Grappling with Containers—Do We Have to Change Everything?

By Scott Drennan
Product Manager, Nuage Networks

It’s great to be coming back to OpenStack Silicon Valley for another year. This conference has been a good opportunity for the OpenStack community to get together in a smaller venue than the summits. Thanks to Mirantis for organizing it again. For those of us who have feet in both the OpenStack development and the community worlds, it’s also nice to be able to focus on just the community and the ecosystem as compared to the split brain of the summits.

The focus this year is on containers with OpenStack. Unless you’ve been living in a cave for the past year, it’s clear that containers are an important new trend in virtualization. It’s great to see the progress Magnum is making towards bringing containers to OpenStack. With Google joining the OpenStack Foundation, container progress will likely accelerate even more.

One of the key benefits of the container revolution is being able to segment monolithic applications into smaller microservices. But, this is also one of the challenges.  How do you connect, manage, orchestrate, and monitor when you increase scale by 10x or 100x?  What does that mean for OpenStack?  What does this mean for containers? Containers are also much more ephemeral than virtual machines—they can launch faster, and live shorter lives. If you’re adding and removing containers at a high rate, how well does the platform handle the churn?

Another challenge with traditional PaaS architectures is how to control connections between applications in the PaaS and legacy databases and other services. Popular PaaS systems often use NAT to permit applications to connect outside the PaaS boundary. But this makes security teams very unhappy, since their firewalls can’t distinguish between traffic to a legacy service from a permitted application within the PaaS and connections from something else. With PaaS designed to allow easy spin-up of new services, security policy gets tricky. Is this something a convergence of containers with OpenStack could help with? What other ways are there to solve this?

I’m looking forward to a few sessions in particular:

  • Craig McLuckie’s talk, “Containers: Ending the laaS/PaaS Distinction.” Craig will look at how Kubernetes and other container management technologies are bringing infrastructure and platform closer together. What is infrastructure today? What attributes of IaaS do we need to keep in a container world? What can we discard?
  • Alex Polvi’s “Containers for the Enterprise: It’s not that simple.”  Containers are a building block, and just providing the building blocks doesn’t make it easy for enterprises to deploy.  We’ll see what insights Alex provides to resolve this quandary.
  • Protecting Yourself from the Container Shakeout.” Boris Renski proposes that OpenStack could be a safe harbor from the turbulence as containers and PaaS collide.
  • Finally, “Three Things OpenStack Needs to do. Now. ” Hearing from Randy Bias about what he thinks OpenStack should do differently is always interesting.

While the session content will be great, we’re even more happy about meeting new and old friends in the OpenStack community. See you on August 26-27!

Nuage Networks VSP provides highly scalable virtual networking with sophisticated policy across multiple platforms, including OpenStack and Docker. We delivered support for Docker and Mesos earlier this year and demonstrated deployment of 100,000 containers with full network connectivity and policy in under 15 minutes. Customers are deploying Docker alongside OpenStack and CloudStack, with Kubernetes and OpenShift support coming soon. Enabling common networking and security policy for containers, VMs, and bare metal servers gives flexibility for application developers to place workloads where they fit best.

Image by Todd Morris.

Leave a Reply

Your email address will not be published. Required fields are marked *