There are many technologies, concepts, and terms in cloud native technology. People who don’t understand them are often confused and confused. What are these concepts and what is the relationship between them?
That's all for this article.
This article is more about science popularization and literacy, and it does not intend to cover everything, nor does it intend to go into details. This article is suitable for people with a certain IT foundation to read, and complete novices and laymen may not understand it.
Completely incomprehensible cloud native
cloud computing? Cloud native?
云原生It is "cloud + native". Generally speaking, " 云" pays more attention to IaaS, that is, the infrastructure level (such as computing, storage, and network); " 原生" pays more attention to the PaaS level (such as containers, microservices). The reason why it is called "native" is because it is born for the cloud, it can be said to be born and grow in the cloud.
An academic might say: "Cloud computing is an architecture that flexibly provides basic IT resources, and cloud native is a method of creating and running applications on cloud computing." There is nothing wrong with this statement, but it is also useless , because it is too abstract.
In terms of vocabulary usage, according to my observation, "cloud computing" and "cloud native" have basically been confused. cloud computing” and vice versa.
The only difference is: People used to love to say "cloud computing", but now they love to say "cloud native".
After all, new words are always taller.
So, don't get too tangled up in this one.
What are the benefits of cloud native
In fact, this is equivalent to a question: why go to the cloud.
There are many benefits, 我本人and I think there are 3 most important points:
7 words: isolation, resilience, automation.
1. 隔离: In the traditional architecture, a network configuration error may cause the entire DC to fail, and a module failure may cause the entire application system to fail. And they are often difficult to locate and isolate. Cloud Native uses the capabilities of VPC, containers, and microservices to 虚拟isolate or split networks, operating systems, and application systems so that they do not affect each other. It is much safer that the operation, change or failure of one part will not affect other parts.
2. 弹性: When the service capacity of the application system is tight, it needs to be expanded, such as increasing the memory and CPU of the machine, or deploying new instances and doing load balancing. In the traditional environment, this requires a certain amount of work, especially the need for operation and maintenance. Personnel installation and configuration. When cloud native was first designed, it considered how to expand capacity more conveniently, faster, and more safely , such as the rapid generation of virtual machines and containers, automatic capacity expansion and load balancing. In this way, it used to be a matter of several hours, but now it can be done with a little finger movement, and it can be done in a few minutes or less.
3. 自动化Whether it is deployment, change, or maintenance, if a job involves multiple steps, requires multiple configurations, or even requires the cooperation of multiple teams, it will be very cumbersome and complicated, and the requirements for users will be very high , the probability of error will increase. If the relevant work can be completed with only one instruction and one button, it is a high degree of automation. Many designs of cloud native are to complete as complex operations as possible with as few instructions as possible.
How is automation presented to users? One is 图形化界面to make it easy for all kinds of users (platform tenants, operators, operation and maintenance personnel, and developers) to operate. For example, tenants (that is, customers) can apply for a virtual machine or a gateway with a click of the mouse; the second is 命令行界面, so that people who like the command line can call directly or write scripts; third API, let programmers write programs to arrange operations arbitrarily. In this way, people with a variety of different skill bases can do their best to achieve as much automation as possible.
The essence of cloud native is the softwareization of the entire IT process, that is, "software-defined everything" is realized in the IT industry, and it is the realization of scale and automation. The previously tedious, complicated, time-consuming and laborious technical work and manual work can now be done with ease.
Having said so much, let’s take a look at it now:
kubectl create deployment nginx --image=nginx --replicas=2
kubectl set image deployment/nginx nginx=nginx:latestThe above are two kubernetes commands. The first command deploys two nginx containers, and the second command updates them to the latest image version.
See how easy it is.
The basics of cloud native
Considering the nature of literacy, let's talk about the most basic things now.
1. 虚机: A virtual machine is a computer with complete functions that is virtualized on a physical server. People can create a virtual machine and install an operating system through the cloud platform, expand its capacity, and migrate it to another physical machine without downtime.
2. 裸金属: Bare metal is the physical machine managed by Yunna. Bare metal does not participate in virtualization and does not provide virtual machines, but it can also be managed by the cloud, and can be automatically allocated, recycled and managed by the cloud.
