 Good evening and welcome Okay Yeah, all right. Welcome to our talk on open container technologies and open stack That'll do it We have the technology wonderful. I don't want to go to the bathroom with this and have that be on Okay, welcome to our talk on open container technology and open stack So we're going to cover Kubernetes the open container initiative and CNCF and how those Integrate those technologies integrate with open stack as well as the larger container community So before we get started how many people here have heard of the OCI? Okay, about a third and the CNCF About a quarter and anybody using Kubernetes right now In production That guy welcome well done Okay, so I'm Daniel crook. I work for IBM as a senior software engineer Partner hands-on with customers to do POC based on open source technology Docker and containers, of course an open stack, but also cloud foundry and a new serverless framework that we have called open whisk My colleague Jeff I'm Jeff Borek and I work in Open source. I've been doing that for about a decade now and For IBM I've been Working in Linux originally and then most recently in cloud before my current role in open technologies and partnerships And I'm Sarah Navani. I work for Google and my focus has been open source communities for the last 10 or 15 years I run the open source community side of Kubernetes We go Okay, so today I'm gonna give you start off with a level set just on container technology why it's so attractive and Some of the companies organizations that have been part of it in the past and and hopefully into the future as well we'll look at how that container technology integrates at several layers of open stack and particular how it how it supports Kubernetes and Then we'll look into the open container initiative itself as well as the CNCF to see how those are defining standards going forward for container technology and Then tie everything together at the end and And we'll learn more about the the Kubernetes say special interest group within the open stack community Okay, so container technology today in 2016 It's become very attractive For many different reasons a lot of folks are now able to use it in production take advantage of the benefits that it has So containers they're able to provide process isolation on On a host and also limit access to other resources The networking the storage the compute resources They are logically similar to virtual machines But they are much more efficient because they share the host kernel of the underlying operating system and they avoid any of the Translation needed by a virtual machine that might be running on top of hypervisor So basically on the left You've essentially cut out the middleman of all the extra software on top of a host The other key benefit since that makes systems generally more efficient is that you're able to now package applications package services into a self-contained image that can That can capture all the dependencies and really strip out what you need to have installed on the underlying host system That's running your containers. So provides a very clean separation, which is great for developers We're building the services or open-stack developers creating any of the services themselves Packaging those into something and deploying it not only on their own workstation But out to any deployment environments that they they have So of course, there's you know, this this makes it super efficient to run them makes them very portable There are some trade-offs that I won't get too deep into But one way I've I've used to describe it is if you have you know a need for housing as a person You can choose to buy a house get the whole property Get your own electrical system get your own plumbing or you can rent an apartment Which may be more efficient may be cheaper for a short-lived stay that you have in a city versus a longer, you know buying a house So you can rent an apartment, but you might have that shared resources of if the plumbing or electrical system goes down in that Whole apartment complex. You've got the shared problem there. So that's basically the analogy of the trade-off there So that's where we are today with containers over the last 17 even longer years Container technology itself has been evolving lots of great ideas lots of trends have been coming together with that technology So going back to 1978 1979 with CH route Isolating where the file system starts what access you might have there free BSD 17 years ago extended that to other resources on free as previous unit Unix and Linux took those ideas tried to port them over shortly after unfortunately that required quite a bit of Extra work to take advantage of that feature You had to recompile the kernel and a lot of folks who were using distributions didn't really have the the The ability or the desire to do that separately outside of Linux again, so Larry start to bring the idea of not only having the isolated resources on The compute node, but also a way to package those in snapshots Unfortunately, it also required a slur a specific system the ZFS the Z file system So a couple years go by and Google Takes a different approach that doesn't require recompiling the kernel Using features that are already in the operating system, which really started to make containers more usable and Red Hat then built on that innovation adding Support for username spaces allowing you to have root privileges within containers, but now that not outside of the system so adding some nice security isolation and IBM we then provided some tooling that made it a little easier to use those features that are now in the system And basically provided some tools around c-groups The process containers and the namespacing, but really what made containers hot three years ago a startup called Docker Built some developer-friendly tooling to take advantage of how you run those containers and also how you package them efficiently To