brief introduction ： so to speak , With Kubernetes Container technology is becoming a new interface of cloud computing . Containers provide application distribution and delivery standards , Decouple the application from the underlying running environment .Kubernetes As a standard for resource scheduling and scheduling , Shielding infrastructure differences , Help applications run smoothly on different infrastructures .CNCF Kubernetes Conformance authentication of , Further ensure that different cloud vendors Kubernetes Implementation compatibility , This also makes more enterprises willing to adopt container technology to build the application infrastructure in the cloud era .
source | Alibaba cloud official account
author | Zhimin 、 Zhiqing
2020 year double 11, Ali's core system has realized comprehensive cloud proto biochemistry , Carrying the largest flood peak in history , To the industry to convey “ Cloud primitives are landing on a large scale ” The signal of . There's a lot of Ali here " The first cloud native ”, One of the key points is 80% The core business is deployed in the Alibaba cloud container ACK On , Can be found in 1 Expand millions of containers in hours .
so to speak , With Kubernetes Container technology is becoming a new interface of cloud computing . Containers provide application distribution and delivery standards , Decouple the application from the underlying running environment .Kubernetes As a standard for resource scheduling and scheduling , Shielding infrastructure differences , Help applications run smoothly on different infrastructures .CNCF Kubernetes Conformance authentication of , Further ensure that different cloud vendors Kubernetes Implementation compatibility , This also makes more enterprises willing to adopt container technology to build the application infrastructure in the cloud era .
The rise of new interfaces for cloud native containers
As the de facto standard of container arrangement ,Kubernetes Support IaaS Layers of different types of calculations 、 Storage 、 Network and other capabilities , Whether it's CPU、GPU、FPGA Still professional ASIC chip , Can be unified scheduling 、 Efficient use of heterogeneous computing power resources , At the same time, it perfectly supports various open source frameworks 、 Language and various types of applications .
With Kubernetes The fact that it becomes a new operating system , Cloud native container based technology , Has become a new interface for Cloud Computing .
- Cloud native container interface features
The cloud native container interface has three typical features ：
- Encapsulating infrastructure down , Shield the differences in the underlying architecture .
- Expanding new boundaries of Cloud Computing , Cloud edge integrated management .
- Support multiple workloads and distributed architectures upward .
1） Encapsulating infrastructure down , Shielding the underlying differences
- Unify skill stack, reduce manpower cost ：Kubernetes Can be in IDC、 Cloud 、 Unified deployment and delivery of different scenarios such as the edge , Promoted through cloud native DevOps The use of culture and toolset effectively improves the speed of technical iteration , So the overall cost of labor can be reduced .
- Unified technology stack improves resource utilization ： A variety of computing loads are in Kubernetes Cluster unified scheduling , It can effectively improve the utilization rate of resources .Gartner forecast “ future 3 year ,70% Of AI Tasks run in containers and Serverless On ” , and AI Model training and big data computing workload need more Kubernetes Provides lower scheduling latency 、 More concurrent scheduling throughput and higher utilization of heterogeneous resources .
- Accelerate the cloud origin of data services ： Because of the huge flexibility and cost advantage of computing storage separation , The cloud origin of data services has gradually become a trend . Container and Serverless Flexibility can simplify capacity planning for computing tasks . Combined with distributed cache acceleration （ such as Alluxio Or alicloud Jindofs） And scheduling optimization , It can also greatly improve the data computing class and AI The computational efficiency of the task .
- The security capability has been further enhanced ： With the development of digital economy , The data assets of the enterprise become new “ oil ”, A lot of data needs to be exchanged in the cloud 、 Handle . How to protect data security 、 privacy 、 Trustworthiness has become the biggest challenge in the cloud for enterprises . We need to use technology , Building a digital trust foundation , Protection data , Help enterprises to create trustworthy business partnerships , Drive business growth . For example, based on Intel SGX Such as encryption computing technology , Alibaba cloud provides a trusted execution environment for cloud customers . however , The threshold of trusted application development and use is very high , Users are required to refactor existing applications , Deal with a lot of underlying technical details , It's very difficult to get this technology to ground .
