 1
1 PVC (RWO) for db
files logs amp config
1 Secret
Db2 instance
owner password
IBM Cloud48
Helm install command for deploying Db2 OLTP HADR
Setting up a Db2 OLTP v111 HADR cluster pair in 5 minutes with 1 command
helm install --name db2-02 ibm-chartsibm-db2oltp-dev
--tls
--set db2instinstname=db2inst1
--set db2instpassword=passw0rd
--set optionsdatabaseName=HADB
--set dataVolumesize=20Gi--set hadrenabled=true
Additional parameter
hadrenabled set to true to
indicate that we want a
HADR setup
IBM Cloud49
Verify that Db2 HADR is working
IBM Cloud50
Kubernetes resources for Db2 OTLP HADRNAME db2-02LAST DEPLOYED Tue Sep 17 082433 2019NAMESPACE stock-trader-dataSTATUS DEPLOYEDRESOURCES==gt v1SecretNAME TYPE DATA AGEdb2-02-ibm-db2oltp-dev Opaque 1 1s==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
db2-02-hadr-stor Bound vol09 20Gi RWX 1s
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
db2-02-ibm-db2oltp-dev-db2 NodePort 100061 ltnonegt 5000032422TCP5500032181TCP 1sdb2-02-ibm-db2oltp-dev ClusterIP None ltnonegt 50000TCP55000TCP60006TCP60007TCP 1sdb2-02-ibm-db2oltp-dev-etcd ClusterIP None ltnonegt 2380TCP2379TCP 1s==gt v1StatefulSetNAME DESIRED CURRENT AGE
db2-02-ibm-db2oltp-dev 2 2 1s
==gt v1beta2StatefulSet
db2-02-ibm-db2oltp-dev-etcd 3 0 1s
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdb2-02-ibm-db2oltp-dev-0 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-1 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-etcd-0 01 ContainerCreating 0 1sdb2-02-ibm-db2oltp-dev-etcd-1 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-etcd-2 01 Pending 0 1s
5 Pods
2x Db2 3x etcd
3 Services
2x Db2 1x etcd
2 StatefulSets
Db2 DESIRED=2
etcd DESIRED=3
1 PVC (RWX)
for HADR setup (1)
1 Secret
Db2 instance
owner password
(1) 5 addntl PVCs are being created
implicitly for 2x Db2 and 3x etcd
IBM Cloud51
Kubernetes Job to deploy SQL $ cat single04yamlapiVersion batchv1kind Jobmetadata
name db2-01-create-database-schemaspec
templatespec
containers- name db2-01-create-database-schema
image storeibmcorpdb2_developer_c11144-x86_64command [ binsh-cscriptsdb2-setupsh ]volumeMounts- name db2-createschema
mountPath scriptssecurityContext
capabilitiesadd [SYS_RESOURCE IPC_OWNER SYS_NICE]
env- name LICENSE
value accept- name DB2INSTANCE
value db2inst1- name DB2INST1_PASSWORD
valueFromsecretKeyRef
name db2-01-ibm-db2oltp-devkey password
- name DB2_SERVICE_NAMEvalue db2-01-ibm-db2oltp-dev
- name DBNAMEvalue mydb
restartPolicy Nevervolumes- name db2-createschema
configMapname db2-createschemadefaultMode 0744
backoffLimit 1---apiVersion v1data
db2-setupsh |binshexport SETUPDIR=vardb2_setupsource $SETUPDIRincludedb2_constantssource $SETUPDIRincludedb2_common_functionsif getent passwd $DB2INSTANCE gt devnull 2gtamp1 then
echo () Previous setup has not been detected Creating create_users
fiif create_instance then
exit 1fistart_db2cp scriptsdb2-createschemash databasedb2-createschemashchmod +x databasedb2-createschemashsu - $DB2INSTANCE -c databasedb2-createschemash
$DB2_SERVICE_NAME $DB2INSTANCEldquo$DB2INST1_PASSWORD $DBNAME
IBM Cloud52
Kubernetes Job to deploy SQL (contrsquod)db2-createschemash |
binshDB2_SERVICE_NAME=$1DB2INSTANCE=$2DB2INST1_PASSWORD=$3DBNAME=$4echo Configure schema for database $DBNAME on host $DB2_SERVICE_NAMEdb2 catalog tcpip node DB2NODE remote $DB2_SERVICE_NAME server 50000db2 catalog db $DBNAME as $DBNAME at node DB2NODEdb2 terminatedb2 activate database $DBNAME user $DB2INSTANCE using $DB2INST1_PASSWORDdb2 connect to $DBNAME user $DB2INSTANCE using $DB2INST1_PASSWORDsleep 2db2 -tvmf scriptsps-bp-tbspsqlsleep 10db2 -tvmf scriptsps-tablessqlecho Database $DBNAME has been configured
ps-bp-tbspsql |CREATE BUFFERPOOL BP32K PAGESIZE 32KCREATE TABLESPACE TS32 PAGESIZE 32K BUFFERPOOL BP32K
ps-tablessql |CREATE TABLE PS_TABLE(PS_TABLE_ID INTEGER NOT NULL GENERATED ALWAYS AS IDENTITY (START WITH 100000 INCREMENT BY 5) [hellip] IN TS32INSERT INTO PS_TABLE (SSNFIRST_NAMELAST_NAMEJOB_CODEDEPTSALARYDOB) WITH TEMP1 [hellip] CREATE TABLE PS_HISTORY ( FIRSTNAME VARCHAR(20) NOT NULL LASTNAME VARCHAR(20) NOT NULL JOBCODE CHAR(4) NOT NULL ) IN TS32 GRANT ALL ON ps_table TO PUBLICGRANT ALL ON ps_history TO PUBLIC
kind ConfigMapmetadata
name db2-createschema
IBM Cloud53
Deploying the Job to run the SQL
We deploy the Kubernetes job that runs the SQL on the MYDB database
$ kubectl apply ndashf single04yaml
jobbatchdb2-01-create-database-schema created
configmapdb2-createschema configured
We verify that the job has been created
$ kubectl get jobs
NAME COMPLETIONS DURATION AGE
db2-01-create-database-schema 01 0s 0s
Eventually the job completes
$ kubectl get jobs
NAME COMPLETIONS DURATION AGE
db2-01-create-database-schema 11 109s 45m
IBM Cloud54
Verifying the logs from the Job that runs the SQL on MYDBWe run a script to retrieve the logs form the job
binbash
kubectl config set-context $(kubectl config current-context) --namespace=stock-trader-data
pod=$(kubectl get pods --selector=job-name=db2-01-create-database-schema --output=jsonpath=items[]metadataname)
kubectl logs -f $pod
Output
[hellip]
DB20000I The SQL command completed successfully
GRANT ALL ON ps_table TO PUBLIC
DB20000I The SQL command completed successfully
GRANT ALL ON ps_history TO PUBLIC
DB20000I The SQL command completed successfully
Database mydb has been configured
IBM Cloud55
Deploying Data Server Manager (DSM) with the GUI
IBM Cloud56
Deploying Data Server Manager (DSM) with the GUI (2)
IBM Cloud57
Getting the URL of Data Server Manager
We need to query Kubernetes for the URL of the DSM GUI
binbash
export NODE_PORT=$(kubectl get --namespace stock-trader-data -o jsonpath=spec
ports[1]nodePort services dsm-01-ibm-dsm-dev)
export NODE_IP=$(kubectl get nodes --namespace stock-trader-data -o jsonpath=
items[0]statusaddresses[0]address)
echo https$NODE_IP$NODE_PORT
=gt https1921682710030462 (can be different on your system)
IBM Cloud58
Accessing Data Server Manager
IBM Cloud59
Data Server Manager HomepageAll Db2 OLTP instances running in the
same namespace as DSM will be auto-
discovered and monitored by DSM
IBM Cloud60
DSM Kubernetes resources (12)$ helm status dsm-01 --tlsLAST DEPLOYED Mon Sep 16 120102 2019NAMESPACE stock-trader-dataSTATUS DEPLOYED
RESOURCES==gt v1RoleBindingNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGEdsm-01-repository NodePort 1000233 ltnonegt 5000032695TCP5500032203TCP 8mdsm-01-ibm-dsm-dev NodePort 100085 ltnonegt 1108032444TCP1108130462TCP 8m
==gt v1beta1DeploymentNAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGEdsm-01-repository 1 1 1 1 8mdsm-01-ibm-dsm-dev 1 1 1 1 8m
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdsm-01-repository-76f87d47d4-dlqh4 11 Running 0 8mdsm-01-ibm-dsm-dev-b976d89bd-dflqn 22 Running 0 8m
2 RoleBindings
2 Services
1x Db2 (repodb)
1x DSM
2 Deployments
2 Pods
1 Db2 1 DSM
IBM Cloud61
DSM Kubernetes resources (22)
[hellip]==gt v1SecretNAME TYPE DATA AGEdsm-01-repository-db2-passwd Opaque 1 8mdsm-01-ibm-dsm-dev-dsm-passwd Opaque 1 8m
==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGEdsm-01-repository-data-stor Bound vol14 20Gi RWO 8mdsm-01-ibm-dsm-dev-datavolume Bound vol12 20Gi RWO 8m
==gt v1ServiceAccountNAME SECRETS AGEdsm-repodb-dsm-01-repository 1 8mdsm-dsm-01-ibm-dsm-dev 1 8m
==gt v1RoleNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
2 Secrets 1 DSM
asmin 1 Db2
instance owner
2 PVCs 1 DSM
Db2
3 Roles
IBM Cloud62
Additional Resources
IBM Cloud63
Additional Resources ndash Kubernetes Docker Helm
Kubernetes
minus httpskubernetesiodocstutorialskubernetes-basics
Kubernetes in the Enterprise eBook
minus ibmbizBdYA4i
Docker
minus httpsdocsdockercomget-started
Docker Hub
minus httpshubdockercom
Helm
minus httpshelmshdocs
IBM Cloud64
Additional Resources ndash IBM Cloud Private OpenShift
IBM Cloud Private Documentation
minus httpswwwibmcomsupportknowledgecenterenSSBS6K_320kc_welcome_containershtml
Deploy IBM Cloud Private Community Edition using Vagrant
minus httpsgithubcomIBMdeploy-ibm-cloud-privateblobmasterdocsdeploy-vagrantmd
Red Hat OpenShift Container Platform Documentation
minus httpsdocsopenshiftcomcontainer-platform41welcomeindexhtml
IBM Cloud65
Additional Resources ndash Db2 Db2Wh DSMDb2 Integration into IBM Cloud Private
minus httpsdeveloperibmcomrecipestutorialsdb2-integration-into-ibm-cloud-private
Db2 on IBM Cloud Private with Red Hat OpenShift
minus httpsdeveloperibmcomrecipestutorialsibm-db2-on-ibm-cloud-private-with-redhat-openshift
IBM Db2 Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-db2oltp-dev
IBM Data Server Manager Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-dsm-dev
Deploying Db2 Warehouse SMP using Kubernetes
minus httpswwwibmcomsupportknowledgecenterenSSCJDQcomibmswgimdashdbdocadmindeploy_kubernetes_smphtml
Deploying Db2 Warehouse SMP and MPP on IBM Cloud Pak for Data
minus httpswwwibmcomsupportknowledgecenterenSSQNUZ_210comibmicpdatadoczenadmindb-reqshtmldb-reqs__db2warehouse
IBM Cloud66
Presentation on Db2 and Docker from Db2 Aktuell 2018
IBM Cloud67
Summary
IBM Cloud68
Summary
Micro Services and Containers
Kubernetes Basics
Deploying Db2 on Kubernetes
minus Db2 OLTP Single Server
minus Db2 OLTP HADR
minus Data Server Manager (DSM)
Additional Resources
Summary
IBM Cloud69
Claus Huempel IBM Deutschland GmbH
Karl-Arnold-Platz 1a
Technical Sales Professional 40474 Duesseldorf
Hybrid Data Management Germany
Mobile +49-177-3627278
Email chuempeldeibmcom
Thank You
IBM Cloud70
IBM Cloud32
IBM Charts Repository httpsgithubcomIBMchartstreemasterstable
Db2 chart
DSM chart
IBM Cloud33
Helm command line ndash Helm and Tiller
Helm is the client and Tiller is the server ndash runs on master node
$ helm version
Client v272+icp
Error cannot connect to Tiller
Use of --tls is required to do Helm operations
$ helm version --tls
Client v272+icp
Server v272+icp
Helm and Tiller version must be same ndash do not download Helm from Internet
IBM Cloud34
Deploying Db2 on Kubernetes
IBM Cloud35
Db2-based Containers running on Kubernetes (Sep 2019)Product Version Worker
Nodes
Pods PVCs Comments
Db2 OLTP 11144 1 1 1
Db2 OLTP HADR 11144 3 5 6 1x Db2 primary 1x Db2 standby 3x etcd for cluster
manager addntl PVC for HADR setup
Data Server
Manager
215 1 2 2 1x DSM 1x Db2 repository database
Includes Db2 111 engine
Db2 Warehouse
SMP
3100 1 1 1 Includes Db2 111 engine
Db2 Warehouse
MPP
3100 3+ 3+ 1 Includes Db2 111 engine
Requires IBM Cloud Pak for Data
Coming soon
minus Red Hat OpenShift Kubernetes support
minus Db2 v115 engine
IBM Cloud36
IBM Cloud Private Kubernetes platform
IBM Cloud37
Before deploying Db2 OLTP to Kubernetes a couple of stepsneed to be performed
Creating a new namespace (optional)
Configuring a pod security policy
Configuring an image pull secret
Configuring the service account
IBM Cloud38
Creating the Namespace for the Db2 OLTP containers
We will create new namespace where all our Pods for Db2 OLTP Db2 OLTP HADR and Data Server Manager will run
Create the namespace for example stock-trader-data
$ kubectl create namespace stock-trader-data
namespacestock-trader-data created
Switch the context to the newly created namespace
$ kubectl config set-context $(kubectl config current-context)
--namespace=stock-trader-data
Context mycluster-context modified
Verify pods There should be no pods running as we just created the namespace$ kubectl get podsNo resources found
IBM Cloud39
Configuring Pod Security Policy for Db2$ cat pre01yamlapiVersion extensionsv1beta1kind PodSecurityPolicymetadata
name db2-privilegesspec
allowPrivilegeEscalation trueprivileged falseallowedCapabilities- SETPCAP- MKNOD- AUDIT_WRITE- CHOWN- NET_RAW- DAC_OVERRIDE- FOWNER- FSETID- KILL- SETGID- SETUID- NET_BIND_SERVICE- SYS_CHROOT- SETFCAP- SYS_RESOURCE- IPC_OWNER- SYS_NICEfsGroup
rule RunAsAnyhostIPC true
hostNetwork falsehostPID falsehostPorts- max 65535
min 1runAsUser
rule RunAsAnyseLinux
rule RunAsAnysupplementalGroups
rule RunAsAnyvolumes-
Configure the pod security policy$ kubectl apply -f pre01yamlpodsecuritypolicyextensionsdb2-privileges configured
Verify the results$ kubectl get psp
db2-privileges false SETPCAPMKNODAUDIT_WRITECHOWNNET_RAWDAC_OVERRIDEFOWNERFSETIDKILLSETGIDSETUIDNET_BIND_SERVICESYS_CHROOTSETFCAPSYS_RESOURCEIPC_OWNERSYS_NICE RunAsAny RunAsAny RunAsAny RunAsAnyfalse
IBM Cloud40
Configuring Image Pull Secret for Db2
We need to create a image pull secret to give Kubernetes the credentials to pull the Db2 Developer-C and DSM images from Docker Hub
The username password and email are the credentials form Docker Hub
Note that you need to subscribe the Db2 and DSM images in Docker Hub first
Configure the image pull secret$ kubectl create secret docker-registry dockerhub
--docker-username=ltyour dockerhub usernamegt--docker-password=ltyour dockerhub passwordgt--docker-email=ltyour dockerhub emailgt--namespace=ltyour namespacegt
secretdockerhub created
Verify the result$ kubectl get secretsNAME TYPE DATA AGEdefault-token-mwvpl kubernetesioservice-account-token 3 17ddockerhub kubernetesiodockerconfigjson 1 13m
IBM Cloud41
Configuring Service Account for Db2$ more pre04yaml---kind ClusterRoleapiVersion rbacauthorizationk8siov1metadataname db2-privileges-cluster-role
rules- apiGroups [extensions]resources [podsecuritypolicies]verbs [use]resourceNames- db2-privileges
---kind ClusterRoleBindingapiVersion rbacauthorizationk8siov1metadataname db2-privileges-cluster-role-binding
roleRefkind ClusterRolename db2-privileges-cluster-roleapiGroup rbacauthorizationk8sio
subjects- kind ServiceAccountname defaultnamespace stock-trader-data
The YAML specification file that defines the cluster role and the cluster role binding for the service account
Configure the service account$ kubectl apply -f pre04yamlclusterrolerbacauthorizationk8siodb2-privileges-cluster-role createdclusterrolebindingrbacauthorizationk8siodb2-privileges-cluster-role-binding created
Verify the results$ kubectl get psp
db2-privileges false SETPCAPMKNODAUDIT_WRITECHOWNNET_RAWDAC_OVERRIDEFOWNERFSETIDKILLSETGIDSETUIDNET_BIND_SERVICESYS_CHROOTSETFCAPSYS_RESOURCEIPC_OWNERSYS_NICE RunAsAny RunAsAny RunAsAnyRunAsAny false
IBM Cloud42
Helm Charts for Db2 and DSM
IBM Cloud43
Helm install command to deploy Db2 OLTP on Kubernetes
Installing Db2 OLTP server with one database in 2 minutes
$ helm install --name db2-01 ibm-chartsibm-db2oltp-dev
--tls
--set db2instinstname=db2inst1
--set db2instpassword=passw0rd
--set optionsdatabaseName=MYDB
--set dataVolumesize=20Gi
Size of the
Db2 data
volume
Name of database that
will be created
If not specified no
database will be
created
Instance
owner name
Instance owner
password
Db2 OLTP
Helm chart
name
Helm release
name
different for each
deployment
Additional parameters available for example to enable Oracle compatibilitySee httpsgithubcomIBMchartstreemasterstableibm-db2oltp-dev
IBM Cloud44
Letrsquos verify if we can connect to the MYDB database (1)
Get list of running pods and verify that Db2 OLTP pod is running
$ kubectl get podsNAME READY STATUS RESTARTS AGEdb2-01-ibm-db2oltp-dev-0 11 Running 1 7h57m
Review the logs of the Db2 OLTP container
$ kubectl logs -f db2-01-ibm-db2oltp-dev-009152019 160430 0 0 SQL1063N DB2START processing was successfulSQL1063N DB2START processing was successful() Starting TEXT SEARCH service CIE00001 Operation completed successfullyssh-keygen generating new host keys RSA1 RSA DSA ECDSA ED25519() All databases are now active() Setup has completed
IBM Cloud45
Letrsquos verify if we can connect to the MYDB database (2)
Login to the Db2 OLTP container and connect to MYDB Db2 database
$ kubectl exec -it db2-01-ibm-db2oltp-dev-0 --binbash su - db2inst1Last login Sun Sep 15 161711 UTC 2019$ db2 connect to MYDB
Database Connection Information
Database server = DB2LINUXX8664 11144SQL authorization ID = DB2INST1Local database alias = MYDB
IBM Cloud46
Cataloging the MYDB database
We need to catalog the MYDB database to access from Db2 client
binbash
NODE_PORT=$(kubectl get --namespace stock-trader-data
-o jsonpath=specports[0]nodePort services db2-01-ibm-db2oltp-dev-db2)
echo Cataloging node db2tcp1
db2 -v uncatalog node DB2TCP1
db2 -v catalog tcpip node DB2TCP1 remote 19216827100 server $NODE_PORT
echo Cataloging database MYDB at node db2tcp1
db2 -v uncatalog database MYDB
db2 -v catalog database MYDB at node DB2TCP1
db2 terminate
We get the Db2 port
from the Db2 OLTP
helm release service
definition
IBM Cloud47
Kubernetes resources for Db2 OLTP$ helm status db2-01 --tlsNAME db2-01LAST DEPLOYED Sun Sep 15 081114 2019NAMESPACE stock-trader-dataSTATUS DEPLOYEDRESOURCES==gt v1SecretNAME TYPE DATA AGEdb2-01-ibm-db2oltp-dev Opaque 1 1s==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
db2-01-data-stor Bound vol12 20Gi RWO 1s
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
db2-01-ibm-db2oltp-dev-db2 NodePort 100050 ltnonegt 5000030463TCP5500032236TCP 1sdb2-01-ibm-db2oltp-dev ClusterIP None ltnonegt 50000TCP55000TCP60006TCP60007TCP 1s==gt v1StatefulSetNAME DESIRED CURRENT AGE
db2-01-ibm-db2oltp-dev 1 1 1s
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdb2-01-ibm-db2oltp-dev-0 01 Init01 0 1s 1 Pod runs
the Db2
container
2 Services for
Db2 1x external
1x internal
1 StatefulSet
DESIRED = 1
1 PVC (RWO) for db
files logs amp config
1 Secret
Db2 instance
owner password
IBM Cloud48
Helm install command for deploying Db2 OLTP HADR
Setting up a Db2 OLTP v111 HADR cluster pair in 5 minutes with 1 command
helm install --name db2-02 ibm-chartsibm-db2oltp-dev
--tls
--set db2instinstname=db2inst1
--set db2instpassword=passw0rd
--set optionsdatabaseName=HADB
--set dataVolumesize=20Gi--set hadrenabled=true
Additional parameter
hadrenabled set to true to
indicate that we want a
HADR setup
IBM Cloud49
Verify that Db2 HADR is working
IBM Cloud50
Kubernetes resources for Db2 OTLP HADRNAME db2-02LAST DEPLOYED Tue Sep 17 082433 2019NAMESPACE stock-trader-dataSTATUS DEPLOYEDRESOURCES==gt v1SecretNAME TYPE DATA AGEdb2-02-ibm-db2oltp-dev Opaque 1 1s==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
db2-02-hadr-stor Bound vol09 20Gi RWX 1s
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
db2-02-ibm-db2oltp-dev-db2 NodePort 100061 ltnonegt 5000032422TCP5500032181TCP 1sdb2-02-ibm-db2oltp-dev ClusterIP None ltnonegt 50000TCP55000TCP60006TCP60007TCP 1sdb2-02-ibm-db2oltp-dev-etcd ClusterIP None ltnonegt 2380TCP2379TCP 1s==gt v1StatefulSetNAME DESIRED CURRENT AGE
db2-02-ibm-db2oltp-dev 2 2 1s
==gt v1beta2StatefulSet
db2-02-ibm-db2oltp-dev-etcd 3 0 1s
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdb2-02-ibm-db2oltp-dev-0 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-1 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-etcd-0 01 ContainerCreating 0 1sdb2-02-ibm-db2oltp-dev-etcd-1 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-etcd-2 01 Pending 0 1s
5 Pods
2x Db2 3x etcd
3 Services
2x Db2 1x etcd
2 StatefulSets
Db2 DESIRED=2
etcd DESIRED=3
1 PVC (RWX)
for HADR setup (1)
1 Secret
Db2 instance
owner password
(1) 5 addntl PVCs are being created
implicitly for 2x Db2 and 3x etcd
IBM Cloud51
Kubernetes Job to deploy SQL $ cat single04yamlapiVersion batchv1kind Jobmetadata
name db2-01-create-database-schemaspec
templatespec
containers- name db2-01-create-database-schema
image storeibmcorpdb2_developer_c11144-x86_64command [ binsh-cscriptsdb2-setupsh ]volumeMounts- name db2-createschema
mountPath scriptssecurityContext
capabilitiesadd [SYS_RESOURCE IPC_OWNER SYS_NICE]
env- name LICENSE
value accept- name DB2INSTANCE
value db2inst1- name DB2INST1_PASSWORD
valueFromsecretKeyRef
name db2-01-ibm-db2oltp-devkey password
- name DB2_SERVICE_NAMEvalue db2-01-ibm-db2oltp-dev
- name DBNAMEvalue mydb
restartPolicy Nevervolumes- name db2-createschema
configMapname db2-createschemadefaultMode 0744
backoffLimit 1---apiVersion v1data
db2-setupsh |binshexport SETUPDIR=vardb2_setupsource $SETUPDIRincludedb2_constantssource $SETUPDIRincludedb2_common_functionsif getent passwd $DB2INSTANCE gt devnull 2gtamp1 then
echo () Previous setup has not been detected Creating create_users
fiif create_instance then
exit 1fistart_db2cp scriptsdb2-createschemash databasedb2-createschemashchmod +x databasedb2-createschemashsu - $DB2INSTANCE -c databasedb2-createschemash
$DB2_SERVICE_NAME $DB2INSTANCEldquo$DB2INST1_PASSWORD $DBNAME
IBM Cloud52
Kubernetes Job to deploy SQL (contrsquod)db2-createschemash |
binshDB2_SERVICE_NAME=$1DB2INSTANCE=$2DB2INST1_PASSWORD=$3DBNAME=$4echo Configure schema for database $DBNAME on host $DB2_SERVICE_NAMEdb2 catalog tcpip node DB2NODE remote $DB2_SERVICE_NAME server 50000db2 catalog db $DBNAME as $DBNAME at node DB2NODEdb2 terminatedb2 activate database $DBNAME user $DB2INSTANCE using $DB2INST1_PASSWORDdb2 connect to $DBNAME user $DB2INSTANCE using $DB2INST1_PASSWORDsleep 2db2 -tvmf scriptsps-bp-tbspsqlsleep 10db2 -tvmf scriptsps-tablessqlecho Database $DBNAME has been configured
ps-bp-tbspsql |CREATE BUFFERPOOL BP32K PAGESIZE 32KCREATE TABLESPACE TS32 PAGESIZE 32K BUFFERPOOL BP32K
ps-tablessql |CREATE TABLE PS_TABLE(PS_TABLE_ID INTEGER NOT NULL GENERATED ALWAYS AS IDENTITY (START WITH 100000 INCREMENT BY 5) [hellip] IN TS32INSERT INTO PS_TABLE (SSNFIRST_NAMELAST_NAMEJOB_CODEDEPTSALARYDOB) WITH TEMP1 [hellip] CREATE TABLE PS_HISTORY ( FIRSTNAME VARCHAR(20) NOT NULL LASTNAME VARCHAR(20) NOT NULL JOBCODE CHAR(4) NOT NULL ) IN TS32 GRANT ALL ON ps_table TO PUBLICGRANT ALL ON ps_history TO PUBLIC
kind ConfigMapmetadata
name db2-createschema
IBM Cloud53
Deploying the Job to run the SQL
We deploy the Kubernetes job that runs the SQL on the MYDB database
$ kubectl apply ndashf single04yaml
jobbatchdb2-01-create-database-schema created
configmapdb2-createschema configured
We verify that the job has been created
$ kubectl get jobs
NAME COMPLETIONS DURATION AGE
db2-01-create-database-schema 01 0s 0s
Eventually the job completes
$ kubectl get jobs
NAME COMPLETIONS DURATION AGE
db2-01-create-database-schema 11 109s 45m
IBM Cloud54
Verifying the logs from the Job that runs the SQL on MYDBWe run a script to retrieve the logs form the job
binbash
kubectl config set-context $(kubectl config current-context) --namespace=stock-trader-data
pod=$(kubectl get pods --selector=job-name=db2-01-create-database-schema --output=jsonpath=items[]metadataname)
kubectl logs -f $pod
Output
[hellip]
DB20000I The SQL command completed successfully
GRANT ALL ON ps_table TO PUBLIC
DB20000I The SQL command completed successfully
GRANT ALL ON ps_history TO PUBLIC
DB20000I The SQL command completed successfully
Database mydb has been configured
IBM Cloud55
Deploying Data Server Manager (DSM) with the GUI
IBM Cloud56
Deploying Data Server Manager (DSM) with the GUI (2)
IBM Cloud57
Getting the URL of Data Server Manager
We need to query Kubernetes for the URL of the DSM GUI
binbash
export NODE_PORT=$(kubectl get --namespace stock-trader-data -o jsonpath=spec
ports[1]nodePort services dsm-01-ibm-dsm-dev)
export NODE_IP=$(kubectl get nodes --namespace stock-trader-data -o jsonpath=
items[0]statusaddresses[0]address)
echo https$NODE_IP$NODE_PORT
=gt https1921682710030462 (can be different on your system)
IBM Cloud58
Accessing Data Server Manager
IBM Cloud59
Data Server Manager HomepageAll Db2 OLTP instances running in the
same namespace as DSM will be auto-
discovered and monitored by DSM
IBM Cloud60
DSM Kubernetes resources (12)$ helm status dsm-01 --tlsLAST DEPLOYED Mon Sep 16 120102 2019NAMESPACE stock-trader-dataSTATUS DEPLOYED
RESOURCES==gt v1RoleBindingNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGEdsm-01-repository NodePort 1000233 ltnonegt 5000032695TCP5500032203TCP 8mdsm-01-ibm-dsm-dev NodePort 100085 ltnonegt 1108032444TCP1108130462TCP 8m
==gt v1beta1DeploymentNAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGEdsm-01-repository 1 1 1 1 8mdsm-01-ibm-dsm-dev 1 1 1 1 8m
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdsm-01-repository-76f87d47d4-dlqh4 11 Running 0 8mdsm-01-ibm-dsm-dev-b976d89bd-dflqn 22 Running 0 8m
2 RoleBindings
2 Services
1x Db2 (repodb)
1x DSM
2 Deployments
2 Pods
1 Db2 1 DSM
IBM Cloud61
DSM Kubernetes resources (22)
[hellip]==gt v1SecretNAME TYPE DATA AGEdsm-01-repository-db2-passwd Opaque 1 8mdsm-01-ibm-dsm-dev-dsm-passwd Opaque 1 8m
==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGEdsm-01-repository-data-stor Bound vol14 20Gi RWO 8mdsm-01-ibm-dsm-dev-datavolume Bound vol12 20Gi RWO 8m
==gt v1ServiceAccountNAME SECRETS AGEdsm-repodb-dsm-01-repository 1 8mdsm-dsm-01-ibm-dsm-dev 1 8m
==gt v1RoleNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
2 Secrets 1 DSM
asmin 1 Db2
instance owner
2 PVCs 1 DSM
Db2
3 Roles
IBM Cloud62
Additional Resources
IBM Cloud63
Additional Resources ndash Kubernetes Docker Helm
Kubernetes
minus httpskubernetesiodocstutorialskubernetes-basics
Kubernetes in the Enterprise eBook
minus ibmbizBdYA4i
Docker
minus httpsdocsdockercomget-started
Docker Hub
minus httpshubdockercom
Helm
minus httpshelmshdocs
IBM Cloud64
Additional Resources ndash IBM Cloud Private OpenShift
IBM Cloud Private Documentation
minus httpswwwibmcomsupportknowledgecenterenSSBS6K_320kc_welcome_containershtml
Deploy IBM Cloud Private Community Edition using Vagrant
minus httpsgithubcomIBMdeploy-ibm-cloud-privateblobmasterdocsdeploy-vagrantmd
Red Hat OpenShift Container Platform Documentation
minus httpsdocsopenshiftcomcontainer-platform41welcomeindexhtml
IBM Cloud65
Additional Resources ndash Db2 Db2Wh DSMDb2 Integration into IBM Cloud Private
minus httpsdeveloperibmcomrecipestutorialsdb2-integration-into-ibm-cloud-private
Db2 on IBM Cloud Private with Red Hat OpenShift
minus httpsdeveloperibmcomrecipestutorialsibm-db2-on-ibm-cloud-private-with-redhat-openshift
IBM Db2 Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-db2oltp-dev
IBM Data Server Manager Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-dsm-dev
Deploying Db2 Warehouse SMP using Kubernetes
minus httpswwwibmcomsupportknowledgecenterenSSCJDQcomibmswgimdashdbdocadmindeploy_kubernetes_smphtml
Deploying Db2 Warehouse SMP and MPP on IBM Cloud Pak for Data
minus httpswwwibmcomsupportknowledgecenterenSSQNUZ_210comibmicpdatadoczenadmindb-reqshtmldb-reqs__db2warehouse
IBM Cloud66
Presentation on Db2 and Docker from Db2 Aktuell 2018
IBM Cloud67
Summary
IBM Cloud68
Summary
Micro Services and Containers
Kubernetes Basics
Deploying Db2 on Kubernetes
minus Db2 OLTP Single Server
minus Db2 OLTP HADR
minus Data Server Manager (DSM)
Additional Resources
Summary
IBM Cloud69
Claus Huempel IBM Deutschland GmbH
Karl-Arnold-Platz 1a
Technical Sales Professional 40474 Duesseldorf
Hybrid Data Management Germany
Mobile +49-177-3627278
Email chuempeldeibmcom
Thank You
IBM Cloud70
IBM Cloud33
Helm command line ndash Helm and Tiller
Helm is the client and Tiller is the server ndash runs on master node
$ helm version
Client v272+icp
Error cannot connect to Tiller
Use of --tls is required to do Helm operations
$ helm version --tls
Client v272+icp
Server v272+icp
Helm and Tiller version must be same ndash do not download Helm from Internet
IBM Cloud34
Deploying Db2 on Kubernetes
IBM Cloud35
Db2-based Containers running on Kubernetes (Sep 2019)Product Version Worker
Nodes
Pods PVCs Comments
Db2 OLTP 11144 1 1 1
Db2 OLTP HADR 11144 3 5 6 1x Db2 primary 1x Db2 standby 3x etcd for cluster
manager addntl PVC for HADR setup
Data Server
Manager
215 1 2 2 1x DSM 1x Db2 repository database
Includes Db2 111 engine
Db2 Warehouse
SMP
3100 1 1 1 Includes Db2 111 engine
Db2 Warehouse
MPP
3100 3+ 3+ 1 Includes Db2 111 engine
Requires IBM Cloud Pak for Data
Coming soon
minus Red Hat OpenShift Kubernetes support
minus Db2 v115 engine
IBM Cloud36
IBM Cloud Private Kubernetes platform
IBM Cloud37
Before deploying Db2 OLTP to Kubernetes a couple of stepsneed to be performed
Creating a new namespace (optional)
Configuring a pod security policy
Configuring an image pull secret
Configuring the service account
IBM Cloud38
Creating the Namespace for the Db2 OLTP containers
We will create new namespace where all our Pods for Db2 OLTP Db2 OLTP HADR and Data Server Manager will run
Create the namespace for example stock-trader-data
$ kubectl create namespace stock-trader-data
namespacestock-trader-data created
Switch the context to the newly created namespace
$ kubectl config set-context $(kubectl config current-context)
--namespace=stock-trader-data
Context mycluster-context modified
Verify pods There should be no pods running as we just created the namespace$ kubectl get podsNo resources found
IBM Cloud39
Configuring Pod Security Policy for Db2$ cat pre01yamlapiVersion extensionsv1beta1kind PodSecurityPolicymetadata
name db2-privilegesspec
allowPrivilegeEscalation trueprivileged falseallowedCapabilities- SETPCAP- MKNOD- AUDIT_WRITE- CHOWN- NET_RAW- DAC_OVERRIDE- FOWNER- FSETID- KILL- SETGID- SETUID- NET_BIND_SERVICE- SYS_CHROOT- SETFCAP- SYS_RESOURCE- IPC_OWNER- SYS_NICEfsGroup
rule RunAsAnyhostIPC true
hostNetwork falsehostPID falsehostPorts- max 65535
min 1runAsUser
rule RunAsAnyseLinux
rule RunAsAnysupplementalGroups
rule RunAsAnyvolumes-
Configure the pod security policy$ kubectl apply -f pre01yamlpodsecuritypolicyextensionsdb2-privileges configured
Verify the results$ kubectl get psp
db2-privileges false SETPCAPMKNODAUDIT_WRITECHOWNNET_RAWDAC_OVERRIDEFOWNERFSETIDKILLSETGIDSETUIDNET_BIND_SERVICESYS_CHROOTSETFCAPSYS_RESOURCEIPC_OWNERSYS_NICE RunAsAny RunAsAny RunAsAny RunAsAnyfalse
IBM Cloud40
Configuring Image Pull Secret for Db2
We need to create a image pull secret to give Kubernetes the credentials to pull the Db2 Developer-C and DSM images from Docker Hub
The username password and email are the credentials form Docker Hub
Note that you need to subscribe the Db2 and DSM images in Docker Hub first
Configure the image pull secret$ kubectl create secret docker-registry dockerhub
--docker-username=ltyour dockerhub usernamegt--docker-password=ltyour dockerhub passwordgt--docker-email=ltyour dockerhub emailgt--namespace=ltyour namespacegt
secretdockerhub created
Verify the result$ kubectl get secretsNAME TYPE DATA AGEdefault-token-mwvpl kubernetesioservice-account-token 3 17ddockerhub kubernetesiodockerconfigjson 1 13m
IBM Cloud41
Configuring Service Account for Db2$ more pre04yaml---kind ClusterRoleapiVersion rbacauthorizationk8siov1metadataname db2-privileges-cluster-role
rules- apiGroups [extensions]resources [podsecuritypolicies]verbs [use]resourceNames- db2-privileges
---kind ClusterRoleBindingapiVersion rbacauthorizationk8siov1metadataname db2-privileges-cluster-role-binding
roleRefkind ClusterRolename db2-privileges-cluster-roleapiGroup rbacauthorizationk8sio
subjects- kind ServiceAccountname defaultnamespace stock-trader-data
The YAML specification file that defines the cluster role and the cluster role binding for the service account
Configure the service account$ kubectl apply -f pre04yamlclusterrolerbacauthorizationk8siodb2-privileges-cluster-role createdclusterrolebindingrbacauthorizationk8siodb2-privileges-cluster-role-binding created
Verify the results$ kubectl get psp
db2-privileges false SETPCAPMKNODAUDIT_WRITECHOWNNET_RAWDAC_OVERRIDEFOWNERFSETIDKILLSETGIDSETUIDNET_BIND_SERVICESYS_CHROOTSETFCAPSYS_RESOURCEIPC_OWNERSYS_NICE RunAsAny RunAsAny RunAsAnyRunAsAny false
IBM Cloud42
Helm Charts for Db2 and DSM
IBM Cloud43
Helm install command to deploy Db2 OLTP on Kubernetes
Installing Db2 OLTP server with one database in 2 minutes
$ helm install --name db2-01 ibm-chartsibm-db2oltp-dev
--tls
--set db2instinstname=db2inst1
--set db2instpassword=passw0rd
--set optionsdatabaseName=MYDB
--set dataVolumesize=20Gi
Size of the
Db2 data
volume
Name of database that
will be created
If not specified no
database will be
created
Instance
owner name
Instance owner
password
Db2 OLTP
Helm chart
name
Helm release
name
different for each
deployment
Additional parameters available for example to enable Oracle compatibilitySee httpsgithubcomIBMchartstreemasterstableibm-db2oltp-dev
IBM Cloud44
Letrsquos verify if we can connect to the MYDB database (1)
Get list of running pods and verify that Db2 OLTP pod is running
$ kubectl get podsNAME READY STATUS RESTARTS AGEdb2-01-ibm-db2oltp-dev-0 11 Running 1 7h57m
Review the logs of the Db2 OLTP container
$ kubectl logs -f db2-01-ibm-db2oltp-dev-009152019 160430 0 0 SQL1063N DB2START processing was successfulSQL1063N DB2START processing was successful() Starting TEXT SEARCH service CIE00001 Operation completed successfullyssh-keygen generating new host keys RSA1 RSA DSA ECDSA ED25519() All databases are now active() Setup has completed
IBM Cloud45
Letrsquos verify if we can connect to the MYDB database (2)
Login to the Db2 OLTP container and connect to MYDB Db2 database
$ kubectl exec -it db2-01-ibm-db2oltp-dev-0 --binbash su - db2inst1Last login Sun Sep 15 161711 UTC 2019$ db2 connect to MYDB
Database Connection Information
Database server = DB2LINUXX8664 11144SQL authorization ID = DB2INST1Local database alias = MYDB
IBM Cloud46
Cataloging the MYDB database
We need to catalog the MYDB database to access from Db2 client
binbash
NODE_PORT=$(kubectl get --namespace stock-trader-data
-o jsonpath=specports[0]nodePort services db2-01-ibm-db2oltp-dev-db2)
echo Cataloging node db2tcp1
db2 -v uncatalog node DB2TCP1
db2 -v catalog tcpip node DB2TCP1 remote 19216827100 server $NODE_PORT
echo Cataloging database MYDB at node db2tcp1
db2 -v uncatalog database MYDB
db2 -v catalog database MYDB at node DB2TCP1
db2 terminate
We get the Db2 port
from the Db2 OLTP
helm release service
definition
IBM Cloud47
Kubernetes resources for Db2 OLTP$ helm status db2-01 --tlsNAME db2-01LAST DEPLOYED Sun Sep 15 081114 2019NAMESPACE stock-trader-dataSTATUS DEPLOYEDRESOURCES==gt v1SecretNAME TYPE DATA AGEdb2-01-ibm-db2oltp-dev Opaque 1 1s==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
db2-01-data-stor Bound vol12 20Gi RWO 1s
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
db2-01-ibm-db2oltp-dev-db2 NodePort 100050 ltnonegt 5000030463TCP5500032236TCP 1sdb2-01-ibm-db2oltp-dev ClusterIP None ltnonegt 50000TCP55000TCP60006TCP60007TCP 1s==gt v1StatefulSetNAME DESIRED CURRENT AGE
db2-01-ibm-db2oltp-dev 1 1 1s
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdb2-01-ibm-db2oltp-dev-0 01 Init01 0 1s 1 Pod runs
the Db2
container
2 Services for
Db2 1x external
1x internal
1 StatefulSet
DESIRED = 1
1 PVC (RWO) for db
files logs amp config
1 Secret
Db2 instance
owner password
IBM Cloud48
Helm install command for deploying Db2 OLTP HADR
Setting up a Db2 OLTP v111 HADR cluster pair in 5 minutes with 1 command
helm install --name db2-02 ibm-chartsibm-db2oltp-dev
--tls
--set db2instinstname=db2inst1
--set db2instpassword=passw0rd
--set optionsdatabaseName=HADB
--set dataVolumesize=20Gi--set hadrenabled=true
Additional parameter
hadrenabled set to true to
indicate that we want a
HADR setup
IBM Cloud49
Verify that Db2 HADR is working
IBM Cloud50
Kubernetes resources for Db2 OTLP HADRNAME db2-02LAST DEPLOYED Tue Sep 17 082433 2019NAMESPACE stock-trader-dataSTATUS DEPLOYEDRESOURCES==gt v1SecretNAME TYPE DATA AGEdb2-02-ibm-db2oltp-dev Opaque 1 1s==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
db2-02-hadr-stor Bound vol09 20Gi RWX 1s
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
db2-02-ibm-db2oltp-dev-db2 NodePort 100061 ltnonegt 5000032422TCP5500032181TCP 1sdb2-02-ibm-db2oltp-dev ClusterIP None ltnonegt 50000TCP55000TCP60006TCP60007TCP 1sdb2-02-ibm-db2oltp-dev-etcd ClusterIP None ltnonegt 2380TCP2379TCP 1s==gt v1StatefulSetNAME DESIRED CURRENT AGE
db2-02-ibm-db2oltp-dev 2 2 1s
==gt v1beta2StatefulSet
db2-02-ibm-db2oltp-dev-etcd 3 0 1s
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdb2-02-ibm-db2oltp-dev-0 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-1 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-etcd-0 01 ContainerCreating 0 1sdb2-02-ibm-db2oltp-dev-etcd-1 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-etcd-2 01 Pending 0 1s
5 Pods
2x Db2 3x etcd
3 Services
2x Db2 1x etcd
2 StatefulSets
Db2 DESIRED=2
etcd DESIRED=3
1 PVC (RWX)
for HADR setup (1)
1 Secret
Db2 instance
owner password
(1) 5 addntl PVCs are being created
implicitly for 2x Db2 and 3x etcd
IBM Cloud51
Kubernetes Job to deploy SQL $ cat single04yamlapiVersion batchv1kind Jobmetadata
name db2-01-create-database-schemaspec
templatespec
containers- name db2-01-create-database-schema
image storeibmcorpdb2_developer_c11144-x86_64command [ binsh-cscriptsdb2-setupsh ]volumeMounts- name db2-createschema
mountPath scriptssecurityContext
capabilitiesadd [SYS_RESOURCE IPC_OWNER SYS_NICE]
env- name LICENSE
value accept- name DB2INSTANCE
value db2inst1- name DB2INST1_PASSWORD
valueFromsecretKeyRef
name db2-01-ibm-db2oltp-devkey password
- name DB2_SERVICE_NAMEvalue db2-01-ibm-db2oltp-dev
- name DBNAMEvalue mydb
restartPolicy Nevervolumes- name db2-createschema
configMapname db2-createschemadefaultMode 0744
backoffLimit 1---apiVersion v1data
db2-setupsh |binshexport SETUPDIR=vardb2_setupsource $SETUPDIRincludedb2_constantssource $SETUPDIRincludedb2_common_functionsif getent passwd $DB2INSTANCE gt devnull 2gtamp1 then
echo () Previous setup has not been detected Creating create_users
fiif create_instance then
exit 1fistart_db2cp scriptsdb2-createschemash databasedb2-createschemashchmod +x databasedb2-createschemashsu - $DB2INSTANCE -c databasedb2-createschemash
$DB2_SERVICE_NAME $DB2INSTANCEldquo$DB2INST1_PASSWORD $DBNAME
IBM Cloud52
Kubernetes Job to deploy SQL (contrsquod)db2-createschemash |
binshDB2_SERVICE_NAME=$1DB2INSTANCE=$2DB2INST1_PASSWORD=$3DBNAME=$4echo Configure schema for database $DBNAME on host $DB2_SERVICE_NAMEdb2 catalog tcpip node DB2NODE remote $DB2_SERVICE_NAME server 50000db2 catalog db $DBNAME as $DBNAME at node DB2NODEdb2 terminatedb2 activate database $DBNAME user $DB2INSTANCE using $DB2INST1_PASSWORDdb2 connect to $DBNAME user $DB2INSTANCE using $DB2INST1_PASSWORDsleep 2db2 -tvmf scriptsps-bp-tbspsqlsleep 10db2 -tvmf scriptsps-tablessqlecho Database $DBNAME has been configured
ps-bp-tbspsql |CREATE BUFFERPOOL BP32K PAGESIZE 32KCREATE TABLESPACE TS32 PAGESIZE 32K BUFFERPOOL BP32K
ps-tablessql |CREATE TABLE PS_TABLE(PS_TABLE_ID INTEGER NOT NULL GENERATED ALWAYS AS IDENTITY (START WITH 100000 INCREMENT BY 5) [hellip] IN TS32INSERT INTO PS_TABLE (SSNFIRST_NAMELAST_NAMEJOB_CODEDEPTSALARYDOB) WITH TEMP1 [hellip] CREATE TABLE PS_HISTORY ( FIRSTNAME VARCHAR(20) NOT NULL LASTNAME VARCHAR(20) NOT NULL JOBCODE CHAR(4) NOT NULL ) IN TS32 GRANT ALL ON ps_table TO PUBLICGRANT ALL ON ps_history TO PUBLIC
kind ConfigMapmetadata
name db2-createschema
IBM Cloud53
Deploying the Job to run the SQL
We deploy the Kubernetes job that runs the SQL on the MYDB database
$ kubectl apply ndashf single04yaml
jobbatchdb2-01-create-database-schema created
configmapdb2-createschema configured
We verify that the job has been created
$ kubectl get jobs
NAME COMPLETIONS DURATION AGE
db2-01-create-database-schema 01 0s 0s
Eventually the job completes
$ kubectl get jobs
NAME COMPLETIONS DURATION AGE
db2-01-create-database-schema 11 109s 45m
IBM Cloud54
Verifying the logs from the Job that runs the SQL on MYDBWe run a script to retrieve the logs form the job
binbash
kubectl config set-context $(kubectl config current-context) --namespace=stock-trader-data
pod=$(kubectl get pods --selector=job-name=db2-01-create-database-schema --output=jsonpath=items[]metadataname)
kubectl logs -f $pod
Output
[hellip]
DB20000I The SQL command completed successfully
GRANT ALL ON ps_table TO PUBLIC
DB20000I The SQL command completed successfully
GRANT ALL ON ps_history TO PUBLIC
DB20000I The SQL command completed successfully
Database mydb has been configured
IBM Cloud55
Deploying Data Server Manager (DSM) with the GUI
IBM Cloud56
Deploying Data Server Manager (DSM) with the GUI (2)
IBM Cloud57
Getting the URL of Data Server Manager
We need to query Kubernetes for the URL of the DSM GUI
binbash
export NODE_PORT=$(kubectl get --namespace stock-trader-data -o jsonpath=spec
ports[1]nodePort services dsm-01-ibm-dsm-dev)
export NODE_IP=$(kubectl get nodes --namespace stock-trader-data -o jsonpath=
items[0]statusaddresses[0]address)
echo https$NODE_IP$NODE_PORT
=gt https1921682710030462 (can be different on your system)
IBM Cloud58
Accessing Data Server Manager
IBM Cloud59
Data Server Manager HomepageAll Db2 OLTP instances running in the
same namespace as DSM will be auto-
