This week at OpenStack Summit Vancouver, we demonstrated new software from the OpenStack project Magnum, which allows cloud operators to offer Containers-as-a-Service to their cloud users.
Containers are hot today, and a crop of new open source projects have surfaced to bring this exciting technology to users. Among them: Docker, Kubernetes, Apache Mesos, and numerous others. All of these new choices make it hard for cloud operators to decide which approach might be right for them.
While thus far, few of us have a clear answer to the question ‘What’s your container strategy?’, Magnum makes this question easy to answer by offering a choice of Container Orchestration Engines to deploy and manage containers in arrangements we call ‘bays.’
We currently offer two Bay choices: Kubernetes and Docker Swarm. Both are open source and come from collaborative development communities. Which will customers prefer? We don’t know yet. By integrating our clouds with Magnum, we can easily offer new bay choices as they are contributed and become popular, making decisions about where to focus our product development much safer.
Magnum differs from most container orchestration systems in that it integrates with OpenStack infrastructure services directly, rather than re-implementing solutions to problems OpenStack has already solved.
These integrated services include Keystone (Identity), Heat (Orchestration), Nova (Compute), Glance (Image Service), Cinder (Block Storage), and Neutron (Networking). All of Magnum’s containers run on Nodes that come from Nova as compute instances. This gives cloud operators a future choice about what type of instances to use for running and isolating Containers.
These might be virtual machines, bare metal, or even container instances inside which you can run Magnum bays and containers. One key advantage of being closely integrated with Keystone is that any cloud user who already has account credentials for an OpenStack cloud can use them with Magnum to create containers using tools and APIs that are just like the ones they are familiar with for using OpenStack.
OpenStack is a multi-tenant software system, meaning there is one installation of control system software that provides an access controlled view for each individual tenant, so they only see and have access to the cloud resources they create. Until Magnum, all prevailing container management systems were single tenant, meaning anyone with access to the system could view and access everything in the system, regardless who created it. Magnum offers multi-tenancy for containers by leveraging all of OpenStack’s existing multi-tenant features, and extending them from the bottom up, so every layer in the system is properly isolated. That means containers can be offered even in public clouds, with the same level of isolation we enjoy today with virtual machines allocated to different tenants.
Rackspace is proud to lead the Magnum project, which has been built by a growing base of 40 engineers from 18 different affiliations. This collaborative development is another feature of Magnum that reduces the risk of selecting it as a central component of your container strategy.
You don’t have to worry about a startup company possibly going out of business, or a corporation changing product strategies. You can count on Magnum to continue as a collaborative effort immune to any participant departing. Although Magnum is still new, the progress and velocity we have enjoyed in recent months has been impressive. We expect that we will begin to see production uses of Magnum by the end of the Liberty development cycle for OpenStack, which will conclude in fall 2015.
We are certainly looking forward to that!