2018 has been the year of mass adoption of container platforms, and the momentum will very much continue into 2019. With Kubernetes (K8s) being the clear winner of the “container orchestration war,” organizations (both providers and adopters) focused their efforts on productionizing and maturing their Kubernetes deployments. In this regard, 2018 has seen some significant progress made to ease the adoption of Kubernetes, the two key contributors being the release of managed Kubernetes services and hybrid container stacks.
When it comes to managed container services, Google Kubernetes Engine (GKE) pioneered the concept and continues to maintain a healthy lead over both AWS and Azure, who each announced the general availability of managed Kubernetes services midway through the year: Amazon Elastic Container Service for Kubernetes (Amazon EKS) and Azure Kubernetes Service (AKS).
The second announcement, around hybrid container stacks, is one that shakes up the entire container landscape once again. With on-premises container deployments being a huge business for the likes of Red Hat OpenShift, Docker EE and Rancher among many others, cloud providers now offer companies yet another option; the ability to extend their public cloud container stacks on-premises.
This leaves large enterprises and those looking to make inroads into containers, with an interesting decision. They can either choose from a set of off-the-shelf Container as a Service (CaaS) platforms, and deploy them on their infrastructure platform of choice (public cloud or on-premises); or they can use the managed container services provided by the three widely adopted public cloud providers.
The good news is, using one option or the other might not completely lock in an enterprise. The Kubernetes Certification program launched last year by the Cloud Native Computing Foundation (CNCF) ensures that vendors all adhere to a standard that enables container portability and conformance across their platforms. However, the choice of using a managed container service or bringing in your own CaaS does have an impact on ongoing operations, service management and integration with existing systems.
In this article we explore some of the leading CaaS solutions available, and compare those with the public cloud managed container services.
Managed Container Services
Azure Container Service
Microsoft’s initial efforts to simplify container deployments via Azure Container Service (ACS), providing the ability to deploy the orchestrator of choice (K8s, Docker Swarm or Mesosphere DC/OS), was anything but a success. Additionally, with individual vendors (Docker, Mesosphere, Red Hat) offering their own up-to-date templates to ease the deployment of their platforms, ACS delivered little to no user benefits.
Housing one of the founders of Kubernetes, Brendan Burns, Microsoft decided to re-steer their efforts and provide a Google-Cloud-like managed Kubernetes experience. As a result, Microsoft released two standalone offerings, the above-mentioned AKS and Azure Container Instances (ACI). AKS provides a managed Kubernetes environment, with organizations only responsible for managing their worker nodes, while ACI provides a serverless approach to deploying containers.
AKS makes it quick and easy to deploy and manage containerized applications without requiring expertise in deploying Kubernetes; it even eliminates the need for updating, patching and maintaining the Kubernetes control plane. Additionally, for those who are not interested in managing a Kubernetes environment, Microsoft also released a “fire up and forget” container solution, ACI, allowing users to simply deploy their containers while Azure took care of the orchestration. Additionally, in order to make these services available on-premises, Microsoft has launched a preview of AKS on Azure Stack (Microsoft’s on-premises extension of Azure), henceforth enabling a hybrid architecture.
Secondly, Microsoft also released a fully managed OpenShift offering, jointly engineered, operated and supported by both Red Hat and Microsoft. But the success of this platform has yet to be seen.
Azure’s updated container solutions builds upon some of the lessons learned from previous failed attempts via Azure Container Service (ACS). In light of all these releases, ACS will henceforth become deprecated, with its functionality provided by either individual vendors, or via Microsoft’s updated AKS solution. AKS is a great starting point for users looking to get a container platform quickly up and running. However, it still lacks the maturity expected with an enterprise platform, and does require additional integration for a production ready system. That said, both AKS and ACI have great potential, and should be considered by those looking at managed container solutions.
Amazon Container Services
AWS’ container service offerings have had a slight edge against public cloud rival Azure, providing three key offerings: Amazon ECS (Elastic Container Service); Amazon EKS (Elastic Container Service for Kubernetes), similar to Azure Kubernetes Service; and AWS Fargate (equivalent to Azure Container Instances).
Compared to Azure’s initial ACS efforts, AWS ECS provided a more mature solution for users. With the orchestration of containers managed by AWS (not based on Kubernetes); all a user has to do is specify the instances they would like under the container worker nodes, create a task file (think of this as a Docker file) and let ECS manage the rest. However, there are still lots of engineering teams who would prefer to use Kubernetes on AWS for their container deployments.
Like Azure, AWS introduced their managed Kubernetes service, Amazon EKS, to reduce the operational overhead required to deploy and operate the core components of a Kubernetes cluster. According to CNCF, 63% of Kubernetes deployments run on AWS. Announced earlier in the year, EKS finally provides all those IaaS Kubernetes AWS deployments with a managed container service that is highly available (deployed across various availability zones).
AWS has had more robust container services to start with, compared to its Microsoft counterpart. Both Amazon ECS and EKS provide all the functionality one needs to have a production-ready container platform up and running. AWS gives users the ability to run managed container services via ECS, provides managed Kubernetes services via EKS and managed, orchestrated and scaled container services (serverless) via Fargate. However, unlike Azure, AWS does not have an on-premises extension of their container solution. Given AWS’ recent release of on-premises RDS on VMware, the release of a container solution would not be unexpected.
