the container revolution, and what it means to operators open stack southbay meetup - 7-sep-2016
TRANSCRIPT
![Page 1: The container revolution, and what it means to operators open stack southbay meetup - 7-sep-2016](https://reader036.vdocuments.mx/reader036/viewer/2022062503/5878e25a1a28abfa038b4c6b/html5/thumbnails/1.jpg)
THE RISE OF THE CONTAINERThe Dev/Ops technology that accelerates Ops/Dev
![Page 2: The container revolution, and what it means to operators open stack southbay meetup - 7-sep-2016](https://reader036.vdocuments.mx/reader036/viewer/2022062503/5878e25a1a28abfa038b4c6b/html5/thumbnails/2.jpg)
Robert Starmer: @rstarmer
• CTO for Kumulus Technologies• OpenStack operations contributor since 2012 • Supporting Cloud enablement for Enterprise• OpenStack, Kubernetes, BareMetal to App CD
Kumulus Technologies: @kumulustech• Systems consultants supporting cloud migration• Kumulus Tech Newsletter: https://kumul.us/newsletter/ • Five Minutes of Cloud: youtube.com/fiveminutesofcloud
WHO AM I?
http://kumul.us
![Page 3: The container revolution, and what it means to operators open stack southbay meetup - 7-sep-2016](https://reader036.vdocuments.mx/reader036/viewer/2022062503/5878e25a1a28abfa038b4c6b/html5/thumbnails/3.jpg)
AGENDA
• Overview of the Container service space, a little history of containers.
• Why Containers are _now_ the answer to Developers every desire.
• The underbelly of the Container world, Container Operating Environments.
• Operation needs and gaps in the Container integration space• A unified Container, Virtual, and Physical compute service, or
how OpenStack (and other IaaS solutions) still fits into the equation.
@rstarmer
![Page 4: The container revolution, and what it means to operators open stack southbay meetup - 7-sep-2016](https://reader036.vdocuments.mx/reader036/viewer/2022062503/5878e25a1a28abfa038b4c6b/html5/thumbnails/4.jpg)
THE WHAT, WHY, AND HOW OF CONTAINERS
![Page 5: The container revolution, and what it means to operators open stack southbay meetup - 7-sep-2016](https://reader036.vdocuments.mx/reader036/viewer/2022062503/5878e25a1a28abfa038b4c6b/html5/thumbnails/5.jpg)
WHAT DO WE MEAN? A CONTAINER…
• Principally containers == Linux containers*
• Provides a segregation model at the process level rather than
emulating a complete computer
• Uses cgroups and namespaces to segregate processes
* yes, other container technologies exist
@rstarmer
![Page 6: The container revolution, and what it means to operators open stack southbay meetup - 7-sep-2016](https://reader036.vdocuments.mx/reader036/viewer/2022062503/5878e25a1a28abfa038b4c6b/html5/thumbnails/6.jpg)
CONTAINERS, THE SHORT HISTORY
• One system multi-segregation goes back to time-share systems
of the 1960/70s
• In the mini-computer/Unix era, the kernel included process
management and some initial segregation (root vs. user access)
• BSD Jails, Solaris Zones, LXC (and Google’s LMCTFY)
@rstarmer
![Page 7: The container revolution, and what it means to operators open stack southbay meetup - 7-sep-2016](https://reader036.vdocuments.mx/reader036/viewer/2022062503/5878e25a1a28abfa038b4c6b/html5/thumbnails/7.jpg)
LINUX CONTAINERS
• ~2005 Google, along with Canonical, took an interest in the early
Linux container model, supporting efforts around LXC
• Other than Google and bleeding edge developers, containers
were seen as difficult to use
• Docker changed this: layered ‘light’ images and a registry
@rstarmer
![Page 8: The container revolution, and what it means to operators open stack southbay meetup - 7-sep-2016](https://reader036.vdocuments.mx/reader036/viewer/2022062503/5878e25a1a28abfa038b4c6b/html5/thumbnails/8.jpg)
WHY NOT JUST STICK WITH VMS?Bare Metal (Nova & Ironic)
x86, ARM, other processorMemoryLocal “block” storage subsystem
Hypervisor (Nova)Hypervisor - Hardware access management and segregationESX, KVM, Hyper-V, Xen, LPAR
Container (Nova)OS level segregation of processesDocker/LXC, Solaris containers
Hardware
APP APP APP
Host OSbin/lib bin/lib bin/lib
Hardware
APP
OS
Hypervisor
APP
OS
APP
OS
Host OS
bin/lib bin/libVirtual machine
GuestOS
bin/lib
Hardware
APPbin/lib
Container Engine
APPbin/lib
APPbin/lib
Host OS
Container
@rstarmer
![Page 9: The container revolution, and what it means to operators open stack southbay meetup - 7-sep-2016](https://reader036.vdocuments.mx/reader036/viewer/2022062503/5878e25a1a28abfa038b4c6b/html5/thumbnails/9.jpg)
WHY NOT JUST STICK WITH VMS?
