Docker is hot. Docker’s chief executive Ben Golub shared a few stats during his keynote to show container community growth since last year. OpenStack is also evolving rapidly. Both Docker and OpenStack can be visualized as operating at different layers of resource management in a data center. OpenStack is at data center level management layer while Docker operates at node(virtual or baremetal machine) level. So they can be complementary to each other to provide an excellent solution.

OpenStack has recently started adding container support. Three projects have taken off, viz. Magnum, Kuryr and Kolla. In this post we will be discussing the objectives of these projects and their interrelationship.


Magnum is about providing docker containers as a service (CAAS) to end-users just like virtual machines or bare metal nodes. Magnum is a wrapper over multiple container orchestration technologies. As of now Kubernetes, Docker Swarm and Mesos are the supported COEs (Container Orchestration Engine) in magnum.

Internally these COEs use docker-engine to provision containers. At a high level, Magnum passes user requests to Heat, the OpenStack orchestration project, and Heat gets work done by Nova and Neutron. Docker container hosts are Nova instances which can be either VMs or bare metal nodes.

Image credit :                                               



Kuryr is the youngest project among all of these container-related projects. This project’s role is as a ‘courier’ only, providing networking APIs and communication between other projects which will requires Neutron services. For now Magnum is an example of such a project.

Kuryr takes care of binding the container namespace to the networking infrastructure by providing a generic layer for VIF binding depending on the port type for example Linux bridge port, Open vSwitch port, Midonet port and so on. Kuryr is intended to provide containerized neutron plugins for easy deployment and will be compatible with OpenStack Kolla project (discussed in the next section) and its deployment tools. All containerized plugin images will have this common Kuryr binding layer which binds the container to the network infrastructure. In simple words, Kuryr is about adding above mentioned binding logic to existing neutron plugins and provide containerized images for same. Kuryr will be available to Magnum as another libnetwork remote driver (Flannel and Weave are existing ones).

Using Kuryr driver Magnum containers will be able to leverage all advanced networking features such as LBAAS, FWAAS etc. Whether Kuryr will be the default libnetwork remote driver or not is still under discussion. In my opinion, it should be. Kuryr is in early stages of development and architecture discussions are still going on as this post is being written. At the Tokyo summit, we are expecting the Kuryr team to discuss in detail on Kuryr and Magnum integration.


The Kolla project is about provisioning of production-grade container images of OpenStack services and tools like ansible playbooks. In simple words, Kolla is to containerize OpenStack. OpenStack services like nova-api, nova-scheduler are deployed/upgraded atomically using individual container images.

OpenStack services have independent lifecycles which makes it difficult to perform rolling upgrades and downgrades. Containers can bridge this gap by providing an easy way to handle this. In other words, it is like shipping cloud in containers. In the long run, Kolla will find a permanent place under the “TripleO” umbrella for sure.

Kolla and TripleO

TripleO is a project in the OpenStack community that aims to install and manage OpenStack. The name TripleO means OpenStack on OpenStack, where it deploys a so called undercloud, and uses that OpenStack setup to deploy an overcloud, also known as the user cloud.  An effort is ongoing to deploy a container based TripleO Overcloud using Kolla.

Image from Daneyson’s PPT –

Docker images for OpenStack projects are under active development at the moment.

Overall inter-relationship between the 3 projects