Presentation at the OpenStack Summit in Tokyo, Japan on October 27, 2015.
http://sched.co/49x0
The technology industry has been abuzz about cloud workload containerization since the open source Docker project became a phenomenon in early 2014.
Meanwhile, an OpenStack Containers Team was formed and the Magnum project launched to provide users with a convenient Containers-as-a-Service solution for OpenStack environments.
As the potential of both technologies emerged, many wanted to see shared governance over the baseline container specification and runtime technology to ensure an open cloud ecosystem.
This past June, a new group was formed with a goal of creating open, industry standards around container formats and runtimes, called the Open Container Initiative (http://www.opencontainers.org).
So how will OpenStack Magnum influence - and be influenced by - the new OCI group? Why is the OCI under the stewardship of the Linux Foundation? What is the scope of the OCI effort? What project goals and/or principles will guide their work?
Attend this session to learn the following:
* A brief history of the open container ecosystem and the major benefits that containerization provides
* An overview of the Magnum CaaS plugin architecture and design goals
* Insider details on the the progress of the Linux Foundation Open Container Initiative (and the related Cloud Native Computing Foundation)
* What it all means for deploying container orchestration engines on your cloud with OpenStack Magnum
Megan Kostick - Software Engineer, Cloud and Open Source Technologies, IBM
Daniel Krook - Senior Software Engineer, Cloud and Open Source Technologies, IBM
Jeffrey Borek - WW Program Director, Open Technologies and Partnerships, Cloud Computing
The Containers Ecosystem, the OpenStack Magnum Project, the Open Container Initiative, and You!
1. The Containers Ecosystem, the OpenStack Magnum Project,
the Open Container Initiative, and You!
What Open Containers and Cloud Native Computing mean to OpenStack
Megan Kostick
@KostickMegan
flickr.com/68397968@N07
Jeffrey Borek
@JeffBorek
Daniel Krook
@DanielKrook
2. What you will learn today
• Introduction to container technology and its open source history
• How containerization fits into OpenStack, and in particular Magnum
• Introduction to the Linux Foundation collaborative projects on containers
– Open Container Initiative
– Cloud Native Computing Foundation
• How the OCI and CNCF container standardization may affect Magnum
2
3. Our background is in open source and open standards
3
Megan Kostick
• Customer advocate for open technologies adoption (OpenStack, Cloud Foundry, Docker)
• Software Engineer, Cloud and Open Source Technologies, IBM
• @KostickMegan
Daniel Krook
• Customer advocate for open technologies adoption (OpenStack, Cloud Foundry, Docker)
• Senior Software Engineer, Cloud and Open Source Technologies, IBM
• @DanielKrook
Jeffrey Borek
• IBM representative to the OCI & CNCF, Chair of Docker Governance Advisory Board
• WW Program Director, Open Technologies and Partnerships, Cloud Computing
• @JeffBorek
4. Container technology today enables greater density, faster startup, and easier deployment of applications
4
Containers provide isolation for
processes sharing compute,
networking, and storage resources
on a single host system. They are
similar to virtualized machine instances
but share the host kernel and avoid
hardware emulation.
Applications can be packaged with all
the additional dependencies that
they need, above what is provided by
the host. This makes them efficient to
run, easy to move from host to host,
and enable more granular control of
applications.
There are costs, however...
Diagram source: Exploring Opportunities: Containers and OpenStack
5. Containers are not new. Many innovations from many
organizations have brought them where we are today
5
Jails
VServer
Zones
cgroups
Namespaces
LXC
Docker
FreeBSD Jails
expand on
Unix chroot
to isolate
processes
2000
2001
2004
2006
2008
2008
2013
Linux-VServer
ports kernel
isolation, but
requires
recompilation
Solaris Zones
bring the
concept of
snapshots
Google
introduces
Process
Containers,
merged as
cgroups
Red Hat
adds user
namespaces,
limiting root
access in
containers
IBM creates
LXC, providing
user tools for
cgroups and
namespaces
Docker provides
simple user
tools and
images.
Containers go
mainstream
6. Several OpenStack projects leverage containers to gain these benefits
6
A Docker hypervisor driver for
Nova Compute to treat containers
and images as the same type of
resource as virtual machines.
Nova
A plugin template for
orchestrating Docker resources
on top of OpenStack resources.
Allows access to full Docker API.
Heat
Containerizes the OpenStack
control services themselves as
microservices to simplify the
operational experience.
Kolla
Provides an application catalog of
containerized applications that
can be deployed to an OpenStack
cloud.
Murano
OpenStack is above all an integration engine, bringing various technologies together
through common APIs. Therefore, containers have naturally been plugged into several
existing projects and will find their way into other areas as well.
Provides an API to manage multi-
tenant Containers-as-a-Service
leveraging Heat, Nova, and Neutron.
Magnum
7. The road to a Containers-as-a-Service project in OpenStack
• May 2014: Containers Team Formed
– Standardize the container environment
– Provide consistency when deploying containers in OpenStack
– Remove the risk of betting on a single container strategy
• June 2015: Container Networking Subteam Formed
– Incorporate a consistent networking strategy for containers
• August 2015: OpenStack Silicon Valley
– Event focused on containers in OpenStack
• October 2015: OpenStack Liberty Release
– First production ready release of Magnum
7
2014
2016
8. OpenStack Magnum provides APIs and tenant isolation for container orchestration engines
• Complete management for containers within OpenStack
– Orchestrates the underlying host machines with Heat
– Implements multi-tenancy of separate clusters through Keystone
– Provides multi-host networking with Neutron
• Supports several Container Orchestration Engines (COE)
– Docker Swarm
– Google Kubernetes
– Apache Mesos
• Allows direct access to native container APIs
– Docker CLI clients can access hosts and containers
– The Kubernetes client can also directly manage pods, services, etc.