2） Expanding new boundaries of Cloud Computing , Cloud edge integrated management
With the increasing scene and demand of edge computing ,“ Cloud side collaboration ”、“ The edge of the original cloud ” Is gradually becoming a new technology focus .Kubernetes With powerful container choreography 、 Resource scheduling capability , Can satisfy the edge /IoT Scene , For low power consumption 、 Heterogeneous resource adaptation 、 Cloud edge network collaboration and other aspects of unique needs . In order to promote the collaborative development of cloud native and edge computing , Alibaba in 2020 year 5 Open source edge computing cloud native project was officially launched in January OpenYurt, Push “ Cloud edge integration ” Concept landing , Through the original Kubernetes To support the demand of edge computing scenario by extending , Its main characteristics are ：
- “ zero ” Intruded edge cloud native solution ： Provide complete Kubernetes Compatibility , Supports all native workloads and extension technologies （Operator/CNI/CSI etc. ）; It's easy to implement native Kubernetes One click cluster conversion to OpenYurt colony .
- Node autonomy ： With edge node autonomy in cloud edge weak network or disconnected network environment 、 Self healing power , Ensure business continuity .
- Deliver massive applications to the edge , Can provide efficient 、 Security 、 Controllable application release and management .
2019 year KubeCon Alibaba cloud launched the edge container service ACK@Edge,OpenYurt It's the core framework . Just one year ,ACK@Edge It has been applied to live audio and video 、 Cloud games 、 Industrial Internet 、 Transportation and logistics 、 City brain and other scenes , And serve HEMA 、 youku 、 Alivideo cloud and many Internet 、 New retail business . meanwhile , As ACK@Edge Open source version of OpenYurt, Has become a CNCF The sandbox project of , Push Kubernetes Upstream communities take into account the needs of edge computing , Welcome to build together by developers , Welcome the new era of intelligent alliance of all things .
3） Support multiple workloads and distributed architectures upward
The enterprise is in IT In the tide of transformation, the demand for digitalization and intellectualization is becoming stronger and stronger , The most prominent demand is how to quickly 、 Accurately mining new business opportunities and model innovation from massive business data , In order to better deal with the changeable 、 Business challenges of uncertainty .
Kubernetes It can support many open source mainstream frameworks to build microservices 、 database 、 Message middleware 、 big data 、AI、 Blockchain and other types of applications . Apply from stateless 、 To enterprise core applications 、 And then to digital intelligence applications , Both enterprises and developers can be based on Kubernetes Automatically deploy... Smoothly 、 Extending and managing containerized applications .
- How Alibaba understands cloud native container interface
Alibaba regards cloud nativity as an important technology trend in the future , For faster acceleration 、 Better collaboration , Developed a clear cloud native technology roadmap for the economy , The group's efforts should be made to promote cloud origin .
Under the guidance of cloud native container interface , Alibaba group is based on infrastructure 、 Operation and maintenance and its surrounding system as a starting point , Set off a wave of comprehensive cloud protobiochemistry , The system has been transformed into a new solution adapting to the cloud native architecture , The technical framework that drives the use within the group 、 Tools are replaced by standard products or cloud products that are acceptable to the cloud ; Further change the operation and maintenance ideas and working methods , Compatible with the new operation and maintenance mode . for example ：DevOps We need to change the operation and maintenance idea of traditional virtual machine era , The components of the container runtime should be changed to support Kubernetes Pod The new model under , In container log 、 Monitoring and other operation and maintenance components need to be changed 、 The operation and maintenance mode has changed accordingly .
In the calculation 、 The Internet 、 storage , User pass Kubernetes Unified management of , We can make full use of Alibaba cloud's IaaS Ability , Let each business have its own independent elastic network card and cloud disk , Services with different requirements for network and storage performance , It also has the ability to deploy on the same host , And ensure that they are isolated from each other without interference . Traditional non cloud physical machine models determine the type of business deployment , The problem of insufficient elasticity , And it's been solved very well . therefore , Users are improving resource utilization 、 While reducing costs , It also greatly improves the stability of the business .
In the node resource layer , Users can make the most of Kubernetes Base expansion capability of , Let node management realize cloud protobiochemistry ; At the architecture level , Through the node lifecycle controller 、 Self healing controller and component upgrade controller, etc , Node self-healing can be realized 、 The circulation 、 deliver 、 The complete closed loop of the node life cycle for environment component changes , Let the container layer completely block the perception of the underlying nodes , Completely changed the operation and maintenance management mode of the node . Based on the powerful cloud native node management mode , Alibaba will be the group before the relatively fragmented node resources integrated into one , The resource pool is formed from point to surface , Put the kernel 、 The environmental components 、 Model specifications and other unified standard integration , The unification of resource pool and unified scheduling form a huge flexibility , This is also used in cloud native node management 『 Book with wen , The car is on the same track , The degree is the same as the system , Do the same thing , The same territory 』, Let the node resources from the vassal pattern into a unified cloud native resource pool .