discovered and monitored by DSM
IBM Cloud60
DSM Kubernetes resources (12)$ helm status dsm-01 --tlsLAST DEPLOYED Mon Sep 16 120102 2019NAMESPACE stock-trader-dataSTATUS DEPLOYED
RESOURCES==gt v1RoleBindingNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGEdsm-01-repository NodePort 1000233 ltnonegt 5000032695TCP5500032203TCP 8mdsm-01-ibm-dsm-dev NodePort 100085 ltnonegt 1108032444TCP1108130462TCP 8m
==gt v1beta1DeploymentNAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGEdsm-01-repository 1 1 1 1 8mdsm-01-ibm-dsm-dev 1 1 1 1 8m
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdsm-01-repository-76f87d47d4-dlqh4 11 Running 0 8mdsm-01-ibm-dsm-dev-b976d89bd-dflqn 22 Running 0 8m
2 RoleBindings
2 Services
1x Db2 (repodb)
1x DSM
2 Deployments
2 Pods
1 Db2 1 DSM
IBM Cloud61
DSM Kubernetes resources (22)
[hellip]==gt v1SecretNAME TYPE DATA AGEdsm-01-repository-db2-passwd Opaque 1 8mdsm-01-ibm-dsm-dev-dsm-passwd Opaque 1 8m
==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGEdsm-01-repository-data-stor Bound vol14 20Gi RWO 8mdsm-01-ibm-dsm-dev-datavolume Bound vol12 20Gi RWO 8m
==gt v1ServiceAccountNAME SECRETS AGEdsm-repodb-dsm-01-repository 1 8mdsm-dsm-01-ibm-dsm-dev 1 8m
==gt v1RoleNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
2 Secrets 1 DSM
asmin 1 Db2
instance owner
2 PVCs 1 DSM
Db2
3 Roles
IBM Cloud62
Additional Resources
IBM Cloud63
Additional Resources ndash Kubernetes Docker Helm
Kubernetes
minus httpskubernetesiodocstutorialskubernetes-basics
Kubernetes in the Enterprise eBook
minus ibmbizBdYA4i
Docker
minus httpsdocsdockercomget-started
Docker Hub
minus httpshubdockercom
Helm
minus httpshelmshdocs
IBM Cloud64
Additional Resources ndash IBM Cloud Private OpenShift
IBM Cloud Private Documentation
minus httpswwwibmcomsupportknowledgecenterenSSBS6K_320kc_welcome_containershtml
Deploy IBM Cloud Private Community Edition using Vagrant
minus httpsgithubcomIBMdeploy-ibm-cloud-privateblobmasterdocsdeploy-vagrantmd
Red Hat OpenShift Container Platform Documentation
minus httpsdocsopenshiftcomcontainer-platform41welcomeindexhtml
IBM Cloud65
Additional Resources ndash Db2 Db2Wh DSMDb2 Integration into IBM Cloud Private
minus httpsdeveloperibmcomrecipestutorialsdb2-integration-into-ibm-cloud-private
Db2 on IBM Cloud Private with Red Hat OpenShift
minus httpsdeveloperibmcomrecipestutorialsibm-db2-on-ibm-cloud-private-with-redhat-openshift
IBM Db2 Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-db2oltp-dev
IBM Data Server Manager Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-dsm-dev
Deploying Db2 Warehouse SMP using Kubernetes
minus httpswwwibmcomsupportknowledgecenterenSSCJDQcomibmswgimdashdbdocadmindeploy_kubernetes_smphtml
Deploying Db2 Warehouse SMP and MPP on IBM Cloud Pak for Data
minus httpswwwibmcomsupportknowledgecenterenSSQNUZ_210comibmicpdatadoczenadmindb-reqshtmldb-reqs__db2warehouse
IBM Cloud66
Presentation on Db2 and Docker from Db2 Aktuell 2018
IBM Cloud67
Summary
IBM Cloud68
Summary
Micro Services and Containers
Kubernetes Basics
Deploying Db2 on Kubernetes
minus Db2 OLTP Single Server
minus Db2 OLTP HADR
minus Data Server Manager (DSM)
Additional Resources
Summary
IBM Cloud69
Claus Huempel IBM Deutschland GmbH
Karl-Arnold-Platz 1a
Technical Sales Professional 40474 Duesseldorf
Hybrid Data Management Germany
Mobile +49-177-3627278
Email chuempeldeibmcom
Thank You
IBM Cloud70
IBM Cloud34
Deploying Db2 on Kubernetes
IBM Cloud35
Db2-based Containers running on Kubernetes (Sep 2019)Product Version Worker
Nodes
Pods PVCs Comments
Db2 OLTP 11144 1 1 1
Db2 OLTP HADR 11144 3 5 6 1x Db2 primary 1x Db2 standby 3x etcd for cluster
manager addntl PVC for HADR setup
Data Server
Manager
215 1 2 2 1x DSM 1x Db2 repository database
Includes Db2 111 engine
Db2 Warehouse
SMP
3100 1 1 1 Includes Db2 111 engine
Db2 Warehouse
MPP
3100 3+ 3+ 1 Includes Db2 111 engine
Requires IBM Cloud Pak for Data
Coming soon
minus Red Hat OpenShift Kubernetes support
minus Db2 v115 engine
IBM Cloud36
IBM Cloud Private Kubernetes platform
IBM Cloud37
Before deploying Db2 OLTP to Kubernetes a couple of stepsneed to be performed
Creating a new namespace (optional)
Configuring a pod security policy
Configuring an image pull secret
Configuring the service account
IBM Cloud38
Creating the Namespace for the Db2 OLTP containers
We will create new namespace where all our Pods for Db2 OLTP Db2 OLTP HADR and Data Server Manager will run
Create the namespace for example stock-trader-data
$ kubectl create namespace stock-trader-data
namespacestock-trader-data created
Switch the context to the newly created namespace
$ kubectl config set-context $(kubectl config current-context)
--namespace=stock-trader-data
Context mycluster-context modified
Verify pods There should be no pods running as we just created the namespace$ kubectl get podsNo resources found
IBM Cloud39
Configuring Pod Security Policy for Db2$ cat pre01yamlapiVersion extensionsv1beta1kind PodSecurityPolicymetadata
name db2-privilegesspec
allowPrivilegeEscalation trueprivileged falseallowedCapabilities- SETPCAP- MKNOD- AUDIT_WRITE- CHOWN- NET_RAW- DAC_OVERRIDE- FOWNER- FSETID- KILL- SETGID- SETUID- NET_BIND_SERVICE- SYS_CHROOT- SETFCAP- SYS_RESOURCE- IPC_OWNER- SYS_NICEfsGroup
rule RunAsAnyhostIPC true
hostNetwork falsehostPID falsehostPorts- max 65535
min 1runAsUser
rule RunAsAnyseLinux
rule RunAsAnysupplementalGroups
rule RunAsAnyvolumes-
Configure the pod security policy$ kubectl apply -f pre01yamlpodsecuritypolicyextensionsdb2-privileges configured
Verify the results$ kubectl get psp
db2-privileges false SETPCAPMKNODAUDIT_WRITECHOWNNET_RAWDAC_OVERRIDEFOWNERFSETIDKILLSETGIDSETUIDNET_BIND_SERVICESYS_CHROOTSETFCAPSYS_RESOURCEIPC_OWNERSYS_NICE RunAsAny RunAsAny RunAsAny RunAsAnyfalse
IBM Cloud40
Configuring Image Pull Secret for Db2
We need to create a image pull secret to give Kubernetes the credentials to pull the Db2 Developer-C and DSM images from Docker Hub
The username password and email are the credentials form Docker Hub
Note that you need to subscribe the Db2 and DSM images in Docker Hub first
Configure the image pull secret$ kubectl create secret docker-registry dockerhub
--docker-username=ltyour dockerhub usernamegt--docker-password=ltyour dockerhub passwordgt--docker-email=ltyour dockerhub emailgt--namespace=ltyour namespacegt
secretdockerhub created
Verify the result$ kubectl get secretsNAME TYPE DATA AGEdefault-token-mwvpl kubernetesioservice-account-token 3 17ddockerhub kubernetesiodockerconfigjson 1 13m
IBM Cloud41
Configuring Service Account for Db2$ more pre04yaml---kind ClusterRoleapiVersion rbacauthorizationk8siov1metadataname db2-privileges-cluster-role
rules- apiGroups [extensions]resources [podsecuritypolicies]verbs [use]resourceNames- db2-privileges
---kind ClusterRoleBindingapiVersion rbacauthorizationk8siov1metadataname db2-privileges-cluster-role-binding
roleRefkind ClusterRolename db2-privileges-cluster-roleapiGroup rbacauthorizationk8sio
subjects- kind ServiceAccountname defaultnamespace stock-trader-data
The YAML specification file that defines the cluster role and the cluster role binding for the service account
Configure the service account$ kubectl apply -f pre04yamlclusterrolerbacauthorizationk8siodb2-privileges-cluster-role createdclusterrolebindingrbacauthorizationk8siodb2-privileges-cluster-role-binding created
Verify the results$ kubectl get psp
db2-privileges false SETPCAPMKNODAUDIT_WRITECHOWNNET_RAWDAC_OVERRIDEFOWNERFSETIDKILLSETGIDSETUIDNET_BIND_SERVICESYS_CHROOTSETFCAPSYS_RESOURCEIPC_OWNERSYS_NICE RunAsAny RunAsAny RunAsAnyRunAsAny false
IBM Cloud42
Helm Charts for Db2 and DSM
IBM Cloud43
Helm install command to deploy Db2 OLTP on Kubernetes
Installing Db2 OLTP server with one database in 2 minutes
$ helm install --name db2-01 ibm-chartsibm-db2oltp-dev
--tls
--set db2instinstname=db2inst1
--set db2instpassword=passw0rd
--set optionsdatabaseName=MYDB
--set dataVolumesize=20Gi
Size of the
Db2 data
volume
Name of database that
will be created
If not specified no
database will be
created
Instance
owner name
Instance owner
password
Db2 OLTP
Helm chart
name
Helm release
name
different for each
deployment
Additional parameters available for example to enable Oracle compatibilitySee httpsgithubcomIBMchartstreemasterstableibm-db2oltp-dev
IBM Cloud44
Letrsquos verify if we can connect to the MYDB database (1)
Get list of running pods and verify that Db2 OLTP pod is running
$ kubectl get podsNAME READY STATUS RESTARTS AGEdb2-01-ibm-db2oltp-dev-0 11 Running 1 7h57m
Review the logs of the Db2 OLTP container
$ kubectl logs -f db2-01-ibm-db2oltp-dev-009152019 160430 0 0 SQL1063N DB2START processing was successfulSQL1063N DB2START processing was successful() Starting TEXT SEARCH service CIE00001 Operation completed successfullyssh-keygen generating new host keys RSA1 RSA DSA ECDSA ED25519() All databases are now active() Setup has completed
IBM Cloud45
Letrsquos verify if we can connect to the MYDB database (2)
Login to the Db2 OLTP container and connect to MYDB Db2 database
$ kubectl exec -it db2-01-ibm-db2oltp-dev-0 --binbash su - db2inst1Last login Sun Sep 15 161711 UTC 2019$ db2 connect to MYDB
Database Connection Information
Database server = DB2LINUXX8664 11144SQL authorization ID = DB2INST1Local database alias = MYDB
IBM Cloud46
Cataloging the MYDB database
We need to catalog the MYDB database to access from Db2 client
binbash
NODE_PORT=$(kubectl get --namespace stock-trader-data
-o jsonpath=specports[0]nodePort services db2-01-ibm-db2oltp-dev-db2)
echo Cataloging node db2tcp1
db2 -v uncatalog node DB2TCP1
db2 -v catalog tcpip node DB2TCP1 remote 19216827100 server $NODE_PORT
echo Cataloging database MYDB at node db2tcp1
db2 -v uncatalog database MYDB
db2 -v catalog database MYDB at node DB2TCP1
db2 terminate
We get the Db2 port
from the Db2 OLTP
helm release service
definition
IBM Cloud47
Kubernetes resources for Db2 OLTP$ helm status db2-01 --tlsNAME db2-01LAST DEPLOYED Sun Sep 15 081114 2019NAMESPACE stock-trader-dataSTATUS DEPLOYEDRESOURCES==gt v1SecretNAME TYPE DATA AGEdb2-01-ibm-db2oltp-dev Opaque 1 1s==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
db2-01-data-stor Bound vol12 20Gi RWO 1s
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
db2-01-ibm-db2oltp-dev-db2 NodePort 100050 ltnonegt 5000030463TCP5500032236TCP 1sdb2-01-ibm-db2oltp-dev ClusterIP None ltnonegt 50000TCP55000TCP60006TCP60007TCP 1s==gt v1StatefulSetNAME DESIRED CURRENT AGE
db2-01-ibm-db2oltp-dev 1 1 1s
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdb2-01-ibm-db2oltp-dev-0 01 Init01 0 1s 1 Pod runs
the Db2
container
2 Services for
Db2 1x external
1x internal
1 StatefulSet
DESIRED = 1
1 PVC (RWO) for db
files logs amp config
1 Secret
Db2 instance
owner password
IBM Cloud48
Helm install command for deploying Db2 OLTP HADR
Setting up a Db2 OLTP v111 HADR cluster pair in 5 minutes with 1 command
helm install --name db2-02 ibm-chartsibm-db2oltp-dev
--tls
--set db2instinstname=db2inst1
--set db2instpassword=passw0rd
--set optionsdatabaseName=HADB
--set dataVolumesize=20Gi--set hadrenabled=true
Additional parameter
hadrenabled set to true to
indicate that we want a
HADR setup
IBM Cloud49
Verify that Db2 HADR is working
IBM Cloud50
Kubernetes resources for Db2 OTLP HADRNAME db2-02LAST DEPLOYED Tue Sep 17 082433 2019NAMESPACE stock-trader-dataSTATUS DEPLOYEDRESOURCES==gt v1SecretNAME TYPE DATA AGEdb2-02-ibm-db2oltp-dev Opaque 1 1s==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
db2-02-hadr-stor Bound vol09 20Gi RWX 1s
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
db2-02-ibm-db2oltp-dev-db2 NodePort 100061 ltnonegt 5000032422TCP5500032181TCP 1sdb2-02-ibm-db2oltp-dev ClusterIP None ltnonegt 50000TCP55000TCP60006TCP60007TCP 1sdb2-02-ibm-db2oltp-dev-etcd ClusterIP None ltnonegt 2380TCP2379TCP 1s==gt v1StatefulSetNAME DESIRED CURRENT AGE
db2-02-ibm-db2oltp-dev 2 2 1s
==gt v1beta2StatefulSet
db2-02-ibm-db2oltp-dev-etcd 3 0 1s
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdb2-02-ibm-db2oltp-dev-0 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-1 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-etcd-0 01 ContainerCreating 0 1sdb2-02-ibm-db2oltp-dev-etcd-1 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-etcd-2 01 Pending 0 1s
5 Pods
2x Db2 3x etcd
3 Services
2x Db2 1x etcd
2 StatefulSets
Db2 DESIRED=2
etcd DESIRED=3
1 PVC (RWX)
for HADR setup (1)
1 Secret
Db2 instance
owner password
(1) 5 addntl PVCs are being created
implicitly for 2x Db2 and 3x etcd
IBM Cloud51
Kubernetes Job to deploy SQL $ cat single04yamlapiVersion batchv1kind Jobmetadata
name db2-01-create-database-schemaspec
templatespec
containers- name db2-01-create-database-schema
image storeibmcorpdb2_developer_c11144-x86_64command [ binsh-cscriptsdb2-setupsh ]volumeMounts- name db2-createschema
mountPath scriptssecurityContext
capabilitiesadd [SYS_RESOURCE IPC_OWNER SYS_NICE]
env- name LICENSE
value accept- name DB2INSTANCE
value db2inst1- name DB2INST1_PASSWORD
valueFromsecretKeyRef
name db2-01-ibm-db2oltp-devkey password
- name DB2_SERVICE_NAMEvalue db2-01-ibm-db2oltp-dev
- name DBNAMEvalue mydb
restartPolicy Nevervolumes- name db2-createschema
configMapname db2-createschemadefaultMode 0744
backoffLimit 1---apiVersion v1data
db2-setupsh |binshexport SETUPDIR=vardb2_setupsource $SETUPDIRincludedb2_constantssource $SETUPDIRincludedb2_common_functionsif getent passwd $DB2INSTANCE gt devnull 2gtamp1 then
echo () Previous setup has not been detected Creating create_users
fiif create_instance then
exit 1fistart_db2cp scriptsdb2-createschemash databasedb2-createschemashchmod +x databasedb2-createschemashsu - $DB2INSTANCE -c databasedb2-createschemash
$DB2_SERVICE_NAME $DB2INSTANCEldquo$DB2INST1_PASSWORD $DBNAME
IBM Cloud52
Kubernetes Job to deploy SQL (contrsquod)db2-createschemash |
binshDB2_SERVICE_NAME=$1DB2INSTANCE=$2DB2INST1_PASSWORD=$3DBNAME=$4echo Configure schema for database $DBNAME on host $DB2_SERVICE_NAMEdb2 catalog tcpip node DB2NODE remote $DB2_SERVICE_NAME server 50000db2 catalog db $DBNAME as $DBNAME at node DB2NODEdb2 terminatedb2 activate database $DBNAME user $DB2INSTANCE using $DB2INST1_PASSWORDdb2 connect to $DBNAME user $DB2INSTANCE using $DB2INST1_PASSWORDsleep 2db2 -tvmf scriptsps-bp-tbspsqlsleep 10db2 -tvmf scriptsps-tablessqlecho Database $DBNAME has been configured
ps-bp-tbspsql |CREATE BUFFERPOOL BP32K PAGESIZE 32KCREATE TABLESPACE TS32 PAGESIZE 32K BUFFERPOOL BP32K
ps-tablessql |CREATE TABLE PS_TABLE(PS_TABLE_ID INTEGER NOT NULL GENERATED ALWAYS AS IDENTITY (START WITH 100000 INCREMENT BY 5) [hellip] IN TS32INSERT INTO PS_TABLE (SSNFIRST_NAMELAST_NAMEJOB_CODEDEPTSALARYDOB) WITH TEMP1 [hellip] CREATE TABLE PS_HISTORY ( FIRSTNAME VARCHAR(20) NOT NULL LASTNAME VARCHAR(20) NOT NULL JOBCODE CHAR(4) NOT NULL ) IN TS32 GRANT ALL ON ps_table TO PUBLICGRANT ALL ON ps_history TO PUBLIC
kind ConfigMapmetadata
name db2-createschema
IBM Cloud53
Deploying the Job to run the SQL
We deploy the Kubernetes job that runs the SQL on the MYDB database
$ kubectl apply ndashf single04yaml
jobbatchdb2-01-create-database-schema created
configmapdb2-createschema configured
We verify that the job has been created
$ kubectl get jobs
NAME COMPLETIONS DURATION AGE
db2-01-create-database-schema 01 0s 0s
Eventually the job completes
$ kubectl get jobs
NAME COMPLETIONS DURATION AGE
db2-01-create-database-schema 11 109s 45m
IBM Cloud54
Verifying the logs from the Job that runs the SQL on MYDBWe run a script to retrieve the logs form the job
binbash
kubectl config set-context $(kubectl config current-context) --namespace=stock-trader-data
pod=$(kubectl get pods --selector=job-name=db2-01-create-database-schema --output=jsonpath=items[]metadataname)
kubectl logs -f $pod
Output
[hellip]
DB20000I The SQL command completed successfully
GRANT ALL ON ps_table TO PUBLIC
DB20000I The SQL command completed successfully
GRANT ALL ON ps_history TO PUBLIC
DB20000I The SQL command completed successfully
Database mydb has been configured
IBM Cloud55
Deploying Data Server Manager (DSM) with the GUI
IBM Cloud56
Deploying Data Server Manager (DSM) with the GUI (2)
IBM Cloud57
Getting the URL of Data Server Manager
We need to query Kubernetes for the URL of the DSM GUI
binbash
export NODE_PORT=$(kubectl get --namespace stock-trader-data -o jsonpath=spec
ports[1]nodePort services dsm-01-ibm-dsm-dev)
export NODE_IP=$(kubectl get nodes --namespace stock-trader-data -o jsonpath=
items[0]statusaddresses[0]address)
echo https$NODE_IP$NODE_PORT
=gt https1921682710030462 (can be different on your system)
IBM Cloud58
Accessing Data Server Manager
IBM Cloud59
Data Server Manager HomepageAll Db2 OLTP instances running in the
same namespace as DSM will be auto-
discovered and monitored by DSM
IBM Cloud60
DSM Kubernetes resources (12)$ helm status dsm-01 --tlsLAST DEPLOYED Mon Sep 16 120102 2019NAMESPACE stock-trader-dataSTATUS DEPLOYED
RESOURCES==gt v1RoleBindingNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGEdsm-01-repository NodePort 1000233 ltnonegt 5000032695TCP5500032203TCP 8mdsm-01-ibm-dsm-dev NodePort 100085 ltnonegt 1108032444TCP1108130462TCP 8m
==gt v1beta1DeploymentNAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGEdsm-01-repository 1 1 1 1 8mdsm-01-ibm-dsm-dev 1 1 1 1 8m
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdsm-01-repository-76f87d47d4-dlqh4 11 Running 0 8mdsm-01-ibm-dsm-dev-b976d89bd-dflqn 22 Running 0 8m
2 RoleBindings
2 Services
1x Db2 (repodb)
1x DSM
2 Deployments
2 Pods
1 Db2 1 DSM
IBM Cloud61
DSM Kubernetes resources (22)
[hellip]==gt v1SecretNAME TYPE DATA AGEdsm-01-repository-db2-passwd Opaque 1 8mdsm-01-ibm-dsm-dev-dsm-passwd Opaque 1 8m
==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGEdsm-01-repository-data-stor Bound vol14 20Gi RWO 8mdsm-01-ibm-dsm-dev-datavolume Bound vol12 20Gi RWO 8m
==gt v1ServiceAccountNAME SECRETS AGEdsm-repodb-dsm-01-repository 1 8mdsm-dsm-01-ibm-dsm-dev 1 8m
==gt v1RoleNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
2 Secrets 1 DSM
asmin 1 Db2
instance owner
2 PVCs 1 DSM
Db2
3 Roles
IBM Cloud62
Additional Resources
IBM Cloud63
Additional Resources ndash Kubernetes Docker Helm
Kubernetes
minus httpskubernetesiodocstutorialskubernetes-basics
Kubernetes in the Enterprise eBook
minus ibmbizBdYA4i
Docker
minus httpsdocsdockercomget-started
Docker Hub
minus httpshubdockercom
Helm
minus httpshelmshdocs
IBM Cloud64
Additional Resources ndash IBM Cloud Private OpenShift
IBM Cloud Private Documentation
minus httpswwwibmcomsupportknowledgecenterenSSBS6K_320kc_welcome_containershtml
Deploy IBM Cloud Private Community Edition using Vagrant
minus httpsgithubcomIBMdeploy-ibm-cloud-privateblobmasterdocsdeploy-vagrantmd
Red Hat OpenShift Container Platform Documentation
minus httpsdocsopenshiftcomcontainer-platform41welcomeindexhtml
IBM Cloud65
Additional Resources ndash Db2 Db2Wh DSMDb2 Integration into IBM Cloud Private
minus httpsdeveloperibmcomrecipestutorialsdb2-integration-into-ibm-cloud-private
Db2 on IBM Cloud Private with Red Hat OpenShift
minus httpsdeveloperibmcomrecipestutorialsibm-db2-on-ibm-cloud-private-with-redhat-openshift
IBM Db2 Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-db2oltp-dev
IBM Data Server Manager Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-dsm-dev
Deploying Db2 Warehouse SMP using Kubernetes
minus httpswwwibmcomsupportknowledgecenterenSSCJDQcomibmswgimdashdbdocadmindeploy_kubernetes_smphtml
Deploying Db2 Warehouse SMP and MPP on IBM Cloud Pak for Data
minus httpswwwibmcomsupportknowledgecenterenSSQNUZ_210comibmicpdatadoczenadmindb-reqshtmldb-reqs__db2warehouse
IBM Cloud66
Presentation on Db2 and Docker from Db2 Aktuell 2018
IBM Cloud67
Summary
IBM Cloud68
Summary
Micro Services and Containers
Kubernetes Basics
Deploying Db2 on Kubernetes
minus Db2 OLTP Single Server
minus Db2 OLTP HADR
minus Data Server Manager (DSM)
Additional Resources
Summary
IBM Cloud69
Claus Huempel IBM Deutschland GmbH
Karl-Arnold-Platz 1a
Technical Sales Professional 40474 Duesseldorf
Hybrid Data Management Germany
Mobile +49-177-3627278
Email chuempeldeibmcom
Thank You
IBM Cloud70
IBM Cloud35
Db2-based Containers running on Kubernetes (Sep 2019)Product Version Worker
Nodes
Pods PVCs Comments
Db2 OLTP 11144 1 1 1
Db2 OLTP HADR 11144 3 5 6 1x Db2 primary 1x Db2 standby 3x etcd for cluster
manager addntl PVC for HADR setup
Data Server
Manager
215 1 2 2 1x DSM 1x Db2 repository database
Includes Db2 111 engine
Db2 Warehouse
SMP
3100 1 1 1 Includes Db2 111 engine
Db2 Warehouse
MPP
3100 3+ 3+ 1 Includes Db2 111 engine
Requires IBM Cloud Pak for Data
Coming soon
minus Red Hat OpenShift Kubernetes support
minus Db2 v115 engine
IBM Cloud36
IBM Cloud Private Kubernetes platform
IBM Cloud37
Before deploying Db2 OLTP to Kubernetes a couple of stepsneed to be performed
Creating a new namespace (optional)
Configuring a pod security policy
Configuring an image pull secret
Configuring the service account
IBM Cloud38
Creating the Namespace for the Db2 OLTP containers
We will create new namespace where all our Pods for Db2 OLTP Db2 OLTP HADR and Data Server Manager will run
Create the namespace for example stock-trader-data
$ kubectl create namespace stock-trader-data
namespacestock-trader-data created
Switch the context to the newly created namespace
$ kubectl config set-context $(kubectl config current-context)
--namespace=stock-trader-data
Context mycluster-context modified
Verify pods There should be no pods running as we just created the namespace$ kubectl get podsNo resources found
IBM Cloud39
Configuring Pod Security Policy for Db2$ cat pre01yamlapiVersion extensionsv1beta1kind PodSecurityPolicymetadata
name db2-privilegesspec
allowPrivilegeEscalation trueprivileged falseallowedCapabilities- SETPCAP- MKNOD- AUDIT_WRITE- CHOWN- NET_RAW- DAC_OVERRIDE- FOWNER- FSETID- KILL- SETGID- SETUID- NET_BIND_SERVICE- SYS_CHROOT- SETFCAP- SYS_RESOURCE- IPC_OWNER- SYS_NICEfsGroup
rule RunAsAnyhostIPC true
hostNetwork falsehostPID falsehostPorts- max 65535
min 1runAsUser
rule RunAsAnyseLinux
rule RunAsAnysupplementalGroups
rule RunAsAnyvolumes-
Configure the pod security policy$ kubectl apply -f pre01yamlpodsecuritypolicyextensionsdb2-privileges configured
Verify the results$ kubectl get psp
db2-privileges false SETPCAPMKNODAUDIT_WRITECHOWNNET_RAWDAC_OVERRIDEFOWNERFSETIDKILLSETGIDSETUIDNET_BIND_SERVICESYS_CHROOTSETFCAPSYS_RESOURCEIPC_OWNERSYS_NICE RunAsAny RunAsAny RunAsAny RunAsAnyfalse
IBM Cloud40
Configuring Image Pull Secret for Db2
We need to create a image pull secret to give Kubernetes the credentials to pull the Db2 Developer-C and DSM images from Docker Hub
The username password and email are the credentials form Docker Hub
Note that you need to subscribe the Db2 and DSM images in Docker Hub first
Configure the image pull secret$ kubectl create secret docker-registry dockerhub
--docker-username=ltyour dockerhub usernamegt--docker-password=ltyour dockerhub passwordgt--docker-email=ltyour dockerhub emailgt--namespace=ltyour namespacegt
secretdockerhub created
Verify the result$ kubectl get secretsNAME TYPE DATA AGEdefault-token-mwvpl kubernetesioservice-account-token 3 17ddockerhub kubernetesiodockerconfigjson 1 13m
IBM Cloud41
Configuring Service Account for Db2$ more pre04yaml---kind ClusterRoleapiVersion rbacauthorizationk8siov1metadataname db2-privileges-cluster-role
rules- apiGroups [extensions]resources [podsecuritypolicies]verbs [use]resourceNames- db2-privileges
---kind ClusterRoleBindingapiVersion rbacauthorizationk8siov1metadataname db2-privileges-cluster-role-binding
roleRefkind ClusterRolename db2-privileges-cluster-roleapiGroup rbacauthorizationk8sio
subjects- kind ServiceAccountname defaultnamespace stock-trader-data
The YAML specification file that defines the cluster role and the cluster role binding for the service account
Configure the service account$ kubectl apply -f pre04yamlclusterrolerbacauthorizationk8siodb2-privileges-cluster-role createdclusterrolebindingrbacauthorizationk8siodb2-privileges-cluster-role-binding created
Verify the results$ kubectl get psp
db2-privileges false SETPCAPMKNODAUDIT_WRITECHOWNNET_RAWDAC_OVERRIDEFOWNERFSETIDKILLSETGIDSETUIDNET_BIND_SERVICESYS_CHROOTSETFCAPSYS_RESOURCEIPC_OWNERSYS_NICE RunAsAny RunAsAny RunAsAnyRunAsAny false
IBM Cloud42
Helm Charts for Db2 and DSM
IBM Cloud43
Helm install command to deploy Db2 OLTP on Kubernetes
Installing Db2 OLTP server with one database in 2 minutes
$ helm install --name db2-01 ibm-chartsibm-db2oltp-dev
--tls
--set db2instinstname=db2inst1
--set db2instpassword=passw0rd
--set optionsdatabaseName=MYDB
--set dataVolumesize=20Gi
Size of the
Db2 data
volume
Name of database that
will be created
If not specified no
database will be
created
Instance
owner name
Instance owner
password
Db2 OLTP
Helm chart
name
Helm release
name
different for each
deployment
Additional parameters available for example to enable Oracle compatibilitySee httpsgithubcomIBMchartstreemasterstableibm-db2oltp-dev
IBM Cloud44
Letrsquos verify if we can connect to the MYDB database (1)
Get list of running pods and verify that Db2 OLTP pod is running
$ kubectl get podsNAME READY STATUS RESTARTS AGEdb2-01-ibm-db2oltp-dev-0 11 Running 1 7h57m
Review the logs of the Db2 OLTP container
$ kubectl logs -f db2-01-ibm-db2oltp-dev-009152019 160430 0 0 SQL1063N DB2START processing was successfulSQL1063N DB2START processing was successful() Starting TEXT SEARCH service CIE00001 Operation completed successfullyssh-keygen generating new host keys RSA1 RSA DSA ECDSA ED25519() All databases are now active() Setup has completed
IBM Cloud45
Letrsquos verify if we can connect to the MYDB database (2)
Login to the Db2 OLTP container and connect to MYDB Db2 database
$ kubectl exec -it db2-01-ibm-db2oltp-dev-0 --binbash su - db2inst1Last login Sun Sep 15 161711 UTC 2019$ db2 connect to MYDB
Database Connection Information
Database server = DB2LINUXX8664 11144SQL authorization ID = DB2INST1Local database alias = MYDB
IBM Cloud46
Cataloging the MYDB database
We need to catalog the MYDB database to access from Db2 client
binbash
NODE_PORT=$(kubectl get --namespace stock-trader-data
-o jsonpath=specports[0]nodePort services db2-01-ibm-db2oltp-dev-db2)
echo Cataloging node db2tcp1
db2 -v uncatalog node DB2TCP1
db2 -v catalog tcpip node DB2TCP1 remote 19216827100 server $NODE_PORT
echo Cataloging database MYDB at node db2tcp1
db2 -v uncatalog database MYDB
db2 -v catalog database MYDB at node DB2TCP1
db2 terminate
We get the Db2 port
from the Db2 OLTP
helm release service
definition
IBM Cloud47
Kubernetes resources for Db2 OLTP$ helm status db2-01 --tlsNAME db2-01LAST DEPLOYED Sun Sep 15 081114 2019NAMESPACE stock-trader-dataSTATUS DEPLOYEDRESOURCES==gt v1SecretNAME TYPE DATA AGEdb2-01-ibm-db2oltp-dev Opaque 1 1s==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
db2-01-data-stor Bound vol12 20Gi RWO 1s
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
db2-01-ibm-db2oltp-dev-db2 NodePort 100050 ltnonegt 5000030463TCP5500032236TCP 1sdb2-01-ibm-db2oltp-dev ClusterIP None ltnonegt 50000TCP55000TCP60006TCP60007TCP 1s==gt v1StatefulSetNAME DESIRED CURRENT AGE
db2-01-ibm-db2oltp-dev 1 1 1s
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdb2-01-ibm-db2oltp-dev-0 01 Init01 0 1s 1 Pod runs
the Db2
container
2 Services for
Db2 1x external
1x internal
1 StatefulSet
DESIRED = 1
1 PVC (RWO) for db
files logs amp config
1 Secret
Db2 instance
owner password
IBM Cloud48
Helm install command for deploying Db2 OLTP HADR
Setting up a Db2 OLTP v111 HADR cluster pair in 5 minutes with 1 command
helm install --name db2-02 ibm-chartsibm-db2oltp-dev
--tls
--set db2instinstname=db2inst1
--set db2instpassword=passw0rd
--set optionsdatabaseName=HADB
--set dataVolumesize=20Gi--set hadrenabled=true
Additional parameter
hadrenabled set to true to
indicate that we want a
HADR setup
IBM Cloud49
Verify that Db2 HADR is working
IBM Cloud50
Kubernetes resources for Db2 OTLP HADRNAME db2-02LAST DEPLOYED Tue Sep 17 082433 2019NAMESPACE stock-trader-dataSTATUS DEPLOYEDRESOURCES==gt v1SecretNAME TYPE DATA AGEdb2-02-ibm-db2oltp-dev Opaque 1 1s==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
db2-02-hadr-stor Bound vol09 20Gi RWX 1s
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
db2-02-ibm-db2oltp-dev-db2 NodePort 100061 ltnonegt 5000032422TCP5500032181TCP 1sdb2-02-ibm-db2oltp-dev ClusterIP None ltnonegt 50000TCP55000TCP60006TCP60007TCP 1sdb2-02-ibm-db2oltp-dev-etcd ClusterIP None ltnonegt 2380TCP2379TCP 1s==gt v1StatefulSetNAME DESIRED CURRENT AGE
db2-02-ibm-db2oltp-dev 2 2 1s
==gt v1beta2StatefulSet
db2-02-ibm-db2oltp-dev-etcd 3 0 1s
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdb2-02-ibm-db2oltp-dev-0 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-1 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-etcd-0 01 ContainerCreating 0 1sdb2-02-ibm-db2oltp-dev-etcd-1 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-etcd-2 01 Pending 0 1s
5 Pods
2x Db2 3x etcd
3 Services
2x Db2 1x etcd
2 StatefulSets
Db2 DESIRED=2
etcd DESIRED=3
1 PVC (RWX)
for HADR setup (1)
1 Secret
Db2 instance
owner password
(1) 5 addntl PVCs are being created
implicitly for 2x Db2 and 3x etcd
IBM Cloud51
Kubernetes Job to deploy SQL $ cat single04yamlapiVersion batchv1kind Jobmetadata
name db2-01-create-database-schemaspec
templatespec
containers- name db2-01-create-database-schema
image storeibmcorpdb2_developer_c11144-x86_64command [ binsh-cscriptsdb2-setupsh ]volumeMounts- name db2-createschema
mountPath scriptssecurityContext
capabilitiesadd [SYS_RESOURCE IPC_OWNER SYS_NICE]
env- name LICENSE
value accept- name DB2INSTANCE
value db2inst1- name DB2INST1_PASSWORD
valueFromsecretKeyRef
name db2-01-ibm-db2oltp-devkey password
- name DB2_SERVICE_NAMEvalue db2-01-ibm-db2oltp-dev
- name DBNAMEvalue mydb
restartPolicy Nevervolumes- name db2-createschema
configMapname db2-createschemadefaultMode 0744
backoffLimit 1---apiVersion v1data
db2-setupsh |binshexport SETUPDIR=vardb2_setupsource $SETUPDIRincludedb2_constantssource $SETUPDIRincludedb2_common_functionsif getent passwd $DB2INSTANCE gt devnull 2gtamp1 then
echo () Previous setup has not been detected Creating create_users
fiif create_instance then
exit 1fistart_db2cp scriptsdb2-createschemash databasedb2-createschemashchmod +x databasedb2-createschemashsu - $DB2INSTANCE -c databasedb2-createschemash
$DB2_SERVICE_NAME $DB2INSTANCEldquo$DB2INST1_PASSWORD $DBNAME
IBM Cloud52
Kubernetes Job to deploy SQL (contrsquod)db2-createschemash |
binshDB2_SERVICE_NAME=$1DB2INSTANCE=$2DB2INST1_PASSWORD=$3DBNAME=$4echo Configure schema for database $DBNAME on host $DB2_SERVICE_NAMEdb2 catalog tcpip node DB2NODE remote $DB2_SERVICE_NAME server 50000db2 catalog db $DBNAME as $DBNAME at node DB2NODEdb2 terminatedb2 activate database $DBNAME user $DB2INSTANCE using $DB2INST1_PASSWORDdb2 connect to $DBNAME user $DB2INSTANCE using $DB2INST1_PASSWORDsleep 2db2 -tvmf scriptsps-bp-tbspsqlsleep 10db2 -tvmf scriptsps-tablessqlecho Database $DBNAME has been configured
ps-bp-tbspsql |CREATE BUFFERPOOL BP32K PAGESIZE 32KCREATE TABLESPACE TS32 PAGESIZE 32K BUFFERPOOL BP32K
ps-tablessql |CREATE TABLE PS_TABLE(PS_TABLE_ID INTEGER NOT NULL GENERATED ALWAYS AS IDENTITY (START WITH 100000 INCREMENT BY 5) [hellip] IN TS32INSERT INTO PS_TABLE (SSNFIRST_NAMELAST_NAMEJOB_CODEDEPTSALARYDOB) WITH TEMP1 [hellip] CREATE TABLE PS_HISTORY ( FIRSTNAME VARCHAR(20) NOT NULL LASTNAME VARCHAR(20) NOT NULL JOBCODE CHAR(4) NOT NULL ) IN TS32 GRANT ALL ON ps_table TO PUBLICGRANT ALL ON ps_history TO PUBLIC
kind ConfigMapmetadata
name db2-createschema
IBM Cloud53
Deploying the Job to run the SQL
We deploy the Kubernetes job that runs the SQL on the MYDB database
$ kubectl apply ndashf single04yaml
jobbatchdb2-01-create-database-schema created
configmapdb2-createschema configured
We verify that the job has been created
$ kubectl get jobs
NAME COMPLETIONS DURATION AGE
db2-01-create-database-schema 01 0s 0s
Eventually the job completes
$ kubectl get jobs
NAME COMPLETIONS DURATION AGE
db2-01-create-database-schema 11 109s 45m
IBM Cloud54
Verifying the logs from the Job that runs the SQL on MYDBWe run a script to retrieve the logs form the job
binbash
kubectl config set-context $(kubectl config current-context) --namespace=stock-trader-data
pod=$(kubectl get pods --selector=job-name=db2-01-create-database-schema --output=jsonpath=items[]metadataname)
kubectl logs -f $pod
Output
[hellip]
DB20000I The SQL command completed successfully
GRANT ALL ON ps_table TO PUBLIC
DB20000I The SQL command completed successfully
GRANT ALL ON ps_history TO PUBLIC
DB20000I The SQL command completed successfully
Database mydb has been configured
IBM Cloud55
Deploying Data Server Manager (DSM) with the GUI
IBM Cloud56
Deploying Data Server Manager (DSM) with the GUI (2)
IBM Cloud57
Getting the URL of Data Server Manager
We need to query Kubernetes for the URL of the DSM GUI
binbash
export NODE_PORT=$(kubectl get --namespace stock-trader-data -o jsonpath=spec
ports[1]nodePort services dsm-01-ibm-dsm-dev)
export NODE_IP=$(kubectl get nodes --namespace stock-trader-data -o jsonpath=
items[0]statusaddresses[0]address)
echo https$NODE_IP$NODE_PORT
=gt https1921682710030462 (can be different on your system)
IBM Cloud58
Accessing Data Server Manager
IBM Cloud59
Data Server Manager HomepageAll Db2 OLTP instances running in the
same namespace as DSM will be auto-
discovered and monitored by DSM
IBM Cloud60
DSM Kubernetes resources (12)$ helm status dsm-01 --tlsLAST DEPLOYED Mon Sep 16 120102 2019NAMESPACE stock-trader-dataSTATUS DEPLOYED
RESOURCES==gt v1RoleBindingNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGEdsm-01-repository NodePort 1000233 ltnonegt 5000032695TCP5500032203TCP 8mdsm-01-ibm-dsm-dev NodePort 100085 ltnonegt 1108032444TCP1108130462TCP 8m
==gt v1beta1DeploymentNAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGEdsm-01-repository 1 1 1 1 8mdsm-01-ibm-dsm-dev 1 1 1 1 8m
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdsm-01-repository-76f87d47d4-dlqh4 11 Running 0 8mdsm-01-ibm-dsm-dev-b976d89bd-dflqn 22 Running 0 8m
2 RoleBindings
2 Services
1x Db2 (repodb)
1x DSM
2 Deployments
2 Pods
1 Db2 1 DSM
IBM Cloud61
DSM Kubernetes resources (22)
[hellip]==gt v1SecretNAME TYPE DATA AGEdsm-01-repository-db2-passwd Opaque 1 8mdsm-01-ibm-dsm-dev-dsm-passwd Opaque 1 8m
==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGEdsm-01-repository-data-stor Bound vol14 20Gi RWO 8mdsm-01-ibm-dsm-dev-datavolume Bound vol12 20Gi RWO 8m
==gt v1ServiceAccountNAME SECRETS AGEdsm-repodb-dsm-01-repository 1 8mdsm-dsm-01-ibm-dsm-dev 1 8m
==gt v1RoleNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
2 Secrets 1 DSM
asmin 1 Db2
instance owner
2 PVCs 1 DSM
Db2
3 Roles
IBM Cloud62
Additional Resources
IBM Cloud63
Additional Resources ndash Kubernetes Docker Helm
Kubernetes
minus httpskubernetesiodocstutorialskubernetes-basics
Kubernetes in the Enterprise eBook
minus ibmbizBdYA4i
Docker
minus httpsdocsdockercomget-started
Docker Hub
minus httpshubdockercom
Helm
minus httpshelmshdocs
IBM Cloud64
Additional Resources ndash IBM Cloud Private OpenShift
IBM Cloud Private Documentation
minus httpswwwibmcomsupportknowledgecenterenSSBS6K_320kc_welcome_containershtml
Deploy IBM Cloud Private Community Edition using Vagrant
minus httpsgithubcomIBMdeploy-ibm-cloud-privateblobmasterdocsdeploy-vagrantmd
Red Hat OpenShift Container Platform Documentation
minus httpsdocsopenshiftcomcontainer-platform41welcomeindexhtml
IBM Cloud65
Additional Resources ndash Db2 Db2Wh DSMDb2 Integration into IBM Cloud Private
minus httpsdeveloperibmcomrecipestutorialsdb2-integration-into-ibm-cloud-private
Db2 on IBM Cloud Private with Red Hat OpenShift
minus httpsdeveloperibmcomrecipestutorialsibm-db2-on-ibm-cloud-private-with-redhat-openshift
IBM Db2 Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-db2oltp-dev
IBM Data Server Manager Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-dsm-dev
Deploying Db2 Warehouse SMP using Kubernetes
minus httpswwwibmcomsupportknowledgecenterenSSCJDQcomibmswgimdashdbdocadmindeploy_kubernetes_smphtml
Deploying Db2 Warehouse SMP and MPP on IBM Cloud Pak for Data
minus httpswwwibmcomsupportknowledgecenterenSSQNUZ_210comibmicpdatadoczenadmindb-reqshtmldb-reqs__db2warehouse
IBM Cloud66
Presentation on Db2 and Docker from Db2 Aktuell 2018
IBM Cloud67
Summary
IBM Cloud68
Summary
Micro Services and Containers
Kubernetes Basics
Deploying Db2 on Kubernetes
minus Db2 OLTP Single Server
minus Db2 OLTP HADR
minus Data Server Manager (DSM)
Additional Resources
Summary
IBM Cloud69
Claus Huempel IBM Deutschland GmbH
Karl-Arnold-Platz 1a
Technical Sales Professional 40474 Duesseldorf
Hybrid Data Management Germany
Mobile +49-177-3627278
Email chuempeldeibmcom
Thank You
IBM Cloud70
IBM Cloud36
IBM Cloud Private Kubernetes platform
IBM Cloud37
Before deploying Db2 OLTP to Kubernetes a couple of stepsneed to be performed
Creating a new namespace (optional)
Configuring a pod security policy
Configuring an image pull secret
Configuring the service account
IBM Cloud38
Creating the Namespace for the Db2 OLTP containers
We will create new namespace where all our Pods for Db2 OLTP Db2 OLTP HADR and Data Server Manager will run
Create the namespace for example stock-trader-data
$ kubectl create namespace stock-trader-data
namespacestock-trader-data created
Switch the context to the newly created namespace
$ kubectl config set-context $(kubectl config current-context)
--namespace=stock-trader-data
Context mycluster-context modified
Verify pods There should be no pods running as we just created the namespace$ kubectl get podsNo resources found
IBM Cloud39
Configuring Pod Security Policy for Db2$ cat pre01yamlapiVersion extensionsv1beta1kind PodSecurityPolicymetadata
name db2-privilegesspec
allowPrivilegeEscalation trueprivileged falseallowedCapabilities- SETPCAP- MKNOD- AUDIT_WRITE- CHOWN- NET_RAW- DAC_OVERRIDE- FOWNER- FSETID- KILL- SETGID- SETUID- NET_BIND_SERVICE- SYS_CHROOT- SETFCAP- SYS_RESOURCE- IPC_OWNER- SYS_NICEfsGroup
rule RunAsAnyhostIPC true
hostNetwork falsehostPID falsehostPorts- max 65535
min 1runAsUser
rule RunAsAnyseLinux
rule RunAsAnysupplementalGroups
rule RunAsAnyvolumes-
Configure the pod security policy$ kubectl apply -f pre01yamlpodsecuritypolicyextensionsdb2-privileges configured
Verify the results$ kubectl get psp
db2-privileges false SETPCAPMKNODAUDIT_WRITECHOWNNET_RAWDAC_OVERRIDEFOWNERFSETIDKILLSETGIDSETUIDNET_BIND_SERVICESYS_CHROOTSETFCAPSYS_RESOURCEIPC_OWNERSYS_NICE RunAsAny RunAsAny RunAsAny RunAsAnyfalse
IBM Cloud40
Configuring Image Pull Secret for Db2
We need to create a image pull secret to give Kubernetes the credentials to pull the Db2 Developer-C and DSM images from Docker Hub
The username password and email are the credentials form Docker Hub
Note that you need to subscribe the Db2 and DSM images in Docker Hub first
Configure the image pull secret$ kubectl create secret docker-registry dockerhub
--docker-username=ltyour dockerhub usernamegt--docker-password=ltyour dockerhub passwordgt--docker-email=ltyour dockerhub emailgt--namespace=ltyour namespacegt
secretdockerhub created
Verify the result$ kubectl get secretsNAME TYPE DATA AGEdefault-token-mwvpl kubernetesioservice-account-token 3 17ddockerhub kubernetesiodockerconfigjson 1 13m
IBM Cloud41
Configuring Service Account for Db2$ more pre04yaml---kind ClusterRoleapiVersion rbacauthorizationk8siov1metadataname db2-privileges-cluster-role
rules- apiGroups [extensions]resources [podsecuritypolicies]verbs [use]resourceNames- db2-privileges
---kind ClusterRoleBindingapiVersion rbacauthorizationk8siov1metadataname db2-privileges-cluster-role-binding
roleRefkind ClusterRolename db2-privileges-cluster-roleapiGroup rbacauthorizationk8sio
subjects- kind ServiceAccountname defaultnamespace stock-trader-data
The YAML specification file that defines the cluster role and the cluster role binding for the service account
Configure the service account$ kubectl apply -f pre04yamlclusterrolerbacauthorizationk8siodb2-privileges-cluster-role createdclusterrolebindingrbacauthorizationk8siodb2-privileges-cluster-role-binding created
Verify the results$ kubectl get psp
db2-privileges false SETPCAPMKNODAUDIT_WRITECHOWNNET_RAWDAC_OVERRIDEFOWNERFSETIDKILLSETGIDSETUIDNET_BIND_SERVICESYS_CHROOTSETFCAPSYS_RESOURCEIPC_OWNERSYS_NICE RunAsAny RunAsAny RunAsAnyRunAsAny false
