Container Service? How about Zun OpenStack Magnum is not ...€¦ · Abstract container life-cycle...
Transcript of Container Service? How about Zun OpenStack Magnum is not ...€¦ · Abstract container life-cycle...
![Page 1: Container Service? How about Zun OpenStack Magnum is not ...€¦ · Abstract container life-cycle management Simple API across different container technologies Deep Integrate with](https://reader033.fdocuments.net/reader033/viewer/2022060420/5f1720aaa65d4358922af953/html5/thumbnails/1.jpg)
Magnum is not the OpenStack
Container Service? How about Zun
Hongbin Lu (Huawei)Qiming Teng (IBM)
Eli Qiao (Intel)Madhuri Kumari (Intel)
![Page 2: Container Service? How about Zun OpenStack Magnum is not ...€¦ · Abstract container life-cycle management Simple API across different container technologies Deep Integrate with](https://reader033.fdocuments.net/reader033/viewer/2022060420/5f1720aaa65d4358922af953/html5/thumbnails/2.jpg)
Agenda● Containers on OpenStack● Magnum● Zun● Demo
![Page 3: Container Service? How about Zun OpenStack Magnum is not ...€¦ · Abstract container life-cycle management Simple API across different container technologies Deep Integrate with](https://reader033.fdocuments.net/reader033/viewer/2022060420/5f1720aaa65d4358922af953/html5/thumbnails/3.jpg)
Containers on OpenStack
OpenStack
ContainerNova Instance (container)
Hypervisor (Container Runtime)
Compute Network Storage
Nova Instance (container)
Nova
![Page 4: Container Service? How about Zun OpenStack Magnum is not ...€¦ · Abstract container life-cycle management Simple API across different container technologies Deep Integrate with](https://reader033.fdocuments.net/reader033/viewer/2022060420/5f1720aaa65d4358922af953/html5/thumbnails/4.jpg)
Containers on OpenStack
OpenStack
Nova Instance (VM)
Container
Hypervisor
Compute Network Storage
Nova Instance (VM)
Container Container Container
Nova
![Page 5: Container Service? How about Zun OpenStack Magnum is not ...€¦ · Abstract container life-cycle management Simple API across different container technologies Deep Integrate with](https://reader033.fdocuments.net/reader033/viewer/2022060420/5f1720aaa65d4358922af953/html5/thumbnails/5.jpg)
Containers on OpenStack
OpenStack
Nova Instance (VM)
Container
Hypervisor
Compute Network Storage
VMNova Instance (VM)
Container Container Container
Container Orchestration Engine (COE)
Nova
![Page 6: Container Service? How about Zun OpenStack Magnum is not ...€¦ · Abstract container life-cycle management Simple API across different container technologies Deep Integrate with](https://reader033.fdocuments.net/reader033/viewer/2022060420/5f1720aaa65d4358922af953/html5/thumbnails/6.jpg)
Containers on OpenStack
COE (Kubernetes, Swarm, etc.)
Deployment (Magnum)
Authentication (Keystone)
Zun
Images (Glance?)
Fuxi
Storage (Cinder)
Network (Neutron)
Kuryr
Monitoring (Telemetry?)
OpenStack APINative API
![Page 7: Container Service? How about Zun OpenStack Magnum is not ...€¦ · Abstract container life-cycle management Simple API across different container technologies Deep Integrate with](https://reader033.fdocuments.net/reader033/viewer/2022060420/5f1720aaa65d4358922af953/html5/thumbnails/7.jpg)
Agenda● Containers on OpenStack● Magnum● Zun● Demo
![Page 8: Container Service? How about Zun OpenStack Magnum is not ...€¦ · Abstract container life-cycle management Simple API across different container technologies Deep Integrate with](https://reader033.fdocuments.net/reader033/viewer/2022060420/5f1720aaa65d4358922af953/html5/thumbnails/8.jpg)
Introduction to Magnum
Nova
Magnum
Nova Instances
Kubernetes
Swarm
Mesos
Containers
![Page 9: Container Service? How about Zun OpenStack Magnum is not ...€¦ · Abstract container life-cycle management Simple API across different container technologies Deep Integrate with](https://reader033.fdocuments.net/reader033/viewer/2022060420/5f1720aaa65d4358922af953/html5/thumbnails/9.jpg)
Introduction to Magnum● Provisioning
○ Kubernetes○ Docker Swarm○ Mesos
● Scaling○ Add instances○ Remove instances
● Security○ Serve as Certificate Authority (CA)○ Generate Keystone users
COE (Kubernetes, Swarm, etc.)
