Shulou(Shulou.com)06/02 Report--

On October 19th, 2018, the 10th China system Architects Conference (SACC2018) came to a successful conclusion. As one of the most prestigious architect events in China, SACC 2018 focuses on big data, storage, AI application, blockchain and other technology areas, aiming to promote global technology exchange and promote domestic technology upgrading.

This conference brings together a large number of domestic front-line experts, and the technology sharing they bring is really beneficial. At the container technology special session on the morning of the 19th, Alibaba technical expert Sun Hongliang, Yixin Container Cloud architect Chen Xiaoyu, Tencent Senior engineer Chen Chun, and NetEase Research Institute Chief architect of Cloud Computing Technology Department Liu Chao gave keynote speeches in turn.

Practice of Image Distribution and Storage Optimization in large-scale Cloud Native scenarios

With the large-scale application of containers in enterprises, image download during the peak period of business release has become a bottleneck point in the efficiency of business release. Sun Hongliang, a technical expert from Alibaba, said, "there are three points to solve the problem of image distribution in cloud native scenarios, namely, image distribution efficiency, image distribution flow control and image distribution security."

Sun Hongliang, technical expert of ▲ Alibaba

In the early stage of Alibaba Group's containerization business, in order to improve the efficiency of business release, it launched a P2P image distribution tool, which can greatly improve the efficiency of image distribution. Because the IO bandwidth of a single host disk is fixed, if the traffic is large and updates are frequent, even if the P2P image distribution tool is used, it can not really solve the problem of business image distribution efficiency.

If the image storage of the container is also distributed, you only need to mount the image storage block to the host when downloading the image. Image distributed storage completely eliminates the image download process, which can not only greatly improve the efficiency of image distribution, but also greatly alleviate the host disk IO, which is Alibaba Group's image remote practice.

Looking forward to the future separation of computing and storage, Alibaba technical expert Sun Hongliang said that he hopes that the resource utilization under the weakening, centralization and large-scale of local storage will be gradually improved.

The practice of Kubernetes landing in Yixin

Container technology has been used in Yixin's production environment for more than two years, evolving from naked Docker to Kubernetes. Chen Xiaoyu, Cloud architect of Yixin Container, mainly introduced Docker and Kubernetes related technologies, and explained the Kubernetes network and storage architecture in detail.

Chen Xiaoyu, Cloud architect of ▲ Trust Container

With regard to the practical experience of Kubernetes landing in Yixin, how to migrate traditional applications to containers and specific optimization strategies. Chen Xiaoyu said, "there are several main points for Kubernetes deployment optimization, such as Etcd SSD acceleration and scheduled backup, separate partition of Docker data disks, removal of systemd associations, removal of useless scheduling filters, turning off ServiceAccountToken, kernel worry, and limiting the storage size of containers and the maximum number of processes."

Tencent GaiaStack Container products Private Cloud scenario practice

GaiaStack is an enterprise-class container cloud platform built by Tencent based on kubernetes, and exports solutions to external enterprises through Tencent Cloud. It has successfully landed in finance, games, government affairs, Internet and other industries. In private cloud scenarios, Kubernetes may not be suitable for business scenarios.

As a data center operating system, GaiaStack can schedule massive computing resources such as CPU or GPU, run all computing frameworks, monitor the results of task execution, make all resources in the data center be used reasonably, and collaborate to complete the computing of various application scenarios.

Chen Chun, senior engineer of ▲ Tencent

"in terms of application management, for example, Kubernetes provides deployment, statefulset, job and other application types to perform their respective functions, running micro services, stateful services and offline jobs respectively, but they always encounter a variety of problems after actual use," Chen said. "

For example, when downsizing, deployment cannot support the specified strategy, statefulset can only be upgraded according to the label order, and one statefulset cannot have more than two mirror versions at the same time, and the implementation of Spark on Kubernetes does not even run with job. Not to mention the Kubernetes network, who hasn't tinkered with the Kubernetes network architecture that suits his business?

However, Kubernetes provides a large number of extension interfaces, such as scheduler extender, CRD, device plugin, CNI, CRI and so on, through which rich extension functions can be provided. This sharing will provide an in-depth description of how Tencent GaiaStack Container Cloud uses the extended API of Kubernetes to create a container cloud product that adapts to private cloud scenarios.

Practice of Integration and decoupling of Service Mesh and Container platform

As the de facto standard of container platform, Kubernetes can basically cover most scenarios of micro services, such as load balancing, API gateway, auto scaling, service discovery, configuration center, etc., but it is weak in terms of service governance, so Service Mesh technology represented by ISTIO appears.

Liu Chao, Chief architect, Cloud Computing Technology Department, NetEase Research Institute, ▲

However, at present, the binding of ISTIO and Kubernetes is relatively tight, but not all applications are deployed in containers, so the micro-service platform needs to be decoupled from the container platform, and the decoupled micro-service platform also needs to be able to interact with the container platform.

▲ NetEase micro-service framework

Micro-service architecture can achieve service registry, service invocation mode, service gateway, circuit breaker, distributed configuration, service tracking and batch tasks. Liu Chao said, "NetEase micro-service framework has done it, and it is found that it is easy to fix, but governance is difficult to be done; it is found that it is not easy to replace, and governance is easy to replace; decouple container platform and micro-services; decouple service discovery and service governance."

▲ NetEase Cloud Container Service Architecture

At the meeting, Liu Chao also summarized the advantages and disadvantages of various micro-service frameworks, and said that the container management platform itself is also a micro-service. All multi-tenant containers request ingress traffic, which can be interfaced with multiple tasks: OpenStack,Kubernetes, all PaaS, continuous integration, image repository, billing, user, authentication, etc.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.