EVALUATING OPENSTACK CONTAINERS AS A SERVICE MAGNUM FOR PRODUCTION - - PowerPoint PPT Presentation

evaluating openstack containers as a service magnum for
SMART_READER_LITE
LIVE PREVIEW

EVALUATING OPENSTACK CONTAINERS AS A SERVICE MAGNUM FOR PRODUCTION - - PowerPoint PPT Presentation

Aug 27, 2022 499 likes •624 views

EVALUATING OPENSTACK CONTAINERS AS A SERVICE MAGNUM FOR PRODUCTION Rosario Di Somma WHY CONTAINERS? Rapid application deployment Portability across machines Version control and component reuse Sharing Lightweight footprint

slide-1
SLIDE 1

EVALUATING OPENSTACK CONTAINERS AS A SERVICE MAGNUM FOR PRODUCTION

Rosario Di Somma

slide-2
SLIDE 2

WHY CONTAINERS?

  • Rapid application deployment
  • Portability across machines
  • Version control and component reuse
  • Sharing
  • Lightweight footprint and minimal overhead
  • Simplified maintenance
slide-3
SLIDE 3

BARE METAL OR VMS?

–Craig McLuckie, product manager for Kubernetes and the Google Cloud Platform

“…many containers can run together on a single host but they don't have enough defenses to shield themselves from active malware lurking in a neighboring container on the same host.” “ So multi-tenant hosts will most likely assign a virtual machine to each customer then run multiple Docker containers inside the VM.”

slide-4
SLIDE 4

MAGNUM

  • The OpenStack container as a service(CaaS)
  • Provides a very easy way to deploy a container cluster on top of

OpenStack

  • Resources started by Magnum can only be viewed and accessed by

users of the tenant that created them

  • Provides the same level of security isolation as Nova provides when

running vms belonging to different tenants on the same compute nodes

  • Pluggable container orchestration engine(COE), Kubernetes, Swarm and

Mesos as of now

  • Powered by Heat
slide-5
SLIDE 5

ARCHITECTURE

  • Very simple architecture
  • Two services (Server Api, Conductor)
  • The Magnum client talks with the Server Api
  • Server Api and Conductor communicate using the messaging

bus(RabbitMQ)

  • The conductor is in charge of:
  • managing the clusters life-cycle through Heat
  • communicate with the clusters using the appropriate COE API
slide-6
SLIDE 6

ARCHITECTURE

slide-7
SLIDE 7

KUBERNETES-MAGNUM MATCHING

  • First supported COE
  • 1 to 1 match between K8s and Magnum

resources(Pod, Service and Replication Controller)

  • Introduces the concept of Bay
  • Adds multi-tenancy
slide-8
SLIDE 8

WHAT WE LIKE

  • Managed vs Unmanaged
  • SSL
  • One truth of the state for K8s
  • Heat powered
  • Integration with Keystone for multi-tenant security
  • Integration with Neutron for Kubernetes multi-tenancy network

security

  • Configurable etcd discovery service(default to discovery.etcd.io)
slide-9
SLIDE 9

WHAT’S MISSING(WIP)

  • Quota for magnum resources
  • auto scaling
  • Volume containers
  • Horizon integration
slide-10
SLIDE 10

magnum baymodel-create --name k8sbaymodel \

  • -image-id fedora-21-atomic-5 \
  • -keypair-id testkey \
  • -external-network-id public \
  • -flavor-id m1.small \
  • -docker-volume-size 5 \
  • -network-driver flannel \
  • -coe kubernetes

magnum bay-create --name k8sbay

  • -baymodel k8sbaymodel
  • -node-count 1
slide-11
SLIDE 11
slide-12
SLIDE 12

CONCLUSIONS

  • Is Magnum ready for production?