Author: Liu Dapeng (Rain Mirror)

preface

The era of cloud native technology has come, cloud native technology is reshaping the entire software life cycle, Alibaba is one of the earliest layout of cloud native technology companies in China.

The container service team has helped many users successfully migrate their business cloud to the cloud in the past few years. Some of them are now our TOP10 customers, and some of them are overseas users who need to start business in China. Some of them are users who migrated from other cloud manufacturers, and some of them are users who migrated to the cloud from IDC. And more and more users are asking for advice on how to adapt their applications to the cloud and how to smoothly migrate their business to the cloud. Each user’s business scenario is different, and some differentiated business scenarios also have some customization requirements for container platforms. When we help these users to implement cloud relocation solutions, we also keep thinking about how to precipitate some common things in these cases. Summarize some good solutions, best practices, and develop tools to help users move to the cloud quickly. These solutions, best practices, and migrating cloud tools are what today’s article is about.

There are at least three questions we must answer before we can help our users implement their cloud relocation plans:

(1) How ACK (Alibaba cloud container service Kubernetes) can ensure the reliability, stability, security and flexibility of user business;

(2) How to design a cloud migration scheme to smoothly migrate services to ACK;

(3) How to further adapt the application to match the more powerful extension capability provided by ACK.

How does ACK ensure the reliability, stability, security and flexibility of user services

First of all, ACK is based on the reliable and stable IaaS platform of Ali Cloud, which has the biggest advantages of flexibility, low cost and global access. Second, ACK itself is under the security architecture of Ali Cloud and has full-dimensional security reinforcement for container cluster from infrastructure to container runtime environment. In the past few years, we have well supported the business operation of hundreds of large and small enterprises, and we have a large number of user experience summarized and verified by double 11. Other than that. ACK is based on the standard Kubernetes, the user is closely related to the ability to do a significant improvement, users do not need to worry about being bound to a particular vendor.

In our past cases to help users on the business cloud, the vast majority of self-built Kubernetes cluster migration to ACK cluster, compared with self-built Kubernetes cluster, ACK in cost, flexibility, IaaS high convergence, performance, security hardening and practical experience have very huge advantages.

In addition, ACK is consistent with all regions of Ali Cloud. In addition to many regions in China, ACK has services in Southeast Asia, the Middle East, Europe, the East and west of the United States, which can fully meet the needs of users to carry out global business.

Overall cloud relocation scheme design

Migrating user services to the cloud involves cluster planning, data relocation, monitoring switchover, log switchover, and production traffic switchover or network connection.

What components, data and services are involved in moving cloud to ACK are all designed before moving cloud to ACK.

Firstly, cluster planning is required. Users need to choose different machine types according to their own business scenarios, such as CPU machine or GPU machine, virtual server ECS or DpCA bare Metal server, etc.

Secondly, network planning involves the choice of VPC Intranet network or classical network for container cluster infrastructure, and whether the communication mode between PODS in a cluster is Flannel mode or Terway mode.

In the capacity planning part, you can plan a capacity that can meet the normal operation of initial services based on your own cost and budget. Then you can configure the dynamic capacity expansion to reduce the cluster scale at any time.

The fourth part of security protection promotion includes infrastructure security such as setting reasonable security group rules, image security such as using private images and defining image security scanning, Kubernetes application security management such as setting network security policies for mutual access between different services, etc.

Fifth in the monitoring switch this part relative to the user built Kubernetes will be more full dimension and three-dimensional, from the infrastructure to the container running monitoring, and can be set according to the threshold trigger alarm notification; Generally, users will also switch their self-built log collection scheme to the enterprise-level log product SLS on Ali Cloud.

Sixth, data migration is a very important part, including database data, storage data, container mirror, etc. We will connect with ali Cloud enterprise-level products and migration tools to complete data migration, in order to ensure the reliability and security of data migration to the cloud. Currently, the backup center supports migration of data from the cloud to ACK on the cloud. You can use the backup center to migrate applications and data to ACK.

At last, the application transformation mainly involves the update of mirror address, the optimization of service exposure mode and the update and adaptation of storage disk mount mode. In addition, it is necessary to provide a CICD scheme that can satisfy users to quickly iterate online products. After the debugging of the above components, we can switch part of the production flow.

The above steps, from cluster planning to production traffic switching, are the overall steps involved in user service migration to the cloud.

We provide an enterprise containerized lifecycle model, which is divided by time phases and business roles on the user side. For example, the business architect role needs to be concerned with what value the cloud can bring to the company on the business side, and what optimizations it can bring to the TCO and scenarios. Whether the cloud platform can meet current service requirements in terms of security, computing, storage, and network capabilities; The IT architect is responsible for planning the cluster capacity and size required by the current business and network selection, and IT is left to the system administrator and application administrator to implement the details of the cloud solution. The main core focus of this model is to make users’ businesses more stable, less costly, and more efficient behind the cloud.