Emerging ecology and business , be based on ACK（ Alibaba cloud container service ） Provide cloud native soil , Such as Service Mesh、Serverless、Faas etc. , It also landed in the group very quickly , And it's booming .
In the application PaaS layer , The cloud native application delivery model has moved towards more thorough containerization , Make the most of it Kubernetes Automatic scheduling capability of , be based on OAM Trait To build a unified group of PaaS Operation and maintenance capacity , be based on GitOps The R & D model makes infrastructure and cloud resources code 、 A programmable .
Alibaba Group's evolution to cloud native container interface
In order to support the huge and complex business of Ali group , In ten years , Many technical engineers have taken a deep and shallow journey of containers . that , Within the Alibaba Group , How does the container interface evolve ？
In the past decade , Alibaba Group's container technology , I have experienced self-study LXC（Linux Container） Containers T4, To rich containers , Until then Kubernetes The evolution of cloud native lightweight container . Every transformation upgrade , It's all based on the business background of different periods , The technical iterations and self innovations that have been made .
The first stage ： be based on LXC The container of T4 Try
Trapped in virtual machines KVM The huge cost of , as well as KVM The complexity of choreography management , Ali group is in 2011 We launched a campaign against LXC and Linux Kernel The custom of , It's online internally based on LXC Of T4 Containers . But compared with the following Docker, T4 There are some technical deficiencies in containers , For example, there is no image extraction and application description .T4 Years after birth , Ali kept trying to be in T4 Build complex baseline definitions on top of , But there are many problems .
The second stage ： Introducing container mirroring mechanism AliDocker, Achieve mass distribution
2015 year , Ali introduced Docker The mirror mechanism of , take Docker and T4 The functions of the integration of each other , namely ： Give Way T4 Have Docker Mirror power , At the same time, let Docker With the T4 Friendly to internal operation and maintenance system , And on this basis, it forms internal products AliDocker.
In the process , Ali introduced P2P Mirror distribution mechanism , As the core application of e-commerce is gradually upgraded to AliDocker, Through the host's environment isolation and portability , Shielding the underlying environment differences , To cloud / Unified scheduling / Mixing part / The separation of storage and computing has laid the foundation for subsequent infrastructure changes , The advantages of mirror mechanism can be embodied . among , Hatched P2P Image distribution is 2018 year 10 Month join CNCF Of Dragonfly.
The third stage ： A container with full proprietary rights Pouch, Full containerization in Ali
With the large-scale development of container technology ,AliDocker The advantages of the transformation can be embodied , Ali has completely independent property rights Pouch Can be expanded and gradually replaced AliDocker. meanwhile , Ali group 100% Pouch The transformation has been advancing rapidly ,2016 year double 11 front , The whole network has been containerized .
Pouch The moral is a magical pouch , Provide intimate services for the applications inside . because Pouch Unifies the runtime of the group's online applications , Application developers don't need to pay attention to changes in the underlying infrastructure . The next few years , The underlying infrastructure is clouding 、 Mixing part 、 The Internet VPC turn 、 Storage diskless 、 Kernel upgrade 、 Scheduling system upgrade and other technical evolution , but Pouch The container runtime makes most of the underlying changes insensitive to the application , Shielding the impact on the upper application .Pouch It also takes the runtime from LXC Switch to the runC, And feed its core technology back to the open source community , At the same time, the group gradually reduces the stock of the past AliDocker Instances seamlessly switch to open source Pouch Realization .
The existence of rich container mode in the process , On the one hand, users and applications can switch to containerization seamlessly , On the other hand, various operation and maintenance of application dependence 、 monitor 、 Log collection and other operation and maintenance systems , Based on the rich container pattern can also follow the containerization smooth migration .
But rich containers also have many disadvantages . Because multiple processes can exist in a rich container , It also allows application development and operation and maintenance personnel to log in to the container , This is against the container's “ A single function ” principle , It's not conducive to the technological evolution of the immutable infrastructure . for example ：Serverless In the process of evolution , The agent processes scheduled to be inserted are actually application independent , Too many functions in a container are not conducive to the health check and elasticity of the container .
Containerization is the only way for cloud nativity . It is in this way that Ali group , Finish containerization quickly , It greatly accelerates the further evolution of cloud primitives . After full containerization , The trend of cloud origin is irresistible , More and more new ideas and application architectures are growing in the container ecosystem , Application packaging based on container and image 、 distribution 、 layout 、 The advantages of operation and maintenance are seen by more and more people 、 Accept and embrace , Various O & M systems have begun to adapt to the cloud native architecture .
