At OpenStack Summit in Berlin, the OpenStack Foundation revealed more of its plans for its projects beyond the Infrastructure-as-a-Service (IaaS) cloud. These projects are: Kata Containers, a secure container approach; Zuul, a continuous integration and continuous delivery (CI/CD) system; Airship, a front-end to Kubernetes; and Starling, an edge-computing cloud stack.
Kata "Containers" is something of a misnomer. Rather than true containers, such as LXC, Kara Containers are lightweight VMs designed to feel and perform like containers. Why bother? Eric Ernst, an Kata Containers Architecture Committee member, explained, they "provide the workload isolation and security advantages of VMs."
To date, Kata Containers community biggest achievements include:
- Support for major architectures, include AMD64, ARM, and IBM p-series.
- Containers getting entropy via virtio-rng, which creates a higher quality randomness for random number generation.
- Kata Agent now has optional beta seccomp support. This is a Linux system call and network security mechanism.
- Better logging
- NEMU hypervisor support. NEMU is an open source hypervisor fork of QEMU. NEMU modernizes QEMU for today's 64-bit Intel and ARM CPUs. Intel started open-source NEMU to make a lightweight hypervisor that's better suited for cloud deployments than QEMU.
Ernst concluded, "The Kata Containers community continues to work closely with the OCI and Kubernetes communities to ensure compatibility, and regularly tests Kata Containers across Azure, Google, and OpenStack public cloud environments."
OpenStack is a beast of a project with multiple sub-projects. To build it, OpenStack created its own CI/CD: Zuul.
Monty Taylor, Zuul Maintainer, explained, "Zuul understands that deliverables are comprised of many related parts. It allows the expression and correct testing of patch series spanning repositories, allowing developers to add support in underlying libraries, features using those libraries in services and eventual exposure in a UI layer ... and validate that it'll all work BEFORE landing any of the changes."
Zuul's latest features include:
- Supercedent Pipeline Managers: Pipeline managers were the first pluggable resource, but we just added the first new manager in six years. The supercedent manager is great for things like releases or docs builds where multiple trigger events should be collapsed rather than each event resulting in a job run.
- Job Pause: Sometimes in a job graph, you'd like to set up a resource in one job, then reuse that resource in the dependent portions. Job pause allows a user to tell Zuul to pause the execution of one job and let its dependent jobs begin executing.
- Dashboard React Rewrite: Zuul's web dashboard was rewritten in React. It's now much less resource intensive in the browser, but is also now a progressive web app, which means you can make it behave like an app on your phone.
- Kubernetes Build Resources: In addition to OpenStack cloud resources and pre-defined "static" resources, we now support Kubernetes-based resources.
Airship serves as a front-end to Kubernetes. If that sounds familiar, it should. OpenStack-Helm is an older sister project.
Airship has a single workflow for managing both initial installations and updates. An operator only needs to make a change to an Airship YAML configuration, and the Airship platform should do the rest. When managing complex IaaS projects such as OpenStack, anything from minor service configuration updates to major upgrades are all handled in the same way: By simply modifying the YAML configuration and submitting it to the Airship runtime.
Airship community has just released its Release Candidate. Version 1.0 is due out in early 2019. Want to kick its tires today? Airship in a Bottle lets you try all of the services in a single environment appropriate for testing in an Ubuntu 16.04 VM.
Finally, StarlingX is a lightweight cloud infrastructure software stack for the edge. It's designed to be used by in the Internet of Things (IoT), telecom, video delivery and in other ultra-low latency use cases.
According to Dean Troyer, a StarlingX Technical Steering Committee member, "New StarlingX services look and feel like OpenStack services and have already proven value in solving problems in real-world use cases."
Sound interesting? OpenStack, and all its new projects, are always looking for more developers and companies that can deploy its technologies.