State of Containers in Openstack

State of Containers in OpenstackMadhuri KumariIntel

Agenda• Containers vs VMs• Why Containers?• Containers on Openstack• Openstack Components

– Nova-docker– Heat Docker– Magnum– Murano– Zun– Solum

• Other Container Focused Components– Kolla– Kuryr

Containers vs VMs

Containers vs VMsContainers VMs

Principle Lightweight, high packing density, with fewer resources to achieve rapid deployment, migrate easily.

Isolated, Hardware virtualization, large, performance overhead, migrate easily.

Resource Usage Efficient sharing of resources. Take up more resources.

Flexibility & Security

Less appropriate for multi-tenant environments, because of potential security risks.

Fully isolated from one another and malware, application crashes and other problems impact only the affected VM.

Use cases Web servers, micro-services VMs may contain other enterprise workloads such as database, ERP, CRM, email server, media server, web server or other business applications. 

Why Containers?

WHY NOT??

Containers in Openstack• OpenStack is above all an integration engine, bringing

various technologies together through common APIs. Therefore, containers have naturally been plugged into several existing projects and will find their way into other areas as well.

Openstack Containers ProjectNova-docker

A Docker hypervisor driver for Nova Compute to treat containers and images as the same type of resource as virtual machines.

Heat Docker

A plugin template fororchestrating Docker resources on top of OpenStack resources. Allows access to full Docker API.

Murano

Provides an application catalog of containerized applications that can be deployed to an OpenStackcloud.

Magnum

Provides an API to manage multitenant containers infrastructure leveraging Heat, Nova, and Neutron.

Zun

Container service for OpenStack. Provides API(s) for launching and managing containers backed by different container technologies.

Solum

An OpenStack project designed to make cloud services easier to consume and integrate into your application development process.

Nova-docker• Drivers for OpenStack Nova• Use Nova API to access containers• Interface with container backend (i.e. Docker

daemon, libvirt-lxc)• Fetch container images from Glance

Nova-docker Practice

• nova.conf: compute_driver=novadocker.virt.docker.DockerDriver

• glance-api.conf: container_formats=ami,ari,aki,bare,ovf,ova,docker

• docker save busybox | openstack image create busybox --public --container-format docker --disk-format raw

• nova boot --flavor m1.small --image busybox --key-name mykey test1

Heat Docker• Provide a Heat resource type for Docker.• Need to specify docker endpoint• Can orchestrate docker containers with other Heat

resources

Heat Practice• Heat

• Install heat-docker plugin

• Docker.ymlheat_template_version: 2013-05-23description: Test templateresources: apache: type: DockerInc::Docker::Container properties: image: marouen/apache port_specs: - 80 docker_endpoint: http://host:2375

• heat stack-create -f docker.yaml docker-stack

Magnum• Founded at the end of 2014• Integrates various container orchestration engine (COE).• Leverage other Openstack components lie Heat, Nova,

Neutron, Cinder etc• Manages infrastructure for running containers on

Openstack.• Runs containers under VM/baremetal• COE: Swarm, kubernetes, Mesos

Magnum Architecture

Magnum Practice

• magnum baymodel-create --name k8sbaymodel --image-id fedora-atomic-latest --keypair-id testkey --external-network-id public --flavor-id m1.small --docker-volume-size 5 --network-driver flannel --coe kubernetes

• magnum bay-create --name k8sbay --baymodel k8sbaymodel• magnum ca-sign --bay k8sbay --csr client.csr > client.crt• magnum ca-show --bay k8sbay > ca.crt

Murano• Application catalog to Openstack.• Provide a variety of applications and services, publishing

and lifecycle management , and provide UI and API. The application is defined as anything YAQL language templates defined application.

Murano UI

Zun• Zun (Higgins) is a Container service for OpenStack.• Aim to provide OpenStack API(s) for launching and

managing containers backed by different container technologies.

• Container runtimes: Docker, Rkt, Clear Conainer, etc.• COEs: Kubernetes, Docker Swarm, etc.

Zun• One platform for containers/VMs/baremetals• Neutron• Cinder• Glance• Horizon• Nova• ...

Images Container/VM/

BaremetalGlance

Neutron Cinder

HorizonNova

NetworksVolumes

UI

Provisions

Solum• Solum is an application lifecycle management system which

allows you to deploy your applications starting from the source code onto Openstack cloud.

• For developers, Solum provides an easy-to-use platform for building, testing, and deploying applications on OpenStack clouds

• For operators, Solum provides ability to make their OpenStack cloud more useful to their application developers by enabling CI/CD capabilities for applications to OpenStack clouds

Solum Architecture

SolumAPI

SolumWorker

SolumDeployerQueue Queue

Queue

SolumConductor

Heat

Database

Glance/Swift

Builds LP; run unit tests; Build DU

Deploys DU

Solum Practice

• solum languagepack create <NAME> <GIT_REPO>

• solum app create --app-file <app_file> [--param-file param_file]

• solum app deploy <UUID>

Other Openstack Container Focused Projects

Kolla

Kolla provides production-ready containers and deployment tools for operating OpenStack clouds.

Kuryr

A Docker network plugin that uses Neutron to provide networking services to Docker containers. It provides containerised images for the common Neutron plugins.

Kolla• Established in September 14.• Allows packaging and deployment using Docker and Ansible• Provides production ready Openstack service.• Ease of deployment , simplified operation, upgrade and

maintenance to enhance devops and operators experience.• Faster than devstack(comparison devstack 14mins ~ 9

mins)

Kuryr

• Its objective is to enable Neutron as the production ready networking abstraction containers need!

• Map container networking abstractions to the Neutron API • Bring your container and VM networking together under one API• Implement all the common code for Neutron vendors allowing

them to get to container networking by just having a binding script

• Leverage Neutron advanced networking like LBaaS, FWaaS, VPNaaS, Security Groups / NAT

• Aims to support different Container Orchestration Engines like Kubernetes, Mesos, Docker Swarm

Summary• OpenStack virtual machine management / physical and

running on the container (Magnum, Murano, Solum)

Advantage:• Resource sharing, unified management by the OpenStack

Nova

Disadvantages:• Performance loss running VM container• Network performance

Summary• COEs run on a variety of hosts managed container OpenStack

services (k8s, mesos)

Advantage:• Container performance guarantees• More efficient use of resources

Disadvantages:• Container isolation• VM network storage• Complexity OpenStack services

Summary• Manage containers and virtual machines (Nova-docker,

heat-docker, Nova-lxc / lxd, Nova + Zun)

Advantage:• simple• Integration of existing resources, such as network, storage

Disadvantages:• Not production ready

Thank You!!