Containers

Joyent CTO: Confusion and Clarity in the Container Space

11 Jan 2016 11:38am, by

Next month, container-based infrastructure provider Joyent will hold a one-day Container Summit in New York City. The aim of the conference is to bring together the developers of container technologies with users deploying them for daily operations. We caught up with Joyent’s loquacious chief technology officer Bryan Cantrill to learn more about Joyent’s own container-base cloud services, as well as to hear what the always-articulate Cantrill has to say about what is happening in the still-gestating container ecosystem.

TNS: For people who aren’t familiar with Joyent, how does Joyent’s approach differ from all the other cloud providers out there?

BC:   We are very container-centric. We have always believed that containers are the future of computing, and it’s informed everything that we have done. So the organizational principle of the company 10+ years ago was that the container started with BSD Jails, then moved into open source and now SmartOS and Triton. We have always believed that the container is the right substrate, the right infrastructural solution. And I think what we’ve seen last year, especially, is that now that’s no longer a controversial opinion. People now see what we see: that this is actually the right way to deploy infrastructure with containers. Of course, we’ve done a lot of stuff besides our container infrastructure, but it all emanates from that organizing principle.

TNS: Back then, what was the appeal of containers?

BC: Containers are a way to make a very plain, lightweight virtualization. That was the appeal then and it remains the appeal now. In some ways, it’s not more complicated. The application in the system has changed so much in the last 10 years, so our vision was really very much ahead of its time. It was a classic situation where Joyent adopted Sun [Microsystems’] technology, and Joyent almost saw Sun’s vision better than Sun did. We saw this was actually not just a way of selling a really big SPARC box, but a way of actually developing a next gen, lasting infrastructure. That was the vision that Joyent had, and that’s what drew me to Joyent five years ago. To me, it was relatively obvious there just were not a lot of companies that had that perspective. We were happy to be right when everyone else didn’t get it, but it’s a lot easier to be right when everyone else does get it.

TNS:  You can’t be too far out in front of the public.

BC:  You know, there was really something to that. You’ve got to be careful about how far out front you are. And I’ve been early and I’ve been late in my career. I would still rather be early than late, but there are really challenges to being early. I think part of the challenge of being early is you’re always earlier than you think you are.

TNS: How are your customers using containers? Is there a typical workload, are they doing microservices. Are they still stuffing enterprise apps in the containers? Where are they on the spectrum?

BC: Our container-based infrastructure really is not limited to one set of applications. It’s not limited to continuous integration and continuous deployment [CICD]. CICD is a very good fit for containers. But CICD is just one use case.

We have microservices, we have macro-services. You can run monolithic services, you can run PHP in a container, you can run Ruby in a container. You can run a database in a container. I mean pretty much anything that you can do with a computer, someone is doing in a container on Joyent. Anything you would want to do with a computer, you should be able to do it with a container.

TNS: So what is the secret for running database and containers? We were talking about that …

BC: I think that you need a substrate that is, first of all, designed for security. And if you have a container on the metal without any hardware-based virtualization then that container needs to be designed with security as a constraint. I think one of the challenges that you see in the Linux namespaces ecosystem outside of [Joyent’s] Triton Elastic Container Infrastructure is that security was not treated as a constraint. Instead of developing containers the way we did at Joyent or the way FreeBSD developed with jails — which is to start with security as a constraint and build out the secure abstraction — others instead tried to start with a namespace that took these diagonal cross hatches across the operating system kernel and the result is one that is not secure, or is very difficult to make secure. For something like a database, it’s really not acceptable. So I think it really starts with the basics. If you want to run database with the container you need security foremost.

And you need persistence. This is where ZFS comes in. Joyent was the first production user of ZFS. No one has used ZFS in production longer than we have.

TNS:   I remember the great promise of ZFS (short for Zettabyte File System) when it was introduced a decade ago by Sun Microsystems. What benefits does it bring for you guys, and how does it compare to other next-generation file systems such as BTRFS?