3. 存储Cloud: The cloud can provide block storage (such as IPSAN), file storage (such as NAS), and object storage (OBS). And all provide interface, command line and API to users, so that users can use and manage storage very conveniently. By pooling and virtualizing storage resources, the differences between different devices are smoothed out, and users no longer need to learn specific storage device knowledge, instructions, and configuration methods.
For example, in openstack, use the following command to create a volume called my_volume with a size of 10G, and then connect the created volume to the virtual server my_server through the command.
openstack volume create --size 10 my_volume
openstack server add volume myserver my_volumeLook how easy it is! As someone who doesn't understand storage at all, I can easily do it.
It can be said that cloud users work at the abstraction layer or logic layer, and do not need to understand the underlying details at all.
4. 网络: The cloud provides a virtual network, and the user can build separate virtual network partitions in the cloud and organize his multiple virtual machines without actually purchasing and monopolizing network equipment. This is achieved by creating virtual private networks (VPCs), virtual subnets, virtual routers, virtual NAT gateways, and more. Users no longer need to deal with the underlying network devices, users only need to "create" and "configure" in the cloud platform.
5. 容器: The container can be regarded as a lightweight virtual machine. It "contains" the application, and the application and its own needs 依赖(Depends) are packaged together to form a self-contained body. Containers can be deployed in various operating systems, regardless of the specific host. Compared with virtual machines, it is lighter, more convenient, and can be started in seconds.
The above are the most basic concepts. Relatively relying on infrastructure, if you go further up, you will encounter more "cloud native" concepts: 微服务, 服务网格, 函数计算, DevOpsetc., which are closer to development.
Next, let's continue, and some concepts will be mentioned again.
The most important concepts in cloud native
If you understand the following concepts and their relationships, you will have a bottom line.
1. Virtual machine
A virtual machine ( , Virtual Machine, or virtual machine) is a computer that is virtualized on VMa physical machine (also known as a virtual machine ), with the purpose of improving the utilization of computer hardware resources. 宿主机This is achieved by installing a VMM (Virtual Machine Manager, virtual machine manager) on a physical machine. The VMM allocates and schedules corresponding resources (memory, CPU, network, disk, etc.) to the virtual machine, loads the operating system of the virtual machine, and schedules the final physical resources required by the virtual machine. Generally speaking, one physical machine can virtualize 10 virtual machines.
Schematic diagram of the relationship between virtual machine, VMM, and physical machine
Compared with the container, the virtual machine is still a bit bulky, because it 虚机镜像contains the entire operating system, so it is usually several gigabytes in size. Virtual machine startup time is usually 1 minute or several minutes.
虚机镜像A file that contains information about a computer's operating system, installed software, data, and configuration. Image files are usually used as templates for virtual machines, so that multiple virtual machines with the same content can be quickly created when needed.
It is precisely because the virtual machine is not agile, convenient and fast enough that container technology was born.
2. Container
In an operating system, through process isolation, memory isolation, file isolation, user isolation, network isolation and other technologies, separate running spaces are formed. Each space runs applications and the programs and libraries they depend on. This is the container.
In this way, multiple containers share the same operating system, but are isolated from each other. Containers are usually small and can be started in seconds, which is very fast.
Containers are fully portable and can run compatible on any operating system or environment that supports containers. Because the software in the container and the required library dependencies are packaged and isolated from the host's library, there is no need to do various installations and adaptations on the host as before.
In the Linux operating system, there have long been methods of implementing application isolation through namespaces and control groups, so that the CPU, memory, disk I/O, and network usage of one or more processes can be isolated. Independent of each other, this is the Linux container (LXC) technology. But for users, LXC is not easy to use. Docker encapsulates these more complex container functions to form user-friendly operation commands or graphical interfaces, which makes containers popular.
3. Container Orchestration
容器编排In a large system, a large number of containers need to run at the same time. It is a bit cumbersome to manage each container directly. There is no doubt that Kubernetes (k8s for short) is the most popular container orchestration tool in recent years.
