With 2017 seeing more than 40% of organizations either running production workloads in containers or piloting such efforts, it is safe to say 2018 and 2019 will be the years for mass adoption of container platforms.
However, 2018 has brought an interesting option for container adoption within the enterprise — the release of managed container services by the leading cloud providers. Google pioneered in this space and continues to maintain a healthy lead over both AWS and Azure, who launched their managed Kubernetes (K8s) services at the tail end of 2017.
This leaves both large enterprises and those looking to make inroads into containers with an interesting decision. They can either choose from a set of off-the-shelf Container as a Service (CaaS) platforms and deploy them onto their infrastructure platform of choice; or they can use the managed container services provided by the three widely adopted public cloud providers.
The good news is, using one option or the other might not completely lock in an enterprise. The Kubernetes Certification program launched last year by the Cloud Native Computing Foundation (CNCF) ensures that vendors all adhere to a standard that enables container portability and conformance across their platforms. We are working on the assumption that Kubernetes has won the container orchestration war. However, the choice of using a managed container service or bringing in your own CaaS does have an impact on ongoing operations, service management and integration with existing systems.
In this article we explore the leading CaaS solutions available, and compare those with the existing managed container services. The platforms we’ll be reviewing are:
- Azure and AWS as public cloud providers providing managed Kubernetes service
- Docker EE and Rancher as solutions that can be deployed on-premise
Note: OpenShift has been left out, as its functionality is comparable to a PaaS, not a CaaS, platform.
Azure Container Service and Kubernetes (Azure ACS & AKS)
Microsoft started off their efforts to simplify container deployments on Azure by providing pre-built Linux images with Docker’s container engine; yet, this did little to simplify CaaS platform deployment. The next step was the introduction of Azure Container Service (ACS), providing the ability to deploy the platform of choice (K8s, Docker Swarm or DC/OS) on top of Azure VMs with pre-configured templates and load balancing. However, with the individual CaaS providers offering up-to date ARM templates of their own (by Docker and Mesosphere), ACS delivered little to no benefit to users.
Henceforth Azure Container Service (ACS) will be defunct, with its functionality provided by either individual CaaS vendors or via Microsoft’s updated AKS solution. Introduced last October and currently in public preview, AKS offers a managed Kubernetes service, and is the platform for this comparison.
AKS, a standalone Azure offering from Microsoft, provides a hosted Kubernetes environment. This makes it quick and easy to deploy and manage containerized applications without requiring expertise in deploying Kubernetes. AKS also eliminates the need for ongoing infrastructure operations and maintenance by provisioning, upgrading and scaling resources on demand.
Azure Container Service Summary: AKS builds upon some of the lessons learned from Microsoft’s previous attempt to deploy container solutions (ACS), and will supersede these legacy services within the next 12 months. Even with the limitation of this platform at this point in time (public preview), AKS is a great starting point for users looking to get a container platform quickly up and running. However, it still lacks the maturity expected with an enterprise platform. That said, both AKS and ACI (Microsoft’s serverless solution for containers) have great potential and should be closely monitored by those looking at managed container solutions.
Amazon Elastic Container Service and Kubernetes (Amazon ECS and EKS)
AWS’ container service offerings look to have the upper hand against public cloud rival Azure. AWS provides three key offerings: ECS (Elastic Container Service); EKS (Elastic Container Service for Kubernetes, similar to Azure AKS); and Fargate (equivalent to Azure ACI). For the rest of this article, we shall limit the discussion to ECS and EKS.
Compared to Azure’s initial ACS efforts, AWS ECS provides a more mature solution for users. With the orchestration of containers managed by AWS (not based on Kubernetes); all a user has to do is specify the instances they would like under the container worker nodes, create a task file (think of this as a Docker file) and let ECS manage the rest. However, there are still lots of engineering teams who would prefer to use Kubernetes on AWS for their container deployments.
Like Azure, AWS introduced their managed Kubernetes service, EKS, last year and reduced all the operational overhead required to deploy and operate the core components for a Kubernetes cluster. According to CNCF, 63% of K8s deployments run on AWS. Released in November 2017, EKS, currently in preview, finally provides all those IaaS Kubernetes AWS deployments with a managed container service that is highly available (deployed across various availability zones). Given the maturity of ECS (compared to Azure ACS) and the widespread popularity of EKS, we will compare both these offerings.
