Presentation at the OpenStack Summit in Barcelona, Spain on October 25, 2016. http://bit.ly/os-kub-oci-cncf Containers along with next generation topics such as orchestration and serverless computing continue to draw interest across the application developer and data center operator communities because of the enormous potential of the technology and the rapid pace of change. As the potential of Docker continues to evolve, Kubernetes emerges as the leading orchestration technology, and the OpenStack Magnum project has matured, many want to see shared governance over the baseline container specification and associated runtime and format/image to protect investments and enable confident adoption of this emerging technology. Join this session to learn the latest about the Open Container Initiative (www.opencontainers.org) and the Cloud Native Computing Foundation (cncf.io) - both collaborative projects of the Linux Foundation - that drive the latest cloud native technologies and projects and see how they relate to Magnum and Kuryr. Daniel Krook, Senior Software Engineer, IBM Jeffrey Borek, Program Director, Open Tech, IBM Sarah Novotny, Senior Kubernetes Community Manger, Google

1. Open Container Technologies and OpenStack
Sorting through Kubernetes, the OCI, and the CNCF
Daniel Krook
Jeffrey Borek
Sarah Novotny
Senior Software Engineer, IBM
Program Director, Open Tech, IBM
Senior Kubernetes Community Manger, Google
@DanielKrook
@JeffBorek
@SarahNovotny

2. Our background is in open source and open standards
Daniel Krook
• Customer partner for open technologies adoption (OpenStack, Cloud Foundry, Docker, OpenWhisk)
• Senior Software Engineer, IBM Cloud
• @DanielKrook
Jeffrey Borek
• IBM representative to the OCI & CNCF, Chair of Docker Governance Advisory Board
• WW Program Director, Open Technologies and Partnerships, Cloud Computing
• @JeffBorek
Sarah Novotny
• Google representative to OCI & CNCF, Open Source Community Wonk
• Senior Program Manager, Kubernetes Community
• @SarahNovotny

3. What you will learn today
• The benefits and tradeoffs of container technology and its organic community based
evolution over time
• How containerization fits into OpenStack, and in particular how it uses Kubernetes
for both Containers-as-a-Service and its own control plane
• What the container focused Linux Foundation collaborative projects aim to achieve
• Open Container Initiative opencontainers.org
• Cloud Native Computing Foundation cncf.io
• How OCI and CNCF container standardization affects OpenStack via Kubernetes

4. Container technology today enables greater density, faster
startup, and more consistent packaging of applications
Containers provide isolation for processes
sharing compute, networking, and
storage resources on a host system.
They are logically similar to virtualized
machine instances but share the host
kernel and avoid hardware emulation.
Applications can be packaged with all the
additional dependencies that they need,
above what is provided by the host.
This makes them efficient to run, easy to
move from host to host, and enable more
granular control of applications.
There are tradeoffs and drawbacks,
however, including isolation. Consider the
analogy of buying a house (VM) versus
renting an apartment (container).
Diagram source: Exploring Opportunities: Containers and OpenStack
Abstractions required for
VMs, not used by containers

5. Many innovations from many organizations have
influenced container technology innovation over time
Jails
VServer
Zones
cgroups
Namespaces
LXC
Docker
FreeBSD Jails expand
on Unix chroot to
isolate files
1999
Linux-VServer ports
context isolation, but
required recompilation
Solaris Zones bring the
concept of snapshots
Google introduces
Process Containers,
merged as cgroups
Red Hat adds user
namespaces, limiting root
access in containers
IBM creates LXC,
providing user
tools for cgroups
and namespaces
Docker provides
simple user tools
and images.
Containers go
mainstream
20082004
20062001 2008
2013
Not an exhaustive list, nor is an evolution implied. OpenVZ (Parallels), Warden (Cloud Foundry) , rkt (CoreOS), and others also represent container innovation.

