Jump to: navigation, search

Difference between revisions of "Magnum"

m (Resources)
(Compatibility Matrix)
(35 intermediate revisions by 9 users not shown)
Line 1: Line 1:
Magnum is an OpenStack API service developed by the [[Teams/Containers|OpenStack Containers Team]] making container orchestration engines such as Docker and Kubernetes available as first class resources in OpenStack.  Magnum uses Heat to orchestrate an OS image which contains Docker and Kubernetes and runs that image in either virtual machines or bare metal in a cluster configuration. Click below for a 5 minute demo of how Magnum works.
+
Magnum is an OpenStack API service developed by the [[Teams/Containers|OpenStack Containers Team]] making container orchestration engines such as Docker Swarm, Kubernetes, and Apache Mesos available as first class resources in OpenStack.  Magnum uses Heat to orchestrate an OS image which contains Docker and Kubernetes and runs that image in either virtual machines or bare metal in a cluster configuration. Click below for a ~2 minute demo of how the Magnum CLI works.
  
 
<center>
 
<center>
[[File:Demo-Preview-Frame.png|none|link=https://vimeo.com/128538940|frame|400px]]
+
[[File:Demo-Preview-Frame.png|none|link=https://vimeo.com/177327412|frame|400px]]
 
</center>
 
</center>
  
 
__TOC__
 
__TOC__
 
= News =
 
 
* 2015-10-20 We have published a list of [[Magnum/Summit|sessions to attend]] at the Mitaka Design Summit in Tokyo
 
* 2015-08-26 Magnum will be presenting [http://sched.co/49xE a session on Magnum] at the 2015 OpenStack Summit in Tokyo on October 28 4:40pm - 5:20pm [https://www.openstack.org/summit/tokyo-2015/videos/presentation/openstack-magnum-containers-as-a-service Video]
 
* 2015-05-21 We presented [https://openstacksummitmay2015vancouver.sched.org/event/ec3936678ef22681408088ec52a4e80b a session on Magnum] at the 2015 OpenStack Summit in Vancouver on Thursday, May 21 9:00am - 9:40am US/Pacific. [https://www.openstack.org/summit/vancouver-2015/summit-videos/presentation/magnum-containers-as-a-service-for-openstack Video]
 
* 2015-03-24 Magnum has [https://review.openstack.org/161080 officially joined] the OpenStack project list upon approval by a unanimous vote by the Technical Committee.
 
* 2015-03-09 Our Kilo-2 release is now available for download.
 
* 2015-01-20 We have announced Magnum's first release, now available for download.
 
  
 
= Getting Started / Download =
 
= Getting Started / Download =
To get started with Magnum, see: [http://docs.openstack.org/developer/magnum/dev/dev-quickstart.html Our Quickstart Guide]
+
To get started with Magnum, see: [http://docs.openstack.org/developer/magnum/dev/quickstart.html Our Quickstart Guide]
  
Version 1.0.0.0b1 (Liberty Beta 1) Downloads:  
+
Downloads:  
* [http://tarballs.openstack.org/magnum/magnum-1.0.0.0b1.tar.gz magnum]  
+
* [http://tarballs.openstack.org/magnum/ magnum]  
* [http://tarballs.openstack.org/python-magnumclient/python-magnumclient-1.0.0.0b1.tar.gz python-magnumclient]
+
* [http://tarballs.openstack.org/python-magnumclient/ python-magnumclient]
  
 
= Contributing =
 
= Contributing =
  
The project is under active development by our OpenStack Containers Team. We [[Meetings/Containers|meet weekly by IRC]]. Magnum's meetings are normally chaired by our PTL [https://launchpad.net/~aotto Adrian Otto].
+
The project is under active development by our OpenStack Containers Team. We [[Meetings/Containers|meet weekly by IRC]].  
  
 
* We want you to [[Magnum/Contributing|contribute to Magnum]]!
 
* We want you to [[Magnum/Contributing|contribute to Magnum]]!
Line 32: Line 23:
  
 
[[File:Magnum_architecture.png|center|800px|Magnum Architeture Diagram]]
 
[[File:Magnum_architecture.png|center|800px|Magnum Architeture Diagram]]
Bay Create/Update/Delete
+
Cluster Create/Update/Delete
  
 
= Resources =
 
= Resources =
Line 46: Line 37:
 
* Code Repository
 
* Code Repository
 
** git clone git://git.openstack.org/openstack/magnum
 
** git clone git://git.openstack.org/openstack/magnum
* Specification
 
** [https://review.openstack.org/136103 Containers Service Spec]
 
 
* References
 
* References
**[https://wiki.openstack.org/wiki/Magnum/NetworkDriverMatrix Network Driver Support Matrix]
 