• Speed: sub-second vs. multi-second startup• Simplification: One light image from laptop to
production• Layers: Docker image format simplifies base images• Embedded Ops: Operational value built in (load
balancing)• Container == Process container, VM == OS container
@rstarmer
![Page 10: The container revolution, and what it means to operators open stack southbay meetup - 7-sep-2016](https://reader036.vdocuments.mx/reader036/viewer/2022062503/5878e25a1a28abfa038b4c6b/html5/thumbnails/10.jpg)
AGILE DEVELOPMENT AND CONTAINERS
• The real driver behind the current container craze: Dev/Ops
• Agile development == always working always tested code
• If I can build my app and have tests running in a second, I’m
more likely to test…
• …and I don’t have to worry about the underlying OS
@rstarmer
![Page 11: The container revolution, and what it means to operators open stack southbay meetup - 7-sep-2016](https://reader036.vdocuments.mx/reader036/viewer/2022062503/5878e25a1a28abfa038b4c6b/html5/thumbnails/11.jpg)
DEVELOPERS OPERATIONS💔
• Dev/Ops is a stepping stone for many developers
• Enabled application development models that were not
previously possible
• Ops is something to limit and reduce
• There is a growing #serverless community - focusing on just the
application again
@rstarmer
![Page 12: The container revolution, and what it means to operators open stack southbay meetup - 7-sep-2016](https://reader036.vdocuments.mx/reader036/viewer/2022062503/5878e25a1a28abfa038b4c6b/html5/thumbnails/12.jpg)
DEVELOPERS CONTAINERS❤️
• Docker image format makes it easy to build “app” environment
• Use for Unit test (on developer machine)
• Use same image for QA/system tests
• Use same image in staging/final test
• Use same image in production
@rstarmer
![Page 13: The container revolution, and what it means to operators open stack southbay meetup - 7-sep-2016](https://reader036.vdocuments.mx/reader036/viewer/2022062503/5878e25a1a28abfa038b4c6b/html5/thumbnails/13.jpg)
STILL NEED TO “OPERATE” CONTAINERS
• Can’t avoid some operations
• Manage application failures gracefully
• Provide some scale services (e.g. Load balancing)
• Managing interactions and security between multi-container
services and solutions
@rstarmer
![Page 14: The container revolution, and what it means to operators open stack southbay meetup - 7-sep-2016](https://reader036.vdocuments.mx/reader036/viewer/2022062503/5878e25a1a28abfa038b4c6b/html5/thumbnails/14.jpg)
IT IS NOT JUST A CONTAINER THOUGH…
![Page 15: The container revolution, and what it means to operators open stack southbay meetup - 7-sep-2016](https://reader036.vdocuments.mx/reader036/viewer/2022062503/5878e25a1a28abfa038b4c6b/html5/thumbnails/15.jpg)
THE FIELD OF CONTAINER MANAGEMENT
• LXC and LXD or libvirt-lxc
• Docker and Docker(plus Swarm)
• Docker/RKT/(?LXC?) and Kubernetes
• Docker, LXC, etc. and Mesos/DCOS
• Docker Cloud, Rancher, DCOS, CoreOS Fleet….
