2016

In the beginning…(2012)

The Go Landscape2012

Apcera PlatformThe Instance Manager

Instance ManagerState Machine Apocalypse

● Started out simple, but naive about the future● Few small libraries…● … but all integration logic was central

● 8 states● 53 function handlers

Existing Weight

● Ubuntu base OS● CAPS deployment● .deb packaging● Operational tooling

System Skew is a Problem

● Deploys non-atomic● Different lifecycle per host● Operational access

A New ModelKurma

● Minimize host dependencies● Everything is a container● Simple notions that could be easily extended● Simple, well defined APIs

What is Kurma made of?

Existing● Go + C

● App Container (AppC)

● Apcera’s existing instrumentation

Coming soon● Go + C

● AppC

● libcontainer based

● CNI for networking

What is Kurma made of?

Existing● Go + C

● App Container (AppC)

● Apcera’s existing instrumentation

Coming soon● Go + C

● AppC

● libcontainer based

● CNI for networking

Delivery

kurmad● Existing host

● Download and run

● Immediately benefit

● Depends on host kernel and libc

kurmaOS● Minimalist distro

● Services as containers

● A/B partition model

● Console is just a container

Delivery

kurmad● Existing host

● Download and run

● Immediately benefit

● Depends on host kernel and libc

kurmaOS● Minimalist distro

● Services as containers

● A/B partition model

● Console is just a container

KurmaProcess Model

KurmaStager Process

KurmaUser Processes

StagerPluggable Process Orchestration

● Responsible for instrumenting the pod● Packaged as a signed, trusted ACI image● Gets own mount and network namespace

Stager API

● Simplest unit of work: an executable● Setup via image ‘Exec’ setting● Other calls through expected executables

– /opt/stager/run

– /opt/stager/status

– /opt/stager/logs

– ...

KurmaReusable Unit

KurmaReusable Unit for Extensibility

Networking API

● ACI image● Passes along JSON configuration● Executes commands to setup networking on

other containers– /opt/network/add <ns> <container-id>

– /opt/network/del <ns> <container-id>

KurmaReusable Unit for Extensibility

/opt/stager/run cni /opt/network/add ...

KurmaExtensibility Through Reuse

KurmaExtensibility Through Reuse

KurmaExtending Boundries with Semantics

KurmaRemote API

Kubernetes + Kurma

Why?

● Kurma usage outside Apcera● Increased platform flexibility● Integrating with broader community

Kubelet

● Has existing Runtime interface● Rich interface for engine communication● Kubelet is a bit of a leaky abstraction● Workarounds for Dockerisms

Testing

● Mystical● Documentation gaps● Excellent Github/PR integration

Codebase

● Godep pains● “hack” directory?● Documentation gaps● Interface movement

Runtime.ConvertPodStatusToAPIPodStatus()

Kurmanetes

● Maturing Kurma based on Kubernetes needs– Pods

– Networking

– Image management

● Runtime abstraction nearly complete

Kurmanetes

● Done– Pod management

– Image retrieval and management

● Remaining– Landing Kurma’s pod/stager branch

– cAdvisor integration

– Integration testing

– Work towards improving the abstraction leaks

Questions?

Resources

Kurmakurma.io

github.com/apcera/kurma

Meken@apcera.com

@krobertson

We’re hiring for the Kurma team.