The fourth stage ： The dispatching system is eclectic and ACK Evolution of
With Kubernetes As a representative of the container technology to become a new interface of Cloud Computing , Ali studied it himself Sigma And exploration continues Kubernetes The implementation practice of , And take advantage of the group's opportunity to go to the cloud in an all-round way , Finally, from Sigma Control to ACK The full migration of .
2018 year , Group scheduling system started from the internal customization of Sigma To ACK The gradual evolution of , Container lightweight has become an important evolutionary goal . Under the original wave of cloud , The operation and maintenance ecology within the group also evolves rapidly . The solution to lightweight containers is to use Kubernetes Of Pod To split the container , Peel off the independent O & M container , And transfer many application independent operation and maintenance processes to the operation and maintenance container one by one .
Sigma At the beginning of its birth, it was committed to integrating and unifying the numerous fragmented online resource pools of Alibaba group , On this basis , Continue to explore new forms of resource mix , Including in the offline mix 、 Off line hybrid 、Job Dispatch 、CPUShare、VPA And so on . By improving the overall resource utilization rate of Ali group data center , Bring huge cost savings . Based on full hosting, no operation and maintenance Sigma Master、 Public large resource pool 、 Application quota service , Provide Serverless Resource delivery and the best user experience .Sigma Scheduling has also accelerated T4 To Pouch The full containerization process of , Custom developed through application Dockerfile Standardized containers , And transparent infrastructure Sigma Scheduling engine , Business R & D has no need to care about the underlying operation and maintenance , Focus on the business itself .
from Sigma To ACK The upgrade , It's hope ACK Leading cloud product capabilities enable Alibaba Group , bring Sigma Can accelerate the ability to enjoy Cloud Computing , Including the unified management of heterogeneous resources 、 Security compliance for globalization, etc . But actually , transfer ACK The process is not plain sailing ：
First , Around the core control link , Ali's original scale and complex scene capability 、 How to migrate the existing large inventory containers to new platforms , And how the container interface can be compatible and affect the upgrading of the existing huge ecosystem , In fact, it will become a burden and disadvantage in the evolution . It is difficult to change the engine and solve the problem of stock transfer in high-speed flight , This resonates in the industry .
secondly , performance 、 Multi cluster operation and maintenance 、 Security defense 、 Stability and so on , It's all full migration ACK The challenge of . Around performance , Ali is based on native Kubernetes Did a lot of optimization and gave back to the community , Such as Cache Index、Watch Bookmark etc. , And built a whole set of Kubernetes Scale facilities , Including security defense components 、OpenKruise、 Multi cluster component publishing and other capabilities .
around “ Economic dispatch = ACK + Economic expansion ” General idea of , Alibaba group moved to ACK The accumulation in the process can precipitate to the cloud , Enrich product capabilities , Help customers form competitive power in the cloud . thus , Within Ali group 、 Alibaba cloud 、 The open source community has formed a very good technical force , Since the research 、 commercial 、 Open source , The Trinity integrates and complements each other .
Since the research 、 commercial 、 Open source , The Trinity integrates and complements each other
Technology and business are complementary , Business provides scenarios for technology and promotes technological progress ; Technological progress in turn drives the business better . Complex and rich scenes , Provides a natural fertile soil , Further promote the development of Ali technology . Ali group's technology has always been advanced . in the past , Middleware, which has always been very leading in the industry 、 Containers 、 Scheduling and other technologies , Ariedo was the first to apply to the business , And the ability will be precipitated to the cloud products and then delivered to customers , Help enterprises accelerate digital transformation , It produced a wide range of leader influence .
But in the new cloud era , How to maintain this influence under the cloud native standard , We see more challenges . The above brief history of the evolution of Ali container interface records how the front-line Ali engineers deal with these challenges . More abstractly , These benefits from the research of Alibaba cloud native technology system 、 commercial 、 Open source Trinity strategic decision .
- Alibaba cloud side challenges
Most of the users that Alibaba cloud faced in the past were universal users , And the appeal of Alibaba Group's internal scene is to solve large-scale 、 Ultra high performance and so on , Whether alicloud products can be well balanced and supported is a great challenge . Consider further , If we can well abstract the demands of mass users , Alibaba group is a very good one for Alibaba cloud “ Testing ground ”.
- Challenges within the group
The boat is so small that it turns around , And the boat is not so flexible . In the past, Alibaba Group's internal large-scale scene was unique in the industry , Now it's the burden of moving towards cloud nativity . The root of the problem is how to make Alibaba Group's technology quickly integrate and contribute cloud native standards , Instead of forming an island of Technology .
