recap: runescape capsule for on-demand managed service delivery in the cloud · 2019-12-18 ·...
TRANSCRIPT
![Page 1: RECap: RunEscape Capsule for On-demand Managed Service Delivery in the Cloud · 2019-12-18 · other auxiliary functions Rule 2 Use Micro-containers: Package and run your core application](https://reader030.vdocuments.us/reader030/viewer/2022040905/5e7a004edf1a73472f0db9c3/html5/thumbnails/1.jpg)
RECap: RunEscape Capsule for On-demand Managed Service Delivery
in the Cloud
Shripad J Nadgowda, Sahil Suneja, Canturk Isci IBM T J Watson Research Center
![Page 2: RECap: RunEscape Capsule for On-demand Managed Service Delivery in the Cloud · 2019-12-18 · other auxiliary functions Rule 2 Use Micro-containers: Package and run your core application](https://reader030.vdocuments.us/reader030/viewer/2022040905/5e7a004edf1a73472f0db9c3/html5/thumbnails/2.jpg)
Evolution of application runtimes (General-purpose —> Specialized)
!2
General Purpose OS (e.g. Ubuntu)
Apps
Deps
Physical Machines/ VMs
General Purpose OS (e.g. Ubuntu)
Apps
Deps
Containers
But, you promised that containers will be “lightweight” alternatives to VMs?
Lightweight OS (e.g. Alpine)
Apps
Deps
Lightweight runtimes
Apps
Deps
Microcontainers
But, according to standard DevOps practice, container should be immutable ?
Can you reduce TCB for secure containers?
![Page 3: RECap: RunEscape Capsule for On-demand Managed Service Delivery in the Cloud · 2019-12-18 · other auxiliary functions Rule 2 Use Micro-containers: Package and run your core application](https://reader030.vdocuments.us/reader030/viewer/2022040905/5e7a004edf1a73472f0db9c3/html5/thumbnails/3.jpg)
Evolution of application runtimes (General-purpose —> Specialized)
!3
General Purpose OS (e.g. Ubuntu)
Apps
Deps
Physical Machines/ VMs
General Purpose OS (e.g. Ubuntu)
Apps
Deps
Containers
Lightweight OS (e.g. Alpine)
Apps
Deps
Lightweight runtimes
Apps
Deps
Microcontainers
0 10 20 30 40 50 60 70 80 90
100 110
general-purpose-OS
lightweight-O
S
scratch
statically-compiled
# o
f im
ag
es
Application runtimes
![Page 4: RECap: RunEscape Capsule for On-demand Managed Service Delivery in the Cloud · 2019-12-18 · other auxiliary functions Rule 2 Use Micro-containers: Package and run your core application](https://reader030.vdocuments.us/reader030/viewer/2022040905/5e7a004edf1a73472f0db9c3/html5/thumbnails/4.jpg)
Evolution of application runtimes (General-purpose —> Specialized)
!4
General Purpose OS (e.g. Ubuntu)
Apps
Deps
Physical Machines/ VMs
General Purpose OS (e.g. Ubuntu)
Apps
Deps
Containers
Lightweight OS (e.g. Alpine)
Apps
Deps
Lightweight runtimes
Apps
Deps
Microcontainers
You really did everything you promised. But now, how do I manage my containers?
![Page 5: RECap: RunEscape Capsule for On-demand Managed Service Delivery in the Cloud · 2019-12-18 · other auxiliary functions Rule 2 Use Micro-containers: Package and run your core application](https://reader030.vdocuments.us/reader030/viewer/2022040905/5e7a004edf1a73472f0db9c3/html5/thumbnails/5.jpg)
3 Rules for Modern Container Cloud
!5
Rule 1
Functionality Dis-aggregation: Break your traditional monolithic applications into two parts, namely— core application functions and other auxiliary functions
Rule 2
Use Micro-containers: Package and run your core application functions through micro-containers for safer execution
Rule 3
On-demand Auxiliary functions: Enable delivery common auxiliary functions as on-demand managed services on cloud
![Page 6: RECap: RunEscape Capsule for On-demand Managed Service Delivery in the Cloud · 2019-12-18 · other auxiliary functions Rule 2 Use Micro-containers: Package and run your core application](https://reader030.vdocuments.us/reader030/viewer/2022040905/5e7a004edf1a73472f0db9c3/html5/thumbnails/6.jpg)
What are these auxiliary functions?
!6
System and Application Administration Debugging Monitoring
Ad-hoc debugging: gdb, strace, tcpdump, iperf
System metrics: CPU, Memory
Application Metrics: # of connections, # of requests
Typical cronjobs: malware scans, logrations, ntpupdate
Application Utilities: MD5 checksum, archival with tar
How to deliver these functions on-demand and securely to running containers ?