IBM Cloud42
Helm Charts for Db2 and DSM
IBM Cloud43
Helm install command to deploy Db2 OLTP on Kubernetes
Installing Db2 OLTP server with one database in 2 minutes
$ helm install --name db2-01 ibm-chartsibm-db2oltp-dev
--tls
--set db2instinstname=db2inst1
--set db2instpassword=passw0rd
--set optionsdatabaseName=MYDB
--set dataVolumesize=20Gi
Size of the
Db2 data
volume
Name of database that
will be created
If not specified no
database will be
created
Instance
owner name
Instance owner
password
Db2 OLTP
Helm chart
name
Helm release
name
different for each
deployment
Additional parameters available for example to enable Oracle compatibilitySee httpsgithubcomIBMchartstreemasterstableibm-db2oltp-dev
IBM Cloud44
Letrsquos verify if we can connect to the MYDB database (1)
Get list of running pods and verify that Db2 OLTP pod is running
$ kubectl get podsNAME READY STATUS RESTARTS AGEdb2-01-ibm-db2oltp-dev-0 11 Running 1 7h57m
Review the logs of the Db2 OLTP container
$ kubectl logs -f db2-01-ibm-db2oltp-dev-009152019 160430 0 0 SQL1063N DB2START processing was successfulSQL1063N DB2START processing was successful() Starting TEXT SEARCH service CIE00001 Operation completed successfullyssh-keygen generating new host keys RSA1 RSA DSA ECDSA ED25519() All databases are now active() Setup has completed
IBM Cloud45
Letrsquos verify if we can connect to the MYDB database (2)
Login to the Db2 OLTP container and connect to MYDB Db2 database
$ kubectl exec -it db2-01-ibm-db2oltp-dev-0 --binbash su - db2inst1Last login Sun Sep 15 161711 UTC 2019$ db2 connect to MYDB
Database Connection Information
Database server = DB2LINUXX8664 11144SQL authorization ID = DB2INST1Local database alias = MYDB
IBM Cloud46
Cataloging the MYDB database
We need to catalog the MYDB database to access from Db2 client
binbash
NODE_PORT=$(kubectl get --namespace stock-trader-data
-o jsonpath=specports[0]nodePort services db2-01-ibm-db2oltp-dev-db2)
echo Cataloging node db2tcp1
db2 -v uncatalog node DB2TCP1
db2 -v catalog tcpip node DB2TCP1 remote 19216827100 server $NODE_PORT
echo Cataloging database MYDB at node db2tcp1
db2 -v uncatalog database MYDB
db2 -v catalog database MYDB at node DB2TCP1
db2 terminate
We get the Db2 port
from the Db2 OLTP
helm release service
definition
IBM Cloud47
Kubernetes resources for Db2 OLTP$ helm status db2-01 --tlsNAME db2-01LAST DEPLOYED Sun Sep 15 081114 2019NAMESPACE stock-trader-dataSTATUS DEPLOYEDRESOURCES==gt v1SecretNAME TYPE DATA AGEdb2-01-ibm-db2oltp-dev Opaque 1 1s==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
db2-01-data-stor Bound vol12 20Gi RWO 1s
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
db2-01-ibm-db2oltp-dev-db2 NodePort 100050 ltnonegt 5000030463TCP5500032236TCP 1sdb2-01-ibm-db2oltp-dev ClusterIP None ltnonegt 50000TCP55000TCP60006TCP60007TCP 1s==gt v1StatefulSetNAME DESIRED CURRENT AGE
db2-01-ibm-db2oltp-dev 1 1 1s
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdb2-01-ibm-db2oltp-dev-0 01 Init01 0 1s 1 Pod runs
the Db2
container
2 Services for
Db2 1x external
1x internal
1 StatefulSet
DESIRED = 1
1 PVC (RWO) for db
files logs amp config
1 Secret
Db2 instance
owner password
IBM Cloud48
Helm install command for deploying Db2 OLTP HADR
Setting up a Db2 OLTP v111 HADR cluster pair in 5 minutes with 1 command
helm install --name db2-02 ibm-chartsibm-db2oltp-dev
--tls
--set db2instinstname=db2inst1
--set db2instpassword=passw0rd
--set optionsdatabaseName=HADB
--set dataVolumesize=20Gi--set hadrenabled=true
Additional parameter
hadrenabled set to true to
indicate that we want a
HADR setup
IBM Cloud49
Verify that Db2 HADR is working
IBM Cloud50
Kubernetes resources for Db2 OTLP HADRNAME db2-02LAST DEPLOYED Tue Sep 17 082433 2019NAMESPACE stock-trader-dataSTATUS DEPLOYEDRESOURCES==gt v1SecretNAME TYPE DATA AGEdb2-02-ibm-db2oltp-dev Opaque 1 1s==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
db2-02-hadr-stor Bound vol09 20Gi RWX 1s
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
db2-02-ibm-db2oltp-dev-db2 NodePort 100061 ltnonegt 5000032422TCP5500032181TCP 1sdb2-02-ibm-db2oltp-dev ClusterIP None ltnonegt 50000TCP55000TCP60006TCP60007TCP 1sdb2-02-ibm-db2oltp-dev-etcd ClusterIP None ltnonegt 2380TCP2379TCP 1s==gt v1StatefulSetNAME DESIRED CURRENT AGE
db2-02-ibm-db2oltp-dev 2 2 1s
==gt v1beta2StatefulSet
db2-02-ibm-db2oltp-dev-etcd 3 0 1s
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdb2-02-ibm-db2oltp-dev-0 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-1 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-etcd-0 01 ContainerCreating 0 1sdb2-02-ibm-db2oltp-dev-etcd-1 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-etcd-2 01 Pending 0 1s
5 Pods
2x Db2 3x etcd
3 Services
2x Db2 1x etcd
2 StatefulSets
Db2 DESIRED=2
etcd DESIRED=3
1 PVC (RWX)
for HADR setup (1)
1 Secret
Db2 instance
owner password
(1) 5 addntl PVCs are being created
implicitly for 2x Db2 and 3x etcd
IBM Cloud51
Kubernetes Job to deploy SQL $ cat single04yamlapiVersion batchv1kind Jobmetadata
name db2-01-create-database-schemaspec
templatespec
containers- name db2-01-create-database-schema
image storeibmcorpdb2_developer_c11144-x86_64command [ binsh-cscriptsdb2-setupsh ]volumeMounts- name db2-createschema
mountPath scriptssecurityContext
capabilitiesadd [SYS_RESOURCE IPC_OWNER SYS_NICE]
env- name LICENSE
value accept- name DB2INSTANCE
value db2inst1- name DB2INST1_PASSWORD
valueFromsecretKeyRef
name db2-01-ibm-db2oltp-devkey password
- name DB2_SERVICE_NAMEvalue db2-01-ibm-db2oltp-dev
- name DBNAMEvalue mydb
restartPolicy Nevervolumes- name db2-createschema
configMapname db2-createschemadefaultMode 0744
backoffLimit 1---apiVersion v1data
db2-setupsh |binshexport SETUPDIR=vardb2_setupsource $SETUPDIRincludedb2_constantssource $SETUPDIRincludedb2_common_functionsif getent passwd $DB2INSTANCE gt devnull 2gtamp1 then
echo () Previous setup has not been detected Creating create_users
fiif create_instance then
exit 1fistart_db2cp scriptsdb2-createschemash databasedb2-createschemashchmod +x databasedb2-createschemashsu - $DB2INSTANCE -c databasedb2-createschemash
$DB2_SERVICE_NAME $DB2INSTANCEldquo$DB2INST1_PASSWORD $DBNAME
IBM Cloud52
Kubernetes Job to deploy SQL (contrsquod)db2-createschemash |
binshDB2_SERVICE_NAME=$1DB2INSTANCE=$2DB2INST1_PASSWORD=$3DBNAME=$4echo Configure schema for database $DBNAME on host $DB2_SERVICE_NAMEdb2 catalog tcpip node DB2NODE remote $DB2_SERVICE_NAME server 50000db2 catalog db $DBNAME as $DBNAME at node DB2NODEdb2 terminatedb2 activate database $DBNAME user $DB2INSTANCE using $DB2INST1_PASSWORDdb2 connect to $DBNAME user $DB2INSTANCE using $DB2INST1_PASSWORDsleep 2db2 -tvmf scriptsps-bp-tbspsqlsleep 10db2 -tvmf scriptsps-tablessqlecho Database $DBNAME has been configured
ps-bp-tbspsql |CREATE BUFFERPOOL BP32K PAGESIZE 32KCREATE TABLESPACE TS32 PAGESIZE 32K BUFFERPOOL BP32K
ps-tablessql |CREATE TABLE PS_TABLE(PS_TABLE_ID INTEGER NOT NULL GENERATED ALWAYS AS IDENTITY (START WITH 100000 INCREMENT BY 5) [hellip] IN TS32INSERT INTO PS_TABLE (SSNFIRST_NAMELAST_NAMEJOB_CODEDEPTSALARYDOB) WITH TEMP1 [hellip] CREATE TABLE PS_HISTORY ( FIRSTNAME VARCHAR(20) NOT NULL LASTNAME VARCHAR(20) NOT NULL JOBCODE CHAR(4) NOT NULL ) IN TS32 GRANT ALL ON ps_table TO PUBLICGRANT ALL ON ps_history TO PUBLIC
kind ConfigMapmetadata
name db2-createschema
IBM Cloud53
Deploying the Job to run the SQL
We deploy the Kubernetes job that runs the SQL on the MYDB database
$ kubectl apply ndashf single04yaml
jobbatchdb2-01-create-database-schema created
configmapdb2-createschema configured
We verify that the job has been created
$ kubectl get jobs
NAME COMPLETIONS DURATION AGE
db2-01-create-database-schema 01 0s 0s
Eventually the job completes
$ kubectl get jobs
NAME COMPLETIONS DURATION AGE
db2-01-create-database-schema 11 109s 45m
IBM Cloud54
Verifying the logs from the Job that runs the SQL on MYDBWe run a script to retrieve the logs form the job
binbash
kubectl config set-context $(kubectl config current-context) --namespace=stock-trader-data
pod=$(kubectl get pods --selector=job-name=db2-01-create-database-schema --output=jsonpath=items[]metadataname)
kubectl logs -f $pod
Output
[hellip]
DB20000I The SQL command completed successfully
GRANT ALL ON ps_table TO PUBLIC
DB20000I The SQL command completed successfully
GRANT ALL ON ps_history TO PUBLIC
DB20000I The SQL command completed successfully
Database mydb has been configured
IBM Cloud55
Deploying Data Server Manager (DSM) with the GUI
IBM Cloud56
Deploying Data Server Manager (DSM) with the GUI (2)
IBM Cloud57
Getting the URL of Data Server Manager
We need to query Kubernetes for the URL of the DSM GUI
binbash
export NODE_PORT=$(kubectl get --namespace stock-trader-data -o jsonpath=spec
ports[1]nodePort services dsm-01-ibm-dsm-dev)
export NODE_IP=$(kubectl get nodes --namespace stock-trader-data -o jsonpath=
items[0]statusaddresses[0]address)
echo https$NODE_IP$NODE_PORT
=gt https1921682710030462 (can be different on your system)
IBM Cloud58
Accessing Data Server Manager
IBM Cloud59
Data Server Manager HomepageAll Db2 OLTP instances running in the
same namespace as DSM will be auto-
discovered and monitored by DSM
IBM Cloud60
DSM Kubernetes resources (12)$ helm status dsm-01 --tlsLAST DEPLOYED Mon Sep 16 120102 2019NAMESPACE stock-trader-dataSTATUS DEPLOYED
RESOURCES==gt v1RoleBindingNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGEdsm-01-repository NodePort 1000233 ltnonegt 5000032695TCP5500032203TCP 8mdsm-01-ibm-dsm-dev NodePort 100085 ltnonegt 1108032444TCP1108130462TCP 8m
==gt v1beta1DeploymentNAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGEdsm-01-repository 1 1 1 1 8mdsm-01-ibm-dsm-dev 1 1 1 1 8m
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdsm-01-repository-76f87d47d4-dlqh4 11 Running 0 8mdsm-01-ibm-dsm-dev-b976d89bd-dflqn 22 Running 0 8m
2 RoleBindings
2 Services
1x Db2 (repodb)
1x DSM
2 Deployments
2 Pods
1 Db2 1 DSM
IBM Cloud61
DSM Kubernetes resources (22)
[hellip]==gt v1SecretNAME TYPE DATA AGEdsm-01-repository-db2-passwd Opaque 1 8mdsm-01-ibm-dsm-dev-dsm-passwd Opaque 1 8m
==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGEdsm-01-repository-data-stor Bound vol14 20Gi RWO 8mdsm-01-ibm-dsm-dev-datavolume Bound vol12 20Gi RWO 8m
==gt v1ServiceAccountNAME SECRETS AGEdsm-repodb-dsm-01-repository 1 8mdsm-dsm-01-ibm-dsm-dev 1 8m
==gt v1RoleNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
2 Secrets 1 DSM
asmin 1 Db2
instance owner
2 PVCs 1 DSM
Db2
3 Roles
IBM Cloud62
Additional Resources
IBM Cloud63
Additional Resources ndash Kubernetes Docker Helm
Kubernetes
minus httpskubernetesiodocstutorialskubernetes-basics
Kubernetes in the Enterprise eBook
minus ibmbizBdYA4i
Docker
minus httpsdocsdockercomget-started
Docker Hub
minus httpshubdockercom
Helm
minus httpshelmshdocs
IBM Cloud64
Additional Resources ndash IBM Cloud Private OpenShift
IBM Cloud Private Documentation
minus httpswwwibmcomsupportknowledgecenterenSSBS6K_320kc_welcome_containershtml
Deploy IBM Cloud Private Community Edition using Vagrant
minus httpsgithubcomIBMdeploy-ibm-cloud-privateblobmasterdocsdeploy-vagrantmd
Red Hat OpenShift Container Platform Documentation
minus httpsdocsopenshiftcomcontainer-platform41welcomeindexhtml
IBM Cloud65
Additional Resources ndash Db2 Db2Wh DSMDb2 Integration into IBM Cloud Private
minus httpsdeveloperibmcomrecipestutorialsdb2-integration-into-ibm-cloud-private
Db2 on IBM Cloud Private with Red Hat OpenShift
minus httpsdeveloperibmcomrecipestutorialsibm-db2-on-ibm-cloud-private-with-redhat-openshift
IBM Db2 Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-db2oltp-dev
IBM Data Server Manager Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-dsm-dev
Deploying Db2 Warehouse SMP using Kubernetes
minus httpswwwibmcomsupportknowledgecenterenSSCJDQcomibmswgimdashdbdocadmindeploy_kubernetes_smphtml
Deploying Db2 Warehouse SMP and MPP on IBM Cloud Pak for Data
minus httpswwwibmcomsupportknowledgecenterenSSQNUZ_210comibmicpdatadoczenadmindb-reqshtmldb-reqs__db2warehouse
IBM Cloud66
Presentation on Db2 and Docker from Db2 Aktuell 2018
IBM Cloud67
Summary
IBM Cloud68
Summary
Micro Services and Containers
Kubernetes Basics
Deploying Db2 on Kubernetes
minus Db2 OLTP Single Server
minus Db2 OLTP HADR
minus Data Server Manager (DSM)
Additional Resources
Summary
IBM Cloud69
Claus Huempel IBM Deutschland GmbH
Karl-Arnold-Platz 1a
Technical Sales Professional 40474 Duesseldorf
Hybrid Data Management Germany
Mobile +49-177-3627278
Email chuempeldeibmcom
Thank You
IBM Cloud70
IBM Cloud37
Before deploying Db2 OLTP to Kubernetes a couple of stepsneed to be performed
Creating a new namespace (optional)
Configuring a pod security policy
Configuring an image pull secret
Configuring the service account
IBM Cloud38
Creating the Namespace for the Db2 OLTP containers
We will create new namespace where all our Pods for Db2 OLTP Db2 OLTP HADR and Data Server Manager will run
Create the namespace for example stock-trader-data
$ kubectl create namespace stock-trader-data
namespacestock-trader-data created
Switch the context to the newly created namespace
$ kubectl config set-context $(kubectl config current-context)
--namespace=stock-trader-data
Context mycluster-context modified
Verify pods There should be no pods running as we just created the namespace$ kubectl get podsNo resources found
IBM Cloud39
Configuring Pod Security Policy for Db2$ cat pre01yamlapiVersion extensionsv1beta1kind PodSecurityPolicymetadata
name db2-privilegesspec
allowPrivilegeEscalation trueprivileged falseallowedCapabilities- SETPCAP- MKNOD- AUDIT_WRITE- CHOWN- NET_RAW- DAC_OVERRIDE- FOWNER- FSETID- KILL- SETGID- SETUID- NET_BIND_SERVICE- SYS_CHROOT- SETFCAP- SYS_RESOURCE- IPC_OWNER- SYS_NICEfsGroup
rule RunAsAnyhostIPC true
hostNetwork falsehostPID falsehostPorts- max 65535
min 1runAsUser
rule RunAsAnyseLinux
rule RunAsAnysupplementalGroups
rule RunAsAnyvolumes-
Configure the pod security policy$ kubectl apply -f pre01yamlpodsecuritypolicyextensionsdb2-privileges configured
Verify the results$ kubectl get psp
db2-privileges false SETPCAPMKNODAUDIT_WRITECHOWNNET_RAWDAC_OVERRIDEFOWNERFSETIDKILLSETGIDSETUIDNET_BIND_SERVICESYS_CHROOTSETFCAPSYS_RESOURCEIPC_OWNERSYS_NICE RunAsAny RunAsAny RunAsAny RunAsAnyfalse
IBM Cloud40
Configuring Image Pull Secret for Db2
We need to create a image pull secret to give Kubernetes the credentials to pull the Db2 Developer-C and DSM images from Docker Hub
The username password and email are the credentials form Docker Hub
Note that you need to subscribe the Db2 and DSM images in Docker Hub first
Configure the image pull secret$ kubectl create secret docker-registry dockerhub
--docker-username=ltyour dockerhub usernamegt--docker-password=ltyour dockerhub passwordgt--docker-email=ltyour dockerhub emailgt--namespace=ltyour namespacegt
secretdockerhub created
Verify the result$ kubectl get secretsNAME TYPE DATA AGEdefault-token-mwvpl kubernetesioservice-account-token 3 17ddockerhub kubernetesiodockerconfigjson 1 13m
IBM Cloud41
Configuring Service Account for Db2$ more pre04yaml---kind ClusterRoleapiVersion rbacauthorizationk8siov1metadataname db2-privileges-cluster-role
rules- apiGroups [extensions]resources [podsecuritypolicies]verbs [use]resourceNames- db2-privileges
---kind ClusterRoleBindingapiVersion rbacauthorizationk8siov1metadataname db2-privileges-cluster-role-binding
roleRefkind ClusterRolename db2-privileges-cluster-roleapiGroup rbacauthorizationk8sio
subjects- kind ServiceAccountname defaultnamespace stock-trader-data
The YAML specification file that defines the cluster role and the cluster role binding for the service account
Configure the service account$ kubectl apply -f pre04yamlclusterrolerbacauthorizationk8siodb2-privileges-cluster-role createdclusterrolebindingrbacauthorizationk8siodb2-privileges-cluster-role-binding created
Verify the results$ kubectl get psp
db2-privileges false SETPCAPMKNODAUDIT_WRITECHOWNNET_RAWDAC_OVERRIDEFOWNERFSETIDKILLSETGIDSETUIDNET_BIND_SERVICESYS_CHROOTSETFCAPSYS_RESOURCEIPC_OWNERSYS_NICE RunAsAny RunAsAny RunAsAnyRunAsAny false
IBM Cloud42
Helm Charts for Db2 and DSM
IBM Cloud43
Helm install command to deploy Db2 OLTP on Kubernetes
Installing Db2 OLTP server with one database in 2 minutes
$ helm install --name db2-01 ibm-chartsibm-db2oltp-dev
--tls
--set db2instinstname=db2inst1
--set db2instpassword=passw0rd
--set optionsdatabaseName=MYDB
--set dataVolumesize=20Gi
Size of the
Db2 data
volume
Name of database that
will be created
If not specified no
database will be
created
Instance
owner name
Instance owner
password
Db2 OLTP
Helm chart
name
Helm release
name
different for each
deployment
Additional parameters available for example to enable Oracle compatibilitySee httpsgithubcomIBMchartstreemasterstableibm-db2oltp-dev
IBM Cloud44
Letrsquos verify if we can connect to the MYDB database (1)
Get list of running pods and verify that Db2 OLTP pod is running
$ kubectl get podsNAME READY STATUS RESTARTS AGEdb2-01-ibm-db2oltp-dev-0 11 Running 1 7h57m
Review the logs of the Db2 OLTP container
$ kubectl logs -f db2-01-ibm-db2oltp-dev-009152019 160430 0 0 SQL1063N DB2START processing was successfulSQL1063N DB2START processing was successful() Starting TEXT SEARCH service CIE00001 Operation completed successfullyssh-keygen generating new host keys RSA1 RSA DSA ECDSA ED25519() All databases are now active() Setup has completed
IBM Cloud45
Letrsquos verify if we can connect to the MYDB database (2)
Login to the Db2 OLTP container and connect to MYDB Db2 database
$ kubectl exec -it db2-01-ibm-db2oltp-dev-0 --binbash su - db2inst1Last login Sun Sep 15 161711 UTC 2019$ db2 connect to MYDB
Database Connection Information
Database server = DB2LINUXX8664 11144SQL authorization ID = DB2INST1Local database alias = MYDB
IBM Cloud46
Cataloging the MYDB database
We need to catalog the MYDB database to access from Db2 client
binbash
NODE_PORT=$(kubectl get --namespace stock-trader-data
-o jsonpath=specports[0]nodePort services db2-01-ibm-db2oltp-dev-db2)
echo Cataloging node db2tcp1
db2 -v uncatalog node DB2TCP1
db2 -v catalog tcpip node DB2TCP1 remote 19216827100 server $NODE_PORT
echo Cataloging database MYDB at node db2tcp1
db2 -v uncatalog database MYDB
db2 -v catalog database MYDB at node DB2TCP1
db2 terminate
We get the Db2 port
from the Db2 OLTP
helm release service
definition
IBM Cloud47
Kubernetes resources for Db2 OLTP$ helm status db2-01 --tlsNAME db2-01LAST DEPLOYED Sun Sep 15 081114 2019NAMESPACE stock-trader-dataSTATUS DEPLOYEDRESOURCES==gt v1SecretNAME TYPE DATA AGEdb2-01-ibm-db2oltp-dev Opaque 1 1s==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
db2-01-data-stor Bound vol12 20Gi RWO 1s
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
db2-01-ibm-db2oltp-dev-db2 NodePort 100050 ltnonegt 5000030463TCP5500032236TCP 1sdb2-01-ibm-db2oltp-dev ClusterIP None ltnonegt 50000TCP55000TCP60006TCP60007TCP 1s==gt v1StatefulSetNAME DESIRED CURRENT AGE
db2-01-ibm-db2oltp-dev 1 1 1s
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdb2-01-ibm-db2oltp-dev-0 01 Init01 0 1s 1 Pod runs
the Db2
container
2 Services for
Db2 1x external
1x internal
1 StatefulSet
DESIRED = 1
1 PVC (RWO) for db
files logs amp config
1 Secret
Db2 instance
owner password
IBM Cloud48
Helm install command for deploying Db2 OLTP HADR
Setting up a Db2 OLTP v111 HADR cluster pair in 5 minutes with 1 command
helm install --name db2-02 ibm-chartsibm-db2oltp-dev
--tls
--set db2instinstname=db2inst1
--set db2instpassword=passw0rd
--set optionsdatabaseName=HADB
--set dataVolumesize=20Gi--set hadrenabled=true
Additional parameter
hadrenabled set to true to
indicate that we want a
HADR setup
IBM Cloud49
Verify that Db2 HADR is working
IBM Cloud50
Kubernetes resources for Db2 OTLP HADRNAME db2-02LAST DEPLOYED Tue Sep 17 082433 2019NAMESPACE stock-trader-dataSTATUS DEPLOYEDRESOURCES==gt v1SecretNAME TYPE DATA AGEdb2-02-ibm-db2oltp-dev Opaque 1 1s==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
db2-02-hadr-stor Bound vol09 20Gi RWX 1s
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
db2-02-ibm-db2oltp-dev-db2 NodePort 100061 ltnonegt 5000032422TCP5500032181TCP 1sdb2-02-ibm-db2oltp-dev ClusterIP None ltnonegt 50000TCP55000TCP60006TCP60007TCP 1sdb2-02-ibm-db2oltp-dev-etcd ClusterIP None ltnonegt 2380TCP2379TCP 1s==gt v1StatefulSetNAME DESIRED CURRENT AGE
db2-02-ibm-db2oltp-dev 2 2 1s
==gt v1beta2StatefulSet
db2-02-ibm-db2oltp-dev-etcd 3 0 1s
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdb2-02-ibm-db2oltp-dev-0 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-1 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-etcd-0 01 ContainerCreating 0 1sdb2-02-ibm-db2oltp-dev-etcd-1 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-etcd-2 01 Pending 0 1s
5 Pods
2x Db2 3x etcd
3 Services
2x Db2 1x etcd
2 StatefulSets
Db2 DESIRED=2
etcd DESIRED=3
1 PVC (RWX)
for HADR setup (1)
1 Secret
Db2 instance
owner password
(1) 5 addntl PVCs are being created
implicitly for 2x Db2 and 3x etcd
IBM Cloud51
Kubernetes Job to deploy SQL $ cat single04yamlapiVersion batchv1kind Jobmetadata
name db2-01-create-database-schemaspec
templatespec
containers- name db2-01-create-database-schema
image storeibmcorpdb2_developer_c11144-x86_64command [ binsh-cscriptsdb2-setupsh ]volumeMounts- name db2-createschema
mountPath scriptssecurityContext
capabilitiesadd [SYS_RESOURCE IPC_OWNER SYS_NICE]
env- name LICENSE
value accept- name DB2INSTANCE
value db2inst1- name DB2INST1_PASSWORD
valueFromsecretKeyRef
name db2-01-ibm-db2oltp-devkey password
- name DB2_SERVICE_NAMEvalue db2-01-ibm-db2oltp-dev
- name DBNAMEvalue mydb
restartPolicy Nevervolumes- name db2-createschema
configMapname db2-createschemadefaultMode 0744
backoffLimit 1---apiVersion v1data
db2-setupsh |binshexport SETUPDIR=vardb2_setupsource $SETUPDIRincludedb2_constantssource $SETUPDIRincludedb2_common_functionsif getent passwd $DB2INSTANCE gt devnull 2gtamp1 then
echo () Previous setup has not been detected Creating create_users
fiif create_instance then
exit 1fistart_db2cp scriptsdb2-createschemash databasedb2-createschemashchmod +x databasedb2-createschemashsu - $DB2INSTANCE -c databasedb2-createschemash
$DB2_SERVICE_NAME $DB2INSTANCEldquo$DB2INST1_PASSWORD $DBNAME
IBM Cloud52
Kubernetes Job to deploy SQL (contrsquod)db2-createschemash |
binshDB2_SERVICE_NAME=$1DB2INSTANCE=$2DB2INST1_PASSWORD=$3DBNAME=$4echo Configure schema for database $DBNAME on host $DB2_SERVICE_NAMEdb2 catalog tcpip node DB2NODE remote $DB2_SERVICE_NAME server 50000db2 catalog db $DBNAME as $DBNAME at node DB2NODEdb2 terminatedb2 activate database $DBNAME user $DB2INSTANCE using $DB2INST1_PASSWORDdb2 connect to $DBNAME user $DB2INSTANCE using $DB2INST1_PASSWORDsleep 2db2 -tvmf scriptsps-bp-tbspsqlsleep 10db2 -tvmf scriptsps-tablessqlecho Database $DBNAME has been configured
ps-bp-tbspsql |CREATE BUFFERPOOL BP32K PAGESIZE 32KCREATE TABLESPACE TS32 PAGESIZE 32K BUFFERPOOL BP32K
ps-tablessql |CREATE TABLE PS_TABLE(PS_TABLE_ID INTEGER NOT NULL GENERATED ALWAYS AS IDENTITY (START WITH 100000 INCREMENT BY 5) [hellip] IN TS32INSERT INTO PS_TABLE (SSNFIRST_NAMELAST_NAMEJOB_CODEDEPTSALARYDOB) WITH TEMP1 [hellip] CREATE TABLE PS_HISTORY ( FIRSTNAME VARCHAR(20) NOT NULL LASTNAME VARCHAR(20) NOT NULL JOBCODE CHAR(4) NOT NULL ) IN TS32 GRANT ALL ON ps_table TO PUBLICGRANT ALL ON ps_history TO PUBLIC
kind ConfigMapmetadata
name db2-createschema
IBM Cloud53
Deploying the Job to run the SQL
We deploy the Kubernetes job that runs the SQL on the MYDB database
$ kubectl apply ndashf single04yaml
jobbatchdb2-01-create-database-schema created
configmapdb2-createschema configured
We verify that the job has been created
$ kubectl get jobs
NAME COMPLETIONS DURATION AGE
db2-01-create-database-schema 01 0s 0s
Eventually the job completes
$ kubectl get jobs
NAME COMPLETIONS DURATION AGE
db2-01-create-database-schema 11 109s 45m
IBM Cloud54
Verifying the logs from the Job that runs the SQL on MYDBWe run a script to retrieve the logs form the job
binbash
kubectl config set-context $(kubectl config current-context) --namespace=stock-trader-data
pod=$(kubectl get pods --selector=job-name=db2-01-create-database-schema --output=jsonpath=items[]metadataname)
kubectl logs -f $pod
Output
[hellip]
DB20000I The SQL command completed successfully
GRANT ALL ON ps_table TO PUBLIC
DB20000I The SQL command completed successfully
GRANT ALL ON ps_history TO PUBLIC
DB20000I The SQL command completed successfully
Database mydb has been configured
IBM Cloud55
Deploying Data Server Manager (DSM) with the GUI
IBM Cloud56
Deploying Data Server Manager (DSM) with the GUI (2)
IBM Cloud57
Getting the URL of Data Server Manager
We need to query Kubernetes for the URL of the DSM GUI
binbash
export NODE_PORT=$(kubectl get --namespace stock-trader-data -o jsonpath=spec
ports[1]nodePort services dsm-01-ibm-dsm-dev)
export NODE_IP=$(kubectl get nodes --namespace stock-trader-data -o jsonpath=
items[0]statusaddresses[0]address)
echo https$NODE_IP$NODE_PORT
=gt https1921682710030462 (can be different on your system)
IBM Cloud58
Accessing Data Server Manager
IBM Cloud59
Data Server Manager HomepageAll Db2 OLTP instances running in the
same namespace as DSM will be auto-
discovered and monitored by DSM
IBM Cloud60
DSM Kubernetes resources (12)$ helm status dsm-01 --tlsLAST DEPLOYED Mon Sep 16 120102 2019NAMESPACE stock-trader-dataSTATUS DEPLOYED
RESOURCES==gt v1RoleBindingNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGEdsm-01-repository NodePort 1000233 ltnonegt 5000032695TCP5500032203TCP 8mdsm-01-ibm-dsm-dev NodePort 100085 ltnonegt 1108032444TCP1108130462TCP 8m
==gt v1beta1DeploymentNAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGEdsm-01-repository 1 1 1 1 8mdsm-01-ibm-dsm-dev 1 1 1 1 8m
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdsm-01-repository-76f87d47d4-dlqh4 11 Running 0 8mdsm-01-ibm-dsm-dev-b976d89bd-dflqn 22 Running 0 8m
2 RoleBindings
2 Services
1x Db2 (repodb)
1x DSM
2 Deployments
2 Pods
1 Db2 1 DSM
IBM Cloud61
DSM Kubernetes resources (22)
[hellip]==gt v1SecretNAME TYPE DATA AGEdsm-01-repository-db2-passwd Opaque 1 8mdsm-01-ibm-dsm-dev-dsm-passwd Opaque 1 8m
==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGEdsm-01-repository-data-stor Bound vol14 20Gi RWO 8mdsm-01-ibm-dsm-dev-datavolume Bound vol12 20Gi RWO 8m
==gt v1ServiceAccountNAME SECRETS AGEdsm-repodb-dsm-01-repository 1 8mdsm-dsm-01-ibm-dsm-dev 1 8m
==gt v1RoleNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
2 Secrets 1 DSM
asmin 1 Db2
instance owner
2 PVCs 1 DSM
Db2
3 Roles
IBM Cloud62
Additional Resources
IBM Cloud63
Additional Resources ndash Kubernetes Docker Helm
Kubernetes
minus httpskubernetesiodocstutorialskubernetes-basics
Kubernetes in the Enterprise eBook
minus ibmbizBdYA4i
Docker
minus httpsdocsdockercomget-started
Docker Hub
minus httpshubdockercom
Helm
minus httpshelmshdocs
IBM Cloud64
Additional Resources ndash IBM Cloud Private OpenShift
IBM Cloud Private Documentation
minus httpswwwibmcomsupportknowledgecenterenSSBS6K_320kc_welcome_containershtml
Deploy IBM Cloud Private Community Edition using Vagrant
minus httpsgithubcomIBMdeploy-ibm-cloud-privateblobmasterdocsdeploy-vagrantmd
Red Hat OpenShift Container Platform Documentation
minus httpsdocsopenshiftcomcontainer-platform41welcomeindexhtml
IBM Cloud65
Additional Resources ndash Db2 Db2Wh DSMDb2 Integration into IBM Cloud Private
minus httpsdeveloperibmcomrecipestutorialsdb2-integration-into-ibm-cloud-private
Db2 on IBM Cloud Private with Red Hat OpenShift
minus httpsdeveloperibmcomrecipestutorialsibm-db2-on-ibm-cloud-private-with-redhat-openshift
IBM Db2 Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-db2oltp-dev
IBM Data Server Manager Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-dsm-dev
Deploying Db2 Warehouse SMP using Kubernetes
minus httpswwwibmcomsupportknowledgecenterenSSCJDQcomibmswgimdashdbdocadmindeploy_kubernetes_smphtml
Deploying Db2 Warehouse SMP and MPP on IBM Cloud Pak for Data
minus httpswwwibmcomsupportknowledgecenterenSSQNUZ_210comibmicpdatadoczenadmindb-reqshtmldb-reqs__db2warehouse
IBM Cloud66
Presentation on Db2 and Docker from Db2 Aktuell 2018
IBM Cloud67
Summary
IBM Cloud68
Summary
Micro Services and Containers
Kubernetes Basics
Deploying Db2 on Kubernetes
minus Db2 OLTP Single Server
minus Db2 OLTP HADR
minus Data Server Manager (DSM)
Additional Resources
Summary
IBM Cloud69
Claus Huempel IBM Deutschland GmbH
Karl-Arnold-Platz 1a
Technical Sales Professional 40474 Duesseldorf
Hybrid Data Management Germany
Mobile +49-177-3627278
Email chuempeldeibmcom
Thank You
IBM Cloud70
IBM Cloud38
Creating the Namespace for the Db2 OLTP containers
We will create new namespace where all our Pods for Db2 OLTP Db2 OLTP HADR and Data Server Manager will run
Create the namespace for example stock-trader-data
$ kubectl create namespace stock-trader-data
namespacestock-trader-data created
Switch the context to the newly created namespace
$ kubectl config set-context $(kubectl config current-context)
--namespace=stock-trader-data
Context mycluster-context modified
Verify pods There should be no pods running as we just created the namespace$ kubectl get podsNo resources found
IBM Cloud39
Configuring Pod Security Policy for Db2$ cat pre01yamlapiVersion extensionsv1beta1kind PodSecurityPolicymetadata
name db2-privilegesspec
allowPrivilegeEscalation trueprivileged falseallowedCapabilities- SETPCAP- MKNOD- AUDIT_WRITE- CHOWN- NET_RAW- DAC_OVERRIDE- FOWNER- FSETID- KILL- SETGID- SETUID- NET_BIND_SERVICE- SYS_CHROOT- SETFCAP- SYS_RESOURCE- IPC_OWNER- SYS_NICEfsGroup
rule RunAsAnyhostIPC true
hostNetwork falsehostPID falsehostPorts- max 65535
min 1runAsUser
rule RunAsAnyseLinux
rule RunAsAnysupplementalGroups
rule RunAsAnyvolumes-
Configure the pod security policy$ kubectl apply -f pre01yamlpodsecuritypolicyextensionsdb2-privileges configured
Verify the results$ kubectl get psp
db2-privileges false SETPCAPMKNODAUDIT_WRITECHOWNNET_RAWDAC_OVERRIDEFOWNERFSETIDKILLSETGIDSETUIDNET_BIND_SERVICESYS_CHROOTSETFCAPSYS_RESOURCEIPC_OWNERSYS_NICE RunAsAny RunAsAny RunAsAny RunAsAnyfalse
IBM Cloud40
Configuring Image Pull Secret for Db2
We need to create a image pull secret to give Kubernetes the credentials to pull the Db2 Developer-C and DSM images from Docker Hub
The username password and email are the credentials form Docker Hub
Note that you need to subscribe the Db2 and DSM images in Docker Hub first
Configure the image pull secret$ kubectl create secret docker-registry dockerhub
--docker-username=ltyour dockerhub usernamegt--docker-password=ltyour dockerhub passwordgt--docker-email=ltyour dockerhub emailgt--namespace=ltyour namespacegt
secretdockerhub created
Verify the result$ kubectl get secretsNAME TYPE DATA AGEdefault-token-mwvpl kubernetesioservice-account-token 3 17ddockerhub kubernetesiodockerconfigjson 1 13m
IBM Cloud41
Configuring Service Account for Db2$ more pre04yaml---kind ClusterRoleapiVersion rbacauthorizationk8siov1metadataname db2-privileges-cluster-role
rules- apiGroups [extensions]resources [podsecuritypolicies]verbs [use]resourceNames- db2-privileges
---kind ClusterRoleBindingapiVersion rbacauthorizationk8siov1metadataname db2-privileges-cluster-role-binding
roleRefkind ClusterRolename db2-privileges-cluster-roleapiGroup rbacauthorizationk8sio
subjects- kind ServiceAccountname defaultnamespace stock-trader-data
The YAML specification file that defines the cluster role and the cluster role binding for the service account
Configure the service account$ kubectl apply -f pre04yamlclusterrolerbacauthorizationk8siodb2-privileges-cluster-role createdclusterrolebindingrbacauthorizationk8siodb2-privileges-cluster-role-binding created
Verify the results$ kubectl get psp
db2-privileges false SETPCAPMKNODAUDIT_WRITECHOWNNET_RAWDAC_OVERRIDEFOWNERFSETIDKILLSETGIDSETUIDNET_BIND_SERVICESYS_CHROOTSETFCAPSYS_RESOURCEIPC_OWNERSYS_NICE RunAsAny RunAsAny RunAsAnyRunAsAny false
IBM Cloud42
Helm Charts for Db2 and DSM
IBM Cloud43
Helm install command to deploy Db2 OLTP on Kubernetes
Installing Db2 OLTP server with one database in 2 minutes
$ helm install --name db2-01 ibm-chartsibm-db2oltp-dev
--tls
--set db2instinstname=db2inst1
--set db2instpassword=passw0rd
--set optionsdatabaseName=MYDB
--set dataVolumesize=20Gi
Size of the
Db2 data
volume
Name of database that
will be created
If not specified no
database will be
created
Instance
owner name
Instance owner
password
Db2 OLTP
Helm chart
name
Helm release
name
different for each
deployment
Additional parameters available for example to enable Oracle compatibilitySee httpsgithubcomIBMchartstreemasterstableibm-db2oltp-dev
IBM Cloud44
Letrsquos verify if we can connect to the MYDB database (1)
Get list of running pods and verify that Db2 OLTP pod is running
$ kubectl get podsNAME READY STATUS RESTARTS AGEdb2-01-ibm-db2oltp-dev-0 11 Running 1 7h57m
Review the logs of the Db2 OLTP container
$ kubectl logs -f db2-01-ibm-db2oltp-dev-009152019 160430 0 0 SQL1063N DB2START processing was successfulSQL1063N DB2START processing was successful() Starting TEXT SEARCH service CIE00001 Operation completed successfullyssh-keygen generating new host keys RSA1 RSA DSA ECDSA ED25519() All databases are now active() Setup has completed
IBM Cloud45
Letrsquos verify if we can connect to the MYDB database (2)
Login to the Db2 OLTP container and connect to MYDB Db2 database
$ kubectl exec -it db2-01-ibm-db2oltp-dev-0 --binbash su - db2inst1Last login Sun Sep 15 161711 UTC 2019$ db2 connect to MYDB
Database Connection Information
Database server = DB2LINUXX8664 11144SQL authorization ID = DB2INST1Local database alias = MYDB
IBM Cloud46
Cataloging the MYDB database
We need to catalog the MYDB database to access from Db2 client
binbash
NODE_PORT=$(kubectl get --namespace stock-trader-data
-o jsonpath=specports[0]nodePort services db2-01-ibm-db2oltp-dev-db2)
echo Cataloging node db2tcp1
db2 -v uncatalog node DB2TCP1
db2 -v catalog tcpip node DB2TCP1 remote 19216827100 server $NODE_PORT
echo Cataloging database MYDB at node db2tcp1
db2 -v uncatalog database MYDB
db2 -v catalog database MYDB at node DB2TCP1
db2 terminate
We get the Db2 port
from the Db2 OLTP
helm release service
definition
IBM Cloud47
Kubernetes resources for Db2 OLTP$ helm status db2-01 --tlsNAME db2-01LAST DEPLOYED Sun Sep 15 081114 2019NAMESPACE stock-trader-dataSTATUS DEPLOYEDRESOURCES==gt v1SecretNAME TYPE DATA AGEdb2-01-ibm-db2oltp-dev Opaque 1 1s==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
db2-01-data-stor Bound vol12 20Gi RWO 1s
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
db2-01-ibm-db2oltp-dev-db2 NodePort 100050 ltnonegt 5000030463TCP5500032236TCP 1sdb2-01-ibm-db2oltp-dev ClusterIP None ltnonegt 50000TCP55000TCP60006TCP60007TCP 1s==gt v1StatefulSetNAME DESIRED CURRENT AGE
db2-01-ibm-db2oltp-dev 1 1 1s
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdb2-01-ibm-db2oltp-dev-0 01 Init01 0 1s 1 Pod runs
the Db2
container
2 Services for
Db2 1x external
1x internal
1 StatefulSet
DESIRED = 1
1 PVC (RWO) for db
files logs amp config
1 Secret
Db2 instance
owner password
IBM Cloud48
Helm install command for deploying Db2 OLTP HADR
Setting up a Db2 OLTP v111 HADR cluster pair in 5 minutes with 1 command
helm install --name db2-02 ibm-chartsibm-db2oltp-dev
--tls
--set db2instinstname=db2inst1
--set db2instpassword=passw0rd
--set optionsdatabaseName=HADB
--set dataVolumesize=20Gi--set hadrenabled=true
Additional parameter
hadrenabled set to true to
indicate that we want a
HADR setup
IBM Cloud49
Verify that Db2 HADR is working
IBM Cloud50
Kubernetes resources for Db2 OTLP HADRNAME db2-02LAST DEPLOYED Tue Sep 17 082433 2019NAMESPACE stock-trader-dataSTATUS DEPLOYEDRESOURCES==gt v1SecretNAME TYPE DATA AGEdb2-02-ibm-db2oltp-dev Opaque 1 1s==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
db2-02-hadr-stor Bound vol09 20Gi RWX 1s
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
db2-02-ibm-db2oltp-dev-db2 NodePort 100061 ltnonegt 5000032422TCP5500032181TCP 1sdb2-02-ibm-db2oltp-dev ClusterIP None ltnonegt 50000TCP55000TCP60006TCP60007TCP 1sdb2-02-ibm-db2oltp-dev-etcd ClusterIP None ltnonegt 2380TCP2379TCP 1s==gt v1StatefulSetNAME DESIRED CURRENT AGE
db2-02-ibm-db2oltp-dev 2 2 1s
==gt v1beta2StatefulSet
db2-02-ibm-db2oltp-dev-etcd 3 0 1s
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdb2-02-ibm-db2oltp-dev-0 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-1 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-etcd-0 01 ContainerCreating 0 1sdb2-02-ibm-db2oltp-dev-etcd-1 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-etcd-2 01 Pending 0 1s
5 Pods
2x Db2 3x etcd
3 Services
2x Db2 1x etcd
2 StatefulSets
Db2 DESIRED=2
etcd DESIRED=3
1 PVC (RWX)
for HADR setup (1)
1 Secret
Db2 instance
owner password
(1) 5 addntl PVCs are being created
implicitly for 2x Db2 and 3x etcd
IBM Cloud51
Kubernetes Job to deploy SQL $ cat single04yamlapiVersion batchv1kind Jobmetadata
name db2-01-create-database-schemaspec
templatespec
containers- name db2-01-create-database-schema
image storeibmcorpdb2_developer_c11144-x86_64command [ binsh-cscriptsdb2-setupsh ]volumeMounts- name db2-createschema
mountPath scriptssecurityContext
capabilitiesadd [SYS_RESOURCE IPC_OWNER SYS_NICE]
env- name LICENSE
value accept- name DB2INSTANCE
value db2inst1- name DB2INST1_PASSWORD
valueFromsecretKeyRef
name db2-01-ibm-db2oltp-devkey password
- name DB2_SERVICE_NAMEvalue db2-01-ibm-db2oltp-dev
- name DBNAMEvalue mydb
restartPolicy Nevervolumes- name db2-createschema
configMapname db2-createschemadefaultMode 0744
backoffLimit 1---apiVersion v1data
db2-setupsh |binshexport SETUPDIR=vardb2_setupsource $SETUPDIRincludedb2_constantssource $SETUPDIRincludedb2_common_functionsif getent passwd $DB2INSTANCE gt devnull 2gtamp1 then
echo () Previous setup has not been detected Creating create_users
fiif create_instance then
exit 1fistart_db2cp scriptsdb2-createschemash databasedb2-createschemashchmod +x databasedb2-createschemashsu - $DB2INSTANCE -c databasedb2-createschemash
$DB2_SERVICE_NAME $DB2INSTANCEldquo$DB2INST1_PASSWORD $DBNAME
IBM Cloud52
Kubernetes Job to deploy SQL (contrsquod)db2-createschemash |
binshDB2_SERVICE_NAME=$1DB2INSTANCE=$2DB2INST1_PASSWORD=$3DBNAME=$4echo Configure schema for database $DBNAME on host $DB2_SERVICE_NAMEdb2 catalog tcpip node DB2NODE remote $DB2_SERVICE_NAME server 50000db2 catalog db $DBNAME as $DBNAME at node DB2NODEdb2 terminatedb2 activate database $DBNAME user $DB2INSTANCE using $DB2INST1_PASSWORDdb2 connect to $DBNAME user $DB2INSTANCE using $DB2INST1_PASSWORDsleep 2db2 -tvmf scriptsps-bp-tbspsqlsleep 10db2 -tvmf scriptsps-tablessqlecho Database $DBNAME has been configured
ps-bp-tbspsql |CREATE BUFFERPOOL BP32K PAGESIZE 32KCREATE TABLESPACE TS32 PAGESIZE 32K BUFFERPOOL BP32K
ps-tablessql |CREATE TABLE PS_TABLE(PS_TABLE_ID INTEGER NOT NULL GENERATED ALWAYS AS IDENTITY (START WITH 100000 INCREMENT BY 5) [hellip] IN TS32INSERT INTO PS_TABLE (SSNFIRST_NAMELAST_NAMEJOB_CODEDEPTSALARYDOB) WITH TEMP1 [hellip] CREATE TABLE PS_HISTORY ( FIRSTNAME VARCHAR(20) NOT NULL LASTNAME VARCHAR(20) NOT NULL JOBCODE CHAR(4) NOT NULL ) IN TS32 GRANT ALL ON ps_table TO PUBLICGRANT ALL ON ps_history TO PUBLIC
kind ConfigMapmetadata
name db2-createschema
IBM Cloud53
Deploying the Job to run the SQL
We deploy the Kubernetes job that runs the SQL on the MYDB database
$ kubectl apply ndashf single04yaml
jobbatchdb2-01-create-database-schema created
configmapdb2-createschema configured
We verify that the job has been created
$ kubectl get jobs
NAME COMPLETIONS DURATION AGE
db2-01-create-database-schema 01 0s 0s
Eventually the job completes
$ kubectl get jobs
NAME COMPLETIONS DURATION AGE
db2-01-create-database-schema 11 109s 45m
IBM Cloud54
Verifying the logs from the Job that runs the SQL on MYDBWe run a script to retrieve the logs form the job
binbash
kubectl config set-context $(kubectl config current-context) --namespace=stock-trader-data
pod=$(kubectl get pods --selector=job-name=db2-01-create-database-schema --output=jsonpath=items[]metadataname)
kubectl logs -f $pod
Output
[hellip]
DB20000I The SQL command completed successfully
GRANT ALL ON ps_table TO PUBLIC
DB20000I The SQL command completed successfully
