VMUG.IT Meeting – 10 June 2017 Container and Cloud Native Application What is VMware doing in this space? Giuseppe Guglielmetti - @gguglie
Jan 28, 2018
VMUG.IT Meeting – 10 June 2017
Container and Cloud Native ApplicationWhat is VMware doing in this space?
Giuseppe Guglielmetti - @gguglie
2
Who I am
§ Giuseppe Guglielmetti• Cloud and Storage Architect, VCP• vExpert 2011-2017, EMC Elect 2015• @gguglie - it.linkedin.com/in/giuseppeguglielmetti
4
What is a container
§ An application run-time environment
§ Groups and isolates a set of processes and resources• Memory, CPU, disk, etc.
§ Share the same common kernel of the host operating system• Can also share same binaries and libraries, where appropriate
§ Very fast to start
§ Lightweight
• No GuestOS required per container
§ Sometimes referred to as “Container virtualization” or “OS level
virtualization”
5
Container vs VM
Container versus VMs
4
Server
Host OS
AppA
AppB
Container
Server
Hypervisor
Guest OS
Guest OS
Guest OS
AppA AppA’ AppB
VM
VM VM VM
AppA’
7
Docker
§ Docker the Company• Was previously a PaaS (dotCloud)• Become Docker in 2013• Developed the Docker Engine in-
house• Open sourced Docker Engine• “Guardians” of Docker Engine
§ Docker the Project• Docker Engine to build, ship, and
run containers• Open Source, written in GoLang• Community owned• Container Engine/Daemon/Runtime• Now called Moby project
8
Docker and Developers
§ Developers love Docker for its frictionless deployment and portability that makes DevOps easier
On a developer’s laptop:# docker build my_app
# docker push my_app
Then on a production server:# docker pull my_app
# docker run my_app
9
Container LifecycleContainer Lifecycle
8
docker builddocker pushdocker pulldocker rundocker startdocker stop...
10
Docker is also…
Docker is also …
9
Docker Composefor
Orchestration of multi-container applicationsClustering & scheduling
Docker Hub
Registry for storing containerimages, which could be OSimages (Debian, Ubuntu, etc) orsoftware images (MongoDB,Nginx, etc)
Clustering and Scheduling
Registry for storing container
images
Orchestration of multi-container
applications
13
Problem #1
§ Your developers want to use Containers§ As a vSphere Admin, you can offer VMs on vSphere to run
containers§ But... • The developers also want persistent, stateful storage for their container
data…how do I persist data in containers?• Docker tells us that containers are stateless – fire up the container, do some
work, throw it away. i.e. Don’t persist anything!
§ What are my options as a vSphere Admin?
14
vSphere Docker Volume Service
https://vmware.github.io/docker-volume-vsphere/Currently betavSphere Docker Volume Service
21
Enterprise grade High Performance Storage and Data services for Containers
Photon Machine
Persistent Datastore
vSphere
ContainervSphere Volume
DriverPhoton MachinevSphere Volume
DriverPhoton MachinevSphere Volume
Driver
Docker Swarm/Datacenter
vCenter
VMVMVM
Benefits:o Simple Installo Zero configurationo 100% Docker Compatible & Certified (API, CLI, Swarm)
Status:o Open source and Free!o Docker Certified.o Currently Beta. GA coming soon.
https://vmware.github.io/docker-volume-vsphere/
• Designed to meet the needs of Enterprise IT and applicationdevelopers
• Use any VMware supported enterpriseclass storage backed by vSAN, VMFS and NFS
• Support policy based management• Open source and free
• Benefits:• Simple Install
• A vib on ESXi and a dockerplugin on the VM
• Zero configuration• Docker Compatible & Certified
15
Problem #2
§ Your developers are now using Containers in VMs on vSphere with persistent storage
§ But...• They are pushing/pulling images to an external docker hub/repo
§ This means... • It is slow – an internal repo is faster• It is insecure - my company’s intellectual property is going outside of the DC• How is it protected? – is the repo “highly available” or not?
§ Now management want you to to solve this, especially the ‘Intellectual Property’ issue.
§ What are my options as a vSphere Admin?
16
Harbor
§ Enterprise-class registry server for Docker images§ Adds management, auditing, security, performance, identity and
access control § Improves transfer times• registry is closer to the build/run environment
§ Intellectual properties remain inside the company firewall§ As a vSphere Admin, you have control over who can push/pull
images§ Supports multiple registries for image replication
Harbor – Enterprise Class Registry
• Enterprise-class registry server for Docker images
• Adds management, auditing, security, performance, identity and access control
– Improves transfer times (registry is closer to the build/run environment)
– Intellectual properties remain inside the company firewall
– As a vSphere Admin, you have control over who can push/pull images
– Supports multiple registries for image replication
https://github.com/vmware/harbor
26
https://github.com/vmware/harbor
17
Standard docker registry (docker hub) Container Lifecycle
8
docker builddocker pushdocker pulldocker rundocker startdocker stop...
19
Problem #3
§ Your developers are now using Containers in VMs on vSphere with Harbor
§ But... • What are they doing in the containers?
• How much compute resources are the containers consuming? • How much storage are the containers consuming? • Which networks are they communicating on? • What ports are opened?
§ How can I manage containers in production/day #2 operations?• Monitor/Manage/Backup/Recover/Security/Auditing
§ What are my options as a vSphere Admin?
