Scale, performance, flexibility fully upgraded, so that the world is not difficult to use K8s

Author | Tang Zhimin Ali cloud responsible for the development of container services

Kubernetes cloud infrastructure is a native of the times, distributed operating system on the cloud.

September 26 container special Yunqi General Assembly, in "turning point has been to, cloud native to lead the digital transformation and upgrading," the speech, container services development leader Tang Zhimin said: "Ali cloud container service already has a public cloud container cluster largest of According to major international evaluation agencies show that its market share and product comprehensive ability in the first.

The container service ACK2.0 comprehensive upgrade in size, performance, and resiliency capabilities, support for single-node cluster Wan, security sandbox container 90% of native performance, elasticity of minutes one thousand nodes. In addition, container services have been deployed in 20 regions worldwide, launched a native cloud architectures and hybrid cloud 2.0 ACK @ Edge, to create security intelligence borderless cloud computing.

According to the speech content of the discussion, concern Alibaba Cloud native public number, reply ' cloud native "get this article PPT.

Important productivity K8s, native cloud era

In the early days, K8s running applications are mostly stateless applications, but now more and more of their core business, innovation and business intelligence data services also run over K8s. Ali cloud to cloud their products, for example, including enterprise-class distributed application services EDAS, micro-services engine MSE, intelligent data management platform Dataphin, data analysis Data Lake Analytics Lake also deployed on vessels serving ACK.

Today, Ali cloud real-time computing products launched simultaneously cloud native real-time calculation Flink version, let Flink can be deployed on top of the user's K8s cluster, so that online business and Stream Computing share a K8s cluster, reduce operation and maintenance costs can enjoy flexibility. We are witnessing K8s in the infrastructure cloud original era of life, become distributed cloud operating system, a platform for the platform. A large number of companies enjoying agility, flexibility and portability native cloud brings.

Why do we think, "says the native inflection point has been to"?

CNCF in August issued a biennial report, the results showed that:

• In the native cloud applications and projects growth in production of more than 200%
• StackOverflow annual developer in this year's report pointed out, container and Kubernetes has become the most popular items after Linux
• Gartner best practices in containers this year's prediction: "By 2022 there is an application container of 75% of global businesses will use in production."

There are indications that container technology has gradually deep plowing the ground.

Tribute to the pioneer of the field of container

Let us first review under the common development of the road Ali cloud container services. In 2011, Ali took the lead in the domestic layout container technology. By the end of 2015, on-line container service beta, and today has four years, is now open service in 20 regions worldwide, served from the Internet, finance, government, manufacturing and other industries from China, North America, Europe, Southeast Asia and other places of tens of thousands of users and businesses, has the largest public cloud container cluster. Thank you for companionship, container services business growth for three consecutive years over 400%, as of August month over 300 million image downloads, container services has gradually become the preferred native cloud applications.

In addition, container service also has been recognized international authority consultant. Gartner released in June of public cloud container services competitive landscape, Ali cloud is the only access to the report of the domestic cloud vendors. In July, the container Forrester report, Ali cloud in a strong performers in the world in market share and overall competitiveness of domestic products ranked first.

 

In addition to Ali itself, more and more enterprises also enjoy the dividends native cloud technology. Home-based three-dimensional container to move fast cloud, cloud to enhance resource utilization. Minsheng Bank based Kubernetes optimize their core application architecture, accelerate business iteration. Kubernetes micro-bogey on the unified management of heterogeneous resources, accelerate AI calculations, to promote the application of intelligent data; multinational Siemens will open its operating system MindSphere Things deployed on ACK, shielding the underlying infrastructure differences and achieve strategic cloudy.

Three-dimensional home is a company from Guangdong, he would panoramic 3D technology into home design, leading the home improvement industry changes. In the past, the traditional way of self-built three-dimensional house IDC, the operation and maintenance team "package lump sum", time-consuming, the team exhausted, it is difficult to keep up with the demand for business development counted forces.

2018, three-dimensional home began to migrate part of the business to the cloud, unified rendering task to reconcile the home-based business service container ACK and nearly bare metal table service. Three-dimensional technology home through the container, the final batch handover complete line of business, the overall application cloud relocation accumulated only three days. Before the cloud, when it comes to expansion of resources, the workload is very large. Now the container can be used to automatically elastically stretchable, 3 minutes opened bare metal servers 100, service features to deal with peaks and valleys. In addition, the use of Kuberentes built in gray scale publishing capabilities, can provide different versions of the rendering techniques and different iterations based on customer service levels, payment models.

