Author: Liu Dapeng (Rain Mirror)
Preface
The era of cloud native has arrived, and cloud native technology is reshaping the entire software life cycle. Alibaba is one of the first companies in China to deploy cloud native technology.
In the past few years, the container service team has helped many users to successfully nativeize their business cloud and migrate to the cloud. Some of them are now our TOP10 major customers, as well as overseas users who need to conduct business in China, and some are from other clouds. Some of the users who have migrated from the vendors are users who have migrated to the cloud from IDC, and more and more users have begun to inquire about how to make cloud-native transformation of their applications and how to smoothly migrate their business to the cloud. Each user’s business scenario is different. Some differentiated business scenarios also have some customized requirements for the container platform. While helping these users implement cloud migration solutions, we are also constantly thinking about how to integrate the common things in these cases. Do some precipitation, sum up some excellent solutions, best practices, and develop some tools to help users quickly complete the cloud migration. These solutions, best practices, and cloud migration tools are what I want to share in this article today.
Before helping users implement the cloud migration plan, we must first answer at least 3 questions:
(1) How ACK (Alibaba Cloud Container Service Kubernetes) can ensure the reliability, stability, security and flexibility of user business;
(2) How to design a cloud migration plan to smoothly migrate business to ACK;
(3) How to further transform the application to adapt to the more powerful expansion capabilities provided by ACK.
How does ACK ensure the reliability, stability, security and flexible scalability of user services?
First, ACK is based on Alibaba Cloud’s reliable and stable IaaS platform, which has the greatest flexibility, low cost, and global access advantages; The container runtime environment has full-dimensional security reinforcement for container clusters; in the past few years, we have well supported the business operations of hundreds of large and small enterprises, with a large number of user experience summed up and verified by Double 11; in addition. ACK is based on the standard Kubernetes, and has greatly improved the capabilities closely related to users. Users do not need to worry about being bound by a certain manufacturer.
In our past cases of helping users go to the cloud, most of them are self-built Kubernetes clusters migrated to ACK clusters. Compared with self-built Kubernetes clusters, ACK is highly integrated in cost, flexibility, IaaS, performance, security reinforcement, and practical experience. There are very huge advantages in other aspects.
In addition, ACK is consistent with all regions of Alibaba Cloud. In addition to the opening of services in multiple regions in China, it is also available in Southeast Asia, the Middle East, Europe, East and the West, and can fully meet the needs of users for global business.
Overall cloud migration plan design
The design of the overall cloud migration of user services will involve cluster planning, data migration, monitoring switching, log switching, and final production traffic switching or grid connection operations.
When migrating to the cloud, which components need to be involved, which data to be moved, and which services to switch, all need to be designed before migrating to the cloud.
First, you need to make cluster planning. Users need to choose different machine types according to their own business scenarios, such as CPU machines or GPU machines, such as virtual server ECS or Shenlong bare metal server, and so on.
Secondly, the network planning part will involve the choice of the container cluster infrastructure to choose the vpc intranet network or the classic network, and whether the communication mode between pods in the cluster is flannel mode or terway mode, etc.
In the capacity planning part again, users can plan a capacity that can meet the normal operation of the initial business according to their own costs and budget, and then can configure dynamic expansion and contraction to shrink the cluster size at any time.
Fourth, in the part of security protection improvement, there are infrastructure security such as setting reasonable security group rules, image security such as using private images and defining image security scanning, Kubernetes application security management such as setting network security policies for mutual access between different services, etc. .
Fifth, the monitoring switching part is more comprehensive and three-dimensional than the user-built Kubernetes, from infrastructure to container runtime monitoring, and can trigger alarm notifications based on threshold settings; users generally also self-built The log collection solution was switched to SLS, an enterprise-level log product on Alibaba Cloud.
Sixth, data migration is a very important part. These data include database data, storage data, container mirroring, etc. We will dock with enterprise-level products and migration tools on Alibaba Cloud to complete the data migration. The purpose is to ensure data migration to the cloud. The reliability and safety of the system. Currently, the backup center supports the migration of data from the cloud to ACK on the cloud. You can use the backup center to complete the migration of applications and data to ACK.
