state of containers in openstack
TRANSCRIPT
State of Containers in OpenstackMadhuri KumariIntel
Agenda• Containers vs VMs• Why Containers?• Containers on Openstack• Openstack Components
– Nova-docker– Heat Docker– Magnum– Murano– Zun– Solum
• Other Container Focused Components– Kolla– Kuryr
Containers vs VMs
Containers vs VMsContainers VMs
Principle Lightweight, high packing density, with fewer resources to achieve rapid deployment, migrate easily.
Isolated, Hardware virtualization, large, performance overhead, migrate easily.
Resource Usage Efficient sharing of resources. Take up more resources.
Flexibility & Security
Less appropriate for multi-tenant environments, because of potential security risks.
Fully isolated from one another and malware, application crashes and other problems impact only the affected VM.
Use cases Web servers, micro-services VMs may contain other enterprise workloads such as database, ERP, CRM, email server, media server, web server or other business applications.
Why Containers?
WHY NOT??
Containers in Openstack• OpenStack is above all an integration engine, bringing
various technologies together through common APIs. Therefore, containers have naturally been plugged into several existing projects and will find their way into other areas as well.
Openstack Containers ProjectNova-docker
A Docker hypervisor driver for Nova Compute to treat containers and images as the same type of resource as virtual machines.
Heat Docker
A plugin template fororchestrating Docker resources on top of OpenStack resources. Allows access to full Docker API.
Murano
Provides an application catalog of containerized applications that can be deployed to an OpenStackcloud.
Magnum
Provides an API to manage multitenant containers infrastructure leveraging Heat, Nova, and Neutron.
Zun
Container service for OpenStack. Provides API(s) for launching and managing containers backed by different container technologies.
Solum
An OpenStack project designed to make cloud services easier to consume and integrate into your application development process.
Nova-docker• Drivers for OpenStack Nova• Use Nova API to access containers• Interface with container backend (i.e. Docker
daemon, libvirt-lxc)• Fetch container images from Glance
Nova-docker Practice
• nova.conf: compute_driver=novadocker.virt.docker.DockerDriver
• glance-api.conf: container_formats=ami,ari,aki,bare,ovf,ova,docker
• docker save busybox | openstack image create busybox --public --container-format docker --disk-format raw
• nova boot --flavor m1.small --image busybox --key-name mykey test1
Heat Docker• Provide a Heat resource type for Docker.• Need to specify docker endpoint• Can orchestrate docker containers with other Heat
resources
Heat Practice• Heat
• Install heat-docker plugin
• Docker.ymlheat_template_version: 2013-05-23description: Test templateresources: apache: type: DockerInc::Docker::Container properties: image: marouen/apache port_specs: - 80 docker_endpoint: http://host:2375
• heat stack-create -f docker.yaml docker-stack
Magnum• Founded at the end of 2014• Integrates various container orchestration engine (COE).• Leverage other Openstack components lie Heat, Nova,
Neutron, Cinder etc• Manages infrastructure for running containers on
Openstack.• Runs containers under VM/baremetal• COE: Swarm, kubernetes, Mesos
Magnum Architecture
Magnum Practice
• magnum baymodel-create --name k8sbaymodel --image-id fedora-atomic-latest --keypair-id testkey --external-network-id public --flavor-id m1.small --docker-volume-size 5 --network-driver flannel --coe kubernetes
• magnum bay-create --name k8sbay --baymodel k8sbaymodel• magnum ca-sign --bay k8sbay --csr client.csr > client.crt• magnum ca-show --bay k8sbay > ca.crt
Murano• Application catalog to Openstack.• Provide a variety of applications and services, publishing
and lifecycle management , and provide UI and API. The application is defined as anything YAQL language templates defined application.
Murano UI
Zun• Zun (Higgins) is a Container service for OpenStack.• Aim to provide OpenStack API(s) for launching and
managing containers backed by different container technologies.
• Container runtimes: Docker, Rkt, Clear Conainer, etc.• COEs: Kubernetes, Docker Swarm, etc.
Zun• One platform for containers/VMs/baremetals• Neutron• Cinder• Glance• Horizon• Nova• ...
Images Container/VM/
BaremetalGlance
Neutron Cinder
HorizonNova
NetworksVolumes
UI
Provisions
Solum• Solum is an application lifecycle management system which
allows you to deploy your applications starting from the source code onto Openstack cloud.
• For developers, Solum provides an easy-to-use platform for building, testing, and deploying applications on OpenStack clouds
• For operators, Solum provides ability to make their OpenStack cloud more useful to their application developers by enabling CI/CD capabilities for applications to OpenStack clouds
Solum Architecture
SolumAPI
SolumWorker
SolumDeployerQueue Queue
Queue
SolumConductor
Heat
Database
Glance/Swift
Builds LP; run unit tests; Build DU
Deploys DU
Solum Practice
• solum languagepack create <NAME> <GIT_REPO>
• solum app create --app-file <app_file> [--param-file param_file]
• solum app deploy <UUID>
Other Openstack Container Focused Projects
Kolla
Kolla provides production-ready containers and deployment tools for operating OpenStack clouds.
Kuryr
A Docker network plugin that uses Neutron to provide networking services to Docker containers. It provides containerised images for the common Neutron plugins.
Kolla• Established in September 14.• Allows packaging and deployment using Docker and Ansible• Provides production ready Openstack service.• Ease of deployment , simplified operation, upgrade and
maintenance to enhance devops and operators experience.• Faster than devstack(comparison devstack 14mins ~ 9
mins)
Kuryr
• Its objective is to enable Neutron as the production ready networking abstraction containers need!
• Map container networking abstractions to the Neutron API • Bring your container and VM networking together under one API• Implement all the common code for Neutron vendors allowing
them to get to container networking by just having a binding script
• Leverage Neutron advanced networking like LBaaS, FWaaS, VPNaaS, Security Groups / NAT
• Aims to support different Container Orchestration Engines like Kubernetes, Mesos, Docker Swarm
Summary• OpenStack virtual machine management / physical and
running on the container (Magnum, Murano, Solum)
Advantage:• Resource sharing, unified management by the OpenStack
Nova
Disadvantages:• Performance loss running VM container• Network performance
Summary• COEs run on a variety of hosts managed container OpenStack
services (k8s, mesos)
Advantage:• Container performance guarantees• More efficient use of resources
Disadvantages:• Container isolation• VM network storage• Complexity OpenStack services
Summary• Manage containers and virtual machines (Nova-docker,
heat-docker, Nova-lxc / lxd, Nova + Zun)
Advantage:• simple• Integration of existing resources, such as network, storage
Disadvantages:• Not production ready
Thank You!!