Container software is the hottest new technology for running applications on shared, cloud infrastructure. However, as with any emerging and dynamic market, it's like the Wild West, with new products, technologies, vendors and alliances popping up every month.
Among the most important subsystem in the container ecosystem is the container orchestrator, a tool designed to wrangle resources and herd container instances into the most efficient system. For companies heading into uncharted territory of using containers, it's beneficial to examine orchestrators and the key features of the important and popular products.
Explore the new frontier of container software
While simple in concept, the contemporary use of containers to build cloud-native applications requires a complex supporting cast of software management components. A container orchestrator manages such a cast. The container infrastructure consists of a cluster of physical systems that can be used by dozens or hundreds of applications. The orchestrator, often called a cluster manager, treats the clustered hosts as a single, logical resource pool and automates deployment across one or more systems.
As new containers are requested, the orchestrator's scheduling engine finds the best system based on workload requirements and resource availability. It then provisions new container instances to the right cluster node or nodes, adds instances as needed according to application resource usage and restarts crashed instances. A container orchestrator decommissions containers when a batch job completes, or when they are no longer needed by running applications. Orchestrators also propagate container updates and patches to all instances in a cluster.
Orchestrators come in many varieties. Depending on a company's container implementation -- for example, when using public cloud container services or an OS virtualization product with built-in container management -- it may not need to set up a discrete orchestrator at all, since the choice is implicit in the selection of cloud service.
The container software market at a glance
Container software garners a lot of attention among IT analysts, press, developers and system architects. But they still primarily appeal to those building cloud-native applications. A survey by 451 Research found less than 10% of developers are using container orchestration for applications that are not cloud-native, although 36% plan to do so in the next two years. The majority of those doing anything with containers use them for application development, followed by engineering or technical computing and web infrastructure, with only 22% using containers for line-of-business applications.
In contrast, among cloud-native developers, container use is the norm. According to one survey of mostly developers and those in DevOps teams, 76% of respondents were already using containers in production, double the rate from the same survey a year ago. Even when the results were filtered for those in large organizations, the share using containers in production was 73%.
The survey found Docker to be the most popular container engine and packaging format, with 94% penetration. When it comes to the choice of orchestrators, the results show organizations are experimenting with multiple products, with Kubernetes being the most widely deployed, followed by Docker Swarm, internally developed tools and Apache Mesos. A developer-focused industry analyst firm, RedMonk, conducted a separate, much larger and more diverse survey of developers that found most aren't using any orchestrator, meaning it's unlikely that they have yet to do more than just experiment with containers. Of the rest, most use Swarm or Kubernetes, with Mesos a distant third.
Rounding up the important container orchestrators and managers
The orchestration market is confusing, because there are so many commercial container software products that incorporate orchestrators into container management suites, along with several using proprietary orchestrators. Below are highlights of some important products.
Docker Swarm was the native cluster manager for the Docker platform that has since been integrated into the core Docker Engine. This makes it the natural and most convenient choice for organizations using the Docker runtime and other tools, such as Registry, Compose -- for multicontainer application bundles -- and Kitematic management UI. Swarm handles cluster management using a decentralized design with automatic workload scaling; support for virtual network overlays; service discovery -- by assigning unique domain-name-system names to each service in a cluster; load balancing; and incremental, rolling updates.
Kubernetes is a container manager originally developed by Google. The technology is based on Google's experience and deployment model of running billions of containers a week. Kubernetes provides automatic workload placement -- what it calls binpacking -- based on resource requirements; available capacity and other constraints, like latency; and programmatic -- via GUI or command-line interface (CLI) -- or automatic scaling based on CPU usage.
Kubernetes also performs automatic container restart and replace for nodes that die; batches jobs using CLI scripts; executes version control with automated rollbacks -- in the event that a deployment fails; and hosts service discovery, like Docker using DNS and load balancing. Kubernetes supports Docker containers and runs on many cloud services, including Azure and Google Cloud, and it's supported by VMware. Because of this, Kubernetes could become the de facto standard for container cluster management. Holding it back is the complexity of configuring Kubernetes, which is an area both the open source project and cloud implementations continue to improve.
Apache Mesos is a distributed operating system for compute clusters that provides resource management and scheduling with APIs that allow applications like Hadoop, Spark or Elasticsearch to run across hundreds or even thousands of nodes. Mesos is also the foundation for platform-as-a-service (PaaS) stacks and container frameworks, including the Marathon orchestrator, which provides the usual features of container placement, monitoring, instantiation, disposal and scaling.
Mesosphere sells a commercial product, DC/OS, based on Mesos and Marathon that adds service discovery, load balancing, user and service authentication and authorization, and both CLI and GUI management interfaces. DC/OS also supports packaged services that simplify the installation of distributed applications, like Cassandra, Jenkins, Spark and Storm, on a Mesos substrate. Mesos is the default cluster manager for Azure and makes a good choice for organizations building hybrid, private-public architectures with Azure that need to move workloads between the two environments.
Apcera Trusted Cloud Platform is a proprietary container-based system that provides a complete set of application management features, including orchestration, package and job management; health and performance monitoring; a message bus; authentication and policy management; and management console.
Apcera recently introduced features that can automatically containerize and deploy legacy applications that currently run on traditional virtual machines (VMs) without any modifications. Once containerized, traditional applications can be deployed to multiple cloud services, like Amazon EC2 Container Service (ECS), Google Compute Engine or local OpenStack infrastructure. Apcera is a good choice for organizations not afraid of committing to a proprietary container stack and that want to deploy on multiple clouds, both private and public.
