dcsimg
Read more on "Server Virtualization Spotlight" »

How Containers Work in OpenStack Queens

By Sean Michael Kerner (Send Email)
Posted March 12, 2018

There are many different ways in which containers are used and enabled throughout the open-source OpenStack cloud platform. With the OpenStack Queens platform, which was released on Feb. 28, there are even more options than ever before.

OpenStack has been supporting containers for several years, beginning with the nova-docker driver in the OpenStack Nova compute project, which has since been deprecated. Among the different OpenStack container efforts in 2018 are Zun, Magnum, Kuryr, Kolla, LOCI, OpenStack-Helm and Kata containers.

Orchestration

"Zun and Magnum are at the cloud workload level," Jonathan Bryce, Executive Director of the OpenStack Foundation, told ServerWatch.

OpenStack Magnum is a project that enables container orchestration systems like Kubernetes to run as an OpenStack resource.

OpenStack Zun is an abstraction for container life-cycle management with a simple API across different container technologies.

Container Services

Looking beyond Zun and Magnum is OpenStack's Kolla project, which containerizes OpenStack services. In the OpenStack Queens release, there is also the new addition of LOCI (Lightweight Open Container Initiative).

Bryce explained that Kolla provides a complete packaging approach for each container image. In contrast, the new LOCI project takes an approach that is more aligned with the Kubernetes way of running an image, where the container itself is very small and the management sits outside of the container.

OpenStack-Helm

Going a level further is the new OpenStack-Helm project, which sits underneath the cloud to help orchestrate services. OpenStack-Helm brings the popular Helm Kubernetes package manager project to OpenStack.

Bryce explained that OpenStack-Helm provides a series of charts for different OpenStack services. As such, an organization first decides which services it wants to run in an OpenStack cloud, then executes the helm chart, which will start the services up in a Kubernetes cluster.

Container Isolation and Networking

Another container project within the OpenStack Foundation is the Kuryr networking effort. In the OpenStack Queens release, Kuryr has gained support for the Kubernetes Container Networking Interface (CNI).

Bryce explained that Kuryr has had the ability to talk to Docker's libnetwork networking interface in a direct container networking stack and then connect back to the Neutron networking project in OpenStack. That model enabled a way to have containers attached to an enterprise networking stack with all the security monitoring and appliance capabilities of OpenStack.

Now, in the OpenStack Queens release, Byrce says Kuryr can connect with CNI, which provides a pod level rather a container level of control.

"As Kubernetes may move containers around, restart or scale them, the Kuryr CNI daemon watches and configures Neutron to continue to secure those workloads running in the pod," Bryce said.

Kata Containers

Another container effort associated with OpenStack is Kata containers, which provide a micro-virtual machine layer for containers. Kata Containers is an effort run by the OpenStack Foundation, though it is not an official OpenStack project.

"Kata is sort of the compute execution equivalent of Kuryr," Bryce said.

Linking Kata Containers with Kuryr provides a high degree of isolation, according to Bryce. He explained that an organization can use Kuryr to manage the networking on the pods. Those pods can be further isolated and secured inside a Kata container.

"Kata and Kuryr create a strong container isolation story, and that's exciting to see how the tools can interact in that way," Bryce said.

OpenStack Container Services Efforts

PROJECT USE-CASE
Magnum Container Orchestration Engine Management
Zun

OpenStack Containers Service

Kolla Containerized OpenStack Services
LOCI

Lightweight Open Container Initiative

Kuryr Container Networking
OpenStack-Helm Kubernetes Package Management
Kata Containers Micro-Virtual Machines for Container Isolation

Sean Michael Kerner is a senior editor at ServerWatch and InternetNews.com. Follow him on Twitter @TechJournalist.

Page 1 of 1

Read more on "Server Virtualization Spotlight" »

Comment and Contribute

Your name/nickname

Your email

(Maximum characters: 1200). You have characters left.


 

 


Thanks for your registration, follow us on our social networks to keep up-to-date