@rstarmer
![Page 16: The container revolution, and what it means to operators open stack southbay meetup - 7-sep-2016](https://reader036.vdocuments.mx/reader036/viewer/2022062503/5878e25a1a28abfa038b4c6b/html5/thumbnails/16.jpg)
MANAGEMENT FUNCTIONS
• Lifecycle Management• Rolling Upgrades• Scheduling• Network Service• Storage Mapping• Seems like an IaaS might be of service
@rstarmer
![Page 17: The container revolution, and what it means to operators open stack southbay meetup - 7-sep-2016](https://reader036.vdocuments.mx/reader036/viewer/2022062503/5878e25a1a28abfa038b4c6b/html5/thumbnails/17.jpg)
OPENSTACK AND MANAGING CONTAINERS
![Page 18: The container revolution, and what it means to operators open stack southbay meetup - 7-sep-2016](https://reader036.vdocuments.mx/reader036/viewer/2022062503/5878e25a1a28abfa038b4c6b/html5/thumbnails/18.jpg)
MANAGING CONTAINERS
Two ways to think about containers and OpenStack:
• OpenStack managing VMs or Bare Metal running Containers one for all
• OpenStack managing a COE per tenant, tenant manages the Container management
• OpenStack being run on Containers either on an OpenStack undercloud, or on bare metal/container management
@rstarmer
![Page 19: The container revolution, and what it means to operators open stack southbay meetup - 7-sep-2016](https://reader036.vdocuments.mx/reader036/viewer/2022062503/5878e25a1a28abfa038b4c6b/html5/thumbnails/19.jpg)
RUNNING CONTAINERS ON OPENSTACKWhere are you going to run your containers:• VM (eg. Nova to Linux OS or “Container OS”)• Bare Metal (eg. Ironic to Linux OS or “Container OS”)• Container “Directly” (e.g. Higgins) <newest addition
How do you launch Containers?• LXC/LXD libvirt commands?• Docker commands?• Kubernetes/Mesos-Marathon/etc.
@rstarmer
![Page 20: The container revolution, and what it means to operators open stack southbay meetup - 7-sep-2016](https://reader036.vdocuments.mx/reader036/viewer/2022062503/5878e25a1a28abfa038b4c6b/html5/thumbnails/20.jpg)
ADD MANAGEMENT… AND?Tenant/Project based, or global OpenStack deploymentNetwork interaction model• tunneling (is your base OS already tunneling?)
• NAT And SLB services?
Storage• shared backend, or brokered backend (e.g. exposed by
Openstack)
@rstarmer
![Page 21: The container revolution, and what it means to operators open stack southbay meetup - 7-sep-2016](https://reader036.vdocuments.mx/reader036/viewer/2022062503/5878e25a1a28abfa038b4c6b/html5/thumbnails/21.jpg)
SCHEDULING
• Container management services still need better embedded
scheduling (affinity/anti-affinity at least)
• No integration between underlying scheduler (e.g. Nova) and
overlay scheduling (e.g. Kubernetes)
• Lack of interaction could see multiple “container” VMs on the
same physical host… No different than any other cloud app
@rstarmer
![Page 22: The container revolution, and what it means to operators open stack southbay meetup - 7-sep-2016](https://reader036.vdocuments.mx/reader036/viewer/2022062503/5878e25a1a28abfa038b4c6b/html5/thumbnails/22.jpg)
SINGLE MANAGEMENT FOR ALL
• Deploy a Docker-swarm or Kubernetes or… for the entire
OpenStack service
• Consistency
• Single model/centralized control
• Removes any Infrastructure Ops burden from developers
• Still has security issues (perhaps even more so, shared syscall
interface in the kernel)
@rstarmer
![Page 23: The container revolution, and what it means to operators open stack southbay meetup - 7-sep-2016](https://reader036.vdocuments.mx/reader036/viewer/2022062503/5878e25a1a28abfa038b4c6b/html5/thumbnails/23.jpg)
PER TENANT MANAGEMENT
• OS team enables deployment of an environment (e.g Docker,
Kubernetes, etc.) to as a set of VMs for an individual
Project/Tenant.
