Más contenido relacionado

Similar a Containers, OCI, CNCF, Magnum, Kuryr, and You!(20)


Más de Daniel Krook(20)


Containers, OCI, CNCF, Magnum, Kuryr, and You!

  1. Containers,  OCI,  CNCF,   Magnum,  Kuryr,  and  You! Jeffrey  Borek Daniel  Krook Val  Bercovici Program  Director,  Open  Tech,  IBM   Senior  Software  Engineer,  IBM Global  Cloud  CTO,  NetApp/SolidFire @JeffBorek @DanielKrook @valb00
  2. What  you  will  learn  today • The  benefits  and  tradeoffs  of  standalone  container  technology  and  its  organic   community  based  evolution  over  time • How  containerization  fits  into  OpenStack,  and  in  particular  its  role  in  the  Magnum   and  Kuryr projects • What  the  container  focused  Linux  Foundation  collaborative  projects  aim  to  achieve • Open  Container  Initiative • Cloud  Native  Computing  Foundation • How  OCI  and  CNCF  container  standardization  affects  OpenStack
  3. Our  background  is  in  open  source  and  open  standards Jeffrey Borek • IBM representative to the OCI & CNCF, Chair of Docker Governance Advisory Board • WW Program Director, Open Technologies and Partnerships, Cloud Computing • @JeffBorek Daniel Krook • Customer advocate for open technologies adoption (OpenStack, Cloud Foundry, Docker) • Senior Software Engineer, Cloud and Open Source Technologies, IBM • @DanielKrook Val Bercovici • Governing Boards SNIA SSSI, CDMI, LF CNCF • Global Cloud CTO, NetApp/SolidFire • @valb00
  4. Container  technology  today  enables  greater  density,  faster   startup,  and  more  consistent  packaging  of  applications Containers  provide  isolation  for  processes   sharing  compute,  networking,  and   storage  resources  on  a  host  system.   They  are  logically  similar  to  virtualized   machine  instances  but  share  the  host   kernel  and  avoid  hardware  emulation. Applications  can  be  packaged  with  all  the   additional  dependencies   that  they  need,   above  what  is  provided  by  the  host.   This  makes  them  efficient  to  run,  easy  to   move  from  host  to  host,  and  enable  more   granular  control  of  applications. There  are  tradeoffs  and  drawbacks,   however,  including   isolation.  Consider  the   analogy  of  buying  a  house  (VM)  versus   renting  an  apartment  (container). Diagram  source:  Exploring  Opportunities:  Containers  and  OpenStack   Abstractions  required  for     VMs,  not  used  by  containers
  5. Containers  are  not  new.  Many  organic  innovations  from  many   independent organizations  have  brought  them  where  we  are  today.   Jails VServer Zones cgroups Namespaces LXC Docker FreeBSD  Jails  expand   on  Unix  chroot to   isolate  files 2000 Linux-­VServer  ports   kernel  isolation,  but   requires  recompilation Solaris  Zones  bring  the   concept  of  snapshots   Google  introduces   Process  Containers,   merged  as  cgroups Red  Hat  adds  user   namespaces,  limiting  root   access  in  containers IBM  creates  LXC,   providing  user   tools  for  cgroups   and  namespaces Docker  provides   simple  user  tools   and  images.   Containers  go   mainstream 20082004 20062001 2008 2013
  6. Several  OpenStack projects  leverage  containers  to  more  efficiently  use   resources,  deploy  faster,  and  package  services  more  consistently A  Docker  hypervisor  driver  for   Nova  Compute  to  treat  containers   and  images  as  the  same  type  of   resource  as  virtual  machines. Nova A  plugin  template  for   orchestrating  Docker  resources   on  top  of  OpenStack  resources.   Allows  access  to  full  Docker  API. Heat Containerizes  the  OpenStack   control  services  themselves  as   microservices  to  simplify  the   operational  experience.   Kolla Provides  an  application  catalog   of  containerized  applications   that  can  be  deployed  to  an   OpenStack  cloud. Murano OpenStack  is  above  all  an  integration  engine,  bringing  various  technologies   together  through  common  APIs.  Therefore,  containers  have  naturally  been  plugged   into  several  existing  projects  and  will  find  their  way  into  other  areas  as  well. Provides  an  API  to  manage  multi-­ tenant  Containers-­as-­a-­Service   leveraging  Heat,  Nova,  and   Neutron. Magnum Brings  the  Neutron  networking   model  to  containers.  Providing   consistency  between  bare  metal,   virtual  machines,  and  containers. Kuryr
  7. Magnum  provides  APIs  and  tenant  isolation  for  Container  Orchestration  Engines • Complete  management  for  containers  within  OpenStack • Orchestrates  the  underlying  host  machines  with  Heat • Implements  multi-­tenancy  of  separate  clusters  through  Keystone • Provides  multi-­host  networking  with  Neutron • Supports  several  Container  Orchestration  Engines  (COE)   • Docker  Swarm • Google  Kubernetes • Apache  Mesos • Allows  direct  access  to  native  container  APIs • Docker  CLI  clients  can  access  hosts  and  containers • The  Kubernetes  client  can  also  directly  manage  pods,  services,  etc.
  8. Magnum  builds  on  several  other  mature  OpenStack projects Magnum   components Diagram  source:  Exploring  Opportunities:  Containers  and  OpenStack  
