Convergence of Virtual Machines and Containers Orchestration

Whenever in order to implement and manage cloud: IASS and CASS, two separate orchestration tool, namely libvirt and Kubernetes respectively, are used. Customers need to take care of both of them in two infrastructure stacks even sometimes they are built on each other. Wouldn't it be better if we can manage VMs and containers using the same API? KubeVirt, a Kubernetes add-on to manage virtual machines, is one way to satisfy it. This talk aims to introduce KubeVirt, a common ground for virtualization solutions on top of Kubernetes, its design, and implementation, and finally present one live demo.
展开查看详情

1. Convergence of VM and containers orchestration using KubeVirt Chunfu Wen chwen@redhat.com

2.Agenda ● Context Introduction ● What Is Kubevirt And How It Feel ● Kubevirt Architecture And Design ● Demo #INSERT LC3DESIGNATOR, IF NEEDED

3.FIRST A LITTLE HISTORY Virtual Machines #INSERT LC3DESIGNATOR, IF NEEDED

4.FIRST A LITTLE HISTORY A Virtual Machines Containers #INSERT LC3DESIGNATOR, IF NEEDED

5. Virtualization VS Containers VS VM virtualizes the hardware container isolates the process

6.VIRTUAL MACHINES VS CONTAINERS Virtual Machine Container Application Application Bins/Libs Bins/Libs Guest OS Container Host Each of these attributes can be a positive or a negative for a given workload. Increasingly organizations have a mix of both. #LC3 INSERT DESIGNATOR, IF NEEDED

7.EXISTING SYSTEMS TREAT THESE SEPARATELY Container Virtual Machine Virtual Machine Container RHEL RHEL RHEL Physical Machine Physical Machine Physical Machine #INSERT LC3DESIGNATOR, IF NEEDED

8. WHAT ABOUT EXISTING WORKLOADS? CONTAINER INFRASTRUCTURE AND ORCHESTRATION Container Application and Kubernetes orchestration as provided by OpenShift are A becoming the standard for new applications. VIRTUALIZED WORKLOADS Virtualized Workloads are not going anywhere fast! Business reasons (cost, time to market) and technical reasons (older/different operating system) CONVERGING INFRASTRUCTURE How can we bring these two worlds closer together? #INSERT LC3DESIGNATOR, IF NEEDED

9.So,if…. ● VMS are just user processes ○ VM and containers already share some isolation technologies ,selinux and cgroup ● Kubernetes manage clustered containers,which are user processes ● Get a converged infrastructure A #INSERT LC3DESIGNATOR, IF NEEDED

10.Concept of Proof Pod Container Replace Container Virtual Machine #INSERT LC3DESIGNATOR, IF NEEDED

11.One Typical Benefit Scenario ● Windows guest VM access containerized mysql Pod Service Virtual Machine MySql Container #INSERT LC3DESIGNATOR, IF NEEDED

12. OpenShift = Enterprise K8s + Docker Build, Deploy and Manage Containerized Apps CONTAINER CONTAINER CONTAINER CONTAINER CONTAINER SELF-SERVICE SERVICE CATALOG (LANGUAGE RUNTIMES, MIDDLEWARE, DATABASES, …) BUILD AUTOMATION DEPLOYMENT AUTOMATION APPLICATION LIFECYCLE MANAGEMENT (CI / CD) CONTAINER ORCHESTRATION & CLUSTER MANAGEMENT (KUBERNETES) LOGS & NETWORKING STORAGE REGISTRY SECURITY METRICS INFRASTRUCTURE AUTOMATION & COCKPIT OCI CONTAINER RUNTIME & PACKAGING ATOMIC HOST / RED HAT ENTERPRISE LINUX # LC3

13.Enter kubevirt Kubenest+Libvirt? “Virtual Machine management addon to Kubernetes that extends Kubernetes in a way that allows it to schedule VM workloads side by side with container workloads.” #INSERT LC3DESIGNATOR, IF NEEDED

14.Explore more ● Extends OpenShift/Kubernetes to support orchestration of virtual machine workloads alongside application container workloads in the same cluster. ● Developer centric approach to virtualization that drops directly into existing Openshift/Kubernetes clusters ○ Implemented as a CustomResouceDefinition ● Aims to provide as Kubernetes-native an experience to working with VMs As possible ○ Integrates directly with other Kubernetes concepts (like Persistent Volumes, Pod networking) ○ Manager virtual machines like Pods! ● Scheduling, networking, and storage are all delegated to Kubernetes, while KubeVirt provides the virtualization functionality #INSERT LC3DESIGNATOR, IF NEEDED