- Challenges and opportunities on the open source side
Challenges and opportunities on the open source side ： Alibaba cloud has continued to invest in the contribution of cloud native open source projects , Launched OpenKruise、 Jointly launched by Microsoft OAM、KubeVela And other open source projects , All of these come from Alibaba's precipitation in the cloud native field , And through feedback from users in the open source community , Improve the solution of alicloud native landing . With OpenKruise For example , The project is based on Kubernetes Of 、 General extension engine for large scale application scenarios , Its open source makes everyone Kubernetes Developers and users on Alibaba cloud can easily use the unified deployment and release capabilities of Alibaba's internal cloud native applications . When community users or external enterprises encounter Kubernetes Native workload Unsatisfied dilemma , There is no need to duplicate a set of similar “ wheel ”, You can choose to use OpenKruise The ability to mature . and , Ali group internal use of OpenKruise And open source community versions have 95% The above code is exactly the same . We want to be involved with everyone OpenKruise Cloud native enthusiasts of construction , Together, we have created this to be more perfect 、 Pervasive cloud native application load engine .
Evolution of cloud native operating systems
Now , In the cloud native application architecture interface layer , Ali group's technology system is fully oriented to cloud native technology 、 Cloud products .
The cloud native operating system provided by alicloud for customers , First of all, the infrastructure layer is powerful IaaS resources , The computing resources based on the third generation dragon architecture can be expanded more flexibly , Provide higher performance at a more optimized cost ; Cloud native distributed file system , Generated for container persistence of data ; Cloud native network accelerates application delivery capability , Provide application-oriented load balancing and container network infrastructure .
Second, at the container arrangement level , Alicloud container services from 2015 It's been online for years , With thousands of corporate customers , We have jointly practiced a large number of production level scenarios from all walks of life . More and more customers are building most or all of their applications in a cloud native way , As the business develops , In order to meet the needs of large and medium-sized enterprises on reliability 、 A strong demand for security , Alibaba cloud can offer new products for compensation SLA Container services enterprise version of ACK Pro, It also supports the landing of many products within the Alibaba group .
Container services ACK Pro edition , For Finance 、 The big Internet 、 The needs of government and enterprise customers , Support larger clusters , Higher performance and more comprehensive security protection .
First , Based on Dragon Architecture , Software and hardware integration optimization design , Delivering superior performance ：
- Nondestructive Terway Container network , Simplify the data link , Compared with the routing network, the network latency decreases 30%.
- Supports the world's first persistent memory instance , comparison NVMe,I/O Intensive applications TPS promote 100%.
secondly , Provides efficient scheduling for heterogeneous computing power and workload optimization ：
- intelligence CPU Scheduling optimization , Under guarantee SLA And density ,Web application QPS promote 30%.
- Support GPU Computing power sharing , AI The model predicts cost savings 50% above .
Last , Provide comprehensive safety protection for enterprises ：
- Support Alibaba cloud safe sandbox container , Meet the enterprise customer's Application Security 、 Isolate requirements , Performance is better than open source 30%.
- The first batch of certification of trusted cloud containers is advanced in China , Support runtime risk second blocking .
meanwhile , Alibaba cloud fully managed hosting service grid ASM Official commercialization , This is the industry's first full escrow Istio Compatible with service grid ASM. ASM Can achieve a variety of heterogeneous application services unified governance , Provides virtual machines on the cloud , Containers , Examples of flexible containers , and IDC Unified management of heterogeneous services such as applications , Provide full link observability and end-to-end security . Help you to accelerate the modernization of enterprise application , Easy to build a hybrid cloud IT framework .
Alibaba cloud container service has been the only one in China for two consecutive years Gartner《 Public cloud container service competition pattern 》 The report ; stay Forrester In the first enterprise level public cloud container platform report , Alicloud container service is on the list Strong Performer, China first .
The future of cloud computing is cloud native , The new container interface is a key small step in evolution . Down , The new interface of container brings high density 、 The ability requirement of high frequency will further accelerate the end-to-end optimization of cloud computing ; Up , Based on the new interface of container Serverless、 Next generation middleware 、 A new generation of applications PaaS be just unfolding .
Cloud native technology is becoming the shortest path to release cloud value , future , Alibaba will continue to invest in cloud native , And Alibaba's cloud native technology will not only be widely popularized internally , It also serves the whole society through alicloud .
Link to the original text
This article is the original content of Alibaba cloud , No reprint without permission .