By Liu Sheng.
The cloud-native era is upon us and it is reshaping the entire cloud application lifecycle.
As one of the first to invest in cloud-native technologies, Alibaba Cloud's Container Service team has been helping thousands of customers containerize their services and migrate to the cloud. Container Service's customers are a diverse group of businesses that include Alibaba Cloud's top 10 customers, overseas enterprises looking to expand operations in China, and customers who made the move from other cloud vendors. Several customers left their on-premises data centers behind, opting to migrate all services to Alibaba Cloud. And now, increasing numbers of new customers are looking to do the same. The business requirements of customers differ, and as a result, they require different customizations for their container platforms. However, out of all the use cases, some things are common among all of our customers. We consider these as best practices, tools, and solutions that can help all of our customers to migrate to the cloud, quickly and in a seamless manner. The main idea behind this article is to share these best practices, tools, and solutions.
Before each migration starts, there are three questions we must answer. The first question is how to ensure reliability, stability, security, and flexibility for our customers' services by using Alibaba Cloud Container Service for Kubernetes (ACK). The second question is how to design the migration process to ensure a smooth, seamless migration. The third question is how to make further improvements to provide greater scalability with ACK.
ACK is built on the stable foundation of Alibaba Cloud's Infrastructure-as-a-Service (IaaS) platform and provides such advantages as low costs, a maximum of scalability, and global integration with Alibaba Cloud's other services. Moreover, ACK runs under the security umbrella of Alibaba Cloud, which covers everything from infrastructure to containers and from the bottom to the top service layers. Over the years, ACK has supported thousands of customers to run their services smoothly, accumulated massive data on user experience, and hosted Alibaba's annual Double 11 Shopping Festival. ACK is built on the standard of Kubernetes and greatly improves the capabilities most requested by our customers and users alike. Therefore, our users do not have to worry about vendor lock-in, given all of advantages we have to offer.
Most of our customers host their services on self-hosted Kubernetes clusters before migrating to ACK. What convinced them to migrate to our services are the advantages of low costs, scalability, integration with the Alibaba Cloud's complete infrastructure, great performance, good security and the overall customer experience that ACK holds over standard Kubernetes.
Besides all of this, ACK is available in all regions where Alibaba Cloud has rolled out cloud services, which means that, aside from multiple regions in China, ACK is also available in Southeast Asia, the Middle East, Europe, and the US, to meet the demands of our increasingly global customer base.
Complete service migration involves cluster planning, data migration, monitoring switchover, log switchover, and the final step, production traffic switchover.
Therefore, a user must have a clear understanding of the components, data, and services involved in migrating to ACK. Let's start with planning the cluster and its many aspects. First up is the server model. Do you need CPU-heavy or GPU-heavy servers? Is Elastic Container Service or X-Dragon Bare Metal Server better for your services? Then, there are the network resources. Do you want VPC private networks or classic networks? Do the pods in your cluster use Flannel or Terway to communicate? Next is how much storage is needed. We recommend that most users start with the amount of storage needed to get your service up and running and to set up dynamic scaling.
Security is also very important. Infrastructure security requires that you have well-configured rules and container image security might require private registries and periodic security scans. Application security including network security policies that guard the communication among various services is essential. After security comes monitoring. ACK provides monitoring that is more comprehensive than self-hosted clusters, ranging from the complete infrastructure to individual containers. You can also set alerts using various threshold values. For this, Alibaba Cloud Log Service is our all-in-one, complete service suite for log data. Most of our customers opt to use Log Service when they migrate to ACK.
Data migration is arguably the most important part of the whole effort. This includes the migration of databases, storage data, and container images. Data migration is a very important part. The data includes database data, storage data, and container images. To ensure the process is smooth and safe, Alibaba Cloud offers a set of enterprise-grade products and migration tools. We also offer an application transformation service to improve our customers' services so that they can get the most out of ACK. This includes but is not limited to updating container image addresses, optimizing the way services are exposed, and storage drive mounting methods.
Last but not least, we offer a CI or CD solution to our customers so that they can achieve rapid service iteration. After the preceding steps are implemented and tested, production traffic is gradually switched over. From cluster planning to traffic switchover, these are the steps involved to perform a migration to ACK.
The preceding table is a lifecycle model of an enterprise containerized application. This model is based on the aspects and roles of an application. For example, a business architect needs to focus on what value the move to the cloud can bring to the company, what benefits it brings to the total-cost-of-ownership (or TCO) and different business scenarios, whether the cloud platform meets the current business needs in terms of security, computing, storage, and network capabilities. And the network administrator needs to focus on planning the cluster capacity and scale required by the current business and network selection. The rest is up to the system administrator and application administrator. The main focus of this model is to make sure that the service is more stable, cost-effective, and efficient after it is migrated to the cloud.
