Ali, so we help customers achieve business cloud cloud moved the original biochemical

 

 

"This paper finishing from Ali cloud senior development engineer Haoshu Wei (Liu Sheng) in the General Assembly speech, access to all cloud native PPT special collection, please reply to" 724 "at the Ali Baba public cloud native backstage No."

 

July 24, Ali cloud Developers Conference officially held at the Expo Center Shanghai, the General Assembly focused IT infrastructure cloud, cloud database, open source big data, networking and cloud native and other topics, share on the cloud to the thousands of developers dry technology development.

 

Cloud native time has come, native cloud technology is reshaping the entire software life cycle, Ali Baba is one of the earliest native layout cloud technology company.

 

Container services team to help in the past few years many users successfully the business cloud original biochemical and migration on the cloud, which is now our TOP10 large customers, but also overseas users need to conduct business in the country, some of them from other cloud users manufacturers migrated, some users migrating from IDC in the cloud, and more and more users begin to cloud the original advice on how to do biochemical transformation of their applications, how their business smoothly migrate to the cloud.

 

Each user's business scenario is different, there are some differences of business scenarios on container platforms, there are some customization needs, we are constantly thinking about how to put these things CCP cases of helping move these users to implement the cloud program at the same time do some precipitation, summed up some excellent solutions, best practices, and to develop some tools to help users quickly complete this thing to move the cloud. These solutions, best practices, and tools are moved to the cloud today want to share content of this article.

 

Prior to help users move to implement the cloud program, we first must answer at least three questions:

• (1) ACK (Ali cloud container service Kubernetes) How to ensure the reliability, stability, security and flexibility of user traffic;
• (2) how to design the program to move to a cloud service smooth migration to the ACK;
• How to (3) apply for further reform to adapt greater expansion capabilities provided by ACK.

 

How ACK ensure a variety of characteristics of the user's business

 

 

• First, ACK is Ali cloud IaaS platform for reliable and stable base, maximum flexibility and cost advantages of globalization and access;

 

• Secondly, ACK itself is under a cloud Ali security architecture and environment security hardening full dimensions of the container cluster running from the infrastructure to the container; in the past few years we have run the business well supported hundreds of small and large businesses , there are massive users and lessons learned through dual 11 verified;

 

• In addition, ACK is the standard Kubernetes basis, the ability of the user to do a closely related increased dramatically, users do not need to worry about being completely bind a vendor.

 

 

In the case of our past to help business users on the cloud, the vast majority are self Kubernetes cluster migrate to ACK cluster, compared with the self Kubernetes cluster, ACK high degree of integration in terms of cost, flexibility, IaaS, performance, security, and strengthening practical experience and so we have a very great advantage.

 

 

In addition, all region ACK consistent with Ali cloud, in addition to China more open service areas outside, in Southeast Asia, the Middle East, Europe, US East Coast US West has open service, fully meet the needs of users conduct global business.

 

Overall moved to cloud design

 

Users move the whole business cloud design involves planning the cluster, data relocation, control switches, as well as the final production log switch or switches traffic and network operations.

 

 

To move cloud which components need to involve ACK, which data relocation, which service switching, are required of the user has a clear idea.

 

• First cluster planning needs to be done, you need to select a different machine types, depending on their own business scenarios, such as GPU-CPU machine or machines, such as virtual server or Dragon ECS bare metal servers, network planning, this chapter comes to a container cluster infrastructure options vpc classic network or intranet network, a communication mode in a pod between the cluster mode or flannel terway mode;
• In this part of capacity planning, users can according to their cost and budget planning an initial capacity to meet the normal operation of the business can then be configured dynamically scaling capacity at any time bomb reduced cluster size;

 

• In this part of the security upgrade, there are infrastructure security such as setting reasonable safety set of rules, such as the use of private security there is a mirror image mirroring and define security scanning, K8S apply security settings such as network security policy management between different services such as access to each other;
• This monitor switches self Kubernetes portion relative to the user will be more full-dimensional and three-dimensional, from the container to the infrastructure runtime monitoring readily available, and can trigger an alarm threshold is set according to the notification. Users generally will put the log collection program switched to a self-built enterprise-class log Ali cloud products SLS;
• Data migration is a very important part of these data, including database data, data storage, container mirroring, we'll docking Ali cloud enterprise-class products as well as crude a migration tool, is designed to ensure the reliability of data moved to the cloud, security ;
• The main contents of the application transformation involved include the update image address, update and adapt storage disk optimization services exposed the way to mount the way; the last to meet the user to provide a rapid iteration on-line products CICD program.

After each of the above components commissioning is completed, we will be able to switch part of the production flow. All aspects of cloud migration on the need to involve the cluster from planning to production traffic is switched user traffic.

 

 

We provide a container enterprise life cycle model, this model is based on the time period and user sides of the respective business division of roles:

 

Such as business architect role need to care about is the value of what business brings clouds give the company, which optimize on the scene and will bring TCO, cloud platform in security and computing, storage, network capacity whether it can meet current business needs ; IT architects responsible for planning cluster and network capacity and scale issues such as selection of current business needs, the rest is system administrators and application administrators to plan all the details of the implementation of cloud moved down.

 

The main core concerns of this model is the cloud service allows users to be more stable, lower cost and higher efficiency.

 

 

Full-stack cloud infrastructure to move ideas in two ways: one is the overall migration a smooth migration.

