brief introduction ： With 2013 In the past years Docker For the representative container technology 、CNCF Foundations and K8s And so on , Cloud native is becoming familiar to developers . There are two more stages before the age of cloud Nativity ： One is self construction IDC Computer room , Second, simply move the original application to the cloud . build by oneself IDC It's hard to get high availability in computer rooms 、 High scalability and operation and maintenance efficiency ; And the second stage is the era of cloud computing , comparison IDC Some progress has been made , But most of them are still using clouds in a relatively primitive way , It's hard to make good use of the cloud , The resources at this stage are close to infinity , But the way based on virtual machine and various self built services needs to be improved . Including high availability related construction and infrastructure sinking , Want to maximize the stripping of non business code , Under the guidance of such technology and architecture design , You can design cloud native applications .
1. The age of cloud Nativity
With 2013 In the past years Docker For the representative container technology 、CNCF Foundations and K8s And so on , Cloud native is becoming familiar to developers . There are two more stages before the age of cloud Nativity ： One is self construction IDC Computer room , Second, simply move the original application to the cloud . build by oneself IDC It's hard to get high availability in computer rooms 、 High scalability and operation and maintenance efficiency ; And the second stage is the era of cloud computing , comparison IDC Some progress has been made , But most of them are still using clouds in a relatively primitive way , It's hard to make good use of the cloud , The resources at this stage are close to infinity , But the way based on virtual machine and various self built services needs to be improved .
The era of cloud Nativity refers to when designing applications , Considering that the application will run in the cloud environment in the future , Taking advantage of cloud resources , For example, the elasticity of cloud services 、 The advantage of distributed . As shown in the figure above , Cloud Nativity can be divided into several parts ：
One is Cloud native technology , Include container 、K8s、 Microservices 、DevOps. And these technologies are just a tool , To really make good use of these technologies , It also needs some best practices and combinations , That's cloud native architecture .
Cloud native architecture It is a collection of architecture principles and design patterns based on cloud native technology , It's some guiding principles , For example, it is required to be observable , Only on the premise of good observability can we do a good job in the follow-up elasticity , Including high availability related construction and infrastructure sinking , Want to maximize the stripping of non business code , Under the guidance of such technology and architecture design , You can design cloud native applications .
Cloud native application With light weight 、 agile 、 High automation, etc , You can take advantage of the cloud , In the era of modern digital transformation , Better adapt to the development and change of business .
2. Serverless Natural clouds are original
Why do you say Serverless It's a natural cloud ？ although Serverless It appeared earlier than the cloud itself , Let's go back ,AWS Take the lead in launching the first generation Serverless product ——Lambda, It has the characteristics of billing on request and extreme scalability , Very consistent with the definition of cloud Nativity , Like infrastructure sinking . stay Lambda in , There's no need to manage the server , It will scale the server on request , Highly automated ; It also organizes code in the form of functions , Functions are lighter than applications , Delivery is also faster . But the drawback of this model is that the transformation cost is high , Because many applications turned out to be huge single or micro service applications , It's hard to transform into a functional pattern .
3. know SAE
Serverless The introduction of concepts and related products has gone through almost 7 A year , In this process, cloud native technology is also maturing , Include Docker、 K8s etc. . Ali Yun in 2018 I started thinking about another kind of Serverless form , namely Serverless application, That is to say SAE This product , In its 18 year 9 Monthly online ,19 It was commercialized in 2000 , So far 3 A year .
SAE Characteristics ：
be based on K8s base , Behind it is the immutable infrastructure such as mirror image and observable 、 Automatic recovery , If a request failure is detected , The instance is automatically cut or restarted .
Managed server resources , You don't need to operate the server yourself , At the same time, it also has the ability of extreme flexibility and extreme cost .
Pictured above , The top layer is the customer perception layer , yes aPaaS Product form , It's an application PaaS, After more than three years of practice , The ultimate goal is to make users really easy to use 、0 The effect of the transformation , And do a lot of integration .
SAE This one is based on K8s Is the base 、 Have Serverless Characteristics 、 With aPaaS For the product of form , Completely consistent with the characteristics of cloud origin . On a technical level , The bottom layer uses containers 、K8s, Integrated microservices , Includes a variety of DevOps Tools . At the architecture level , Because the bottom layer depends on these technologies , So it's very convenient for users to follow the principles of cloud native architecture , To design your own application practice , Finally, customers' applications can enjoy the original dividend of cloud to the maximum extent , Achieve lightweight applications 、 Agile and highly automated , Greatly reduce the threshold of entering the era of cloud Nativity .