GRANT ALL ON ps_history TO PUBLIC
DB20000I The SQL command completed successfully
Database mydb has been configured
IBM Cloud55
Deploying Data Server Manager (DSM) with the GUI
IBM Cloud56
Deploying Data Server Manager (DSM) with the GUI (2)
IBM Cloud57
Getting the URL of Data Server Manager
We need to query Kubernetes for the URL of the DSM GUI
binbash
export NODE_PORT=$(kubectl get --namespace stock-trader-data -o jsonpath=spec
ports[1]nodePort services dsm-01-ibm-dsm-dev)
export NODE_IP=$(kubectl get nodes --namespace stock-trader-data -o jsonpath=
items[0]statusaddresses[0]address)
echo https$NODE_IP$NODE_PORT
=gt https1921682710030462 (can be different on your system)
IBM Cloud58
Accessing Data Server Manager
IBM Cloud59
Data Server Manager HomepageAll Db2 OLTP instances running in the
same namespace as DSM will be auto-
discovered and monitored by DSM
IBM Cloud60
DSM Kubernetes resources (12)$ helm status dsm-01 --tlsLAST DEPLOYED Mon Sep 16 120102 2019NAMESPACE stock-trader-dataSTATUS DEPLOYED
RESOURCES==gt v1RoleBindingNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGEdsm-01-repository NodePort 1000233 ltnonegt 5000032695TCP5500032203TCP 8mdsm-01-ibm-dsm-dev NodePort 100085 ltnonegt 1108032444TCP1108130462TCP 8m
==gt v1beta1DeploymentNAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGEdsm-01-repository 1 1 1 1 8mdsm-01-ibm-dsm-dev 1 1 1 1 8m
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdsm-01-repository-76f87d47d4-dlqh4 11 Running 0 8mdsm-01-ibm-dsm-dev-b976d89bd-dflqn 22 Running 0 8m
2 RoleBindings
2 Services
1x Db2 (repodb)
1x DSM
2 Deployments
2 Pods
1 Db2 1 DSM
IBM Cloud61
DSM Kubernetes resources (22)
[hellip]==gt v1SecretNAME TYPE DATA AGEdsm-01-repository-db2-passwd Opaque 1 8mdsm-01-ibm-dsm-dev-dsm-passwd Opaque 1 8m
==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGEdsm-01-repository-data-stor Bound vol14 20Gi RWO 8mdsm-01-ibm-dsm-dev-datavolume Bound vol12 20Gi RWO 8m
==gt v1ServiceAccountNAME SECRETS AGEdsm-repodb-dsm-01-repository 1 8mdsm-dsm-01-ibm-dsm-dev 1 8m
==gt v1RoleNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
2 Secrets 1 DSM
asmin 1 Db2
instance owner
2 PVCs 1 DSM
Db2
3 Roles
IBM Cloud62
Additional Resources
IBM Cloud63
Additional Resources ndash Kubernetes Docker Helm
Kubernetes
minus httpskubernetesiodocstutorialskubernetes-basics
Kubernetes in the Enterprise eBook
minus ibmbizBdYA4i
Docker
minus httpsdocsdockercomget-started
Docker Hub
minus httpshubdockercom
Helm
minus httpshelmshdocs
IBM Cloud64
Additional Resources ndash IBM Cloud Private OpenShift
IBM Cloud Private Documentation
minus httpswwwibmcomsupportknowledgecenterenSSBS6K_320kc_welcome_containershtml
Deploy IBM Cloud Private Community Edition using Vagrant
minus httpsgithubcomIBMdeploy-ibm-cloud-privateblobmasterdocsdeploy-vagrantmd
Red Hat OpenShift Container Platform Documentation
minus httpsdocsopenshiftcomcontainer-platform41welcomeindexhtml
IBM Cloud65
Additional Resources ndash Db2 Db2Wh DSMDb2 Integration into IBM Cloud Private
minus httpsdeveloperibmcomrecipestutorialsdb2-integration-into-ibm-cloud-private
Db2 on IBM Cloud Private with Red Hat OpenShift
minus httpsdeveloperibmcomrecipestutorialsibm-db2-on-ibm-cloud-private-with-redhat-openshift
IBM Db2 Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-db2oltp-dev
IBM Data Server Manager Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-dsm-dev
Deploying Db2 Warehouse SMP using Kubernetes
minus httpswwwibmcomsupportknowledgecenterenSSCJDQcomibmswgimdashdbdocadmindeploy_kubernetes_smphtml
Deploying Db2 Warehouse SMP and MPP on IBM Cloud Pak for Data
minus httpswwwibmcomsupportknowledgecenterenSSQNUZ_210comibmicpdatadoczenadmindb-reqshtmldb-reqs__db2warehouse
IBM Cloud66
Presentation on Db2 and Docker from Db2 Aktuell 2018
IBM Cloud67
Summary
IBM Cloud68
Summary
Micro Services and Containers
Kubernetes Basics
Deploying Db2 on Kubernetes
minus Db2 OLTP Single Server
minus Db2 OLTP HADR
minus Data Server Manager (DSM)
Additional Resources
Summary
IBM Cloud69
Claus Huempel IBM Deutschland GmbH
Karl-Arnold-Platz 1a
Technical Sales Professional 40474 Duesseldorf
Hybrid Data Management Germany
Mobile +49-177-3627278
Email chuempeldeibmcom
Thank You
IBM Cloud70
IBM Cloud39
Configuring Pod Security Policy for Db2$ cat pre01yamlapiVersion extensionsv1beta1kind PodSecurityPolicymetadata
name db2-privilegesspec
allowPrivilegeEscalation trueprivileged falseallowedCapabilities- SETPCAP- MKNOD- AUDIT_WRITE- CHOWN- NET_RAW- DAC_OVERRIDE- FOWNER- FSETID- KILL- SETGID- SETUID- NET_BIND_SERVICE- SYS_CHROOT- SETFCAP- SYS_RESOURCE- IPC_OWNER- SYS_NICEfsGroup
rule RunAsAnyhostIPC true
hostNetwork falsehostPID falsehostPorts- max 65535
min 1runAsUser
rule RunAsAnyseLinux
rule RunAsAnysupplementalGroups
rule RunAsAnyvolumes-
Configure the pod security policy$ kubectl apply -f pre01yamlpodsecuritypolicyextensionsdb2-privileges configured
Verify the results$ kubectl get psp
db2-privileges false SETPCAPMKNODAUDIT_WRITECHOWNNET_RAWDAC_OVERRIDEFOWNERFSETIDKILLSETGIDSETUIDNET_BIND_SERVICESYS_CHROOTSETFCAPSYS_RESOURCEIPC_OWNERSYS_NICE RunAsAny RunAsAny RunAsAny RunAsAnyfalse
IBM Cloud40
Configuring Image Pull Secret for Db2
We need to create a image pull secret to give Kubernetes the credentials to pull the Db2 Developer-C and DSM images from Docker Hub
The username password and email are the credentials form Docker Hub
Note that you need to subscribe the Db2 and DSM images in Docker Hub first
Configure the image pull secret$ kubectl create secret docker-registry dockerhub
--docker-username=ltyour dockerhub usernamegt--docker-password=ltyour dockerhub passwordgt--docker-email=ltyour dockerhub emailgt--namespace=ltyour namespacegt
secretdockerhub created
Verify the result$ kubectl get secretsNAME TYPE DATA AGEdefault-token-mwvpl kubernetesioservice-account-token 3 17ddockerhub kubernetesiodockerconfigjson 1 13m
IBM Cloud41
Configuring Service Account for Db2$ more pre04yaml---kind ClusterRoleapiVersion rbacauthorizationk8siov1metadataname db2-privileges-cluster-role
rules- apiGroups [extensions]resources [podsecuritypolicies]verbs [use]resourceNames- db2-privileges
---kind ClusterRoleBindingapiVersion rbacauthorizationk8siov1metadataname db2-privileges-cluster-role-binding
roleRefkind ClusterRolename db2-privileges-cluster-roleapiGroup rbacauthorizationk8sio
subjects- kind ServiceAccountname defaultnamespace stock-trader-data
The YAML specification file that defines the cluster role and the cluster role binding for the service account
Configure the service account$ kubectl apply -f pre04yamlclusterrolerbacauthorizationk8siodb2-privileges-cluster-role createdclusterrolebindingrbacauthorizationk8siodb2-privileges-cluster-role-binding created
Verify the results$ kubectl get psp
db2-privileges false SETPCAPMKNODAUDIT_WRITECHOWNNET_RAWDAC_OVERRIDEFOWNERFSETIDKILLSETGIDSETUIDNET_BIND_SERVICESYS_CHROOTSETFCAPSYS_RESOURCEIPC_OWNERSYS_NICE RunAsAny RunAsAny RunAsAnyRunAsAny false
IBM Cloud42
Helm Charts for Db2 and DSM
IBM Cloud43
Helm install command to deploy Db2 OLTP on Kubernetes
Installing Db2 OLTP server with one database in 2 minutes
$ helm install --name db2-01 ibm-chartsibm-db2oltp-dev
--tls
--set db2instinstname=db2inst1
--set db2instpassword=passw0rd
--set optionsdatabaseName=MYDB
--set dataVolumesize=20Gi
Size of the
Db2 data
volume
Name of database that
will be created
If not specified no
database will be
created
Instance
owner name
Instance owner
password
Db2 OLTP
Helm chart
name
Helm release
name
different for each
deployment
Additional parameters available for example to enable Oracle compatibilitySee httpsgithubcomIBMchartstreemasterstableibm-db2oltp-dev
IBM Cloud44
Letrsquos verify if we can connect to the MYDB database (1)
Get list of running pods and verify that Db2 OLTP pod is running
$ kubectl get podsNAME READY STATUS RESTARTS AGEdb2-01-ibm-db2oltp-dev-0 11 Running 1 7h57m
Review the logs of the Db2 OLTP container
$ kubectl logs -f db2-01-ibm-db2oltp-dev-009152019 160430 0 0 SQL1063N DB2START processing was successfulSQL1063N DB2START processing was successful() Starting TEXT SEARCH service CIE00001 Operation completed successfullyssh-keygen generating new host keys RSA1 RSA DSA ECDSA ED25519() All databases are now active() Setup has completed
IBM Cloud45
Letrsquos verify if we can connect to the MYDB database (2)
Login to the Db2 OLTP container and connect to MYDB Db2 database
$ kubectl exec -it db2-01-ibm-db2oltp-dev-0 --binbash su - db2inst1Last login Sun Sep 15 161711 UTC 2019$ db2 connect to MYDB
Database Connection Information
Database server = DB2LINUXX8664 11144SQL authorization ID = DB2INST1Local database alias = MYDB
IBM Cloud46
Cataloging the MYDB database
We need to catalog the MYDB database to access from Db2 client
binbash
NODE_PORT=$(kubectl get --namespace stock-trader-data
-o jsonpath=specports[0]nodePort services db2-01-ibm-db2oltp-dev-db2)
echo Cataloging node db2tcp1
db2 -v uncatalog node DB2TCP1
db2 -v catalog tcpip node DB2TCP1 remote 19216827100 server $NODE_PORT
echo Cataloging database MYDB at node db2tcp1
db2 -v uncatalog database MYDB
db2 -v catalog database MYDB at node DB2TCP1
db2 terminate
We get the Db2 port
from the Db2 OLTP
helm release service
definition
IBM Cloud47
Kubernetes resources for Db2 OLTP$ helm status db2-01 --tlsNAME db2-01LAST DEPLOYED Sun Sep 15 081114 2019NAMESPACE stock-trader-dataSTATUS DEPLOYEDRESOURCES==gt v1SecretNAME TYPE DATA AGEdb2-01-ibm-db2oltp-dev Opaque 1 1s==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
db2-01-data-stor Bound vol12 20Gi RWO 1s
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
db2-01-ibm-db2oltp-dev-db2 NodePort 100050 ltnonegt 5000030463TCP5500032236TCP 1sdb2-01-ibm-db2oltp-dev ClusterIP None ltnonegt 50000TCP55000TCP60006TCP60007TCP 1s==gt v1StatefulSetNAME DESIRED CURRENT AGE
db2-01-ibm-db2oltp-dev 1 1 1s
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdb2-01-ibm-db2oltp-dev-0 01 Init01 0 1s 1 Pod runs
the Db2
container
2 Services for
Db2 1x external
1x internal
1 StatefulSet
DESIRED = 1
1 PVC (RWO) for db
files logs amp config
1 Secret
Db2 instance
owner password
IBM Cloud48
Helm install command for deploying Db2 OLTP HADR
Setting up a Db2 OLTP v111 HADR cluster pair in 5 minutes with 1 command
helm install --name db2-02 ibm-chartsibm-db2oltp-dev
--tls
--set db2instinstname=db2inst1
--set db2instpassword=passw0rd
--set optionsdatabaseName=HADB
--set dataVolumesize=20Gi--set hadrenabled=true
Additional parameter
hadrenabled set to true to
indicate that we want a
HADR setup
IBM Cloud49
Verify that Db2 HADR is working
IBM Cloud50
Kubernetes resources for Db2 OTLP HADRNAME db2-02LAST DEPLOYED Tue Sep 17 082433 2019NAMESPACE stock-trader-dataSTATUS DEPLOYEDRESOURCES==gt v1SecretNAME TYPE DATA AGEdb2-02-ibm-db2oltp-dev Opaque 1 1s==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
db2-02-hadr-stor Bound vol09 20Gi RWX 1s
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
db2-02-ibm-db2oltp-dev-db2 NodePort 100061 ltnonegt 5000032422TCP5500032181TCP 1sdb2-02-ibm-db2oltp-dev ClusterIP None ltnonegt 50000TCP55000TCP60006TCP60007TCP 1sdb2-02-ibm-db2oltp-dev-etcd ClusterIP None ltnonegt 2380TCP2379TCP 1s==gt v1StatefulSetNAME DESIRED CURRENT AGE
db2-02-ibm-db2oltp-dev 2 2 1s
==gt v1beta2StatefulSet
db2-02-ibm-db2oltp-dev-etcd 3 0 1s
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdb2-02-ibm-db2oltp-dev-0 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-1 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-etcd-0 01 ContainerCreating 0 1sdb2-02-ibm-db2oltp-dev-etcd-1 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-etcd-2 01 Pending 0 1s
5 Pods
2x Db2 3x etcd
3 Services
2x Db2 1x etcd
2 StatefulSets
Db2 DESIRED=2
etcd DESIRED=3
1 PVC (RWX)
for HADR setup (1)
1 Secret
Db2 instance
owner password
(1) 5 addntl PVCs are being created
implicitly for 2x Db2 and 3x etcd
IBM Cloud51
Kubernetes Job to deploy SQL $ cat single04yamlapiVersion batchv1kind Jobmetadata
name db2-01-create-database-schemaspec
templatespec
containers- name db2-01-create-database-schema
image storeibmcorpdb2_developer_c11144-x86_64command [ binsh-cscriptsdb2-setupsh ]volumeMounts- name db2-createschema
mountPath scriptssecurityContext
capabilitiesadd [SYS_RESOURCE IPC_OWNER SYS_NICE]
env- name LICENSE
value accept- name DB2INSTANCE
value db2inst1- name DB2INST1_PASSWORD
valueFromsecretKeyRef
name db2-01-ibm-db2oltp-devkey password
- name DB2_SERVICE_NAMEvalue db2-01-ibm-db2oltp-dev
- name DBNAMEvalue mydb
restartPolicy Nevervolumes- name db2-createschema
configMapname db2-createschemadefaultMode 0744
backoffLimit 1---apiVersion v1data
db2-setupsh |binshexport SETUPDIR=vardb2_setupsource $SETUPDIRincludedb2_constantssource $SETUPDIRincludedb2_common_functionsif getent passwd $DB2INSTANCE gt devnull 2gtamp1 then
echo () Previous setup has not been detected Creating create_users
fiif create_instance then
exit 1fistart_db2cp scriptsdb2-createschemash databasedb2-createschemashchmod +x databasedb2-createschemashsu - $DB2INSTANCE -c databasedb2-createschemash
$DB2_SERVICE_NAME $DB2INSTANCEldquo$DB2INST1_PASSWORD $DBNAME
IBM Cloud52
Kubernetes Job to deploy SQL (contrsquod)db2-createschemash |
binshDB2_SERVICE_NAME=$1DB2INSTANCE=$2DB2INST1_PASSWORD=$3DBNAME=$4echo Configure schema for database $DBNAME on host $DB2_SERVICE_NAMEdb2 catalog tcpip node DB2NODE remote $DB2_SERVICE_NAME server 50000db2 catalog db $DBNAME as $DBNAME at node DB2NODEdb2 terminatedb2 activate database $DBNAME user $DB2INSTANCE using $DB2INST1_PASSWORDdb2 connect to $DBNAME user $DB2INSTANCE using $DB2INST1_PASSWORDsleep 2db2 -tvmf scriptsps-bp-tbspsqlsleep 10db2 -tvmf scriptsps-tablessqlecho Database $DBNAME has been configured
ps-bp-tbspsql |CREATE BUFFERPOOL BP32K PAGESIZE 32KCREATE TABLESPACE TS32 PAGESIZE 32K BUFFERPOOL BP32K
ps-tablessql |CREATE TABLE PS_TABLE(PS_TABLE_ID INTEGER NOT NULL GENERATED ALWAYS AS IDENTITY (START WITH 100000 INCREMENT BY 5) [hellip] IN TS32INSERT INTO PS_TABLE (SSNFIRST_NAMELAST_NAMEJOB_CODEDEPTSALARYDOB) WITH TEMP1 [hellip] CREATE TABLE PS_HISTORY ( FIRSTNAME VARCHAR(20) NOT NULL LASTNAME VARCHAR(20) NOT NULL JOBCODE CHAR(4) NOT NULL ) IN TS32 GRANT ALL ON ps_table TO PUBLICGRANT ALL ON ps_history TO PUBLIC
kind ConfigMapmetadata
name db2-createschema
IBM Cloud53
Deploying the Job to run the SQL
We deploy the Kubernetes job that runs the SQL on the MYDB database
$ kubectl apply ndashf single04yaml
jobbatchdb2-01-create-database-schema created
configmapdb2-createschema configured
We verify that the job has been created
$ kubectl get jobs
NAME COMPLETIONS DURATION AGE
db2-01-create-database-schema 01 0s 0s
Eventually the job completes
$ kubectl get jobs
NAME COMPLETIONS DURATION AGE
db2-01-create-database-schema 11 109s 45m
IBM Cloud54
Verifying the logs from the Job that runs the SQL on MYDBWe run a script to retrieve the logs form the job
binbash
kubectl config set-context $(kubectl config current-context) --namespace=stock-trader-data
pod=$(kubectl get pods --selector=job-name=db2-01-create-database-schema --output=jsonpath=items[]metadataname)
kubectl logs -f $pod
Output
[hellip]
DB20000I The SQL command completed successfully
GRANT ALL ON ps_table TO PUBLIC
DB20000I The SQL command completed successfully
GRANT ALL ON ps_history TO PUBLIC
DB20000I The SQL command completed successfully
Database mydb has been configured
IBM Cloud55
Deploying Data Server Manager (DSM) with the GUI
IBM Cloud56
Deploying Data Server Manager (DSM) with the GUI (2)
IBM Cloud57
Getting the URL of Data Server Manager
We need to query Kubernetes for the URL of the DSM GUI
binbash
export NODE_PORT=$(kubectl get --namespace stock-trader-data -o jsonpath=spec
ports[1]nodePort services dsm-01-ibm-dsm-dev)
export NODE_IP=$(kubectl get nodes --namespace stock-trader-data -o jsonpath=
items[0]statusaddresses[0]address)
echo https$NODE_IP$NODE_PORT
=gt https1921682710030462 (can be different on your system)
IBM Cloud58
Accessing Data Server Manager
IBM Cloud59
Data Server Manager HomepageAll Db2 OLTP instances running in the
same namespace as DSM will be auto-
discovered and monitored by DSM
IBM Cloud60
DSM Kubernetes resources (12)$ helm status dsm-01 --tlsLAST DEPLOYED Mon Sep 16 120102 2019NAMESPACE stock-trader-dataSTATUS DEPLOYED
RESOURCES==gt v1RoleBindingNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGEdsm-01-repository NodePort 1000233 ltnonegt 5000032695TCP5500032203TCP 8mdsm-01-ibm-dsm-dev NodePort 100085 ltnonegt 1108032444TCP1108130462TCP 8m
==gt v1beta1DeploymentNAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGEdsm-01-repository 1 1 1 1 8mdsm-01-ibm-dsm-dev 1 1 1 1 8m
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdsm-01-repository-76f87d47d4-dlqh4 11 Running 0 8mdsm-01-ibm-dsm-dev-b976d89bd-dflqn 22 Running 0 8m
2 RoleBindings
2 Services
1x Db2 (repodb)
1x DSM
2 Deployments
2 Pods
1 Db2 1 DSM
IBM Cloud61
DSM Kubernetes resources (22)
[hellip]==gt v1SecretNAME TYPE DATA AGEdsm-01-repository-db2-passwd Opaque 1 8mdsm-01-ibm-dsm-dev-dsm-passwd Opaque 1 8m
==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGEdsm-01-repository-data-stor Bound vol14 20Gi RWO 8mdsm-01-ibm-dsm-dev-datavolume Bound vol12 20Gi RWO 8m
==gt v1ServiceAccountNAME SECRETS AGEdsm-repodb-dsm-01-repository 1 8mdsm-dsm-01-ibm-dsm-dev 1 8m
==gt v1RoleNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
2 Secrets 1 DSM
asmin 1 Db2
instance owner
2 PVCs 1 DSM
Db2
3 Roles
IBM Cloud62
Additional Resources
IBM Cloud63
Additional Resources ndash Kubernetes Docker Helm
Kubernetes
minus httpskubernetesiodocstutorialskubernetes-basics
Kubernetes in the Enterprise eBook
minus ibmbizBdYA4i
Docker
minus httpsdocsdockercomget-started
Docker Hub
minus httpshubdockercom
Helm
minus httpshelmshdocs
IBM Cloud64
Additional Resources ndash IBM Cloud Private OpenShift
IBM Cloud Private Documentation
minus httpswwwibmcomsupportknowledgecenterenSSBS6K_320kc_welcome_containershtml
Deploy IBM Cloud Private Community Edition using Vagrant
minus httpsgithubcomIBMdeploy-ibm-cloud-privateblobmasterdocsdeploy-vagrantmd
Red Hat OpenShift Container Platform Documentation
minus httpsdocsopenshiftcomcontainer-platform41welcomeindexhtml
IBM Cloud65
Additional Resources ndash Db2 Db2Wh DSMDb2 Integration into IBM Cloud Private
minus httpsdeveloperibmcomrecipestutorialsdb2-integration-into-ibm-cloud-private
Db2 on IBM Cloud Private with Red Hat OpenShift
minus httpsdeveloperibmcomrecipestutorialsibm-db2-on-ibm-cloud-private-with-redhat-openshift
IBM Db2 Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-db2oltp-dev
IBM Data Server Manager Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-dsm-dev
Deploying Db2 Warehouse SMP using Kubernetes
minus httpswwwibmcomsupportknowledgecenterenSSCJDQcomibmswgimdashdbdocadmindeploy_kubernetes_smphtml
Deploying Db2 Warehouse SMP and MPP on IBM Cloud Pak for Data
minus httpswwwibmcomsupportknowledgecenterenSSQNUZ_210comibmicpdatadoczenadmindb-reqshtmldb-reqs__db2warehouse
IBM Cloud66
Presentation on Db2 and Docker from Db2 Aktuell 2018
IBM Cloud67
Summary
IBM Cloud68
Summary
Micro Services and Containers
Kubernetes Basics
Deploying Db2 on Kubernetes
minus Db2 OLTP Single Server
minus Db2 OLTP HADR
minus Data Server Manager (DSM)
Additional Resources
Summary
IBM Cloud69
Claus Huempel IBM Deutschland GmbH
Karl-Arnold-Platz 1a
Technical Sales Professional 40474 Duesseldorf
Hybrid Data Management Germany
Mobile +49-177-3627278
Email chuempeldeibmcom
Thank You
IBM Cloud70
IBM Cloud40
Configuring Image Pull Secret for Db2
We need to create a image pull secret to give Kubernetes the credentials to pull the Db2 Developer-C and DSM images from Docker Hub
The username password and email are the credentials form Docker Hub
Note that you need to subscribe the Db2 and DSM images in Docker Hub first
Configure the image pull secret$ kubectl create secret docker-registry dockerhub
--docker-username=ltyour dockerhub usernamegt--docker-password=ltyour dockerhub passwordgt--docker-email=ltyour dockerhub emailgt--namespace=ltyour namespacegt
secretdockerhub created
Verify the result$ kubectl get secretsNAME TYPE DATA AGEdefault-token-mwvpl kubernetesioservice-account-token 3 17ddockerhub kubernetesiodockerconfigjson 1 13m
IBM Cloud41
Configuring Service Account for Db2$ more pre04yaml---kind ClusterRoleapiVersion rbacauthorizationk8siov1metadataname db2-privileges-cluster-role
rules- apiGroups [extensions]resources [podsecuritypolicies]verbs [use]resourceNames- db2-privileges
---kind ClusterRoleBindingapiVersion rbacauthorizationk8siov1metadataname db2-privileges-cluster-role-binding
roleRefkind ClusterRolename db2-privileges-cluster-roleapiGroup rbacauthorizationk8sio
subjects- kind ServiceAccountname defaultnamespace stock-trader-data
The YAML specification file that defines the cluster role and the cluster role binding for the service account
Configure the service account$ kubectl apply -f pre04yamlclusterrolerbacauthorizationk8siodb2-privileges-cluster-role createdclusterrolebindingrbacauthorizationk8siodb2-privileges-cluster-role-binding created
Verify the results$ kubectl get psp
db2-privileges false SETPCAPMKNODAUDIT_WRITECHOWNNET_RAWDAC_OVERRIDEFOWNERFSETIDKILLSETGIDSETUIDNET_BIND_SERVICESYS_CHROOTSETFCAPSYS_RESOURCEIPC_OWNERSYS_NICE RunAsAny RunAsAny RunAsAnyRunAsAny false
IBM Cloud42
Helm Charts for Db2 and DSM
IBM Cloud43
Helm install command to deploy Db2 OLTP on Kubernetes
Installing Db2 OLTP server with one database in 2 minutes
$ helm install --name db2-01 ibm-chartsibm-db2oltp-dev
--tls
--set db2instinstname=db2inst1
--set db2instpassword=passw0rd
--set optionsdatabaseName=MYDB
--set dataVolumesize=20Gi
Size of the
Db2 data
volume
Name of database that
will be created
If not specified no
database will be
created
Instance
owner name
Instance owner
password
Db2 OLTP
Helm chart
name
Helm release
name
different for each
deployment
Additional parameters available for example to enable Oracle compatibilitySee httpsgithubcomIBMchartstreemasterstableibm-db2oltp-dev
IBM Cloud44
Letrsquos verify if we can connect to the MYDB database (1)
Get list of running pods and verify that Db2 OLTP pod is running
$ kubectl get podsNAME READY STATUS RESTARTS AGEdb2-01-ibm-db2oltp-dev-0 11 Running 1 7h57m
Review the logs of the Db2 OLTP container
$ kubectl logs -f db2-01-ibm-db2oltp-dev-009152019 160430 0 0 SQL1063N DB2START processing was successfulSQL1063N DB2START processing was successful() Starting TEXT SEARCH service CIE00001 Operation completed successfullyssh-keygen generating new host keys RSA1 RSA DSA ECDSA ED25519() All databases are now active() Setup has completed
IBM Cloud45
Letrsquos verify if we can connect to the MYDB database (2)
Login to the Db2 OLTP container and connect to MYDB Db2 database
$ kubectl exec -it db2-01-ibm-db2oltp-dev-0 --binbash su - db2inst1Last login Sun Sep 15 161711 UTC 2019$ db2 connect to MYDB
Database Connection Information
Database server = DB2LINUXX8664 11144SQL authorization ID = DB2INST1Local database alias = MYDB
IBM Cloud46
Cataloging the MYDB database
We need to catalog the MYDB database to access from Db2 client
binbash
NODE_PORT=$(kubectl get --namespace stock-trader-data
-o jsonpath=specports[0]nodePort services db2-01-ibm-db2oltp-dev-db2)
echo Cataloging node db2tcp1
db2 -v uncatalog node DB2TCP1
db2 -v catalog tcpip node DB2TCP1 remote 19216827100 server $NODE_PORT
echo Cataloging database MYDB at node db2tcp1
db2 -v uncatalog database MYDB
db2 -v catalog database MYDB at node DB2TCP1
db2 terminate
We get the Db2 port
from the Db2 OLTP
helm release service
definition
IBM Cloud47
Kubernetes resources for Db2 OLTP$ helm status db2-01 --tlsNAME db2-01LAST DEPLOYED Sun Sep 15 081114 2019NAMESPACE stock-trader-dataSTATUS DEPLOYEDRESOURCES==gt v1SecretNAME TYPE DATA AGEdb2-01-ibm-db2oltp-dev Opaque 1 1s==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
db2-01-data-stor Bound vol12 20Gi RWO 1s
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
db2-01-ibm-db2oltp-dev-db2 NodePort 100050 ltnonegt 5000030463TCP5500032236TCP 1sdb2-01-ibm-db2oltp-dev ClusterIP None ltnonegt 50000TCP55000TCP60006TCP60007TCP 1s==gt v1StatefulSetNAME DESIRED CURRENT AGE
db2-01-ibm-db2oltp-dev 1 1 1s
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdb2-01-ibm-db2oltp-dev-0 01 Init01 0 1s 1 Pod runs
the Db2
container
2 Services for
Db2 1x external
1x internal
1 StatefulSet
DESIRED = 1
1 PVC (RWO) for db
files logs amp config
1 Secret
Db2 instance
owner password
IBM Cloud48
Helm install command for deploying Db2 OLTP HADR
Setting up a Db2 OLTP v111 HADR cluster pair in 5 minutes with 1 command
helm install --name db2-02 ibm-chartsibm-db2oltp-dev
--tls
--set db2instinstname=db2inst1
--set db2instpassword=passw0rd
--set optionsdatabaseName=HADB
--set dataVolumesize=20Gi--set hadrenabled=true
Additional parameter
hadrenabled set to true to
indicate that we want a
HADR setup
IBM Cloud49
Verify that Db2 HADR is working
IBM Cloud50
Kubernetes resources for Db2 OTLP HADRNAME db2-02LAST DEPLOYED Tue Sep 17 082433 2019NAMESPACE stock-trader-dataSTATUS DEPLOYEDRESOURCES==gt v1SecretNAME TYPE DATA AGEdb2-02-ibm-db2oltp-dev Opaque 1 1s==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
db2-02-hadr-stor Bound vol09 20Gi RWX 1s
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
db2-02-ibm-db2oltp-dev-db2 NodePort 100061 ltnonegt 5000032422TCP5500032181TCP 1sdb2-02-ibm-db2oltp-dev ClusterIP None ltnonegt 50000TCP55000TCP60006TCP60007TCP 1sdb2-02-ibm-db2oltp-dev-etcd ClusterIP None ltnonegt 2380TCP2379TCP 1s==gt v1StatefulSetNAME DESIRED CURRENT AGE
db2-02-ibm-db2oltp-dev 2 2 1s
==gt v1beta2StatefulSet
db2-02-ibm-db2oltp-dev-etcd 3 0 1s
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdb2-02-ibm-db2oltp-dev-0 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-1 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-etcd-0 01 ContainerCreating 0 1sdb2-02-ibm-db2oltp-dev-etcd-1 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-etcd-2 01 Pending 0 1s
5 Pods
2x Db2 3x etcd
3 Services
2x Db2 1x etcd
2 StatefulSets
Db2 DESIRED=2
etcd DESIRED=3
1 PVC (RWX)
for HADR setup (1)
1 Secret
Db2 instance
owner password
(1) 5 addntl PVCs are being created
implicitly for 2x Db2 and 3x etcd
IBM Cloud51
Kubernetes Job to deploy SQL $ cat single04yamlapiVersion batchv1kind Jobmetadata
name db2-01-create-database-schemaspec
templatespec
containers- name db2-01-create-database-schema
image storeibmcorpdb2_developer_c11144-x86_64command [ binsh-cscriptsdb2-setupsh ]volumeMounts- name db2-createschema
mountPath scriptssecurityContext
capabilitiesadd [SYS_RESOURCE IPC_OWNER SYS_NICE]
env- name LICENSE
value accept- name DB2INSTANCE
value db2inst1- name DB2INST1_PASSWORD
valueFromsecretKeyRef
name db2-01-ibm-db2oltp-devkey password
- name DB2_SERVICE_NAMEvalue db2-01-ibm-db2oltp-dev
- name DBNAMEvalue mydb
restartPolicy Nevervolumes- name db2-createschema
configMapname db2-createschemadefaultMode 0744
backoffLimit 1---apiVersion v1data
db2-setupsh |binshexport SETUPDIR=vardb2_setupsource $SETUPDIRincludedb2_constantssource $SETUPDIRincludedb2_common_functionsif getent passwd $DB2INSTANCE gt devnull 2gtamp1 then
echo () Previous setup has not been detected Creating create_users
fiif create_instance then
exit 1fistart_db2cp scriptsdb2-createschemash databasedb2-createschemashchmod +x databasedb2-createschemashsu - $DB2INSTANCE -c databasedb2-createschemash
$DB2_SERVICE_NAME $DB2INSTANCEldquo$DB2INST1_PASSWORD $DBNAME
IBM Cloud52
Kubernetes Job to deploy SQL (contrsquod)db2-createschemash |
binshDB2_SERVICE_NAME=$1DB2INSTANCE=$2DB2INST1_PASSWORD=$3DBNAME=$4echo Configure schema for database $DBNAME on host $DB2_SERVICE_NAMEdb2 catalog tcpip node DB2NODE remote $DB2_SERVICE_NAME server 50000db2 catalog db $DBNAME as $DBNAME at node DB2NODEdb2 terminatedb2 activate database $DBNAME user $DB2INSTANCE using $DB2INST1_PASSWORDdb2 connect to $DBNAME user $DB2INSTANCE using $DB2INST1_PASSWORDsleep 2db2 -tvmf scriptsps-bp-tbspsqlsleep 10db2 -tvmf scriptsps-tablessqlecho Database $DBNAME has been configured
ps-bp-tbspsql |CREATE BUFFERPOOL BP32K PAGESIZE 32KCREATE TABLESPACE TS32 PAGESIZE 32K BUFFERPOOL BP32K
ps-tablessql |CREATE TABLE PS_TABLE(PS_TABLE_ID INTEGER NOT NULL GENERATED ALWAYS AS IDENTITY (START WITH 100000 INCREMENT BY 5) [hellip] IN TS32INSERT INTO PS_TABLE (SSNFIRST_NAMELAST_NAMEJOB_CODEDEPTSALARYDOB) WITH TEMP1 [hellip] CREATE TABLE PS_HISTORY ( FIRSTNAME VARCHAR(20) NOT NULL LASTNAME VARCHAR(20) NOT NULL JOBCODE CHAR(4) NOT NULL ) IN TS32 GRANT ALL ON ps_table TO PUBLICGRANT ALL ON ps_history TO PUBLIC
kind ConfigMapmetadata
name db2-createschema
IBM Cloud53
Deploying the Job to run the SQL
We deploy the Kubernetes job that runs the SQL on the MYDB database
$ kubectl apply ndashf single04yaml
jobbatchdb2-01-create-database-schema created
configmapdb2-createschema configured
We verify that the job has been created
$ kubectl get jobs
NAME COMPLETIONS DURATION AGE
db2-01-create-database-schema 01 0s 0s
Eventually the job completes
$ kubectl get jobs
NAME COMPLETIONS DURATION AGE
db2-01-create-database-schema 11 109s 45m
IBM Cloud54
Verifying the logs from the Job that runs the SQL on MYDBWe run a script to retrieve the logs form the job
binbash
kubectl config set-context $(kubectl config current-context) --namespace=stock-trader-data
pod=$(kubectl get pods --selector=job-name=db2-01-create-database-schema --output=jsonpath=items[]metadataname)
kubectl logs -f $pod
Output
[hellip]
DB20000I The SQL command completed successfully
GRANT ALL ON ps_table TO PUBLIC
DB20000I The SQL command completed successfully
GRANT ALL ON ps_history TO PUBLIC
DB20000I The SQL command completed successfully
Database mydb has been configured
IBM Cloud55
Deploying Data Server Manager (DSM) with the GUI
IBM Cloud56
Deploying Data Server Manager (DSM) with the GUI (2)
IBM Cloud57
Getting the URL of Data Server Manager
We need to query Kubernetes for the URL of the DSM GUI
binbash
export NODE_PORT=$(kubectl get --namespace stock-trader-data -o jsonpath=spec
ports[1]nodePort services dsm-01-ibm-dsm-dev)
export NODE_IP=$(kubectl get nodes --namespace stock-trader-data -o jsonpath=
items[0]statusaddresses[0]address)
echo https$NODE_IP$NODE_PORT
=gt https1921682710030462 (can be different on your system)
IBM Cloud58
Accessing Data Server Manager
IBM Cloud59
Data Server Manager HomepageAll Db2 OLTP instances running in the
same namespace as DSM will be auto-
discovered and monitored by DSM
IBM Cloud60
DSM Kubernetes resources (12)$ helm status dsm-01 --tlsLAST DEPLOYED Mon Sep 16 120102 2019NAMESPACE stock-trader-dataSTATUS DEPLOYED
RESOURCES==gt v1RoleBindingNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGEdsm-01-repository NodePort 1000233 ltnonegt 5000032695TCP5500032203TCP 8mdsm-01-ibm-dsm-dev NodePort 100085 ltnonegt 1108032444TCP1108130462TCP 8m
==gt v1beta1DeploymentNAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGEdsm-01-repository 1 1 1 1 8mdsm-01-ibm-dsm-dev 1 1 1 1 8m
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdsm-01-repository-76f87d47d4-dlqh4 11 Running 0 8mdsm-01-ibm-dsm-dev-b976d89bd-dflqn 22 Running 0 8m
2 RoleBindings
2 Services
1x Db2 (repodb)
1x DSM
2 Deployments
2 Pods
1 Db2 1 DSM
IBM Cloud61
DSM Kubernetes resources (22)
[hellip]==gt v1SecretNAME TYPE DATA AGEdsm-01-repository-db2-passwd Opaque 1 8mdsm-01-ibm-dsm-dev-dsm-passwd Opaque 1 8m
==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGEdsm-01-repository-data-stor Bound vol14 20Gi RWO 8mdsm-01-ibm-dsm-dev-datavolume Bound vol12 20Gi RWO 8m
==gt v1ServiceAccountNAME SECRETS AGEdsm-repodb-dsm-01-repository 1 8mdsm-dsm-01-ibm-dsm-dev 1 8m
==gt v1RoleNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
2 Secrets 1 DSM
asmin 1 Db2
instance owner
2 PVCs 1 DSM
Db2
3 Roles
IBM Cloud62
Additional Resources
IBM Cloud63
Additional Resources ndash Kubernetes Docker Helm
Kubernetes
minus httpskubernetesiodocstutorialskubernetes-basics
Kubernetes in the Enterprise eBook
minus ibmbizBdYA4i
Docker
minus httpsdocsdockercomget-started
Docker Hub
minus httpshubdockercom
Helm
minus httpshelmshdocs
IBM Cloud64
Additional Resources ndash IBM Cloud Private OpenShift
IBM Cloud Private Documentation
minus httpswwwibmcomsupportknowledgecenterenSSBS6K_320kc_welcome_containershtml
Deploy IBM Cloud Private Community Edition using Vagrant
minus httpsgithubcomIBMdeploy-ibm-cloud-privateblobmasterdocsdeploy-vagrantmd
Red Hat OpenShift Container Platform Documentation
minus httpsdocsopenshiftcomcontainer-platform41welcomeindexhtml
IBM Cloud65
Additional Resources ndash Db2 Db2Wh DSMDb2 Integration into IBM Cloud Private
minus httpsdeveloperibmcomrecipestutorialsdb2-integration-into-ibm-cloud-private
Db2 on IBM Cloud Private with Red Hat OpenShift
minus httpsdeveloperibmcomrecipestutorialsibm-db2-on-ibm-cloud-private-with-redhat-openshift
IBM Db2 Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-db2oltp-dev
IBM Data Server Manager Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-dsm-dev
Deploying Db2 Warehouse SMP using Kubernetes
minus httpswwwibmcomsupportknowledgecenterenSSCJDQcomibmswgimdashdbdocadmindeploy_kubernetes_smphtml
Deploying Db2 Warehouse SMP and MPP on IBM Cloud Pak for Data
minus httpswwwibmcomsupportknowledgecenterenSSQNUZ_210comibmicpdatadoczenadmindb-reqshtmldb-reqs__db2warehouse
IBM Cloud66
Presentation on Db2 and Docker from Db2 Aktuell 2018
IBM Cloud67
Summary
IBM Cloud68
Summary
Micro Services and Containers
Kubernetes Basics
Deploying Db2 on Kubernetes
minus Db2 OLTP Single Server
minus Db2 OLTP HADR
minus Data Server Manager (DSM)
Additional Resources
Summary
IBM Cloud69
Claus Huempel IBM Deutschland GmbH
Karl-Arnold-Platz 1a
Technical Sales Professional 40474 Duesseldorf
Hybrid Data Management Germany
Mobile +49-177-3627278
Email chuempeldeibmcom
Thank You
IBM Cloud70
IBM Cloud41
Configuring Service Account for Db2$ more pre04yaml---kind ClusterRoleapiVersion rbacauthorizationk8siov1metadataname db2-privileges-cluster-role
rules- apiGroups [extensions]resources [podsecuritypolicies]verbs [use]resourceNames- db2-privileges
---kind ClusterRoleBindingapiVersion rbacauthorizationk8siov1metadataname db2-privileges-cluster-role-binding
roleRefkind ClusterRolename db2-privileges-cluster-roleapiGroup rbacauthorizationk8sio
subjects- kind ServiceAccountname defaultnamespace stock-trader-data
The YAML specification file that defines the cluster role and the cluster role binding for the service account
Configure the service account$ kubectl apply -f pre04yamlclusterrolerbacauthorizationk8siodb2-privileges-cluster-role createdclusterrolebindingrbacauthorizationk8siodb2-privileges-cluster-role-binding created
Verify the results$ kubectl get psp
db2-privileges false SETPCAPMKNODAUDIT_WRITECHOWNNET_RAWDAC_OVERRIDEFOWNERFSETIDKILLSETGIDSETUIDNET_BIND_SERVICESYS_CHROOTSETFCAPSYS_RESOURCEIPC_OWNERSYS_NICE RunAsAny RunAsAny RunAsAnyRunAsAny false
IBM Cloud42
Helm Charts for Db2 and DSM
IBM Cloud43
Helm install command to deploy Db2 OLTP on Kubernetes
Installing Db2 OLTP server with one database in 2 minutes
$ helm install --name db2-01 ibm-chartsibm-db2oltp-dev
--tls
--set db2instinstname=db2inst1
--set db2instpassword=passw0rd
--set optionsdatabaseName=MYDB
--set dataVolumesize=20Gi
Size of the
Db2 data
volume
Name of database that
will be created
If not specified no
database will be
created
Instance
owner name
Instance owner
password
Db2 OLTP
Helm chart
name
Helm release
name
different for each
deployment
Additional parameters available for example to enable Oracle compatibilitySee httpsgithubcomIBMchartstreemasterstableibm-db2oltp-dev
IBM Cloud44
Letrsquos verify if we can connect to the MYDB database (1)
Get list of running pods and verify that Db2 OLTP pod is running
$ kubectl get podsNAME READY STATUS RESTARTS AGEdb2-01-ibm-db2oltp-dev-0 11 Running 1 7h57m
Review the logs of the Db2 OLTP container
$ kubectl logs -f db2-01-ibm-db2oltp-dev-009152019 160430 0 0 SQL1063N DB2START processing was successfulSQL1063N DB2START processing was successful() Starting TEXT SEARCH service CIE00001 Operation completed successfullyssh-keygen generating new host keys RSA1 RSA DSA ECDSA ED25519() All databases are now active() Setup has completed
IBM Cloud45
Letrsquos verify if we can connect to the MYDB database (2)
Login to the Db2 OLTP container and connect to MYDB Db2 database
$ kubectl exec -it db2-01-ibm-db2oltp-dev-0 --binbash su - db2inst1Last login Sun Sep 15 161711 UTC 2019$ db2 connect to MYDB
Database Connection Information
Database server = DB2LINUXX8664 11144SQL authorization ID = DB2INST1Local database alias = MYDB
IBM Cloud46
Cataloging the MYDB database
We need to catalog the MYDB database to access from Db2 client
binbash
NODE_PORT=$(kubectl get --namespace stock-trader-data
-o jsonpath=specports[0]nodePort services db2-01-ibm-db2oltp-dev-db2)
echo Cataloging node db2tcp1
db2 -v uncatalog node DB2TCP1
db2 -v catalog tcpip node DB2TCP1 remote 19216827100 server $NODE_PORT
echo Cataloging database MYDB at node db2tcp1
db2 -v uncatalog database MYDB
db2 -v catalog database MYDB at node DB2TCP1
db2 terminate
We get the Db2 port
from the Db2 OLTP
helm release service
definition
IBM Cloud47
Kubernetes resources for Db2 OLTP$ helm status db2-01 --tlsNAME db2-01LAST DEPLOYED Sun Sep 15 081114 2019NAMESPACE stock-trader-dataSTATUS DEPLOYEDRESOURCES==gt v1SecretNAME TYPE DATA AGEdb2-01-ibm-db2oltp-dev Opaque 1 1s==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
db2-01-data-stor Bound vol12 20Gi RWO 1s
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
db2-01-ibm-db2oltp-dev-db2 NodePort 100050 ltnonegt 5000030463TCP5500032236TCP 1sdb2-01-ibm-db2oltp-dev ClusterIP None ltnonegt 50000TCP55000TCP60006TCP60007TCP 1s==gt v1StatefulSetNAME DESIRED CURRENT AGE
db2-01-ibm-db2oltp-dev 1 1 1s
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdb2-01-ibm-db2oltp-dev-0 01 Init01 0 1s 1 Pod runs
the Db2
container
2 Services for
Db2 1x external
1x internal
1 StatefulSet
DESIRED = 1
1 PVC (RWO) for db
files logs amp config
1 Secret
Db2 instance
owner password
IBM Cloud48
Helm install command for deploying Db2 OLTP HADR
Setting up a Db2 OLTP v111 HADR cluster pair in 5 minutes with 1 command
helm install --name db2-02 ibm-chartsibm-db2oltp-dev
--tls
--set db2instinstname=db2inst1
--set db2instpassword=passw0rd
--set optionsdatabaseName=HADB
--set dataVolumesize=20Gi--set hadrenabled=true
Additional parameter
hadrenabled set to true to
indicate that we want a
HADR setup
IBM Cloud49
Verify that Db2 HADR is working
IBM Cloud50
Kubernetes resources for Db2 OTLP HADRNAME db2-02LAST DEPLOYED Tue Sep 17 082433 2019NAMESPACE stock-trader-dataSTATUS DEPLOYEDRESOURCES==gt v1SecretNAME TYPE DATA AGEdb2-02-ibm-db2oltp-dev Opaque 1 1s==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
db2-02-hadr-stor Bound vol09 20Gi RWX 1s
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
db2-02-ibm-db2oltp-dev-db2 NodePort 100061 ltnonegt 5000032422TCP5500032181TCP 1sdb2-02-ibm-db2oltp-dev ClusterIP None ltnonegt 50000TCP55000TCP60006TCP60007TCP 1sdb2-02-ibm-db2oltp-dev-etcd ClusterIP None ltnonegt 2380TCP2379TCP 1s==gt v1StatefulSetNAME DESIRED CURRENT AGE
db2-02-ibm-db2oltp-dev 2 2 1s
==gt v1beta2StatefulSet
db2-02-ibm-db2oltp-dev-etcd 3 0 1s
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdb2-02-ibm-db2oltp-dev-0 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-1 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-etcd-0 01 ContainerCreating 0 1sdb2-02-ibm-db2oltp-dev-etcd-1 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-etcd-2 01 Pending 0 1s
5 Pods
2x Db2 3x etcd
3 Services
2x Db2 1x etcd
2 StatefulSets
Db2 DESIRED=2
etcd DESIRED=3
1 PVC (RWX)
for HADR setup (1)
1 Secret
Db2 instance
owner password
(1) 5 addntl PVCs are being created
implicitly for 2x Db2 and 3x etcd
IBM Cloud51
Kubernetes Job to deploy SQL $ cat single04yamlapiVersion batchv1kind Jobmetadata
name db2-01-create-database-schemaspec
templatespec
containers- name db2-01-create-database-schema
image storeibmcorpdb2_developer_c11144-x86_64command [ binsh-cscriptsdb2-setupsh ]volumeMounts- name db2-createschema
mountPath scriptssecurityContext
capabilitiesadd [SYS_RESOURCE IPC_OWNER SYS_NICE]
env- name LICENSE
value accept- name DB2INSTANCE
