Do You Still Need OpenStack When Using Docker? A Technical Comparison

Background

Docker, created by Solomon Hykes, provides lightweight containers based on Linux kernel isolation (LXC). Containers share the host kernel, avoiding the overhead of a full guest operating system that hypervisors such as KVM require. This results in faster I/O, lower CPU and memory consumption, and the ability to run directly on bare‑metal servers.

Performance comparison with KVM

Benchmark data presented at DockerCon by Boden Russell compared container startup time, CPU usage and memory consumption of Docker versus KVM virtual machines under identical workloads. The results showed:

Container startup in a few seconds versus several tens of seconds for a KVM VM.

CPU utilization for Docker was typically 10‑20 % of that required by KVM for the same task.

Memory footprint of a Docker container was an order of magnitude smaller than a KVM instance.

These differences translate into lower operational cost when the same workload is run on KVM.

Relationship to OpenStack

OpenStack is a cloud‑management platform that orchestrates compute, storage, networking and multi‑tenant isolation. It does not prescribe a specific hypervisor or container runtime. Docker can be deployed on top of OpenStack, on bare metal, or on any other cloud platform. Consequently, comparing Docker directly with OpenStack is a category error; the two operate at different layers of the stack.

Key technical considerations

Docker and KVM can coexist. OpenStack can manage KVM compute nodes while also provisioning Docker containers on those nodes.

The choice of hypervisor (KVM) versus container runtime (Docker) affects only the compute layer; higher‑level services such as networking, storage and identity are provided by OpenStack regardless of the underlying technology.

Docker is not a full‑featured virtual machine. It has known limitations in isolation security and limited Windows support, which the community continues to improve at the cost of some performance overhead.

Performance metrics differ: native hypervisor throughput, container runtime efficiency, and end‑application response time are distinct measurements and should not be conflated.

Embedding Docker containers inside a KVM image does not materially affect container behavior; orchestration tools (e.g., Heat, Cloudify, Kubernetes) manage containers on top of the hypervisor.

Orchestration support

OpenStack’s orchestration service Heat added native Docker support starting with the Icehouse release. Cloudify, an open‑source TOSCA‑based orchestrator, also supports deploying Docker containers across OpenStack, VMware, AWS and bare‑metal environments.

Conclusion

OpenStack should be viewed as the overarching data‑center manager, while KVM provides virtual‑machine based compute isolation and Docker offers lightweight application packaging and deployment. In many scenarios—such as DevOps pipelines that require rapid provisioning of test environments—running Docker directly on physical servers is sufficient. When a unified management plane is needed, OpenStack can orchestrate both KVM VMs and Docker containers, allowing seamless migration between the two.

Original source: http://natishalom.typepad.com/nati_shaloms_blog/2014/11/do-i-need-openstack-if-i-use-docker.html