20
vSphere Integrated Containers
§ VIC was announced with vSphere 6.5 and support is included with vSphere 6.0 and 6.5, Enterprise Plus edition.
§ For Devs: Docker API endpoint (without Docker) § For Ops: Containers running as VMs in vSphere
§ VIC (through vSphere) provides visibility into resourcemanagement, networking, and persistent storage of “containers”.
§ Security and Auditing practices used for VMs can now be appliedto “containers as VMs”.
https://github.com/vmware/vicvSphere Integrated Containers
• For Devs: Docker API endpoint without Docker (there is no docker here)
• For Ops: Containers running as VMs in vSphere
• App Team and IT team now use the same abstraction
• VIC (through vSphere) provides visibility into resource management, networking, and persistent storage of “containers”.
• Security and Auditing practices used for VMs can now be applied to “containers as VMs”.
• VIC was announced with vSphere 6.5 and support is included with vSphere 6.0 and 6.5, Enterprise Plus edition.
https://github.com/vmware/vic30
23
Deployment
§ Deploy vSphere Integrated Containers (VIC) OVA § Download vic-machine binaries (for Linux, Windows and MAC)
from VIC OVA§ Use vic-machine to create VCH–VirtualContainerHost (docker API
endpoint) § Docker API endpoint used by developers to create containers (as
VMs) § Point browser at VIC OVA to access: • Harbor (for registry – storing images)• Admiral (for management/orchestration – deploying containers)
§ As far as a developer is concerned, this is Docker§ Admin/Ops have full visibility of Container as a VM
24
Problem #4
§ Now your developers are now using vSphere Integrated Containers§
§ But... • They want to be able to have some sort of orchestration of deploying
containers with vSphere Integrated Containers • They’d like to be able to use a local repository for the container images
§ What are my options as a vSphereAdmin?
25
Harbor + Admiral + vSphere Integrated Containers
vSphere Integrated Containers
39
+ +
§ Harbor for secure registry• Included with VIC
§ Admiral for orchestration• Can be pointed at a VIC container host (VCH) for rolling out containers
27
Problem #5
§ Developers have asked to deploy Kubernetes on my vSphereInfrastructure
§ But...• What is Kubernetes?
§ Kubernetes, from Google, is a popular "platform for automatingdeployment, scaling, and operations of application containers acrossclusters of hosts".
§ What are my options as a vSphere Admin?
28
Kubernetes deployed natively on vSphere
§ Available since Kubernetes 1.4.8 via native kubernetes-anywhere
§ Just download Kubernetes (which includes vSphere CloudProvider for Kubernetes)
§ Auto-deploys VMs, and associated containers, to bring up Kubernetes
Kubernetes (K8S) deployed natively on vSphere
• Available since Kubernetes 1.4.8 via native kubernetes-anywhere
• Just need to download K8S (which includes vSphere Cloud Provider for K8S)
• Fill in the blanks about your vSphere Infrastructure and then “make config”.• Auto-deploys VMs, and associated containers, to bring up K8S
44
29
Problem #6
§ You have lots of developers, all working on different projects usingcontainers.
§ I need multi-tenancy because: • Some teams want Kubernetes to develop container based apps• Others want Mesos+Marathon (from Apache) for cluster/orchestration• Others want Docker Swarm (from Docker) for clustering
§ I may potentially need to scale to 100s to 1000s of ESXi hosts ifsome of these projects are successful!
§ What options can VMware give me?
30
Photon Controller / Photon Platform
§ No vSphere/vCenter in this model. Focus on greenfield sites wherethe requirement is to deploy a “container only” application(s).
§ Deploy a hypervisor (Photon Machine aka ESXi) § Deploy a hypervisor control plane (Photon Controller) § Instantiate one or more VMs as a Container Hosts e.g. docker
swarm (Photon OS) § Run containers inside that Container Host§ Container management and orchestration is out of scope for the
Photon technologies. It is intended to be a platform for container orchestration systems
Photon Platform is the brand name that includes ESXiand Photon Controller technologies.
33
Problem #7
§ I now have Photon Platform deployed, lots and lots of ESXi hosts, but no vCenter Server.
§ Developers are using Kubernetes, Mesos and Docker Swarm. § But...• I need to provide a highly available, policy driven, persistent storage solution
for all of these frameworks
§ • What options can VMware give me?
35
VSAN for Cloud Native AppsvSAN – Hyper Convergence for Cloud Native Apps
Photon Platform
Cluster Managers
Docker Volume ServiceWorks off-the-shelf with Docker volumesPer Volume Storage Policies
vSphere Integrated ContainersDocker API CompatibilityVM-like container isolation
DevOps Focus with Photon:Native Container PlatformStorage managed solely via APIs for agile, scalable lifecycle operations
VM
vCenter Server
Primary Cluster
Photon vSAN
Primary Cluster
vSphere vSAN
VIC
52
36
Some links
§ Cormac Hogan’s blog: http://cormachogan.com/• Lots of informations about VMware approach to CNA
• http://cormachogan.com/cna/
• Main source for this preso: thanks Cormac!
§ VMware Cloud Native Apps blog: https://blogs.vmware.com/cloudnative/
§ VMware Open Source Project: http://vmware.github.io/
§ Getting Started Kubernetes on vSphere: https://kubernetes.io/docs/getting-started-guides/vsphere/