Google Container Services
Google has been setting the pace when it comes to offering mature managed container services based on Kubernetes, and it continues to maintain a healthy advantage. Google’s GKE provides a managed Kubernetes offering, where the control panel is managed by Google, with the cloud user managing the worker nodes (the same path that Azure and AWS chose to replicate). However, where Google does outshine its competition is around additional integration services, such as integrated logging and monitoring via Stackdriver, auto-upgrade functionality, GPU support and a mature container registry.
In addition to the services above, Google just recently released (under alpha) the ability to run GKE on-premises, henceforth enabling their own hybrid container architecture. Furthermore, Google’s continued investment in their Cloud Services Platform, providing users with a simplified service mesh for micro services via Istio, and serverless add-ons via Knative makes them the most mature public cloud operator when it comes to container based services.
Containers as a Service Solutions
Recently, pure-play container vendors have simplified the deployment of CaaS platforms in multi-cloud environments with pre-configured and tested deployment scripts. So, are managed container services worth the platform lock-in? Let’s find out.
Docker, Inc., the company behind the Moby Project, one of the most influential within the CNCF, has its own enterprise grade CaaS solution known as Docker Enterprise Edition (Docker EE). The goal of Docker EE is to bring Docker to the enterprise, providing users with the ability to deploy an enterprise-ready platform across a variety of infrastructure solutions, both in the cloud and on-premises (virtual and bare metal).
It does so by simplifying the deployment of an end-to-end stack with all the necessary components, such as the container engine, a choice of container orchestrator (Swarm or Kubernetes), a management control plane and its own secret sauce. This is a comprehensive lifecycle management toolkit (with container registry, image scanning, secrets management, etc.), also called their Secure Software Supply Chain.
In addition to the above, Docker announced the ability to federate cross-cloud Kubernetes platforms (EKS, AKS, GKE) and to use their management tools to unify one’s container lifecycle management, along with a variety of tools to simplify container creation and deployment.
The Docker EE platform has matured significantly in the last two years providing enterprise users with all the core functionality they have come to expect from a mature product. With the introduction of Kubernetes as a supported orchestrator and cross platform federation, organizations can now cater to those developers and purists who have a natural inkling toward K8s. Finally, with Docker’s already well thought out security and management components–such as RBAC, trusted registry and cross-platform deployments–enterprises looking for an easy to deploy container platform should really consider Docker EE as a platform to move ahead with.
Rancher takes a similar approach to Docker EE when it comes to deploying a containerization platform, providing a unified Kubernetes cluster and application management platform across a disparate pool of infrastructure resources (both on-premises and public cloud). It also simplifies the management of all the above under a single control plane. Additionally, Rancher provides users and platform administrators with some really useful features, such as RancherOS, a lightweight container OS, and an application catalogue. This lets users manage and deploy entire multi-container clustered applications with one click of a button.
The key ethos behind Rancher’s solution is to give users choice with simplicity. It allows teams to deploy containers across a variety of infrastructure platforms, and to integrate with a variety of common services, such as registries and access control systems. This is all managed and controlled via a unified control plane, simplifying administration and operations with value add components, such as its app catalog and a complete container management platform that includes everything you need to manage containers in production.
Summary, Verdict, Next Steps
The spring of 2018 saw managed container services being taken seriously by the key public cloud vendors, with the top two making available their first iteration of managed Kubernetes as a Service (KaaS). On the other hand, CaaS solution providers have started onboarding multiple container orchestrators, providing users with a choice, using simplified, unified management tools.
Not only do the current managed Kubernetes services from Azure and AWS lack the core components to be ready for prime time; they still need a rich ecosystem of support tools and services. They are, however, a great fit for those looking to get up and running quickly with Kubernetes, but who lack the deep expertise and skills required. Google is the only provider with a mature and proven managed container service; however, Google lacks the wider cloud adoption of the two alternative providers.
On the other hand, the operational trade-offs one has to take on when deploying one’s own container stacks, such as Docker EE and Rancher (amongst others), are balanced by their flexibility and maturity. Additionally, providing a production ready CaaS platform could not be simpler, with the availability of automated scripts and deployment tools that can streamline deployment onto virtually any platform.
One should consider some of the following key questions prior to choosing between a managed container platform or deploying one’s own:
- Do we the have sufficient skills to design, deploy and administer a Kubernetes environment?
- Does our container platform need to be deployed on public cloud and on-premises?
- Does the use of a multi-tenanted and shared Kubernetes control plane have any implications?
- What is the public cloud platform where I need to deploy containers? AWS, Azure or Google?
If your company is still in its experimentation stage with containers, then managed container services provide a great starting point without having to worry about cluster management, resource provisioning or having a minimum platform deployed. Managed container services are great for testing initial container deployments and tailoring the development and operational processes. However, if you are in a more mature phase of your container deployment on AWS, Azure or on-premises platforms, then bringing your own CaaS solution might provide you with a much more feature rich platform, with all the necessary frameworks and services required for a production grade system.
This article has been updated from it’s previous publish date May 2, 2018.