Containers in OpenStack Clouds: How to Keep the Applications Safe and Healthy

Let’s get a closer look at two giant open-source technologies – OpenStack and Kubernetes, how they work together and accomplish each other bringing more benefits to service consumers.

Opinions about Kubernetes and Openstack can be gathered in two main but opposite directions. On one hand, those who believe that OpenStack and Kubernetes are complementary technologies that can altogether work in tandem, and those who consider Kubernetes to be the substitute of OpenStack and vice versa. While it’s true that the use of these tools in many cases overlap, it doesn’t necessarily mean that one can easily replace the other. They help solve similar issues but on different layers of the stack. Thus, their combination can deliver users more powerful automation and scalability than ever. However, an even better way to look at these open-source giants is to consider Kubernetes as an extension for OpenStack, an excellent tool for container orchestration in the OpenStack cloud environment.

Let’s get a closer look at how these open-source technologies can work together and accomplish each other. OpenStack is an open-source cloud platform; it helps businesses run and manage their cloud infrastructures. Kubernetes is also open-source technology, the most widely used container orchestrator to run and manage containers. A range of OpenStack components and software solutions help efficiently combine both technologies to perform the best results.

But what do we exactly get from extending OpenStack capabilities with containers orchestrated by Kubernetes? 

Smooth Integration

As an open infrastructure, OpenStack provides API-driven access to compute, storage, and networking systems. The platform flexibility makes it possible to deploy on the single system all the enterprise environments may need – bare metal, VMs and container resources. 

Kubernetes enables developers to focus on their primary goals – creating software, its maintenance and improvement. The workload driven K8 technology offers the right on time tools and interfaces compiling with the developed cloud infrastructure features.

Both sets of technologies can boast their widespread integration into enterprise-level infrastructures and compatibility with many other IT solutions. On the one side is OpenStack with its traditional, proven by years, VM-based technology, and on the other is Kubernetes, a highly agile and dynamic orchestration system. Combined, they create a perfect duo for the enterprise cloud environment and bring to each other exactly what they lack.

Kubernetes clusters consume compute, storage and networking resources from OpenStack through the APIs. Building an abstraction layer for such resources, OpenStack helps make the cloud systems reliable, expectable, and steady.

For example, there is a common request from Kubernetes users to add a bunch of standard services like object and block storage, smoothly integrated with their system of containers. OpenStack offers practical tools for such requirements by supporting the most significant storage and networking solutions for organizations. Running Kubernetes with OpenStack brings seamless functional integration of containers into the cloud environment.

There are several solutions for running Kubernetes and other application frameworks on top of OpenStack. Magnum, an Openstack project, is the easiest way to deliver multi-tenanted and self-serviced container frameworks. It provides a simple API to deploy fully managed clusters backed by the choice of several application platforms, including Kubernetes. 

Cornerstone of Security

Being a powerful orchestrator, Kubernetes by no means simplifies application management compared to applications on traditional servers or VMs. The cutting-edge technologies bring freedom to developing processes, automate iterations, save time and effort for coding. The relatively new technology uses the latest modern security practices. However, modern and cutting edge do not a priori mean the best decision for business needs. The best security practices proven by years of successful usage can be destroyed by one new potential vulnerability released together with component upgrading. A threat to the cluster security and the data stored on it can come from both the external network and the cluster itself. A misconfigured application or an overlooked vulnerability could allow an attacker to access the container and the host’s file system.

The basic rules like regular system audit and cluster policies renewal secure Kubernetes cluster protection and diminish possible problems. Among the essential cybersecurity measures for Kubernetes are the following:

  •  strict firewall rules and access restrictions from the external network; 
  •  quota and authentication management for resources and users; 
  •  limitation of containers privileges and privileges in containers;
  •  reliable sources of images to prevent risks of running an unsafe application;
  •  logs monitoring and regular cluster security audit to detect known vulnerabilities in automatic mode and eliminate them on time.

To install and set security once and forever is a desirable but impossible dream. In a constantly changing cloud environment, new weaknesses and threats occur. Organizations should consider that running Kubernetes on bare-metal leads to a higher risk of security escape threat. If the intruder happens to be directly on the host, as an operator, you have a massive problem since all the users sharing the same kernel are compromised. On the other side, OpenStack can provide a unified cloud platform for orchestrating VMs, containers, and hardware compute resources keeping the security of clusters and the whole system on a high level. To implement and manage such a platform, a company needs an experienced team of quite expensive professionals or the right software solution with proven effectiveness and security.