Magnum
Keystone
Zun
Images (Glance?)
Fuxi
Cinder Neutron
Kuryr
Monitoring (Telemetry?)
OpenStack API
Native API
![Page 10: Container Service? How about Zun OpenStack Magnum is not ...€¦ · Abstract container life-cycle management Simple API across different container technologies Deep Integrate with](https://reader033.fdocuments.net/reader033/viewer/2022060420/5f1720aaa65d4358922af953/html5/thumbnails/10.jpg)
Magnum Mission Statement UpdateContainers service
Provide a set of services for management of application containers in a multi-tenant cloud environment.
Container Infrastructure Management service
Provide a set of services for provisioning, scaling, and managing Container Orchestration Engines (COEs).
![Page 11: Container Service? How about Zun OpenStack Magnum is not ...€¦ · Abstract container life-cycle management Simple API across different container technologies Deep Integrate with](https://reader033.fdocuments.net/reader033/viewer/2022060420/5f1720aaa65d4358922af953/html5/thumbnails/11.jpg)
Magnum (M release)
Magnum Mission Statement Update
Bay
Baymodel
Container
Pod
Service
Replication Controller
Magnum (N release)
Bay
Baymodel
Zun
Container
![Page 12: Container Service? How about Zun OpenStack Magnum is not ...€¦ · Abstract container life-cycle management Simple API across different container technologies Deep Integrate with](https://reader033.fdocuments.net/reader033/viewer/2022060420/5f1720aaa65d4358922af953/html5/thumbnails/12.jpg)
Agenda● Containers on OpenStack● Magnum● Zun● Demo
![Page 13: Container Service? How about Zun OpenStack Magnum is not ...€¦ · Abstract container life-cycle management Simple API across different container technologies Deep Integrate with](https://reader033.fdocuments.net/reader033/viewer/2022060420/5f1720aaa65d4358922af953/html5/thumbnails/13.jpg)
What is Zun?● Abstract container life-cycle
management● Simple API across different
container technologies● Deep Integrate with OpenStack
○ Keystone○ Nova○ Neutron○ Glance○ Horizon
COE (Kubernetes, Swarm, etc.)
Magnum
Keystone
Zun
Images (Glance?)
Fuxi
Cinder Neutron
Kuryr
Monitoring (Telemetry?)
OpenStack API
Native API
![Page 14: Container Service? How about Zun OpenStack Magnum is not ...€¦ · Abstract container life-cycle management Simple API across different container technologies Deep Integrate with](https://reader033.fdocuments.net/reader033/viewer/2022060420/5f1720aaa65d4358922af953/html5/thumbnails/14.jpg)
Why Zun?
VMs ContainersCreateListDelete
RunExec...
RebuildSSHMigrate...
Nova Zun
![Page 15: Container Service? How about Zun OpenStack Magnum is not ...€¦ · Abstract container life-cycle management Simple API across different container technologies Deep Integrate with](https://reader033.fdocuments.net/reader033/viewer/2022060420/5f1720aaa65d4358922af953/html5/thumbnails/15.jpg)
Why Zun?
Baremetal
Tenant 1
Virtualization
Tenant 2 Tenant 3
COE
Baremetal
Tenant 1
Virtualization ?