value db2inst1- name DB2INST1_PASSWORD
valueFromsecretKeyRef
name db2-01-ibm-db2oltp-devkey password
- name DB2_SERVICE_NAMEvalue db2-01-ibm-db2oltp-dev
- name DBNAMEvalue mydb
restartPolicy Nevervolumes- name db2-createschema
configMapname db2-createschemadefaultMode 0744
backoffLimit 1---apiVersion v1data
db2-setupsh |binshexport SETUPDIR=vardb2_setupsource $SETUPDIRincludedb2_constantssource $SETUPDIRincludedb2_common_functionsif getent passwd $DB2INSTANCE gt devnull 2gtamp1 then
echo () Previous setup has not been detected Creating create_users
fiif create_instance then
exit 1fistart_db2cp scriptsdb2-createschemash databasedb2-createschemashchmod +x databasedb2-createschemashsu - $DB2INSTANCE -c databasedb2-createschemash
$DB2_SERVICE_NAME $DB2INSTANCEldquo$DB2INST1_PASSWORD $DBNAME
IBM Cloud52
Kubernetes Job to deploy SQL (contrsquod)db2-createschemash |
binshDB2_SERVICE_NAME=$1DB2INSTANCE=$2DB2INST1_PASSWORD=$3DBNAME=$4echo Configure schema for database $DBNAME on host $DB2_SERVICE_NAMEdb2 catalog tcpip node DB2NODE remote $DB2_SERVICE_NAME server 50000db2 catalog db $DBNAME as $DBNAME at node DB2NODEdb2 terminatedb2 activate database $DBNAME user $DB2INSTANCE using $DB2INST1_PASSWORDdb2 connect to $DBNAME user $DB2INSTANCE using $DB2INST1_PASSWORDsleep 2db2 -tvmf scriptsps-bp-tbspsqlsleep 10db2 -tvmf scriptsps-tablessqlecho Database $DBNAME has been configured
ps-bp-tbspsql |CREATE BUFFERPOOL BP32K PAGESIZE 32KCREATE TABLESPACE TS32 PAGESIZE 32K BUFFERPOOL BP32K
ps-tablessql |CREATE TABLE PS_TABLE(PS_TABLE_ID INTEGER NOT NULL GENERATED ALWAYS AS IDENTITY (START WITH 100000 INCREMENT BY 5) [hellip] IN TS32INSERT INTO PS_TABLE (SSNFIRST_NAMELAST_NAMEJOB_CODEDEPTSALARYDOB) WITH TEMP1 [hellip] CREATE TABLE PS_HISTORY ( FIRSTNAME VARCHAR(20) NOT NULL LASTNAME VARCHAR(20) NOT NULL JOBCODE CHAR(4) NOT NULL ) IN TS32 GRANT ALL ON ps_table TO PUBLICGRANT ALL ON ps_history TO PUBLIC
kind ConfigMapmetadata
name db2-createschema
IBM Cloud53
Deploying the Job to run the SQL
We deploy the Kubernetes job that runs the SQL on the MYDB database
$ kubectl apply ndashf single04yaml
jobbatchdb2-01-create-database-schema created
configmapdb2-createschema configured
We verify that the job has been created
$ kubectl get jobs
NAME COMPLETIONS DURATION AGE
db2-01-create-database-schema 01 0s 0s
Eventually the job completes
$ kubectl get jobs
NAME COMPLETIONS DURATION AGE
db2-01-create-database-schema 11 109s 45m
IBM Cloud54
Verifying the logs from the Job that runs the SQL on MYDBWe run a script to retrieve the logs form the job
binbash
kubectl config set-context $(kubectl config current-context) --namespace=stock-trader-data
pod=$(kubectl get pods --selector=job-name=db2-01-create-database-schema --output=jsonpath=items[]metadataname)
kubectl logs -f $pod
Output
[hellip]
DB20000I The SQL command completed successfully
GRANT ALL ON ps_table TO PUBLIC
DB20000I The SQL command completed successfully
GRANT ALL ON ps_history TO PUBLIC
DB20000I The SQL command completed successfully
Database mydb has been configured
IBM Cloud55
Deploying Data Server Manager (DSM) with the GUI
IBM Cloud56
Deploying Data Server Manager (DSM) with the GUI (2)
IBM Cloud57
Getting the URL of Data Server Manager
We need to query Kubernetes for the URL of the DSM GUI
binbash
export NODE_PORT=$(kubectl get --namespace stock-trader-data -o jsonpath=spec
ports[1]nodePort services dsm-01-ibm-dsm-dev)
export NODE_IP=$(kubectl get nodes --namespace stock-trader-data -o jsonpath=
items[0]statusaddresses[0]address)
echo https$NODE_IP$NODE_PORT
=gt https1921682710030462 (can be different on your system)
IBM Cloud58
Accessing Data Server Manager
IBM Cloud59
Data Server Manager HomepageAll Db2 OLTP instances running in the
same namespace as DSM will be auto-
discovered and monitored by DSM
IBM Cloud60
DSM Kubernetes resources (12)$ helm status dsm-01 --tlsLAST DEPLOYED Mon Sep 16 120102 2019NAMESPACE stock-trader-dataSTATUS DEPLOYED
RESOURCES==gt v1RoleBindingNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGEdsm-01-repository NodePort 1000233 ltnonegt 5000032695TCP5500032203TCP 8mdsm-01-ibm-dsm-dev NodePort 100085 ltnonegt 1108032444TCP1108130462TCP 8m
==gt v1beta1DeploymentNAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGEdsm-01-repository 1 1 1 1 8mdsm-01-ibm-dsm-dev 1 1 1 1 8m
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdsm-01-repository-76f87d47d4-dlqh4 11 Running 0 8mdsm-01-ibm-dsm-dev-b976d89bd-dflqn 22 Running 0 8m
2 RoleBindings
2 Services
1x Db2 (repodb)
1x DSM
2 Deployments
2 Pods
1 Db2 1 DSM
IBM Cloud61
DSM Kubernetes resources (22)
[hellip]==gt v1SecretNAME TYPE DATA AGEdsm-01-repository-db2-passwd Opaque 1 8mdsm-01-ibm-dsm-dev-dsm-passwd Opaque 1 8m
==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGEdsm-01-repository-data-stor Bound vol14 20Gi RWO 8mdsm-01-ibm-dsm-dev-datavolume Bound vol12 20Gi RWO 8m
==gt v1ServiceAccountNAME SECRETS AGEdsm-repodb-dsm-01-repository 1 8mdsm-dsm-01-ibm-dsm-dev 1 8m
==gt v1RoleNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
2 Secrets 1 DSM
asmin 1 Db2
instance owner
2 PVCs 1 DSM
Db2
3 Roles
IBM Cloud62
Additional Resources
IBM Cloud63
Additional Resources ndash Kubernetes Docker Helm
Kubernetes
minus httpskubernetesiodocstutorialskubernetes-basics
Kubernetes in the Enterprise eBook
minus ibmbizBdYA4i
Docker
minus httpsdocsdockercomget-started
Docker Hub
minus httpshubdockercom
Helm
minus httpshelmshdocs
IBM Cloud64
Additional Resources ndash IBM Cloud Private OpenShift
IBM Cloud Private Documentation
minus httpswwwibmcomsupportknowledgecenterenSSBS6K_320kc_welcome_containershtml
Deploy IBM Cloud Private Community Edition using Vagrant
minus httpsgithubcomIBMdeploy-ibm-cloud-privateblobmasterdocsdeploy-vagrantmd
Red Hat OpenShift Container Platform Documentation
minus httpsdocsopenshiftcomcontainer-platform41welcomeindexhtml
IBM Cloud65
Additional Resources ndash Db2 Db2Wh DSMDb2 Integration into IBM Cloud Private
minus httpsdeveloperibmcomrecipestutorialsdb2-integration-into-ibm-cloud-private
Db2 on IBM Cloud Private with Red Hat OpenShift
minus httpsdeveloperibmcomrecipestutorialsibm-db2-on-ibm-cloud-private-with-redhat-openshift
IBM Db2 Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-db2oltp-dev
IBM Data Server Manager Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-dsm-dev
Deploying Db2 Warehouse SMP using Kubernetes
minus httpswwwibmcomsupportknowledgecenterenSSCJDQcomibmswgimdashdbdocadmindeploy_kubernetes_smphtml
Deploying Db2 Warehouse SMP and MPP on IBM Cloud Pak for Data
minus httpswwwibmcomsupportknowledgecenterenSSQNUZ_210comibmicpdatadoczenadmindb-reqshtmldb-reqs__db2warehouse
IBM Cloud66
Presentation on Db2 and Docker from Db2 Aktuell 2018
IBM Cloud67
Summary
IBM Cloud68
Summary
Micro Services and Containers
Kubernetes Basics
Deploying Db2 on Kubernetes
minus Db2 OLTP Single Server
minus Db2 OLTP HADR
minus Data Server Manager (DSM)
Additional Resources
Summary
IBM Cloud69
Claus Huempel IBM Deutschland GmbH
Karl-Arnold-Platz 1a
Technical Sales Professional 40474 Duesseldorf
Hybrid Data Management Germany
Mobile +49-177-3627278
Email chuempeldeibmcom
Thank You
IBM Cloud70
IBM Cloud42
Helm Charts for Db2 and DSM
IBM Cloud43
Helm install command to deploy Db2 OLTP on Kubernetes
Installing Db2 OLTP server with one database in 2 minutes
$ helm install --name db2-01 ibm-chartsibm-db2oltp-dev
--tls
--set db2instinstname=db2inst1
--set db2instpassword=passw0rd
--set optionsdatabaseName=MYDB
--set dataVolumesize=20Gi
Size of the
Db2 data
volume
Name of database that
will be created
If not specified no
database will be
created
Instance
owner name
Instance owner
password
Db2 OLTP
Helm chart
name
Helm release
name
different for each
deployment
Additional parameters available for example to enable Oracle compatibilitySee httpsgithubcomIBMchartstreemasterstableibm-db2oltp-dev
IBM Cloud44
Letrsquos verify if we can connect to the MYDB database (1)
Get list of running pods and verify that Db2 OLTP pod is running
$ kubectl get podsNAME READY STATUS RESTARTS AGEdb2-01-ibm-db2oltp-dev-0 11 Running 1 7h57m
Review the logs of the Db2 OLTP container
$ kubectl logs -f db2-01-ibm-db2oltp-dev-009152019 160430 0 0 SQL1063N DB2START processing was successfulSQL1063N DB2START processing was successful() Starting TEXT SEARCH service CIE00001 Operation completed successfullyssh-keygen generating new host keys RSA1 RSA DSA ECDSA ED25519() All databases are now active() Setup has completed
IBM Cloud45
Letrsquos verify if we can connect to the MYDB database (2)
Login to the Db2 OLTP container and connect to MYDB Db2 database
$ kubectl exec -it db2-01-ibm-db2oltp-dev-0 --binbash su - db2inst1Last login Sun Sep 15 161711 UTC 2019$ db2 connect to MYDB
Database Connection Information
Database server = DB2LINUXX8664 11144SQL authorization ID = DB2INST1Local database alias = MYDB
IBM Cloud46
Cataloging the MYDB database
We need to catalog the MYDB database to access from Db2 client
binbash
NODE_PORT=$(kubectl get --namespace stock-trader-data
-o jsonpath=specports[0]nodePort services db2-01-ibm-db2oltp-dev-db2)
echo Cataloging node db2tcp1
db2 -v uncatalog node DB2TCP1
db2 -v catalog tcpip node DB2TCP1 remote 19216827100 server $NODE_PORT
echo Cataloging database MYDB at node db2tcp1
db2 -v uncatalog database MYDB
db2 -v catalog database MYDB at node DB2TCP1
db2 terminate
We get the Db2 port
from the Db2 OLTP
helm release service
definition
IBM Cloud47
Kubernetes resources for Db2 OLTP$ helm status db2-01 --tlsNAME db2-01LAST DEPLOYED Sun Sep 15 081114 2019NAMESPACE stock-trader-dataSTATUS DEPLOYEDRESOURCES==gt v1SecretNAME TYPE DATA AGEdb2-01-ibm-db2oltp-dev Opaque 1 1s==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
db2-01-data-stor Bound vol12 20Gi RWO 1s
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
db2-01-ibm-db2oltp-dev-db2 NodePort 100050 ltnonegt 5000030463TCP5500032236TCP 1sdb2-01-ibm-db2oltp-dev ClusterIP None ltnonegt 50000TCP55000TCP60006TCP60007TCP 1s==gt v1StatefulSetNAME DESIRED CURRENT AGE
db2-01-ibm-db2oltp-dev 1 1 1s
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdb2-01-ibm-db2oltp-dev-0 01 Init01 0 1s 1 Pod runs
the Db2
container
2 Services for
Db2 1x external
1x internal
1 StatefulSet
DESIRED = 1
1 PVC (RWO) for db
files logs amp config
1 Secret
Db2 instance
owner password
IBM Cloud48
Helm install command for deploying Db2 OLTP HADR
Setting up a Db2 OLTP v111 HADR cluster pair in 5 minutes with 1 command
helm install --name db2-02 ibm-chartsibm-db2oltp-dev
--tls
--set db2instinstname=db2inst1
--set db2instpassword=passw0rd
--set optionsdatabaseName=HADB
--set dataVolumesize=20Gi--set hadrenabled=true
Additional parameter
hadrenabled set to true to
indicate that we want a
HADR setup
IBM Cloud49
Verify that Db2 HADR is working
IBM Cloud50
Kubernetes resources for Db2 OTLP HADRNAME db2-02LAST DEPLOYED Tue Sep 17 082433 2019NAMESPACE stock-trader-dataSTATUS DEPLOYEDRESOURCES==gt v1SecretNAME TYPE DATA AGEdb2-02-ibm-db2oltp-dev Opaque 1 1s==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
db2-02-hadr-stor Bound vol09 20Gi RWX 1s
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
db2-02-ibm-db2oltp-dev-db2 NodePort 100061 ltnonegt 5000032422TCP5500032181TCP 1sdb2-02-ibm-db2oltp-dev ClusterIP None ltnonegt 50000TCP55000TCP60006TCP60007TCP 1sdb2-02-ibm-db2oltp-dev-etcd ClusterIP None ltnonegt 2380TCP2379TCP 1s==gt v1StatefulSetNAME DESIRED CURRENT AGE
db2-02-ibm-db2oltp-dev 2 2 1s
==gt v1beta2StatefulSet
db2-02-ibm-db2oltp-dev-etcd 3 0 1s
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdb2-02-ibm-db2oltp-dev-0 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-1 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-etcd-0 01 ContainerCreating 0 1sdb2-02-ibm-db2oltp-dev-etcd-1 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-etcd-2 01 Pending 0 1s
5 Pods
2x Db2 3x etcd
3 Services
2x Db2 1x etcd
2 StatefulSets
Db2 DESIRED=2
etcd DESIRED=3
1 PVC (RWX)
for HADR setup (1)
1 Secret
Db2 instance
owner password
(1) 5 addntl PVCs are being created
implicitly for 2x Db2 and 3x etcd
IBM Cloud51
Kubernetes Job to deploy SQL $ cat single04yamlapiVersion batchv1kind Jobmetadata
name db2-01-create-database-schemaspec
templatespec
containers- name db2-01-create-database-schema
image storeibmcorpdb2_developer_c11144-x86_64command [ binsh-cscriptsdb2-setupsh ]volumeMounts- name db2-createschema
mountPath scriptssecurityContext
capabilitiesadd [SYS_RESOURCE IPC_OWNER SYS_NICE]
env- name LICENSE
value accept- name DB2INSTANCE
value db2inst1- name DB2INST1_PASSWORD
valueFromsecretKeyRef
name db2-01-ibm-db2oltp-devkey password
- name DB2_SERVICE_NAMEvalue db2-01-ibm-db2oltp-dev
- name DBNAMEvalue mydb
restartPolicy Nevervolumes- name db2-createschema
configMapname db2-createschemadefaultMode 0744
backoffLimit 1---apiVersion v1data
db2-setupsh |binshexport SETUPDIR=vardb2_setupsource $SETUPDIRincludedb2_constantssource $SETUPDIRincludedb2_common_functionsif getent passwd $DB2INSTANCE gt devnull 2gtamp1 then
echo () Previous setup has not been detected Creating create_users
fiif create_instance then
exit 1fistart_db2cp scriptsdb2-createschemash databasedb2-createschemashchmod +x databasedb2-createschemashsu - $DB2INSTANCE -c databasedb2-createschemash
$DB2_SERVICE_NAME $DB2INSTANCEldquo$DB2INST1_PASSWORD $DBNAME
IBM Cloud52
Kubernetes Job to deploy SQL (contrsquod)db2-createschemash |
binshDB2_SERVICE_NAME=$1DB2INSTANCE=$2DB2INST1_PASSWORD=$3DBNAME=$4echo Configure schema for database $DBNAME on host $DB2_SERVICE_NAMEdb2 catalog tcpip node DB2NODE remote $DB2_SERVICE_NAME server 50000db2 catalog db $DBNAME as $DBNAME at node DB2NODEdb2 terminatedb2 activate database $DBNAME user $DB2INSTANCE using $DB2INST1_PASSWORDdb2 connect to $DBNAME user $DB2INSTANCE using $DB2INST1_PASSWORDsleep 2db2 -tvmf scriptsps-bp-tbspsqlsleep 10db2 -tvmf scriptsps-tablessqlecho Database $DBNAME has been configured
ps-bp-tbspsql |CREATE BUFFERPOOL BP32K PAGESIZE 32KCREATE TABLESPACE TS32 PAGESIZE 32K BUFFERPOOL BP32K
ps-tablessql |CREATE TABLE PS_TABLE(PS_TABLE_ID INTEGER NOT NULL GENERATED ALWAYS AS IDENTITY (START WITH 100000 INCREMENT BY 5) [hellip] IN TS32INSERT INTO PS_TABLE (SSNFIRST_NAMELAST_NAMEJOB_CODEDEPTSALARYDOB) WITH TEMP1 [hellip] CREATE TABLE PS_HISTORY ( FIRSTNAME VARCHAR(20) NOT NULL LASTNAME VARCHAR(20) NOT NULL JOBCODE CHAR(4) NOT NULL ) IN TS32 GRANT ALL ON ps_table TO PUBLICGRANT ALL ON ps_history TO PUBLIC
kind ConfigMapmetadata
name db2-createschema
IBM Cloud53
Deploying the Job to run the SQL
We deploy the Kubernetes job that runs the SQL on the MYDB database
$ kubectl apply ndashf single04yaml
jobbatchdb2-01-create-database-schema created
configmapdb2-createschema configured
We verify that the job has been created
$ kubectl get jobs
NAME COMPLETIONS DURATION AGE
db2-01-create-database-schema 01 0s 0s
Eventually the job completes
$ kubectl get jobs
NAME COMPLETIONS DURATION AGE
db2-01-create-database-schema 11 109s 45m
IBM Cloud54
Verifying the logs from the Job that runs the SQL on MYDBWe run a script to retrieve the logs form the job
binbash
kubectl config set-context $(kubectl config current-context) --namespace=stock-trader-data
pod=$(kubectl get pods --selector=job-name=db2-01-create-database-schema --output=jsonpath=items[]metadataname)
kubectl logs -f $pod
Output
[hellip]
DB20000I The SQL command completed successfully
GRANT ALL ON ps_table TO PUBLIC
DB20000I The SQL command completed successfully
GRANT ALL ON ps_history TO PUBLIC
DB20000I The SQL command completed successfully
Database mydb has been configured
IBM Cloud55
Deploying Data Server Manager (DSM) with the GUI
IBM Cloud56
Deploying Data Server Manager (DSM) with the GUI (2)
IBM Cloud57
Getting the URL of Data Server Manager
We need to query Kubernetes for the URL of the DSM GUI
binbash
export NODE_PORT=$(kubectl get --namespace stock-trader-data -o jsonpath=spec
ports[1]nodePort services dsm-01-ibm-dsm-dev)
export NODE_IP=$(kubectl get nodes --namespace stock-trader-data -o jsonpath=
items[0]statusaddresses[0]address)
echo https$NODE_IP$NODE_PORT
=gt https1921682710030462 (can be different on your system)
IBM Cloud58
Accessing Data Server Manager
IBM Cloud59
Data Server Manager HomepageAll Db2 OLTP instances running in the
same namespace as DSM will be auto-
discovered and monitored by DSM
IBM Cloud60
DSM Kubernetes resources (12)$ helm status dsm-01 --tlsLAST DEPLOYED Mon Sep 16 120102 2019NAMESPACE stock-trader-dataSTATUS DEPLOYED
RESOURCES==gt v1RoleBindingNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGEdsm-01-repository NodePort 1000233 ltnonegt 5000032695TCP5500032203TCP 8mdsm-01-ibm-dsm-dev NodePort 100085 ltnonegt 1108032444TCP1108130462TCP 8m
==gt v1beta1DeploymentNAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGEdsm-01-repository 1 1 1 1 8mdsm-01-ibm-dsm-dev 1 1 1 1 8m
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdsm-01-repository-76f87d47d4-dlqh4 11 Running 0 8mdsm-01-ibm-dsm-dev-b976d89bd-dflqn 22 Running 0 8m
2 RoleBindings
2 Services
1x Db2 (repodb)
1x DSM
2 Deployments
2 Pods
1 Db2 1 DSM
IBM Cloud61
DSM Kubernetes resources (22)
[hellip]==gt v1SecretNAME TYPE DATA AGEdsm-01-repository-db2-passwd Opaque 1 8mdsm-01-ibm-dsm-dev-dsm-passwd Opaque 1 8m
==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGEdsm-01-repository-data-stor Bound vol14 20Gi RWO 8mdsm-01-ibm-dsm-dev-datavolume Bound vol12 20Gi RWO 8m
==gt v1ServiceAccountNAME SECRETS AGEdsm-repodb-dsm-01-repository 1 8mdsm-dsm-01-ibm-dsm-dev 1 8m
==gt v1RoleNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
2 Secrets 1 DSM
asmin 1 Db2
instance owner
2 PVCs 1 DSM
Db2
3 Roles
IBM Cloud62
Additional Resources
IBM Cloud63
Additional Resources ndash Kubernetes Docker Helm
Kubernetes
minus httpskubernetesiodocstutorialskubernetes-basics
Kubernetes in the Enterprise eBook
minus ibmbizBdYA4i
Docker
minus httpsdocsdockercomget-started
Docker Hub
minus httpshubdockercom
Helm
minus httpshelmshdocs
IBM Cloud64
Additional Resources ndash IBM Cloud Private OpenShift
IBM Cloud Private Documentation
minus httpswwwibmcomsupportknowledgecenterenSSBS6K_320kc_welcome_containershtml
Deploy IBM Cloud Private Community Edition using Vagrant
minus httpsgithubcomIBMdeploy-ibm-cloud-privateblobmasterdocsdeploy-vagrantmd
Red Hat OpenShift Container Platform Documentation
minus httpsdocsopenshiftcomcontainer-platform41welcomeindexhtml
IBM Cloud65
Additional Resources ndash Db2 Db2Wh DSMDb2 Integration into IBM Cloud Private
minus httpsdeveloperibmcomrecipestutorialsdb2-integration-into-ibm-cloud-private
Db2 on IBM Cloud Private with Red Hat OpenShift
minus httpsdeveloperibmcomrecipestutorialsibm-db2-on-ibm-cloud-private-with-redhat-openshift
IBM Db2 Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-db2oltp-dev
IBM Data Server Manager Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-dsm-dev
Deploying Db2 Warehouse SMP using Kubernetes
minus httpswwwibmcomsupportknowledgecenterenSSCJDQcomibmswgimdashdbdocadmindeploy_kubernetes_smphtml
Deploying Db2 Warehouse SMP and MPP on IBM Cloud Pak for Data
minus httpswwwibmcomsupportknowledgecenterenSSQNUZ_210comibmicpdatadoczenadmindb-reqshtmldb-reqs__db2warehouse
IBM Cloud66
Presentation on Db2 and Docker from Db2 Aktuell 2018
IBM Cloud67
Summary
IBM Cloud68
Summary
Micro Services and Containers
Kubernetes Basics
Deploying Db2 on Kubernetes
minus Db2 OLTP Single Server
minus Db2 OLTP HADR
minus Data Server Manager (DSM)
Additional Resources
Summary
IBM Cloud69
Claus Huempel IBM Deutschland GmbH
Karl-Arnold-Platz 1a
Technical Sales Professional 40474 Duesseldorf
Hybrid Data Management Germany
Mobile +49-177-3627278
Email chuempeldeibmcom
Thank You
IBM Cloud70
IBM Cloud43
Helm install command to deploy Db2 OLTP on Kubernetes
Installing Db2 OLTP server with one database in 2 minutes
$ helm install --name db2-01 ibm-chartsibm-db2oltp-dev
--tls
--set db2instinstname=db2inst1
--set db2instpassword=passw0rd
--set optionsdatabaseName=MYDB
--set dataVolumesize=20Gi
Size of the
Db2 data
volume
Name of database that
will be created
If not specified no
database will be
created
Instance
owner name
Instance owner
password
Db2 OLTP
Helm chart
name
Helm release
name
different for each
deployment
Additional parameters available for example to enable Oracle compatibilitySee httpsgithubcomIBMchartstreemasterstableibm-db2oltp-dev
IBM Cloud44
Letrsquos verify if we can connect to the MYDB database (1)
Get list of running pods and verify that Db2 OLTP pod is running
$ kubectl get podsNAME READY STATUS RESTARTS AGEdb2-01-ibm-db2oltp-dev-0 11 Running 1 7h57m
Review the logs of the Db2 OLTP container
$ kubectl logs -f db2-01-ibm-db2oltp-dev-009152019 160430 0 0 SQL1063N DB2START processing was successfulSQL1063N DB2START processing was successful() Starting TEXT SEARCH service CIE00001 Operation completed successfullyssh-keygen generating new host keys RSA1 RSA DSA ECDSA ED25519() All databases are now active() Setup has completed
IBM Cloud45
Letrsquos verify if we can connect to the MYDB database (2)
Login to the Db2 OLTP container and connect to MYDB Db2 database
$ kubectl exec -it db2-01-ibm-db2oltp-dev-0 --binbash su - db2inst1Last login Sun Sep 15 161711 UTC 2019$ db2 connect to MYDB
Database Connection Information
Database server = DB2LINUXX8664 11144SQL authorization ID = DB2INST1Local database alias = MYDB
IBM Cloud46
Cataloging the MYDB database
We need to catalog the MYDB database to access from Db2 client
binbash
NODE_PORT=$(kubectl get --namespace stock-trader-data
-o jsonpath=specports[0]nodePort services db2-01-ibm-db2oltp-dev-db2)
echo Cataloging node db2tcp1
db2 -v uncatalog node DB2TCP1
db2 -v catalog tcpip node DB2TCP1 remote 19216827100 server $NODE_PORT
echo Cataloging database MYDB at node db2tcp1
db2 -v uncatalog database MYDB
db2 -v catalog database MYDB at node DB2TCP1
db2 terminate
We get the Db2 port
from the Db2 OLTP
helm release service
definition
IBM Cloud47
Kubernetes resources for Db2 OLTP$ helm status db2-01 --tlsNAME db2-01LAST DEPLOYED Sun Sep 15 081114 2019NAMESPACE stock-trader-dataSTATUS DEPLOYEDRESOURCES==gt v1SecretNAME TYPE DATA AGEdb2-01-ibm-db2oltp-dev Opaque 1 1s==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
db2-01-data-stor Bound vol12 20Gi RWO 1s
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
db2-01-ibm-db2oltp-dev-db2 NodePort 100050 ltnonegt 5000030463TCP5500032236TCP 1sdb2-01-ibm-db2oltp-dev ClusterIP None ltnonegt 50000TCP55000TCP60006TCP60007TCP 1s==gt v1StatefulSetNAME DESIRED CURRENT AGE
db2-01-ibm-db2oltp-dev 1 1 1s
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdb2-01-ibm-db2oltp-dev-0 01 Init01 0 1s 1 Pod runs
the Db2
container
2 Services for
Db2 1x external
1x internal
1 StatefulSet
DESIRED = 1
1 PVC (RWO) for db
files logs amp config
1 Secret
Db2 instance
owner password
IBM Cloud48
Helm install command for deploying Db2 OLTP HADR
Setting up a Db2 OLTP v111 HADR cluster pair in 5 minutes with 1 command
helm install --name db2-02 ibm-chartsibm-db2oltp-dev
--tls
--set db2instinstname=db2inst1
--set db2instpassword=passw0rd
--set optionsdatabaseName=HADB
--set dataVolumesize=20Gi--set hadrenabled=true
Additional parameter
hadrenabled set to true to
indicate that we want a
HADR setup
IBM Cloud49
Verify that Db2 HADR is working
IBM Cloud50
Kubernetes resources for Db2 OTLP HADRNAME db2-02LAST DEPLOYED Tue Sep 17 082433 2019NAMESPACE stock-trader-dataSTATUS DEPLOYEDRESOURCES==gt v1SecretNAME TYPE DATA AGEdb2-02-ibm-db2oltp-dev Opaque 1 1s==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
db2-02-hadr-stor Bound vol09 20Gi RWX 1s
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
db2-02-ibm-db2oltp-dev-db2 NodePort 100061 ltnonegt 5000032422TCP5500032181TCP 1sdb2-02-ibm-db2oltp-dev ClusterIP None ltnonegt 50000TCP55000TCP60006TCP60007TCP 1sdb2-02-ibm-db2oltp-dev-etcd ClusterIP None ltnonegt 2380TCP2379TCP 1s==gt v1StatefulSetNAME DESIRED CURRENT AGE
db2-02-ibm-db2oltp-dev 2 2 1s
==gt v1beta2StatefulSet
db2-02-ibm-db2oltp-dev-etcd 3 0 1s
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdb2-02-ibm-db2oltp-dev-0 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-1 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-etcd-0 01 ContainerCreating 0 1sdb2-02-ibm-db2oltp-dev-etcd-1 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-etcd-2 01 Pending 0 1s
5 Pods
2x Db2 3x etcd
3 Services
2x Db2 1x etcd
2 StatefulSets
Db2 DESIRED=2
etcd DESIRED=3
1 PVC (RWX)
for HADR setup (1)
1 Secret
Db2 instance
owner password
(1) 5 addntl PVCs are being created
implicitly for 2x Db2 and 3x etcd
IBM Cloud51
Kubernetes Job to deploy SQL $ cat single04yamlapiVersion batchv1kind Jobmetadata
name db2-01-create-database-schemaspec
templatespec
containers- name db2-01-create-database-schema
image storeibmcorpdb2_developer_c11144-x86_64command [ binsh-cscriptsdb2-setupsh ]volumeMounts- name db2-createschema
mountPath scriptssecurityContext
capabilitiesadd [SYS_RESOURCE IPC_OWNER SYS_NICE]
env- name LICENSE
value accept- name DB2INSTANCE
value db2inst1- name DB2INST1_PASSWORD
valueFromsecretKeyRef
name db2-01-ibm-db2oltp-devkey password
- name DB2_SERVICE_NAMEvalue db2-01-ibm-db2oltp-dev
- name DBNAMEvalue mydb
restartPolicy Nevervolumes- name db2-createschema
configMapname db2-createschemadefaultMode 0744
backoffLimit 1---apiVersion v1data
db2-setupsh |binshexport SETUPDIR=vardb2_setupsource $SETUPDIRincludedb2_constantssource $SETUPDIRincludedb2_common_functionsif getent passwd $DB2INSTANCE gt devnull 2gtamp1 then
echo () Previous setup has not been detected Creating create_users
fiif create_instance then
exit 1fistart_db2cp scriptsdb2-createschemash databasedb2-createschemashchmod +x databasedb2-createschemashsu - $DB2INSTANCE -c databasedb2-createschemash
$DB2_SERVICE_NAME $DB2INSTANCEldquo$DB2INST1_PASSWORD $DBNAME
IBM Cloud52
Kubernetes Job to deploy SQL (contrsquod)db2-createschemash |
binshDB2_SERVICE_NAME=$1DB2INSTANCE=$2DB2INST1_PASSWORD=$3DBNAME=$4echo Configure schema for database $DBNAME on host $DB2_SERVICE_NAMEdb2 catalog tcpip node DB2NODE remote $DB2_SERVICE_NAME server 50000db2 catalog db $DBNAME as $DBNAME at node DB2NODEdb2 terminatedb2 activate database $DBNAME user $DB2INSTANCE using $DB2INST1_PASSWORDdb2 connect to $DBNAME user $DB2INSTANCE using $DB2INST1_PASSWORDsleep 2db2 -tvmf scriptsps-bp-tbspsqlsleep 10db2 -tvmf scriptsps-tablessqlecho Database $DBNAME has been configured
ps-bp-tbspsql |CREATE BUFFERPOOL BP32K PAGESIZE 32KCREATE TABLESPACE TS32 PAGESIZE 32K BUFFERPOOL BP32K
ps-tablessql |CREATE TABLE PS_TABLE(PS_TABLE_ID INTEGER NOT NULL GENERATED ALWAYS AS IDENTITY (START WITH 100000 INCREMENT BY 5) [hellip] IN TS32INSERT INTO PS_TABLE (SSNFIRST_NAMELAST_NAMEJOB_CODEDEPTSALARYDOB) WITH TEMP1 [hellip] CREATE TABLE PS_HISTORY ( FIRSTNAME VARCHAR(20) NOT NULL LASTNAME VARCHAR(20) NOT NULL JOBCODE CHAR(4) NOT NULL ) IN TS32 GRANT ALL ON ps_table TO PUBLICGRANT ALL ON ps_history TO PUBLIC
kind ConfigMapmetadata
name db2-createschema
IBM Cloud53
Deploying the Job to run the SQL
We deploy the Kubernetes job that runs the SQL on the MYDB database
$ kubectl apply ndashf single04yaml
jobbatchdb2-01-create-database-schema created
configmapdb2-createschema configured
We verify that the job has been created
$ kubectl get jobs
NAME COMPLETIONS DURATION AGE
db2-01-create-database-schema 01 0s 0s
Eventually the job completes
$ kubectl get jobs
NAME COMPLETIONS DURATION AGE
db2-01-create-database-schema 11 109s 45m
IBM Cloud54
Verifying the logs from the Job that runs the SQL on MYDBWe run a script to retrieve the logs form the job
binbash
kubectl config set-context $(kubectl config current-context) --namespace=stock-trader-data
pod=$(kubectl get pods --selector=job-name=db2-01-create-database-schema --output=jsonpath=items[]metadataname)
kubectl logs -f $pod
Output
[hellip]
DB20000I The SQL command completed successfully
GRANT ALL ON ps_table TO PUBLIC
DB20000I The SQL command completed successfully
GRANT ALL ON ps_history TO PUBLIC
DB20000I The SQL command completed successfully
Database mydb has been configured
IBM Cloud55
Deploying Data Server Manager (DSM) with the GUI
IBM Cloud56
Deploying Data Server Manager (DSM) with the GUI (2)
IBM Cloud57
Getting the URL of Data Server Manager
We need to query Kubernetes for the URL of the DSM GUI
binbash
export NODE_PORT=$(kubectl get --namespace stock-trader-data -o jsonpath=spec
ports[1]nodePort services dsm-01-ibm-dsm-dev)
export NODE_IP=$(kubectl get nodes --namespace stock-trader-data -o jsonpath=
items[0]statusaddresses[0]address)
echo https$NODE_IP$NODE_PORT
=gt https1921682710030462 (can be different on your system)
IBM Cloud58
Accessing Data Server Manager
IBM Cloud59
Data Server Manager HomepageAll Db2 OLTP instances running in the
same namespace as DSM will be auto-
discovered and monitored by DSM
IBM Cloud60
DSM Kubernetes resources (12)$ helm status dsm-01 --tlsLAST DEPLOYED Mon Sep 16 120102 2019NAMESPACE stock-trader-dataSTATUS DEPLOYED
RESOURCES==gt v1RoleBindingNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGEdsm-01-repository NodePort 1000233 ltnonegt 5000032695TCP5500032203TCP 8mdsm-01-ibm-dsm-dev NodePort 100085 ltnonegt 1108032444TCP1108130462TCP 8m
==gt v1beta1DeploymentNAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGEdsm-01-repository 1 1 1 1 8mdsm-01-ibm-dsm-dev 1 1 1 1 8m
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdsm-01-repository-76f87d47d4-dlqh4 11 Running 0 8mdsm-01-ibm-dsm-dev-b976d89bd-dflqn 22 Running 0 8m
2 RoleBindings
2 Services
1x Db2 (repodb)
1x DSM
2 Deployments
2 Pods
1 Db2 1 DSM
IBM Cloud61
DSM Kubernetes resources (22)
[hellip]==gt v1SecretNAME TYPE DATA AGEdsm-01-repository-db2-passwd Opaque 1 8mdsm-01-ibm-dsm-dev-dsm-passwd Opaque 1 8m
==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGEdsm-01-repository-data-stor Bound vol14 20Gi RWO 8mdsm-01-ibm-dsm-dev-datavolume Bound vol12 20Gi RWO 8m
==gt v1ServiceAccountNAME SECRETS AGEdsm-repodb-dsm-01-repository 1 8mdsm-dsm-01-ibm-dsm-dev 1 8m
==gt v1RoleNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
2 Secrets 1 DSM
asmin 1 Db2
instance owner
2 PVCs 1 DSM
Db2
3 Roles
IBM Cloud62
Additional Resources
IBM Cloud63
Additional Resources ndash Kubernetes Docker Helm
Kubernetes
minus httpskubernetesiodocstutorialskubernetes-basics
Kubernetes in the Enterprise eBook
minus ibmbizBdYA4i
Docker
minus httpsdocsdockercomget-started
Docker Hub
minus httpshubdockercom
Helm
minus httpshelmshdocs
IBM Cloud64
Additional Resources ndash IBM Cloud Private OpenShift
IBM Cloud Private Documentation
minus httpswwwibmcomsupportknowledgecenterenSSBS6K_320kc_welcome_containershtml
Deploy IBM Cloud Private Community Edition using Vagrant
minus httpsgithubcomIBMdeploy-ibm-cloud-privateblobmasterdocsdeploy-vagrantmd
Red Hat OpenShift Container Platform Documentation
minus httpsdocsopenshiftcomcontainer-platform41welcomeindexhtml
IBM Cloud65
Additional Resources ndash Db2 Db2Wh DSMDb2 Integration into IBM Cloud Private
minus httpsdeveloperibmcomrecipestutorialsdb2-integration-into-ibm-cloud-private
Db2 on IBM Cloud Private with Red Hat OpenShift
minus httpsdeveloperibmcomrecipestutorialsibm-db2-on-ibm-cloud-private-with-redhat-openshift
IBM Db2 Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-db2oltp-dev
IBM Data Server Manager Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-dsm-dev
Deploying Db2 Warehouse SMP using Kubernetes
minus httpswwwibmcomsupportknowledgecenterenSSCJDQcomibmswgimdashdbdocadmindeploy_kubernetes_smphtml
Deploying Db2 Warehouse SMP and MPP on IBM Cloud Pak for Data
minus httpswwwibmcomsupportknowledgecenterenSSQNUZ_210comibmicpdatadoczenadmindb-reqshtmldb-reqs__db2warehouse
IBM Cloud66
Presentation on Db2 and Docker from Db2 Aktuell 2018
IBM Cloud67
Summary
IBM Cloud68
Summary
Micro Services and Containers
Kubernetes Basics
Deploying Db2 on Kubernetes
minus Db2 OLTP Single Server
minus Db2 OLTP HADR
minus Data Server Manager (DSM)
Additional Resources
Summary
IBM Cloud69
Claus Huempel IBM Deutschland GmbH
Karl-Arnold-Platz 1a
Technical Sales Professional 40474 Duesseldorf
Hybrid Data Management Germany
Mobile +49-177-3627278
Email chuempeldeibmcom
Thank You
IBM Cloud70
IBM Cloud44
Letrsquos verify if we can connect to the MYDB database (1)
Get list of running pods and verify that Db2 OLTP pod is running
$ kubectl get podsNAME READY STATUS RESTARTS AGEdb2-01-ibm-db2oltp-dev-0 11 Running 1 7h57m
Review the logs of the Db2 OLTP container
$ kubectl logs -f db2-01-ibm-db2oltp-dev-009152019 160430 0 0 SQL1063N DB2START processing was successfulSQL1063N DB2START processing was successful() Starting TEXT SEARCH service CIE00001 Operation completed successfullyssh-keygen generating new host keys RSA1 RSA DSA ECDSA ED25519() All databases are now active() Setup has completed
IBM Cloud45
Letrsquos verify if we can connect to the MYDB database (2)
Login to the Db2 OLTP container and connect to MYDB Db2 database
$ kubectl exec -it db2-01-ibm-db2oltp-dev-0 --binbash su - db2inst1Last login Sun Sep 15 161711 UTC 2019$ db2 connect to MYDB
Database Connection Information
Database server = DB2LINUXX8664 11144SQL authorization ID = DB2INST1Local database alias = MYDB
IBM Cloud46
Cataloging the MYDB database
We need to catalog the MYDB database to access from Db2 client
binbash
NODE_PORT=$(kubectl get --namespace stock-trader-data
-o jsonpath=specports[0]nodePort services db2-01-ibm-db2oltp-dev-db2)
echo Cataloging node db2tcp1
db2 -v uncatalog node DB2TCP1
db2 -v catalog tcpip node DB2TCP1 remote 19216827100 server $NODE_PORT
echo Cataloging database MYDB at node db2tcp1
db2 -v uncatalog database MYDB
db2 -v catalog database MYDB at node DB2TCP1
db2 terminate
We get the Db2 port
from the Db2 OLTP
helm release service
definition
IBM Cloud47
Kubernetes resources for Db2 OLTP$ helm status db2-01 --tlsNAME db2-01LAST DEPLOYED Sun Sep 15 081114 2019NAMESPACE stock-trader-dataSTATUS DEPLOYEDRESOURCES==gt v1SecretNAME TYPE DATA AGEdb2-01-ibm-db2oltp-dev Opaque 1 1s==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
db2-01-data-stor Bound vol12 20Gi RWO 1s
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
db2-01-ibm-db2oltp-dev-db2 NodePort 100050 ltnonegt 5000030463TCP5500032236TCP 1sdb2-01-ibm-db2oltp-dev ClusterIP None ltnonegt 50000TCP55000TCP60006TCP60007TCP 1s==gt v1StatefulSetNAME DESIRED CURRENT AGE
db2-01-ibm-db2oltp-dev 1 1 1s
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdb2-01-ibm-db2oltp-dev-0 01 Init01 0 1s 1 Pod runs
the Db2
container
2 Services for
Db2 1x external
1x internal
1 StatefulSet
DESIRED = 1
1 PVC (RWO) for db
files logs amp config
1 Secret
Db2 instance
owner password
IBM Cloud48
Helm install command for deploying Db2 OLTP HADR
Setting up a Db2 OLTP v111 HADR cluster pair in 5 minutes with 1 command
helm install --name db2-02 ibm-chartsibm-db2oltp-dev
--tls
--set db2instinstname=db2inst1
--set db2instpassword=passw0rd
--set optionsdatabaseName=HADB
--set dataVolumesize=20Gi--set hadrenabled=true
Additional parameter
hadrenabled set to true to
indicate that we want a
HADR setup
IBM Cloud49
Verify that Db2 HADR is working
IBM Cloud50
Kubernetes resources for Db2 OTLP HADRNAME db2-02LAST DEPLOYED Tue Sep 17 082433 2019NAMESPACE stock-trader-dataSTATUS DEPLOYEDRESOURCES==gt v1SecretNAME TYPE DATA AGEdb2-02-ibm-db2oltp-dev Opaque 1 1s==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
db2-02-hadr-stor Bound vol09 20Gi RWX 1s
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
db2-02-ibm-db2oltp-dev-db2 NodePort 100061 ltnonegt 5000032422TCP5500032181TCP 1sdb2-02-ibm-db2oltp-dev ClusterIP None ltnonegt 50000TCP55000TCP60006TCP60007TCP 1sdb2-02-ibm-db2oltp-dev-etcd ClusterIP None ltnonegt 2380TCP2379TCP 1s==gt v1StatefulSetNAME DESIRED CURRENT AGE
db2-02-ibm-db2oltp-dev 2 2 1s
==gt v1beta2StatefulSet
db2-02-ibm-db2oltp-dev-etcd 3 0 1s
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdb2-02-ibm-db2oltp-dev-0 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-1 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-etcd-0 01 ContainerCreating 0 1sdb2-02-ibm-db2oltp-dev-etcd-1 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-etcd-2 01 Pending 0 1s
5 Pods
2x Db2 3x etcd
3 Services
2x Db2 1x etcd
2 StatefulSets
Db2 DESIRED=2
etcd DESIRED=3
1 PVC (RWX)
for HADR setup (1)
1 Secret
Db2 instance
owner password
(1) 5 addntl PVCs are being created
implicitly for 2x Db2 and 3x etcd
IBM Cloud51
Kubernetes Job to deploy SQL $ cat single04yamlapiVersion batchv1kind Jobmetadata
name db2-01-create-database-schemaspec
templatespec
containers- name db2-01-create-database-schema
image storeibmcorpdb2_developer_c11144-x86_64command [ binsh-cscriptsdb2-setupsh ]volumeMounts- name db2-createschema
mountPath scriptssecurityContext
capabilitiesadd [SYS_RESOURCE IPC_OWNER SYS_NICE]
env- name LICENSE
value accept- name DB2INSTANCE
value db2inst1- name DB2INST1_PASSWORD
valueFromsecretKeyRef
name db2-01-ibm-db2oltp-devkey password
- name DB2_SERVICE_NAMEvalue db2-01-ibm-db2oltp-dev
- name DBNAMEvalue mydb
restartPolicy Nevervolumes- name db2-createschema
configMapname db2-createschemadefaultMode 0744
backoffLimit 1---apiVersion v1data
db2-setupsh |binshexport SETUPDIR=vardb2_setupsource $SETUPDIRincludedb2_constantssource $SETUPDIRincludedb2_common_functionsif getent passwd $DB2INSTANCE gt devnull 2gtamp1 then
echo () Previous setup has not been detected Creating create_users
fiif create_instance then
exit 1fistart_db2cp scriptsdb2-createschemash databasedb2-createschemashchmod +x databasedb2-createschemashsu - $DB2INSTANCE -c databasedb2-createschemash
$DB2_SERVICE_NAME $DB2INSTANCEldquo$DB2INST1_PASSWORD $DBNAME
IBM Cloud52
Kubernetes Job to deploy SQL (contrsquod)db2-createschemash |
binshDB2_SERVICE_NAME=$1DB2INSTANCE=$2DB2INST1_PASSWORD=$3DBNAME=$4echo Configure schema for database $DBNAME on host $DB2_SERVICE_NAMEdb2 catalog tcpip node DB2NODE remote $DB2_SERVICE_NAME server 50000db2 catalog db $DBNAME as $DBNAME at node DB2NODEdb2 terminatedb2 activate database $DBNAME user $DB2INSTANCE using $DB2INST1_PASSWORDdb2 connect to $DBNAME user $DB2INSTANCE using $DB2INST1_PASSWORDsleep 2db2 -tvmf scriptsps-bp-tbspsqlsleep 10db2 -tvmf scriptsps-tablessqlecho Database $DBNAME has been configured
ps-bp-tbspsql |CREATE BUFFERPOOL BP32K PAGESIZE 32KCREATE TABLESPACE TS32 PAGESIZE 32K BUFFERPOOL BP32K
ps-tablessql |CREATE TABLE PS_TABLE(PS_TABLE_ID INTEGER NOT NULL GENERATED ALWAYS AS IDENTITY (START WITH 100000 INCREMENT BY 5) [hellip] IN TS32INSERT INTO PS_TABLE (SSNFIRST_NAMELAST_NAMEJOB_CODEDEPTSALARYDOB) WITH TEMP1 [hellip] CREATE TABLE PS_HISTORY ( FIRSTNAME VARCHAR(20) NOT NULL LASTNAME VARCHAR(20) NOT NULL JOBCODE CHAR(4) NOT NULL ) IN TS32 GRANT ALL ON ps_table TO PUBLICGRANT ALL ON ps_history TO PUBLIC
kind ConfigMapmetadata
name db2-createschema
IBM Cloud53
Deploying the Job to run the SQL
We deploy the Kubernetes job that runs the SQL on the MYDB database
$ kubectl apply ndashf single04yaml
jobbatchdb2-01-create-database-schema created
configmapdb2-createschema configured
We verify that the job has been created
$ kubectl get jobs
NAME COMPLETIONS DURATION AGE
db2-01-create-database-schema 01 0s 0s
Eventually the job completes
$ kubectl get jobs
NAME COMPLETIONS DURATION AGE
db2-01-create-database-schema 11 109s 45m
IBM Cloud54
Verifying the logs from the Job that runs the SQL on MYDBWe run a script to retrieve the logs form the job
binbash
kubectl config set-context $(kubectl config current-context) --namespace=stock-trader-data
pod=$(kubectl get pods --selector=job-name=db2-01-create-database-schema --output=jsonpath=items[]metadataname)
kubectl logs -f $pod
Output
[hellip]
DB20000I The SQL command completed successfully
GRANT ALL ON ps_table TO PUBLIC
DB20000I The SQL command completed successfully
GRANT ALL ON ps_history TO PUBLIC
DB20000I The SQL command completed successfully
Database mydb has been configured
IBM Cloud55
Deploying Data Server Manager (DSM) with the GUI
IBM Cloud56
Deploying Data Server Manager (DSM) with the GUI (2)
IBM Cloud57
Getting the URL of Data Server Manager
We need to query Kubernetes for the URL of the DSM GUI
binbash
export NODE_PORT=$(kubectl get --namespace stock-trader-data -o jsonpath=spec
ports[1]nodePort services dsm-01-ibm-dsm-dev)
export NODE_IP=$(kubectl get nodes --namespace stock-trader-data -o jsonpath=
items[0]statusaddresses[0]address)
