Alibaba Cloud Container Service has multiple major releases: a new generation platform with high efficiency, intelligence, and security without boundaries

Under the future trend of cloud computing brought by cloud native, containers have become a new interface for users to use the cloud.

Nearly 7 years after the release of Alibaba Cloud's container products, it has grown into a cloud-native operating system for enterprises. Its technology and service capabilities have matured day by day, but innovation has never stopped. A few days ago, Alibaba Cloud researcher & head of the cloud native team Ding Yu announced at the Alibaba Cloud Computing Summit that the container service ACK has been fully upgraded to ACK Anywhere. This important upgrade means that ACK has the ability to provide a unified container foundation wherever the enterprise needs cloud. Facilities capacity.

On October 21, 2021, at the Yunqi Conference·Cloud Native Summit, Alibaba Cloud senior technical expert and container service leader Yi Li shared the latest developments and explorations of Alibaba Cloud in the field of container technology, as well as the ideas behind ACK Anywhere At the same time, it announced a number of important upgrades and new releases, making Alibaba Cloud Container Service fully developed into an efficient, secure, intelligent, and unbounded next-generation cloud native operating system.

Yi Li, Alibaba Cloud senior technical expert, container service R&D and product leader

Cross the gap, containers accelerate cloud-native inclusiveness

Alibaba Cloud's definition of cloud native is software, hardware, and architecture that are "born in response to the cloud". Container technology and services can bring three core values to enterprise business development:

• Agile and efficient. Through containers, it can better support DevOps, optimize the R&D and delivery process, and improve the flexibility and resource efficiency of applications, so that the enterprise IT architecture can calmly respond to environmental changes and reduce computing costs;
• Strengthen resilience. Containers can reduce the cost of users moving to the cloud, and at the same time better support the deployment and delivery of microservice application architecture, making infrastructure and application architecture more resilient, and better protecting business continuity;
• Accelerate integration and innovation. More and more new technologies, such as 5G, AIoT, AR/VR, etc., are accelerating the integration of the digital world and the physical world. The ubiquitous container technology can accelerate this new form of fusion computing.

Alibaba Cloud Container Service supports the cloud nativeization of 100% of the group's applications, and at the same time provides upgrade services for tens of thousands of enterprises on the cloud to realize modern application transformation and upgrade. From the Internet to retail, finance, manufacturing, and transportation, more and more industries are using innovative cloud-native technologies to solve their business problems. At the same time, containers are also supporting more industry scenario innovations. For example, in the field of intelligent driving, simulation requires massive computing power. Only cloud computing and cloud-native technologies can meet the needs of business computing power for flexibility, scale and efficiency.

Six major upgrades, unleashing the ultimate potential of container technology

Optimize resource scheduling capabilities and fully support the new generation of cloud-native chips

Alibaba Cloud released the seventh-generation flexible computing instance this year, covering a new generation of cloud-native chips from Intel, AMD to ARM, enabling single-node computing density to continue to increase and single-core computing costs to continue to decline. On the other hand, with the increase in application deployment density, it will inevitably bring about continuous serious problems such as application contention for CPU resources and cross-NUMA memory access, resulting in reduced computing performance.

To this end, Alibaba Cloud Container Service ACK Pro optimizes resource scheduling for the new generation of cloud-native chips, which can better optimize the process and layout according to the core architecture of the chip, improve the cache hit rate, and reduce cross-NUMA memory access, in memory-intensive scenarios Achieve a performance improvement of 20% to 30%.

At the same time, Alibaba Cloud Container Service is cooperating with Intel to jointly create an integrated software and hardware resource isolation guarantee solution. By introducing RDT, HWDRC and other technologies, the L3 cache bandwidth can be dynamically adjusted according to the QoS of the application, and low-priority tasks can be compared to high-priority tasks. The impact of the task is controlled within 5%, which makes the mixing of multiple application loads more stable.

A new generation of container network plane with software and hardware collaboration and integrated optimization

Alibaba Cloud Container Network Terway brings a new generation of container network plane upgrades. Through deep integration with Alibaba Cloud Luoshen Networks, virtualized network overhead based on Shenlong chip offload, and implement container service forwarding and network strategy through eBPF in the OS kernel, truly achieving zero loss and high performance. Compared with open source container network solutions such as Flannel, Terway's throughput is increased by 30% in the small packet pressure test scenario, and the packet delay is reduced by 50%.