really take what was already there in the system and just bring it to a larger audience So there's been a lot of innovation in the past with containers And again, it's the future with the OCI and CNCF that we'll cover a little later Hopefully it's a continuum with a lot of innovation being added to the platform Okay, so containers an open stack. They're not just in one area or another Because of all those benefits You know the ability to build and use fewer resources deploy things faster test things faster They made their way into a lot of different projects So one of the first places if you if you take that analogy of a virtual machine and a container They showed up in Nova. That's just another compute asset that could be plugged into Plugged into Nova that can be treated as basically an image an instance on a compute node Heat then provided a way to support those those type of compute resources so you can deploy groups of containers And more recently Magnum has provided an abstraction layer to run container orchestration systems on top of OpenStack For OpenStack itself, it's also a Distributed application that has a lot of services. So the COLA project has now been able to Containerize the under cloud. So Magnum lets you run containers on OpenStack COLA lets you deploy OpenStack itself Marano provides a package catalog and Of containerized applications to run on clouds and currier takes the Neutron networking model and maps that to containers You have kind of a common interface between your virtual machines your bare metal nodes and your containers Okay, so I'll hand it off to Jeff to talk about the open container initiative so we saw earlier that quite a few people at least had some familiarity with the OCI and it was announced by Solomon Hakes at the docker con event middle of last year 2015 I'll go back a little into the history behind it But the most important thing about the OCI from my perspective Is that it's really all about governance at the end of the day because Open source is great, and I think safely say that everyone here to varying degrees is a large open source fan But the license is only one element of an open source project and At IBM we like to talk about code community and culture and the innovation that the Docker crew introduced is Very significant in that it makes the container technology much more easy to consume and That's about the time. I got involved with actually Docker. It was a early in 2014 I was at an open stack summit. In fact, it was the one down in Atlanta and there was a huge buzz on the Expo floor about this new company that had just sort of had a near-death experience and had done a bit of a pivot and And they were now calling themselves docker and they had a open source project there was also called docker and How was this going to have an impact and well it was going to make containers and much more Accessible or easier to use by your typical application developer or system administrator but An open source license again just puts the code out there The real question is, you know, how does a fundamental technology like that? Get shared by a community so that it's really a level playing field and many different companies and organizations have free access to it and As you see up on the slide here one of the key points is it's not tightly associated With any one single company It's also important that This type of project or this type of technology Have an open governance structure and is associated with an organization That can help bring it forward In a long-term, you know stable and meaningful way so You can see by this next slide When this was announced There was about half a little less than maybe a little bit more than half of the current companies are involved So this has continued to be a very important element of the ecosystem as the OCI has evolved over the last little over a year now and We talked a bit about Docker earlier in this session, but going into it even a little bit further. I was involved with Docker in officially in 2015 because I was proud to be part of the Open-source steering committee. In fact, I was asked to help share that for a period of time But as we moved forward it became really, you know in a parent, especially when there was some conflict in the community Because of this issue of well, how do we separate, you know, Docker the project from Docker the commercial entity? And how do we, you know, achieve clarity around that and Who gets to decide, you know, what's actually in the spec and the code associated with it and other interesting questions to in terms of like Should this be based on, you know, the code or should you know, this should the spec lead, you know What's the right approach to take here? so How many of you are familiar with core OS? I know they're here at the expo hall. So Through conflict They actually helped act as a bit of a catalyst because it it furthered this dialogue within the community about You know, what's the right thing to do here? You know, what's what's a fair way to help move this technology forward and still give the creative people at Docker their do with respect to the new thinking that they brought to the model So I was really personally, you know, totally excited when Solomon announced the contribution that they were willing to make to start the OCI and You can see by this next slide That's it's evolved even since that announcement was made about again a little over a year ago In addition to the Docker engine The secondary format the format specifications also been introduced To help bring portability to the OCI concept, but it's also important that the OCI Doesn't expand too broadly, right? I mean the whole idea is to try and using the shipping metaphor Establish the boundaries of what a container is how to make it portable how to make it interoperable but not have scope creep go to the point where this starts to get into a higher-level thinking around automation