Project Contiv – Infrastructure Operational Policy Specification for Containerized Application Deployment
One of the biggest disruptions in the IT world is upon us. 10 years ago it was server virtualization, more recently the adoption of cloud – both private and public. One could argue that cloud adoption is still ongoing. But I think a more fundamental disruption is happening with the way applications are going to be built, deployed and operated in the future.
By now, almost everyone is familiar with the industry buzzwords such as containers/Docker, microservices and DevOps, etc. We are in some ways skeptical of these buzzwords as we have seen many fizzle over longer term. But, these technologies/architectures enable the enterprise to build cloud-native applications and run them at scale. They will help organizations make the most of public and private cloud deployment and will result in cloud adoption increasing exponentially.
Many still believe that the primary benefits of containers come from the technology optimizations that they bring when compared to Virtual Machines (VMs). For instance, the significant scale increase (more than 10x per host density), smaller footprint (memory, CPU, hard disk) or the faster creation and destroy cycle (milliseconds vs. minutes). But while these things are indeed very relevant, the real benefits are broader than just infrastructure advantages. The two main benefits are, first how the container technology is ideally suited to enable newer ways to develop applications (continuous integration and development) and secondly how you can scale applications (through microservices architecture) and port them between different infrastructure environments (public or private).
Microservices architectures are transforming the way applications are architected and built. I can remember the days when I could never wait for our IT to role out an update to my favorite application because the timelines were always in multiple months if not years. Hopefully, those days are going to be a thing of the past with the current ability to construct applications in a more easily developable/updatable/scalable microservices framework.
Although there are numerous projects and tools available in the market place in order for IT to set up the infrastructure, there is still need for admins to be able to specify the infrastructure operational policies around network, storage, security, compute for the containerized applications in an automated way and have those policies be implemented across infrastructure consistently. If no such mechanism exists, we could have resource contention between production and development applications or security violations between different applications/tenants and overall unpredictable application performance. We believe there has to be better way for containerized applications to run in a shared infrastructure.
Introducing Project Contiv
Project Contiv is an open source project defining infrastructure operational policies for container-based application deployment. Application intent, such as docker compose, allows for declarative specification for an application’s microsevices composition. Project Contiv compliments application intent with the ability to specifyinfrastructure operational policies for network, storage and compute elements of the physical and virtual infrastructure by directly mapping the application intent, with the infrastructure policy required.
So what are some of the infrastructure operational policies that most IT organization expects to specify for containerized applications?
- Security policies for applications for inbound/outbound as well as within application tiers
- Network services policies- integration of L4-L7 services (Load balancers, firewall, encryption, etc.)
- Analytics and diagnostics policies
- Physical infrastructure policies around bandwidth limit/guarantee per container, latency requirements, etc.
- IP allocation management (IPAM) policies
- Storage policies around persistence storage, volume allocation, snapshotting etc.
- Compute policies around performance requirements/off-load (to NIC or Network) and SLA etc.
- Corporate and government compliance policies
So with Project Contiv, we hope to help you optimize and achieve saner shared infrastructure for your various containerized applications.
We believe the best way to go about achieving this objective is to build a community of similar minded people to join the Project Contiv and contribute at http://contiv.github.io/ to enable enterprise grade applications to be adopted more rapidly.
Currently there are two projects that enable networking and storage for docker based container deployment.
Contiv Networking is a container network plugin to provide infrastructure and security policies for a multi-tenant microservices deployment, while providing integration to physical network for communicating with non-container workload. Contiv Networking implements the remote driver and IPAM APIs available in Docker 1.9 onwards. For more information, visit https://github.com/contiv/netplugin
Contiv Volume plugin is a docker volume plugin that provides multi-tenant, persistent, distributed storage with intent based consumption using ceph underneath. For more information, visit https://github.com/contiv/volplugin
We got a very encouraging start to our introduction talk by Vipin Jain (@jainvipin_), core developer of Project Contiv at Docker Meetup in Palo Alto last month with 250 registered attendees (with about 100 on waitlist). If you are visiting DockerCon Europe 2015 at Barcelona next week, make sure you visit Project Contiv booth for a demo and connect with us in person. We are looking forward to your contributions in the container community and Project Contiv github.
I also encourage you to visit Cisco’s open source project Mantl around microservices infrastructure. Project Contiv will soon be part of the Project Mantl to bring better infrastructure for your microservices applications.