The so-called
编排(orchestration) refers to overall planning, organization, deployment, management, etc., to manage many complex elements in an orderly manner, and to achieve the goals specified and expected by the managers.
k8s provides many powerful functions, such as deploying containers, automatic expansion, load balancing, application updates, failure recovery, and container monitoring. In short, it allows users to deploy, schedule and monitor containers more easily and conveniently. Users can use descriptive files to describe the specifications, number and relationship of containers that k8s should deploy, specify service ports, organize multiple containers into an application, and automatically expand the number of containers according to the load of the containers.
For example, the following two sentences can expand the nginx container to five.
kubectl scale deployment web-server --replicas=5
kubectl rollout restart deployment/web-server4、VPC
VPC (Virtual Private Cloud, virtual private cloud) is an independent and isolated virtual network environment built in the cloud. In a cloud, there can be multiple VPCs.
Although there is a word "cloud" in the name, people prefer to call it "virtual private network", because it is more characterized by the network, and then the virtual machines and containers on it.
Users can independently plan IP addresses in the VPC, create subnets, and use network components such as virtual switches vSwitch, virtual routers vRouter, and virtual load balancing vLBs. Virtual machine isolation protection.
Compared with virtual machines and containers, virtual networks are more incomprehensible. If you want to quickly literacy, see my next article "Unintelligible Cloud Networks, What Are These".
5. Microservices
Microservice is an architecture, in which each functional module in the original application system is separated to form a service, which runs in different virtual machines or containers, and then calls each other in a standardized way. These services were originally coupled in one machine, but now they are all independent, and people can develop, deploy and manage them independently.
The goal of the microservice architecture is to make each service as simple and single as possible, each service only executes specific business logic, and has good horizontal expansion capabilities. Each service communicates through simple and lightweight communication protocols (such as REST, gRPC, etc.).
The advantage of microservices is that 一、便于隔离if a service breaks down, it will not affect other services. Unlike before, it is all in one machine, and if it breaks, it will infect one piece; 二、便于扩容if a service forms a performance bottleneck, expand the capacity of that service and make more container to run it. Unlike before, it is necessary to expand the entire application system. 三、便于维护, each service can be independently developed, deployed, operated and maintained, and a service is only responsible for a small team. On another level, the management of small teams is obviously easier than that of large teams.
In the microservice architecture, two concepts are often encountered: API网关and 服务网格.
API网关Provides centralized service request processing, integrates functions such as reverse proxy, load balancing, SSL offloading, identity authentication, current limit and fuse, timeout retry, traffic monitoring, log statistics, etc., and is suitable for processing external traffic (north-south). There can be one or more API gateways with different functions between the client and the background service. The most popular gateway proxies are Nginx, HAProxy, and Envoy.
For complex inter-service calls (east-west) within the system, in order to avoid bottlenecks, it is better to communicate in a distributed manner, which has become popular in recent years 服务网格.
6. Service Mesh
Since services always have to process requests, when the network is not good, they need to reconnect or do timeout processing. In this way, each service needs to implement mechanisms such as request retry, timeout processing, and circuit breakers. If each service writes such a mechanism, it is a bit uneconomical. If the service is still implemented in a different language, these parts must also be implemented in a different language, which is very uneconomical.
服务网格The idea is to extract this general function from each service. The earliest method is to provide SDK for the service (to facilitate service integration of general functions)
, and then gradually evolved to an independent agent to complete the general function: in each service A proxy ( sidecar) is run next to it, and the sidecar is placed as a separate container in the same k8s as the application container Pod( Pod is the smallest unit of k8s scheduling, and there can be 1 or more containers in it)
, and they share the same network. Sidecar handles incoming or outgoing request and response traffic, and implements functions such as routing, security, and monitoring.
For example: the Istio service mesh runs the Envoy proxy next to each application container of the service as a sidecar, and all sidecars are managed by the microservice control plane.
Service Mesh Composed of Sidecars
Note: Sidecar is an image metaphor, the original meaning is the sidecar next to the motorcycle.
real sidecar
This separation allows developers to concentrate on business, without really considering non-business functions. The general capabilities required by all services are placed in the sidecar.
It's as if the driver should concentrate on driving, and the communication and combat are handed over to the teammates in the side car.