Faster App Development

Kubernetes gifts developers with a wizard stick for speedy and painless management of many containers with applications. OpenStack creates the atmosphere for such magic to happen without delay and mistakes. The growing request for on-demand and access-anytime services makes K8 and OpenStack perfect allies to meet these user’s needs.  The benefits vary from increased application portability to reduced development time and enhanced application stability. Running Kubernetes and OpenStack together, the needed piece of code can be instantly found, identified, and used. It saves hours of coding and searching. And intelligent laziness, as you know, is the best engine for progress.

Developers widely use Kubernetes because of its highly demanded functionalities that make the technology ideal for delivering applications:

  • As isolated workspaces, containers make it possible to deploy multiple completely different applications to a single bare metal or VM without any conflict between the applications.
  • Using pods in a Kubernetes cluster can run a single container or multiple containers if they need to work together. To create and keep inside the group of application components, a pod encapsulates an application composed of multiple co-located containers that are tightly connected and need to share resources.
  • Kubernetes open-source technology runs containerized workloads in production with the ease of maintenance, supported by constant practices from the community.

Today nobody doubts containerized applications benefits, but there are still debates about host platforms to serve them. According to many recent surveys, most developers choose Kubernetes as the Number 1 platform for container management. However, if you want to get more from Kubernetes and OpenStack technologies and to increase business productivity, development time saving and application portability, you should run the prominent tandem together.

Auto-Scalability

While traditional applications require larger hardware to scale (vertical scaling), cloud-based applications are able to operate with discrete hardware (horizontal scaling). To meet the requirements, OpenStack is designed to be horizontally scalable. You procure more servers and install identically configured services rather than switching to larger servers. OpenStack’s horizontal scaling is a great scenario where Kubernetes can add more flexibility.

One of Kubernetes most powerful features is autoscaling, the automated process that otherwise would require intensive human effort if done manually. At the moment, Kubernetes has three auto-scaling methods: scaling pods horizontally and vertically, and scaling clusters.

Auto-scaling is essential in a private cloud environment; without it whenever conditions change, you have to provision resources and then scale down. Kubernetes autoscaling helps optimize resources by automatically increasing cluster nodes and pods number if more resources are demanded and adjusting back to fewer nodes and pods to save them. 

Scaling your OpenStack private cloud with Kubernetes helps you enjoy additional features. The resources can be scaled both horizontally and vertically in an efficient way. 

Double the benefits with FishOS

Years of experience has enabled Sardina’s team to become experts in creating private cloud environments based on OpenStack. We also offer smooth Kubernetes integration with FishOS to provide the customers with container orchestration tools. Ensuring features such as automated rollouts and rollbacks, high availability, heterogeneous clusters, storage orchestration and self-healing, we fully integrate Kubernetes within the OpenStack environment to provide all their capabilities.

FishOS can run Kubernetes complying with the official certification tests on both VM and bare metal servers. But it’s one thing to get Kubernetes running; a completely different one is to keep the system scalable, reliable, efficient, and cost-effective. The key FishOS values lie in these critical aspects of operating in private clouds. FishOS enables operators in enterprises to easily provide multi-tenanted Kubernetes environments with proven security assurances and helps developers deliver applications faster and easier. Sardina’s customers can also gain from mature, tested and proven persistent block storage, software-defined storage, and software-defined networking.

It makes sense to run Kubernetes clusters within VMs in larger organizations with the separated operator and consumer divisions. This allows the organization to benefit from the strong security segregation of VMs, and the reliability and resilience afforded by them. OpenStack, for its part, is able to cater to Kubernetes also on bare-metal nodes.

Benefits from combining OpenStack and Kubernetes technologies are by far a more evident argument than just using them solo. No wonder the OpenStack Foundation is committed to guaranteeing that emerging technologies can be incorporated and utilized within OpenStack, and containers are an actual example of that commitment. OpenStack has leveraged its design and a large community to integrate container technologies at different levels. By using Kubernetes in an OpenStack cloud environment, an organization can double the benefits. Two open-source giants working together can show better results in security, resilience and scalability, allowing faster application development and delivery of infrastructure innovations.

Leave a Reply

Your email address will not be published. Required fields are marked *