**[https://wiki.openstack.org/wiki/Magnum/LabelMatrix Labels Support Matrix]
 
 
**[[Magnum/Acronyms|Acronyms]]
 
**[[Magnum/Acronyms|Acronyms]]
 
**[http://eavesdrop.openstack.org/irclogs/%23openstack-containers/ IRC Logs - OpenStack Containers]
 
**[http://eavesdrop.openstack.org/irclogs/%23openstack-containers/ IRC Logs - OpenStack Containers]
**[http://eavesdrop.openstack.org/meetings/containers/2015/ Meeting Minutes - OpenStack Containers]
+
**[http://eavesdrop.openstack.org/meetings/containers/2016/ Meeting Minutes - OpenStack Containers]
 +
 
 +
= IRC and IRC Meetings =
 +
Our developers use IRC in #openstack-containers on freenode for development discussion.
  
= IRC =
+
* The weekly Containers [[Meetings/Containers|IRC meeting]] is held on Wednesdays at 0900 UTC [https://calendar.google.com/event?action=TEMPLATE&tmeid=XzYwcjRjaDI2NmNvM2ViOWg2cDIzaWI5azg4cGphYmExODkwajRiOWo4NG9rNmRpMThvczM4Y3BuNm9fMjAxOTEwMzBUMDkwMDAwWiBiaGFyYXRAc3RhY2tocGMuY29t&tmsrc=bharat%40stackhpc.com&scp=ALL calendar].
 +
* [http://eavesdrop.openstack.org/meetings/containers/2019/?C=M;O=D 2019 Containers Meeting Archive]
 +
* [http://eavesdrop.openstack.org/meetings/containers/2018/?C=M;O=D 2018 Containers Meeting Archive]
 +
* [http://eavesdrop.openstack.org/meetings/containers/2017/?C=M;O=D 2017 Containers Meeting Archive]
 +
* [http://eavesdrop.openstack.org/meetings/containers/2016/?C=M;O=D 2016 Containers Meeting Archive]
  
Our developers use IRC in #openstack-containers on freenode for development discussion.
+
= Users =
 +
* [http://home.cern CERN] - details on the [http://openstack-in-production.blogspot.fr blog]
 +
* [https://stackhpc.com StackHPC] - details on the [https://stackhpc.com website]
 +
* (your group or organization here)
 +
 
 +
= Compatibility Matrix =
  
= Meetings =
+
The following table captures what we know about releases of Kubernetes (kube_tag) that are compatible with different releases of OpenStack Magnum.
  
* The weekly Containers [[Meetings/Containers|IRC meeting]] is held on Tuesdays at 1600 UTC [[Meetings/Containers|[schedule]]].
+
{| class="wikitable"
* [http://eavesdrop.openstack.org/meetings/containers/2014/ 2014 Containers Meeting Archive]
+
|-
 +
! rowspan=2 | Release !! colspan=3 | kube_tag !! rowspan=2 | os_distro !! rowspan=2 | required labels
 +
|-
 +
| min || max || default
 +
|-
 +
| 9.2.0 || v1.12.x || v1.17.x || v1.15.7 || fedora-coreos ||
 +
|-
 +
| 9.2.0 || v1.12.x || v1.15.x || v1.15.7 || fedora-atomic ||
 +
|-
 +
| 9.2.0 || v1.12.x || v1.17.x || v1.15.7 || fedora-atomic || use_podman=true
 +
|-
 +
| 9.1.0 || v1.12.x || v1.16.x || v1.14.3 || fedora-coreos ||
 +
|-
 +
| 9.1.0 || v1.12.x || v1.15.x || v1.14.3 || fedora-atomic ||
 +
|-
 +
| 9.1.0 || v1.12.x || v1.16.x || v1.14.3 || fedora-atomic || use_podman=true,
 +
|-
 +
| 8.2.0 ||| v1.9.x || v1.15.x || v1.11.5-1 || fedora-atomic ||
 +
|-
 +
| 8.1.0 || v1.9.x || v1.13.x || v1.11.5-1 || fedora-atomic ||
 +
|-
 +
| 7.2.0 || v1.9.x || v1.15.x || v1.11.5-1 || fedora-atomic || heat_container_agent_tag=stein-stable
 +
|-
 +
| 7.1.0 || v1.9.x || v1.13.x || v1.11.5-1 || fedora-atomic ||
 +
|}
  
 
= Frequently Asked Questions =
 
= Frequently Asked Questions =
 
'''1) How is Magnum is different from Nova?'''  
 
'''1) How is Magnum is different from Nova?'''  
  
Magnum provides a purpose built API to manage application containers, which have a distinctly different life cycle and operations than Nova (machine) Instances. We actually use Nova instances to run our application containers.
+
Magnum provides a purpose built API to manage application containers orchestration engines, which have a distinctly different life cycle and operations than Nova (machine) Instances. We actually use Nova instances to compose our Clusters.
  