SAE Product architecture
SAE It's an application oriented Serverless PaaS,0 reform 0 The threshold 0 Container Foundation That's what it's all about , It is very convenient for users to enjoy Serverless、 K8s And the technological dividend of microservices . It also supports a variety of microservice frameworks 、 Multiple deployment channels （ Including the quality of their own products UI Deploy / Cloud effect / Jenkins / Plug in deployment, etc ）、 Multiple deployment methods （ Include War / Jar / Image deployment, etc ）.
At the bottom is a IaaS Resource layer , It's on it K8s colony , These are transparent to users , You don't have to buy your own servers , There's no need to understand K8s, On the next level, there are two core competencies ： One is application hosting , Second, micro service governance , Application hosting is the application life cycle, etc , Micro service governance is service discovery 、 And so on , These in SAE We have done a good integration in all of them .
SAE There are three core characteristics of ： One is 0 Code transformation , Two is 15s Elastic efficiency , The third is 57% Cost reduction and efficiency improvement .
1. Kubernetes base
stay K8s In the container Ecology , The most basic is the container or image , Relying on the mirror image , Users are equivalent to implementing immutable infrastructure , The advantage is that the mirror image can be sent to the disposal 、 Copy , It's equivalent to portability , Without vendor binding . In addition, for users who are not familiar with the image or do not want to feel the complexity , We also provide War / Jar Level deployment , Greatly reduce the threshold for users to enjoy dividends .
In the field of traditional operation and maintenance, many problems are difficult to solve , For example, the server for a variety of reasons , Suddenly the load is high or CPU higher , At this time, a lot of manual operation and maintenance operations are usually required in traditional fields , And in the K8s The combination of field and observable 、 health examination , Just configure it liveness and readiness, It can realize the automatic operation and maintenance ,K8s Automatic flow cuts and automatic rescheduling , Greatly reduced the operation and maintenance cost .
Not only ECS The machine is hosted ,K8s It's also the internal hosting operation and maintenance , Customers don't need to buy servers or K8s Or operation and maintenance K8s, You don't even need to know K8s, It greatly reduces the entry threshold and salary burden of customers .
2. Serverless characteristic
We've implemented end-to-end 15 second , That is to say 15 You can create one in seconds pod, Let the user's application start . In terms of resilience , We have basic index elasticity （ Such as CPU、Memory etc. ）、 Business indicators are conditional elasticity （ Such as QPS、RT etc. ） And timing flexibility . If you set the flexibility index manually , There are still some barriers and burdens , Because the customer doesn't know how many indicators should be set , In this context , We're also thinking about smart resilience , Automatically help users calculate the flexibility index and recommend it to users , Lower the threshold further .
SAE Free of resource hosting and operation and maintenance costs , Before that, customers need to operate a lot of ECS The server , When security upgrades are needed 、 Bug repair , Especially in high density deployment , It's going to cost a lot . in addition SAE The billing mode is in minutes , Users can achieve lean cost , For example, at the peak of business 1 Hours to 10 An example , At the end of the peak, it becomes 2 An example .
In the field of elasticity , We've done some targeted language enhancement . such as Java, Combined with Ali's large-scale Java Application practice , Ali's JDK——Dragonwell11 Compared to other open source JDK, It can make Java The application starts faster 40%. We will explore more possibilities in other languages in the future .
3. (application)PaaS Product form
App hosting , It's equivalent to application lifecycle management , Including app release 、 restart 、 Capacity expansion 、 Gray scale release, etc , It uses the mind and everybody in the use of applications or other PaaS The platform is the same , The threshold is very low .
Because there are hundreds of cloud products , If you want to use each one well, it's also an extra cost . So we integrated the most commonly used cloud services , Including basic monitoring 、 Business monitoring ARMS、NAS Storage 、SLS And other aspects of the log collection , Lower the threshold for users to use the product .
In addition, we have also made additional micro service enhancement , Including the escrow registry 、 Elegant online and offline and micro service governance, etc . Because using microservices usually requires a registry ,SAE Built in hosting registry , Users don't have to buy it again , You can register the app directly , Further reduce the user threshold and cost .
SAE Combine these capabilities , Finally, when users migrate traditional single application or micro service application , Basically, it can be realized 0 Transformation, migration ,0 You can enjoy the technological dividend behind this product .
1. SAE Technical architecture
SAE Help user hosting K8s The technical architecture behind it is shown in the figure above , stay 1 On the host computer , The top is SAE Of PaaS Interface , The second level is K8s Of Master（ Include API server etc. ）, The bottom layer is K8s The host that actually runs the resource , It's all made up of SAE managed , Users only need to be in their own VPC Or network segment Pod Resources and make a connection , Then the application can run normally .