7. Serverless
" 无服务器" does not mean that there is no server, but that users (such as developers) do not need to care about servers at all, and do not need to apply for servers, storage and networks. Users only care about their own programs, and all resource-related chores are handled by the cloud provider. When the code is executed, the cloud provider will start the resources, and when the code execution ends, the resources will be released. Users only pay for usage time, not for idle capacity.
This formulation is more like a concept, more like a product marketing speech, than a new technology, because behind the "serverless" is nothing more than virtual machines, containers, and microservices, but users can ignore them. These are all provided by cloud service providers, and users just need to focus on their own programs.
函数即服务(Function as a Service, FaaS) is the most commonly mentioned serverless architecture, although it is only a type of serverless. Use FaaS, the user puts the function on the cloud (upload the code as a zip file or a container image), and when needed, it can be called through HTTP. The user only needs to pay for the execution time of the function, the container where the function is located, and the required Runtime is scheduled and managed by the cloud service provider. Common FaaS products are AWS Lambada, Azure Functions and Google's Cloud Functions.
Obviously, this kind of function that runs for a while and shuts down for a while is only suitable for that kind of transient operation, that kind of very simple, stateless operation, such as simple calculation, updating records, sending messages, and writing data.
In addition to FaaS, there are other serverless, such as serverless DB, which does not require users to manually maintain and configure server resources, but automatically expands and scales.
In short, as long as the user originally considered the server but now does not need to consider the service of the server, it is Serverless.
8. Infrastructure as Code (IaC)
Most programmers don't like to touch hardware, they like to indulge in software thinking. When they have to touch and manage hardware (such as being rotated or for various reasons), they are determined to use software to manage these hardware.
基础设施即代码(Infrastructure as Code, IaC) uses a programming language to describe the infrastructure (servers, network devices, storage devices and other hardware) they want to operate and manage. In this way, deploying and managing heavy hardware devices is nothing more than typing a few It's just a sentence of code, and you don't need to fuck like before.
This is automation that hardware maintainers have dreamed of for years. Now, people just write a script, use the script to deploy the server, and configure any infrastructure services such as various networks, storage, load balancers, etc. Then, just by executing this script, you can deploy a highly consistent infrastructure in a completely different AZ (AZ is the availability zone, which will be introduced later). Previously, such a task would have taken several people and weeks to complete. Now, it can be done in a few hours.
Infrastructure as code, in other words, 软件定义基础设施.
9、DevOps
DevOps (it is the abbreviation of "Development" and "Operations") is the automation of the entire process from development to operation and maintenance. Automatically compile, test, build containers, upload containers, deploy, release, monitor, alert, etc. If a bug or problem is found, the team can quickly iterate the process, modify the code, and then automate compilation, testing, deployment, Release, etc., you can come here 10 times a day!
At the 2009 O'Reilly Velocity conference, two Flickr employees gave a presentation entitled "10+ Deploys Per Day: Dev and Ops Cooperation at Flickr" 1 , which caused a sensation and then flourished.
Of course, this requires the organic connection of multiple tools and multiple scripts.
In the past, this process was lengthy, and the cooperation between the development team and the operation and maintenance team was not easy. Because they have different departments and leaders, and have different cultures, their goals and interests are not aligned. From development to launch, there are various processes and approvals in this process. Can there be 10 releases in a day? Just kidding, once in 10 days is not bad. It’s great now, everything is automated, a small team, from development to release, has done everything, and it’s very fast, and the operation and maintenance personnel hardly need to do it, or almost don’t need to show up.
In essence, DevOps is the people who are engaged in development finally help the people who are engaged in operation and maintenance, and automate the mess of operation and maintenance (people engaged in operation and maintenance are usually not very good at writing code)
. I think this must be some company that insists on forcing developers to do operation and maintenance, so they have no choice but to use their housekeeping skills to benefit themselves. The automation of the development stage was almost done when they were doing it nearly twenty years ago. 敏捷开发They did it a long time ago CI(continuous integration)
, and then they did it CD(continuous deployment)
. In the past ten years, they have passed the previous Containers, microservices, k8s and other technologies, coupled with some new methods and new tools, have also taken care of the operation and maintenance section, and they have finally opened up the two lines of Ren and Du.
