vmware / vic

vSphere Integrated Containers Engine is a container runtime for vSphere.
http://vmware.github.io/vic
Other
640 stars 174 forks source link

Investigation on support for Docker SwarmKit by vic engine #6293

Open chengwang86 opened 7 years ago

chengwang86 commented 7 years ago

User Statement:

As an admin user, I want to be able to use Docker SwarmKit to manage/orchestrate my VCH'es and DCH'es if multiple VCH'es and DCH'es are deployed across geographically located clusters. This may be helpful for achieving a variety of goals, e.g., VCH load-balancing, VCH redudancy (HA), VCH affinity/anti-affinity rules ...

Details: We need to investigate the following:

Acceptance Criteria:

sflxn commented 7 years ago

@corrieb Can you comment on this? I believe you've done more research and have some ideas.

corrieb commented 7 years ago

Investigation into feasibility is ongoing. SwarmKit has both a containerd and engine plugin. The engine plugin should work with VIC, but I've hit my first roadblock with that. It pulls and creates images, but they don't start.

Swarmkit consists of a daemon and a client. It probably makes sense to embed the daemon in the VIC appliance. A user would then have to run the client manually, unless we had some integration in Admiral.

The work involved here may involve creating a custom VIC plugin for SwarmKit because we will want it to work with the container networks and have the ability to take things like our custom Volume options. We should contribute that back to SwarmKit in OSS if we need to do that.

corrieb commented 7 years ago

I can verify that with the fix for https://github.com/vmware/vic/issues/6372, I can get SwarmKit to drive a single VCH as a node, deploying containers as a "service", creating replicas and then deleting them when the service stops. This is a good start to the validation process. There's no reason this simple test shouldn't work with multiple VCHs.

corrieb commented 7 years ago

I'd like to define a series of scenarios that would constitute an MVP for running SwarmKit with VIC engine. These are intended to satisfy particular customer requirements and to ensure that some of the core capabilities of VIC are capable of being satisfied. The initial approach laid out by this issue focuses on API support, which is important, but I want to ensure that we're covering important business value from which API support can be derived.

Note that these scenarios do not prescribe how or where swarmd or swarmctl are to be run

Scenarios:

1) Single VCH "service" capability

Premise:

Ensures that a certain number of instances of a container can be maintained against a single VCH and that if instances are unhealthy or die, that SwarmKit is able to recreate and kill them. The use of a single VCH may seem to negate much of the advantage of the SwarmKit scheduler, but let's not forget that vSphere is already able to schedule containers to "nodes" and so unless VCH redundancy is required, the combination certainly has value.

This needs to be able to work at a minimum with vSphere container networks and should be able to pass VolumeStore options for volume creation.

This should work just fine for both stateless and stateful workloads. However, there are significant caveats for stateful workloads. If a single stateful service is made up of multiple containers, by implication there should only be a single persistent source of truth. That means that the containers all need to see a shared filesystem (NFS volume). It's possible to conceive of a model where ephemeral cVMs come up and down against a pool of volumes if a volume represents an isolated thread of work that is advanced whenever a cVM attaches to it. In that scenario, you would need to be able to schedule containers to available volumes, which I'm not sure SwarmKit is capable of. TBD

Pre-requisites:

Scenarios:

2) Single VCH container rolling update

Premise:

This is an adaptation of (1) and has very similar pre-requisites. The basic premise here is that you should be able to upgrade an instance of a container by performing a rolling update against a single VCH. This is another benefit of using SwarmKit to schedule containers in the single VCH case, although this should work just as well against multiple VCHs.

The same caveats apply to stateful workloads as in (1).

Scenarios:

3) Multiple VCH redundancy

Premise:

It should be possible to use SwarmKit to schedule one or more containers to multiple VCHs. These VCHs may be in different vSphere clusters, different vCenters, different racks or geographies. The purpose of the redundancy is that if a single VCH becomes unhealthy for some reason, SwarmKit is able to shift the workloads to a VCH that is healthy.

This is obviously a more natural fit for stateless containers as non-NFS VolumeStores are not designed to be sharable between VCHs. Even if an external LUN is visible to multiple vCenters, detaching a VMDK from one cVM in one VCH and re-attaching it to another in a different VCH is complex and arguably something of an anti-pattern for containers. That said, we may want to consider a convention if it becomes something customers see value in.

This should however be able to work with our NFS volume store support and we should test that.

Pre-requisites:

Scenarios:

4) Label-based scheduling to multiple VCHs

Premise:

The premise is simple. The ability to associate labels with VCHs and have SwarmKit apply scheduling rules for containers to those nodes based on the labels. The business value here is that there may be data gravity or latency issues where it's important that particular containers are only ever scheduled to a single VCH, while other containers can be more flexibly scheduled.

Pre-requisites:

Scenarios:

eduardoscheidet commented 5 years ago

Nice project, I will create a lab for tests similary you. I'll be back with feeds, sya