Container as a Service

(CaaS)

Ashish Pandey

@ashishapy

blog.ashishapy.com

Disclaimer:

 

This is a personal talk and all opinions expressed here are my own and not those of my current or previous employers or partners, I work or worked with.

Use of container for you?

Who are using container in production?

At what scale you are using container?

Containers as a Service (CaaS) is a model where IT organisations and developers can work together to build, ship & run their applications anywhere. CaaS enables an IT secured and managed application environment consisting of content and infrastructure, from which developers are able build and deploy applications in a self service manner. - Docker
  • together = Collaboration
  • build, ship & run = CI / CD
  • anywhere = Multi Cloud / Hybrid Cloud
  • secured = Secured + policy compliant 
  • managed = Managed Services + Auto Scale
  • content = App + User Data
  • infrastructure = Compute Resources + IT Services
  • self service = Self-service + Governance

Containers as a Service

often and fast
fully automatic
zero-downtime
ability to rollback
resilient
scale
self-healing
cost effective
Secure & compliant

New Stack Ops

Container Management Framework

helps you to build CaaS

How to choose one?

Choice of the orchestration layer often drives the ‘Container Management Framework’ selection decision.
But orchestration is just
a piece of the puzzle

Orchestration

Don’t be blinded by orchestration capabilities.

How to choose one?

Focus on

governance, 
security and 
​policy enforcement
Orchestration tools are Ops focused

What container management framework can't do for us?

  • Manage it's own life cycle :

Install / bootstrap, upgrade / rollback / security fixes, disaster recovery of container management framework itself.

  • Infrastructure Management:

Infrastructure (computing, network & storage) provisioning, scaling up / down, upgrading / rollback / security fixes.

How to manage then ... ?

  • Use infrastructure provisioning & configuration management tool:
  1. Ansible / Puppet / Chef
  2. Terraform & Packer
  3. BOSH
  4. Cloud provider tool e.g. AWS CloudFormation
  • Have well tested disaster recovery & rollback plan in-place

Capabilities of CaaS

Features of Container Management Framework

Orchestration

1) Scheduling of containers:

   Placement, replication, scaling, rescheduling, upgrades, rollback of containers.

2) Computing resource management:

   Memory, cpu, volume, port, ip, image, network of containers.

3) Management of services:

   Service discovery & orchestrating multiple containers together (using label, group, namespace, load balancing, readiness checking, health checking).

4) Governance:

   Access control, isolation, resource utilisation, limits & quotas, network segmentation & encryption.

5) Image registry:

A place where you can store & distribute container (Docker) images.

 

Tools:

6) Source Control Management:

A version control system, where your code, configs & documents are being stored.

 

Tools:

7) Persistant Storage:

Place to store all your app data. A software-defined storage (SDS)

Tools:

You may want to continue with your traditional storage solution until world settles for stateful containers.

8) Security solutions:

Enforce security policies, manage secrets, security scanning, image signing.

 

Tools:

9) Load balancer:

To manage & distribute your external traffic.

 

Tools:

10) Monitoring:

Log management, Metrics collection, time-series monitoring, analytics & visualisation & alerting.

 

Tools:

11) Authentication & authorisation:

Policy compliance, role based access control (RBAC), app to app communication

 

Tools:

12) Continuous Integration:

Developers to integrate code into a shared repository & verified by an automated build, allowing teams to detect problems early

 

Tools:

13) Continuous Delivery:

Release into production of application that passes the automated tests, after necessary approvals

 

Tools:

14) Collaboration:

Brings all the pieces (system alerts, notification etc.) and people/teams you need together. Enables ChatOps.

 

Tools:

15) Cloud provider services

   Cloud Provider Interface (CPI) e.g. AWS, Azure, Google

 

16) Billing system

   Meter your platform uses & charge back to your CaaS user.

 

17) Auditing system

   Audit your system for any security, governance & policy related compliance.

 

18) DNS

   Domain name system to map your nice looking URL with load-balancer.

Any Recommendations ...

No! One size doesn’t fit all.

 

Try this ...

  • First choose a cloud provider (public / private).

  • Decide on what cloud services you are gonna use to build infrastructure (VMs / bare metal).

  • Make a checklist (based on your need) as listed in this talk & see which Container Management Framework best suited to you.

  • Choose tools which will help you to create infrastructure, deploy container management framework, upgrade & rollback it.

  • Don’t forget to adopt DevOps tools, principles & 12Factor apps for CaaS.

CaaS

By Ashish Pandey

CaaS

Container as a Service

  • 2,009