Add scope doc
Change-Id: I6b454dc45778fb666a25463f4d44ee3ccddbd649 Signed-off-by: Harry Zhang <harryz@hyper.sh>
This commit is contained in:
		
							
								
								
									
										6
									
								
								docs/source/index.rst
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										6
									
								
								docs/source/index.rst
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,6 @@ | |||||||
|  | ============== | ||||||
|  | Welcome to Stackube developer documentation! | ||||||
|  | ============== | ||||||
|  |  | ||||||
|  | Stackube is a multi-tenant and secure Kubernetes deployment enabled by OpenStack | ||||||
|  | core components. | ||||||
							
								
								
									
										128
									
								
								docs/source/stackube_scope_clarification.rst
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										128
									
								
								docs/source/stackube_scope_clarification.rst
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,128 @@ | |||||||
|  | ============== | ||||||
|  | Stackube Scope | ||||||
|  | ============== | ||||||
|  |  | ||||||
|  | A multi-tenant and secure Kubernetes deployment enabled by OpenStack | ||||||
|  | core components. | ||||||
|  |  | ||||||
|  | Not another “Kubernetes on OpenStack” project | ||||||
|  |  | ||||||
|  | Stackube is a standard upstream Kubernetes deployment with: | ||||||
|  |  | ||||||
|  | 1. Mixed container runtime of Docker (Linux container) and | ||||||
|  |        HyperContainer (hypervisor-based container) | ||||||
|  |  | ||||||
|  | 2. Keystone for tenant management | ||||||
|  |  | ||||||
|  | 3. Neutron for container network | ||||||
|  |  | ||||||
|  | 4. Cinder for persistent volume | ||||||
|  |  | ||||||
|  | The main difference between Stackube with existing container service | ||||||
|  | project in OpenStack foundation (e.g. Magnum) is: **Stackube works | ||||||
|  | alongside OpenStack, not on OpenStack**. This means: | ||||||
|  |  | ||||||
|  | 1. Only standalone vanilla OpenStack components are required | ||||||
|  |  | ||||||
|  | 2. Traditional VMs are not required because HyperContainer will provide | ||||||
|  |        hypervisor level isolation for containerized workloads. | ||||||
|  |  | ||||||
|  | 3. All the components mentioned above are managed by Kubernetes plugin | ||||||
|  |        API. | ||||||
|  |  | ||||||
|  | What‘s inside Stackube repo? | ||||||
|  |  | ||||||
|  | 1. Keystone RBAC plugin | ||||||
|  |  | ||||||
|  | 2. Neutron CNI plugin | ||||||
|  |  | ||||||
|  |    a. With a k8s Network object controller | ||||||
|  |  | ||||||
|  | 3. Standard k8s upstream Cinder plugin with block device mode | ||||||
|  |  | ||||||
|  | 4. Deployment scripts and guide | ||||||
|  |  | ||||||
|  | 5. Other documentations | ||||||
|  |  | ||||||
|  | Please note: | ||||||
|  |  | ||||||
|  | 1. Plugins above will be deployed as system Pod and DaemonSet. | ||||||
|  |  | ||||||
|  | 2. All other Kubernetes volumes are also supported in Stackube, while k8s | ||||||
|  |        Cinder plugin with block device mode can provide better | ||||||
|  |        performance in mixed runtime which will be preferred by default. | ||||||
|  |  | ||||||
|  | What’s the difference between other plugin projects? | ||||||
|  |  | ||||||
|  | 1. Kuryr | ||||||
|  |  | ||||||
|  |    a. This is a Neutron network plugin for Docker network model, which | ||||||
|  |           is not directly supported in Kubernetes. Kuryr can provide CNI | ||||||
|  |           interface, but Stackube also requires tenant aware network | ||||||
|  |           management which is not included in Kuryr. | ||||||
|  |  | ||||||
|  | 2. Fuxi | ||||||
|  |  | ||||||
|  |    a. This is a Cinder volume plugin for Docker volume model, which is | ||||||
|  |           not supported in latest CRI based Kubernetes (using k8s volume | ||||||
|  |           plugin for now, and soon CSI). Also, Stackube prefers a | ||||||
|  |           “block-device to Pod” mode in volume plugin when | ||||||
|  |           HyperContainer runtime is enabled, which is not supported in | ||||||
|  |           Fuxi. | ||||||
|  |  | ||||||
|  | 3. K8s-cloud-provider | ||||||
|  |  | ||||||
|  |    a. This is a “Kubernetes on OpenStack” integration which requires | ||||||
|  |           full functioning OpenStack deployment. | ||||||
|  |  | ||||||
|  | 4. Zun | ||||||
|  |  | ||||||
|  |    a. This is a OpenStack API container service, while Stackube exposes | ||||||
|  |           well-known Kubernetes API and does not require full | ||||||
|  |           OpenStack deployment. | ||||||
|  |  | ||||||
|  | As summary, one distinguishable difference is that plugins in Stackube | ||||||
|  | are designed to enable hard multi-tenancy in Kubernetes as a whole | ||||||
|  | solution, while the other OpenStack plugin projects do not address this | ||||||
|  | and solely focus on just integrating with Kubernetes/Docker as-is. There | ||||||
|  | are many gaps to fill when use them to build a real multi-tenant cloud, | ||||||
|  | for example, how tenants cooperate with networks in k8s. | ||||||
|  |  | ||||||
|  | Another difference is Stackube use mixed container runtimes mode of k8s | ||||||
|  | to enable secure runtime, which is not in scope of existing foundation | ||||||
|  | projects. In fact, all plugins in Stackube should work well for both | ||||||
|  | Docker and HyperContainer. | ||||||
|  |  | ||||||
|  | The architecture of Stackube is fully decoupled and it would be easy for | ||||||
|  | us (and we’d like to) integrate it with any OpenStack-Kubernetes plugin. | ||||||
|  | But right now, we hope to keep everything as simple as possible and | ||||||
|  | focus on the core components. | ||||||
|  |  | ||||||
|  | A typical deployment workflow of Stackube | ||||||
|  |  | ||||||
|  | On control nodes: | ||||||
|  |  | ||||||
|  | 1. Install standalone Keystone, Neutron, Cinder (ceph rbd) | ||||||
|  |  | ||||||
|  |    a. This can be done by any existing tool like devstack, RDO etc | ||||||
|  |  | ||||||
|  | On other nodes: | ||||||
|  |  | ||||||
|  | 1. Install Kubernetes | ||||||
|  |  | ||||||
|  |    a. Including container runtimes, CRI shims, CNI etc | ||||||
|  |  | ||||||
|  |    b. This can be done by any existing tool like kubeadm etc | ||||||
|  |  | ||||||
|  | Deploy Stackube: | ||||||
|  |  | ||||||
|  | 1. *kubectl apply -f stackube.yaml* | ||||||
|  |  | ||||||
|  |    a. This will deploy all Stackube plugins as Pods and DaemonSets to | ||||||
|  |           the cluster | ||||||
|  |  | ||||||
|  | (You can also deploy all these components in a single node) | ||||||
|  |  | ||||||
|  | After that, users can use Kubernetes API to manage containers with | ||||||
|  | hypervisor isolation, Neutron network, Cinder volume and tenant | ||||||
|  | awareness. | ||||||
		Reference in New Issue
	
	Block a user
	 Harry Zhang
					Harry Zhang