By Tang Zhimin, director of research and development at Alibaba Cloud Container Service.
Relive the best moments of the Apsara Conference 2019 at https://www.alibabacloud.com/apsara-conference-2019.
Kubernetes, in short, both functions as a major operating system on the cloud and is also an extremely important infrastructure when it comes to everything cloud native. Alibaba Cloud has been an important player in bringing Kubernetes to customers in China, providing the most popular containerization service in China.
Director of research and development at Alibaba Cloud's Container Service, Tang Zhimin (pictured above), in his keynote speech during this year's Apsara Conference, reiterated this point. "Alibaba Cloud Container Service is easily China's largest container cluster among public cloud service providers. And, according to the rankings put out by several major international evaluation agencies, the service has occupied the largest market share of any service of its kind in the Chinese market, with its performance and capabilities consistently ranking as number one."
The latest release of Alibaba Cloud Container Service for Kubernetes (ACK), version 2.0, makes for a major upgrade in terms of capacity, performance, and elasticity, and should make Kubernetes even more accessible to even more customers and businesses alike. In this new version, each cluster can contain up to 10,000 nodes, retain up to 90% of the performance of native sandboxed containers, and scale to 1,000 nodes in a few minutes.
So far, Alibaba Cloud Container Service has been deployed in 20 regions around the globe. Moreover, Alibaba Cloud has also launched the cloud-native hybrid cloud 2.0 architecture and ACK@Edge to provide secure, intelligent, and cloud computing services.
In the early days, most of the applications running in Kubernetes were stateless. However, nowadays, an increasing number of enterprises are migrating their core business systems, data intelligence workloads, and innovation-related workloads to Kubernetes. Currently, at Alibaba, cloud services like Enterprise Distributed Application Service (EDAS), Microservice Engine (MSE), Dataphin, and Data Lake Analytics are all deployed on Alibaba Cloud's Container Service for Kubernetes.
Alibaba Cloud's Realtime Compute has launched a cloud native-based version of Apache Flink that allows users to deploy Flink on their Kubernetes clusters. This change in many ways can also help to streamline the workflows of several enterprises with online businesses and stream computing services being able to be deployed on the same Kubernetes cluster. As such, these enterprises can reduce related operation and maintenance costs while also taking advantage of the elasticity brought by the Kubernetes cloud-native infrastructure.
Again, this is the power of this all-new upgrade. And this also shows how Kubernetes and cloud native is changing the cloud computing landscape of today. Kubernetes can help many enterprises turn multiple platforms into one single, unified platform, making cloud that much more agile, elastic, accessible and flexible.
But, you may ask, then why is this particular time a defining moment for cloud native? Well, consider these points noted in the biennial statement issued by the Cloud Native Computing Foundation (CNCF) from back in August:
So, as you can see from current trends, cloud native and Kubernetes is clearly on the horizon and is clearly part of the future landscape of cloud computing.
Now let's look back at the development of Alibaba Cloud's own Container Service. In 2011, Alibaba Cloud became the first cloud service provider in China to offer container technologies. And at the end of 2015, Container became available for public beta testing. Then, over the past four years, Container Service eventually became fully serviceable in 20 regions around the world, including Asia Pacific, North America, and Europe.
So far, this service has served tens of thousands of customers and enterprises alike, being in several different industries, including the Internet, finance, public service, and manufacturing industries. Container Service occupies the largest market share of any service of its kind in the China. In fact, Alibaba Cloud Container Service has witnessed a growth of more than 400% for three consecutive years. And, as of August this year, the number of image downloads monthly has exceeded 300 million. Container Service has slowly become the first choice for enterprises deploying cloud-native applications.
Alibaba Cloud's Container Service has received approval from some of the most influential research and advisory agencies. Alibaba Cloud was also the only cloud vendor in China to be listed in a report on the public cloud container services released by Gartner in June, 2019. According to the container report issued by Forrester in July 2019, Alibaba Cloud is one of the strongest competitors among cloud service providers in the global market and it ranks first in the Chinese market for having both the largest market share and boast some of the best performance.
An increasing number of enterprises, both in China and abroad, are benefiting from the advantages and capabilities of cloud-native technologies. Sanweijia, a home furnishing design company based in Guangdong, used Alibaba Cloud's Container Service to achieve a quick and seamless cloud migration process. China-based Minsheng Bank, also a customer of Alibaba Cloud, optimized its architecture for core applications based on Kubernetes to accelerate its business iterations. Major Microblogging platform, Weibo used Kubernetes to manage heterogeneous resources, accelerate AI-powered computing operations, and enhance application data intelligence. While Siemens deployed its open IoT operating system, named MindSphere, they nevertheless also went for a multi-cloud strategy and chose Alibaba Cloud's Container Service for Kubernetes as a platform for connect all of the different underlying infrastructure together.
