You ask me: container (1)

Time:2020-7-26

In the digital era, the huge advantages brought by the digital economy make enterprises constantly move forward to digital transformation. Enterprises are facing urgent transformation and upgrading in the fields of IT infrastructure construction and mixed cloud management, and encounter many problems and problems in this process. As a domestic cloud computing PAAS technology center and multi cloud management service provider supporting the digital transformation of enterprises, Boyun always pays attention to and deeply understands the needs of enterprise IT construction.

This week, BoCloud Bo Yun will open the official account of WeChat public. You will collect and sort out the problems and problems that IT encountered in the construction of IT. We will provide targeted answers to the products and technology teams of the cloud and publish them every Friday. No matter what industry you are an it builder, if you have problems in container cloud platform construction, microservice architecture transformation, Devops platform construction, multi cloud management platform construction and other technical aspects, you are welcome to comment directly and ask questions.

Here’s a selection of this week’s questions:

01

Netizen 1: how can container platform, microservice platform and Devops platform be integrated in an orderly manner when planning and constructing?

Boyun product team:Container platform, microservice platform and Devops platform are currently the focus of IT system planning and construction. Some functions of the three platforms overlap. For example, the container platform itself has the function of CI / CD. How can we standardize it during construction, What is the emphasis of each platform when it is constructed separately, how to divide the boundary of each platform, and how to connect the three platforms seamlessly? We suggest: 1. Container platform and service governance are the same in the following dimensions, so they need to be managed in a unified way: ① application management; ② service management; ③ instance management; ④ aggregation management; adopt unified authority center management, with flexible setting of data authority and operation authority, so as to define product form and management scope with user + permission. Platform management focuses on resource management, while tenant management focuses on application management and service governance. 2. In the process of Devops construction, it is necessary to combine the self-development and operation and maintenance process of the enterprise, and in the process of combining container cloud and micro service governance platform, more attention should be paid to the scenarios to be realized in the overall Devops process, rather than just considering CI / CD.

02

Netizen 2: in the private cloud, how to divide the security area in the container environment, and whether to set up the DMZ area?

Boyun product team:Consider deploying multiple container clusters to set up different regions. When the test environment and the production environment are completely isolated, the DMZ area can be considered to realize the mirror image flow that may be needed.

03

Netizen 3: how to build group container cloud? What are the suggestions on product selection and standards?

Our group is a large-scale central enterprise with many business sectors, including financial sector (banking, securities, insurance, etc.), real estate sector, transportation and logistics sector, industrial sector, etc. financial sector it is relatively independent. In the implementation of digital transformation, the group proposed the construction of two platforms and one system: cloud platform, big data platform and data governance system. The construction of cloud platform is the foundation and the base of the group’s digital transformation. The focus of cloud platform construction is PAAS platform. According to the characteristics and current situation of the group’s informatization, the comprehensive management and control system of the headquarters and the business systems of the subordinate companies basically adopt the mature product suite purchased from the third party. This is completely cloud like and not realistic, and needs the product support of the third-party manufacturers.

As for the construction of container cloud, it has just started in the traditional industry. There are different understandings about container cloud construction

First, it is unrealistic to research completely and the resources are not well allocated;

Second, using the container cloud platform, the industry’s software providers have few products to support container development.

Based on such a scenario, how to build a group container cloud? Can k8s + docker meet the future cloud demand? The PAAS platform in the industry lacks a unified standard, and the component-based supply mode of products from various manufacturers is not mature (the component-based output is the ability, which is transplanted to its own PAAS platform). What are some good suggestions on product selection and standards? Is it necessary for traditional applications to be partitioned into microservices to the container cloud?

Boyun product team: in considering the selection of the third-party container cloud platform, there are many complex factors, including technical and non-technical, and different organizations have different situations. We also suggest that the following dimensions should be considered:

1. What are the production case applications of container cloud, whether the platform production level capability has been validated for a long time, the customization ability of the third-party team, the technology empowerment of the third-party team and the ability to cultivate for your company’s team. 2. In terms of technology, what is the contribution of open source and whether the underlying control is strong enough.

Combined with the current situation of your enterprise, when investigating the PAAS platform, we suggest that we not only pay attention to the container cloud platform, but also pay attention to whether there is a microservice governance platform and the experience and ability of microservice splitting consultation in PAAS platform.

The container cloud platform can focus on whether it has multi cluster, multi tenant system, unified authentication capability, cicd capability, container and non containerized life cycle unified management capability, middleware integration capability, network solution compliance with your company’s networking, security scheme, Devops capability, application containerization implementation capability, docking and integration ability with your existing system, and infrastructure The integration ability of Shi.

The microservice governance platform can focus on whether the supported microservice architecture is consistent with the architecture adopted by your company, the performance of components, and the analysis ability of full link call chain.

PAAS cloud platform not only needs to interact with the underlying infrastructure, but also supports top-level applications. It involves a wide range of aspects and coverage. Therefore, comprehensive consideration should be given to the combination of existing equipment and processes in the construction process. The above contents are only for reference.

04

Netizen 4: the financial industry has strict requirements on network supervision and network isolation, while the container advocates flattening. How to consider network security and isolation?

Boyun product team:With the help of network namespace, each container collection can obtain its own IP and port range to be bound, so that the container set network on the node can be separated from each other; the container platform that controls the export traffic by means of router or firewall can be used to control (such as controlling database access) by using IP whitelist. SDN idea, based on the two-layer network solution, the internal and external networks of the cluster are connected, the container is restarted, the IP address is fixed, the service is issued by the specified IP address, the control plane data plane is separated, and the network is isolated.

05

Netizen 5: how to solve the network and SDN problems after the combination of traditional architecture mode and cloud and docker mode?

Boyun product team:Two layer network can be used to solve the problem of docking with SDN network. We have had in-depth communication with a number of customers. The mainstream CNI plug-ins in the market do not support the customer’s needs well, and it is difficult to meet all kinds of network needs at the same time. It is mainly reflected in the problems of internal and external network interworking, management business network separation, flexible network isolation mechanism, easy operation and maintenance management and debugging. We have developed a kubernetes based on openvswitch (OVS) CNI plug-in to solve these pain points. The reason for choosing OVS is that in the mainstream two-layer network solutions bridge, macvlan and OVS, the functions of OVS are more abundant. At the same time, it has a large number of applications in the mainstream cloud technology platform, which has undergone enough tests. Our solution is simple and easy to use, supports underlay mode, supports fixed IP address, and has low performance loss. It focuses on solving the problem of direct communication between inside and outside the cluster in the cloud process of microservices, which can greatly reduce the complexity of enterprise landing container cloud platform. The change of infrastructure from virtualization to containerization is almost imperceptible after business migration to container cloud. This deployment mode can well support the deployment of middleware and database outside the kubernetes cluster, the application running in the kubernetes cluster, or the microservice system registry deployed in the virtual machine environment, but the microservices are deployed across the internal and external clusters, and other scenarios that require direct communication between the internal and external kubernetes.

For details, please refer to:

With so many container network plug-ins, why is Boyun deeply self-developed based on OVS?

Why should we develop a stable and reliable container network

Click bocloud_ To innovate cloud technology for efficiency and to obtain more product and case information.

Recommended Today

SQL exercise 20 – Modeling & Reporting

This blog is used to review and sort out the common topic modeling architecture, analysis oriented architecture and integration topic reports in data warehouse. I have uploaded these reports to GitHub. If you are interested, you can have a lookAddress:https://github.com/nino-laiqiu/TiTanI recorded a relatively complete development process in my hexo blog deployed on GitHub. You can […]