and orchestration Because one of the other key elements of trying to get this right and it's a very delicate balancing act is that you know Standardization is great because it allows everyone to participate in a meaningful way And it can help make markets But if you extend it too far and you lock things down too much it can actually get to a point where You might stifle innovation or prevent some other new innovation from coming into the marketplace in a meaningful way just a quick look at You know who's participating because there's been a lot of things in the news if you follow this closely and Hopefully most of you haven't because there are lots of interesting things going on But there's been some friction even after this announcement was made which was intended to eliminate some of the friction again over a year ago but to Docker and Coro s and red hat and other people participating to their credit this effort has moved forward consistently over the last 18 months and you'll see both the 1.0 version of the specifications for the engine and the Format come out Later probably I'm gonna say before the end of November. I thought we might have been done by now But we're still working through some of the details on it, but you can see on this slide that Red Hat Docker and a Whole host of companies from a wide variety of perspectives has been contributing into this initiative and You're going to see other things happen. I think over the course of The last quarter of this year and even into the first half of next year around this space to try and help You know keep this technology moving forward The last thing I want to say about the OCI is just a reminder about this attempt to keep it focused and Not have the scope expand too far because there's a complementary organization that was announced about the same timeframe and It's all about this concept of cloud native and to transition into that thinking I want to just mention that When it comes to you know cloud native computing It's really trying to take advantage of this whole paradigm of Well application development has been done in this traditional way and we've all heard of dev ops, but When you can truly move to a new era where cloud computing is going to enable Technology on demand. How do you take advantage and rethink the way? Applications get developed and how that infrastructure that highly scalable infrastructure Runs and orchestrates those container technologies Jeff and I work together on both the OCI and the cloud native compute foundation As you mentioned the cloud native compute compute foundation was announced about the same time that the OCI was I believe that it was June for the OCI at docker con and at oscon in 2015 for the cloud native compute foundation Jeff also mentioned that you want to very carefully scope what a standards body Tends to work on because boiling the ocean and making your scope too big Makes you not move forward very quickly so the cloud native compute foundation focused on the broader picture, but not specifically the standards so the cloud native compute foundation has focused on container packaged Dynamically managed and microservice oriented architectures for applications one of the pieces of the cloud native compute foundations Stack the application architecture that it has developed is consuming the OCI standards of Tooling like docker and rocket or app C and run C It's not hard to imagine a space where we all want portability We will all want the ability to move our applications and avoid vendor lock-in which used to look like vertically Integrated stacks from a single vendor now. We're seeing questions of cloud lock-in meaning public cloud lock-in or a specific set of services in the public cloud and Just as the OCI wants to make sure you have Opportunities around containers to choose the container that bets best fits your application and allows for greatest innovation around container architectures and container systems The CNCF wants you to be able to have cloud portability So we tend we have gone ahead and built an architecture that we use an end user architecture that we use to think about The different projects that the cloud native compute foundation has brought into it So when the cloud native compute foundation was announced in July of 2015 It was announced as part of the kubernetes 1.0 announcement as well the idea was Google and kubernetes wanted to We're Google wanted to bring kubernetes to an open source world Where there were options and opportunities for people to Contribute well outside of Google and one of the big challenges that we had was people were concerned that Google might abandon the project So instead of choosing to make a kubernetes foundation We chose to talk with the Linux foundation and bring this broader cloud native architecture Encompassing the application definition and development space orchestration and management where kubernetes exists Runtime which is the actual consumption of the OCI standards as well as some provisioning tooling around what instrumentation to provision Your cloud applications exist infrastructure and bare metal is outside of scope, but you got to put this somewhere So the cloud native compute foundation to date has accepted three projects through our incubation process kubernetes being the first and That was donated by Google to the cloud native compute foundation in order to bring forward The view that it's an open community Prometheus is a toolset that allows monitoring of Cloud native applications and spends its effort on instrumentation and visibility into those applications Open tracing is more on the instrumentation side These are all three projects that are in incubation within the cloud native compute foundation and the cloud native compute foundation is governed Because as Jeff said governance is an important part of Open source. They are governed Independently as projects, but with an oversight board of the technical