OpenStack Services Docker All The Things and Kubernetes and Atomic OpenStack Summit Paris, November 2014 @brentholden @jameslabocki Agenda The Problem Current Solutions Tomorrow’s Improvements Demonstration A Thing of Beauty The Reality All Infrastructure Platforms Face This Problem != All Infrastructure Platforms Face This Problem And Developers Lives Aren’t Easy Either Reproducible Environment Separation between Operating System and Application Description of Deployment Pattern w/o lots of code Current Solutions Present Solutions - Build Based + Config Management Inefficient Difficult Workflow State Machine Decision Engine Configuration Management Content Repository OpenStack Service A OpenStack Service B Operating System Operating System Lifecycle Management Tools Bare Metal Bare Metal Workflow State Machine Decision Engine Configuration Management Content Repository OpenStack Service A OpenStack Service B Operating System Lifecycle Management Tools Slow Deployment Workflow State Machine Decision Engine Configuration Management Content Repository Lifecycle Management Tools Bare Metal OpenStack Service A OpenStack Service B Operating System Packages Bare Metal Present Solutions - Image Based + Declarative Image Builder Still Difficult OpenStack Service OpenStack Service OpenStack Service OpenStack Service Deployer Operating System Operating System Image Image Repository Bare Metal Image Builder Expensive (updates) OpenStack Service OpenStack Service OpenStack Service OpenStack Service Deployer Operating System Image Repository Operating System Image Bare Metal Tomorrow’s Improvements What If … Isolated, lightweight, and portable Pre-integrated Easily describe run-time relationships Run on something thin and easy to update What If … Isolated, lightweight, and portable Pre-integrated Easily describe run-time relationships Run on something thin and easy to update What If … Isolated, lightweight, and portable Pre-integrated Easily describe run-time relationships Run on something thin and easy to update What If … Isolated, lightweight, and portable Pre-integrated Easily describe run-time relationships Run on something thin and easy to update What If … Develop locally and run in production with less friction Isolated, lightweight, and portable Pre-integrated Easily describe run-time relationships Run on something thin and easy to update Docker Isolated, Lightweight, and Portable Virtual Machines Linux Guest Linux Guest Application Binaries Libraries Application Binaries Libraries Application Application Application Application Containers Binaries Libraries Libvirt/KVM Linux Linux Server Server API (Docker) ● Develop ● Build ● Push ● Enjoy! Kubernetes Container Scheduling Traffic Minion kubectl (user commands) Docker cAdvisor Kubelet Pod Authorization Authentication APIs Scheduling actuator REST (pods, services, rep controllers) Pod Pod Container Proxy Container Container Container Container Container Kubelet info service Minion Docker Scheduler Scheduler Master Components Replication Controller Distributed Watchable Storage cAdvisor Kubelet Pod Pod Container Container Proxy Pod Container Container Container Container Kubernetes Container Scheduling + Easily describe run-time relationships Imperative service mongod start Declarative { "id": "mongodb", "desiredState": { "manifest": { "version": "v1", "id": "mongodb", "containers": [{ "name": "mongodb", "image": "dockerfile/mongodb", "ports": [{ "containerPort": 6379, "hostPort": 6379 }] }] } }, "labels": { "name": "mongodb" } chkconfig mongod on mongo --host controller --eval ' db = db.getSiblingDB("ceilometer"); db.addUser({user: "ceilometer", pwd: "mypassword", roles: [ "readWrite", "dbAdmin" ]})' …. } Atomic Run on a thin and easy to update OS Application Libraries `rpm-ostree upgrade` SELinux `rpm-ostree rollback` Logging Network Docker + Host How does it change your life? Developer Workstation(s) Docker Docker Git Kubernetes Kubernetes Puppet Chef Linux Box Linux Box Vagrant Vagrant Libvirt/KVM Virtual Box Linux OSX Commodity Hardware Apple Hardware From Development to Operations Test/UAT/Prod GitHub Docker OpenStack Registry OpenStack Service OpenStack Service Vagrant OpenStack Service Linux Box OpenStack Service Puppet Docker Docker Docker Docker Libvirt/KVM Linux Commodity Hardware Kubernetes Atomic Atomic Demonstration Time! Demonstration - Operate Registry 1. Quick Tour of Kubernetes GlanceRegistry Docker Docker kube-api-server kube-scheduler kubelet Fedora (Master) cadvisor Fedora (Minion) OpenStack Kubernetes Cluster Fedora Workstation kubectl Docker Kolla Images kube-proxy kolla.git clone # ./tools/start Kolla Images Pod Keystone 3. Deploying all the OpenStack services Glance-API 2. Deploying a Pod/Service for an OpenStack service Challenges External Connectivity Multi-Host Networking Privileged Containers Run-Time Configuration Persistent Storage (for Services and Exposing Cinder) Monitoring Early Days for Kubernetes Communities https://github.com/docker/docker https://github.com/GoogleCloudPlatform/kubernetes https://github.com/projectatomic/ https://github.com/openshift/origin-server https://blueprints.launchpad.net/kolla/ https://github.com/larsks/heat-kubernetes Design Summit Session for Kolla Tuesday November 4 17:30 - 18:10 Duffy (Le Meridien) Read the notes :) Slides @ www.allthingsopen.com Neutron L3 Networking Review Source: http://docs.openstack.org/havana/config-reference/content/under_the_hood_openvswitch. Container Networking Difficulties Stock Docker Configuration Host PID NS Container A PID NS NET NS Container B PID NS NET NS NET NS Container Networking Difficulties (2) Host eth0 Linux bridge (docker0) Stock Docker Configuration /bin/ bash Container tap (eth0) veth veth Container Networking Difficulties (3) Host eth0 Linux bridge (docker0) Stock Docker Configuration tap (eth0) veth veth Container Networking Difficulties (4) Stock Docker Configuration Host eth0 Linux bridge (docker0) L2 Agent tap (eth0) veth veth L3 Agent veth tap (eth0) veth Container Networking Difficulties (4) Stock Docker Configuration Host Linux bridge (docker0) eth0 L2 Agent tap (eth0) veth veth L3 Agent veth tap (eth0) veth Container Networking Difficulties (5) Kubernetes Docker Configuration Shared Network NS PID NS Container A PID NS Container B PID NS NET NS Kubernetes Pod Host Container Networking Difficulties (6) Kubernetes Docker Configuration PID NS eth0 veth veth tap (eth0) Container A PID NS tap (eth1) Container B PID NS veth veth Kubernetes Pod Host Linux bridge (docker0) Shared Network NS Container Networking Difficulties (7) Kubernetes Docker Configuration PID NS eth0 veth veth tap (eth0) L2 Agent Container neutron l2-agent tap (eth1) L3 Agent Container (Privileged) neutron l3-agent veth veth Kubernetes Networker Pod Host Linux bridge (docker0) Shared Network NS “If I had an hour to solve a problem and my life depended on the solution, I would spend the first 55 minutes determining the proper question to ask, for once I know the proper question, I could solve the problem in less than five minutes.” Albert Einstein