  9. Kuryr connects  Docker and  Kubernetes networks  to  OpenStack • Kuryr  provides  networking  to  Docker containers   by  leveraging  the  Neutron  APIs  and  services.  It   also  provides  containerized  images  for  common   Neutron  plugins. • Kuryr  should  address Magnum project  use  cases   in  terms  of  containers  networking  and  serve  as  a   unified  interface  for  Magnum  or  any  other   OpenStack project  that  needs  to  leverage   containers  networking  through  Neutron  API.   • Kuryr  also  builds  on  mature  OpenStack projects • Keystone  for  authentication • Neutron  client • Oslo  libraries Docker Engine Kuryr libnetwork Neutron
  10. Introducing  the  Linux  Foundation  Open  Container  Initiative  (OCI) A  single,  open  container  specification: • Not  bound  to  higher  level  constructs  such  as  a   particular  client  or  orchestration  stack • Not  tightly  associated  with  any  particular  commercial   vendor  or  project • Portable  across  a  wide  variety  of  operating  systems,   hardware,  CPU  architectures,  public  clouds,  etc. The  OCI  is  a  lightweight,  open   governance  structure  for  the   express  purpose  of  creating   open  industry  standards   around  container  formats  and   runtime Announced  June  22,  2015
  11. The  OCI  aims  to  meld  ecosystems  towards  an  open  standard • Users  should  be  able  to  package  their   application  once  and  have  it  work  with  any   container  runtime • The  standard  should  fulfill  the  requirements  of   the  most  rigorous  security  and  production   environments • The  standard  should  be  vendor  neutral  and   developed  in  the  open
  12. The  OCI  governs  a  container  specification  and  an  implementation   Open  Container  Runtime  Spec Docker  container  runtime  implementation:   runC  (formerly  libcontainer) CoreOS  runtime  implementation:   appC  (formerly  Rocket) Spec  and  implementation updated  in  concert   Innovation  driven   into  the  specOpen  Container  Initiative   ecosystem Community   innovation  driven  into   the  spec Open  Image  Format  Spec Good  News! • Open   Specification  for   Container  Image • Starting  with   Docker v2.2 • Announced         April  14,  2016
  13. Introducing  the  Cloud  Native  Computing  Foundation  (CNCF) • Container  packaged:  In  order  to  improve  the   overall  developer  experience,  foster  code  reuse   and  simplify  operations • Dynamically  managed:  Actively  scheduled  and   managed  by  a  central  orchestrating  process  to   radically  improve  machine  efficiency • Micro-­services  oriented:  Loosely  coupled  with   dependencies  explicitly  described  through  service   endpoints  for  overall  agility,  maintainability  of   applications The  CNCF  plans  to  create  and  drive   the  adoption  of  a  new  set  of   common  container  technologies,   driven  and  informed  by  technical   merit  and  end  user  value,  inspired   by  Internet-­scale  computing Announced  July  21,  2015
  14. CNCF:  Supporting  companies  and  initial  high  level  architecture Just as the OCI targets container image portability, the CNCF targets cloud application portability…
  15. CNCF:  Incubation  projects Seed  project: Reported  by   the  press   for  possible   future  inclusion:­cncf “The acceptance of Kubernetes is a first step in establishing the CNCF as an organization that supports leading cloud native projects of production quality, but this is just the start. The future of cloud native will involve many projects and use cases, which we look forward to advancing.”
  16. Keep  an  eye  on  developments  in  these  areas  as  you  formulate   your  organization's  containerization  strategy.  Please  get  involved   to  ensure  standards  reflect  your  own  usage  scenarios. Container  technology  has  evolved  over  the   last  16  years  with  contributions  from  many   organizations.   It  will  continue  to  do  so  with  greater   collaboration  and  governance  through  the   Open  Container  Initiative  and  the  Cloud  Native   Computing  Foundation. Containerization  is  used  throughout   OpenStack in  Nova,  Heat,  Kolla,  Murano and   other  big  tent  projects… …but  Magnum  and  Kuryr will  be  the  most   impacted  by  standards  given  the  exposure  of   COE  native  APIs  (Kubernetes,  Swarm,  Mesos)   and  separately  governed  container  standards. The  OpenStack Foundation  provides   governance  over  Infrastructure-­as-­a-­Service   (compute,  network,  and  storage)  APIs.   The  OCI  and  the  CNCF  will  provide   governance  of  container  formats  and   standardize  orchestration  engine  technologies.
  17. Online  resources The  OpenStack  Magnum wiki­wiki   OpenStack Magnum  midcycle meetup presentation­mid Austin  Summit  videos,  with  Kuryr deep  dives­videos Exploring  Opportunities:  Containers  and  OpenStack  whitepaper­os   The  Docker  and  Container  Ecosystem  TheNewStack  publication­ctrs   Open  Containers  Initiative   web  site Cloud  Native  Computing  Foundation  web  site The  history  of  containers  Red  Hat  EL  blog  post­ctrs   Moments  in  container  history  Pivotal  infographic­ctrs