Tenant 2 Tenant 3
Containers
ZunCOE COE
Containers Containers Containers Containers Containers
Magnum Zun
![Page 16: Container Service? How about Zun OpenStack Magnum is not ...€¦ · Abstract container life-cycle management Simple API across different container technologies Deep Integrate with](https://reader033.fdocuments.net/reader033/viewer/2022060420/5f1720aaa65d4358922af953/html5/thumbnails/16.jpg)
Why Zun?● OpenStack-native APIs
○ Simple○ Container-oriented○ Technology-agnostic
● Common infrastructure for VMs, baremetals, and containers○ Common access control and roles management○ Common network abstraction layer○ Common images management○ Single CLI / UI○ Single orchestration template for VMs and containers
● No cluster provisioning & management
![Page 17: Container Service? How about Zun OpenStack Magnum is not ...€¦ · Abstract container life-cycle management Simple API across different container technologies Deep Integrate with](https://reader033.fdocuments.net/reader033/viewer/2022060420/5f1720aaa65d4358922af953/html5/thumbnails/17.jpg)
Architecture
Zun API Zun ComputeZun Compute
Zun Compute
DriverDriver
Driver
Container ContainerContainer
COE / Runtime
![Page 18: Container Service? How about Zun OpenStack Magnum is not ...€¦ · Abstract container life-cycle management Simple API across different container technologies Deep Integrate with](https://reader033.fdocuments.net/reader033/viewer/2022060420/5f1720aaa65d4358922af953/html5/thumbnails/18.jpg)
Sandbox
Concepts● Container
○ A Linux container (i.e. Docker container)○ Run inside a sandbox
● Sandbox○ Contain one or multiple containers○ A placeholder for containers○ Create an isolated environment○ Contain network interface(s) and volume(s)○ Enforce resource constraints (i.e. cpu, memory)
Container
Container
eth0 VolumnIP
![Page 19: Container Service? How about Zun OpenStack Magnum is not ...€¦ · Abstract container life-cycle management Simple API across different container technologies Deep Integrate with](https://reader033.fdocuments.net/reader033/viewer/2022060420/5f1720aaa65d4358922af953/html5/thumbnails/19.jpg)
What Exactly is Sandbox? ● Sandbox can be interpreted differently
○ Could be a set of Linux namespaces○ Could be a VM (i.e. hypervisor-based runtime)○ Could be a pod (i.e. Kubernetes)
● Our first implementation○ A container is a Docker container○ A sandbox is also a Docker container○ Create a Docker container will automatically create a Docker sandbox
● Potential improvements○ Allow multiple containers in a single sandbox
![Page 20: Container Service? How about Zun OpenStack Magnum is not ...€¦ · Abstract container life-cycle management Simple API across different container technologies Deep Integrate with](https://reader033.fdocuments.net/reader033/viewer/2022060420/5f1720aaa65d4358922af953/html5/thumbnails/20.jpg)
Create a Docker Container1. Create a Docker sandbox
$ docker run -d --name mybox kubernetes/pause
2. Create a container by using the sandbox
$ docker run -d --net container:mybox \--ipc container:mybox \--pid container:mybox \--volumes-from mybox \...
![Page 21: Container Service? How about Zun OpenStack Magnum is not ...€¦ · Abstract container life-cycle management Simple API across different container technologies Deep Integrate with](https://reader033.fdocuments.net/reader033/viewer/2022060420/5f1720aaa65d4358922af953/html5/thumbnails/21.jpg)
Why Introduce Sandbox?● Define a group of containers that are
○ Co-located and Co-scheduled○ Share network namespace○ Share volume○ Share resource limits
● Decouple containers from resources management○ Containers are managed by Zun○ Sandbox are managed by Nova (with Docker virt driver)
![Page 22: Container Service? How about Zun OpenStack Magnum is not ...€¦ · Abstract container life-cycle management Simple API across different container technologies Deep Integrate with](https://reader033.fdocuments.net/reader033/viewer/2022060420/5f1720aaa65d4358922af953/html5/thumbnails/22.jpg)
Compute Host
Create a Docker Container
NovaZun
Compute Host
Sandbox
Container
Zun Compute
Nova Compute
Docker Driver
1
2
3
4
5
6
7
1. End-user requests to create a container
2. Zun requests Nova to create a sandbox instance
3. Nova forwards the request to Nova Compute
4. Nova Compute forwards the request to a Zun-provided virt driver
5. The virt driver create the sandbox
6. Zun requests Zun Compute to create a container
7. A container is created inside the sandbox
![Page 23: Container Service? How about Zun OpenStack Magnum is not ...€¦ · Abstract container life-cycle management Simple API across different container technologies Deep Integrate with](https://reader033.fdocuments.net/reader033/viewer/2022060420/5f1720aaa65d4358922af953/html5/thumbnails/23.jpg)
Container Image● Consistent API to manage container
images● Support multiple storage backend
○ Glance (stored as a tar file)○ Docker Hub○ Private Docker Registry
● Pluggable design○ Easy to add support for additional image
backend
Zun
DriverDriverImage
Driver
Glance Docker Hub
![Page 24: Container Service? How about Zun OpenStack Magnum is not ...€¦ · Abstract container life-cycle management Simple API across different container technologies Deep Integrate with](https://reader033.fdocuments.net/reader033/viewer/2022060420/5f1720aaa65d4358922af953/html5/thumbnails/24.jpg)
Agenda● Containers on OpenStack● Magnum● Zun● Demo
![Page 25: Container Service? How about Zun OpenStack Magnum is not ...€¦ · Abstract container life-cycle management Simple API across different container technologies Deep Integrate with](https://reader033.fdocuments.net/reader033/viewer/2022060420/5f1720aaa65d4358922af953/html5/thumbnails/25.jpg)
Demohttps://www.youtube.com/watch?v=umcok662jkM