I believe we have used microblogging, microblogging big V and popular microblogging very interested. Microblogging currently has over 200 million users daily living, that microblogging is how these hot content pushed to each person according to the different interests of users, thousands of people achieve a Thousand Faces. Behind this there is merit microblogging online machine learning. Microblogging platform machine learning can be calculated in real time and online learning applications to popular micro-blog and feed business scenarios such as streaming, real-time sample by mass analysis, training and service models.

Online learning services link the entire length, real-time and stability requirements from online services is very high. In order to give full play to the advantages of off-line mixing unit to provide efficient and reliable service management, dynamic resource scheduling elasticity, microblogging adopted all on K8s program:

• Splicing the sample, through the use of aliyun Blink on ACK scheme, the same resource, the performance of real-time calculation program has 2.4 times more open lift;
• Training in real-time, real-time support ten billion and one trillion sample latitude large scale sparse model;
• Reasoning model, by inference from research framework program on ACK, heterogeneous cluster resources unified mixed tone
• Degree, online service capabilities to provide high-performance, support 500,000 peak QPS.

ACK 2.0 new upgrade, let K8s the world is not difficult to use

Many have not yet large-scale practice Kubernetes enterprises and users, you may want to know what Kubernetes production floor experience and pain points. We did some research, we prevalence of the following pain points problem: how to ensure safety and compliance K8s on the application? How unified management under the cloud K8s cluster and cloud? It Yunwei such as large-scale K8s cluster? How to take full advantage of the rich K8s on downstream ecosystems?

In response to these problems, Ali cloud container services team combines extensive hands-on production environment, a series of comprehensive features to help enterprises to really Kubernetes landing.

To-end enterprise-class security capabilities

First we look at the field of security, how to protect enterprise-level cloud security capabilities native end to end age.

Container and cloud security challenges of the times and the native traditional security What is the difference?

• The first is a high density and high dynamic. Traditional times a machine only ran a few applications, but will now run hundreds of applications on a single server, the original density ten times. Further taking into account the characteristics of automatic recovery container, the container A machine moment, the moment will always shift to another machine.
• The second is agile and fast iteration, container + DevOps release of the application is very frequent, is the traditional times.
• Third, open standards, social software industry division of labor era, more and more untrustworthy the introduction of three-party open source software has also increased security risks. These containers will be on cloud features native security put forward higher requirements.

To address these security risks, container services launched a three-dimensional cloud native end to end security architecture upgrade. He will be addressing security issues at three levels:

• The bottom is security infrastructure, supporting a full range of network security isolation control and full-link data encryption, providing linkage Ali cloud master account and K8s RBAC permissions system that supports fine-grained permissions and auditing capabilities;
• The middle is the security software supply chain that supports scanning mirror, disk BYOK encryption capabilities to create a complete DevSecOps.
  
• The top layer is a runtime security, provides the ability to scan security, multi-tenant management, KMS support run-time; then we look focus on security software supply chain and container security sandbox.

 
Frequent adjustments of business and business processes online security put forward higher requirements, the safety front, good safety from the source to eliminate hidden dangers. Cloud-based security software supply chain of native container mirroring services, security can be built into the development process of the whole process, making sure that is on-line security. There are three advantages:

• The first provides a container to run a scan, Ali cloud in the Security Center, you can view the threat of a one-stop monitoring and operation of container and non-container block of time. Achieve static to dynamic lifecycle management.
• The second provides a complete software delivery chain, the whole delivery chain link can be observed, traceable, can be independently set, intelligent optimization to enhance the efficiency of delivery. After the vulnerability identification, blocks the release. Blocking can be done choreography.
• The third global distribution capabilities, distributed to different back-end, mirroring the global synchronization efficiency gains seven times.

We want to create a new generation of DevSecOps secure development processes, so cut risks in the bud, lodged in the invisible threat.

Open source or third-party untrusted application if you deploy a cluster in the K8s, consider a look at our security sandbox vessel function. Compared to conventional Pod, security sandbox container having separate cores, to ensure safe isolation. As we all know, security, compatibility, and performance is a triangle, but would be more difficult to achieve.

And after a lot of our performance optimization, performance, safety box container of sand, already close to 90% of the native runC performance. In addition, it is worth mentioning that you can deploy and common security sandbox Pod Pod on a cloud server, so the ability to mix part. Users can choose to do business according to their own characteristics. In observability, we provide the ability to complete the log monitoring under enhanced security sandbox scene.
 