There are two types of full-stack cloud migration: one-time migration and gradual migration. As you may have guessed, one-time migration means that the migration is done all at once. In this case, all components are migrated and tested, and production traffic is switched over to ACK. Then, after services remain stable for a set period of time, then the original production environment is taken offline. Gradual migration naturally means that the migration is done gradually. An ACK cluster is set up to take over part of the service. This is used in conjunction with the original production environment to provide service. And the rest of the components are gradually migrated to the cloud until the original production environment is no longer needed and taken offline. One-time migration is simpler to perform but the impact on business is big, whereas gradual migration is more complex but has a smaller impact on your business operations. Pick the method that suits your need best.
One-time migration can be further divided into two scenarios. The first one is that the customer is migrating from a self-hosted Kubernetes cluster to ACK. In this case, the customer has already completed a large part of the cloud-native transformation process, and therefore the migration is relatively simple after this step. In the second scenario, the customer uses traditional applications that run on virtual machines or bare metal servers to provide service. This scenario takes more work, which is why we offer a set of tools to help with the process. One example is derrick, which can automatically inspect source code and generate the Docker file and the YAML file used for application deployment. Another is that we are working with ECS SMC to use their software to convert virtual machines to container images that can then be run on ACK clusters.
We have also been developing and releasing open-source tools to help our users to make the migration to ACK easier. ack-image-builder generates a template for creating custom images for the ACK cluster and checks whether the custom image meets the requirements of the ACK cluster through the verification module. sync-repo helps users batch migrate container images to Alibaba Cloud Container Registry. Velero helps users quickly migrate all applications in self-built Kubernetes clusters or other cloud platforms to the ACK cluster.
Data integrity is crucial for data migration. For different data types, we have different enterprise-level tools to ensure data integrity, such as Data Online Migration Service (DOMS). As part of the data migration piece of the puzzle, reliable migration is crucial. Based on different user data types, we will use the matching enterprise-level migration tools, such as the online data migration service DOMS, Object Storage Service (OSS), and the PB-level, point-to-point, offline data migration service Data Transport.
After data and applications are migrated to the cloud, the rest of the components, such as monitoring and logging, need to be configured and tested. If all is set, use Alibaba Cloud Domain Name Service (DNS) to switch over production traffic.
Migrating from a self-hosted Kubernetes cluster to ACK also requires support for features such as auto storage scaling. Migrating traditional applications to ACK is more complicated. Therefore, we came up with some solutions to reduce the work needed. For example, we set up a remote active-active environment and integrate the traditional applications, usually hosted in virtual machines or on bare metal servers, with the Istio grids deployed on ACK, and gradually migrate all services to ACK clusters.
In the process of gradually improving an application, problems such as how to containerize an application and how to migrate the network environment data often come up. We usually use Server Migration Center (SMC) to convert virtual machines to container images. Network issues can be solved by using iptables, External, CoreDNS, and PrivateZone to deal with IP address and DNS changes while retaining the original internal IP addresses and domain names. Istio is used to implement virtual routing and visibility management.
Let's look at some case studies on cloud migration given in the figure above, including a customer looking for high-performance networks, a customer in need for large-scale GPU resources for deep learning, and a customer ended up with bare metal servers.
Different users have different business needs, resulting in different designs and implementations of cloud-native migration solutions. The ACK team is able to meet these challenges with the experience they have gained over the years and the tools they developed. Looking for a quick and clean migration to the cloud? You cannot go wrong with us.
A Multi-Cloud and Multi-Cluster Architecture with Kubernetes
175 posts | 31 followers
FollowAlibaba Clouder - April 7, 2021
Alibaba Clouder - April 10, 2018
Nick Patrocky - August 5, 2022
5793564117225178 - November 5, 2022
Alibaba Clouder - June 23, 2020
Redspan - September 30, 2022
175 posts | 31 followers
FollowAlibaba Cloud Container Service for Kubernetes is a fully managed cloud container management service that supports native Kubernetes and integrates with other Alibaba Cloud products.
Learn MoreProvides a control plane to allow users to manage Kubernetes clusters that run based on different infrastructure resources
Learn MoreAccelerate and secure the development, deployment, and management of containerized applications cost-effectively.
Learn MoreApsaraDB Dedicated Cluster provided by Alibaba Cloud is a dedicated service for managing databases on the cloud.
Learn MoreMore Posts by Alibaba Container Service