OpenStack recently demonstrated software at the OpenStack Summit in Vancouver that will allow cloud operators to offer Containers-as-a-Service as a managed hosted service.
Called Magnum, it is a multi-tenant Containers-as-a-Service designed for OpenStack that combines OpenStack, Docker, Kubernetes, and Flannel to produce a containers solution that works like other OpenStack services. Magnum exists not to provide a better kind of container or to reinvent the wheel, but to make current container technology and tools work with OpenStack as well. Magnum officially joined the OpenStack project list in March.
The OpenStack Containers Team developed the API service to make container management tools such as Docker and Kubernetes available as first-class resources in OpenStack. Application containers have distinctly different lifecycle and operations than Nova (machine) instances. In the same way that project Nova provides plugability for hypervisors, Magnum does the same for containers.
Magnum offers a choice of Container Orchestration Engines to deploy and manage containers in arrangements called "bays." Currently, Magnum is using Swarm and Kubernetes for clustering, with others expected in the future. Using a modular architecture, it's easy to unplug and switch if the prevailing technology shifts.
“It provides them a way to future proof their bet,” said Otto. “If we don’t provide a solution for extracting, they either need to wait and see, which is bad, or fork out ahead of time - also bad.”
Cloud and containers are increasingly built around the idea of interconnection of services and this is leading to a standardization of parts.
Magnum shares its name with a type of gun, and a historical manufacturing progression with the cloud.
"There was a time when gun manufacturers and car manufacturers moved from handcrafting to standardized parts and assembling," said Van Lindberg, VP of legal at Rackspace and an OpenStack board member. "It became about speed of production. Cloud architectures are increasingly built around the idea of standardized images, containers and parts, in the service sense. We're getting to the place where we’re starting to not hand create."
While the containers' story has largely focused on making developers' lives easier by packaging dependencies along with an app so it just works anywhere, another big driver for adoption is overall efficiency. Otto believes that containers will bring another order of magnitude in terms of efficiency, comparable to what virtualization did in the 2000s. However, containers are a complement, not a replacement to virtualization, he stressed.
The ability to create an encapsulation that makes it portable with all the dependencies attached solves a very important operational problem, said Otto. With complex applications, by the time you deploy into a production environment, many times it doesn’t work – this is caused by “environmental drift”. Containers solve the problem by eliminating a lot of overhead.
Containers make it so what you move around is smaller, meaning better operational efficiency: no more unnecessary repetition of a common stack, or operating language, and so on. For organizations that have hundreds of different applications, this adds up significantly.
“In cloud today, 80 percent is similar from customer to customer. There’s no need to carry that around; that can be another level of commonality," said Otto, adding that containers are not a security isolation instrument, while hypervisors are.
“Containers are convenient, but not a security barrier,” he said. “They can be arranged in more secure ways but only if you know what you're doing. Containers are not a replacement for virtualization.”
The OpenStack Containers Team was founded around the same time as the OpenStack Atlanta Summit last year. The Magnum project is diverse, with 18 companies contributing more than 100,000 lines of code and 1,800 patch sets. “It’s a very active project by any measure and speaks to the excitement around bringing the functionality to users,” said Otto.