 
'''2) How is Magnum different than Docker or Kubernetes?'''
 
'''2) How is Magnum different than Docker or Kubernetes?'''
  
Magnum offers an asynchronous API that's compatible with Keystone, and a complete multi-tenancy implementation. It does not perform orchestration
+
Magnum offers an asynchronous API that's compatible with Keystone, and a complete multi-tenancy implementation. It does not perform orchestration internally, and instead relies on OpenStack Orchestration. Magnum does leverage both Kubernetes and Docker as components.
internally, and instead relies on OpenStack Orchestration. Magnum does leverage both Kubernetes and Docker as components.
 
  
 
'''3) Is this the same thing as Nova-Docker?'''
 
'''3) Is this the same thing as Nova-Docker?'''
  
No, Nova-Docker is a virt driver for Nova that allows containers to be created as Nova instances. This is suitable for use cases when you want to treat a container like a lightweight machine. Magnum provides container specific features that are beyond the scope of Nova's API, and implements its own API to surface these features in a way that is consistent with other OpenStack services. Containers started by Magnum are run on top of Nova instances that are created using Heat.
+
No, Nova-Docker is a virt driver for Nova that allows containers to be created as Nova instances. This is suitable for use cases when you want to treat a container like a lightweight machine. Magnum provides container orchestration engine management that is beyond the scope of Nova's API, and implements its own API to surface these features in a way that is consistent with other OpenStack services. Containers started on Magnum Clusters are run on top of Nova instances that are created using Heat.
  
 
'''4) Who is Magnum for?'''
 
'''4) Who is Magnum for?'''
  
Magnum is for OpenStack cloud operators (public or private) who want to offer a self-service solution to provide containers to their cloud users as a managed hosted service. Magnum simplifies the required integration with OpenStack, and allows for cloud users who can already launch cloud resources such as Nova Instances, Cinder Volumes, Trove Databases, etc. to also create application containers to run applications in an environment that provides advanced features that are beyond the scope of existing cloud resources. The same identity credentials used to create IaaS resources can be used to run containerized applications using Magnum. Some examples of advanced features available with Magnum are the ability to scale an application to a specified number of instances, to cause your application to automatically re-spawn an instance in the event of a failure, and to pack applications together more tightly than would be possible using Virtual Machines.
+
Magnum is for OpenStack cloud operators (public or private) who want to offer a self-service solution to provide a hosted containers service to their cloud users. Magnum simplifies the required integration with OpenStack, and allows for cloud users who can already launch cloud resources such as Nova Instances, Cinder Volumes, Trove Databases, etc. to also create container clusters (Clusters) to run applications in an environment that provides advanced features that are beyond the scope of existing cloud resources.  
  
 
'''5) Will I get the same thing if I use the Docker resource in Heat?'''
 
'''5) Will I get the same thing if I use the Docker resource in Heat?'''
  
No, the Docker Heat resource does not provide a resource scheduler, or a choice of container technology used. It is specific to Docker, and uses Glance to store container images. It does not currently allow for layered image features, which can cause containers to take longer to start than if layered images are used with a locally cached base image. Magnum leverages all of the speed benefits that Docker offers.
+
No, the Docker Heat resource does not provide a resource scheduler, or a choice of container technology used. It is specific to Docker, and uses Glance to store container images. It does not currently allow for layered image features, which can cause containers to take longer to start than if layered images are used with a locally cached base image. Magnum leverages all of the speed benefits that Docker offers, and implements Kubernetes and Mesos as alternate choices to Docker Swarm for container orchestration.
  
 
'''6) What does multi-tenancy mean in Magnum (Is Magnum Secure)?'''
 
'''6) What does multi-tenancy mean in Magnum (Is Magnum Secure)?'''
  
Resources such as Containers, Services, Pods, Bays, etc. started by Magnum can only be viewed and accessed by users of the tenant that created them. Bays are not shared, meaning that containers will not run on the same kernel as neighboring tenants. This is a key security feature that allows containers belonging to the same tenant to be tightly packed within the same Pods and Bays, but runs separate kernels (in separate Nova Instances) between different tenants. This is different than using a system like Kubernetes without Magnum, which is intended to be used only by a single tenant, and leaves the security isolation design up to the implementer. Using Magnum provides the same level of security isolation as Nova provides when running Virtual Machines belonging to different tenants on the same compute nodes.
+
Resources such as Clusters are started by Magnum can only be viewed and accessed by users of the tenant that created them. Clusters are not shared, meaning that containers will not run on the same kernel as neighboring tenants. This is a key security feature that allows containers belonging to the same tenant to be tightly packed within the same Pods and Clusters, but runs separate kernels (in separate Nova Instances) between different tenants. This is different than using a system like Kubernetes without Magnum, which was originally designed to be used only by a single tenant, and leaves the security isolation design up to the implementer. Using Magnum provides the same level of security isolation as Nova provides when running Virtual Machines belonging to different tenants on the same compute nodes.