echo https$NODE_IP$NODE_PORT
=gt https1921682710030462 (can be different on your system)
IBM Cloud58
Accessing Data Server Manager
IBM Cloud59
Data Server Manager HomepageAll Db2 OLTP instances running in the
same namespace as DSM will be auto-
discovered and monitored by DSM
IBM Cloud60
DSM Kubernetes resources (12)$ helm status dsm-01 --tlsLAST DEPLOYED Mon Sep 16 120102 2019NAMESPACE stock-trader-dataSTATUS DEPLOYED
RESOURCES==gt v1RoleBindingNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGEdsm-01-repository NodePort 1000233 ltnonegt 5000032695TCP5500032203TCP 8mdsm-01-ibm-dsm-dev NodePort 100085 ltnonegt 1108032444TCP1108130462TCP 8m
==gt v1beta1DeploymentNAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGEdsm-01-repository 1 1 1 1 8mdsm-01-ibm-dsm-dev 1 1 1 1 8m
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdsm-01-repository-76f87d47d4-dlqh4 11 Running 0 8mdsm-01-ibm-dsm-dev-b976d89bd-dflqn 22 Running 0 8m
2 RoleBindings
2 Services
1x Db2 (repodb)
1x DSM
2 Deployments
2 Pods
1 Db2 1 DSM
IBM Cloud61
DSM Kubernetes resources (22)
[hellip]==gt v1SecretNAME TYPE DATA AGEdsm-01-repository-db2-passwd Opaque 1 8mdsm-01-ibm-dsm-dev-dsm-passwd Opaque 1 8m
==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGEdsm-01-repository-data-stor Bound vol14 20Gi RWO 8mdsm-01-ibm-dsm-dev-datavolume Bound vol12 20Gi RWO 8m
==gt v1ServiceAccountNAME SECRETS AGEdsm-repodb-dsm-01-repository 1 8mdsm-dsm-01-ibm-dsm-dev 1 8m
==gt v1RoleNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
2 Secrets 1 DSM
asmin 1 Db2
instance owner
2 PVCs 1 DSM
Db2
3 Roles
IBM Cloud62
Additional Resources
IBM Cloud63
Additional Resources ndash Kubernetes Docker Helm
Kubernetes
minus httpskubernetesiodocstutorialskubernetes-basics
Kubernetes in the Enterprise eBook
minus ibmbizBdYA4i
Docker
minus httpsdocsdockercomget-started
Docker Hub
minus httpshubdockercom
Helm
minus httpshelmshdocs
IBM Cloud64
Additional Resources ndash IBM Cloud Private OpenShift
IBM Cloud Private Documentation
minus httpswwwibmcomsupportknowledgecenterenSSBS6K_320kc_welcome_containershtml
Deploy IBM Cloud Private Community Edition using Vagrant
minus httpsgithubcomIBMdeploy-ibm-cloud-privateblobmasterdocsdeploy-vagrantmd
Red Hat OpenShift Container Platform Documentation
minus httpsdocsopenshiftcomcontainer-platform41welcomeindexhtml
IBM Cloud65
Additional Resources ndash Db2 Db2Wh DSMDb2 Integration into IBM Cloud Private
minus httpsdeveloperibmcomrecipestutorialsdb2-integration-into-ibm-cloud-private
Db2 on IBM Cloud Private with Red Hat OpenShift
minus httpsdeveloperibmcomrecipestutorialsibm-db2-on-ibm-cloud-private-with-redhat-openshift
IBM Db2 Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-db2oltp-dev
IBM Data Server Manager Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-dsm-dev
Deploying Db2 Warehouse SMP using Kubernetes
minus httpswwwibmcomsupportknowledgecenterenSSCJDQcomibmswgimdashdbdocadmindeploy_kubernetes_smphtml
Deploying Db2 Warehouse SMP and MPP on IBM Cloud Pak for Data
minus httpswwwibmcomsupportknowledgecenterenSSQNUZ_210comibmicpdatadoczenadmindb-reqshtmldb-reqs__db2warehouse
IBM Cloud66
Presentation on Db2 and Docker from Db2 Aktuell 2018
IBM Cloud67
Summary
IBM Cloud68
Summary
Micro Services and Containers
Kubernetes Basics
Deploying Db2 on Kubernetes
minus Db2 OLTP Single Server
minus Db2 OLTP HADR
minus Data Server Manager (DSM)
Additional Resources
Summary
IBM Cloud69
Claus Huempel IBM Deutschland GmbH
Karl-Arnold-Platz 1a
Technical Sales Professional 40474 Duesseldorf
Hybrid Data Management Germany
Mobile +49-177-3627278
Email chuempeldeibmcom
Thank You
IBM Cloud70
IBM Cloud45
Letrsquos verify if we can connect to the MYDB database (2)
Login to the Db2 OLTP container and connect to MYDB Db2 database
$ kubectl exec -it db2-01-ibm-db2oltp-dev-0 --binbash su - db2inst1Last login Sun Sep 15 161711 UTC 2019$ db2 connect to MYDB
Database Connection Information
Database server = DB2LINUXX8664 11144SQL authorization ID = DB2INST1Local database alias = MYDB
IBM Cloud46
Cataloging the MYDB database
We need to catalog the MYDB database to access from Db2 client
binbash
NODE_PORT=$(kubectl get --namespace stock-trader-data
-o jsonpath=specports[0]nodePort services db2-01-ibm-db2oltp-dev-db2)
echo Cataloging node db2tcp1
db2 -v uncatalog node DB2TCP1
db2 -v catalog tcpip node DB2TCP1 remote 19216827100 server $NODE_PORT
echo Cataloging database MYDB at node db2tcp1
db2 -v uncatalog database MYDB
db2 -v catalog database MYDB at node DB2TCP1
db2 terminate
We get the Db2 port
from the Db2 OLTP
helm release service
definition
IBM Cloud47
Kubernetes resources for Db2 OLTP$ helm status db2-01 --tlsNAME db2-01LAST DEPLOYED Sun Sep 15 081114 2019NAMESPACE stock-trader-dataSTATUS DEPLOYEDRESOURCES==gt v1SecretNAME TYPE DATA AGEdb2-01-ibm-db2oltp-dev Opaque 1 1s==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
db2-01-data-stor Bound vol12 20Gi RWO 1s
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
db2-01-ibm-db2oltp-dev-db2 NodePort 100050 ltnonegt 5000030463TCP5500032236TCP 1sdb2-01-ibm-db2oltp-dev ClusterIP None ltnonegt 50000TCP55000TCP60006TCP60007TCP 1s==gt v1StatefulSetNAME DESIRED CURRENT AGE
db2-01-ibm-db2oltp-dev 1 1 1s
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdb2-01-ibm-db2oltp-dev-0 01 Init01 0 1s 1 Pod runs
the Db2
container
2 Services for
Db2 1x external
1x internal
1 StatefulSet
DESIRED = 1
1 PVC (RWO) for db
files logs amp config
1 Secret
Db2 instance
owner password
IBM Cloud48
Helm install command for deploying Db2 OLTP HADR
Setting up a Db2 OLTP v111 HADR cluster pair in 5 minutes with 1 command
helm install --name db2-02 ibm-chartsibm-db2oltp-dev
--tls
--set db2instinstname=db2inst1
--set db2instpassword=passw0rd
--set optionsdatabaseName=HADB
--set dataVolumesize=20Gi--set hadrenabled=true
Additional parameter
hadrenabled set to true to
indicate that we want a
HADR setup
IBM Cloud49
Verify that Db2 HADR is working
IBM Cloud50
Kubernetes resources for Db2 OTLP HADRNAME db2-02LAST DEPLOYED Tue Sep 17 082433 2019NAMESPACE stock-trader-dataSTATUS DEPLOYEDRESOURCES==gt v1SecretNAME TYPE DATA AGEdb2-02-ibm-db2oltp-dev Opaque 1 1s==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
db2-02-hadr-stor Bound vol09 20Gi RWX 1s
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
db2-02-ibm-db2oltp-dev-db2 NodePort 100061 ltnonegt 5000032422TCP5500032181TCP 1sdb2-02-ibm-db2oltp-dev ClusterIP None ltnonegt 50000TCP55000TCP60006TCP60007TCP 1sdb2-02-ibm-db2oltp-dev-etcd ClusterIP None ltnonegt 2380TCP2379TCP 1s==gt v1StatefulSetNAME DESIRED CURRENT AGE
db2-02-ibm-db2oltp-dev 2 2 1s
==gt v1beta2StatefulSet
db2-02-ibm-db2oltp-dev-etcd 3 0 1s
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdb2-02-ibm-db2oltp-dev-0 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-1 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-etcd-0 01 ContainerCreating 0 1sdb2-02-ibm-db2oltp-dev-etcd-1 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-etcd-2 01 Pending 0 1s
5 Pods
2x Db2 3x etcd
3 Services
2x Db2 1x etcd
2 StatefulSets
Db2 DESIRED=2
etcd DESIRED=3
1 PVC (RWX)
for HADR setup (1)
1 Secret
Db2 instance
owner password
(1) 5 addntl PVCs are being created
implicitly for 2x Db2 and 3x etcd
IBM Cloud51
Kubernetes Job to deploy SQL $ cat single04yamlapiVersion batchv1kind Jobmetadata
name db2-01-create-database-schemaspec
templatespec
containers- name db2-01-create-database-schema
image storeibmcorpdb2_developer_c11144-x86_64command [ binsh-cscriptsdb2-setupsh ]volumeMounts- name db2-createschema
mountPath scriptssecurityContext
capabilitiesadd [SYS_RESOURCE IPC_OWNER SYS_NICE]
env- name LICENSE
value accept- name DB2INSTANCE
value db2inst1- name DB2INST1_PASSWORD
valueFromsecretKeyRef
name db2-01-ibm-db2oltp-devkey password
- name DB2_SERVICE_NAMEvalue db2-01-ibm-db2oltp-dev
- name DBNAMEvalue mydb
restartPolicy Nevervolumes- name db2-createschema
configMapname db2-createschemadefaultMode 0744
backoffLimit 1---apiVersion v1data
db2-setupsh |binshexport SETUPDIR=vardb2_setupsource $SETUPDIRincludedb2_constantssource $SETUPDIRincludedb2_common_functionsif getent passwd $DB2INSTANCE gt devnull 2gtamp1 then
echo () Previous setup has not been detected Creating create_users
fiif create_instance then
exit 1fistart_db2cp scriptsdb2-createschemash databasedb2-createschemashchmod +x databasedb2-createschemashsu - $DB2INSTANCE -c databasedb2-createschemash
$DB2_SERVICE_NAME $DB2INSTANCEldquo$DB2INST1_PASSWORD $DBNAME
IBM Cloud52
Kubernetes Job to deploy SQL (contrsquod)db2-createschemash |
binshDB2_SERVICE_NAME=$1DB2INSTANCE=$2DB2INST1_PASSWORD=$3DBNAME=$4echo Configure schema for database $DBNAME on host $DB2_SERVICE_NAMEdb2 catalog tcpip node DB2NODE remote $DB2_SERVICE_NAME server 50000db2 catalog db $DBNAME as $DBNAME at node DB2NODEdb2 terminatedb2 activate database $DBNAME user $DB2INSTANCE using $DB2INST1_PASSWORDdb2 connect to $DBNAME user $DB2INSTANCE using $DB2INST1_PASSWORDsleep 2db2 -tvmf scriptsps-bp-tbspsqlsleep 10db2 -tvmf scriptsps-tablessqlecho Database $DBNAME has been configured
ps-bp-tbspsql |CREATE BUFFERPOOL BP32K PAGESIZE 32KCREATE TABLESPACE TS32 PAGESIZE 32K BUFFERPOOL BP32K
ps-tablessql |CREATE TABLE PS_TABLE(PS_TABLE_ID INTEGER NOT NULL GENERATED ALWAYS AS IDENTITY (START WITH 100000 INCREMENT BY 5) [hellip] IN TS32INSERT INTO PS_TABLE (SSNFIRST_NAMELAST_NAMEJOB_CODEDEPTSALARYDOB) WITH TEMP1 [hellip] CREATE TABLE PS_HISTORY ( FIRSTNAME VARCHAR(20) NOT NULL LASTNAME VARCHAR(20) NOT NULL JOBCODE CHAR(4) NOT NULL ) IN TS32 GRANT ALL ON ps_table TO PUBLICGRANT ALL ON ps_history TO PUBLIC
kind ConfigMapmetadata
name db2-createschema
IBM Cloud53
Deploying the Job to run the SQL
We deploy the Kubernetes job that runs the SQL on the MYDB database
$ kubectl apply ndashf single04yaml
jobbatchdb2-01-create-database-schema created
configmapdb2-createschema configured
We verify that the job has been created
$ kubectl get jobs
NAME COMPLETIONS DURATION AGE
db2-01-create-database-schema 01 0s 0s
Eventually the job completes
$ kubectl get jobs
NAME COMPLETIONS DURATION AGE
db2-01-create-database-schema 11 109s 45m
IBM Cloud54
Verifying the logs from the Job that runs the SQL on MYDBWe run a script to retrieve the logs form the job
binbash
kubectl config set-context $(kubectl config current-context) --namespace=stock-trader-data
pod=$(kubectl get pods --selector=job-name=db2-01-create-database-schema --output=jsonpath=items[]metadataname)
kubectl logs -f $pod
Output
[hellip]
DB20000I The SQL command completed successfully
GRANT ALL ON ps_table TO PUBLIC
DB20000I The SQL command completed successfully
GRANT ALL ON ps_history TO PUBLIC
DB20000I The SQL command completed successfully
Database mydb has been configured
IBM Cloud55
Deploying Data Server Manager (DSM) with the GUI
IBM Cloud56
Deploying Data Server Manager (DSM) with the GUI (2)
IBM Cloud57
Getting the URL of Data Server Manager
We need to query Kubernetes for the URL of the DSM GUI
binbash
export NODE_PORT=$(kubectl get --namespace stock-trader-data -o jsonpath=spec
ports[1]nodePort services dsm-01-ibm-dsm-dev)
export NODE_IP=$(kubectl get nodes --namespace stock-trader-data -o jsonpath=
items[0]statusaddresses[0]address)
echo https$NODE_IP$NODE_PORT
=gt https1921682710030462 (can be different on your system)
IBM Cloud58
Accessing Data Server Manager
IBM Cloud59
Data Server Manager HomepageAll Db2 OLTP instances running in the
same namespace as DSM will be auto-
discovered and monitored by DSM
IBM Cloud60
DSM Kubernetes resources (12)$ helm status dsm-01 --tlsLAST DEPLOYED Mon Sep 16 120102 2019NAMESPACE stock-trader-dataSTATUS DEPLOYED
RESOURCES==gt v1RoleBindingNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGEdsm-01-repository NodePort 1000233 ltnonegt 5000032695TCP5500032203TCP 8mdsm-01-ibm-dsm-dev NodePort 100085 ltnonegt 1108032444TCP1108130462TCP 8m
==gt v1beta1DeploymentNAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGEdsm-01-repository 1 1 1 1 8mdsm-01-ibm-dsm-dev 1 1 1 1 8m
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdsm-01-repository-76f87d47d4-dlqh4 11 Running 0 8mdsm-01-ibm-dsm-dev-b976d89bd-dflqn 22 Running 0 8m
2 RoleBindings
2 Services
1x Db2 (repodb)
1x DSM
2 Deployments
2 Pods
1 Db2 1 DSM
IBM Cloud61
DSM Kubernetes resources (22)
[hellip]==gt v1SecretNAME TYPE DATA AGEdsm-01-repository-db2-passwd Opaque 1 8mdsm-01-ibm-dsm-dev-dsm-passwd Opaque 1 8m
==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGEdsm-01-repository-data-stor Bound vol14 20Gi RWO 8mdsm-01-ibm-dsm-dev-datavolume Bound vol12 20Gi RWO 8m
==gt v1ServiceAccountNAME SECRETS AGEdsm-repodb-dsm-01-repository 1 8mdsm-dsm-01-ibm-dsm-dev 1 8m
==gt v1RoleNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
2 Secrets 1 DSM
asmin 1 Db2
instance owner
2 PVCs 1 DSM
Db2
3 Roles
IBM Cloud62
Additional Resources
IBM Cloud63
Additional Resources ndash Kubernetes Docker Helm
Kubernetes
minus httpskubernetesiodocstutorialskubernetes-basics
Kubernetes in the Enterprise eBook
minus ibmbizBdYA4i
Docker
minus httpsdocsdockercomget-started
Docker Hub
minus httpshubdockercom
Helm
minus httpshelmshdocs
IBM Cloud64
Additional Resources ndash IBM Cloud Private OpenShift
IBM Cloud Private Documentation
minus httpswwwibmcomsupportknowledgecenterenSSBS6K_320kc_welcome_containershtml
Deploy IBM Cloud Private Community Edition using Vagrant
minus httpsgithubcomIBMdeploy-ibm-cloud-privateblobmasterdocsdeploy-vagrantmd
Red Hat OpenShift Container Platform Documentation
minus httpsdocsopenshiftcomcontainer-platform41welcomeindexhtml
IBM Cloud65
Additional Resources ndash Db2 Db2Wh DSMDb2 Integration into IBM Cloud Private
minus httpsdeveloperibmcomrecipestutorialsdb2-integration-into-ibm-cloud-private
Db2 on IBM Cloud Private with Red Hat OpenShift
minus httpsdeveloperibmcomrecipestutorialsibm-db2-on-ibm-cloud-private-with-redhat-openshift
IBM Db2 Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-db2oltp-dev
IBM Data Server Manager Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-dsm-dev
Deploying Db2 Warehouse SMP using Kubernetes
minus httpswwwibmcomsupportknowledgecenterenSSCJDQcomibmswgimdashdbdocadmindeploy_kubernetes_smphtml
Deploying Db2 Warehouse SMP and MPP on IBM Cloud Pak for Data
minus httpswwwibmcomsupportknowledgecenterenSSQNUZ_210comibmicpdatadoczenadmindb-reqshtmldb-reqs__db2warehouse
IBM Cloud66
Presentation on Db2 and Docker from Db2 Aktuell 2018
IBM Cloud67
Summary
IBM Cloud68
Summary
Micro Services and Containers
Kubernetes Basics
Deploying Db2 on Kubernetes
minus Db2 OLTP Single Server
minus Db2 OLTP HADR
minus Data Server Manager (DSM)
Additional Resources
Summary
IBM Cloud69
Claus Huempel IBM Deutschland GmbH
Karl-Arnold-Platz 1a
Technical Sales Professional 40474 Duesseldorf
Hybrid Data Management Germany
Mobile +49-177-3627278
Email chuempeldeibmcom
Thank You
IBM Cloud70
IBM Cloud46
Cataloging the MYDB database
We need to catalog the MYDB database to access from Db2 client
binbash
NODE_PORT=$(kubectl get --namespace stock-trader-data
-o jsonpath=specports[0]nodePort services db2-01-ibm-db2oltp-dev-db2)
echo Cataloging node db2tcp1
db2 -v uncatalog node DB2TCP1
db2 -v catalog tcpip node DB2TCP1 remote 19216827100 server $NODE_PORT
echo Cataloging database MYDB at node db2tcp1
db2 -v uncatalog database MYDB
db2 -v catalog database MYDB at node DB2TCP1
db2 terminate
We get the Db2 port
from the Db2 OLTP
helm release service
definition
IBM Cloud47
Kubernetes resources for Db2 OLTP$ helm status db2-01 --tlsNAME db2-01LAST DEPLOYED Sun Sep 15 081114 2019NAMESPACE stock-trader-dataSTATUS DEPLOYEDRESOURCES==gt v1SecretNAME TYPE DATA AGEdb2-01-ibm-db2oltp-dev Opaque 1 1s==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
db2-01-data-stor Bound vol12 20Gi RWO 1s
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
db2-01-ibm-db2oltp-dev-db2 NodePort 100050 ltnonegt 5000030463TCP5500032236TCP 1sdb2-01-ibm-db2oltp-dev ClusterIP None ltnonegt 50000TCP55000TCP60006TCP60007TCP 1s==gt v1StatefulSetNAME DESIRED CURRENT AGE
db2-01-ibm-db2oltp-dev 1 1 1s
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdb2-01-ibm-db2oltp-dev-0 01 Init01 0 1s 1 Pod runs
the Db2
container
2 Services for
Db2 1x external
1x internal
1 StatefulSet
DESIRED = 1
1 PVC (RWO) for db
files logs amp config
1 Secret
Db2 instance
owner password
IBM Cloud48
Helm install command for deploying Db2 OLTP HADR
Setting up a Db2 OLTP v111 HADR cluster pair in 5 minutes with 1 command
helm install --name db2-02 ibm-chartsibm-db2oltp-dev
--tls
--set db2instinstname=db2inst1
--set db2instpassword=passw0rd
--set optionsdatabaseName=HADB
--set dataVolumesize=20Gi--set hadrenabled=true
Additional parameter
hadrenabled set to true to
indicate that we want a
HADR setup
IBM Cloud49
Verify that Db2 HADR is working
IBM Cloud50
Kubernetes resources for Db2 OTLP HADRNAME db2-02LAST DEPLOYED Tue Sep 17 082433 2019NAMESPACE stock-trader-dataSTATUS DEPLOYEDRESOURCES==gt v1SecretNAME TYPE DATA AGEdb2-02-ibm-db2oltp-dev Opaque 1 1s==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
db2-02-hadr-stor Bound vol09 20Gi RWX 1s
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
db2-02-ibm-db2oltp-dev-db2 NodePort 100061 ltnonegt 5000032422TCP5500032181TCP 1sdb2-02-ibm-db2oltp-dev ClusterIP None ltnonegt 50000TCP55000TCP60006TCP60007TCP 1sdb2-02-ibm-db2oltp-dev-etcd ClusterIP None ltnonegt 2380TCP2379TCP 1s==gt v1StatefulSetNAME DESIRED CURRENT AGE
db2-02-ibm-db2oltp-dev 2 2 1s
==gt v1beta2StatefulSet
db2-02-ibm-db2oltp-dev-etcd 3 0 1s
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdb2-02-ibm-db2oltp-dev-0 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-1 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-etcd-0 01 ContainerCreating 0 1sdb2-02-ibm-db2oltp-dev-etcd-1 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-etcd-2 01 Pending 0 1s
5 Pods
2x Db2 3x etcd
3 Services
2x Db2 1x etcd
2 StatefulSets
Db2 DESIRED=2
etcd DESIRED=3
1 PVC (RWX)
for HADR setup (1)
1 Secret
Db2 instance
owner password
(1) 5 addntl PVCs are being created
implicitly for 2x Db2 and 3x etcd
IBM Cloud51
Kubernetes Job to deploy SQL $ cat single04yamlapiVersion batchv1kind Jobmetadata
name db2-01-create-database-schemaspec
templatespec
containers- name db2-01-create-database-schema
image storeibmcorpdb2_developer_c11144-x86_64command [ binsh-cscriptsdb2-setupsh ]volumeMounts- name db2-createschema
mountPath scriptssecurityContext
capabilitiesadd [SYS_RESOURCE IPC_OWNER SYS_NICE]
env- name LICENSE
value accept- name DB2INSTANCE
value db2inst1- name DB2INST1_PASSWORD
valueFromsecretKeyRef
name db2-01-ibm-db2oltp-devkey password
- name DB2_SERVICE_NAMEvalue db2-01-ibm-db2oltp-dev
- name DBNAMEvalue mydb
restartPolicy Nevervolumes- name db2-createschema
configMapname db2-createschemadefaultMode 0744
backoffLimit 1---apiVersion v1data
db2-setupsh |binshexport SETUPDIR=vardb2_setupsource $SETUPDIRincludedb2_constantssource $SETUPDIRincludedb2_common_functionsif getent passwd $DB2INSTANCE gt devnull 2gtamp1 then
echo () Previous setup has not been detected Creating create_users
fiif create_instance then
exit 1fistart_db2cp scriptsdb2-createschemash databasedb2-createschemashchmod +x databasedb2-createschemashsu - $DB2INSTANCE -c databasedb2-createschemash
$DB2_SERVICE_NAME $DB2INSTANCEldquo$DB2INST1_PASSWORD $DBNAME
IBM Cloud52
Kubernetes Job to deploy SQL (contrsquod)db2-createschemash |
binshDB2_SERVICE_NAME=$1DB2INSTANCE=$2DB2INST1_PASSWORD=$3DBNAME=$4echo Configure schema for database $DBNAME on host $DB2_SERVICE_NAMEdb2 catalog tcpip node DB2NODE remote $DB2_SERVICE_NAME server 50000db2 catalog db $DBNAME as $DBNAME at node DB2NODEdb2 terminatedb2 activate database $DBNAME user $DB2INSTANCE using $DB2INST1_PASSWORDdb2 connect to $DBNAME user $DB2INSTANCE using $DB2INST1_PASSWORDsleep 2db2 -tvmf scriptsps-bp-tbspsqlsleep 10db2 -tvmf scriptsps-tablessqlecho Database $DBNAME has been configured
ps-bp-tbspsql |CREATE BUFFERPOOL BP32K PAGESIZE 32KCREATE TABLESPACE TS32 PAGESIZE 32K BUFFERPOOL BP32K
ps-tablessql |CREATE TABLE PS_TABLE(PS_TABLE_ID INTEGER NOT NULL GENERATED ALWAYS AS IDENTITY (START WITH 100000 INCREMENT BY 5) [hellip] IN TS32INSERT INTO PS_TABLE (SSNFIRST_NAMELAST_NAMEJOB_CODEDEPTSALARYDOB) WITH TEMP1 [hellip] CREATE TABLE PS_HISTORY ( FIRSTNAME VARCHAR(20) NOT NULL LASTNAME VARCHAR(20) NOT NULL JOBCODE CHAR(4) NOT NULL ) IN TS32 GRANT ALL ON ps_table TO PUBLICGRANT ALL ON ps_history TO PUBLIC
kind ConfigMapmetadata
name db2-createschema
IBM Cloud53
Deploying the Job to run the SQL
We deploy the Kubernetes job that runs the SQL on the MYDB database
$ kubectl apply ndashf single04yaml
jobbatchdb2-01-create-database-schema created
configmapdb2-createschema configured
We verify that the job has been created
$ kubectl get jobs
NAME COMPLETIONS DURATION AGE
db2-01-create-database-schema 01 0s 0s
Eventually the job completes
$ kubectl get jobs
NAME COMPLETIONS DURATION AGE
db2-01-create-database-schema 11 109s 45m
IBM Cloud54
Verifying the logs from the Job that runs the SQL on MYDBWe run a script to retrieve the logs form the job
binbash
kubectl config set-context $(kubectl config current-context) --namespace=stock-trader-data
pod=$(kubectl get pods --selector=job-name=db2-01-create-database-schema --output=jsonpath=items[]metadataname)
kubectl logs -f $pod
Output
[hellip]
DB20000I The SQL command completed successfully
GRANT ALL ON ps_table TO PUBLIC
DB20000I The SQL command completed successfully
GRANT ALL ON ps_history TO PUBLIC
DB20000I The SQL command completed successfully
Database mydb has been configured
IBM Cloud55
Deploying Data Server Manager (DSM) with the GUI
IBM Cloud56
Deploying Data Server Manager (DSM) with the GUI (2)
IBM Cloud57
Getting the URL of Data Server Manager
We need to query Kubernetes for the URL of the DSM GUI
binbash
export NODE_PORT=$(kubectl get --namespace stock-trader-data -o jsonpath=spec
ports[1]nodePort services dsm-01-ibm-dsm-dev)
export NODE_IP=$(kubectl get nodes --namespace stock-trader-data -o jsonpath=
items[0]statusaddresses[0]address)
echo https$NODE_IP$NODE_PORT
=gt https1921682710030462 (can be different on your system)
IBM Cloud58
Accessing Data Server Manager
IBM Cloud59
Data Server Manager HomepageAll Db2 OLTP instances running in the
same namespace as DSM will be auto-
discovered and monitored by DSM
IBM Cloud60
DSM Kubernetes resources (12)$ helm status dsm-01 --tlsLAST DEPLOYED Mon Sep 16 120102 2019NAMESPACE stock-trader-dataSTATUS DEPLOYED
RESOURCES==gt v1RoleBindingNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGEdsm-01-repository NodePort 1000233 ltnonegt 5000032695TCP5500032203TCP 8mdsm-01-ibm-dsm-dev NodePort 100085 ltnonegt 1108032444TCP1108130462TCP 8m
==gt v1beta1DeploymentNAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGEdsm-01-repository 1 1 1 1 8mdsm-01-ibm-dsm-dev 1 1 1 1 8m
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdsm-01-repository-76f87d47d4-dlqh4 11 Running 0 8mdsm-01-ibm-dsm-dev-b976d89bd-dflqn 22 Running 0 8m
2 RoleBindings
2 Services
1x Db2 (repodb)
1x DSM
2 Deployments
2 Pods
1 Db2 1 DSM
IBM Cloud61
DSM Kubernetes resources (22)
[hellip]==gt v1SecretNAME TYPE DATA AGEdsm-01-repository-db2-passwd Opaque 1 8mdsm-01-ibm-dsm-dev-dsm-passwd Opaque 1 8m
==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGEdsm-01-repository-data-stor Bound vol14 20Gi RWO 8mdsm-01-ibm-dsm-dev-datavolume Bound vol12 20Gi RWO 8m
==gt v1ServiceAccountNAME SECRETS AGEdsm-repodb-dsm-01-repository 1 8mdsm-dsm-01-ibm-dsm-dev 1 8m
==gt v1RoleNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
2 Secrets 1 DSM
asmin 1 Db2
instance owner
2 PVCs 1 DSM
Db2
3 Roles
IBM Cloud62
Additional Resources
IBM Cloud63
Additional Resources ndash Kubernetes Docker Helm
Kubernetes
minus httpskubernetesiodocstutorialskubernetes-basics
Kubernetes in the Enterprise eBook
minus ibmbizBdYA4i
Docker
minus httpsdocsdockercomget-started
Docker Hub
minus httpshubdockercom
Helm
minus httpshelmshdocs
IBM Cloud64
Additional Resources ndash IBM Cloud Private OpenShift
IBM Cloud Private Documentation
minus httpswwwibmcomsupportknowledgecenterenSSBS6K_320kc_welcome_containershtml
Deploy IBM Cloud Private Community Edition using Vagrant
minus httpsgithubcomIBMdeploy-ibm-cloud-privateblobmasterdocsdeploy-vagrantmd
Red Hat OpenShift Container Platform Documentation
minus httpsdocsopenshiftcomcontainer-platform41welcomeindexhtml
IBM Cloud65
Additional Resources ndash Db2 Db2Wh DSMDb2 Integration into IBM Cloud Private
minus httpsdeveloperibmcomrecipestutorialsdb2-integration-into-ibm-cloud-private
Db2 on IBM Cloud Private with Red Hat OpenShift
minus httpsdeveloperibmcomrecipestutorialsibm-db2-on-ibm-cloud-private-with-redhat-openshift
IBM Db2 Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-db2oltp-dev
IBM Data Server Manager Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-dsm-dev
Deploying Db2 Warehouse SMP using Kubernetes
minus httpswwwibmcomsupportknowledgecenterenSSCJDQcomibmswgimdashdbdocadmindeploy_kubernetes_smphtml
Deploying Db2 Warehouse SMP and MPP on IBM Cloud Pak for Data
minus httpswwwibmcomsupportknowledgecenterenSSQNUZ_210comibmicpdatadoczenadmindb-reqshtmldb-reqs__db2warehouse
IBM Cloud66
Presentation on Db2 and Docker from Db2 Aktuell 2018
IBM Cloud67
Summary
IBM Cloud68
Summary
Micro Services and Containers
Kubernetes Basics
Deploying Db2 on Kubernetes
minus Db2 OLTP Single Server
minus Db2 OLTP HADR
minus Data Server Manager (DSM)
Additional Resources
Summary
IBM Cloud69
Claus Huempel IBM Deutschland GmbH
Karl-Arnold-Platz 1a
Technical Sales Professional 40474 Duesseldorf
Hybrid Data Management Germany
Mobile +49-177-3627278
Email chuempeldeibmcom
Thank You
IBM Cloud70
IBM Cloud47
Kubernetes resources for Db2 OLTP$ helm status db2-01 --tlsNAME db2-01LAST DEPLOYED Sun Sep 15 081114 2019NAMESPACE stock-trader-dataSTATUS DEPLOYEDRESOURCES==gt v1SecretNAME TYPE DATA AGEdb2-01-ibm-db2oltp-dev Opaque 1 1s==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
db2-01-data-stor Bound vol12 20Gi RWO 1s
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
db2-01-ibm-db2oltp-dev-db2 NodePort 100050 ltnonegt 5000030463TCP5500032236TCP 1sdb2-01-ibm-db2oltp-dev ClusterIP None ltnonegt 50000TCP55000TCP60006TCP60007TCP 1s==gt v1StatefulSetNAME DESIRED CURRENT AGE
db2-01-ibm-db2oltp-dev 1 1 1s
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdb2-01-ibm-db2oltp-dev-0 01 Init01 0 1s 1 Pod runs
the Db2
container
2 Services for
Db2 1x external
1x internal
1 StatefulSet
DESIRED = 1
1 PVC (RWO) for db
files logs amp config
1 Secret
Db2 instance
owner password
IBM Cloud48
Helm install command for deploying Db2 OLTP HADR
Setting up a Db2 OLTP v111 HADR cluster pair in 5 minutes with 1 command
helm install --name db2-02 ibm-chartsibm-db2oltp-dev
--tls
--set db2instinstname=db2inst1
--set db2instpassword=passw0rd
--set optionsdatabaseName=HADB
--set dataVolumesize=20Gi--set hadrenabled=true
Additional parameter
hadrenabled set to true to
indicate that we want a
HADR setup
IBM Cloud49
Verify that Db2 HADR is working
IBM Cloud50
Kubernetes resources for Db2 OTLP HADRNAME db2-02LAST DEPLOYED Tue Sep 17 082433 2019NAMESPACE stock-trader-dataSTATUS DEPLOYEDRESOURCES==gt v1SecretNAME TYPE DATA AGEdb2-02-ibm-db2oltp-dev Opaque 1 1s==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
db2-02-hadr-stor Bound vol09 20Gi RWX 1s
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
db2-02-ibm-db2oltp-dev-db2 NodePort 100061 ltnonegt 5000032422TCP5500032181TCP 1sdb2-02-ibm-db2oltp-dev ClusterIP None ltnonegt 50000TCP55000TCP60006TCP60007TCP 1sdb2-02-ibm-db2oltp-dev-etcd ClusterIP None ltnonegt 2380TCP2379TCP 1s==gt v1StatefulSetNAME DESIRED CURRENT AGE
db2-02-ibm-db2oltp-dev 2 2 1s
==gt v1beta2StatefulSet
db2-02-ibm-db2oltp-dev-etcd 3 0 1s
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdb2-02-ibm-db2oltp-dev-0 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-1 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-etcd-0 01 ContainerCreating 0 1sdb2-02-ibm-db2oltp-dev-etcd-1 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-etcd-2 01 Pending 0 1s
5 Pods
2x Db2 3x etcd
3 Services
2x Db2 1x etcd
2 StatefulSets
Db2 DESIRED=2
etcd DESIRED=3
1 PVC (RWX)
for HADR setup (1)
1 Secret
Db2 instance
owner password
(1) 5 addntl PVCs are being created
implicitly for 2x Db2 and 3x etcd
IBM Cloud51
Kubernetes Job to deploy SQL $ cat single04yamlapiVersion batchv1kind Jobmetadata
name db2-01-create-database-schemaspec
templatespec
containers- name db2-01-create-database-schema
image storeibmcorpdb2_developer_c11144-x86_64command [ binsh-cscriptsdb2-setupsh ]volumeMounts- name db2-createschema
mountPath scriptssecurityContext
capabilitiesadd [SYS_RESOURCE IPC_OWNER SYS_NICE]
env- name LICENSE
value accept- name DB2INSTANCE
value db2inst1- name DB2INST1_PASSWORD
valueFromsecretKeyRef
name db2-01-ibm-db2oltp-devkey password
- name DB2_SERVICE_NAMEvalue db2-01-ibm-db2oltp-dev
- name DBNAMEvalue mydb
restartPolicy Nevervolumes- name db2-createschema
configMapname db2-createschemadefaultMode 0744
backoffLimit 1---apiVersion v1data
db2-setupsh |binshexport SETUPDIR=vardb2_setupsource $SETUPDIRincludedb2_constantssource $SETUPDIRincludedb2_common_functionsif getent passwd $DB2INSTANCE gt devnull 2gtamp1 then
echo () Previous setup has not been detected Creating create_users
fiif create_instance then
exit 1fistart_db2cp scriptsdb2-createschemash databasedb2-createschemashchmod +x databasedb2-createschemashsu - $DB2INSTANCE -c databasedb2-createschemash
$DB2_SERVICE_NAME $DB2INSTANCEldquo$DB2INST1_PASSWORD $DBNAME
IBM Cloud52
Kubernetes Job to deploy SQL (contrsquod)db2-createschemash |
binshDB2_SERVICE_NAME=$1DB2INSTANCE=$2DB2INST1_PASSWORD=$3DBNAME=$4echo Configure schema for database $DBNAME on host $DB2_SERVICE_NAMEdb2 catalog tcpip node DB2NODE remote $DB2_SERVICE_NAME server 50000db2 catalog db $DBNAME as $DBNAME at node DB2NODEdb2 terminatedb2 activate database $DBNAME user $DB2INSTANCE using $DB2INST1_PASSWORDdb2 connect to $DBNAME user $DB2INSTANCE using $DB2INST1_PASSWORDsleep 2db2 -tvmf scriptsps-bp-tbspsqlsleep 10db2 -tvmf scriptsps-tablessqlecho Database $DBNAME has been configured
ps-bp-tbspsql |CREATE BUFFERPOOL BP32K PAGESIZE 32KCREATE TABLESPACE TS32 PAGESIZE 32K BUFFERPOOL BP32K
ps-tablessql |CREATE TABLE PS_TABLE(PS_TABLE_ID INTEGER NOT NULL GENERATED ALWAYS AS IDENTITY (START WITH 100000 INCREMENT BY 5) [hellip] IN TS32INSERT INTO PS_TABLE (SSNFIRST_NAMELAST_NAMEJOB_CODEDEPTSALARYDOB) WITH TEMP1 [hellip] CREATE TABLE PS_HISTORY ( FIRSTNAME VARCHAR(20) NOT NULL LASTNAME VARCHAR(20) NOT NULL JOBCODE CHAR(4) NOT NULL ) IN TS32 GRANT ALL ON ps_table TO PUBLICGRANT ALL ON ps_history TO PUBLIC
kind ConfigMapmetadata
name db2-createschema
IBM Cloud53
Deploying the Job to run the SQL
We deploy the Kubernetes job that runs the SQL on the MYDB database
$ kubectl apply ndashf single04yaml
jobbatchdb2-01-create-database-schema created
configmapdb2-createschema configured
We verify that the job has been created
$ kubectl get jobs
NAME COMPLETIONS DURATION AGE
db2-01-create-database-schema 01 0s 0s
Eventually the job completes
$ kubectl get jobs
NAME COMPLETIONS DURATION AGE
db2-01-create-database-schema 11 109s 45m
IBM Cloud54
Verifying the logs from the Job that runs the SQL on MYDBWe run a script to retrieve the logs form the job
binbash
kubectl config set-context $(kubectl config current-context) --namespace=stock-trader-data
pod=$(kubectl get pods --selector=job-name=db2-01-create-database-schema --output=jsonpath=items[]metadataname)
kubectl logs -f $pod
Output
[hellip]
DB20000I The SQL command completed successfully
GRANT ALL ON ps_table TO PUBLIC
DB20000I The SQL command completed successfully
GRANT ALL ON ps_history TO PUBLIC
DB20000I The SQL command completed successfully
Database mydb has been configured
IBM Cloud55
Deploying Data Server Manager (DSM) with the GUI
IBM Cloud56
Deploying Data Server Manager (DSM) with the GUI (2)
IBM Cloud57
Getting the URL of Data Server Manager
We need to query Kubernetes for the URL of the DSM GUI
binbash
export NODE_PORT=$(kubectl get --namespace stock-trader-data -o jsonpath=spec
ports[1]nodePort services dsm-01-ibm-dsm-dev)
export NODE_IP=$(kubectl get nodes --namespace stock-trader-data -o jsonpath=
items[0]statusaddresses[0]address)
echo https$NODE_IP$NODE_PORT
=gt https1921682710030462 (can be different on your system)
IBM Cloud58
Accessing Data Server Manager
IBM Cloud59
Data Server Manager HomepageAll Db2 OLTP instances running in the
same namespace as DSM will be auto-
discovered and monitored by DSM
IBM Cloud60
DSM Kubernetes resources (12)$ helm status dsm-01 --tlsLAST DEPLOYED Mon Sep 16 120102 2019NAMESPACE stock-trader-dataSTATUS DEPLOYED
RESOURCES==gt v1RoleBindingNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGEdsm-01-repository NodePort 1000233 ltnonegt 5000032695TCP5500032203TCP 8mdsm-01-ibm-dsm-dev NodePort 100085 ltnonegt 1108032444TCP1108130462TCP 8m
==gt v1beta1DeploymentNAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGEdsm-01-repository 1 1 1 1 8mdsm-01-ibm-dsm-dev 1 1 1 1 8m
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdsm-01-repository-76f87d47d4-dlqh4 11 Running 0 8mdsm-01-ibm-dsm-dev-b976d89bd-dflqn 22 Running 0 8m
2 RoleBindings
2 Services
1x Db2 (repodb)
1x DSM
2 Deployments
2 Pods
1 Db2 1 DSM
IBM Cloud61
DSM Kubernetes resources (22)
[hellip]==gt v1SecretNAME TYPE DATA AGEdsm-01-repository-db2-passwd Opaque 1 8mdsm-01-ibm-dsm-dev-dsm-passwd Opaque 1 8m
==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGEdsm-01-repository-data-stor Bound vol14 20Gi RWO 8mdsm-01-ibm-dsm-dev-datavolume Bound vol12 20Gi RWO 8m
==gt v1ServiceAccountNAME SECRETS AGEdsm-repodb-dsm-01-repository 1 8mdsm-dsm-01-ibm-dsm-dev 1 8m
==gt v1RoleNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
2 Secrets 1 DSM
asmin 1 Db2
instance owner
2 PVCs 1 DSM
Db2
3 Roles
IBM Cloud62
Additional Resources
IBM Cloud63
Additional Resources ndash Kubernetes Docker Helm
Kubernetes
minus httpskubernetesiodocstutorialskubernetes-basics
Kubernetes in the Enterprise eBook
minus ibmbizBdYA4i
Docker
minus httpsdocsdockercomget-started
Docker Hub
minus httpshubdockercom
Helm
minus httpshelmshdocs
IBM Cloud64
Additional Resources ndash IBM Cloud Private OpenShift
IBM Cloud Private Documentation
minus httpswwwibmcomsupportknowledgecenterenSSBS6K_320kc_welcome_containershtml
Deploy IBM Cloud Private Community Edition using Vagrant
minus httpsgithubcomIBMdeploy-ibm-cloud-privateblobmasterdocsdeploy-vagrantmd
Red Hat OpenShift Container Platform Documentation
minus httpsdocsopenshiftcomcontainer-platform41welcomeindexhtml
IBM Cloud65
Additional Resources ndash Db2 Db2Wh DSMDb2 Integration into IBM Cloud Private
minus httpsdeveloperibmcomrecipestutorialsdb2-integration-into-ibm-cloud-private
Db2 on IBM Cloud Private with Red Hat OpenShift
minus httpsdeveloperibmcomrecipestutorialsibm-db2-on-ibm-cloud-private-with-redhat-openshift
IBM Db2 Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-db2oltp-dev
IBM Data Server Manager Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-dsm-dev
Deploying Db2 Warehouse SMP using Kubernetes
minus httpswwwibmcomsupportknowledgecenterenSSCJDQcomibmswgimdashdbdocadmindeploy_kubernetes_smphtml
Deploying Db2 Warehouse SMP and MPP on IBM Cloud Pak for Data
minus httpswwwibmcomsupportknowledgecenterenSSQNUZ_210comibmicpdatadoczenadmindb-reqshtmldb-reqs__db2warehouse
IBM Cloud66
Presentation on Db2 and Docker from Db2 Aktuell 2018
IBM Cloud67
Summary
IBM Cloud68
Summary
Micro Services and Containers
Kubernetes Basics
Deploying Db2 on Kubernetes
minus Db2 OLTP Single Server
minus Db2 OLTP HADR
minus Data Server Manager (DSM)
Additional Resources
Summary
IBM Cloud69
Claus Huempel IBM Deutschland GmbH
Karl-Arnold-Platz 1a
Technical Sales Professional 40474 Duesseldorf
Hybrid Data Management Germany
Mobile +49-177-3627278
Email chuempeldeibmcom
Thank You
IBM Cloud70
IBM Cloud48
Helm install command for deploying Db2 OLTP HADR
Setting up a Db2 OLTP v111 HADR cluster pair in 5 minutes with 1 command
helm install --name db2-02 ibm-chartsibm-db2oltp-dev
--tls
--set db2instinstname=db2inst1
--set db2instpassword=passw0rd
--set optionsdatabaseName=HADB
--set dataVolumesize=20Gi--set hadrenabled=true
Additional parameter
hadrenabled set to true to
indicate that we want a
HADR setup
IBM Cloud49
Verify that Db2 HADR is working
IBM Cloud50
Kubernetes resources for Db2 OTLP HADRNAME db2-02LAST DEPLOYED Tue Sep 17 082433 2019NAMESPACE stock-trader-dataSTATUS DEPLOYEDRESOURCES==gt v1SecretNAME TYPE DATA AGEdb2-02-ibm-db2oltp-dev Opaque 1 1s==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
db2-02-hadr-stor Bound vol09 20Gi RWX 1s
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
db2-02-ibm-db2oltp-dev-db2 NodePort 100061 ltnonegt 5000032422TCP5500032181TCP 1sdb2-02-ibm-db2oltp-dev ClusterIP None ltnonegt 50000TCP55000TCP60006TCP60007TCP 1sdb2-02-ibm-db2oltp-dev-etcd ClusterIP None ltnonegt 2380TCP2379TCP 1s==gt v1StatefulSetNAME DESIRED CURRENT AGE
db2-02-ibm-db2oltp-dev 2 2 1s
==gt v1beta2StatefulSet
db2-02-ibm-db2oltp-dev-etcd 3 0 1s
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdb2-02-ibm-db2oltp-dev-0 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-1 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-etcd-0 01 ContainerCreating 0 1sdb2-02-ibm-db2oltp-dev-etcd-1 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-etcd-2 01 Pending 0 1s
5 Pods
2x Db2 3x etcd
3 Services
2x Db2 1x etcd
2 StatefulSets
Db2 DESIRED=2
etcd DESIRED=3
1 PVC (RWX)
for HADR setup (1)
1 Secret
Db2 instance
owner password
(1) 5 addntl PVCs are being created
implicitly for 2x Db2 and 3x etcd
IBM Cloud51
Kubernetes Job to deploy SQL $ cat single04yamlapiVersion batchv1kind Jobmetadata
name db2-01-create-database-schemaspec
templatespec
containers- name db2-01-create-database-schema
image storeibmcorpdb2_developer_c11144-x86_64command [ binsh-cscriptsdb2-setupsh ]volumeMounts- name db2-createschema
mountPath scriptssecurityContext
capabilitiesadd [SYS_RESOURCE IPC_OWNER SYS_NICE]
env- name LICENSE
value accept- name DB2INSTANCE
value db2inst1- name DB2INST1_PASSWORD
valueFromsecretKeyRef
name db2-01-ibm-db2oltp-devkey password
- name DB2_SERVICE_NAMEvalue db2-01-ibm-db2oltp-dev
- name DBNAMEvalue mydb
restartPolicy Nevervolumes- name db2-createschema
configMapname db2-createschemadefaultMode 0744
backoffLimit 1---apiVersion v1data
db2-setupsh |binshexport SETUPDIR=vardb2_setupsource $SETUPDIRincludedb2_constantssource $SETUPDIRincludedb2_common_functionsif getent passwd $DB2INSTANCE gt devnull 2gtamp1 then
echo () Previous setup has not been detected Creating create_users
fiif create_instance then
exit 1fistart_db2cp scriptsdb2-createschemash databasedb2-createschemashchmod +x databasedb2-createschemashsu - $DB2INSTANCE -c databasedb2-createschemash
$DB2_SERVICE_NAME $DB2INSTANCEldquo$DB2INST1_PASSWORD $DBNAME
IBM Cloud52
Kubernetes Job to deploy SQL (contrsquod)db2-createschemash |
binshDB2_SERVICE_NAME=$1DB2INSTANCE=$2DB2INST1_PASSWORD=$3DBNAME=$4echo Configure schema for database $DBNAME on host $DB2_SERVICE_NAMEdb2 catalog tcpip node DB2NODE remote $DB2_SERVICE_NAME server 50000db2 catalog db $DBNAME as $DBNAME at node DB2NODEdb2 terminatedb2 activate database $DBNAME user $DB2INSTANCE using $DB2INST1_PASSWORDdb2 connect to $DBNAME user $DB2INSTANCE using $DB2INST1_PASSWORDsleep 2db2 -tvmf scriptsps-bp-tbspsqlsleep 10db2 -tvmf scriptsps-tablessqlecho Database $DBNAME has been configured
ps-bp-tbspsql |CREATE BUFFERPOOL BP32K PAGESIZE 32KCREATE TABLESPACE TS32 PAGESIZE 32K BUFFERPOOL BP32K
ps-tablessql |CREATE TABLE PS_TABLE(PS_TABLE_ID INTEGER NOT NULL GENERATED ALWAYS AS IDENTITY (START WITH 100000 INCREMENT BY 5) [hellip] IN TS32INSERT INTO PS_TABLE (SSNFIRST_NAMELAST_NAMEJOB_CODEDEPTSALARYDOB) WITH TEMP1 [hellip] CREATE TABLE PS_HISTORY ( FIRSTNAME VARCHAR(20) NOT NULL LASTNAME VARCHAR(20) NOT NULL JOBCODE CHAR(4) NOT NULL ) IN TS32 GRANT ALL ON ps_table TO PUBLICGRANT ALL ON ps_history TO PUBLIC
kind ConfigMapmetadata
name db2-createschema
IBM Cloud53
Deploying the Job to run the SQL
We deploy the Kubernetes job that runs the SQL on the MYDB database
$ kubectl apply ndashf single04yaml
jobbatchdb2-01-create-database-schema created
configmapdb2-createschema configured