Amazon EC2 and EKS Summary: For now, AWS has a much more well thought out container services toolkit compared to its Microsoft counterpart. Both AWS ECS and EKS provide all the functionality one needs to have a production-ready container platform up and running. AWS gives users the ability to run managed container services via ECS, provides managed Kubernetes services via EKS and managed, orchestrated and scaled container services (serverless) via Fargate.
However, pure-play container vendors have simplified the deployment of CaaS platforms in multi-cloud environments with pre-configured and tested deployment scripts. So, are managed container services worth the platform lock-in? Let’s find out.
Docker, Inc., the company behind the Moby Project, one of the most influential within the CNCF, has its own enterprise grade CaaS solution known as Docker EE. The goal of Docker EE is to bring Docker to the enterprise, providing users with the ability to deploy an enterprise ready CaaS platform across a variety of infrastructure solutions, both on-premises (virtual and bare metal) and in the cloud. It does so by simplifying the deployment of an end-to-end stack with all the necessary components, such as the container engine, a choice of container orchestrator (Swarm or Kubernetes), a management control plane and its own secret sauce. This is a comprehensive lifecycle management toolkit (with container registry, image scanning, secrets management, etc.), also called their Secure Software Supply Chain.
Docker Summary: The Docker EE platform has matured significantly in the last two years to provide enterprise users with all the core functionality they have come to expect from a mature product. With the introduction of Kubernetes as a supported orchestrator, organizations can now cater to those developers and purists who have a natural inkling toward K8s. Finally, with Docker’s already well thought out security and management components–such as RBAC, trusted registry and cross-platform deployments– enterprises looking for an easy to deploy container platform should really consider Docker EE as a platform to move ahead with.
Rancher takes a different approach when it comes to deploying a containerization platform. Instead of having an opinionated stack, Rancher gives users the ability to deploy a variety of popular container orchestration and scheduling frameworks (Swarm, K8s, Mesos and Cattle) across a disparate pool of infrastructure resources (on-prem and public cloud). It also simplifies the management of all the above under a single control plane. Additionally, Rancher provides users and platform administrators with some really useful features, such as RancherOS, a lightweight container OS, and an application catalogue. This lets users manage and deploy entire multi-container clustered applications with one click of a button.
Rancher Summary: The key ethos behind Rancher’s solution is to give their users choice with simplicity. It allows teams to deploy a variety of container orchestrators, across a variety of infrastructure platforms, and to integrate with a variety of common services such as registries and access control systems. This is all managed and controlled via a unified control plane. Where other CaaS solutions look to provide an opinionated stack, Rancher provides the core services required to run a container stack and integrates with a variety of industry solutions. It then simplifies administration and operations with value add components such as its App Catalog, RancherOS and a complete container management platform that includes everything you need to manage containers in production.
Summary, Verdict and Next Steps
The tail end of 2017 saw managed container services being taken seriously by the key public cloud vendors, with two of the top three releasing the first iteration of managed Kubernetes as a Service (KaaS). However, neither AWS (EKS) nor Azure (AKS) have a production ready platform yet. On the other hand, CaaS solution providers have started on-boarding popular container orchestrators, providing users with a choice, all using simplified, unified management tools.
Not only do the current managed Kubernetes services from Azure and AWS lack the core components to be ready for prime time; they still need the rich ecosystem of support tools and services. They are, however, a great fit for those looking to get up and running quickly with Kubernetes, but lack the deep expertise and the skills required.
On the other hand, the operational tradeoffs one has to take on when deploying one’s own container stacks, such as Docker EE and Rancher, are balanced by their flexibility and maturity. Additionally, providing a production ready CaaS platform couldn’t be simpler, with the availability of automated scripts and deployment tools that can streamline deployment onto virtually any platform.
If your company is experimenting with containers at the trial stage, then managed container services provide a great a starting point where you do not have to worry about cluster management, resource provisioning or having a minimum platform deployed. This is great for testing out initial container deployments and tailoring their development and operational processes. However, if you are in a more mature phase of your container deployment on either AWS, Azure or on-premise platforms, then bringing your own CaaS solution provides you with a much more feature rich platform, with all the necessary frameworks and services required for a production grade system.