People who admire DevOps will say that it is far more than that. Yes, they have put all kinds of ideas, concepts and methodologies into DevOps, so that people seem to have forgotten what it was originally intended to be dedicated to. I wrote an article before about how to grasp the essence of DevOps 2 from a high level . If you are interested, you can read it.
The picture below will help you get a general overview. This is just a framework, quoted from 3. The space is limited, so I won’t explain it in detail here.
A DevOps working model
滚动发布Is a method of releasing software updates. The new version of the software is first released in a small area, and if there are no problems, it will be gradually expanded to a larger area. In this way, if there is a problem at the beginning, only a small number of users will be affected. Similar concepts and names are灰度发布,金丝雀发布. In the past, miners put a canary into the cave to prevent poisonous gas before going down to the mine to see if the canary survived.
Going Deeper: What's Behind Cloud Computing
The following content is a bit low-level technology.
If you don't want to learn more, just skip this chapter.
1. Cloud platform and cloud management platform
When the term "Cloud Management Platform" (Cloud Management Platform) was first introduced to me n years ago, I was really confused.
I thought to myself, isn't the Cloud Platform just like Openstack? Why is there another "cloud management" platform?
It was only later that I realized that it turned out to be a little different.
云平台More refers to the cloud computing platform, which is more technical, and provides computing, storage, database, network, security and other infrastructure services for customers to deploy and run applications on the cloud. For example, OpenStack provides IaaS, Docker and Kubernetes provide PaaS, etc., all of which belong to cloud platforms.
云管平台As can be seen from the name, it focuses on management, and focuses on unified management in multi-cloud, hybrid cloud, and heterogeneous cloud scenarios. It provides users with a unified operation console and operation and maintenance console. The so-called operation console is to provide users with functions such as login, resource activation, use, and configuration, and it has reached 自服务the level of " "; the so-called operation and maintenance console is to allow operation and maintenance personnel to monitor and manage the status of physical resources.
The so-called "
自服务" means that customers can create and manage virtual machines, storage space, network resources and other cloud services by themselves through the platform interface or API without the participation of other professionals. It will work.
There is an obvious difference between the two: the cloud management platform can manage multiple clouds and multiple regions in a cloud, while the cloud platform can usually only manage resources within the region.
In my opinion, the cloud platform is more technical and closer to the infrastructure, while the cloud management platform is packaged on the basis of the cloud platform to provide cloud services to users in a more convenient and easy-to-use way.
However, just as the terms "cloud computing" and "cloud native" have been used interchangeably by people, "cloud platform" and "cloud management platform" are often used interchangeably. You hear him say "cloud platform", but he is very There is a high probability that they are talking about "cloud management platform".
2, Region
RegionThat is, a collection of infrastructure services in a physical area within a cloud. Physical resources (computing, storage, and network) between different regions are completely isolated and not shared.
There can be multiple Regions in one cloud, and each Region can be located in a DC (data center)
in a different city , or in a different DC in the same city. Whether different DCs can be placed in one Region depends on the latency. If the latency exceeds 2ms, they should be in different Regions, because the same Region has higher requirements for latency.
The time delay between different regions should also be within 100ms4 , because the cloud management platform also has requirements for the time delay of the command issuance and information reporting of the Region.
The communication between different Regions uses " 云连接" and is realized through " 专线网关". This gateway can be a software or a hardware switch (also known as a dedicated line switch). See my next article about cloud networks for this.
Each Region contains several independent, physically separated AZ, and each AZ can have independent power supply and cooling.
3. Availability Zone (AZ)
可用区(Available Zone, AZ) can be simply understood (although not always)
as the computer room and its computing, storage and network resources. There are multiple computer rooms in a Region, and each computer room is an AZ. Different AZs use different power and cooling, and use independent computing, storage, and network resources (but the networks are interconnected)
. This way, even if one AZ is unavailable, the other is still available. The communication delay within the AZ should be less than 0.25ms.