Sanweijia (三维家, literally "3D home") is a home furnishing design company located in Guangdong, China. The company, as their name implies, provide 3D panoramic view technology that allows the customer to see the full effect of the interior designs they offer. In many ways, they are leading a new evolution of home furnishing and interior design in the Internet age. Sanweijia used to use on-premises datacenters. The O&M team had to do all the work, which was a time-consuming effort. The team was weighed down with workloads and could barely keep up with the growing demands for computing capabilities.
In 2018, Sanweijia migrated a part of their workloads to the cloud, and started balancing the load of their home furnishing visualization rendering computing operations between Alibaba Cloud's Container Service for Kubernetes and about 1,000 ECS Bare Metal instances. Sanweijia used containerization technologies to quickly migrate their workloads to the cloud in batches, which allowed them to complete the migration process in only three days flat. If they used traditional migration methods, the time needed for their resource scaling efforts could have easily multiplied. The auto scaling feature of Container Service can start 100 Bare Metal ECS instances in three minutes to handle workload bursts. In addition, with the canary release feature of Kubernetes, rendering technologies and services can be iterated based on customer levels and billing methods.
Weibo is a social media giant in China, similar to Twitter, with several major influencers in China posting regularly on the platform. As of now, Weibo has more than 200 million daily active users. To deliver tailored content to users with vastly different interests, Weibo used algorithms powered by machine learning. Alibaba Cloud's Machine Learning Platform for AI can apply real-time computing and online learning capabilities to many different scenarios.
The entire online learning pipeline that Weibo deployed was both long and complex, having sky-high requirements on the validity and stability of both offline and online services. Weibo adopted Alibaba Cloud's all-on-Kubernetes solution to maximize the benefits of offline-online hybrid deployment, improve the efficiency and stability of service operation management, and allow them to be able to dynamically scale resources.
When it comes to applying Kubernetes on a large scale, there are many challenges to overcome. For example, how can one ensure the security and compliance of Kubernetes and its applications? How can one manage online and offline Kubernetes clusters in a unified manner? And how can one make full use of the top and underlying Kubernetes ecosystems? Well, in this latest upgrade to the service, Alibaba Cloud's Container Service team has worked hard to make sure that any and all customers can easily handle these issues.
To handle these issues, the Alibaba Cloud Container Service team has introduced a fleet of several powerful features. These features were developed based on several years of working in enterprise-level production environments and can assist users and enterprises alike to apply Kubernetes to their businesses with ease.
First, let's discuss security and see how you can guarantee end-to-end security in the cloud-native era.
Compared with traditional security solutions, what are the new challenges for Container Service in the cloud-native era?
To handle these security risks, Container Service has implemented an end-to-end upgrade to enhance the security of the native-cloud architecture in the three following ways:
Now that we have discussed these security features, let's focus on secure application supply chains and sandboxed-containers.
With the quick iteration rates of applications and new applications continuously being launched, at Alibaba we have higher standards for the security of the entire application development procedure. We understand the importance of predicting potential security risks and eliminate them at the beginning of the development lifecycle. The cloud-native secure software supply chain developed based on Alibaba Cloud's Container Registry enables you to secure the entire application development lifecycle and guarantee the security of application releases. The secure software supply chain has the following benefits:
With the DevSecOps solution, we also aim to eliminate potential risks at the beginning of the entire application development lifecycle.
If you have an open-source or untrusted third-party application deployed in a Kubernetes cluster, you can use our sandboxed-Container Service. Unlike normal pods, each sandboxed-container has a kernel for security isolation. This is a step to ensure that you achieve security, compatibility, and performance at the same time-something not easy to do by yourself.
Sandboxed-containers have been thoroughly optimized by Alibaba Cloud, with a performance close to 90% of that provided by a native runC. You can deploy normal pods and sandboxed-pods on the same cloud server to achieve hybrid deployment. This allows you to choose between these two types of pods as needed. We also provide features such as logging to enhance the performance of sandboxed-containers.
Let's go back to the second question now: how can you manage on-premises Kubernetes clusters and cloud-based Kubernetes clusters at the same time. Well, our ACK provides a cloud computing solution without borders to resolve this issue.
Considering the ownership and security compliance requirements of data, many companies will migrate only some of their workloads to the cloud. For example, when there are large online activities on Weibo and Bilibili, the applications will be migrated from on-premises data centers to the cloud to cope with traffic spikes. Some bank and government institutions have also chosen Alibaba Cloud given its cost-effective solutions for cloud-based disaster recovery and active geo-redundancy. Hybrid deployment has become a common choice for enterprises to migrate their workloads to the cloud. However, the adoption of hybrid cloud brings to mind a new challenge: There is a huge margin in terms of capabilities and security requirements between on-premises and cloud-based infrastructures. And so we arrive at the question: how can you manage both of them effectively at the same time?