Expand the boundaries of cloud computing

We return to the second question, how to solve the problem under the unified management of cloud cloud. Next, I will introduce the container services ACK borderless cloud computing solutions.

When many companies in the cloud strategy thinking, for reasons of data sovereignty and security compliance, will be part of the business resiliency migrate to the cloud. When such as microblogging and B stand some popular activities, the application will be resilient to the cloud from IDC, deal with unexpected traffic. Some banks and governments in the disaster recovery center set up to consider when selecting a cloud Ali cloud as a low-cost disaster recovery or live program. Hybrid Cloud has become the new norm cloud on enterprise. But the challenge is to bring hybrid cloud: the cloud infrastructure capacity is inconsistent and under the cloud, security management is not unified, how unified management application?

The ACK container service launched application-centric hybrid cloud architecture 2.0,
 
on the nanotubes capability, you can easily install an agent on the user's K8s IDC cluster, is a key container services on the cloud nanotubes. If you do not manage to IDC K8s cluster, you can also choose our ACK agile version. After all cluster registered. It can provide a unified ACK cluster by federal application deployment capabilities, security, governance and observation capabilities.

Also, if you want to configure load balancing and traffic and distribution strategies of different clusters, grid service container service capabilities through the unified management.

Through the cloud native hybrid cloud management capabilities using the container services, there may be advantages in three areas:

• First: You can achieve a unified cluster management, unified security management, application management and observability. And elastic stretch across the cloud
• Second: by Ali cloud cloud enterprise networks, multiple local and VPC IDC network of a ring network, to achieve full network connectivity, global nearest access, ensure high-speed low-latency
• Third: through intelligent traffic management, optimization services access policies in different regions, improve business continuity

If you want to try cloud native hybrid cloud, but has not yet started to move on the cloud, we offer a package of cloud-native moved to smooth cloud tools to simplify your relocation costs. He can simplify the process in three ways relocation, including application image, application configuration, and the application state data. We offer the ability Packer, your OS image can be packaged into ECS custom image. By Docker Mirror migration tool will automatically migrate to the container mirrored Ali cloud mirrored container warehouse. By velero tool, your application configuration K8s seamlessly migrate to the cloud Ali ACK. DTS to help you through seamless synchronization database.

With the advent of the age and 5G things, by a conventional + cloud data for centralized storage mode can not satisfy the calculated terminal device for aging, capacity, power requirements calculated. The ability of cloud computing to the edge of the sink side, the device side, and delivered by a unified center, operation and maintenance, management and control, will be an important development trend of cloud computing.

For this purpose vessel service officially launched ACK @ Edge, supports unified management and cloud edge nodes, support for a unified application delivery, to enhance distribution efficiency three times. Edge-based application deployment, network latency can be reduced by 75%. Given the nature of the edge, it provides additional isolation and disconnection unit autonomy. Similarly, if you want to deploy an untrusted party applications on the edge, we also provide a safe container capacity sandbox ACK @ Edge.

Next comes under Youku is based on how ACK @ Edge to complete his architecture evolution. We all know that Youku can play vast amounts of video. With the development of Youku business, he needs the support of hundreds of cities. This time Youku need to consider the original centralized architecture within the IDC, the evolution to EDGE Architecture.

This time the need to consider a way to unify the management of Ali cloud region and dozens of thousands of edge nodes. Youku chose ACK @ Edge, unified management of nodes and edges of the ECS and unify application delivery and elastic scaling capacity. Receiving dynamic scaling capability, the machine cost savings of 50%. After the introduction of new architecture, the original play video link from the public network has become the backbone to the edge node and then to the terminal, to optimize network latency by 75%.

Server-based infrastructure

We return to the third question, how to manage K8s massive cluster nodes to upgrade and operation and maintenance. We hope that through serverless of programs to help businesses reduce operating costs.

2018, container services Serverless k8s released version 1.0, users do not need to completely manage his K8s worker nodes, which do not concern the environment configuration node, server management, maintenance, upgrades and other sectors to address the Kubernetes operation and maintenance problems at their source. The developer productivity is maximized without capacity management, without fear of security risks.

Today officially launched Ali cloud container services Serverless Kuberentes 2.0 upgrade, while the end of the open beta start commercial. Serverless Kuberentes 2.0 K8s enhance the compatibility, security, and extreme flexibility. Support multi-compatibility namespace, RBAC security model, and other support Istio and Knative framework is compatible with the industry's best Serverless Kubernetes services; support GPU instances on the elastic capacity, 500 pod start less than 50s.