AZThe A in AZ means Available. Generally speaking, different AZs use independent basic environments such as power, cooling, and computer room modules. If the application system wants to achieve high availability, multiple copies should be deployed in different availability zones at the same time, so that if one AZ fails, another AZ can provide services.
Bare metal and physical machines with different CPU architectures are usually deployed in different AZs; in the same AZ, different host groups (host aggregates) can be divided according to different performance attributes, so that administrators can further distribute virtual machines by group5 . Different host groups provide different host resources, but storage and network resources are shared.
The subnet of VPC can cross AZ. For example, in the same subnet, VM1 is in AZ1 and VM2 is in AZ2. They can simultaneously serve as web servers. In this way, even if the entire AZ1 is unavailable, VM2 can still provide services.
4、SDN
Traditional network devices are distributed and decentralized. Each device can know how to forward data packets through autonomous learning and manual configuration, without the need for a centralized control device. SDN is like the software brain of each network device, so that each network device no longer uses independent learning and manual configuration, but the brain issues commands to tell each device how to forward data packets.
SDN(Software Defined Network) That is 软件定义网络, that brain is called the SDN controller.
Why does SDN change the original distributed operation into centralized control? Because if each network device has to be manually configured and managed, it will be too troublesome, error-prone, and difficult to centralize management and control. If the ability is enough, it's better to manage it together.
In a virtual network, virtual network devices such as virtual switches, virtual routers, and virtual gateways are all managed by SDN.
5. Network resource pool
The network resource pool consists of a group of network hardware devices (such as switches, routers, etc.), providing underlying communication functions for upper-layer virtual networks, virtual machines, and storage.
It's a bit complicated to say, generally speaking, the application system Overlayruns on the virtual network ( ), and the virtual network Underlayruns on the physical network ( ) based on tunneling technology.
Technically speaking, the Layer 2 data packet of the Overlay is encapsulated in the Layer 3 packet of the Underlay for transmission, and after reaching the destination, it is decapsulated to obtain the Layer 2 packet of the Overlay. In fact, this is a "L2 over L3" tunnel encapsulation technology, and the current mainstream tunnel encapsulation protocol is VxLAN.
If Overlay's network data encapsulation and routing are implemented by software, it is 软件SDN(also called 主机Overlay), if it is done by hardware network devices, it is 硬件SDN(also called 网络Overlay).
A Region needs a set of network resource pools to provide underlying data packet forwarding shared by the Region (multi-AZ, multi-VPC). , the network switching across the computer room modules is realized through a set of Core node (Super Spine) switches.
In the mainstream scenario of host overlay, the network devices in the network resource pool don't care which VM in the upper layer communicates with which VM, they just forward data packets faithfully, and they don't care about the virtual network communication in the tunnel.
Build a virtual network on the physical network through tunnels
The above figure uses two Super Spines, four Spines, and eight Leafs. By deploying them in different computer rooms, a set of network resource pools is provided for common use by multiple AZs. In this way, although the VPC subnet and the virtual machine may be in different AZs and computer rooms, the communication between them through the VxLAN tunnel is like Layer 2 communication under a switch.
So, what is cloud native
Seeing now, you probably know what cloud native is.
The entire IT has been cloudified. Whether it is development or operation and maintenance, they are all using the cloud, relying on the cloud, and developing the cloud.
Everything in IT is defined by software as much as possible, and virtualized as much as possible. Everything is for simplicity, automation, flexibility, and security.
All people who use the cloud can complete things that were previously complicated with just a few clicks of the mouse.
While IT is digitally transforming other industries, it is also digitally transforming itself.
Essentially, the IT guys finally set themselves free.
They lamented that 云the inside 原is what we 生should live.
Text|Wei Jianfan
Reference link:
10+ Deploys Per Day: Dev and Ops Cooperation at Flickr(https://www.bilibili.com/video/av929343748/)
Cloud Native: Building Next-Generation Applications Using Containers, Function Computing, and Data (https://e.jd.com/30613841.html)
Global, Region, AZ, Resource Pool and Host Group in Cloud Stack (https://bbs.huaweicloud.com/blogs/231197)
Concepts of region, az, host aggregate, and cell in openstack (http://t.zoukankan.com/xingyun-p-4703325.html)