We verify that the job has been created
$ kubectl get jobs
NAME COMPLETIONS DURATION AGE
db2-01-create-database-schema 01 0s 0s
Eventually the job completes
$ kubectl get jobs
NAME COMPLETIONS DURATION AGE
db2-01-create-database-schema 11 109s 45m
IBM Cloud54
Verifying the logs from the Job that runs the SQL on MYDBWe run a script to retrieve the logs form the job
binbash
kubectl config set-context $(kubectl config current-context) --namespace=stock-trader-data
pod=$(kubectl get pods --selector=job-name=db2-01-create-database-schema --output=jsonpath=items[]metadataname)
kubectl logs -f $pod
Output
[hellip]
DB20000I The SQL command completed successfully
GRANT ALL ON ps_table TO PUBLIC
DB20000I The SQL command completed successfully
GRANT ALL ON ps_history TO PUBLIC
DB20000I The SQL command completed successfully
Database mydb has been configured
IBM Cloud55
Deploying Data Server Manager (DSM) with the GUI
IBM Cloud56
Deploying Data Server Manager (DSM) with the GUI (2)
IBM Cloud57
Getting the URL of Data Server Manager
We need to query Kubernetes for the URL of the DSM GUI
binbash
export NODE_PORT=$(kubectl get --namespace stock-trader-data -o jsonpath=spec
ports[1]nodePort services dsm-01-ibm-dsm-dev)
export NODE_IP=$(kubectl get nodes --namespace stock-trader-data -o jsonpath=
items[0]statusaddresses[0]address)
echo https$NODE_IP$NODE_PORT
=gt https1921682710030462 (can be different on your system)
IBM Cloud58
Accessing Data Server Manager
IBM Cloud59
Data Server Manager HomepageAll Db2 OLTP instances running in the
same namespace as DSM will be auto-
discovered and monitored by DSM
IBM Cloud60
DSM Kubernetes resources (12)$ helm status dsm-01 --tlsLAST DEPLOYED Mon Sep 16 120102 2019NAMESPACE stock-trader-dataSTATUS DEPLOYED
RESOURCES==gt v1RoleBindingNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGEdsm-01-repository NodePort 1000233 ltnonegt 5000032695TCP5500032203TCP 8mdsm-01-ibm-dsm-dev NodePort 100085 ltnonegt 1108032444TCP1108130462TCP 8m
==gt v1beta1DeploymentNAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGEdsm-01-repository 1 1 1 1 8mdsm-01-ibm-dsm-dev 1 1 1 1 8m
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdsm-01-repository-76f87d47d4-dlqh4 11 Running 0 8mdsm-01-ibm-dsm-dev-b976d89bd-dflqn 22 Running 0 8m
2 RoleBindings
2 Services
1x Db2 (repodb)
1x DSM
2 Deployments
2 Pods
1 Db2 1 DSM
IBM Cloud61
DSM Kubernetes resources (22)
[hellip]==gt v1SecretNAME TYPE DATA AGEdsm-01-repository-db2-passwd Opaque 1 8mdsm-01-ibm-dsm-dev-dsm-passwd Opaque 1 8m
==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGEdsm-01-repository-data-stor Bound vol14 20Gi RWO 8mdsm-01-ibm-dsm-dev-datavolume Bound vol12 20Gi RWO 8m
==gt v1ServiceAccountNAME SECRETS AGEdsm-repodb-dsm-01-repository 1 8mdsm-dsm-01-ibm-dsm-dev 1 8m
==gt v1RoleNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
2 Secrets 1 DSM
asmin 1 Db2
instance owner
2 PVCs 1 DSM
Db2
3 Roles
IBM Cloud62
Additional Resources
IBM Cloud63
Additional Resources ndash Kubernetes Docker Helm
Kubernetes
minus httpskubernetesiodocstutorialskubernetes-basics
Kubernetes in the Enterprise eBook
minus ibmbizBdYA4i
Docker
minus httpsdocsdockercomget-started
Docker Hub
minus httpshubdockercom
Helm
minus httpshelmshdocs
IBM Cloud64
Additional Resources ndash IBM Cloud Private OpenShift
IBM Cloud Private Documentation
minus httpswwwibmcomsupportknowledgecenterenSSBS6K_320kc_welcome_containershtml
Deploy IBM Cloud Private Community Edition using Vagrant
minus httpsgithubcomIBMdeploy-ibm-cloud-privateblobmasterdocsdeploy-vagrantmd
Red Hat OpenShift Container Platform Documentation
minus httpsdocsopenshiftcomcontainer-platform41welcomeindexhtml
IBM Cloud65
Additional Resources ndash Db2 Db2Wh DSMDb2 Integration into IBM Cloud Private
minus httpsdeveloperibmcomrecipestutorialsdb2-integration-into-ibm-cloud-private
Db2 on IBM Cloud Private with Red Hat OpenShift
minus httpsdeveloperibmcomrecipestutorialsibm-db2-on-ibm-cloud-private-with-redhat-openshift
IBM Db2 Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-db2oltp-dev
IBM Data Server Manager Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-dsm-dev
Deploying Db2 Warehouse SMP using Kubernetes
minus httpswwwibmcomsupportknowledgecenterenSSCJDQcomibmswgimdashdbdocadmindeploy_kubernetes_smphtml
Deploying Db2 Warehouse SMP and MPP on IBM Cloud Pak for Data
minus httpswwwibmcomsupportknowledgecenterenSSQNUZ_210comibmicpdatadoczenadmindb-reqshtmldb-reqs__db2warehouse
IBM Cloud66
Presentation on Db2 and Docker from Db2 Aktuell 2018
IBM Cloud67
Summary
IBM Cloud68
Summary
Micro Services and Containers
Kubernetes Basics
Deploying Db2 on Kubernetes
minus Db2 OLTP Single Server
minus Db2 OLTP HADR
minus Data Server Manager (DSM)
Additional Resources
Summary
IBM Cloud69
Claus Huempel IBM Deutschland GmbH
Karl-Arnold-Platz 1a
Technical Sales Professional 40474 Duesseldorf
Hybrid Data Management Germany
Mobile +49-177-3627278
Email chuempeldeibmcom
Thank You
IBM Cloud70
IBM Cloud49
Verify that Db2 HADR is working
IBM Cloud50
Kubernetes resources for Db2 OTLP HADRNAME db2-02LAST DEPLOYED Tue Sep 17 082433 2019NAMESPACE stock-trader-dataSTATUS DEPLOYEDRESOURCES==gt v1SecretNAME TYPE DATA AGEdb2-02-ibm-db2oltp-dev Opaque 1 1s==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
db2-02-hadr-stor Bound vol09 20Gi RWX 1s
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
db2-02-ibm-db2oltp-dev-db2 NodePort 100061 ltnonegt 5000032422TCP5500032181TCP 1sdb2-02-ibm-db2oltp-dev ClusterIP None ltnonegt 50000TCP55000TCP60006TCP60007TCP 1sdb2-02-ibm-db2oltp-dev-etcd ClusterIP None ltnonegt 2380TCP2379TCP 1s==gt v1StatefulSetNAME DESIRED CURRENT AGE
db2-02-ibm-db2oltp-dev 2 2 1s
==gt v1beta2StatefulSet
db2-02-ibm-db2oltp-dev-etcd 3 0 1s
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdb2-02-ibm-db2oltp-dev-0 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-1 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-etcd-0 01 ContainerCreating 0 1sdb2-02-ibm-db2oltp-dev-etcd-1 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-etcd-2 01 Pending 0 1s
5 Pods
2x Db2 3x etcd
3 Services
2x Db2 1x etcd
2 StatefulSets
Db2 DESIRED=2
etcd DESIRED=3
1 PVC (RWX)
for HADR setup (1)
1 Secret
Db2 instance
owner password
(1) 5 addntl PVCs are being created
implicitly for 2x Db2 and 3x etcd
IBM Cloud51
Kubernetes Job to deploy SQL $ cat single04yamlapiVersion batchv1kind Jobmetadata
name db2-01-create-database-schemaspec
templatespec
containers- name db2-01-create-database-schema
image storeibmcorpdb2_developer_c11144-x86_64command [ binsh-cscriptsdb2-setupsh ]volumeMounts- name db2-createschema
mountPath scriptssecurityContext
capabilitiesadd [SYS_RESOURCE IPC_OWNER SYS_NICE]
env- name LICENSE
value accept- name DB2INSTANCE
value db2inst1- name DB2INST1_PASSWORD
valueFromsecretKeyRef
name db2-01-ibm-db2oltp-devkey password
- name DB2_SERVICE_NAMEvalue db2-01-ibm-db2oltp-dev
- name DBNAMEvalue mydb
restartPolicy Nevervolumes- name db2-createschema
configMapname db2-createschemadefaultMode 0744
backoffLimit 1---apiVersion v1data
db2-setupsh |binshexport SETUPDIR=vardb2_setupsource $SETUPDIRincludedb2_constantssource $SETUPDIRincludedb2_common_functionsif getent passwd $DB2INSTANCE gt devnull 2gtamp1 then
echo () Previous setup has not been detected Creating create_users
fiif create_instance then
exit 1fistart_db2cp scriptsdb2-createschemash databasedb2-createschemashchmod +x databasedb2-createschemashsu - $DB2INSTANCE -c databasedb2-createschemash
$DB2_SERVICE_NAME $DB2INSTANCEldquo$DB2INST1_PASSWORD $DBNAME
IBM Cloud52
Kubernetes Job to deploy SQL (contrsquod)db2-createschemash |
binshDB2_SERVICE_NAME=$1DB2INSTANCE=$2DB2INST1_PASSWORD=$3DBNAME=$4echo Configure schema for database $DBNAME on host $DB2_SERVICE_NAMEdb2 catalog tcpip node DB2NODE remote $DB2_SERVICE_NAME server 50000db2 catalog db $DBNAME as $DBNAME at node DB2NODEdb2 terminatedb2 activate database $DBNAME user $DB2INSTANCE using $DB2INST1_PASSWORDdb2 connect to $DBNAME user $DB2INSTANCE using $DB2INST1_PASSWORDsleep 2db2 -tvmf scriptsps-bp-tbspsqlsleep 10db2 -tvmf scriptsps-tablessqlecho Database $DBNAME has been configured
ps-bp-tbspsql |CREATE BUFFERPOOL BP32K PAGESIZE 32KCREATE TABLESPACE TS32 PAGESIZE 32K BUFFERPOOL BP32K
ps-tablessql |CREATE TABLE PS_TABLE(PS_TABLE_ID INTEGER NOT NULL GENERATED ALWAYS AS IDENTITY (START WITH 100000 INCREMENT BY 5) [hellip] IN TS32INSERT INTO PS_TABLE (SSNFIRST_NAMELAST_NAMEJOB_CODEDEPTSALARYDOB) WITH TEMP1 [hellip] CREATE TABLE PS_HISTORY ( FIRSTNAME VARCHAR(20) NOT NULL LASTNAME VARCHAR(20) NOT NULL JOBCODE CHAR(4) NOT NULL ) IN TS32 GRANT ALL ON ps_table TO PUBLICGRANT ALL ON ps_history TO PUBLIC
kind ConfigMapmetadata
name db2-createschema
IBM Cloud53
Deploying the Job to run the SQL
We deploy the Kubernetes job that runs the SQL on the MYDB database
$ kubectl apply ndashf single04yaml
jobbatchdb2-01-create-database-schema created
configmapdb2-createschema configured
We verify that the job has been created
$ kubectl get jobs
NAME COMPLETIONS DURATION AGE
db2-01-create-database-schema 01 0s 0s
Eventually the job completes
$ kubectl get jobs
NAME COMPLETIONS DURATION AGE
db2-01-create-database-schema 11 109s 45m
IBM Cloud54
Verifying the logs from the Job that runs the SQL on MYDBWe run a script to retrieve the logs form the job
binbash
kubectl config set-context $(kubectl config current-context) --namespace=stock-trader-data
pod=$(kubectl get pods --selector=job-name=db2-01-create-database-schema --output=jsonpath=items[]metadataname)
kubectl logs -f $pod
Output
[hellip]
DB20000I The SQL command completed successfully
GRANT ALL ON ps_table TO PUBLIC
DB20000I The SQL command completed successfully
GRANT ALL ON ps_history TO PUBLIC
DB20000I The SQL command completed successfully
Database mydb has been configured
IBM Cloud55
Deploying Data Server Manager (DSM) with the GUI
IBM Cloud56
Deploying Data Server Manager (DSM) with the GUI (2)
IBM Cloud57
Getting the URL of Data Server Manager
We need to query Kubernetes for the URL of the DSM GUI
binbash
export NODE_PORT=$(kubectl get --namespace stock-trader-data -o jsonpath=spec
ports[1]nodePort services dsm-01-ibm-dsm-dev)
export NODE_IP=$(kubectl get nodes --namespace stock-trader-data -o jsonpath=
items[0]statusaddresses[0]address)
echo https$NODE_IP$NODE_PORT
=gt https1921682710030462 (can be different on your system)
IBM Cloud58
Accessing Data Server Manager
IBM Cloud59
Data Server Manager HomepageAll Db2 OLTP instances running in the
same namespace as DSM will be auto-
discovered and monitored by DSM
IBM Cloud60
DSM Kubernetes resources (12)$ helm status dsm-01 --tlsLAST DEPLOYED Mon Sep 16 120102 2019NAMESPACE stock-trader-dataSTATUS DEPLOYED
RESOURCES==gt v1RoleBindingNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGEdsm-01-repository NodePort 1000233 ltnonegt 5000032695TCP5500032203TCP 8mdsm-01-ibm-dsm-dev NodePort 100085 ltnonegt 1108032444TCP1108130462TCP 8m
==gt v1beta1DeploymentNAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGEdsm-01-repository 1 1 1 1 8mdsm-01-ibm-dsm-dev 1 1 1 1 8m
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdsm-01-repository-76f87d47d4-dlqh4 11 Running 0 8mdsm-01-ibm-dsm-dev-b976d89bd-dflqn 22 Running 0 8m
2 RoleBindings
2 Services
1x Db2 (repodb)
1x DSM
2 Deployments
2 Pods
1 Db2 1 DSM
IBM Cloud61
DSM Kubernetes resources (22)
[hellip]==gt v1SecretNAME TYPE DATA AGEdsm-01-repository-db2-passwd Opaque 1 8mdsm-01-ibm-dsm-dev-dsm-passwd Opaque 1 8m
==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGEdsm-01-repository-data-stor Bound vol14 20Gi RWO 8mdsm-01-ibm-dsm-dev-datavolume Bound vol12 20Gi RWO 8m
==gt v1ServiceAccountNAME SECRETS AGEdsm-repodb-dsm-01-repository 1 8mdsm-dsm-01-ibm-dsm-dev 1 8m
==gt v1RoleNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
2 Secrets 1 DSM
asmin 1 Db2
instance owner
2 PVCs 1 DSM
Db2
3 Roles
IBM Cloud62
Additional Resources
IBM Cloud63
Additional Resources ndash Kubernetes Docker Helm
Kubernetes
minus httpskubernetesiodocstutorialskubernetes-basics
Kubernetes in the Enterprise eBook
minus ibmbizBdYA4i
Docker
minus httpsdocsdockercomget-started
Docker Hub
minus httpshubdockercom
Helm
minus httpshelmshdocs
IBM Cloud64
Additional Resources ndash IBM Cloud Private OpenShift
IBM Cloud Private Documentation
minus httpswwwibmcomsupportknowledgecenterenSSBS6K_320kc_welcome_containershtml
Deploy IBM Cloud Private Community Edition using Vagrant
minus httpsgithubcomIBMdeploy-ibm-cloud-privateblobmasterdocsdeploy-vagrantmd
Red Hat OpenShift Container Platform Documentation
minus httpsdocsopenshiftcomcontainer-platform41welcomeindexhtml
IBM Cloud65
Additional Resources ndash Db2 Db2Wh DSMDb2 Integration into IBM Cloud Private
minus httpsdeveloperibmcomrecipestutorialsdb2-integration-into-ibm-cloud-private
Db2 on IBM Cloud Private with Red Hat OpenShift
minus httpsdeveloperibmcomrecipestutorialsibm-db2-on-ibm-cloud-private-with-redhat-openshift
IBM Db2 Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-db2oltp-dev
IBM Data Server Manager Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-dsm-dev
Deploying Db2 Warehouse SMP using Kubernetes
minus httpswwwibmcomsupportknowledgecenterenSSCJDQcomibmswgimdashdbdocadmindeploy_kubernetes_smphtml
Deploying Db2 Warehouse SMP and MPP on IBM Cloud Pak for Data
minus httpswwwibmcomsupportknowledgecenterenSSQNUZ_210comibmicpdatadoczenadmindb-reqshtmldb-reqs__db2warehouse
IBM Cloud66
Presentation on Db2 and Docker from Db2 Aktuell 2018
IBM Cloud67
Summary
IBM Cloud68
Summary
Micro Services and Containers
Kubernetes Basics
Deploying Db2 on Kubernetes
minus Db2 OLTP Single Server
minus Db2 OLTP HADR
minus Data Server Manager (DSM)
Additional Resources
Summary
IBM Cloud69
Claus Huempel IBM Deutschland GmbH
Karl-Arnold-Platz 1a
Technical Sales Professional 40474 Duesseldorf
Hybrid Data Management Germany
Mobile +49-177-3627278
Email chuempeldeibmcom
Thank You
IBM Cloud70
IBM Cloud50
Kubernetes resources for Db2 OTLP HADRNAME db2-02LAST DEPLOYED Tue Sep 17 082433 2019NAMESPACE stock-trader-dataSTATUS DEPLOYEDRESOURCES==gt v1SecretNAME TYPE DATA AGEdb2-02-ibm-db2oltp-dev Opaque 1 1s==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
db2-02-hadr-stor Bound vol09 20Gi RWX 1s
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
db2-02-ibm-db2oltp-dev-db2 NodePort 100061 ltnonegt 5000032422TCP5500032181TCP 1sdb2-02-ibm-db2oltp-dev ClusterIP None ltnonegt 50000TCP55000TCP60006TCP60007TCP 1sdb2-02-ibm-db2oltp-dev-etcd ClusterIP None ltnonegt 2380TCP2379TCP 1s==gt v1StatefulSetNAME DESIRED CURRENT AGE
db2-02-ibm-db2oltp-dev 2 2 1s
==gt v1beta2StatefulSet
db2-02-ibm-db2oltp-dev-etcd 3 0 1s
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdb2-02-ibm-db2oltp-dev-0 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-1 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-etcd-0 01 ContainerCreating 0 1sdb2-02-ibm-db2oltp-dev-etcd-1 01 Pending 0 1sdb2-02-ibm-db2oltp-dev-etcd-2 01 Pending 0 1s
5 Pods
2x Db2 3x etcd
3 Services
2x Db2 1x etcd
2 StatefulSets
Db2 DESIRED=2
etcd DESIRED=3
1 PVC (RWX)
for HADR setup (1)
1 Secret
Db2 instance
owner password
(1) 5 addntl PVCs are being created
implicitly for 2x Db2 and 3x etcd
IBM Cloud51
Kubernetes Job to deploy SQL $ cat single04yamlapiVersion batchv1kind Jobmetadata
name db2-01-create-database-schemaspec
templatespec
containers- name db2-01-create-database-schema
image storeibmcorpdb2_developer_c11144-x86_64command [ binsh-cscriptsdb2-setupsh ]volumeMounts- name db2-createschema
mountPath scriptssecurityContext
capabilitiesadd [SYS_RESOURCE IPC_OWNER SYS_NICE]
env- name LICENSE
value accept- name DB2INSTANCE
value db2inst1- name DB2INST1_PASSWORD
valueFromsecretKeyRef
name db2-01-ibm-db2oltp-devkey password
- name DB2_SERVICE_NAMEvalue db2-01-ibm-db2oltp-dev
- name DBNAMEvalue mydb
restartPolicy Nevervolumes- name db2-createschema
configMapname db2-createschemadefaultMode 0744
backoffLimit 1---apiVersion v1data
db2-setupsh |binshexport SETUPDIR=vardb2_setupsource $SETUPDIRincludedb2_constantssource $SETUPDIRincludedb2_common_functionsif getent passwd $DB2INSTANCE gt devnull 2gtamp1 then
echo () Previous setup has not been detected Creating create_users
fiif create_instance then
exit 1fistart_db2cp scriptsdb2-createschemash databasedb2-createschemashchmod +x databasedb2-createschemashsu - $DB2INSTANCE -c databasedb2-createschemash
$DB2_SERVICE_NAME $DB2INSTANCEldquo$DB2INST1_PASSWORD $DBNAME
IBM Cloud52
Kubernetes Job to deploy SQL (contrsquod)db2-createschemash |
binshDB2_SERVICE_NAME=$1DB2INSTANCE=$2DB2INST1_PASSWORD=$3DBNAME=$4echo Configure schema for database $DBNAME on host $DB2_SERVICE_NAMEdb2 catalog tcpip node DB2NODE remote $DB2_SERVICE_NAME server 50000db2 catalog db $DBNAME as $DBNAME at node DB2NODEdb2 terminatedb2 activate database $DBNAME user $DB2INSTANCE using $DB2INST1_PASSWORDdb2 connect to $DBNAME user $DB2INSTANCE using $DB2INST1_PASSWORDsleep 2db2 -tvmf scriptsps-bp-tbspsqlsleep 10db2 -tvmf scriptsps-tablessqlecho Database $DBNAME has been configured
ps-bp-tbspsql |CREATE BUFFERPOOL BP32K PAGESIZE 32KCREATE TABLESPACE TS32 PAGESIZE 32K BUFFERPOOL BP32K
ps-tablessql |CREATE TABLE PS_TABLE(PS_TABLE_ID INTEGER NOT NULL GENERATED ALWAYS AS IDENTITY (START WITH 100000 INCREMENT BY 5) [hellip] IN TS32INSERT INTO PS_TABLE (SSNFIRST_NAMELAST_NAMEJOB_CODEDEPTSALARYDOB) WITH TEMP1 [hellip] CREATE TABLE PS_HISTORY ( FIRSTNAME VARCHAR(20) NOT NULL LASTNAME VARCHAR(20) NOT NULL JOBCODE CHAR(4) NOT NULL ) IN TS32 GRANT ALL ON ps_table TO PUBLICGRANT ALL ON ps_history TO PUBLIC
kind ConfigMapmetadata
name db2-createschema
IBM Cloud53
Deploying the Job to run the SQL
We deploy the Kubernetes job that runs the SQL on the MYDB database
$ kubectl apply ndashf single04yaml
jobbatchdb2-01-create-database-schema created
configmapdb2-createschema configured
We verify that the job has been created
$ kubectl get jobs
NAME COMPLETIONS DURATION AGE
db2-01-create-database-schema 01 0s 0s
Eventually the job completes
$ kubectl get jobs
NAME COMPLETIONS DURATION AGE
db2-01-create-database-schema 11 109s 45m
IBM Cloud54
Verifying the logs from the Job that runs the SQL on MYDBWe run a script to retrieve the logs form the job
binbash
kubectl config set-context $(kubectl config current-context) --namespace=stock-trader-data
pod=$(kubectl get pods --selector=job-name=db2-01-create-database-schema --output=jsonpath=items[]metadataname)
kubectl logs -f $pod
Output
[hellip]
DB20000I The SQL command completed successfully
GRANT ALL ON ps_table TO PUBLIC
DB20000I The SQL command completed successfully
GRANT ALL ON ps_history TO PUBLIC
DB20000I The SQL command completed successfully
Database mydb has been configured
IBM Cloud55
Deploying Data Server Manager (DSM) with the GUI
IBM Cloud56
Deploying Data Server Manager (DSM) with the GUI (2)
IBM Cloud57
Getting the URL of Data Server Manager
We need to query Kubernetes for the URL of the DSM GUI
binbash
export NODE_PORT=$(kubectl get --namespace stock-trader-data -o jsonpath=spec
ports[1]nodePort services dsm-01-ibm-dsm-dev)
export NODE_IP=$(kubectl get nodes --namespace stock-trader-data -o jsonpath=
items[0]statusaddresses[0]address)
echo https$NODE_IP$NODE_PORT
=gt https1921682710030462 (can be different on your system)
IBM Cloud58
Accessing Data Server Manager
IBM Cloud59
Data Server Manager HomepageAll Db2 OLTP instances running in the
same namespace as DSM will be auto-
discovered and monitored by DSM
IBM Cloud60
DSM Kubernetes resources (12)$ helm status dsm-01 --tlsLAST DEPLOYED Mon Sep 16 120102 2019NAMESPACE stock-trader-dataSTATUS DEPLOYED
RESOURCES==gt v1RoleBindingNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGEdsm-01-repository NodePort 1000233 ltnonegt 5000032695TCP5500032203TCP 8mdsm-01-ibm-dsm-dev NodePort 100085 ltnonegt 1108032444TCP1108130462TCP 8m
==gt v1beta1DeploymentNAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGEdsm-01-repository 1 1 1 1 8mdsm-01-ibm-dsm-dev 1 1 1 1 8m
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdsm-01-repository-76f87d47d4-dlqh4 11 Running 0 8mdsm-01-ibm-dsm-dev-b976d89bd-dflqn 22 Running 0 8m
2 RoleBindings
2 Services
1x Db2 (repodb)
1x DSM
2 Deployments
2 Pods
1 Db2 1 DSM
IBM Cloud61
DSM Kubernetes resources (22)
[hellip]==gt v1SecretNAME TYPE DATA AGEdsm-01-repository-db2-passwd Opaque 1 8mdsm-01-ibm-dsm-dev-dsm-passwd Opaque 1 8m
==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGEdsm-01-repository-data-stor Bound vol14 20Gi RWO 8mdsm-01-ibm-dsm-dev-datavolume Bound vol12 20Gi RWO 8m
==gt v1ServiceAccountNAME SECRETS AGEdsm-repodb-dsm-01-repository 1 8mdsm-dsm-01-ibm-dsm-dev 1 8m
==gt v1RoleNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
2 Secrets 1 DSM
asmin 1 Db2
instance owner
2 PVCs 1 DSM
Db2
3 Roles
IBM Cloud62
Additional Resources
IBM Cloud63
Additional Resources ndash Kubernetes Docker Helm
Kubernetes
minus httpskubernetesiodocstutorialskubernetes-basics
Kubernetes in the Enterprise eBook
minus ibmbizBdYA4i
Docker
minus httpsdocsdockercomget-started
Docker Hub
minus httpshubdockercom
Helm
minus httpshelmshdocs
IBM Cloud64
Additional Resources ndash IBM Cloud Private OpenShift
IBM Cloud Private Documentation
minus httpswwwibmcomsupportknowledgecenterenSSBS6K_320kc_welcome_containershtml
Deploy IBM Cloud Private Community Edition using Vagrant
minus httpsgithubcomIBMdeploy-ibm-cloud-privateblobmasterdocsdeploy-vagrantmd
Red Hat OpenShift Container Platform Documentation
minus httpsdocsopenshiftcomcontainer-platform41welcomeindexhtml
IBM Cloud65
Additional Resources ndash Db2 Db2Wh DSMDb2 Integration into IBM Cloud Private
minus httpsdeveloperibmcomrecipestutorialsdb2-integration-into-ibm-cloud-private
Db2 on IBM Cloud Private with Red Hat OpenShift
minus httpsdeveloperibmcomrecipestutorialsibm-db2-on-ibm-cloud-private-with-redhat-openshift
IBM Db2 Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-db2oltp-dev
IBM Data Server Manager Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-dsm-dev
Deploying Db2 Warehouse SMP using Kubernetes
minus httpswwwibmcomsupportknowledgecenterenSSCJDQcomibmswgimdashdbdocadmindeploy_kubernetes_smphtml
Deploying Db2 Warehouse SMP and MPP on IBM Cloud Pak for Data
minus httpswwwibmcomsupportknowledgecenterenSSQNUZ_210comibmicpdatadoczenadmindb-reqshtmldb-reqs__db2warehouse
IBM Cloud66
Presentation on Db2 and Docker from Db2 Aktuell 2018
IBM Cloud67
Summary
IBM Cloud68
Summary
Micro Services and Containers
Kubernetes Basics
Deploying Db2 on Kubernetes
minus Db2 OLTP Single Server
minus Db2 OLTP HADR
minus Data Server Manager (DSM)
Additional Resources
Summary
IBM Cloud69
Claus Huempel IBM Deutschland GmbH
Karl-Arnold-Platz 1a
Technical Sales Professional 40474 Duesseldorf
Hybrid Data Management Germany
Mobile +49-177-3627278
Email chuempeldeibmcom
Thank You
IBM Cloud70
IBM Cloud51
Kubernetes Job to deploy SQL $ cat single04yamlapiVersion batchv1kind Jobmetadata
name db2-01-create-database-schemaspec
templatespec
containers- name db2-01-create-database-schema
image storeibmcorpdb2_developer_c11144-x86_64command [ binsh-cscriptsdb2-setupsh ]volumeMounts- name db2-createschema
mountPath scriptssecurityContext
capabilitiesadd [SYS_RESOURCE IPC_OWNER SYS_NICE]
env- name LICENSE
value accept- name DB2INSTANCE
value db2inst1- name DB2INST1_PASSWORD
valueFromsecretKeyRef
name db2-01-ibm-db2oltp-devkey password
- name DB2_SERVICE_NAMEvalue db2-01-ibm-db2oltp-dev
- name DBNAMEvalue mydb
restartPolicy Nevervolumes- name db2-createschema
configMapname db2-createschemadefaultMode 0744
backoffLimit 1---apiVersion v1data
db2-setupsh |binshexport SETUPDIR=vardb2_setupsource $SETUPDIRincludedb2_constantssource $SETUPDIRincludedb2_common_functionsif getent passwd $DB2INSTANCE gt devnull 2gtamp1 then
echo () Previous setup has not been detected Creating create_users
fiif create_instance then
exit 1fistart_db2cp scriptsdb2-createschemash databasedb2-createschemashchmod +x databasedb2-createschemashsu - $DB2INSTANCE -c databasedb2-createschemash
$DB2_SERVICE_NAME $DB2INSTANCEldquo$DB2INST1_PASSWORD $DBNAME
IBM Cloud52
Kubernetes Job to deploy SQL (contrsquod)db2-createschemash |
binshDB2_SERVICE_NAME=$1DB2INSTANCE=$2DB2INST1_PASSWORD=$3DBNAME=$4echo Configure schema for database $DBNAME on host $DB2_SERVICE_NAMEdb2 catalog tcpip node DB2NODE remote $DB2_SERVICE_NAME server 50000db2 catalog db $DBNAME as $DBNAME at node DB2NODEdb2 terminatedb2 activate database $DBNAME user $DB2INSTANCE using $DB2INST1_PASSWORDdb2 connect to $DBNAME user $DB2INSTANCE using $DB2INST1_PASSWORDsleep 2db2 -tvmf scriptsps-bp-tbspsqlsleep 10db2 -tvmf scriptsps-tablessqlecho Database $DBNAME has been configured
ps-bp-tbspsql |CREATE BUFFERPOOL BP32K PAGESIZE 32KCREATE TABLESPACE TS32 PAGESIZE 32K BUFFERPOOL BP32K
ps-tablessql |CREATE TABLE PS_TABLE(PS_TABLE_ID INTEGER NOT NULL GENERATED ALWAYS AS IDENTITY (START WITH 100000 INCREMENT BY 5) [hellip] IN TS32INSERT INTO PS_TABLE (SSNFIRST_NAMELAST_NAMEJOB_CODEDEPTSALARYDOB) WITH TEMP1 [hellip] CREATE TABLE PS_HISTORY ( FIRSTNAME VARCHAR(20) NOT NULL LASTNAME VARCHAR(20) NOT NULL JOBCODE CHAR(4) NOT NULL ) IN TS32 GRANT ALL ON ps_table TO PUBLICGRANT ALL ON ps_history TO PUBLIC
kind ConfigMapmetadata
name db2-createschema
IBM Cloud53
Deploying the Job to run the SQL
We deploy the Kubernetes job that runs the SQL on the MYDB database
$ kubectl apply ndashf single04yaml
jobbatchdb2-01-create-database-schema created
configmapdb2-createschema configured
We verify that the job has been created
$ kubectl get jobs
NAME COMPLETIONS DURATION AGE
db2-01-create-database-schema 01 0s 0s
Eventually the job completes
$ kubectl get jobs
NAME COMPLETIONS DURATION AGE
db2-01-create-database-schema 11 109s 45m
IBM Cloud54
Verifying the logs from the Job that runs the SQL on MYDBWe run a script to retrieve the logs form the job
binbash
kubectl config set-context $(kubectl config current-context) --namespace=stock-trader-data
pod=$(kubectl get pods --selector=job-name=db2-01-create-database-schema --output=jsonpath=items[]metadataname)
kubectl logs -f $pod
Output
[hellip]
DB20000I The SQL command completed successfully
GRANT ALL ON ps_table TO PUBLIC
DB20000I The SQL command completed successfully
GRANT ALL ON ps_history TO PUBLIC
DB20000I The SQL command completed successfully
Database mydb has been configured
IBM Cloud55
Deploying Data Server Manager (DSM) with the GUI
IBM Cloud56
Deploying Data Server Manager (DSM) with the GUI (2)
IBM Cloud57
Getting the URL of Data Server Manager
We need to query Kubernetes for the URL of the DSM GUI
binbash
export NODE_PORT=$(kubectl get --namespace stock-trader-data -o jsonpath=spec
ports[1]nodePort services dsm-01-ibm-dsm-dev)
export NODE_IP=$(kubectl get nodes --namespace stock-trader-data -o jsonpath=
items[0]statusaddresses[0]address)
echo https$NODE_IP$NODE_PORT
=gt https1921682710030462 (can be different on your system)
IBM Cloud58
Accessing Data Server Manager
IBM Cloud59
Data Server Manager HomepageAll Db2 OLTP instances running in the
same namespace as DSM will be auto-
discovered and monitored by DSM
IBM Cloud60
DSM Kubernetes resources (12)$ helm status dsm-01 --tlsLAST DEPLOYED Mon Sep 16 120102 2019NAMESPACE stock-trader-dataSTATUS DEPLOYED
RESOURCES==gt v1RoleBindingNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGEdsm-01-repository NodePort 1000233 ltnonegt 5000032695TCP5500032203TCP 8mdsm-01-ibm-dsm-dev NodePort 100085 ltnonegt 1108032444TCP1108130462TCP 8m
==gt v1beta1DeploymentNAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGEdsm-01-repository 1 1 1 1 8mdsm-01-ibm-dsm-dev 1 1 1 1 8m
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdsm-01-repository-76f87d47d4-dlqh4 11 Running 0 8mdsm-01-ibm-dsm-dev-b976d89bd-dflqn 22 Running 0 8m
2 RoleBindings
2 Services
1x Db2 (repodb)
1x DSM
2 Deployments
2 Pods
1 Db2 1 DSM
IBM Cloud61
DSM Kubernetes resources (22)
[hellip]==gt v1SecretNAME TYPE DATA AGEdsm-01-repository-db2-passwd Opaque 1 8mdsm-01-ibm-dsm-dev-dsm-passwd Opaque 1 8m
==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGEdsm-01-repository-data-stor Bound vol14 20Gi RWO 8mdsm-01-ibm-dsm-dev-datavolume Bound vol12 20Gi RWO 8m
==gt v1ServiceAccountNAME SECRETS AGEdsm-repodb-dsm-01-repository 1 8mdsm-dsm-01-ibm-dsm-dev 1 8m
==gt v1RoleNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
2 Secrets 1 DSM
asmin 1 Db2
instance owner
2 PVCs 1 DSM
Db2
3 Roles
IBM Cloud62
Additional Resources
IBM Cloud63
Additional Resources ndash Kubernetes Docker Helm
Kubernetes
minus httpskubernetesiodocstutorialskubernetes-basics
Kubernetes in the Enterprise eBook
minus ibmbizBdYA4i
Docker
minus httpsdocsdockercomget-started
Docker Hub
minus httpshubdockercom
Helm
minus httpshelmshdocs
IBM Cloud64
Additional Resources ndash IBM Cloud Private OpenShift
IBM Cloud Private Documentation
minus httpswwwibmcomsupportknowledgecenterenSSBS6K_320kc_welcome_containershtml
Deploy IBM Cloud Private Community Edition using Vagrant
minus httpsgithubcomIBMdeploy-ibm-cloud-privateblobmasterdocsdeploy-vagrantmd
Red Hat OpenShift Container Platform Documentation
minus httpsdocsopenshiftcomcontainer-platform41welcomeindexhtml
IBM Cloud65
Additional Resources ndash Db2 Db2Wh DSMDb2 Integration into IBM Cloud Private
minus httpsdeveloperibmcomrecipestutorialsdb2-integration-into-ibm-cloud-private
Db2 on IBM Cloud Private with Red Hat OpenShift
minus httpsdeveloperibmcomrecipestutorialsibm-db2-on-ibm-cloud-private-with-redhat-openshift
IBM Db2 Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-db2oltp-dev
IBM Data Server Manager Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-dsm-dev
Deploying Db2 Warehouse SMP using Kubernetes
minus httpswwwibmcomsupportknowledgecenterenSSCJDQcomibmswgimdashdbdocadmindeploy_kubernetes_smphtml
Deploying Db2 Warehouse SMP and MPP on IBM Cloud Pak for Data
minus httpswwwibmcomsupportknowledgecenterenSSQNUZ_210comibmicpdatadoczenadmindb-reqshtmldb-reqs__db2warehouse
IBM Cloud66
Presentation on Db2 and Docker from Db2 Aktuell 2018
IBM Cloud67
Summary
IBM Cloud68
Summary
Micro Services and Containers
Kubernetes Basics
Deploying Db2 on Kubernetes
minus Db2 OLTP Single Server
minus Db2 OLTP HADR
minus Data Server Manager (DSM)
Additional Resources
Summary
IBM Cloud69
Claus Huempel IBM Deutschland GmbH
Karl-Arnold-Platz 1a
Technical Sales Professional 40474 Duesseldorf
Hybrid Data Management Germany
Mobile +49-177-3627278
Email chuempeldeibmcom
Thank You
IBM Cloud70
IBM Cloud52
Kubernetes Job to deploy SQL (contrsquod)db2-createschemash |
binshDB2_SERVICE_NAME=$1DB2INSTANCE=$2DB2INST1_PASSWORD=$3DBNAME=$4echo Configure schema for database $DBNAME on host $DB2_SERVICE_NAMEdb2 catalog tcpip node DB2NODE remote $DB2_SERVICE_NAME server 50000db2 catalog db $DBNAME as $DBNAME at node DB2NODEdb2 terminatedb2 activate database $DBNAME user $DB2INSTANCE using $DB2INST1_PASSWORDdb2 connect to $DBNAME user $DB2INSTANCE using $DB2INST1_PASSWORDsleep 2db2 -tvmf scriptsps-bp-tbspsqlsleep 10db2 -tvmf scriptsps-tablessqlecho Database $DBNAME has been configured
ps-bp-tbspsql |CREATE BUFFERPOOL BP32K PAGESIZE 32KCREATE TABLESPACE TS32 PAGESIZE 32K BUFFERPOOL BP32K
ps-tablessql |CREATE TABLE PS_TABLE(PS_TABLE_ID INTEGER NOT NULL GENERATED ALWAYS AS IDENTITY (START WITH 100000 INCREMENT BY 5) [hellip] IN TS32INSERT INTO PS_TABLE (SSNFIRST_NAMELAST_NAMEJOB_CODEDEPTSALARYDOB) WITH TEMP1 [hellip] CREATE TABLE PS_HISTORY ( FIRSTNAME VARCHAR(20) NOT NULL LASTNAME VARCHAR(20) NOT NULL JOBCODE CHAR(4) NOT NULL ) IN TS32 GRANT ALL ON ps_table TO PUBLICGRANT ALL ON ps_history TO PUBLIC
kind ConfigMapmetadata
name db2-createschema
IBM Cloud53
Deploying the Job to run the SQL
We deploy the Kubernetes job that runs the SQL on the MYDB database
$ kubectl apply ndashf single04yaml
jobbatchdb2-01-create-database-schema created
configmapdb2-createschema configured
We verify that the job has been created
$ kubectl get jobs
NAME COMPLETIONS DURATION AGE
db2-01-create-database-schema 01 0s 0s
Eventually the job completes
$ kubectl get jobs
NAME COMPLETIONS DURATION AGE
db2-01-create-database-schema 11 109s 45m
IBM Cloud54
Verifying the logs from the Job that runs the SQL on MYDBWe run a script to retrieve the logs form the job
binbash
kubectl config set-context $(kubectl config current-context) --namespace=stock-trader-data
pod=$(kubectl get pods --selector=job-name=db2-01-create-database-schema --output=jsonpath=items[]metadataname)
kubectl logs -f $pod
Output
[hellip]
DB20000I The SQL command completed successfully
GRANT ALL ON ps_table TO PUBLIC
DB20000I The SQL command completed successfully
GRANT ALL ON ps_history TO PUBLIC
DB20000I The SQL command completed successfully
Database mydb has been configured
IBM Cloud55
Deploying Data Server Manager (DSM) with the GUI
IBM Cloud56
Deploying Data Server Manager (DSM) with the GUI (2)
IBM Cloud57
Getting the URL of Data Server Manager
We need to query Kubernetes for the URL of the DSM GUI
binbash
export NODE_PORT=$(kubectl get --namespace stock-trader-data -o jsonpath=spec
ports[1]nodePort services dsm-01-ibm-dsm-dev)
export NODE_IP=$(kubectl get nodes --namespace stock-trader-data -o jsonpath=
items[0]statusaddresses[0]address)
echo https$NODE_IP$NODE_PORT
=gt https1921682710030462 (can be different on your system)
IBM Cloud58
Accessing Data Server Manager
IBM Cloud59
Data Server Manager HomepageAll Db2 OLTP instances running in the
same namespace as DSM will be auto-
discovered and monitored by DSM
IBM Cloud60
DSM Kubernetes resources (12)$ helm status dsm-01 --tlsLAST DEPLOYED Mon Sep 16 120102 2019NAMESPACE stock-trader-dataSTATUS DEPLOYED
RESOURCES==gt v1RoleBindingNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGEdsm-01-repository NodePort 1000233 ltnonegt 5000032695TCP5500032203TCP 8mdsm-01-ibm-dsm-dev NodePort 100085 ltnonegt 1108032444TCP1108130462TCP 8m
==gt v1beta1DeploymentNAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGEdsm-01-repository 1 1 1 1 8mdsm-01-ibm-dsm-dev 1 1 1 1 8m
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdsm-01-repository-76f87d47d4-dlqh4 11 Running 0 8mdsm-01-ibm-dsm-dev-b976d89bd-dflqn 22 Running 0 8m
2 RoleBindings
2 Services
1x Db2 (repodb)
1x DSM
2 Deployments
2 Pods
1 Db2 1 DSM
IBM Cloud61
DSM Kubernetes resources (22)
[hellip]==gt v1SecretNAME TYPE DATA AGEdsm-01-repository-db2-passwd Opaque 1 8mdsm-01-ibm-dsm-dev-dsm-passwd Opaque 1 8m
==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGEdsm-01-repository-data-stor Bound vol14 20Gi RWO 8mdsm-01-ibm-dsm-dev-datavolume Bound vol12 20Gi RWO 8m
==gt v1ServiceAccountNAME SECRETS AGEdsm-repodb-dsm-01-repository 1 8mdsm-dsm-01-ibm-dsm-dev 1 8m
==gt v1RoleNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
2 Secrets 1 DSM
asmin 1 Db2
instance owner
2 PVCs 1 DSM
Db2
3 Roles
IBM Cloud62
Additional Resources
IBM Cloud63
Additional Resources ndash Kubernetes Docker Helm
Kubernetes
minus httpskubernetesiodocstutorialskubernetes-basics
Kubernetes in the Enterprise eBook
minus ibmbizBdYA4i
Docker
minus httpsdocsdockercomget-started
Docker Hub
minus httpshubdockercom
Helm
minus httpshelmshdocs
IBM Cloud64
Additional Resources ndash IBM Cloud Private OpenShift
IBM Cloud Private Documentation
minus httpswwwibmcomsupportknowledgecenterenSSBS6K_320kc_welcome_containershtml
Deploy IBM Cloud Private Community Edition using Vagrant
minus httpsgithubcomIBMdeploy-ibm-cloud-privateblobmasterdocsdeploy-vagrantmd
Red Hat OpenShift Container Platform Documentation
minus httpsdocsopenshiftcomcontainer-platform41welcomeindexhtml
IBM Cloud65
Additional Resources ndash Db2 Db2Wh DSMDb2 Integration into IBM Cloud Private
minus httpsdeveloperibmcomrecipestutorialsdb2-integration-into-ibm-cloud-private
Db2 on IBM Cloud Private with Red Hat OpenShift
minus httpsdeveloperibmcomrecipestutorialsibm-db2-on-ibm-cloud-private-with-redhat-openshift
IBM Db2 Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-db2oltp-dev
IBM Data Server Manager Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-dsm-dev
Deploying Db2 Warehouse SMP using Kubernetes
minus httpswwwibmcomsupportknowledgecenterenSSCJDQcomibmswgimdashdbdocadmindeploy_kubernetes_smphtml
Deploying Db2 Warehouse SMP and MPP on IBM Cloud Pak for Data
minus httpswwwibmcomsupportknowledgecenterenSSQNUZ_210comibmicpdatadoczenadmindb-reqshtmldb-reqs__db2warehouse
IBM Cloud66
Presentation on Db2 and Docker from Db2 Aktuell 2018
IBM Cloud67
Summary
IBM Cloud68
Summary
Micro Services and Containers
Kubernetes Basics
Deploying Db2 on Kubernetes
minus Db2 OLTP Single Server
minus Db2 OLTP HADR
minus Data Server Manager (DSM)
Additional Resources
Summary
IBM Cloud69
Claus Huempel IBM Deutschland GmbH
Karl-Arnold-Platz 1a
Technical Sales Professional 40474 Duesseldorf
Hybrid Data Management Germany
Mobile +49-177-3627278
Email chuempeldeibmcom
Thank You
IBM Cloud70
IBM Cloud53
Deploying the Job to run the SQL
We deploy the Kubernetes job that runs the SQL on the MYDB database
$ kubectl apply ndashf single04yaml
jobbatchdb2-01-create-database-schema created
configmapdb2-createschema configured
We verify that the job has been created
$ kubectl get jobs
NAME COMPLETIONS DURATION AGE
db2-01-create-database-schema 01 0s 0s
Eventually the job completes
$ kubectl get jobs
NAME COMPLETIONS DURATION AGE
db2-01-create-database-schema 11 109s 45m
IBM Cloud54
Verifying the logs from the Job that runs the SQL on MYDBWe run a script to retrieve the logs form the job
binbash
kubectl config set-context $(kubectl config current-context) --namespace=stock-trader-data
pod=$(kubectl get pods --selector=job-name=db2-01-create-database-schema --output=jsonpath=items[]metadataname)
kubectl logs -f $pod
Output
[hellip]
DB20000I The SQL command completed successfully
GRANT ALL ON ps_table TO PUBLIC
DB20000I The SQL command completed successfully
GRANT ALL ON ps_history TO PUBLIC
DB20000I The SQL command completed successfully
Database mydb has been configured
IBM Cloud55
Deploying Data Server Manager (DSM) with the GUI
IBM Cloud56
Deploying Data Server Manager (DSM) with the GUI (2)
IBM Cloud57
Getting the URL of Data Server Manager
We need to query Kubernetes for the URL of the DSM GUI
binbash
export NODE_PORT=$(kubectl get --namespace stock-trader-data -o jsonpath=spec
ports[1]nodePort services dsm-01-ibm-dsm-dev)
export NODE_IP=$(kubectl get nodes --namespace stock-trader-data -o jsonpath=
items[0]statusaddresses[0]address)
echo https$NODE_IP$NODE_PORT
=gt https1921682710030462 (can be different on your system)
IBM Cloud58
Accessing Data Server Manager
IBM Cloud59
Data Server Manager HomepageAll Db2 OLTP instances running in the
same namespace as DSM will be auto-
discovered and monitored by DSM
IBM Cloud60
DSM Kubernetes resources (12)$ helm status dsm-01 --tlsLAST DEPLOYED Mon Sep 16 120102 2019NAMESPACE stock-trader-dataSTATUS DEPLOYED
RESOURCES==gt v1RoleBindingNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGEdsm-01-repository NodePort 1000233 ltnonegt 5000032695TCP5500032203TCP 8mdsm-01-ibm-dsm-dev NodePort 100085 ltnonegt 1108032444TCP1108130462TCP 8m
==gt v1beta1DeploymentNAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGEdsm-01-repository 1 1 1 1 8mdsm-01-ibm-dsm-dev 1 1 1 1 8m
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdsm-01-repository-76f87d47d4-dlqh4 11 Running 0 8mdsm-01-ibm-dsm-dev-b976d89bd-dflqn 22 Running 0 8m
2 RoleBindings
2 Services
1x Db2 (repodb)
1x DSM
2 Deployments
2 Pods
1 Db2 1 DSM
IBM Cloud61
DSM Kubernetes resources (22)
[hellip]==gt v1SecretNAME TYPE DATA AGEdsm-01-repository-db2-passwd Opaque 1 8mdsm-01-ibm-dsm-dev-dsm-passwd Opaque 1 8m
==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGEdsm-01-repository-data-stor Bound vol14 20Gi RWO 8mdsm-01-ibm-dsm-dev-datavolume Bound vol12 20Gi RWO 8m
==gt v1ServiceAccountNAME SECRETS AGEdsm-repodb-dsm-01-repository 1 8mdsm-dsm-01-ibm-dsm-dev 1 8m
==gt v1RoleNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
2 Secrets 1 DSM
asmin 1 Db2
instance owner
2 PVCs 1 DSM
Db2
3 Roles
IBM Cloud62
Additional Resources
IBM Cloud63
Additional Resources ndash Kubernetes Docker Helm
Kubernetes
minus httpskubernetesiodocstutorialskubernetes-basics
Kubernetes in the Enterprise eBook
minus ibmbizBdYA4i
Docker
minus httpsdocsdockercomget-started
Docker Hub
minus httpshubdockercom
Helm
minus httpshelmshdocs
IBM Cloud64
Additional Resources ndash IBM Cloud Private OpenShift
IBM Cloud Private Documentation
