November 21, 2018
By Mr Ji Wei
OpenStack is a mainstream open source cloud management platform, aiming at providing rich cloud platform services supporting easy implementation, large-scale scale-in/out and unified standard. Hundreds of global famous enterprises are operating businesses based on OpenStack to reduce costs and act faster. Zun is the component of Openstack to provide container management service, established in June, 2016.
What is Zun?
As the component providing container management service, Zun allows users to rapidly start and operate the management container without the participancy of management server or cluster. It is integrated with Neutron, Cinder, Keystone and other core OpenStack services to achieve the rapid popularization of container. By this way, all the original network, storage and identification verification tools of OpenStack are applied to the container system, so that containers can meet the security and compliance requirements.
The Zun plans to support multiple kinds of container technologies such as Docker, Rkt, and clear container. Now, the support for Docker technology has been completed.
Currently, OpenStack has the following mainstream solutions supporting container technologies:
Nova Docker driver
This solution operates container as VMs. Nova Docker driver is added to carry out operations similar with that of regular VM to start, stop or create a Docker container. Due to the differences between Docker and VM, such operation mode will disable many functions of container, such as container correlation and port mapping.
Magnum is an OpenStack service providing the container cluster deployment function. Magnum deploys VMs and physical machines through Heat, to form a cluster, and then invokes the COE interface to complete the deployment of container. At the beginning of Magnum establishment, the project takes “Container as a Service”(CaaS) as the goal. During the later development, most of functions of Magnum focus on the cluster deployment of container.
Zun manages container as a kind of OpenStack resource, and integrates other services of OpenStack, to provide users with a unified and simplified API. Users can create and manage containers through the API, and do not need to consider the differences among different container technologies.
Zun has been integrated with multiple OpenStack services. Keystone, Neutron and Kuryr-libnetwork are necessary services for running Zun. They provide Zun with authentication, network, connection between neutron and docker networks. For OpenStack users, it is easy to learn to use the Zun container.
The advantage of integrating OpenStack services is that users can extend the functions of container with the help of OpenStack’s existing functions. For example, by default, the Zun container can use the IP address assigned by Neutron and can use the authentication service provided by Keystone. Using Zun together with Neutron, users can create a container in the isolated network environment where the Nova instance is located. The VM’s Neutron function (security group, QoS) is also available for Zun containers. In the actual business, there are often scenes that need to save data for a long time. A common method is to use external services to provide a persistent volume for the container. Zun solves this problem by integrating with OpenStack Cinder.
When creating a container, the user can choose to mount the Cinder volume to the container. A Cinder volume can be an existing or newly created volume in a tenant. Each volume will be bound to the container file system path, and the data stored under that path will be persisted.
For orchestration, unlike other container platforms that offer built-in orchestration, Zun uses an external orchestration system for this purpose, such as Heat and Kubernetes. With external coordination tools, end users can define their containerized applications by using the DSL provided by the tool.
With Heat, users can also define resources consisting of container resources and OpenStack resources, such as Neutron load balancer, floating IP, Nova instance, and more.
Zun and Kubernetes are complementary. In fact, the Zun community is actively promoting the integration with Kubenetes. At present, the work of integrating Zun with COE is mainly concentrated on Kubenetes which will make containers easier to deploy, manage, and scale. However, using Kubernetes on OpenStack still requires the user to manually deploy underlying infrastructure, such as a virtual server cluster. The user is responsible for initial capacity planning, such as determining the size of the VM cluster and the maintenance of the running VM cluster. The emergence of Serverless container technologies or solutions, such as Amazon Web Services (AWS) Fargate, Azure Container Instance (ACI), and OpenStack Zun, provides a viable alternative to running containers on the cloud. The Serverless approach allows users to run containers on demand without having to create or manage their own clusters in advance. Zun will use Kubernetes as the orchestration layer, and Kubernetes will use OpenStack Zun to provide the “Serverless” container. Zun has introduced the concepts of Container and Capsule. Container is responsible for integrating Docker or other container engine technologies. The concept of Capsule is a bit like Kubernetes Pod, which represents a group of containers. Capsule is used to group multiple containers that need to work closely with each other to achieve service goals.
Zun is not prepared to implement many of the advanced features provided by COE (such as container keep-alive, load balancing), but focuses on providing basic container operations (CRUD) and maintaining tight integration with OpenStack.
Compare with Nova Docker driver:
Zun aims to solve the problem of the Nova Docker driver solution. It implements the deployment scheduling framework of Docker independently of Nova, and integrates with Glance, Neutron, Cinder and other components, but does not implement the deployment scheduling of Container Orchestration Engines (COE). Nova-docker accesses containers through the Nova API, and Zun is not restricted by the Nova API.
Compared with Magnum:
The difference between Zun and Magnum is that Zun focuses on providing APIs for managing containers, while Magnum provides an API for the deployment and management of COE.
Basic architecture of Zun
The following Zun architecture diagram well illustrates the relationship between Zun and OpenStack components.
Zun API: Handling REST requests and checking input parameters
Zun Compute: Resource scheduling and container management
Keystone: OpenStack’s certification component
Neutron: Providing networks for containers
Glance: Storing docker images (if glance is not used, DockerHub can be used)
Kuryr: The plugin connecting the container network and Neutron
In summary, Zun provides an OpenStack + container solution that not only effectively combines multiple OpenStack services with container technology, improving the capability of OpenStack managing containers, but also simplifies the use of containers and extends functions of container. At the same time, the functions of Zun community are being developed and complemented, and it is worth looking forward to.
As one of the Gold members of the OpenStack Foundation and one of the major code contributors, ZTE is committed to promoting the evolution and development of OpenStack. For the Zun community, ZTE ranks No.1 in the number of completed bp, the number of bug fixed, and the number of submitted codes, and No.2 in the number of code reviews. In addition, ZTE is the PTL of Rocky and Stein, and has made outstanding contributions to the development of each Zun project. ZTE will continue to increase its investment in open source communities and actively seek opportunities for commercial launch in the future.
Read more about:Vendor Views
You May Also Like