15. How Kubevirt Feel? #INSERT LC3DESIGNATOR, IF NEEDED

16.FIrst Look At Pod Object kind: Pod What is a Pod? metadata: name: nginx “A pod (as in a pod of whales or pea pod) is a group of one labels: or more containers (such as Docker containers), with name: nginx shared storage/network, and a specification for how to run spec: the containers.” * containers: - name: nginx image: nginx:latest ports: - containerPort: 80 nodeSelector: cpu: fast status: phase: Running * https://kubernetes.io/docs/concepts/workloads/pods/pod/#what-is-a-pod #INSERT LC3DESIGNATOR, IF NEEDED

17.The VirtualMachine Object kind: VirtualMachine We have the typical Pod like structure: metadata: ● Metadata section name: testvm ● Specification section spec: ● Typical Pod features like domain: ○ nodeSelector devices: ○ affinity type: ● Status section PersistentVolumeClaim device: disk Behind the scene a Pod is created, scheduled and we source: make sure that the VM starts correctly inside. name: myVolumeClaim nodeSelector: cpu: fast status: phase: Running #INSERT LC3DESIGNATOR, IF NEEDED

18.CustomResourceDefinition:vm-resource.yaml apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition CustomResourceDefinition Extend metadata: the Kubernetes API: creationTimestamp: null ● create a new labels: CustomResourceDefinition (CRD), the kubevirt.io: "" Kubernetes API Server reacts by name: virtualmachines.kubevirt.io creating a new RESTful resource path spec: ● After the CustomResourceDefinition group: kubevirt.io object has been created, you can names: create custom objects. Custom objects kind: VirtualMachine can contain custom fields plural: virtualmachines shortNames: - vm - vms singular: virtualmachine scope: Namespaced validation: #INSERT LC3DESIGNATOR, IF NEEDED

19.The Typical Kubectl Feeling kind: VirtualMachine Typical Pod commands: metadata: ● kubectl create -f mypodspec.yaml name: testvm ● kubectl delete mypod spec: ● kubectl exec mypod -it /bin/bash domain: devices: Typical Virtual Machine commands: graphics: ● kubectl create -f myvmspec.yaml - type: spice ● kubectl delete testvm consoles: ● kubectl plugin virt console testvm - type: pty ● kubectl plugin virt spice testvm #INSERT LC3DESIGNATOR, IF NEEDED

20. Architecture #INSERT LC3DESIGNATOR, IF NEEDED

21.Kubevirt Architecture Internal #INSERT LC3DESIGNATOR, IF NEEDED

22.Components(1/5) virt-controller: ● This controller is responsible for monitoring the VM (CRDs) and managing the associated pods. Currently the controller will make sure to create and manage the life-cycle of the pods associated to the VM objects. ● A VM object will always be associated to a pod during it's life-time, however, due to i.e. migration of a VM the pod instance might change over time. #INSERT LC3DESIGNATOR, IF NEEDED

23.Components(2/5) VM (CRD): ● Machine type ● CPU type ● Amount of RAM and vCPUs ● Number and type of NICs #INSERT LC3DESIGNATOR, IF NEEDED

24.Components(3/5) virt-launcher: ● For every VM object one pod is created. This pod's primary container runs the virt-launcher KubeVirt component. ● Virt launcher will take care to launch a VM process for every pod which is associated to a VM object whenever it is getting scheduled on a host. ● The main purpose of the virt-launcher Pod is to provide the cgroups and namespaces, which will be used to host the VM process. ● Virt-handler signals virt-launcher to start a VM by passing the VM's CRD object to virt-launcher. virt-launcher then uses a local libvirtd instance within its container to start the VM. From there virt-launcher monitors the VM process and terminates once the VM has exited. #INSERT LC3DESIGNATOR, IF NEEDED

25.Components(4/5) virt-handler: ● Every host needs a single instance of virt-handler. It can be delivered as a DaemonSet. ● Virt-handler is also reactive and is watching for changes of the VM object, once detected it will perform all necessary operations to change a VM to meet the required state. ● Report domain state and spec changes to the cluster. #INSERT LC3DESIGNATOR, IF NEEDED LC3

26.Components(5/5) libvirtd: ● An instance of libvirtd is present in every VM pod. virt-launcher uses libvirtd to manage the life-cycle of the VM process.. #INSERT LC3DESIGNATOR, IF NEEDED LC3

27. DEMO INSERT DESIGNATOR, IF NEEDED LC3 # LC3

28. Deep dive into it INSERT DESIGNATOR, IF NEEDED LC3 # LC3

29.Workflow: Create and Delete a VM INSERT DESIGNATOR, IF NEEDED LC3 # LC3