![Page 7: RECap: RunEscape Capsule for On-demand Managed Service Delivery in the Cloud · 2019-12-18 · other auxiliary functions Rule 2 Use Micro-containers: Package and run your core application](https://reader030.vdocuments.us/reader030/viewer/2022040905/5e7a004edf1a73472f0db9c3/html5/thumbnails/7.jpg)
Inspiration…
!7
Serverless or
Function-as-a-Service
![Page 8: RECap: RunEscape Capsule for On-demand Managed Service Delivery in the Cloud · 2019-12-18 · other auxiliary functions Rule 2 Use Micro-containers: Package and run your core application](https://reader030.vdocuments.us/reader030/viewer/2022040905/5e7a004edf1a73472f0db9c3/html5/thumbnails/8.jpg)
Introducing RunEscape Capsule (RECap) (also stands for Capability Redemption)
!8
Capsule RunEscape
This itself is a micro-container
Encapsulates auxiliary function and all its dependencies together
Existing tools and techniques (e.g. Dockerfiles) can be leveraged to create an image
Capsule are dynamically-attached to app containers as a sidecar container
Capsule is attached ONLY for the duration of running the function
Capsule is then detached or Escape the app container
![Page 9: RECap: RunEscape Capsule for On-demand Managed Service Delivery in the Cloud · 2019-12-18 · other auxiliary functions Rule 2 Use Micro-containers: Package and run your core application](https://reader030.vdocuments.us/reader030/viewer/2022040905/5e7a004edf1a73472f0db9c3/html5/thumbnails/9.jpg)
RECap: System Design
!9
KubernetesControlPlane(CloudPlatform)
type:kafka
App
SvcFunc
SvcFunc
type: redis
App
type:kafka
App SvcFunc
type:nginx
App
capletkubelet kubelet caplet
apiVersion: extensions/v1beta1kind: Capsulemetadata:
labels:type: kafka
spec:exePolicy: parallel
…Capsule Image
Capsule Deployment Manifest
Capsule Container
Application Container
Kubernets controller
Control Path
Although agnostic to the underlying cloud substrate, we are currently designing RECap for Kubernetes
![Page 10: RECap: RunEscape Capsule for On-demand Managed Service Delivery in the Cloud · 2019-12-18 · other auxiliary functions Rule 2 Use Micro-containers: Package and run your core application](https://reader030.vdocuments.us/reader030/viewer/2022040905/5e7a004edf1a73472f0db9c3/html5/thumbnails/10.jpg)
RECap: System Design
!10
KubernetesControlPlane(CloudPlatform)
type:kafka
App
SvcFunc
SvcFunc
type: redis
App
type:kafka
App SvcFunc
type:nginx
App
capletkubelet kubelet caplet
apiVersion: extensions/v1beta1kind: Capsulemetadata:
labels:type: kafka
spec:exePolicy: parallel
…Capsule Image
Capsule Deployment Manifest
Capsule Container
Application Container
Kubernets controller
Control Path
Affinity between capsule and app container is established through K8s labels
![Page 11: RECap: RunEscape Capsule for On-demand Managed Service Delivery in the Cloud · 2019-12-18 · other auxiliary functions Rule 2 Use Micro-containers: Package and run your core application](https://reader030.vdocuments.us/reader030/viewer/2022040905/5e7a004edf1a73472f0db9c3/html5/thumbnails/11.jpg)
RECap: System Design
!11
KubernetesControlPlane(CloudPlatform)
type:kafka
App
SvcFunc
SvcFunc
type: redis
App
type:kafka
App SvcFunc
type:nginx
App
capletkubelet kubelet caplet
apiVersion: extensions/v1beta1kind: Capsulemetadata:
labels:type: kafka
spec:exePolicy: parallel
…Capsule Image
Capsule Deployment Manifest
Capsule Container
Application Container
Kubernets controller
Control Path
A special node agent “caplet” manages lifecycle of capsule containers
![Page 12: RECap: RunEscape Capsule for On-demand Managed Service Delivery in the Cloud · 2019-12-18 · other auxiliary functions Rule 2 Use Micro-containers: Package and run your core application](https://reader030.vdocuments.us/reader030/viewer/2022040905/5e7a004edf1a73472f0db9c3/html5/thumbnails/12.jpg)
RECap: Evaluation
!12
Image Build App Deploy Docker Exec Capsule RunEscape
Function exists in app
container0 0 0.083s 0
Function does not exist in app
container5.24s 0.29s 0.083s 0
Capsule Image is present on
the node0 0 0 0.243s
Capsule Image is not present on the node
6.2s 0 0 0.243s
![Page 13: RECap: RunEscape Capsule for On-demand Managed Service Delivery in the Cloud · 2019-12-18 · other auxiliary functions Rule 2 Use Micro-containers: Package and run your core application](https://reader030.vdocuments.us/reader030/viewer/2022040905/5e7a004edf1a73472f0db9c3/html5/thumbnails/13.jpg)
Recap on RECap
!13
Breaking monolithic applications into Microservices and delivering them in Microcontainers
Ability to implement common system administration, debugging, monitoring functions on-demand
RunEscape Capsule is a framework that promotes a cloud-native solution for on-demand managed service delivery
Trend
Challenge
Solution
![Page 14: RECap: RunEscape Capsule for On-demand Managed Service Delivery in the Cloud · 2019-12-18 · other auxiliary functions Rule 2 Use Micro-containers: Package and run your core application](https://reader030.vdocuments.us/reader030/viewer/2022040905/5e7a004edf1a73472f0db9c3/html5/thumbnails/14.jpg)
RECap: Discussion
!14
What is the criteria for deciding which functions can be de-coupled from application and delivered through RECap ?
Is it safe to dynamically execute on-demand functions in the application context ?
Whom does RECap is really going to help ? Developer, Administrator, Cloud provider, Everyone ?
![Page 15: RECap: RunEscape Capsule for On-demand Managed Service Delivery in the Cloud · 2019-12-18 · other auxiliary functions Rule 2 Use Micro-containers: Package and run your core application](https://reader030.vdocuments.us/reader030/viewer/2022040905/5e7a004edf1a73472f0db9c3/html5/thumbnails/15.jpg)
Thank You [email protected]