Finally, the main content involved in the application transformation includes the update of the mirror address, the optimization of the service exposure method, and the update and adaptation of the storage disk mounting method. In addition, it is necessary to provide a CICD solution that meets the needs of users to quickly iterate on-line products. After the above components are debugged, we can switch part of the production flow.
The above are the overall steps involved in the migration of user services to the cloud from cluster planning to production traffic switching.
We provide an enterprise containerized life cycle model. This model is divided according to the time stage and the various business roles on the user side. For example, the role of the business architect needs to be concerned about the value of the business cloud can bring to the company. In TCO and What optimizations will be brought in the scenario, whether the cloud platform can meet current business needs in terms of security, computing, storage, and network capabilities; IT architects are responsible for planning the cluster capacity and scale required by the current business, as well as network selection and other issues. It is that the system administrator and application administrator implement the details of the cloud migration solution. The main core focus of this model is to make the user's business more stable, lower cost, and more efficient after it goes to the cloud.
There are two types of full-stack cloud migration architecture ideas, one is overall migration, and the other is smooth migration. The overall migration means that after all the user applications are migrated to the cloud, after the debugging of each component is completed and the test and acceptance are passed, the production traffic can be switched to the online cluster as a whole, and the original environment can be offline after the business on the online cluster runs stably for a period of time . Smooth migration means that users can use online ACK clusters to accommodate nodes under the pipeline, or a hybrid network of online clusters and offline clusters to provide services to the outside world, and gradually transform business components to go offline after the original environment. Compared with these two methods, the overall migration is simpler, and the smooth migration is complicated in loudness but has little impact on the business. Therefore, it is also necessary to make a choice according to the user's actual scenario.
There are also two small scenarios in the part of containerized overall cloud migration. One is the migration of users from self-built Kubernetes clusters to ACK. In this scenario, a large part of the user’s application has been transformed into cloud native. The migration will be relatively easy. It’s simpler. Some of the user’s applications are traditional applications that run directly on virtual machines or bare metal servers without any cloud-native transformation. For this part of the scenario, we also provide related tools or solutions to help users proceed. Cloud-native cloud migration transformation, for example, using the derrick project can automatically detect the source code project type and generate Dockerfile and yaml files for application deployment orchestration.
In order to help users improve the efficiency of cloud migration, we are also continuing to accumulate and open source some cloud migration tools and products. Than ack-image-builder provides users with templates for creating custom images of ACK cluster nodes and checks whether the custom images meet ACK cluster requirements through the verification module; sync-repo can help users quickly complete the batch migration of container images to ACR (container image Warehouse services); The backup center provides a one-stop solution for the backup, recovery and migration of stateless or stateful applications, especially for hybrid cloud, multi-cluster stateful applications provide data disaster recovery and application migration capabilities. It can help users quickly migrate complete applications and PV data from other cloud vendors or self-built Kubernetes clusters to the ACK cluster, and supports rich cloud storage types.
The main steps to implement the migration of an existing Kubernetes cluster through the backup center are as follows:
- Create a cluster in offline Kubernetes (for example, a Rancher cluster), and connect the offline cluster to the registered cluster. For specific operations, see Creating a registered cluster and connecting to a local data center cluster;
- Create a managed version cluster through ACK on the cloud and deploy backup service components;
- Install backup components for cloud managed clusters (ie, register clusters), and back up offline cluster applications and PV data through the backup center. For specific operations, see Creating Backup Tasks;
- In the ACK cluster on the cloud, the application and data under the cloud are backed up through the backup center and restored on the cloud.
In the data migration part, reliable migration is the key. Currently, the cloud storage types supported by the backup center are:
- Data center local block storage SAN, Ceph OBD and local disk LVM, etc.
- Data center file systems HostPath, NFS, NetApp, GlusterFS and CephFS, etc.
- Data center local object storage Ceph S3, etc.