In addition, the new generation of Terway has built-in full-link network observability. Through eBPF technology, users can realize full visualization of the container network without installing any plug-ins.

IPv6 has become an important part of the national Internet technology upgrade strategy. Alibaba’s container network and Roselle Networks are integrated to achieve a complete IPv6 dual-stack solution, which can simultaneously implement two different network protocols, IPv4 and IPv6, in the same container cluster. The stack can be smoothly upgraded and can further simplify the network interconnection of the hybrid cloud.

Intelligent and efficient next-generation resource scheduling Cybernetes

Enterprises are running more and more workloads on Kubernetes, and diversified applications such as microservices, AI, and big data put diversified demands on resources. At the same time, computing power on the cloud is becoming more and more abundant, from CPUs for general computing to GPUs and NPUs for AI high-performance computing, computing power is emerging in an endless stream, all of which pose new challenges to containerized resource control, isolation, and scheduling capabilities.

To this end, Alibaba Cloud Container Service brings a new upgraded resource scheduler Cybernetes to provide enhanced capabilities for open source Kubernetes. In a data-driven manner, intelligent scheduling and real-time adjustment are realized according to the application runtime resource profile, which simplifies the complexity of application resource configuration, effectively improves runtime stability, and reduces resource costs.

Cybernetes has three key characteristics:

• Fully compatible: Based on the Scheduler framework, it is 100% compatible with upstream scheduling;
• Full scenario: Support different workloads on the same scheduler at the same time, which really brings a good mix of resources;
• Intelligentization: Relying on 10 years of technology precipitation in the Alibaba Cloud resource scheduling field, users only need to declare the required SLO, and the system can intelligently realize the SLO guarantee.

Through internal support verification, Cybernetes can achieve a 300% improvement in scheduling performance in AI and big data application scenarios compared to open source implementations, which can reduce resource costs by 50% while ensuring stable business operations.

Cloud native AI package upgrade, full stack optimization of AI performance and cost

As companies pay more attention to data and intelligence, more and more companies hope to use Kubernetes to run AI and big data applications to better realize the unification of technology stacks, resource pools, and skill stacks.

Aiming at the best practices of large-scale GPU management, scheduling, and AI container, Alibaba Cloud launched the ACK cloud native AI suite, which optimizes AI performance, efficiency, and cost based on the Kubernetes full stack, and helps users quickly build AI platforms:

• Through GPU sharing, a 100% improvement in GPU utilization can be achieved in model prediction scenarios;
• In the training scenario, through distributed cache acceleration and GPU topology awareness, the model training task is accelerated by 20%;
• Through the cloud-native AI task flow, the overall AI engineering efficiency is increased by 50%.

Intelligent container operation and maintenance system

The complexity of Kubernetes is an important factor that hinders the adoption of many customers, especially when problems are encountered during use, a large amount of professional knowledge is required for troubleshooting. In order to make it easier for enterprises to use and operate the Kubernetes system, ACK has built a complete container intelligent operation and maintenance system——

• The first fully managed node pool in China: In addition to automatic elastic scaling, the fully managed node pool can also automatically complete operations such as node upgrades, CVE repairs, and node self-healing, so that users don't have to worry about Kubernetes node management.
• Zero-invasive, low-loss container monitoring: Observability is the core capability of cloud native. ARMS container monitoring provides non-intrusive, low-loss container resources and application monitoring capabilities based on eBPF.
• Unified cost optimization, event alerting, and security management: ACK also released cost centers, event centers, and security centers this year to provide public cloud and hybrid cloud customers with refined and unified cost management, event alerting, and security governance capabilities.
• Intelligent diagnosis capability: Based on the large-scale practice of the Alibaba Cloud container team on Kubernetes, it uses data-based and intelligent technology to automatically diagnose typical Kubernetes problems and provide a repair plan. Currently, it contains 100+ diagnostic items, covering more than 80 scenarios such as nodes, containers, and networks, to help companies deal with online problems in a timely manner, and at the same time, to conduct inspections on stability risks in the cluster to prevent problems before they occur.

