Abstract:
Kurma is a open source container runtime that is based on the container
instrumentation built into the Apcera Platform. Kurma, and its accompanied
"KurmaOS" is our vision of a lightweight, fully containerized operating system.
This presentation will cover Apcera's journey in its container
instrumentation. Beginning with the pre-Docker landscape, how it grew over the
course of 3+ years, and the "next-gen" adaption of it, where the base container
instrumentation has been adapted to stand as its own open source project, and
growing it to be used beyond just Apcera's own usage.
Kurma incorporates a lot of lessons learned with both development and operations
of a container platform, including building modular vs monolith, extensibility
being built in vs built on, and managing a cluster of hosts and containers.
We'll also cover our experiences with introducing it to Kubernetes as another
first class runtime provider. Taking how Kurma works and have it work with
Kubernetes, and how we'd like to see Kubernetes grow in some of the areas we see
Kurma growing.
Outline:
- Discuss Apcera's journey with first building its existing platform, starting
- in the pre-Docker landscape.
- Lessons learned in platform architecture as the system grew (monolith vs
- modular) and in improving it operationally.
- Migrating Apcera's container runtime to its own project
- Containerize everything, a container operating system
- System services for syslog, ntp, etc
- Operation access to the host without polluting it
- Extensible network and storage instrumentation through containerized
- managers
- Extensible notion of clustering. A host is a building block. It is boring and
- uninteresting. With many blocks, you can build something interesting.
- Kurma is intended to have no remote API. But it can be given a list of
- containers to run on boot, and it can entrust them with local API access.
- Those initial containers can overlay clustering semantics. They instrument
- authentication, authorization, and can define whether a container that comes
- in remotely should be allowed to run privileged or not.
- Bringing Kurma to Kubernetes
- Experiences with extending the kubelet to kurma.
- Ensuring compatibility/portability with a Docker de facto
- Deployment and instrumentation handling