8
9. Magnum builds on several other mature OpenStack projects
9
Magnum
components
Diagram source: Exploring Opportunities: Containers and OpenStack
10. Introducing the Linux Foundation Open Container Initiative (OCI)
10
A single, open container specification:
• Not bound to higher level constructs such as a particular
client or orchestration stack
• Not tightly associated with any particular commercial
vendor or project
• Portable across a wide variety of operating systems,
hardware, CPU architectures, public clouds, etc.
The OCI is a lightweight, open
governance structure for the
express purpose of creating
open industry standards around
container formats and runtime
Announced June 22, 2015
opencontainers.org
11. The OCI aims to meld ecosystems towards an open standard
11
• Users should be able to package their
application once and have it work with any
container runtime
• The standard should fulfill the
requirements of the most rigorous security
and production environments
• The standard should be vendor neutral
and developed in the open
12. The OCI governs a container specification and an implementation
12
Open Container Format: OCF Docker container runtime implementation:
runC (formerly libcontainer)
CoreOS runtime implementation:
appC (formerly Rocket)
github.com/opencontainers
Spec and implementation
updated in concert
Innovation driven
into the specOpen Container Initiative
ecosystem
Community innovation
driven into the spec
13. Introducing the Cloud Native Computing Foundation (CNCF)
13
• Container packaged: In order to improve the overall
developer experience, foster code reuse and simplify
operations
• Dynamically managed: Actively scheduled and
managed by a central orchestrating process to radically
improve machine efficiency
• Micro-services oriented: Loosely coupled with
dependencies explicitly described through service
endpoints for overall agility, maintainability of
applications
The CNCF plans to create and
drive the adoption of a new set of
common container technologies,
driven and informed by technical
merit and end user value, inspired
by Internet-scale computing
Announced July 21, 2015
cncf.io
14. CNCF: Supporting companies and initial high level architecture
14
Just as the OCI targets container
image portability, the CNCF targets
cloud application portability…
15. OCI/CNCF standardization and the implementation of Magnum:
What Magnum already brings to the table
15
• Docker Swarm and Kubernetes already manage
containers based on runC.
• Docker Swarm will work to align its approach with the
interoperability goals of the CNCF as Kubernetes has.
Standard
container
environment
• Users can wait to see the results of the foundations’ work.
• Docker Swarm and Kubernetes are heavily invested in
both the OCI and CNCF, and already in use in Magnum.
No container
strategy lock-in
• Magnum supports COEs, the container strategies
themselves.
• Supporting COEs allows for continual sync with the latest
standards.
Adaptable
infrastructure
16. OCI/CNCF standardization and the implementation of Magnum:
What Magnum is doing now
16
• Leveraging Docker’s libnetwork, will provide users with
the same experience in and out of OpenStack.
• Container networking strategies continue to evolve, and will
be an area of foundation focus going forward.
Consistent
networking
• The OpenStack Silicon Valley 2015 conference centered on
containers, preparing for what the industry has in store.
• Kuryr and other container project design goals will be
discussed at sessions at the Summit.
Focus on
container
evolution
17. 17
OCI/CNCF standardization and the implementation of Magnum:
What Magnum will need to focus on as standards evolve
• The OCI and CNCF are continuing to finalize the
charter and member agreements.
• Being agnostic to container technologies, Magnum
can incorporate these decisions with ease.
Adapt to
foundation
standards
• Past experience and expertise allows Magnum to
give insight to both foundations from a production
level CaaS perspective.
Contribute to
foundation
efforts
18. Summary
• Container technology has evolved over the last 15 years with contributions from many organizations. It
will continue to do so through the Open Container Initiative and the Cloud Native Computing
Foundation.
• Containerization is used throughout OpenStack, but the end user facing features provided by
Magnum’s Containers-as-a-Service will be the most impacted by standards given the exposure of
native APIs and Cloud Orchestration Engines.
• The OpenStack Foundation provides governance over Infrastructure-as-a-Service (compute, network,
and storage) APIs. The Open Container Initiative and the Cloud Native Computing Foundation will
provide governance of container formats and meld orchestration engine technologies.
18
Keep an eye on developments in both of these areas as you
formulate your organization's containerization strategy. Please
get involved to ensure standards reflect usage scenarios.
19. Online resources and related talks at the Summit
19
Tuesday
4:40 – 5:20 Connecting the Dots with Neutron: Unifying Network Virtualization Between Containers and VMs
Mohammad Banikazemi, Phil Estes
Wednesday
2:00 – 2:00 Optimizing and Extending Overlay Networking for Containers
Mohammad Banikazemi, Ton Ngo, Baohua Yang
4:40 – 5:20 OpenStack Magnum – Containers-as-a-Service
Adrian Otto, PTL of the Magnum project
Thursday
9:50 – 10:30 Exploring Magnum and Senlin Integration for Autoscaling Containers
Hongbin Lu, Ton Ngo, Julio Ruano, Qiming Teng
4:30 – 5:10 Beginners’ Guide to Container Technology and How it Actually Works
James Bottomley
The OpenStack Magnum wiki bit.ly/mgm-wiki
Exploring Opportunities: Containers and OpenStack whitepaper bit.ly/ctrs-os
The Docker and Container Ecosystem TheNewStack publication bit.ly/tns-ctrs
Open Containers Initiative web site opencontainers.org
Cloud Native Computing Foundation web site cncf.io
The history of containers Red Hat EL blog post bit.ly/rh-ctrs
Moments in container history Pivotal infographic bit.ly/pvt-ctrs