Revision as of 14:39, 26 March 2020

Magnum is an OpenStack API service developed by the OpenStack Containers Team making container orchestration engines such as Docker Swarm, Kubernetes, and Apache Mesos available as first class resources in OpenStack. Magnum uses Heat to orchestrate an OS image which contains Docker and Kubernetes and runs that image in either virtual machines or bare metal in a cluster configuration. Click below for a ~2 minute demo of how the Magnum CLI works.

Demo-Preview-Frame.png

Getting Started / Download

To get started with Magnum, see: Our Quickstart Guide

Downloads:

Contributing

The project is under active development by our OpenStack Containers Team. We meet weekly by IRC.

Architecture

Magnum Architeture Diagram

Cluster Create/Update/Delete

Resources

IRC and IRC Meetings

Our developers use IRC in #openstack-containers on freenode for development discussion.

Users

Compatibility Matrix

The following table captures what we know about releases of Kubernetes (kube_tag) that are compatible with different releases of OpenStack Magnum.

Release kube_tag os_distro required labels
min max default
9.2.0 v1.12.x v1.17.x v1.15.7 fedora-coreos
9.2.0 v1.12.x v1.15.x v1.15.7 fedora-atomic
9.2.0 v1.12.x v1.17.x v1.15.7 fedora-atomic use_podman=true
9.1.0 v1.12.x v1.16.x v1.14.3 fedora-coreos
9.1.0 v1.12.x v1.15.x v1.14.3 fedora-atomic
9.1.0 v1.12.x v1.16.x v1.14.3 fedora-atomic use_podman=true,
8.2.0 v1.9.x v1.15.x v1.11.5-1 fedora-atomic
8.1.0 v1.9.x v1.13.x v1.11.5-1 fedora-atomic
7.2.0 v1.9.x v1.15.x v1.11.5-1 fedora-atomic heat_container_agent_tag=stein-stable
7.1.0 v1.9.x v1.13.x v1.11.5-1 fedora-atomic

Frequently Asked Questions

1) How is Magnum is different from Nova?

Magnum provides a purpose built API to manage application containers orchestration engines, which have a distinctly different life cycle and operations than Nova (machine) Instances. We actually use Nova instances to compose our Clusters.

2) How is Magnum different than Docker or Kubernetes?

Magnum offers an asynchronous API that's compatible with Keystone, and a complete multi-tenancy implementation. It does not perform orchestration internally, and instead relies on OpenStack Orchestration. Magnum does leverage both Kubernetes and Docker as components.

3) Is this the same thing as Nova-Docker?

No, Nova-Docker is a virt driver for Nova that allows containers to be created as Nova instances. This is suitable for use cases when you want to treat a container like a lightweight machine. Magnum provides container orchestration engine management that is beyond the scope of Nova's API, and implements its own API to surface these features in a way that is consistent with other OpenStack services. Containers started on Magnum Clusters are run on top of Nova instances that are created using Heat.

4) Who is Magnum for?

Magnum is for OpenStack cloud operators (public or private) who want to offer a self-service solution to provide a hosted containers service to their cloud users. Magnum simplifies the required integration with OpenStack, and allows for cloud users who can already launch cloud resources such as Nova Instances, Cinder Volumes, Trove Databases, etc. to also create container clusters (Clusters) to run applications in an environment that provides advanced features that are beyond the scope of existing cloud resources.

5) Will I get the same thing if I use the Docker resource in Heat?

No, the Docker Heat resource does not provide a resource scheduler, or a choice of container technology used. It is specific to Docker, and uses Glance to store container images. It does not currently allow for layered image features, which can cause containers to take longer to start than if layered images are used with a locally cached base image. Magnum leverages all of the speed benefits that Docker offers, and implements Kubernetes and Mesos as alternate choices to Docker Swarm for container orchestration.

6) What does multi-tenancy mean in Magnum (Is Magnum Secure)?

Resources such as Clusters are started by Magnum can only be viewed and accessed by users of the tenant that created them. Clusters are not shared, meaning that containers will not run on the same kernel as neighboring tenants. This is a key security feature that allows containers belonging to the same tenant to be tightly packed within the same Pods and Clusters, but runs separate kernels (in separate Nova Instances) between different tenants. This is different than using a system like Kubernetes without Magnum, which was originally designed to be used only by a single tenant, and leaves the security isolation design up to the implementer. Using Magnum provides the same level of security isolation as Nova provides when running Virtual Machines belonging to different tenants on the same compute nodes.