VMware Photon Platform is a full container stack built on top of VMware's core virtual infrastructure -- namely ESXi for compute and VMs, NSX for networks and services, and VSAN for storage. It includes a lightweight Linux container host (Photon OS) with a container runtime engine; a clustering engine and manager (Photon Controller) that can use several orchestration platforms, including Pivotal CF and Lattice, Kubernetes, Docker Swarm, and Mesos and Marathon; and a management layer with GUI and APIs.
Photon's key advantage for large enterprises building private container clusters is its use of VMware core technology as the infrastructure substrate, which allows IT teams to reuse systems for cloud-native applications, manage the infrastructure with vSphere or vCenter management consoles and use existing admin processes. VMware shops should strongly consider Photon. Although it's new and still developing, Photon is tightly integrated with VMware's management suite and allows adding container clusters to one's existing virtualization infrastructure.
Rancher is something of a meta-orchestrator in that it supports all the popular container management frameworks, including Docker Swarm, Kubernetes and Mesos. Like Apcera, it inserts an infrastructure management layer that works with either physical or virtual Linux hosts, which can also be public cloud instances like Amazon Web Services (AWS) Elastic Compute Cloud or a bare-metal colocation server.
Rancher appeals to a similar constituency of those building multicloud architectures. Rancher adds an overlay network, persistent storage and load balancer to virtual or physical hosts. It also includes other components of a container ecosystem, such as user and security policy management and an application or service catalog.
CoreOS Fleet and Tectonic are complementary clustering and orchestration software analogous to Mesos and Marathon. Fleet provides system aggregation and distributed workload deployment. It also supports several orchestration technologies, including Kubernetes. Tectonic is a commercialized version of CoreOS with the rkt container engine and Kubernetes that includes a GUI management console, regular software updates and technical support.
Joyent Triton Data Center is a commercial implementation of the Docker engine that includes a lightweight OS and hypervisor (SmartOS), orchestration software (ContainerPilot), a management portal and external APIs. ContainerPilot works with Triton -- or other container managers, including Kubernetes and Marathon -- to deliver the standard features of an orchestrator, including container service registration, discovery, configuration and monitoring.
HashiCorp Nomad is a Docker-compatible container scheduler designed to work with the HashiCorp Terraform and its other DevOps products, although the orchestrator itself is open source. HashiCorp promises a packaged enterprise version of Nomad to complement the rest of its ecosystem.
Cloud services that put container software to work
Each major infrastructure-as-a-service (IaaS) vendor offers container platforms that layer on a mix of proprietary and open source container software to their core infrastructure.
Amazon ECS is a Docker-compatible container service the uses EC2 instances with Amazon's proprietary orchestration engine, although APIs allow users to integrate third-party schedulers, like Marathon. ECS deployments can be automated through APIs or using CloudFormation. The service automatically applies software updates, restarts failed containers and load-balances -- using Elastic Load Balancing.
ECS integrates with existing AWS offerings, allowing containers to forward logs to CloudWatch, use Identity and Access Management for user authentication and security policy, and store data and container images in Simple Storage Service. ECS is the simplest way for AWS users to run containerized applications. Although ECS has built-in orchestration software, AWS recently open-sourced the Blox management software to enable users to integrate external container clusters controlled by Kubernetes, Mesos and more into an ECS cluster.
Microsoft's Azure Container Service adds a Docker-compatible container runtime to Azure VMs and uses either Docker Swarm or Mesos DC/OS (Marathon) for orchestration, making it compatible with most container development tool chains. As with ECS, applications using the Azure Container Service can access other services in the Azure portfolio and are managed through the service's central console, Azure Resource Manager.
Google Container Engine (GKE) is another Docker-compatible container service -- detecting a theme yet? -- that uses Google-developed Kubernetes for cluster management and orchestration. GKE provides a container registry, autoscaling of container instances, logging, and it works with Google Cloud's identity and access management and hybrid, VPN-based networking services. As with other container services, GKE can be managed through the Google Cloud Console GUI or a Cloud Shell CLI. Like ECS, Azure's container service and GKE are the low-friction way of running containerized applications on their respective cloud services and will appeal to existing users.
How to survive in the new frontier
There are no easy answers when it comes to selecting a container platform for building modern applications, and the choice will depend on many factors, including an organization's:
- Expertise in containerized, 12-factor applications;
- Use of IaaS and strategy, if any, for PaaS;
- Comfort with open source software and DIY implementations; and
- Infrastructure strategy and the roles of cloud services versus building internal platforms.
Given these constraints, businesses should use the following rules of thumb: When initially investigating containerized application architectures and container software, start with the cloud. All of the major services offer environments compatible with the most common container formats, runtimes and orchestration engines that make excellent test and development platforms.
Also, companies should look to their current IaaS vendors to see what container service they offer. If a company isn't already using IaaS, it should look first at GKE, since that has a compelling feature set with probably the best Kubernetes implementation and is complemented by a strong PaaS stack -- Google App Engine.
If considering an on-premises implementation, businesses should assess their comfort with DIY implementations, since many container software products are just bundles of open source software. Those looking for a turnkey, greenfield deployment should start with a packaged suite like Apcera, Rancher or Triton.
PaaS gets a much-needed boost from container technology.
Here's how container orchestrators can alleviate production headaches.
Avoid these common container adoption pitfalls.