There are two core issues ：
One is penetration prevention , Like our Pod Or containers that use things like Docker This traditional container technology , Put the public cloud a and b Two users run to a physical machine , In fact, there are very high security risks ,b Users are likely to intrude into a Get user information in the user's container , So the core of this is to limit the ability of users , Prevent them from escaping .
The second is the connection of the network or the opening of the cloud system , We need to connect with the user's network system , In this way, users can easily communicate with their security groups 、 The rules of safety 、RDS Equiconnected , This is also a core issue .
2. Safe containers
Let's talk about how to prevent escape . The table above is a more extensive security container technology that we are discussing now , A simple understanding of security container is the idea of virtual machine . If you use a traditional image Docker Such containerization Technology , It's hard to do a good job of security protection or isolation , The security container can be understood as a lightweight virtual machine , Start up speed of existing container , And the security of virtual machines .
At present, the safety container is out of safety , It's not just safe isolation , There are also performance isolation and fault isolation , Take fault isolation as an example , If the Docker This container technology , Some kernel problems , It's possible because of a Docker The failure of the container affects other users , The entire host may be affected , And if you use safe container technology, there won't be such a problem .
SAE Adopted Kata Safe container technology , In terms of time and the fact of the open source world ,Kata yes runV and Clear Container A combination of the two projects , Compared with Firecracker as well as gVisor The program is more mature .
Customers who are familiar with microservice all know , If you want to operate a set of microservice technology architecture yourself , There are many factors to consider , It's not just open source 、 The framework level , There are also resource level and follow-up problem investigation , Including the registry 、 Link tracking 、 monitor 、 Service governance and so on , As shown on the left side of the figure above , Under the traditional development mode , These capabilities need to be managed and operated by users themselves .
And in the SAE in , Users can hand over some business independent features to SAE, Users only need to focus on their own business , Including the user center of micro Services 、 Group center, etc , And the SAE Of CI/CD Tools to do an integration , You can quickly implement the microservice Architecture .
Some medium and large enterprises will have multiple test environments , These test environments are generally not used at night , stay ECS In mode , We need to keep these application examples for a long time , The cost of idle waste is relatively high .
And if SAE You can combine the namespace in the , For example, the ability to start and stop with one button or time , You can build all the applications of the test environment under the test environment's namespace , Then configure the morning, such as 8:00 Start all instances of the test environment namespace , at night 8:00 Stop it all , There's no charge at all for the period after it stops , It allows users to minimize costs .
According to the calculation , In the extreme case , Basically, it can save users 2/3 The cost of hardware , And it doesn't need to pay any extra operation and maintenance costs , Just configure the regular start stop rule .
In this year's epidemic situation , A large number of students have online education at home , Many customers in the online education industry are faced with the situation of business traffic soaring seven or eight times , If based on the original operation and maintenance of their own ECS framework , Users need to upgrade the architecture in a very short time , It's not just the upgrade of operation and maintenance architecture , And application architecture upgrades , This is a great challenge to the cost and energy of users .
And if it depends on SAE All kinds of integration and the underlying K8s This highly automated platform , It can be much simpler . For example, it can be combined with PTS The compression tool evaluates the capacity level ; For example, there is something wrong with the pressure measurement , It can combine basic monitoring and application monitoring , Including the call chain 、 Diagnostic reports, etc , We can analyze where the bottleneck is , Is it possible to solve it in the shortest possible time ; If it is found that the bottleneck is relatively difficult to solve , You can use app High Availability Services , Realize current limiting and degradation , Make sure the business doesn't collapse because of a sudden flood .
Last SAE The corresponding elastic strategy can be configured according to the pressure measurement model , For example, according to CPU memory、RT perhaps QPS etc. , Set industry strategy with capacity model , To achieve very close to the actual amount of use of the effect , Achieve low cost and maximum upgrade of Architecture .
Digital transformation has penetrated into all walks of life , Whether it's because of the development of time or the epidemic , In the digital transformation , Enterprises should have the ability to apply the cloud well , To cope with the rapid changes in business and the challenges of high peak and high flow scenarios , The process consists of several stages ：Rehost（ New escrow ）、Re-platform（ New platform ）、Refactor（ New architecture ）, With the deepening of architecture transformation , The higher the value of cloud that enterprises can get , At the same time, the cost of relocation and transformation will also rise , If it's just to simply host the application to the cloud , It's hard to get the resilience of the cloud , It's hard to deal with problems in time .
adopt SAE, We want to be able to make users 0 reform 、0 The threshold 、0 The container foundation can enjoy Serverless + K8s + The value dividend of micro Services , Ultimately help users better face business challenges .
author ： Chen Tao （ Bi Shan ）
This article is the original content of Alibaba cloud , No reprint without permission