2017-09-26 Meeting notes: Enhancing ONAP to orchestrate container VNFs using container orchestration as VIMs

First pass at meeting notes:

General agreement that ONAP architecture should support containerized VNFs.  The challenge with K8S, especially when described as a “VIM”, is that K8S provides App management capabilities at the VNFM layer in addition to managing infrastructure.  Recommendation is to bring the topic to the ONAP architectural committee. 

One requirement would be to ensure that we can model VNFs the same way regardless of whether they are deployed in VMs or Containers. 

Specific comments:

“One VIM API to rule them all is a flawed approach.  Accept that there are a limited number of VIMs.  [and that there are APIs for each]

“How to reinforce tiered model (infrastructure, app, operator-facing service)”

“Infrastructure abstraction would have to manage PNFs as well. 

Multi-VIM API is not helpful here as: 1) it is does not resolve the App management aspect of k8s, and 2) is not intended as an infrastructure API.  

There's a deeper issue to be discussed, namely what we want to use Kubernetes (or any other container orchestration platform for that matter) for:

It seems some people think of Kube's main value being "create a container with image X, schedule it on a node meeting the container's requirements". And there is a Kube API to do this low-level operation, of course. If one limits Kube to this, then on the surface this is very similar to what a VIM would do. I say on the surface, because when you dig deeper, there are differences between containers and VMs(*) that are difficult to "hide" below a common API in a meaningful way. Just ask the virtlet/kubevirt folks that are attempting to do this. Or talk to OpenStack Nova why they deprecated support for scheduling containers.

BUT: The reason for Kube's huge momentum in the industry is not that it schedules containers. It comes from encoding years of best practices designing and operating complex distributed applications into an opinionated deployment model (the deployment unit is a pod, i.e. a collection of containers with common service endpoint and namespace) and application model (e.g. replicasets for stateless applications, statefulsets for stateful, clustered applications).

So, conceptually, Kube is not a VIM, it is a VNFM / AppC! Plugging it below a VIM abstraction and using the AppC to compose distributed applications and lifecycle manage them would mean ignoring most of Kube's functionality and the tooling ecosystem around it (e.g. CI/CD pipelines, analytics, service routing, policy engines, ...) that are the reason for Kube's adoption across so many industries.

(*) e.g. containers being backed by file storage, VMs by block storage, hosting single app processes (Docker) vs multiple app processes, etc.

As a follow-up to the above:

If we want to leverage the application (and app lifecycle) model of Kubernetes (or any other modern container platform FTM), I think we also need to accept that there may not be a single app model across container- and VM-based VNFs. Of course, the basic lifecycle operations (provision, upgrade/rollback, scale, deprovision, ...) would be the same. The difference would be in the details, like what is the "contract" / the "guarantees" of the app controller regarding ordering, identity, addressing, persistence of backing volumes, etc. etc.

I don't think this would be a big issue actually, given a clean separation between application and service layers. This is what I was referring to when during the session I said that the service (orchestration) layer should be oblivious to how an app is provisioned and lifecycle-managed: a PNF, a traditional VM-based VNF or a cloud-native / microservice-style container-based VNF should mostly look the same.

Hi Frank,

Thanks for the feedback.

K8S is not just a container scheduler and it is much more.. Agree on that.   In the context of ONAP,  few ONAP components are already doing VNFM function (VF-C, APP-C).  ONAP  architecture is expected to support multiple Cloud technologies running at the same time.  That is one site may be running Openstack VIM, second site maybe running VMWare vcenter and third site may be running K8S.  So, we felt that anything we do should work in this ONAP architecture and hence we thought Multi-Cloud/VIM layer is the right place.

In that scope, you are right that only part of K8S functionality may be leveraged.  Existing ONAP components be leveraged for other functions.  APP-C for LCM, DCAE for analytics, CLAMP & Policy for closed feedback system etc...  That is what we thought we can crawl with and develop more understanding as we move forward .   

Does that make sense?

What kind of issues you see (other than not leveraging full power of K8S:-)?

Thanks

Srini

Were there slides presented? Can someone please post them here? Thanks Amar

Hello,

sounds like a good discussion, I'd like to  my few cents. First using term VIM for k8 infra used to house VNF's sounds confusing, it not yet clear where kuberentes cluster for VNF will be hosted, will it be a bare metal cluster ? and then containers will be on baremetal servers, technically it is not virtual infrastructure manager, It can be called (just a suggestion) Network functions Infra manager it covers (all VNF, PNF both infra be it vms or baremetals). Other advantage I see of using K8's is HA for a single VNF can achieved easily then it would be with openstack, In case if that VNF is used too much and have multiple instances of it, k8's services IP can be used to provide HA for that VNF, which is totally a matter of choice if there's any use case for that. I see you're starting with Kubernetes COE, and docker swarm is also mentioned in the discussion, I think choice of COE should be extendable, three of basics or most common COE, I see are Kubernetes, docker swarm, Mesos.