About the Author
Zhang Yingluo, a senior architect at SUSE, has 15 years of experience in architecture consulting, focusing on SUSE Cloud-native-related product landing solutions and consulting solution design.
The customer is one of the leading fund companies in China, with nearly 80 million customers and a fund management scale of nearly 2 trillion yuan. It has full qualifications for the management of domestic public and private equity asset management products, and full qualifications for the three pillar pension investment management businesses. Licensed for public and private securities investment, domestic and cross-border investment, it is one of the companies in the industry that builds the fastest product line and has the largest variety of products.
Business status and challenges
At present, the customer guarantees the development, launch, and operation of various business systems with the development, testing, and operation and maintenance teams performing their duties. The business system adopts the form of outsourcing and self-developed, and most of the self-developed applications are based on the SpringBoot architecture. In the test environment, the business system mainly uses the scripted pipeline method for continuous integration and continuous delivery, and the quasi-production and production environments use manual methods. Most business systems run directly in Linux virtual machines, and some business systems run in the form of Docker containers. Existing business applications using GPU resources are directly deployed on independent physical machines.
Key challenges faced by the client include:
- Long time: Once the system goes online, it needs to be repeatedly built in the development test, quasi-production, and production environments, and there are inconsistent configurations.
- Low efficiency: In the entire process from development and testing to production launch and operation and maintenance, there is a lot of cross-departmental collaboration and a lot of manual operations, and end-to-end delivery and integrated management have not been realized.
- Slow iteration: The software architecture is suitable for overall iteration, but not suitable for rapid modular updates, and it is difficult to quickly put new functions and features into production.
- Weak observation: The communication between business services, such as important indicators such as call relationship, service response time, and failure rate, needs to be resolved by the application itself.
- Low resource utilization: Each application that uses GPU occupies a physical machine, and the utilization rate of GPU resources has been at a low level for a long time and cannot be shared.
Customers urgently need to use new technologies to reduce costs, increase efficiency, and facilitate business innovation. After a series of technical explorations, the client plans to build a PaaS platform centered on Kubernetes, DevOps, and service mesh to improve the status quo:
- With the container as the core, it quickly provides a consistent development test, quasi-production and production environment, supports the rapid deployment and operation of business in K8s, and K8s solves the sharing problem of GPU resources.
- With the CI/CD process as the core, it realizes the delivery of the whole process of development, testing, and production, and ensures the consistency of application information and media, shortening the online time of the development and testing phase and the production phase.
- With microservices as the core, functions such as traffic management, observability, security, and grayscale release between services are realized.
Solutions from SUSE
container management platform
The customer uses the container management platform with SUSE Rancher as the core as the base of the PaaS platform. According to the network security area, it is divided into development test, quasi-production and production environments. Three K8s clusters and one using GPU are respectively built on the SUSE Linux 12 SP5 server. K8s cluster. The Istio service grid inside the K8s cluster provides capabilities such as traffic control, indicator observation, authentication and authorization, and grayscale publishing for services.
GPU shared scheduling
Through SUSE Rancher, the customer creates a K8s cluster on a physical machine with a GPU graphics card, deploys business applications using GPU resources on it, and utilizes the GPU shared scheduling capability provided by SUSE Rancher to realize the function of using one GPU graphics card for multiple applications at the same time. The same hardware resources can carry more business applications.
Dock the customer’s existing CI/CD tool chain based on Jenkins and Gitlab to help customers improve the pipeline process. Change to a declarative pipeline. After the new code is pushed to the code warehouse, the pipeline process is triggered, the code is compiled, the product is generated, the image is packaged according to the Dockerfile, and pushed to the Harbor mirror warehouse. According to the workload template, the Helm/Chart package of the application is generated and pushed to the Gitlab code base for use as the application store of SUSE Rancher. Call the K8s API to directly deploy yaml files or chart packages to the cluster.
Business application transformation
In combination with the construction of the PaaS platform and the transformation of the pipeline, SUSE conducts cloud-appropriate analysis of the customer’s existing business systems, and adopts different solutions and strategies for migrating to the cloud for different types of business applications. Xinyan business applications are developed using the microservice architecture, and the K8s cluster released using the above-mentioned CI/CD pipeline uses the Istio capability. To purchase a new external application, the manufacturer is required to deliver the application in the form of a chart package, which can be placed in the application store for deployment. Existing self-developed business applications are containerized according to application priority, and are gradually migrated to the cloud.
- After the construction of the PaaS platform is completed, the customer quickly builds K8s clusters in different environments through SUSE Rancher, which reduces the preparation time of the basic environment and ensures the consistency of the environment; by quickly adding servers to the cluster to expand the resource pool, the PaaS platform is flexible Ability to expand.
- Based on the GPU shared scheduling capability of SUSE Rancher, multiple applications can use one GPU at the same time, making full use of hardware resources and reducing usage costs.
- With the help of a complete cloud migration strategy and pipeline process, customers can quickly publish services to K8s clusters, reducing manual operations and realizing end-to-end automated delivery capabilities.
- The containerization and micro-service transformation of the business system can strongly support the rapid update and iteration of business modules and quickly respond to diverse market needs.
- With the help of Istio’s micro-service capabilities, it realizes diversified management of traffic, accurately monitors service status, easily responds to application failures, and quickly performs application optimization.