Container Image Service Enterprise Edition ACR EE officially released

ACR EE is a cloud-native asset management platform for enterprises. It faces enterprise-level scenarios with high security requirements and high distribution performance requirements, such as Internet companies going overseas, multinational company collaboration, online education, games and other companies. It provides safe hosting and efficient cloud-native products. The distributed enterprise-level solutions include:

• Support a variety of OCI product hosting, including multi-architecture container images (Linux, Windows, ARM and other architecture container images), Helm Chart, AI model and other product management that comply with OCI specifications;
• Launched the ability to automatically build X86/ARM multi-architecture images to simplify the adaptation of applications to diversified computing power; and provide Alibaba Cloud officially certified container images, such as JDK and AI images, to provide applications that bring credibility and efficiency Basic mirroring realization;
• Improve the image distribution acceleration capability: support the concurrent pull of ECS/ECI 1000 nodes, and accelerate the expansion of image distribution to edge clouds and enterprise data centers;
• The cloud-native application delivery chain fully embraces the DevSecOps concept, and automatically analyzes, repairs, and blocks security risks in the container software supply chain.

Three core releases, landing ACK Anywhere to expand cloud computing boundaries

Alibaba Cloud this year announced a "one cloud with multiple forms" deployment architecture, which enables a Feitian Cloud to run in various business scenarios from core regions to user data centers, bringing localized, low-latency public cloud capabilities to enterprises. ACK Anywhere came into being to further expand the boundaries of the cloud and provide a unified container infrastructure wherever the enterprise needs the cloud.

ACK Anywhere now provides full coverage of central cloud, local cloud, edge cloud, cloud box and other public cloud forms, as well as a variety of local deployment forms including private cloud enterprise edition and agile edition. In addition, the ACK release version released not long ago can be deployed on the customer's IaaS and managed by the public cloud.

The three core announcements at the Yunqi Conference will be one step closer to landing ACK Anywhere to expand cloud computing boundary capabilities.

ACK ONE-Container Convergence Management Platform

ACK ONE's value philosophy is "clouds produce all things, all things become one". Based on the multi-cloud, multi-cluster, and multi-environment management capabilities provided by Alibaba Cloud, ACK ONE can manage clusters on Alibaba Cloud, edge clusters, clusters deployed in the customer center, and Kubernetes on other clouds at the same time, truly realizing unified management and resources of clusters Unified scheduling, unified disaster tolerance of data and unified delivery of applications.

When an enterprise encounters a sudden business traffic, the flexibility provided by ACK ONE can quickly expand to the cloud; in addition, the ACK ONE enterprise can manage Kubernetes clusters distributed in different regions at the same time to achieve unified resource scheduling, according to the actual idleness of the cluster State distributes business applications to different clusters for execution, which fully improves resource utilization.

ACK Backup Center-an integrated solution for data backup, disaster recovery, and migration

ACK ONE provides an integrated solution for data backup, disaster tolerance and migration to help enterprises realize a multi-regional, hybrid cloud data disaster tolerance architecture.

Companies that use ACK to build their own database management platform on Alibaba Cloud can take regular data photos of data disks through the ACK ONE backup center, support minute-level backup and recovery of terabytes of data, and support the consistency of multiple disks on a single machine. . These capabilities have greatly improved the overall stability of the data.

Edge cloud native all-in-one machine-a cloud-side collaboration solution integrating software and hardware

The edge cloud native all-in-one machine is a solution that relies on Alibaba Cloud's edge container service ACK@Edge's cloud-side-end collaboration and software-hardware integration optimization. It has diversified hardware specifications and can be deployed on user sites to achieve real-time and stable proximity Field computing power. Using the device twin capabilities provided by ACK@Edge, we can use the cloud native method through the public cloud to uniformly manage a large number of distributed edge devices and applications.

Taking the parking lot scene as an example, companies can build an intelligent parking management system based on the edge cloud native all-in-one machine, intelligently recognize the entry and departure of vehicles in the parking lot on the road, and save videos and photos as evidence chains in the cloud to achieve The parking management is intelligent and unmanned.

Hand in hand, the future can be expected

Thanks to the power of the community, Alibaba Cloud's cloud native and container technologies have developed rapidly. As a domestic cloud native open source leader, Alibaba Cloud Cloud Native has contributed 9 projects to the CNCF Cloud Native Foundation, covering different fields such as edge computing, confidential computing, and chaos engineering.

Originating from the community, Alibaba Cloud Container Service is also cooperating with more technical partners, such as co-construction with Intel and VMware in the direction of confidential containers, sandbox containers, cloud-native edge computing, etc., while actively promoting the productization of Alibaba Cloud .

Alibaba Cloud Container Service looks forward to exploring the future of cloud computing with more excellent partners and enterprises, building a new generation of cloud-native infrastructure that is efficient, safe, and intelligent, and helping enterprises to accelerate technological innovation in the cloud era.