oversight committee The cloud native compute foundation took a lot of lessons from open stack. We're all here because this is an open stack Summit There were many things that we saw that open stack did very very well and we tried to take and emulate some of those We also tried to make sure that In being open and in being engaging with our community, we tried to also give some governance around that But since we're talking about open stack and because kubernetes is my well Let's call it my current love of open source. I want to talk about how kubernetes and Open stack are working together There are a lot of ways there are several projects that we heard from in Dan's portion of the talk and Those specifically are happening most of them are happening inside the open stack community There is also work that is happening inside the kubernetes community through the kubernetes Special interest group open stack. So if you search for kubernetes sig open stack That's the place that you're going to find most of the people who are interested in integrating the two different infrastructure frameworks Now I'll go through the ones that Dan mentioned quickly as well because there are two ways Well three I'll get to the third minute. There are two ways primarily that we see open stack and kubernetes working together The first is making sure that open stack is a first-class cloud provider For anyone who wants to run kubernetes If the goal of kubernetes is to give you container packaged applications that are independent of your cloud provider Then open stack has to be one of those clouds. We have a special interest group for AWS We have a special interest group for Azure. We have a special interest group for open stack Now many of the ways that that tooling for the first-class cloud provider exists outside of kubernetes is through these different projects inside the open stack community morano courier heat and Magnum and those all allow for Kubernetes to be deployed on top of open stack What our sig open stack is working on is trying to make these projects be more efficient and make more use of native kubernetes tooling apis and Not have to work around limitations of kubernetes Through your projects, so it's making sure that we're giving feedback to kubernetes as the upstream Who has to have open stack as a first-class cloud provider? The second way that we See open stack and kubernetes play together is actually the reverse So the first was kubernetes on open stack And then there's a very large group of people who are working at the containerized Control plane of open stack on top of kubernetes And there are a few projects cola being the one that is most directly Inside the open stack community at this point stack in eddies is something that core OS has been working on and fuel CCP is the project that Morantis has been working on now each of these Each of these different opportunities or each of these different projects have given a different opinionated way To run open stack on top of kubernetes or the control plane of open stack on kubernetes Allowing that control plane to manage a separate cluster independent of your kubernetes cluster That has VMs. So this is for the world where we presume containers are more the future But VMs are something that we will need for a very long time kubernetes and open stack are going to be something that our enterprises work with for For many many years. I don't think there's any reason to see us as in competition the third way that I mentioned is actually another way that That IBM has been working on which is using a neutron underlay network and then running independently Open stack and kubernetes on clusters that share the neutron underlay So there's a third way all of this work is Happening inside the special interest group open stack So if you have any interest in kubernetes or containers or open stack and kubernetes more specifically Come take a peek and see the work that's being done. Please share your ideas Share your pain points share the ways that you would like to see kubernetes evolve to either Improve the idea of open stack as a first-class cloud provider within kubernetes or To evolve as a way that kubernetes can run better as an application on open stack as I said, we took a lot of our cues from the governance of open stack Which means that our special interest groups actually have a fair amount of independence and power themselves to help make changes and This is the best possible way for you all to give us feedback engage with us as Either users or consumers of kubernetes or as someone who might be interested in making any sort of contributions So we have the closing Right, do you want to just do the last yeah, and then we'll then we'll take questions after the last slide Okay, so yes to summarize so take that container technology. It's not new. It's been evolving for the last 16 many years beyond that before that if you count CHRUD as well it's going to continue to evolve with the OCI for the container standards and packaging format and of course through the CNCF for Deploying large clusters and applications based on containers So containerizations used throughout open stack many different places You can probably expect it to show up in any new projects that enter the big tent or the larger ecosystem But it looks like kubernetes is kind of becoming the de facto standard way to do that to deploy groups of services and Just as the open stack foundation governs the API's around compute storage network API's We expect the OCI and CNCF to do the same thing around the container to technology itself So again, these things are moving fast lots of companies involved So if you have a stake or if you have an interest or technical skills, please get involved with the OCI CNCF and Kubernetes community So now we've got time for questions because we thought you might all have some And this is the fun part where you get to ask the challenging slash