minus httpswwwibmcomsupportknowledgecenterenSSBS6K_320kc_welcome_containershtml
Deploy IBM Cloud Private Community Edition using Vagrant
minus httpsgithubcomIBMdeploy-ibm-cloud-privateblobmasterdocsdeploy-vagrantmd
Red Hat OpenShift Container Platform Documentation
minus httpsdocsopenshiftcomcontainer-platform41welcomeindexhtml
IBM Cloud65
Additional Resources ndash Db2 Db2Wh DSMDb2 Integration into IBM Cloud Private
minus httpsdeveloperibmcomrecipestutorialsdb2-integration-into-ibm-cloud-private
Db2 on IBM Cloud Private with Red Hat OpenShift
minus httpsdeveloperibmcomrecipestutorialsibm-db2-on-ibm-cloud-private-with-redhat-openshift
IBM Db2 Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-db2oltp-dev
IBM Data Server Manager Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-dsm-dev
Deploying Db2 Warehouse SMP using Kubernetes
minus httpswwwibmcomsupportknowledgecenterenSSCJDQcomibmswgimdashdbdocadmindeploy_kubernetes_smphtml
Deploying Db2 Warehouse SMP and MPP on IBM Cloud Pak for Data
minus httpswwwibmcomsupportknowledgecenterenSSQNUZ_210comibmicpdatadoczenadmindb-reqshtmldb-reqs__db2warehouse
IBM Cloud66
Presentation on Db2 and Docker from Db2 Aktuell 2018
IBM Cloud67
Summary
IBM Cloud68
Summary
Micro Services and Containers
Kubernetes Basics
Deploying Db2 on Kubernetes
minus Db2 OLTP Single Server
minus Db2 OLTP HADR
minus Data Server Manager (DSM)
Additional Resources
Summary
IBM Cloud69
Claus Huempel IBM Deutschland GmbH
Karl-Arnold-Platz 1a
Technical Sales Professional 40474 Duesseldorf
Hybrid Data Management Germany
Mobile +49-177-3627278
Email chuempeldeibmcom
Thank You
IBM Cloud70
IBM Cloud54
Verifying the logs from the Job that runs the SQL on MYDBWe run a script to retrieve the logs form the job
binbash
kubectl config set-context $(kubectl config current-context) --namespace=stock-trader-data
pod=$(kubectl get pods --selector=job-name=db2-01-create-database-schema --output=jsonpath=items[]metadataname)
kubectl logs -f $pod
Output
[hellip]
DB20000I The SQL command completed successfully
GRANT ALL ON ps_table TO PUBLIC
DB20000I The SQL command completed successfully
GRANT ALL ON ps_history TO PUBLIC
DB20000I The SQL command completed successfully
Database mydb has been configured
IBM Cloud55
Deploying Data Server Manager (DSM) with the GUI
IBM Cloud56
Deploying Data Server Manager (DSM) with the GUI (2)
IBM Cloud57
Getting the URL of Data Server Manager
We need to query Kubernetes for the URL of the DSM GUI
binbash
export NODE_PORT=$(kubectl get --namespace stock-trader-data -o jsonpath=spec
ports[1]nodePort services dsm-01-ibm-dsm-dev)
export NODE_IP=$(kubectl get nodes --namespace stock-trader-data -o jsonpath=
items[0]statusaddresses[0]address)
echo https$NODE_IP$NODE_PORT
=gt https1921682710030462 (can be different on your system)
IBM Cloud58
Accessing Data Server Manager
IBM Cloud59
Data Server Manager HomepageAll Db2 OLTP instances running in the
same namespace as DSM will be auto-
discovered and monitored by DSM
IBM Cloud60
DSM Kubernetes resources (12)$ helm status dsm-01 --tlsLAST DEPLOYED Mon Sep 16 120102 2019NAMESPACE stock-trader-dataSTATUS DEPLOYED
RESOURCES==gt v1RoleBindingNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGEdsm-01-repository NodePort 1000233 ltnonegt 5000032695TCP5500032203TCP 8mdsm-01-ibm-dsm-dev NodePort 100085 ltnonegt 1108032444TCP1108130462TCP 8m
==gt v1beta1DeploymentNAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGEdsm-01-repository 1 1 1 1 8mdsm-01-ibm-dsm-dev 1 1 1 1 8m
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdsm-01-repository-76f87d47d4-dlqh4 11 Running 0 8mdsm-01-ibm-dsm-dev-b976d89bd-dflqn 22 Running 0 8m
2 RoleBindings
2 Services
1x Db2 (repodb)
1x DSM
2 Deployments
2 Pods
1 Db2 1 DSM
IBM Cloud61
DSM Kubernetes resources (22)
[hellip]==gt v1SecretNAME TYPE DATA AGEdsm-01-repository-db2-passwd Opaque 1 8mdsm-01-ibm-dsm-dev-dsm-passwd Opaque 1 8m
==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGEdsm-01-repository-data-stor Bound vol14 20Gi RWO 8mdsm-01-ibm-dsm-dev-datavolume Bound vol12 20Gi RWO 8m
==gt v1ServiceAccountNAME SECRETS AGEdsm-repodb-dsm-01-repository 1 8mdsm-dsm-01-ibm-dsm-dev 1 8m
==gt v1RoleNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
2 Secrets 1 DSM
asmin 1 Db2
instance owner
2 PVCs 1 DSM
Db2
3 Roles
IBM Cloud62
Additional Resources
IBM Cloud63
Additional Resources ndash Kubernetes Docker Helm
Kubernetes
minus httpskubernetesiodocstutorialskubernetes-basics
Kubernetes in the Enterprise eBook
minus ibmbizBdYA4i
Docker
minus httpsdocsdockercomget-started
Docker Hub
minus httpshubdockercom
Helm
minus httpshelmshdocs
IBM Cloud64
Additional Resources ndash IBM Cloud Private OpenShift
IBM Cloud Private Documentation
minus httpswwwibmcomsupportknowledgecenterenSSBS6K_320kc_welcome_containershtml
Deploy IBM Cloud Private Community Edition using Vagrant
minus httpsgithubcomIBMdeploy-ibm-cloud-privateblobmasterdocsdeploy-vagrantmd
Red Hat OpenShift Container Platform Documentation
minus httpsdocsopenshiftcomcontainer-platform41welcomeindexhtml
IBM Cloud65
Additional Resources ndash Db2 Db2Wh DSMDb2 Integration into IBM Cloud Private
minus httpsdeveloperibmcomrecipestutorialsdb2-integration-into-ibm-cloud-private
Db2 on IBM Cloud Private with Red Hat OpenShift
minus httpsdeveloperibmcomrecipestutorialsibm-db2-on-ibm-cloud-private-with-redhat-openshift
IBM Db2 Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-db2oltp-dev
IBM Data Server Manager Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-dsm-dev
Deploying Db2 Warehouse SMP using Kubernetes
minus httpswwwibmcomsupportknowledgecenterenSSCJDQcomibmswgimdashdbdocadmindeploy_kubernetes_smphtml
Deploying Db2 Warehouse SMP and MPP on IBM Cloud Pak for Data
minus httpswwwibmcomsupportknowledgecenterenSSQNUZ_210comibmicpdatadoczenadmindb-reqshtmldb-reqs__db2warehouse
IBM Cloud66
Presentation on Db2 and Docker from Db2 Aktuell 2018
IBM Cloud67
Summary
IBM Cloud68
Summary
Micro Services and Containers
Kubernetes Basics
Deploying Db2 on Kubernetes
minus Db2 OLTP Single Server
minus Db2 OLTP HADR
minus Data Server Manager (DSM)
Additional Resources
Summary
IBM Cloud69
Claus Huempel IBM Deutschland GmbH
Karl-Arnold-Platz 1a
Technical Sales Professional 40474 Duesseldorf
Hybrid Data Management Germany
Mobile +49-177-3627278
Email chuempeldeibmcom
Thank You
IBM Cloud70
IBM Cloud55
Deploying Data Server Manager (DSM) with the GUI
IBM Cloud56
Deploying Data Server Manager (DSM) with the GUI (2)
IBM Cloud57
Getting the URL of Data Server Manager
We need to query Kubernetes for the URL of the DSM GUI
binbash
export NODE_PORT=$(kubectl get --namespace stock-trader-data -o jsonpath=spec
ports[1]nodePort services dsm-01-ibm-dsm-dev)
export NODE_IP=$(kubectl get nodes --namespace stock-trader-data -o jsonpath=
items[0]statusaddresses[0]address)
echo https$NODE_IP$NODE_PORT
=gt https1921682710030462 (can be different on your system)
IBM Cloud58
Accessing Data Server Manager
IBM Cloud59
Data Server Manager HomepageAll Db2 OLTP instances running in the
same namespace as DSM will be auto-
discovered and monitored by DSM
IBM Cloud60
DSM Kubernetes resources (12)$ helm status dsm-01 --tlsLAST DEPLOYED Mon Sep 16 120102 2019NAMESPACE stock-trader-dataSTATUS DEPLOYED
RESOURCES==gt v1RoleBindingNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGEdsm-01-repository NodePort 1000233 ltnonegt 5000032695TCP5500032203TCP 8mdsm-01-ibm-dsm-dev NodePort 100085 ltnonegt 1108032444TCP1108130462TCP 8m
==gt v1beta1DeploymentNAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGEdsm-01-repository 1 1 1 1 8mdsm-01-ibm-dsm-dev 1 1 1 1 8m
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdsm-01-repository-76f87d47d4-dlqh4 11 Running 0 8mdsm-01-ibm-dsm-dev-b976d89bd-dflqn 22 Running 0 8m
2 RoleBindings
2 Services
1x Db2 (repodb)
1x DSM
2 Deployments
2 Pods
1 Db2 1 DSM
IBM Cloud61
DSM Kubernetes resources (22)
[hellip]==gt v1SecretNAME TYPE DATA AGEdsm-01-repository-db2-passwd Opaque 1 8mdsm-01-ibm-dsm-dev-dsm-passwd Opaque 1 8m
==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGEdsm-01-repository-data-stor Bound vol14 20Gi RWO 8mdsm-01-ibm-dsm-dev-datavolume Bound vol12 20Gi RWO 8m
==gt v1ServiceAccountNAME SECRETS AGEdsm-repodb-dsm-01-repository 1 8mdsm-dsm-01-ibm-dsm-dev 1 8m
==gt v1RoleNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
2 Secrets 1 DSM
asmin 1 Db2
instance owner
2 PVCs 1 DSM
Db2
3 Roles
IBM Cloud62
Additional Resources
IBM Cloud63
Additional Resources ndash Kubernetes Docker Helm
Kubernetes
minus httpskubernetesiodocstutorialskubernetes-basics
Kubernetes in the Enterprise eBook
minus ibmbizBdYA4i
Docker
minus httpsdocsdockercomget-started
Docker Hub
minus httpshubdockercom
Helm
minus httpshelmshdocs
IBM Cloud64
Additional Resources ndash IBM Cloud Private OpenShift
IBM Cloud Private Documentation
minus httpswwwibmcomsupportknowledgecenterenSSBS6K_320kc_welcome_containershtml
Deploy IBM Cloud Private Community Edition using Vagrant
minus httpsgithubcomIBMdeploy-ibm-cloud-privateblobmasterdocsdeploy-vagrantmd
Red Hat OpenShift Container Platform Documentation
minus httpsdocsopenshiftcomcontainer-platform41welcomeindexhtml
IBM Cloud65
Additional Resources ndash Db2 Db2Wh DSMDb2 Integration into IBM Cloud Private
minus httpsdeveloperibmcomrecipestutorialsdb2-integration-into-ibm-cloud-private
Db2 on IBM Cloud Private with Red Hat OpenShift
minus httpsdeveloperibmcomrecipestutorialsibm-db2-on-ibm-cloud-private-with-redhat-openshift
IBM Db2 Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-db2oltp-dev
IBM Data Server Manager Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-dsm-dev
Deploying Db2 Warehouse SMP using Kubernetes
minus httpswwwibmcomsupportknowledgecenterenSSCJDQcomibmswgimdashdbdocadmindeploy_kubernetes_smphtml
Deploying Db2 Warehouse SMP and MPP on IBM Cloud Pak for Data
minus httpswwwibmcomsupportknowledgecenterenSSQNUZ_210comibmicpdatadoczenadmindb-reqshtmldb-reqs__db2warehouse
IBM Cloud66
Presentation on Db2 and Docker from Db2 Aktuell 2018
IBM Cloud67
Summary
IBM Cloud68
Summary
Micro Services and Containers
Kubernetes Basics
Deploying Db2 on Kubernetes
minus Db2 OLTP Single Server
minus Db2 OLTP HADR
minus Data Server Manager (DSM)
Additional Resources
Summary
IBM Cloud69
Claus Huempel IBM Deutschland GmbH
Karl-Arnold-Platz 1a
Technical Sales Professional 40474 Duesseldorf
Hybrid Data Management Germany
Mobile +49-177-3627278
Email chuempeldeibmcom
Thank You
IBM Cloud70
IBM Cloud56
Deploying Data Server Manager (DSM) with the GUI (2)
IBM Cloud57
Getting the URL of Data Server Manager
We need to query Kubernetes for the URL of the DSM GUI
binbash
export NODE_PORT=$(kubectl get --namespace stock-trader-data -o jsonpath=spec
ports[1]nodePort services dsm-01-ibm-dsm-dev)
export NODE_IP=$(kubectl get nodes --namespace stock-trader-data -o jsonpath=
items[0]statusaddresses[0]address)
echo https$NODE_IP$NODE_PORT
=gt https1921682710030462 (can be different on your system)
IBM Cloud58
Accessing Data Server Manager
IBM Cloud59
Data Server Manager HomepageAll Db2 OLTP instances running in the
same namespace as DSM will be auto-
discovered and monitored by DSM
IBM Cloud60
DSM Kubernetes resources (12)$ helm status dsm-01 --tlsLAST DEPLOYED Mon Sep 16 120102 2019NAMESPACE stock-trader-dataSTATUS DEPLOYED
RESOURCES==gt v1RoleBindingNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGEdsm-01-repository NodePort 1000233 ltnonegt 5000032695TCP5500032203TCP 8mdsm-01-ibm-dsm-dev NodePort 100085 ltnonegt 1108032444TCP1108130462TCP 8m
==gt v1beta1DeploymentNAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGEdsm-01-repository 1 1 1 1 8mdsm-01-ibm-dsm-dev 1 1 1 1 8m
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdsm-01-repository-76f87d47d4-dlqh4 11 Running 0 8mdsm-01-ibm-dsm-dev-b976d89bd-dflqn 22 Running 0 8m
2 RoleBindings
2 Services
1x Db2 (repodb)
1x DSM
2 Deployments
2 Pods
1 Db2 1 DSM
IBM Cloud61
DSM Kubernetes resources (22)
[hellip]==gt v1SecretNAME TYPE DATA AGEdsm-01-repository-db2-passwd Opaque 1 8mdsm-01-ibm-dsm-dev-dsm-passwd Opaque 1 8m
==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGEdsm-01-repository-data-stor Bound vol14 20Gi RWO 8mdsm-01-ibm-dsm-dev-datavolume Bound vol12 20Gi RWO 8m
==gt v1ServiceAccountNAME SECRETS AGEdsm-repodb-dsm-01-repository 1 8mdsm-dsm-01-ibm-dsm-dev 1 8m
==gt v1RoleNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
2 Secrets 1 DSM
asmin 1 Db2
instance owner
2 PVCs 1 DSM
Db2
3 Roles
IBM Cloud62
Additional Resources
IBM Cloud63
Additional Resources ndash Kubernetes Docker Helm
Kubernetes
minus httpskubernetesiodocstutorialskubernetes-basics
Kubernetes in the Enterprise eBook
minus ibmbizBdYA4i
Docker
minus httpsdocsdockercomget-started
Docker Hub
minus httpshubdockercom
Helm
minus httpshelmshdocs
IBM Cloud64
Additional Resources ndash IBM Cloud Private OpenShift
IBM Cloud Private Documentation
minus httpswwwibmcomsupportknowledgecenterenSSBS6K_320kc_welcome_containershtml
Deploy IBM Cloud Private Community Edition using Vagrant
minus httpsgithubcomIBMdeploy-ibm-cloud-privateblobmasterdocsdeploy-vagrantmd
Red Hat OpenShift Container Platform Documentation
minus httpsdocsopenshiftcomcontainer-platform41welcomeindexhtml
IBM Cloud65
Additional Resources ndash Db2 Db2Wh DSMDb2 Integration into IBM Cloud Private
minus httpsdeveloperibmcomrecipestutorialsdb2-integration-into-ibm-cloud-private
Db2 on IBM Cloud Private with Red Hat OpenShift
minus httpsdeveloperibmcomrecipestutorialsibm-db2-on-ibm-cloud-private-with-redhat-openshift
IBM Db2 Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-db2oltp-dev
IBM Data Server Manager Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-dsm-dev
Deploying Db2 Warehouse SMP using Kubernetes
minus httpswwwibmcomsupportknowledgecenterenSSCJDQcomibmswgimdashdbdocadmindeploy_kubernetes_smphtml
Deploying Db2 Warehouse SMP and MPP on IBM Cloud Pak for Data
minus httpswwwibmcomsupportknowledgecenterenSSQNUZ_210comibmicpdatadoczenadmindb-reqshtmldb-reqs__db2warehouse
IBM Cloud66
Presentation on Db2 and Docker from Db2 Aktuell 2018
IBM Cloud67
Summary
IBM Cloud68
Summary
Micro Services and Containers
Kubernetes Basics
Deploying Db2 on Kubernetes
minus Db2 OLTP Single Server
minus Db2 OLTP HADR
minus Data Server Manager (DSM)
Additional Resources
Summary
IBM Cloud69
Claus Huempel IBM Deutschland GmbH
Karl-Arnold-Platz 1a
Technical Sales Professional 40474 Duesseldorf
Hybrid Data Management Germany
Mobile +49-177-3627278
Email chuempeldeibmcom
Thank You
IBM Cloud70
IBM Cloud57
Getting the URL of Data Server Manager
We need to query Kubernetes for the URL of the DSM GUI
binbash
export NODE_PORT=$(kubectl get --namespace stock-trader-data -o jsonpath=spec
ports[1]nodePort services dsm-01-ibm-dsm-dev)
export NODE_IP=$(kubectl get nodes --namespace stock-trader-data -o jsonpath=
items[0]statusaddresses[0]address)
echo https$NODE_IP$NODE_PORT
=gt https1921682710030462 (can be different on your system)
IBM Cloud58
Accessing Data Server Manager
IBM Cloud59
Data Server Manager HomepageAll Db2 OLTP instances running in the
same namespace as DSM will be auto-
discovered and monitored by DSM
IBM Cloud60
DSM Kubernetes resources (12)$ helm status dsm-01 --tlsLAST DEPLOYED Mon Sep 16 120102 2019NAMESPACE stock-trader-dataSTATUS DEPLOYED
RESOURCES==gt v1RoleBindingNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGEdsm-01-repository NodePort 1000233 ltnonegt 5000032695TCP5500032203TCP 8mdsm-01-ibm-dsm-dev NodePort 100085 ltnonegt 1108032444TCP1108130462TCP 8m
==gt v1beta1DeploymentNAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGEdsm-01-repository 1 1 1 1 8mdsm-01-ibm-dsm-dev 1 1 1 1 8m
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdsm-01-repository-76f87d47d4-dlqh4 11 Running 0 8mdsm-01-ibm-dsm-dev-b976d89bd-dflqn 22 Running 0 8m
2 RoleBindings
2 Services
1x Db2 (repodb)
1x DSM
2 Deployments
2 Pods
1 Db2 1 DSM
IBM Cloud61
DSM Kubernetes resources (22)
[hellip]==gt v1SecretNAME TYPE DATA AGEdsm-01-repository-db2-passwd Opaque 1 8mdsm-01-ibm-dsm-dev-dsm-passwd Opaque 1 8m
==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGEdsm-01-repository-data-stor Bound vol14 20Gi RWO 8mdsm-01-ibm-dsm-dev-datavolume Bound vol12 20Gi RWO 8m
==gt v1ServiceAccountNAME SECRETS AGEdsm-repodb-dsm-01-repository 1 8mdsm-dsm-01-ibm-dsm-dev 1 8m
==gt v1RoleNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
2 Secrets 1 DSM
asmin 1 Db2
instance owner
2 PVCs 1 DSM
Db2
3 Roles
IBM Cloud62
Additional Resources
IBM Cloud63
Additional Resources ndash Kubernetes Docker Helm
Kubernetes
minus httpskubernetesiodocstutorialskubernetes-basics
Kubernetes in the Enterprise eBook
minus ibmbizBdYA4i
Docker
minus httpsdocsdockercomget-started
Docker Hub
minus httpshubdockercom
Helm
minus httpshelmshdocs
IBM Cloud64
Additional Resources ndash IBM Cloud Private OpenShift
IBM Cloud Private Documentation
minus httpswwwibmcomsupportknowledgecenterenSSBS6K_320kc_welcome_containershtml
Deploy IBM Cloud Private Community Edition using Vagrant
minus httpsgithubcomIBMdeploy-ibm-cloud-privateblobmasterdocsdeploy-vagrantmd
Red Hat OpenShift Container Platform Documentation
minus httpsdocsopenshiftcomcontainer-platform41welcomeindexhtml
IBM Cloud65
Additional Resources ndash Db2 Db2Wh DSMDb2 Integration into IBM Cloud Private
minus httpsdeveloperibmcomrecipestutorialsdb2-integration-into-ibm-cloud-private
Db2 on IBM Cloud Private with Red Hat OpenShift
minus httpsdeveloperibmcomrecipestutorialsibm-db2-on-ibm-cloud-private-with-redhat-openshift
IBM Db2 Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-db2oltp-dev
IBM Data Server Manager Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-dsm-dev
Deploying Db2 Warehouse SMP using Kubernetes
minus httpswwwibmcomsupportknowledgecenterenSSCJDQcomibmswgimdashdbdocadmindeploy_kubernetes_smphtml
Deploying Db2 Warehouse SMP and MPP on IBM Cloud Pak for Data
minus httpswwwibmcomsupportknowledgecenterenSSQNUZ_210comibmicpdatadoczenadmindb-reqshtmldb-reqs__db2warehouse
IBM Cloud66
Presentation on Db2 and Docker from Db2 Aktuell 2018
IBM Cloud67
Summary
IBM Cloud68
Summary
Micro Services and Containers
Kubernetes Basics
Deploying Db2 on Kubernetes
minus Db2 OLTP Single Server
minus Db2 OLTP HADR
minus Data Server Manager (DSM)
Additional Resources
Summary
IBM Cloud69
Claus Huempel IBM Deutschland GmbH
Karl-Arnold-Platz 1a
Technical Sales Professional 40474 Duesseldorf
Hybrid Data Management Germany
Mobile +49-177-3627278
Email chuempeldeibmcom
Thank You
IBM Cloud70
IBM Cloud58
Accessing Data Server Manager
IBM Cloud59
Data Server Manager HomepageAll Db2 OLTP instances running in the
same namespace as DSM will be auto-
discovered and monitored by DSM
IBM Cloud60
DSM Kubernetes resources (12)$ helm status dsm-01 --tlsLAST DEPLOYED Mon Sep 16 120102 2019NAMESPACE stock-trader-dataSTATUS DEPLOYED
RESOURCES==gt v1RoleBindingNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGEdsm-01-repository NodePort 1000233 ltnonegt 5000032695TCP5500032203TCP 8mdsm-01-ibm-dsm-dev NodePort 100085 ltnonegt 1108032444TCP1108130462TCP 8m
==gt v1beta1DeploymentNAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGEdsm-01-repository 1 1 1 1 8mdsm-01-ibm-dsm-dev 1 1 1 1 8m
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdsm-01-repository-76f87d47d4-dlqh4 11 Running 0 8mdsm-01-ibm-dsm-dev-b976d89bd-dflqn 22 Running 0 8m
2 RoleBindings
2 Services
1x Db2 (repodb)
1x DSM
2 Deployments
2 Pods
1 Db2 1 DSM
IBM Cloud61
DSM Kubernetes resources (22)
[hellip]==gt v1SecretNAME TYPE DATA AGEdsm-01-repository-db2-passwd Opaque 1 8mdsm-01-ibm-dsm-dev-dsm-passwd Opaque 1 8m
==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGEdsm-01-repository-data-stor Bound vol14 20Gi RWO 8mdsm-01-ibm-dsm-dev-datavolume Bound vol12 20Gi RWO 8m
==gt v1ServiceAccountNAME SECRETS AGEdsm-repodb-dsm-01-repository 1 8mdsm-dsm-01-ibm-dsm-dev 1 8m
==gt v1RoleNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
2 Secrets 1 DSM
asmin 1 Db2
instance owner
2 PVCs 1 DSM
Db2
3 Roles
IBM Cloud62
Additional Resources
IBM Cloud63
Additional Resources ndash Kubernetes Docker Helm
Kubernetes
minus httpskubernetesiodocstutorialskubernetes-basics
Kubernetes in the Enterprise eBook
minus ibmbizBdYA4i
Docker
minus httpsdocsdockercomget-started
Docker Hub
minus httpshubdockercom
Helm
minus httpshelmshdocs
IBM Cloud64
Additional Resources ndash IBM Cloud Private OpenShift
IBM Cloud Private Documentation
minus httpswwwibmcomsupportknowledgecenterenSSBS6K_320kc_welcome_containershtml
Deploy IBM Cloud Private Community Edition using Vagrant
minus httpsgithubcomIBMdeploy-ibm-cloud-privateblobmasterdocsdeploy-vagrantmd
Red Hat OpenShift Container Platform Documentation
minus httpsdocsopenshiftcomcontainer-platform41welcomeindexhtml
IBM Cloud65
Additional Resources ndash Db2 Db2Wh DSMDb2 Integration into IBM Cloud Private
minus httpsdeveloperibmcomrecipestutorialsdb2-integration-into-ibm-cloud-private
Db2 on IBM Cloud Private with Red Hat OpenShift
minus httpsdeveloperibmcomrecipestutorialsibm-db2-on-ibm-cloud-private-with-redhat-openshift
IBM Db2 Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-db2oltp-dev
IBM Data Server Manager Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-dsm-dev
Deploying Db2 Warehouse SMP using Kubernetes
minus httpswwwibmcomsupportknowledgecenterenSSCJDQcomibmswgimdashdbdocadmindeploy_kubernetes_smphtml
Deploying Db2 Warehouse SMP and MPP on IBM Cloud Pak for Data
minus httpswwwibmcomsupportknowledgecenterenSSQNUZ_210comibmicpdatadoczenadmindb-reqshtmldb-reqs__db2warehouse
IBM Cloud66
Presentation on Db2 and Docker from Db2 Aktuell 2018
IBM Cloud67
Summary
IBM Cloud68
Summary
Micro Services and Containers
Kubernetes Basics
Deploying Db2 on Kubernetes
minus Db2 OLTP Single Server
minus Db2 OLTP HADR
minus Data Server Manager (DSM)
Additional Resources
Summary
IBM Cloud69
Claus Huempel IBM Deutschland GmbH
Karl-Arnold-Platz 1a
Technical Sales Professional 40474 Duesseldorf
Hybrid Data Management Germany
Mobile +49-177-3627278
Email chuempeldeibmcom
Thank You
IBM Cloud70
IBM Cloud59
Data Server Manager HomepageAll Db2 OLTP instances running in the
same namespace as DSM will be auto-
discovered and monitored by DSM
IBM Cloud60
DSM Kubernetes resources (12)$ helm status dsm-01 --tlsLAST DEPLOYED Mon Sep 16 120102 2019NAMESPACE stock-trader-dataSTATUS DEPLOYED
RESOURCES==gt v1RoleBindingNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGEdsm-01-repository NodePort 1000233 ltnonegt 5000032695TCP5500032203TCP 8mdsm-01-ibm-dsm-dev NodePort 100085 ltnonegt 1108032444TCP1108130462TCP 8m
==gt v1beta1DeploymentNAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGEdsm-01-repository 1 1 1 1 8mdsm-01-ibm-dsm-dev 1 1 1 1 8m
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdsm-01-repository-76f87d47d4-dlqh4 11 Running 0 8mdsm-01-ibm-dsm-dev-b976d89bd-dflqn 22 Running 0 8m
2 RoleBindings
2 Services
1x Db2 (repodb)
1x DSM
2 Deployments
2 Pods
1 Db2 1 DSM
IBM Cloud61
DSM Kubernetes resources (22)
[hellip]==gt v1SecretNAME TYPE DATA AGEdsm-01-repository-db2-passwd Opaque 1 8mdsm-01-ibm-dsm-dev-dsm-passwd Opaque 1 8m
==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGEdsm-01-repository-data-stor Bound vol14 20Gi RWO 8mdsm-01-ibm-dsm-dev-datavolume Bound vol12 20Gi RWO 8m
==gt v1ServiceAccountNAME SECRETS AGEdsm-repodb-dsm-01-repository 1 8mdsm-dsm-01-ibm-dsm-dev 1 8m
==gt v1RoleNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
2 Secrets 1 DSM
asmin 1 Db2
instance owner
2 PVCs 1 DSM
Db2
3 Roles
IBM Cloud62
Additional Resources
IBM Cloud63
Additional Resources ndash Kubernetes Docker Helm
Kubernetes
minus httpskubernetesiodocstutorialskubernetes-basics
Kubernetes in the Enterprise eBook
minus ibmbizBdYA4i
Docker
minus httpsdocsdockercomget-started
Docker Hub
minus httpshubdockercom
Helm
minus httpshelmshdocs
IBM Cloud64
Additional Resources ndash IBM Cloud Private OpenShift
IBM Cloud Private Documentation
minus httpswwwibmcomsupportknowledgecenterenSSBS6K_320kc_welcome_containershtml
Deploy IBM Cloud Private Community Edition using Vagrant
minus httpsgithubcomIBMdeploy-ibm-cloud-privateblobmasterdocsdeploy-vagrantmd
Red Hat OpenShift Container Platform Documentation
minus httpsdocsopenshiftcomcontainer-platform41welcomeindexhtml
IBM Cloud65
Additional Resources ndash Db2 Db2Wh DSMDb2 Integration into IBM Cloud Private
minus httpsdeveloperibmcomrecipestutorialsdb2-integration-into-ibm-cloud-private
Db2 on IBM Cloud Private with Red Hat OpenShift
minus httpsdeveloperibmcomrecipestutorialsibm-db2-on-ibm-cloud-private-with-redhat-openshift
IBM Db2 Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-db2oltp-dev
IBM Data Server Manager Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-dsm-dev
Deploying Db2 Warehouse SMP using Kubernetes
minus httpswwwibmcomsupportknowledgecenterenSSCJDQcomibmswgimdashdbdocadmindeploy_kubernetes_smphtml
Deploying Db2 Warehouse SMP and MPP on IBM Cloud Pak for Data
minus httpswwwibmcomsupportknowledgecenterenSSQNUZ_210comibmicpdatadoczenadmindb-reqshtmldb-reqs__db2warehouse
IBM Cloud66
Presentation on Db2 and Docker from Db2 Aktuell 2018
IBM Cloud67
Summary
IBM Cloud68
Summary
Micro Services and Containers
Kubernetes Basics
Deploying Db2 on Kubernetes
minus Db2 OLTP Single Server
minus Db2 OLTP HADR
minus Data Server Manager (DSM)
Additional Resources
Summary
IBM Cloud69
Claus Huempel IBM Deutschland GmbH
Karl-Arnold-Platz 1a
Technical Sales Professional 40474 Duesseldorf
Hybrid Data Management Germany
Mobile +49-177-3627278
Email chuempeldeibmcom
Thank You
IBM Cloud70
IBM Cloud60
DSM Kubernetes resources (12)$ helm status dsm-01 --tlsLAST DEPLOYED Mon Sep 16 120102 2019NAMESPACE stock-trader-dataSTATUS DEPLOYED
RESOURCES==gt v1RoleBindingNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
==gt v1ServiceNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGEdsm-01-repository NodePort 1000233 ltnonegt 5000032695TCP5500032203TCP 8mdsm-01-ibm-dsm-dev NodePort 100085 ltnonegt 1108032444TCP1108130462TCP 8m
==gt v1beta1DeploymentNAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGEdsm-01-repository 1 1 1 1 8mdsm-01-ibm-dsm-dev 1 1 1 1 8m
==gt v1Pod(related)NAME READY STATUS RESTARTS AGEdsm-01-repository-76f87d47d4-dlqh4 11 Running 0 8mdsm-01-ibm-dsm-dev-b976d89bd-dflqn 22 Running 0 8m
2 RoleBindings
2 Services
1x Db2 (repodb)
1x DSM
2 Deployments
2 Pods
1 Db2 1 DSM
IBM Cloud61
DSM Kubernetes resources (22)
[hellip]==gt v1SecretNAME TYPE DATA AGEdsm-01-repository-db2-passwd Opaque 1 8mdsm-01-ibm-dsm-dev-dsm-passwd Opaque 1 8m
==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGEdsm-01-repository-data-stor Bound vol14 20Gi RWO 8mdsm-01-ibm-dsm-dev-datavolume Bound vol12 20Gi RWO 8m
==gt v1ServiceAccountNAME SECRETS AGEdsm-repodb-dsm-01-repository 1 8mdsm-dsm-01-ibm-dsm-dev 1 8m
==gt v1RoleNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
2 Secrets 1 DSM
asmin 1 Db2
instance owner
2 PVCs 1 DSM
Db2
3 Roles
IBM Cloud62
Additional Resources
IBM Cloud63
Additional Resources ndash Kubernetes Docker Helm
Kubernetes
minus httpskubernetesiodocstutorialskubernetes-basics
Kubernetes in the Enterprise eBook
minus ibmbizBdYA4i
Docker
minus httpsdocsdockercomget-started
Docker Hub
minus httpshubdockercom
Helm
minus httpshelmshdocs
IBM Cloud64
Additional Resources ndash IBM Cloud Private OpenShift
IBM Cloud Private Documentation
minus httpswwwibmcomsupportknowledgecenterenSSBS6K_320kc_welcome_containershtml
Deploy IBM Cloud Private Community Edition using Vagrant
minus httpsgithubcomIBMdeploy-ibm-cloud-privateblobmasterdocsdeploy-vagrantmd
Red Hat OpenShift Container Platform Documentation
minus httpsdocsopenshiftcomcontainer-platform41welcomeindexhtml
IBM Cloud65
Additional Resources ndash Db2 Db2Wh DSMDb2 Integration into IBM Cloud Private
minus httpsdeveloperibmcomrecipestutorialsdb2-integration-into-ibm-cloud-private
Db2 on IBM Cloud Private with Red Hat OpenShift
minus httpsdeveloperibmcomrecipestutorialsibm-db2-on-ibm-cloud-private-with-redhat-openshift
IBM Db2 Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-db2oltp-dev
IBM Data Server Manager Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-dsm-dev
Deploying Db2 Warehouse SMP using Kubernetes
minus httpswwwibmcomsupportknowledgecenterenSSCJDQcomibmswgimdashdbdocadmindeploy_kubernetes_smphtml
Deploying Db2 Warehouse SMP and MPP on IBM Cloud Pak for Data
minus httpswwwibmcomsupportknowledgecenterenSSQNUZ_210comibmicpdatadoczenadmindb-reqshtmldb-reqs__db2warehouse
IBM Cloud66
Presentation on Db2 and Docker from Db2 Aktuell 2018
IBM Cloud67
Summary
IBM Cloud68
Summary
Micro Services and Containers
Kubernetes Basics
Deploying Db2 on Kubernetes
minus Db2 OLTP Single Server
minus Db2 OLTP HADR
minus Data Server Manager (DSM)
Additional Resources
Summary
IBM Cloud69
Claus Huempel IBM Deutschland GmbH
Karl-Arnold-Platz 1a
Technical Sales Professional 40474 Duesseldorf
Hybrid Data Management Germany
Mobile +49-177-3627278
Email chuempeldeibmcom
Thank You
IBM Cloud70
IBM Cloud61
DSM Kubernetes resources (22)
[hellip]==gt v1SecretNAME TYPE DATA AGEdsm-01-repository-db2-passwd Opaque 1 8mdsm-01-ibm-dsm-dev-dsm-passwd Opaque 1 8m
==gt v1PersistentVolumeClaimNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGEdsm-01-repository-data-stor Bound vol14 20Gi RWO 8mdsm-01-ibm-dsm-dev-datavolume Bound vol12 20Gi RWO 8m
==gt v1ServiceAccountNAME SECRETS AGEdsm-repodb-dsm-01-repository 1 8mdsm-dsm-01-ibm-dsm-dev 1 8m
==gt v1RoleNAME AGEdsm-repodb-dsm-01-repository 8mdsm-stock-trader-data-dsm-01-ibm-dsm-dev 8mdsm-dsm-01-ibm-dsm-dev 8m
2 Secrets 1 DSM
asmin 1 Db2
instance owner
2 PVCs 1 DSM
Db2
3 Roles
IBM Cloud62
Additional Resources
IBM Cloud63
Additional Resources ndash Kubernetes Docker Helm
Kubernetes
minus httpskubernetesiodocstutorialskubernetes-basics
Kubernetes in the Enterprise eBook
minus ibmbizBdYA4i
Docker
minus httpsdocsdockercomget-started
Docker Hub
minus httpshubdockercom
Helm
minus httpshelmshdocs
IBM Cloud64
Additional Resources ndash IBM Cloud Private OpenShift
IBM Cloud Private Documentation
minus httpswwwibmcomsupportknowledgecenterenSSBS6K_320kc_welcome_containershtml
Deploy IBM Cloud Private Community Edition using Vagrant
minus httpsgithubcomIBMdeploy-ibm-cloud-privateblobmasterdocsdeploy-vagrantmd
Red Hat OpenShift Container Platform Documentation
minus httpsdocsopenshiftcomcontainer-platform41welcomeindexhtml
IBM Cloud65
Additional Resources ndash Db2 Db2Wh DSMDb2 Integration into IBM Cloud Private
minus httpsdeveloperibmcomrecipestutorialsdb2-integration-into-ibm-cloud-private
Db2 on IBM Cloud Private with Red Hat OpenShift
minus httpsdeveloperibmcomrecipestutorialsibm-db2-on-ibm-cloud-private-with-redhat-openshift
IBM Db2 Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-db2oltp-dev
IBM Data Server Manager Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-dsm-dev
Deploying Db2 Warehouse SMP using Kubernetes
minus httpswwwibmcomsupportknowledgecenterenSSCJDQcomibmswgimdashdbdocadmindeploy_kubernetes_smphtml
Deploying Db2 Warehouse SMP and MPP on IBM Cloud Pak for Data
minus httpswwwibmcomsupportknowledgecenterenSSQNUZ_210comibmicpdatadoczenadmindb-reqshtmldb-reqs__db2warehouse
IBM Cloud66
Presentation on Db2 and Docker from Db2 Aktuell 2018
IBM Cloud67
Summary
IBM Cloud68
Summary
Micro Services and Containers
Kubernetes Basics
Deploying Db2 on Kubernetes
minus Db2 OLTP Single Server
minus Db2 OLTP HADR
minus Data Server Manager (DSM)
Additional Resources
Summary
IBM Cloud69
Claus Huempel IBM Deutschland GmbH
Karl-Arnold-Platz 1a
Technical Sales Professional 40474 Duesseldorf
Hybrid Data Management Germany
Mobile +49-177-3627278
Email chuempeldeibmcom
Thank You
IBM Cloud70
IBM Cloud62
Additional Resources
IBM Cloud63
Additional Resources ndash Kubernetes Docker Helm
Kubernetes
minus httpskubernetesiodocstutorialskubernetes-basics
Kubernetes in the Enterprise eBook
minus ibmbizBdYA4i
Docker
minus httpsdocsdockercomget-started
Docker Hub
minus httpshubdockercom
Helm
minus httpshelmshdocs
IBM Cloud64
Additional Resources ndash IBM Cloud Private OpenShift
IBM Cloud Private Documentation
minus httpswwwibmcomsupportknowledgecenterenSSBS6K_320kc_welcome_containershtml
Deploy IBM Cloud Private Community Edition using Vagrant
minus httpsgithubcomIBMdeploy-ibm-cloud-privateblobmasterdocsdeploy-vagrantmd
Red Hat OpenShift Container Platform Documentation
minus httpsdocsopenshiftcomcontainer-platform41welcomeindexhtml
IBM Cloud65
Additional Resources ndash Db2 Db2Wh DSMDb2 Integration into IBM Cloud Private
minus httpsdeveloperibmcomrecipestutorialsdb2-integration-into-ibm-cloud-private
Db2 on IBM Cloud Private with Red Hat OpenShift
minus httpsdeveloperibmcomrecipestutorialsibm-db2-on-ibm-cloud-private-with-redhat-openshift
IBM Db2 Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-db2oltp-dev
IBM Data Server Manager Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-dsm-dev
Deploying Db2 Warehouse SMP using Kubernetes
minus httpswwwibmcomsupportknowledgecenterenSSCJDQcomibmswgimdashdbdocadmindeploy_kubernetes_smphtml
Deploying Db2 Warehouse SMP and MPP on IBM Cloud Pak for Data
minus httpswwwibmcomsupportknowledgecenterenSSQNUZ_210comibmicpdatadoczenadmindb-reqshtmldb-reqs__db2warehouse
IBM Cloud66
Presentation on Db2 and Docker from Db2 Aktuell 2018
IBM Cloud67
Summary
IBM Cloud68
Summary
Micro Services and Containers
Kubernetes Basics
Deploying Db2 on Kubernetes
minus Db2 OLTP Single Server
minus Db2 OLTP HADR
minus Data Server Manager (DSM)
Additional Resources
Summary
IBM Cloud69
Claus Huempel IBM Deutschland GmbH
Karl-Arnold-Platz 1a
Technical Sales Professional 40474 Duesseldorf
Hybrid Data Management Germany
Mobile +49-177-3627278
Email chuempeldeibmcom
Thank You
IBM Cloud70
IBM Cloud63
Additional Resources ndash Kubernetes Docker Helm
Kubernetes
minus httpskubernetesiodocstutorialskubernetes-basics
Kubernetes in the Enterprise eBook
minus ibmbizBdYA4i
Docker
minus httpsdocsdockercomget-started
Docker Hub
minus httpshubdockercom
Helm
minus httpshelmshdocs
IBM Cloud64
Additional Resources ndash IBM Cloud Private OpenShift
IBM Cloud Private Documentation
minus httpswwwibmcomsupportknowledgecenterenSSBS6K_320kc_welcome_containershtml
Deploy IBM Cloud Private Community Edition using Vagrant
minus httpsgithubcomIBMdeploy-ibm-cloud-privateblobmasterdocsdeploy-vagrantmd
Red Hat OpenShift Container Platform Documentation
minus httpsdocsopenshiftcomcontainer-platform41welcomeindexhtml
IBM Cloud65
Additional Resources ndash Db2 Db2Wh DSMDb2 Integration into IBM Cloud Private
minus httpsdeveloperibmcomrecipestutorialsdb2-integration-into-ibm-cloud-private
Db2 on IBM Cloud Private with Red Hat OpenShift
minus httpsdeveloperibmcomrecipestutorialsibm-db2-on-ibm-cloud-private-with-redhat-openshift
IBM Db2 Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-db2oltp-dev
IBM Data Server Manager Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-dsm-dev
Deploying Db2 Warehouse SMP using Kubernetes
minus httpswwwibmcomsupportknowledgecenterenSSCJDQcomibmswgimdashdbdocadmindeploy_kubernetes_smphtml
Deploying Db2 Warehouse SMP and MPP on IBM Cloud Pak for Data
minus httpswwwibmcomsupportknowledgecenterenSSQNUZ_210comibmicpdatadoczenadmindb-reqshtmldb-reqs__db2warehouse
IBM Cloud66
Presentation on Db2 and Docker from Db2 Aktuell 2018
IBM Cloud67
Summary
IBM Cloud68
Summary
Micro Services and Containers
Kubernetes Basics
Deploying Db2 on Kubernetes
minus Db2 OLTP Single Server
minus Db2 OLTP HADR
minus Data Server Manager (DSM)
Additional Resources
Summary
IBM Cloud69
Claus Huempel IBM Deutschland GmbH
Karl-Arnold-Platz 1a
Technical Sales Professional 40474 Duesseldorf
Hybrid Data Management Germany
Mobile +49-177-3627278
Email chuempeldeibmcom
Thank You
IBM Cloud70
IBM Cloud64
Additional Resources ndash IBM Cloud Private OpenShift
IBM Cloud Private Documentation
minus httpswwwibmcomsupportknowledgecenterenSSBS6K_320kc_welcome_containershtml
Deploy IBM Cloud Private Community Edition using Vagrant
minus httpsgithubcomIBMdeploy-ibm-cloud-privateblobmasterdocsdeploy-vagrantmd
Red Hat OpenShift Container Platform Documentation
minus httpsdocsopenshiftcomcontainer-platform41welcomeindexhtml
IBM Cloud65
Additional Resources ndash Db2 Db2Wh DSMDb2 Integration into IBM Cloud Private
minus httpsdeveloperibmcomrecipestutorialsdb2-integration-into-ibm-cloud-private
Db2 on IBM Cloud Private with Red Hat OpenShift
minus httpsdeveloperibmcomrecipestutorialsibm-db2-on-ibm-cloud-private-with-redhat-openshift
IBM Db2 Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-db2oltp-dev
IBM Data Server Manager Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-dsm-dev
Deploying Db2 Warehouse SMP using Kubernetes
minus httpswwwibmcomsupportknowledgecenterenSSCJDQcomibmswgimdashdbdocadmindeploy_kubernetes_smphtml
Deploying Db2 Warehouse SMP and MPP on IBM Cloud Pak for Data
minus httpswwwibmcomsupportknowledgecenterenSSQNUZ_210comibmicpdatadoczenadmindb-reqshtmldb-reqs__db2warehouse
IBM Cloud66
Presentation on Db2 and Docker from Db2 Aktuell 2018
IBM Cloud67
Summary
IBM Cloud68
Summary
Micro Services and Containers
Kubernetes Basics
Deploying Db2 on Kubernetes
minus Db2 OLTP Single Server
minus Db2 OLTP HADR
minus Data Server Manager (DSM)
Additional Resources
Summary
IBM Cloud69
Claus Huempel IBM Deutschland GmbH
Karl-Arnold-Platz 1a
Technical Sales Professional 40474 Duesseldorf
Hybrid Data Management Germany
Mobile +49-177-3627278
Email chuempeldeibmcom
Thank You
IBM Cloud70
IBM Cloud65
Additional Resources ndash Db2 Db2Wh DSMDb2 Integration into IBM Cloud Private
minus httpsdeveloperibmcomrecipestutorialsdb2-integration-into-ibm-cloud-private
Db2 on IBM Cloud Private with Red Hat OpenShift
minus httpsdeveloperibmcomrecipestutorialsibm-db2-on-ibm-cloud-private-with-redhat-openshift
IBM Db2 Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-db2oltp-dev
IBM Data Server Manager Developer-C Edition Helm Chart
minus httpsgithubcomIBMchartstreemasterstableibm-dsm-dev
Deploying Db2 Warehouse SMP using Kubernetes
minus httpswwwibmcomsupportknowledgecenterenSSCJDQcomibmswgimdashdbdocadmindeploy_kubernetes_smphtml
Deploying Db2 Warehouse SMP and MPP on IBM Cloud Pak for Data
minus httpswwwibmcomsupportknowledgecenterenSSQNUZ_210comibmicpdatadoczenadmindb-reqshtmldb-reqs__db2warehouse
IBM Cloud66
Presentation on Db2 and Docker from Db2 Aktuell 2018
IBM Cloud67
Summary
IBM Cloud68
Summary
Micro Services and Containers
Kubernetes Basics
Deploying Db2 on Kubernetes
minus Db2 OLTP Single Server
minus Db2 OLTP HADR
minus Data Server Manager (DSM)
Additional Resources
Summary
IBM Cloud69
Claus Huempel IBM Deutschland GmbH
Karl-Arnold-Platz 1a
Technical Sales Professional 40474 Duesseldorf
Hybrid Data Management Germany
Mobile +49-177-3627278
Email chuempeldeibmcom
Thank You
IBM Cloud70
IBM Cloud66
Presentation on Db2 and Docker from Db2 Aktuell 2018
IBM Cloud67
Summary
IBM Cloud68
Summary
Micro Services and Containers
Kubernetes Basics
Deploying Db2 on Kubernetes
minus Db2 OLTP Single Server
minus Db2 OLTP HADR
minus Data Server Manager (DSM)
Additional Resources
Summary
IBM Cloud69
Claus Huempel IBM Deutschland GmbH
Karl-Arnold-Platz 1a
Technical Sales Professional 40474 Duesseldorf
Hybrid Data Management Germany
Mobile +49-177-3627278
Email chuempeldeibmcom
Thank You
IBM Cloud70
IBM Cloud67
Summary
IBM Cloud68
Summary
Micro Services and Containers
Kubernetes Basics
Deploying Db2 on Kubernetes
minus Db2 OLTP Single Server
minus Db2 OLTP HADR
minus Data Server Manager (DSM)
Additional Resources
Summary
IBM Cloud69
Claus Huempel IBM Deutschland GmbH
Karl-Arnold-Platz 1a
Technical Sales Professional 40474 Duesseldorf
Hybrid Data Management Germany
Mobile +49-177-3627278
Email chuempeldeibmcom
Thank You
IBM Cloud70
IBM Cloud68
Summary
Micro Services and Containers
Kubernetes Basics
Deploying Db2 on Kubernetes
minus Db2 OLTP Single Server
minus Db2 OLTP HADR
minus Data Server Manager (DSM)
Additional Resources
Summary
IBM Cloud69
Claus Huempel IBM Deutschland GmbH
Karl-Arnold-Platz 1a
Technical Sales Professional 40474 Duesseldorf
Hybrid Data Management Germany
Mobile +49-177-3627278
Email chuempeldeibmcom
Thank You
IBM Cloud70
IBM Cloud69
Claus Huempel IBM Deutschland GmbH
Karl-Arnold-Platz 1a
Technical Sales Professional 40474 Duesseldorf
Hybrid Data Management Germany
Mobile +49-177-3627278
Email chuempeldeibmcom
Thank You
IBM Cloud70
IBM Cloud70