 

Overall migration refers to the migration of all user applications on the cloud, various components of debugging, after the acceptance test passed, you can switch to the overall production flow line cluster, the cluster to be online business for some time before the stable operation of the existing environment offline .

 

Smooth migration means that the user can use online and ACK cluster node is satisfied pipeline, or hybrid network to provide services both online and offline cluster clusters, clouds will gradually transform the business component of the original environment off the assembly line.

 

Both methods compared to the overall migration easier, smoother migration loudness complex but little impact on the business, so it needs to make choices based on the user's actual scene.

 

 

Container of overall cloud moved to this part there are two small scenes:

 

A user is migrating from self Kubernetes cluster to the ACK, the user's application has been made under this scenario the original cloud biochemical transformation of a large part of the migration will be relatively simpler;

 

There is a traditional part of the user's application applications run directly on bare metal or virtual machine server, has not done any cloud biochemical transformation of the original, for this part of the scene, we also provide the tools or programs to help users to cloud the original biochemical the move cloud transformation, such as the use  derrick  project can automatically detect the type and source projects generate Dockerfile yaml file for application deployment and orchestration, such as we are jointly ECS SMC (moved to the cloud center) developed the virtual machine containers conversion mirror and run ACk cluster capacity.

 

 

To help users improve the efficiency of cloud moved, we have continued to accumulate and move some of the open source cloud tools.

 

Such  ack-image-builder  provides users created from template definition cluster node ACK mirror image and custom ACK cluster meets the requirements by checking module checks; Sync-the repo  can help users to quickly migrate to the bulk container mirroring  the ACR (mirror container warehousing services) ;  Velero  can help users quickly to other cloud vendors who complete self-built applications in Kubernetes cluster migrate to ACK cluster.

 

[Velero migrate Kubernetes applied to video ACK the DEMO] ( http://cloud.video.taobao.com/play/u/3300558962/p/1/e/6/t/1/232004050150.mp4)

 

 

In the data relocation section, reliable migration is the key, according to the different types of user data, we will use the matching enterprise-class migration tool, such as online data migration service DOMS, such as OSS migration tools, as well as off-line mass data migration scenarios lightning Cube.

 

 

Data, applications moved to the cloud after the completion of the need for further adaptation monitoring, logging and other components, each component to be debugged by the acceptance, use intelligent DNS cutting production flow.

 

Application transformation and optimization

 

 

For this part of the application transformation and optimization, under K8s to K8s scene, optimization is needed to adapt those automatic expansion capabilities such as self K8s not available, move to the next ACK scenario in traditional applications, this part of the workload will bigger, so we focused on this scene also export some programs, such as similar to the off-site live programs, we have the traditional user application environment, usually a bare-metal or virtual machine environment integrated into the grid line Istio ACK deployment, the gradual transformation of the application until all switch to online business ACK cluster.

 

 

In this process of gradual transformation of the application, the application will be related to how containerized, how the network environment, migration, and data migration issues.

 

Application container of this problem, we can use a service I mentioned earlier called SMC moved to the center of the cloud to complete the virtual machine to a container mirroring process, this part of the network by iptables, External, CoreDNS PrivateZone etc. on the IP address of the DNS domain name to do, keeping the original logic IP and domain name unchanged, and manage virtual routing and network of observation by Istio.

 

Case

 

A typical case is shown below:

 

 

The next move is part of the cloud case:

• Users have special needs for high performance network;
• Users do have the depth of learning related business there is a demand for large-scale GPU machine;
• That asks the user model server bare metal, and the like.

 

ACK cloud moved the original biochemical cloud solutions, hybrid cloud management capabilities 2.0 release

 

On a cloud native real scene sub-forum, Ali cloud officially released cloud container services ACK original biochemical move cloud solution, 2.0 hybrid cloud management capabilities.

 

ACK cloud moved the original biochemical cloud solutions

 

Biochemical original cloud moved to cloud solutions aimed at achieving the overall container of cloud moved. Program can help users quickly moved to the cloud program evaluation, implementation and production moved to cloud traffic is switched to raise the overall user service reliability, security, flexibility and reduce development and maintenance costs and provide users with comprehensive protection, allowing users to focus business innovation.

 

ACK management mixing 2.0

 

ACK mixed management capacity 2.0 provides a unified multi-dimensional capability, further reducing the workload of developers:

 

• First, to provide unified management capabilities. IDC users can nanotube clusters and various K8s own K8s cluster, using a unified control plane unified security management, application management and monitoring, logging capabilities.

 

• Second, the ability to provide dynamic elasticity in a unified resource scheduling basis. To help customers make better use of cloud computing resources to achieve elastic expansion, calmly deal with unexpected traffic.

 

• Finally, a unified service governance. You can achieve the nearest access, failover, gray-release and other functions, with the ability to easily Ali cloud hybrid cloud support support cloud disaster recovery, remote applications such as live scenes.

 

Not long ago, Ali cloud released Edge @ ACK cloud edge end integrated cloud edge native container products. At the conference, Ali technical experts elaborated on how the edges of the container floor in Ali cloud CDN. CDN second change being, in order from the content distribution service oriented computing edge into which nodes After transformation can also be upgraded to include a memory, calculation, transport, security features cloud computing node formed mass processing a high frequency, high interaction ability of data.

 

Ali cloud ENS is based CDN service edge node, in the opinion of Ali cloud: "Cloud native" will play a greater value in the cloud side end integration era.