Currently Serverless Kuberentes widely used in the Job tasks, elasticity and other online scenarios to help users easily embrace the "application-centric" cloud-native architecture.

We did not stop at Kubernetes itself, we are still on the Serverless Kubernetes based Knative constructed a Serverless Framework package. Serverless Framework can be simplified event handling code to build, service deployment, and seamless integration of various event sources Ali cloud comprising event source message service, service services. And observable capabilities. It enables businesses to build their own Serverless all kinds of products, whether it is application-oriented, container or function. We hope everyone can help build the next generation of non-service application.

Remain open container application publishing market

Finally, in the cloud native maturing years, we hope to win-win cooperation to build an open cloud native ecology.

Container Service actively involved and giving back to the native community cloud, in moby / kubernetes and other open source community contributed project leader. Now is a platinum member CNCF native cloud computing foundation, Li Xiang has become the only Chinese member of the CNCF Technical Oversight Committee. OCI open container Alliance members, council members CNIA cloud original production cartel. Ali cloud service has become Kubernetes container product conformance certification and certification service providers.

In addition to the open source and cloud-native community, we are committed to seeking to build a global partner ecosystem. In 2019, our global ecosystem partners the addition of some new faces. SAP Cloud Platform based on open source projects Gardener, it has supported container services ACK, to provide enterprises with large-scale hybrid cloud cluster management capabilities.

With container services running on the artificial intelligence applications more and more popular, service providers of artificial intelligence from the UK Seldon provides native cloud model AI reasoning services. Click2Cloud from India, they support ACK latest Cloubbrain, provides a complete solution for migrating applications to the cloud original birth for enterprise customers. Complete Hybrid Cloud platform container manufacturers from Europe and Istio BanzaiCloud set of products, their pipeline products already support ACK, so that customers can create and manage different container cluster cloud vendors from the perspective of cost optimization.

In addition to cooperation, a category in this year of our new on-line application cloud Ali container market, hoping to link the native enterprise and cloud innovation. For cloud native developers, you can easily find through Ali cloud certified standard containers eco-products, including open source free, container product commercialization charges, quickly use on the cluster to meet your business in a multi-scene demand. For our cooperation ISV, you can use a standardized transaction processes and customer is rich in resources, reduce pre-sales, trading, delivery, sale, and so the complexity of the process.

 

Next, I will introduce a grand Ali cloud will stay application container market partners:

1. Intel the world's largest personal computer CPU and parts manufacturers. Intel Clear Linux base image that will be optimized based on Aliyun Linux 2 made application software, in the form of follow-up will mirror the output of container container application cloud Ali cloud market to help customers more containers more secure, lightweight, efficient operation of the vessel.
2. Aozhe Network Technology Co., Ltd., is a leading process management systems (BPM) vendor, follow Aozhe BPM Product Management - Cloud pivot will be commercially sold in the container market applications, to help enterprises through business, manage online digital operations.
3. Fortinet is the industry leader in network security and malware protection company, to provide the best security for the business communications, high-performance, low-cost security solutions. Fortinet will provide follow-up container container application security suite market, providing a complete runtime container for container security solutions for enterprise customers.

A new foundation, new operator force, nascent

Finally, we take a look back at The Container Service 2.0 ACK native cloud evolution and vision: Let us work together to build a new foundation of the original cloud era of life, a new operator force, nascent.

In terms of the cornerstone of the new container service to become a full scene of cloud-native technology facilities, provide full link security architecture to support global deployment, single-node cluster support Wan scale. Container service provides end edge of the cloud and hybrid cloud integration solutions 2.0 architecture, helping to reduce latency edge 75, to enhance the efficiency of delivery 3 times.

New operator in terms of force, speed container services ACK 2.0 resilient support, one thousand nodes minutes telescopic stage; heterogeneous support operator force to realize enhanced by 5-fold to enhance the utilization scheduling; sandbox security container support, strong isolation, 90% of native performance.

In the new ecological, container services hope to work native cloud developers and cloud-native partners to create a native cloud the future. Thank you, thank all walks of life and we ride. Turning point has been to, let us together through native cloud to lead the digital transformation.

"Alibaba Cloud native micro-channel public number (ID: Alicloudnative) focus on micro service, Serverless, container, Service Mesh and other technical fields, focusing popular technology trends in cloud native, cloud native large-scale landing practice, do most understand cloud native developers technology public number. "