Container as a Service

(CaaS)

Ashish Pandey

@ashishapy

blog.ashishapy.com

Disclaimer:

 

This is a personal talk and all opinions expressed here are my own and not those of my current or previous employers or partners, I work or worked with.

Use of container for you?

Who are using container in production?

At what scale you are using container?

Containers as a Service (CaaS) is a model where IT organisations and developers can work together to build, ship & run their applications anywhere. CaaS enables an IT secured and managed application environment consisting of content and infrastructure, from which developers are able build and deploy applications in a self service manner. - Docker
  • together = Collaboration
  • build, ship & run = CI / CD
  • anywhere = Multi Cloud / Hybrid Cloud
  • secured = Secured + policy compliant 
  • managed = Managed Services + Auto Scale
  • content = App + User Data
  • infrastructure = Compute Resources + IT Services
  • self service = Self-service + Governance

Containers as a Service

often and fast
fully automatic
zero-downtime
ability to rollback
resilient
scale
self-healing
cost effective
Secure & compliant

New Stack Ops

Container Management Framework

helps you to build CaaS

Cloud providers:

How to choose one?

Choice of the orchestration layer often drives the ‘Container Management Framework’ selection decision.
But orchestration is just a piece of the puzzle

Orchestration

  1. Docker Swarm
  2. Kubernetes
  3. Apache Mesos
Don’t be blinded by orchestration capabilities.

How to choose one?

Focus on

governance, 
security and 
​policy enforcement
Orchestration tools are Ops focused

What container management framework can't do for us?

  • Manage it's own life cycle :

Install / bootstrap, upgrade / rollback / security fixes, disaster recovery of container management framework itself.

  • Infrastructure Management:

Infrastructure (computing, network & storage) provisioning, scaling up / down, upgrading / rollback / security fixes.

How to manage then ... ?

  • Use infrastructure provisioning & configuration management tool:
  1. Ansible / Puppet / Chef
  2. Terraform & Packer
  3. BOSH
  4. Cloud provider tool e.g. AWS CloudFormation
  • Have well tested disaster recovery & rollback plan in-place

Capabilities of CaaS

Features of Container Management Framework

Orchestration

1) Scheduling of containers:

   Placement, replication, scaling, rescheduling, upgrades, rollback of containers.

2) Computing resource management:

   Memory, cpu, volume, port, ip, image, network of containers.

3) Management of services:

   Service discovery & orchestrating multiple containers together (using label, group, namespace, load balancing, readiness checking, health checking).

4) Governance:

   Access control, isolation, resource utilisation, limits & quotas, network segmentation & encryption.

5) Image registry:

A place where you can store & distribute container (Docker) images.

 

Tools:

6) Source Control Management:

A version control system, where your code, configs & documents are being stored.

 

Tools:

7) Persistant Storage:

Place to store all your app data. A software-defined storage (SDS)

Tools:

You may want to continue with your traditional storage solution until world settles for stateful containers.

8) Security solutions:

Enforce security policies, manage secrets, security scanning, image signing.

 

Tools:

9) Load balancer:

To manage & distribute your external traffic.

 

Tools:

10) Monitoring:

Log management, Metrics collection, time-series monitoring, analytics & visualisation & alerting.

 

Tools:

11) Authentication & authorisation:

Policy compliance, role based access control (RBAC), app to app communication

 

Tools:

12) Continuous Integration:

Developers to integrate code into a shared repository & verified by an automated build, allowing teams to detect problems early

 

Tools:

13) Continuous Delivery:

Release into production of application that passes the automated tests, after necessary approvals

 

Tools:

14) Collaboration:

Brings all the pieces (system alerts, notification etc.) and people/teams you need together. Enables ChatOps.

 

Tools:

15) Cloud provider services

   Cloud Provider Interface (CPI) e.g. AWS, Azure, Google

 

16) Billing system

   Meter your platform uses & charge back to your CaaS user.

 

17) Auditing system

   Audit your system for any security, governance & policy related compliance.

 

18) DNS

   Domain name system to map your nice looking URL with load-balancer.

Any Recommendations ...

No! One size doesn’t fit all.

 

Try this ...

  • First choose a cloud provider (public / private).

  • Decide on what cloud services you are gonna use to build infrastructure (VMs / bare metal).

  • Make a checklist (based on your need) as listed in this talk & see which Container Management Framework best suited to you.

  • Choose tools which will help you to create infrastructure, deploy container management framework, upgrade & rollback it.

  • Don’t forget to adopt DevOps tools, principles & 12Factor apps for CaaS.

Made with Slides.com