> OpenStack is a cluster of poorly-interoperating, poorly-documented products -- The customer experience is fucking terrible.
I assume you were unfortunately a victim of Mirantis/Fuel/Puppet/Mcollective... or one of the 'converged' solutions.
While I wouldn't call OpenStack "fun" Especially in the Essex to Icehouse era, where vendors seriously impacted the code stability...It is just a well documented collection of separate components that interact using REST api's and RPC like calls over a message bus.
Nvidia, Cern, JPL, and lots of smaller companies that need private clouds and have the expertise are still running OpenStack.
For me the main value is the ability to have portability between public and private.
If you just use the ansible playbooks included in every OS repo, it is pretty easy to roll your own deployments that are quite easy to maintain if and only if your company is mature enough to follow that model and isn't subject to the soicotechnical issues that plague containers too.
While the workflow changes, the hard parts of OS and k8s, including networking, monitoring, etc,.. are exactly the same.
As a random example of what always screws this up let me point at kubespray, which is not unique at all.
That is because, like many projects, they didn't respect the natural boundaries of the node components, and they are now paying the price for that debt.
k8s and OS from an infrastructure point of view are equal in complexity. It isn't instantiating a container with CRI foo, or libvirt command bar that is the hard part.
It is the distributed computing, virtual networking , resource allocation, federation, API's etc... that is hard.
Note, if you think that the "OS is dead" for all needs, especially in the telco space, you may want to dig into what containers actually are. They are just namespaces running on an OS, and it will still be horses for corses as to what is appropriate.
Especially if you are using the easy ways of instantiating hardware for k8s, almost all of them are highly insecure by default and you are going to have to dig into the same style of systems with similar components or you will have a leak of data at some point.
I wish there was something better than OS, but if you use a dev mindset and not a glass house IT mindset it is a very useful tool that may be the least worst option for you for some needs.
No and No. It's not about the complexity of it or being any worse/better than K8s.
It's about the endless bugs and regressions and laundry list of stupid problems caused by inadequate processes by OpenStack developers.
For example, let's say you're running Cinder v3. Cinder 3.59. You want to get the volumes that you have attached to an instance, so you curl the API:
/cinder/v3/<instance id>/attachments. You get a 404.
You get a 404 because you didn't pass this header: "OpenStack-API-Version: volume 3.27". Because Cinder defaults to Cinder 3.01 behavior even when you're running 3.59. Attachments were only added in 3.27. So even though you're trying to curl a route that wouldn't even exist in 3.01 and you're running a version clearly later than 3.27, the API responds as if it's Cinder 3.01 unless you specifically tell it to do otherwise.
And this is just one of the laundry list of stupid situations that I can remember off the top of my head.
When the thing isn't otherwise failing all the time.
That isn't a bug, that is correct behavior under their contract model (which I will admit isn't my favorite).
It is common for message based systems for the target system to own the contract, and they have both the / and /v3/ endpoints that you can grab the version information from.
While I personally prefer the URL method, when versioning through custom headers, if you bump the API without that custom header, you will break way more than returning correct behavior for the minimum supported version, enforcing backward compatibility for API's is generally considered a best practice.
Note:
> If the OpenStack-API-Version header is not provided, act as if the minimum supported version was specified.
I assume you were unfortunately a victim of Mirantis/Fuel/Puppet/Mcollective... or one of the 'converged' solutions.
While I wouldn't call OpenStack "fun" Especially in the Essex to Icehouse era, where vendors seriously impacted the code stability...It is just a well documented collection of separate components that interact using REST api's and RPC like calls over a message bus.
Nvidia, Cern, JPL, and lots of smaller companies that need private clouds and have the expertise are still running OpenStack.
For me the main value is the ability to have portability between public and private.
If you just use the ansible playbooks included in every OS repo, it is pretty easy to roll your own deployments that are quite easy to maintain if and only if your company is mature enough to follow that model and isn't subject to the soicotechnical issues that plague containers too.
While the workflow changes, the hard parts of OS and k8s, including networking, monitoring, etc,.. are exactly the same.
As a random example of what always screws this up let me point at kubespray, which is not unique at all.
Note the: > Remove docker requirements https://github.com/kubernetes-sigs/kubespray/issues/6400
That is because, like many projects, they didn't respect the natural boundaries of the node components, and they are now paying the price for that debt.
k8s and OS from an infrastructure point of view are equal in complexity. It isn't instantiating a container with CRI foo, or libvirt command bar that is the hard part.
It is the distributed computing, virtual networking , resource allocation, federation, API's etc... that is hard.
Note, if you think that the "OS is dead" for all needs, especially in the telco space, you may want to dig into what containers actually are. They are just namespaces running on an OS, and it will still be horses for corses as to what is appropriate.
Especially if you are using the easy ways of instantiating hardware for k8s, almost all of them are highly insecure by default and you are going to have to dig into the same style of systems with similar components or you will have a leak of data at some point.
I wish there was something better than OS, but if you use a dev mindset and not a glass house IT mindset it is a very useful tool that may be the least worst option for you for some needs.