openstack
/
tricircle
Code Issues Proposed changes

spec for multi-region container management 

1. What is the problem ?
   Lack of implementation of container management in multi-region scenario.

2. What is the solution for the problem ?
   Write this spec to discribe how to implement the container management in the Tricircle multi-region scenario.

Change-Id: Iec0102656168e2d721cf2c0ec6d776e3aed881d6
Signed-off-by: XuShimin <948026069@qq.com>
This commit is contained in:
XuShimin 2019-06-05 09:25:14 +08:00
parent 1a3a6bb9bb
commit d4f9efb111
1 changed files with 144 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

144
specs/train/multi-region container management.rst Normal file
View File

@ -0,0 +1,144 @@
=============================================
Container Management in Multi-Region Scenario
=============================================
Background
==========
Currently, multi-region container management is not supported in the Tricircle.
This spec is to describe how container management will be implemented
in the Tricircle multi-region scenario. Now openstack provides many components
for container services such as zun,kuyr,kuryr-libnetwork. Zun is a component that
provides container management service in openstack, it provides a unified OpenStack API
for launching and managing containers, supporting docker container technology.
Kuryr is an component that interfaces a container network to a neutron network.
Kuryr-libnetwork is a kuryr plugin running under the libnetwork framework and provides
network services for containers. Zun integrates with keystone, neutron,
and glance to implement container management. Keystone provides identity authentication
for containers, neutron provides network for containers, and glance provides images for containers.
These openstack services work together to accomplish the multi-region container management.
Overall Implementation
======================
The Tricircle is designed in a Central_Neutron-Local_Neutron fashion, where all the local neutrons are
managed by the central neutron. As a result, in order to adapt the Central_Neutron-Local_Neutron design and
the container network requirements and image requirements, we plan to deploy zun, kuryr,kuryr-libnetwork and
raw docker engine as follows. ::
+--------------------------------------------------+ +--------------------------------------------------+
| | Central Region | |
| +--------+ +--×---------------------×--+ +--------+ |
| +-----| Glance | User <---- | Keystone | ----> User | Glance |-----+ |
| | +--------+ x------x +---------------------------+ x------x +--------+ | |
| | | | Central Neutron | | | |
| | +---------------+ | +--×----^-----------^----×--+ | +---------------+ | |
| | | Zun API |<------------+ | | | | +------------>| Zun API | | |
| | +---------------+ +---------------+ | | | | +---------------+ +---------------+ | |
| | | | | | | | | | | | | | | |
| +--+ Zun Compute +--------+ Docker Engine | | | | | | Docker Engine +--------+ Zun Compute +--+ |
| | | | | | | | | | | | | |
| +-------+-------+ +-------+-------+ | | | | +-------+-------+ +-------+-------+ |
| | | | | | | | | |
| | | | | | | | | |
| +-------+-------+ +-------+-------+ | | | | +-------+-------+ +-------+-------+ |
| | | | | | | | | | | | | |
| | Local Neutron +--------+ Kuryr | | | | | | Kuryr <--------> Local Neutron | |
| | | | libnetwork | | | | | | libnetwork | | | |
| +-------+-------+ +---------------+ | | | | +---------------+ +-------+-------+ |
| | | | | | | |
| +------------------------------------×----+ +----×------------------------------------+ |
| | | |
+--------------------------------------------------+ +--------------------------------------------------+
Region One Region Two
Fig. 1 The multi-region container management architecture.
As showned in the Fig. 1 above, in Tricircle, each region has already installed
a local neutron. In order to accomplish container management in Tricircle,
admins need to configure and install zun,docker,kuryr and kuryr-libnetwork.
Under the Central_Neutron-Local_Neutron scenario, we plan to let zun employ
the central neutron in Central Region to manage networking resources, meanwhile
still employ docker engine in its own region to manage docker container instance.
Then, use kuryr/kuryr-libnetwork to connect the container network to the neutron network.
Hence, the workflow of container creation in Tricircle can be described as follows. ::
+-----------------------------------------------------------------------------------------------------------------------------------------------+
| +---------------+ +---------------+ +-----------------+ +-------------------------+ |
| +----------+ +-->| neutronClient | -->| Local Neutron | -->| Central Neutron | -->|Neutron network and port | |
| +------->| Keystone | | +---------------+ +------^--------+ +--------+--------+ +-------------+-----------+ |
| | +----------+ | | | | |
| | | +------------------+ +----------------------+ +-----------------+-----------+ |
| | +-->| kuryr/libnetwork | --------------------------------------->|Connect container to network | |
| +--+---+ +---------+ +-------------+ | +------------------+ +-----------------+-----------+ |
| | User | -->| Zun API | -->| Zun Compute | --+ | |
| +------+ +---------+ +-------------+ | +--------------+ +--------------+ | |
| +-->| glanceClient | -->| docker image | +=====+=====+ |
| | +--------------+ +------+-------+ ‖ Container ‖ |
| | | +=====+=====+ |
| | +------------+ +--------V---------------+ | |
| +-->| Docker API | -->| Create docker instance | ----------------------------------+ |
| +------------+ +------------------------+ |
+-----------------------------------------------------------------------------------------------------------------------------------------------+
Fig. 2 The multi-region container creation workflow.
Specifically, when a tenant attempts to create container, he/she needs to
send a request to Zun API. Then it will call zun compute driver to create
a container in four sub-steps. Firstly, call network_api(neutronClient) to
process neutron network(use Central_Neutron-Local_Neutron mechanism). Secondly,
call image_api(glanceClient) to provide docker image. Thirdly, call docker API
to create docker instance. Finally, use kuryr connect container to neutron network.
So far, a container can successfully created in Tricircle environment. Considering
the Tricircle is dedicated to enabling networking automation across Neutrons, so we
can implement the interconnection among multiple containers in multi-region scenario.
As shown below. ::
+------------------------+ +-------------------+ +------------------------+
| net1 | | | | net1 |
| +---------+--------------------------+-------------------------+----------+ |
| | | | | | | | |
| | | | | | | | |
| +-----+------+ | | | | | +-----+------+ |
| | Container1 | | | +----+----+ | | | Container2 | |
| +------------+ | | | | | | +------------+ |
| | | | Router | | | |
| +-----+------+ | | | | | | +-----+------+ |
| | Container3 | | | +----+----+ | | | Container4 | |
| +-----+------+ | | | | | +-----+------+ |
| | | | | | | | |
| | | | | | | | |
| +---------+--------------------------+-------------------------+----------+ |
| net2 | | | | net2 |
| | | | | |
| +--------------------+ | | +---------------+ | | +--------------------+ |
| | Local Neutron | | | |Central Neutron| | | | Local Neutron | |
| +--------------------+ | | +---------------+ | | +--------------------+ |
+------------------------+ +-------------------+ +------------------------+
Region One Central Region Region Two
Fig. 3 The container interconnection in multi-region scenario.
Although, combined with Tricircle, we can also implement the container deletion,
the container modification, the container lookup and so on in multi-region scenario.
That means we can implement container management in multi-region scenario.
Data Model Impact
-----------------
None
Dependencies
------------
None
Documentation Impact
--------------------
None
References
----------
None