• Now project owners are Ops managers again for their container
management
• Leverage one to deploy: Magnum, Monasca, HEAT
@rstarmer
![Page 24: The container revolution, and what it means to operators open stack southbay meetup - 7-sep-2016](https://reader036.vdocuments.mx/reader036/viewer/2022062503/5878e25a1a28abfa038b4c6b/html5/thumbnails/24.jpg)
MANAGING OPENSTACK AS CONTAINERS
![Page 25: The container revolution, and what it means to operators open stack southbay meetup - 7-sep-2016](https://reader036.vdocuments.mx/reader036/viewer/2022062503/5878e25a1a28abfa038b4c6b/html5/thumbnails/25.jpg)
• Load balanced front end services and even some
portion of the back-end can be run as containers
• Storage elements (e.g. database) and middleware (e.g.
RabbitMQ) may be better suited to VMs and or Ironic
• Chicken vs. egg issue
OPENSTACK AS A DISTRIBUTED APPLICATION
@rstarmer
![Page 26: The container revolution, and what it means to operators open stack southbay meetup - 7-sep-2016](https://reader036.vdocuments.mx/reader036/viewer/2022062503/5878e25a1a28abfa038b4c6b/html5/thumbnails/26.jpg)
KOLLA PROJECT
• Containerize OpenStack
• Simplifies the creation of individual containers for each individual
service element (neutron-api vs neutron-scheduler)
• Can be used to support rolling upgrades (and even downgrades)
• https://github.com/openstack/kolla
@rstarmer
![Page 27: The container revolution, and what it means to operators open stack southbay meetup - 7-sep-2016](https://reader036.vdocuments.mx/reader036/viewer/2022062503/5878e25a1a28abfa038b4c6b/html5/thumbnails/27.jpg)
• To use OpenStack, hardware is needed
• To use Kubernetes, hardware is needed
• Which is first ? (i.e. OpenStack standalone with Ironic or
Kubernetes/Docker/etc. or through some other mechanism)
WHO’S FIRST: OPENSTACK OR KUBERNETES?
@rstarmer
![Page 28: The container revolution, and what it means to operators open stack southbay meetup - 7-sep-2016](https://reader036.vdocuments.mx/reader036/viewer/2022062503/5878e25a1a28abfa038b4c6b/html5/thumbnails/28.jpg)
• Kolla-Kubernetes -
http://docs.openstack.org/developer/kolla-kubernetes/index.html
* Stacknetes - https://github.com/stackanetes
* Fuel-CCP - https://github.com/openstack/fuel-ccp
* SAP - http://github.com/sapcc
* TCPCloud -
http://www.tcpcloud.eu/en/blog/2016/08/04/making-openstack-production-ready-kubernetes-and-openstack-salt-part-3/
KUBERNETES OPENSTACK PROJECTS
@rstarmer
![Page 29: The container revolution, and what it means to operators open stack southbay meetup - 7-sep-2016](https://reader036.vdocuments.mx/reader036/viewer/2022062503/5878e25a1a28abfa038b4c6b/html5/thumbnails/29.jpg)
REVIEW
![Page 30: The container revolution, and what it means to operators open stack southbay meetup - 7-sep-2016](https://reader036.vdocuments.mx/reader036/viewer/2022062503/5878e25a1a28abfa038b4c6b/html5/thumbnails/30.jpg)
CONTAINERS
• Containers == segregated processes (VM-lite)
• Containers abstract the Operations Model
• Containers need/leverage systems management:• Scale• Scheduling• Security
• Containers can (should?) run on IaaS
@rstarmer
![Page 31: The container revolution, and what it means to operators open stack southbay meetup - 7-sep-2016](https://reader036.vdocuments.mx/reader036/viewer/2022062503/5878e25a1a28abfa038b4c6b/html5/thumbnails/31.jpg)
THANKS!Kumulus Tech Newsletter: https://kumul.us/newsletter/ Five Minutes of Cloud: youtube.com/fiveminutesofcloud @rstarmer @kumulustech