awkward slash I wonder I wonder if I can get them to cringe if I ask this question question so And why we have one already can you step up to the microphone? Oh, they're all makes excellent the third way I can elaborate very slightly But what I can do is suggest suggest that the third way is discussed most in the Kubernetes sing networking because that's where most of the changes that are necessary to have Kubernetes and open stack run on top of a shared neutron network So I can't elaborate deeply. I haven't tracked it that closely But I know that there is work to have The two of them run in parallel on top of the the neutron network So apologies, I can't go much deeper than that, but I can tell you where to find more info other questions So while you're thinking of those other challenging questions, I thought of one myself for Sarah don't run away So in some open-source communities, there's this concept of a BDFL a benevolent dictator for life And I was wondering, you know, is there a BDFL for the CNCF because you know, they could come up with some more acronyms So I volunteered for that position Nobody took me up on it so There is not the concept of a benevolent dictator for life within the cloud native compute foundation the cloud native compute foundation was actually Conceived very much more like the US government model with a three houses of governments So in the US, we have our Senate and House of Representatives We have a judicial branch, so we have a legislative branch a judicial branch and an executive branch in the cloud native compute foundation The idea is that we have a technical oversight committee who are luminaries from the industry broadly across work that has been done in containers in cloud native architectures we have a Governing board which is more based off of people or Companies that have supported the cloud native compute foundation which does handles the business side of this Foundation and then we have a third group which is being formed Which is the end user board and that is the user voice into this group So we want to make sure that we are hearing people and companies who are focused on cloud native architectures and want to hear their pain. So the idea is to make this a Balanced governance model. There's not a benevolent dictator for life Though as I mentioned each of the projects have their own models of governance And I can also answer that there's no benevolent dictator for life and kubernetes kubernetes has a Has the concept of or is discussing the concept of an oversight committee or an oversight council called the elders I'll just remind folks. There's a mic over there and Sarah if you want to So is there a clear vision being led by an Individual or a group for the cloud native compute foundation or for kubernetes. Is that your question? More or less. Yes. Okay So for the cloud native compute foundation, the technical vision is being guided by the technical oversight committee with input from the The user board as it gets formed and the governing board as as it stands handling the business side For kubernetes. This is part of our transition from being a Google led project to being a community led project So for the first year of the project that was very much held by the technical leads inside Google and Had a clear they had a clear vision they worked on that and they brought it forward with the 1.0 release in 2015 at Ozcon After we brought it for brought it out into public and we wanted to make sure that there was a very much and Open and inclusive community in this we've struggled a bit trying to figure out how to manage that vision Making sure that we don't have too many voices or or being led too much by The broader the broader community in the sense of people who don't have that clear vision set up So there is a document that was written early on called what kubernetes is not Which is the standard that we look at so it's not a platform as a service It's not you know it goes through a list of a few things that it's not and that gives a couple of things That gives us a nice open space in the ecosystem for partner organizations to participate They know these are things that that kubernetes is not intending to cannibalize But it also gives us a reference point when we came up with the elders council The idea was having pushed much of the decision-making to Specific groups that had technological focus so networking or node when we pushed those The decision-making closer to those groups that were verticals We found at some of the interfaces we had technical disagreements and the elders the idea is people who have been with the project a while represent a broad swath of the community Recognizing support and push forward that technical vision So it's again sort of a supreme court To use the metaphor again someone a group that can weigh in with an opinion and say this is the way We're going to do it based on that technical vision question the Of the direction of the vision just on the plane to Barcelona. I finished reading the news tag article about the CRIO Where the goal is to abstract away what we currently have and container technologies base all of that on OCI? specifications because currently we have Kubernetes running on Docker and we have rocket neat is running on rockets But we don't have the possibility to do to to both at the time or or just say okay There's going to be a third player that's Implements the specifications and we can just plug and play that and remove that and take another one with Maybe the performance of one container engine is better than another one And I just want to play with that is this division where where we want to go with with all of this this so there so CRIO is a Implementation of CRI, which is the container runtime interface so CRIO is the OCI Implementation of that so the idea is that CRI is the shim That gets you from Kubernetes to whichever runtime you choose so CRIO is the OCI version We see a CRI