zCX Foundation for OpenShift Modernization Guide

zCX Foundation for OpenShift allows you to deploy Red Hat OpenShift containers on z/OS. It provides a dedicated z/OS address space for running OpenShift workloads, enabling integration with z/OS resources and capabilities.

zCX Foundation for OpenShift is similar to z/OS Container Extensions (zCX) but is specifically designed for OpenShift containers. zCX supports Docker containers, while zCX Foundation for OpenShift supports OpenShift containers.

zCX Foundation for OpenShift uses standard OpenShift commands and interfaces for managing containers. Configuration files are primarily OpenShift YAML files for defining deployments, services, and other resources.

zCX Foundation for OpenShift leverages z/OS capabilities for resource management, security, and high availability. It integrates with z/OS workload manager (WLM) for resource allocation and monitoring.

Common operations include deploying OpenShift applications using `oc apply -f `, managing pods with `oc get pods`, and viewing logs with `oc logs `. Configuration is managed through YAML files.

zCX Foundation for OpenShift exposes the standard OpenShift API, which is a REST API. You can interact with it using `oc` command-line tool or any Kubernetes-compatible client. API endpoints follow the Kubernetes API patterns, such as `/api/v1/pods`.

The main system components include the OpenShift control plane, compute nodes running within z/OS address spaces, and the container runtime. Communication between components uses standard Kubernetes protocols, such as gRPC and HTTP/2.

zCX Foundation for OpenShift uses z/OS Security Server (RACF, ACF2, or Top Secret) for authentication and authorization. It supports role-based access control (RBAC) for managing permissions within the OpenShift environment.

zCX Foundation for OpenShift enables you to run containerized applications on z/OS, leveraging the platform's reliability, security, and performance. This allows you to modernize applications while maintaining z/OS qualities of service.

By running OpenShift on z/OS, you can consolidate workloads and reduce infrastructure costs. zCX Foundation for OpenShift allows you to leverage existing z/OS resources and skills.

zCX Foundation for OpenShift allows you to integrate containerized applications with existing z/OS applications and data. This enables you to create hybrid applications that leverage the strengths of both environments.

zCX Foundation for OpenShift integrates with z/OS Security Server (RACF, ACF2, or Top Secret) for authentication. It also supports standard OpenShift authentication methods, such as OAuth 2.0 and OpenID Connect.

zCX Foundation for OpenShift uses role-based access control (RBAC) to manage permissions. You can define roles and assign them to users or groups to control access to resources.

Data in transit is encrypted using TLS. Data at rest can be encrypted using z/OS encryption facilities. OpenShift secrets are used to manage sensitive information.

zCX Foundation for OpenShift logs security-related events to z/OS System Management Facilities (SMF). These logs can be used for auditing and compliance purposes.

zCX Foundation for OpenShift provides a command-line interface (CLI) and a web console for administration. The CLI is based on the `oc` command-line tool. The web console is the standard OpenShift web console.

User management is handled through z/OS Security Server (RACF, ACF2, or Top Secret) and OpenShift's identity providers. You can integrate with existing identity management systems.

Key configuration parameters include network settings, resource limits, and security policies. These parameters are configured through OpenShift YAML files and z/OS parmlib members.

zCX Foundation for OpenShift provides monitoring and logging capabilities through OpenShift's built-in tools, such as Prometheus and Elasticsearch. You can also integrate with z/OS monitoring tools, such as IBM Z Monitoring Suite.