Through the backup center, Kubernetes applications and PV data under the cloud can be migrated to the ACK cluster to achieve smooth cloud native transformation.
After the migration of data and applications to the cloud is completed, components such as monitoring and logs need to be further adapted. After each component has been debugged and passed the acceptance, smart DNS can be used to cut production traffic.
Application modification and optimization
For the part of application transformation and optimization, in the Kubernetes-to-Kubernetes scenario, what needs to be optimized is to adapt to the capabilities that self-built Kubernetes does not have, such as automatic expansion. In the scenario of traditional application migration to ACK, this part of the workload will be It’s bigger, so we also output some solutions for this scenario. For example, it’s similar to a remotely active solution. We integrate the user’s traditional application environment, usually a virtual machine or bare metal environment, into the Istio grid deployed by online ACK. Gradually transform the application until all services are switched to the online ACK cluster.
In the process of application gradual transformation, it will involve how to containerize the application, how to migrate the network environment and data migration. For the problem of application containerization, we can use the SMC Cloud Migration Center to complete the process of converting virtual machines into container images. , This part of the network can process the IP address DNS domain name through iptables, External, CoreDNS PrivateZone, etc., keep the original logical IP and domain name unchanged, and realize network virtual routing and observability management through Istio.
Cases and conclusions
The last ones listed are some cloud migration cases. Among them, there are users with special needs for high-performance networks, users who need large-scale GPU machines for deep learning-related businesses, and users who require bare metal servers.
The above different business scenarios for different users have their own differences in the design and implementation of the cloud-native cloud migration solution. They are not all the same. They need to combine the best practices precipitated by the ACK team to quickly make assessments and plans, and With the help of a series of existing cloud migration tools, the process of migrating business from offline to cloud is quickly completed.
other
ack-image-builder can help users make custom images that meet the requirements of ACK cluster nodes
sync-repo can help users quickly complete the batch migration of container images to ACR (Container Image Repository Service)
Cross-cluster recovery Kunbernetes Application Backup Center can help users quickly migrate complete applications from other cloud vendors or self-built Kubernetes clusters to the ACK cluster
Related Links
1) ACK (Alibaba Cloud Container Service Kubernetes):
https://cs.console.aliyun.com/?spm=a2c6h.12873639.0.0.2eb53cd3L9rbef
2)derrick:
https://github.com/alibaba/derrick
3)ack-image-builder:
https://github.com/AliyunContainerService/ack-image-builder?spm=a2c6h.12873639.0.0.2eb53cd3L9rbef
4)sync-repo:
https://github.com/AliyunContainerService/sync-repo?spm=a2c6h.12873639.0.0.2eb53cd3L9rbef
5) ACR (Container Image Repository Service)
https://cr.console.aliyun.com/cn-hangzhou/instances
6) Backup Center
https://help.aliyun.com/document_detail/311759.html?spm=a2c6h.12873639.0.0.2eb53cd3L9rbef
7) Rancher cluster
https://rancher.com/docs/rancher/v2.5/en/installation/?spm=a2c6h.12873639.0.0.2eb53cd3L9rbef
8) Create a registered cluster and connect to the local data center cluster
9) Create a backup task
10)ack-image-builder
https://github.com/AliyunContainerService/ack-image-builder?spm=a2c6h.12873639.0.0.2eb53cd3L9rbef
11)sync-repo
https://github.com/AliyunContainerService/sync-repo?spm=a2c6h.12873639.0.0.2eb53cd3L9rbef
12) ACR (Container Image Repository Service)
https://cr.console.aliyun.com/cn-hangzhou/instances
13) Recover the Kunbernetes application across clusters
https://help.aliyun.com/document_detail/188871.html?spm=a2c6h.12873639.0.0.2eb53cd3L9rbef
👇👇 Click here to view the container service ACK product details!
Recently Popular
native accelerator, come for you#
Just waiting for you! Hurry up and click on the picture below to learn more~
**粗体** _斜体_ [链接](http://example.com) `代码` - 列表 > 引用。你还可以使用@来通知其他用户。