BC:   There continues to be a ton of energy and enthusiasm around ZFS. Certainly it is the only, I think, open source cloud system that I would call enterprise grade, and obviously it has an incredibly important feature set: The performance, the fact that it’s always consistent, the fact that it’s transactional, the fact that it eliminates the need for hardware RAIDs, the fact that it’s got built-in compression.

I think people are realizing that BTRFS is certainly not going to be ready for production. When you say that something is not getting ready for production for several years, and you say that for five years running, ten years running, at some point people actually realize this is actually never going to be ready for production. That’s kind of the situation we find there.Bryan_ContainerSummit (2)

The road to production is a rocky one, it’s a steep one. The bar is high and it should be, because it’s your data. When ZFS was developed, there was never this idea that, “Well ZFS is totally unsafe now, but it will be ready for production in a couple of years.” ZFS was always production grade. It was merely that it might not have this feature or that feature, but it was always production grade. Just like with security, you’re born secure. When it comes to a file system, you do not asymptotically approach production-readiness. You’re either production ready or you are not. This is a theme that you’ll see across our technology stack: we deploy technology that was born production-ready when it was built.

TNS: So another Sun technology that has made its way over is the DTrace debugging tool. You’re the primary author of DTrace, is that correct?

BC:  That’s correct. That’s my baby, yep.

TNS: How can DTrace be used by customers?

BC:  DTrace provides concise answers to arbitrary questions. So DTrace allows you to ask what’s going on in the box and allows those questions to be safely answered in production. And again, like ZFS, and like containers, DTrace was born production ready.

I really designed DTrace to be available on the worst day of one’s life. It’s not designed for sunny days. It’s designed for hurricanes. I still use it every day. I’m actually using it right now. But I actually can imagine life without it because I live life without it. [Without it there’s] a lot of guessing, a lot of incorrect fixes, a lot of ill-informed work, a lot of misunderstanding about how the system is actually operated.

TNS: So tell me about this Joyent conference in New York. What is the goal here?

BC:  I love conferences in New York. In Silicon Valley, conferences can too often be a vendor echo chamber [of the] people who are designing the tools, the infrastructure. And that’s all it is if you don’t actually have people that are actually using the things to actually solve problems. The thing I love about New York is that you actually have folks who are solving hard problems that people care about. And yes a lot of that is financial services, but it’s not just financial services. You also have retail, publishing, and so on.

In my experience, great things happen when you have great technologists who are deploying technology along with great technologists who are building that core technology. Get those people in the same room, and you get uniquely great conversations.

I love one-day conferences. We are not seeking to monetize a conference. All we’re trying to do is get people together to have a conversation. It’s kind of the right way to do that: let something special happen for a day, then let people get back to their lives.

TNS:  Now, I know Joyent is part of both the CNCF (Cloud Native Computing Foundation) and OCI (Open Container Initiative), do you have any thoughts about the evolving open source ecosystem around containers?

BC:  I think the number one obstacle we have ahead of us in the container space in 2016 is reducing the confusion that we’ve generated. You’ve got a lot of different kinds of ideas about how it needs to be done. And the problem is the technologists who would be the early adopters for some of the stuff are saying, ‘There’s too much that’s not clear here. I’m going to hang back and I’m going to wait until some of this settles out.’ If everybody does that then it’s hard for them to settle out. You need early adopters who really drive this stuff.

I think right now there’s a lot of enthusiasm but I do think there’s an ambient confusion that is making it difficult. What I hope to achieve with the CNCF is to clarify some of the boundaries between these different components, elucidate these different layers and then you allow for people to innovate beneath them.

We’ve seen that time and time and time again. You actually don’t really unlock innovation until you can begin the plug-and-play components because then you’ll have components to go differentiate on the actual implementation, and it’s in that implementation that you have innovation. So my hope for CNCF is to help establish some of that consensus for some of these components and unlock some of the innovation.

Transcription services from Mara Kruk.

Joyent is a sponsor of The New Stack.

Feature Image: Joyent.

A newsletter digest of the week’s most important stories & analyses.