To address this issue, Alibaba Cloud's Container Service for Kubernetes has provided the application-centric hybrid cloud 2.0 architecture.
With this all-new architecture, you can install an agent on a Kubernetes cluster running in an on-premises data center to enable Container Service to manage the cluster on the cloud. Of course, in the case that you do not want to use Container Service to manage on-premises Kubernetes clusters, you can alternatively choose to use the Agility Edition of Container Service. With this Edition, after all your clusters have been registered, you can use the federation feature of Alibaba Cloud's Container Service for Kubernetes to implement unified application deployment, security governance, and monitoring.
If you want to customize your load balancing, network traffic distribution, and application release policy configurations for your Kubernetes clusters, you can use the grid feature of Alibaba Cloud Container Service.
The cloud-native hybrid cloud architecture provided by Container Service also has the following advantages:
If you want to use our cloud-native hybrid cloud but have not migrated your workloads to the cloud, at Alibaba we can offer you a set of cloud-native migration tools to ensure smooth migration and reduce the migration costs. These migration tools simplify your migration work in three ways: application images, application configurations, and application status and data. You can use Packer to create custom ECS images from your OS images. With the Docker image migration tool, container images can be automatically migrated to container image repositories on Alibaba Cloud. With the help of Velero, your Kubernetes application configurations can be seamlessly migrated to Alibaba Cloud Container Service for Kubernetes. In addition, Data Transmission Service (DTS) can help you transfer data seamlessly.
With the advancement of 5G and IoT technologies, using traditional cloud and on-premises data centers for centralized storage and computing can no longer meet current demands for validity, capacity, and computing power. Cloud-native technologies, however, can meet these demands, and deliver cloud computing capabilities to user clients and edges, and implement unified release, O&M, and management from a governance center. This is next step in the evolution of cloud computing.
To achieve all of this, Container Service launched ACK@Edge to support the unified management of clouds and edges. This product also supports unified application releases, which can help improve the release efficiency by up to 300%. Moreover, edge deployment can efficiently shorten network latency by 75%. ACK@Edge supports unitized isolation and automatic reconnection. It also provides sandboxed-containers for you to deploy untrusted third-party applications on edges.
Now let's learn how Youku completed its architecture evolution based on ACK@Edge. Youku is one of biggest online video hubs in China. As Youku expanded its businesses to hundreds of cities, the centralized architecture in its original on-premises data center could no longer keep pace with the fast growth of its business. Youku needed to upgrade its centralized architecture to an edge architecture to be able to cope.
Youku needed to find a new approach to manage on-premises data centers deployed in tens of Alibaba Cloud regions and near 1,000 edge nodes. Youku chose ACK@Edge to centrally manage ECS instances and edge nodes, release applications, and perform auto scaling. Elastic scaling has reduced the server costs by 50%. Moreover, after the new architecture was adopted, the video playback chain was removed from the public network. A new chain from the backbone network, through edge nodes, and to clients was created. This reduced network delay by 75%.
Now let's go back to the third question: how can you manage work of upgrading and maintaining large amounts of nodes in Kubernetes clusters. At Alibaba Cloud, we think that the serverless architecture can be used to resolve this issue and help enterprise reduce operations and maintenance costs.
In 2018, Container Service released Serverless Kubernetes version 1.0. Users no longer needed to manage Kubernetes workers. Nor did they need to focus on the environment configuration of nodes, server management, maintenance, or upgrades. This change meant that customers could drastically simplify the operations and maintenance of Kubernetes clusters, while also improving their overall application development efficiency. In this way, no capacity management is required and no security risk is involved in the process either.
Today, Alibaba Cloud's Container Service has already launched Serverless Kubernetes version 2.0, which means that the public preview of Container Service is already over with and the service is now a paid service. Serverless Kubernetes 2.0 provide major upgrades in terms of the compatibility, security, and elasticity of Kubernetes. In terms of security, solutions such as multi-namespace, role-based access control security models, and frameworks such as Istio and Knative are supported. Serverless Kubernetes 2.0 can be defined as being a serverless architecture that can provide the best compatibilities that you can achieve with a Kubernetes deployment in the industry. And, in terms of elasticity, Serverless Kubernetes 2.0 supports GPU instances and can start 500 pods within less than 50 seconds.
Currently, Serverless Kubernetes is widely used in several different scenarios across a variety of industries, such as job management and online scalability to help users embrace the application-centric nature of the cloud-native architecture.
