allow multiple container runtimes in the same cluster

There was already a blueprint for this too:
https://blueprints.launchpad.net/magnum/+spec/container-runtime-config

@Richardo,

Thank you for initiating this. We would need to see if the new runtimes can run with COEs or not. I know Clear Containers can run with Kubernetes[1].

Will research about Kata containers and update here.

[1] https://github.com/intel/cc-oci-runtime/wiki/Clear-Containers-and-Kubernetes

Hi Madhuri.

I think one option is to allow the configuration of alternative CRIs in the Magnum Kubernetes setup, probably defaulting to containerd:
https://github.com/containerd/cri

There's some info here:
https://katacontainers.io/posts/why-kata-containers-doesnt-replace-kubernetes/

which indicates kata would be an OCI compatible runtime replacement to the default 'runc'. So we would need to have that part configurable too.

The easiest with some additional labels:
* kube_cri (default to containerd, which would be usable for kata)
* kube_oci_runtime (default to runc to match the current behavior, but optionally we would have kata there)

How does this sound? I can help drafting how this could be implemented, and will definitely review the changes.

Ricardo

Hi Richardo,

So if I get this correct. You mean to add a new parameter "runtime" to our cluster template. And we install Kata and configure it with COE when users request via the runtime option.

Am I right?

Hi.

On Mon, Jun 4, 2018 at 5:14 PM, Madhuri Kumari <email address hidden> wrote:
> Hi Richardo,
>
> So if I get this correct. You mean to add a new parameter "runtime" to
> our cluster template. And we install Kata and configure it with COE when
> users request via the runtime option.

We can also use labels instead of explicit template parameters
(they're easier to manage :-)).

We would likely need two new labels/params:
* kube_cri (the CRI implementation, likely defaulting to containerd)
* kube_runtime (the runtime implementation, where one option would be kata)

When the runtime is set to Kata, then we install it and configure the
COE accordingly, as you mention.

I think this works.

Ricardo

>
> Am I right?
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1772752
>
> Title:
> allow multiple container runtimes in the same cluster
>
> Status in Magnum:
> New
>
> Bug description:
> Currently there's no way to specific alternate container runtimes at
> cluster creation.
>
> Given things like kata containers or gVisor are now there to provide
> better isolation, it might also be useful to support different
> container runtimes in the same cluster.
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/magnum/+bug/1772752/+subscriptions

We can also use labels instead of explicit template parameters
(they're easier to manage).

We would likely need two new labels/params:
* kube_cri (the CRI implementation, likely defaulting to containerd)
* kube_runtime (the runtime implementation, where one option would be kata)

When the runtime is set to Kata, then we install it and configure the
COE accordingly, as you mention.

I think this works.

Yes, sounds like we are good with the idea. Let's go ahead with this design.

Have you tried Kata with Kubernetes?

Seems we moved to storyboard:
https://storyboard.openstack.org/#!/story/1772752