6. Several OpenStack projects leverage containers to more efficiently use
resources, deploy faster, and package services more consistently
A Docker hypervisor driver for
Nova Compute to treat containers
and images as the same type of
resource as virtual machines.
Nova
A plugin template for
orchestrating Docker resources
on top of OpenStack resources.
Allows access to full Docker API.
Heat
Containerizes the OpenStack
control services themselves as
microservices to simplify the
operational experience.
Kolla
Provides an application catalog
of containerized applications
that can be deployed to an
OpenStack cloud.
Murano
OpenStack is above all an integration engine, bringing various technologies
together through common APIs. Therefore, containers have naturally been plugged
into several existing projects and will find their way into other areas as well.
Provides an API to manage multi-
tenant Containers-as-a-Service
leveraging Heat, Nova, and
Neutron.
Magnum
Brings the Neutron networking
model to containers. Providing
consistency between bare metal,
virtual machines, and containers.
Kuryr

7. Introducing the Linux Foundation Open Container Initiative (OCI)
A single, open container specification:
• Not bound to higher level constructs such as a
particular client or orchestration stack
• Not tightly associated with any particular commercial
vendor or project
• Portable across a wide variety of operating systems,
hardware, CPU architectures, public clouds, etc.
The OCI is a lightweight, open
governance structure for the
express purpose of creating
open industry standards
around container formats and
runtime
Announced June 22, 2015
opencontainers.org

8. The OCI aims to meld ecosystems towards an open standard
• Users should be able to package their
application once and have it work with any
container runtime
• The standard should fulfill the requirements of
the most rigorous security and production
environments
• The standard should be vendor neutral and
developed in the open

9. The OCI governs a container specification and an implementation
Open Container Runtime Spec
Docker container runtime implementation:
runC (formerly libcontainer)
CoreOS runtime implementation:
appC (formerly Rocket)
github.com/opencontainers
Spec and implementation
updated in concert
Innovation driven
into the specOpen Container Initiative
ecosystem
Community
innovation driven into
the spec
Open Image Format Spec
• Open
Specification for
Container Image
• Starting with
Docker v2.2
• Announced
April 14, 2016

10. Who’s contributing to the Open Container Initiative?*
• The top 15 groups contributing to the OCI represent
a broad and diverse group of companies
• View the OCI dashboard: http://oci.biterg.io/
* As of October 21, 2016

11. Introducing the Cloud Native Computing Foundation (CNCF)
•Container packaged
•Dynamically
managed
•Micro-services
oriented
The CNCF plans to create and drive
the adoption of a new set of
common container technologies,
driven and informed by technical
merit and end user value, inspired
by Internet-scale computing
Announced July 21, 2015
cncf.io

12. Just as the OCI targets
container image portability,
the CNCF targets cloud
application portability…

13. CNCF: Cloud Native Reference Architecture

14. CNCF: Incubation projects
Prometheus

16. OpenStack as a First Class Cloud Provider
• Murano
Application catalog which can
deploy Kubernetes
• Kuryr
Connects Kubernetes and
Docker networking to Neutron
Heat
Kubernetes specific templates to
create clusters
Magnum
Heat derived method of
deploying Kubernetes, Mesos
and Docker Swarm clusters

17. Containerized OpenStack on Kubernetes
• Fuel CCP
• Kolla
• Stackanetes
Each project provides tooling to deploy
containerized OpenStack control planes on
Kubernetes
Including Docker containers and automation
to deploy common OpenStack services

18. Kubernetes SIG OpenStack
slack.kubernetes.io #sig-openstack
kubernetes-sig-openstack@googlegroups.com

19. Keep an eye on developments in these areas as you formulate
your organization's containerization strategy. Please get involved
to ensure standards reflect your own usage scenarios.
Container technology has evolved over the
last 16 years with contributions from many
organizations.
It will continue to do so with greater
collaboration and governance through the
Open Container Initiative and the Cloud Native
Computing Foundation.
Containerization is used throughout
OpenStack in Nova, Heat, Magnum, Kuryr,
Kolla, Murano and other big tent projects…
…but Kubernetes is emerging as a de facto
standard for container clusters in OpenStack
and separately governed container standards.
The OpenStack Foundation provides
governance over Infrastructure-as-a-Service
(compute, network, and storage) APIs.
The OCI and the CNCF will provide
governance of container formats and
standardize cloud native architectural patterns.

20. Open Container Technologies and OpenStack
Sorting through Kubernetes, the OCI, and the CNCF
Daniel Krook
Jeffrey Borek
Sarah Novotny
Senior Software Engineer, IBM
Program Director, Open Tech, IBM
Senior Kubernetes Community Manger, Google
@DanielKrook
@JeffBorek
@SarahNovotny