What's more? We have built a Serverless Framework based on Serverless Kubernetes. This Serverless Framework simplifies the work of handling events, compiling code, and deploying services. It also seamlessly integrates with other Alibaba Cloud application services, such as Message Service and Log Service, and provides improved observability. Enterprises can build their own serverless products for a variety of workflows including application, container, and function development. All of this aims to help enterprises build the next-generation serverless applications.
As cloud-native architecture continues mature, at Alibaba we are hoping to partner with other enterprises and service providers to help contribute towards building an open cloud-native ecosystem.
In the past, the team at Container Service has actively participated in and contributed to several cloud-native communities, and it still does today. Contributions include Moby and Kubernetes. Container Service has become a platinum member of Cloud Native Computing Foundation (CNCF). Alibaba engineer, Li Xiang is the only Chinese member of the CNCF Technical Oversight Committee. Alibaba Cloud Container Service is a member of Open Container Initiative (OCI) and a board member of Cloud Native Industry Alliance (CNIA). Alibaba Cloud Container Service is qualified by Certified Kubernetes Conformance Program, and also certified as Kubernetes Certified Service Provider (KCSP).
In addition to the open-source and cloud-native communities, we are also committed to building an ecosystem for global partnership. In 2019, some new members joined this ecosystem. Based on the open-source project Gardener, SAP Cloud Platform now supports Alibaba Cloud Container Service for Kubernetes and empowers enterprises by enabling them to manage a large number of clusters in hybrid cloud.
As running AI applications on Container Services becomes increasingly popular, Seldon, an open-source machine learning service provider from the UK, has also started to provide cloud-native AI model inference services. Container Service for Kubernetes is now supported in Cloud Brain, a technology developed by Click2Cloud in India. Their service provides a complete solution for enterprises to transfer traditional applications to cloud-native applications. Banzai Cloud, a container platform vendor from Europe, has a set of hybrid cloud and Istio products. Their pipeline products already support Container Service, enabling customers to create and manage container clusters from different cloud service providers with the lowest costs.
This year, we launched our level-1 container applications in the Alibaba Cloud market. We hope that we can empower enterprises with cloud-native technologies. Developers of cloud-native products can easily find Alibaba Cloud-certified and standard container ecosystem products, including open-source and free-of-charge container products and also for-purchase container products. These products can be quickly used on clusters to meet the business requirements of several different industries. For our independent software vendors, they can use standardized transaction procedure and a myriad of customer resources to simplify the pre-sales, transactions, delivery, and after-sales processes.
The following vendors and enterprises will join the container application market as Alibaba Cloud's partners:
Last but not least, let's review the evolution of cloud-native Container Service for Kubernetes version 2.0 and its future. At Alibaba Cloud, it is our vision to work together to build the new foundation, new computing compatibility, and new ecosystem in this cloud-native era.
To build the new foundation, Container Service will serve as an infrastructure in all scenarios to provide an end-to-end security architecture and support global deployment. A single cluster can support up to 10,000 nodes. ACK 2.0 also launched the application-centric hybrid cloud 2.0 architecture. It can reduce network latency by 75% and improve the release efficiency by three times.
To forge the new computing capability, ACK 2.0 supports extremely fast elastic scaling, which can expand a cluster to 1,000 nodes within several minutes. It also supports heterogeneous computing. And with enhancements to task scheduling, your utilization of resources can increase by 500%. Sanboxed-containers will be used to enhance application and container isolation. Meanwhile, ACK 2.0 can still maintain a performance equivalent to 90% of that by using RunC.
To build a new ecosystem, we intend to have the Container Service team work with cloud-native developers and other enterprise partners to continue to explore more of the future of cloud native technologies.
Of course, we would also like to thank our customers and various enterprise-level partners. We couldn't have achieved what we have already without your help.
The defining moment has come. Let's make cloud native technologies lead us to a new generation of digital transformation.
175 posts | 31 followers
FollowAlibaba Developer - October 25, 2019
Alibaba Clouder - November 23, 2020
Alibaba Cloud ECS - September 10, 2020
Alibaba Clouder - May 7, 2021
Alibaba Developer - January 13, 2020
Aliware - November 4, 2021
175 posts | 31 followers
FollowProvides a control plane to allow users to manage Kubernetes clusters that run based on different infrastructure resources
Learn MoreAlibaba Cloud Container Service for Kubernetes is a fully managed cloud container management service that supports native Kubernetes and integrates with other Alibaba Cloud products.
Learn MoreAccelerate and secure the development, deployment, and management of containerized applications cost-effectively.
Learn MoreVisualization, O&M-free orchestration, and Coordination of Stateful Application Scenarios
Learn MoreMore Posts by Alibaba Container Service