rocket at some point We see a CIR CRI Docker at some point and that then gives you the API Surface to plug in whichever container engine you could choose Yep, great question. I alluded to that a little bit during my portion of it And I think you're going to see some other interesting Wrinkles come up as people look at different facets of trying to address this as we go into next year The only constant is change Next question So one question from practical side What's the plan of the OpenStack community to make containers the first-class citizen because right now to me it looks like you know when you deploy containers you still in Magnum you still have virtual machines in between and This is something for me like a grown solution because I would expect that containers are some sort of first-class citizens within OpenStack Want to take that one I was gonna say I can answer from the Kubernetes side, but go for it. No, that's okay So in my world in the future where I get to decide things Kubernetes launches OpenStack control plane and then you have OpenStack managing its cluster for VMs And you have Kubernetes running its own cluster for Containers now there's certainly a space With many of the projects where you are projects inside OpenStack right now where they are running They are actually running Containers on top of VMs now, which I think is your point Why would you can run a VM and then run containers on top of that? So the way that I have seen that work so far is to sort of separate them either with the third way IBM's Two independent stacks or with Kubernetes launching the control plane for OpenStack I have not seen any work Please correct me if I'm wrong that yet says here is a cluster for containers that OpenStack can manage by running Kubernetes in its other space No, but I believe there's integration with with ironic So I would cut out a bit of that overhead. Okay, but I don't know what the current state of that one is Yeah, cuz Cola still is launching containers on top of VMs, right? Yes. Yeah, okay So the answer is we don't know yet actually the demo today showed I think that they're now able to do that a bare metal to The keynote may have shown today that they can launch containers on bare metal So I get to live in a new world. We deploy OpenStack in containers on bare metal we We struggle a lot and I'm sorry because OpenStack is not that easy to containerize a lot of things don't work as Expected in a container world so I'm I'm asking myself who is bringing the container requirements into the OpenStack applications because applications that just hang because a rabbit in queue is not there is not that container friendly. Yeah, it's like I Think that there is work being done between the two communities to make sure that The at least I know many of the contributors to Kubernetes SIG OpenStack are trying to feed back into the OpenStack Projects just exactly those requirements now specifically around containerizing OpenStack or OpenStack as a control plane the work that Marantis and core OS have been doing are the two those are the two groups that I know that are they're spending the most time trying to improve the work or Improve the projects inside OpenStack that would be containerized to run that So I don't know that I have a very good answer other than we're working on trying to make communications better in both ways And we hope to be back here in six months and talk about the progress. Yeah I was gonna say is there such a thing as special interest groups Do you need a special interest group Kubernetes to try and or to special interest group containers to try to containerize more of the Projects or the projects are all pretty siloed in OpenStack governance, right? Yeah, okay Any more questions We're just about out of time But in addition to this project, what else is Google doing in open source? Can you mention a couple of other highlights? Oh, I'd be happy to Because as I am working on the Kubernetes community as my primary focus. I'm also helping more of the Google Cloud Open source projects and there are three other ones off the top of my head that I can think of and I'm helping them work on Their community engagement as well. So TensorFlow, which of course is the Is the machine learning tool set and neural network tool set that exists coming out of Google That team is working on and trying to build an engaged community that makes use of machine learning models There is Apache beam, which is the Google Cloud data flow Version that has been open source. So it's out in the Apache project They've made a very different choice than Kubernetes did and then there is also gRPC Which brings us a an underlying communications mechanism including things relating to Protobuf and getting communications between cloud different different cloud architectures gRPC is actually one of the projects that just got pitched to the cloud native compute foundation as well So that may end up in that in there as well Good answer for a question. You didn't even know was coming. I didn't even know but Google and IBM are both also working in a emerging community around the concept of an open API initiative and It's based upon the swagger project. How many have heard of swagger? so Taking that project from a single BDFL towards a more open governance model is something that Both Google IBM and others are collaborating on and if you want to find out more about other open source projects that IBM Is originating you can check out developer works open It's a website where you can find out some of the latest projects an example of one that was on Developer works open earlier this year as the IBM open blockchain project and that graduated About mid-year into the Linux foundation as the hyper ledger project So lots of interesting things happening in open source. Thanks for joining us for today's session If you have any other questions come on up front and see us. We'll be right over here. Thank you