Thanks to Dustin Kirkland, Ubuntu Product and Strategy at Canonical for sharing his thoughts on the state of orchestration and deployment of containers for DZone’s recently launched Containers Research Guide.
Q: How is your company involved in the orchestration and deployment of containers?
A: We are a creator of Ubuntu open source software platform and server that is used by 70% of the people in the cloud.
Q: What do you see as the most important elements of orchestrating and deploying containers?
A: Make sure organizations understand what the container is and the problem it will be solving, since there are different types. App containers, like Docker, are for a single process or single service. Machine containers have been around for 10 years and are good for packaging entire enterprise applications. Compatibility across enterprise infrastructure – public, private, and hybrid clouds – is critical.
Q: Which programming languages, frameworks, and tools do you, or your company use, to orchestrate and deploy containers?
Q: How has the orchestration and deployment of containers changed application development?
A: Hardware and software problems are easily decomposed and therefore more easily solved. Containers give you the ability to break down into composable problems with microservices and separate teams. Have SLAs between the teams to ensure everything is composable and reusable.
Q: What kind of security techniques and tools do you find most effective for orchestrating and deploying containers?
A: Start with a secure and up to date operating system beneath the container. A kernel issue affecting the host can affect all the containers. We can make a live update to the kernel without rebooting. There’s a lot of advice to create your own container image. This creates a one-off but in the long term, maintenance costs go up because you’ve built something that’s nothing like the rest of the world. Start with a common starting point and strike a balance between small, general, and secure. The pendulum will swing from creating your own image in a small, secure environment to being on a common thread where security protects everything on the thread.
Q: What are some real-world problems being solved by the orchestration and deployment of containers?
A: 1) Easy wins are batch processing. The cloud is powered by a lot of batch processing with machine learning and intelligence from the data. 2) Anything involving GPU is a great opportunity for container orchestration. 3) Cable and television are doing large-scale transcoding to several different formats. Some are live and some are offline. 4) Offline is big in FinTech around blockchain – chains of hashes. We’re working with IBM on Hyperledger. 5) Traditional applications are hosting permanent workloads where PaaS has been retrofitted to containers (Heroku) in AWS. 6) The corollary is running on the private cloud with Pivotal Cloud Foundry. 7) Verizon Telematics with automotive applications. 8) NVidia DGX 1 is a great machine super computer in a box. Cuda cores with Ubuntu and Docker.
Q: What are the most common issues you see affecting the orchestration and deployment of containers?
A: Upgrades inside and beneath the container. Destroy and create from scratch by just pulling an updated image. Although this is harder than it sounds. Design from scratch to tolerate less. Legacy apps are not easily moved to the container. Underneath you need rolling upgrades. We do live patch service and upgrade apps without any downtime.
Q: Do you have any concerns regarding the current state of orchestrating and deploying containers?
A: Risk of developing “ivory towers” whereby the engineering team becomes disconnected from the institution at large. Solve this with cultural solutions and do not encourage separation. My other concern is an elementary technology has gotten overcomplicated with other vendors. It’s becoming a “vendor fest.” I can see someone running away with the entire industry and a monopoly developing.
Q: What’s the future for containers from your point of view - where do the greatest opportunities lie?
A: Security. As everything scales, there is a greater opportunity for hackers and bots. Keys and security must be kept up. Enforcement of policy — what you are and are not allowed to do. Network ingress and egress rules. The real opportunity is built around AI with adaptive rules engines. When a monitor detects an abnormality AI rules tell the machine what action to take. Need to think about how the systems change when it comes under attack.
Q: What do developers need to keep in mind when working on orchestrating and deploying containers?
A: 1) Is this problem suited for an application container or a machine container? 2) Ensure your orchestration system allows you to move seamlessly between public and private clouds, as well as bare metal.
Q: What have I failed to ask you that you think we need to consider with regards to containers?
A: We’re in year three of a 10-year run with containers. Virtualization lasted about 10 years. Stay on top of the technology and have a nose for what’s coming next – serverless with remotely scheduled processes. This will become a special discipline within containers. Agility in technology and expertise. We release every six months and have a big release every two years because we’re committed to the latest and greatest and want to stay abreast of trends.