There are two kinds of cloud architecture ideas for full stack migration, one is overall migration and the other is smooth migration. Overall migration means that after all applications are migrated to the cloud and all components are debugged and accepted, production traffic can be switched over to the online cluster. After services in the online cluster run stably for a period of time, the original environment can be offline again. Smooth migration means that users can use the online ACK cluster to accept the nodes under the pipeline, or the online cluster and offline cluster mixed networking to provide services externally, and gradually transform the cloud on the service components and move the original environment offline. Compared with the two methods, the overall migration is simpler. Smooth migration has a complex noise but has little impact on services. Therefore, you need to make a choice based on the actual scenarios of users.

Containerized whole move cloud this part also has two small scenarios, one is the user from the self-built Kubernetes cluster migration to ACK, under this scenario the user application has done a large part of the cloud original biochemical transformation, migration work will be relatively simple, and part of the user application is the traditional application, It runs directly on virtual machines or bare-metal servers without any cloud biotransformation. For this part of the scene, we also provide relevant tools or solutions to help users perform cloud transformation. For example, using the Derrick project, you can automatically detect source project types and generate dockerfiles and YAML files for application deployment choreography.

In order to help users improve the efficiency of cloud migration, we continue to accumulate and open source some cloud migration tools and products. Biack – image-Builder provides users with templates for creating custom images of ACK cluster nodes and verifies whether the custom images meet the REQUIREMENTS of ACK cluster through the verification module. Sync-repo can help users quickly complete batch migration of container images to ACR (Container Image Repository Service). The backup center provides a one-stop solution for backup, recovery, and migration of stateless or stateful applications, especially for hybrid cloud and multi-cluster stateful applications, providing data disaster recovery and application migration capabilities. Can help users quickly other cloud vendors or self-built Kubernetes cluster under the complete application and PV data migration to ACK cluster, and support a variety of cloud storage types.

The main steps for migrating an existing Kubernetes cluster through a backup center are as follows:

  1. Create clusters in offline Kubernetes (for example, Rancher clusters) and connect offline clusters to registered clusters. For details, see Creating a Registered Cluster and Connecting it to the Local DATA Center Cluster.

  2. A managed version cluster is created on the cloud through ACK to deploy backup service components.

  3. Install backup components in the managed cluster (registered cluster) and back up the applications and PV data of the offline cluster through the backup center. For details, see Creating a Backup Task.

  4. In the ACK cluster on the cloud, the backup center backs up applications and data under the cloud and restores data on the cloud.

In the data migration part, reliable migration is the key. Currently, the backup center supports the following types of cloud storage:

  • Data center local block storage SAN, Ceph OBD and local LVM.

  • Data center file systems include HostPath, NFS, NetApp, GlusterFS, and CephFS.

  • Data center local object storage Ceph S3.

Through the backup center, Kubernetes applications and PV data under the cloud can be migrated to THE ACK cluster to achieve smooth biochemical transformation of cloud origin.

After migrating data and applications to the cloud, you need to adapt monitoring and log components. After commissioning and acceptance of each component, you can use the intelligent DNS to cut production traffic.

Apply retrofit and optimization

For the application transformation and optimization of this part, Kubernetes to Kubernetes scenario, need to optimize is to adapt to automatic capacity expansion and other self-built Kubernetes do not have those capabilities, in the traditional application migration to ACK scenario, this part of the workload will be more. Therefore, we also output some solutions for this scenario. For example, we integrate the user’s traditional application environment, usually virtual machine or naked machine environment, into the Istio grid of online ACK deployment, and gradually transform the application until all services are switched to online ACK cluster.

In the process of gradual application transformation, how to containerize the application, how to migrate the network environment and how to migrate data will be involved. For containerization of the application, we can use SMC to move the cloud center to complete the process of converting virtual machines into container images. CoreDNS PrivateZone processes IP addresses and DNS domain names to keep the original logical IP addresses and domain names unchanged. Istio implements network virtual routing and observability management.

Case and Summary

Finally, some cases of cloud migration are listed, including users with special requirements for high-performance network, users with large-scale GPU machines for deep learning-related businesses, and users with bare metal servers.

These different business scenarios of different users in the cloud moved the original biochemical cloud schemes on the design and implementation of all have their own different, is not the same, requires a combination of an ACK team settle best practices to assess and plan quickly, and with the help of the existing a series of moving cloud tools quickly complete business cloud from the offline migration process.

other

Ack-image-builder enables users to create customized images that meet the requirements of ACK cluster nodes

Sync-repo can help users quickly complete batch migration of container images to ACR (Container Image Repository Service)

Cross-cluster Recovery Kunbernetes Application Backup Center helps users quickly migrate complete applications from other cloud vendors or self-built Kubernetes clusters to ACK clusters

A link to the

1) ACK (Alibaba Cloud container Service Kubernetes) :

Cs.console.aliyun.com/?spm=a2c6h….

Derrick: 2)

Github.com/alibaba/der…

3) ack – image – builder:

Github.com/AliyunConta…

4) the sync – repo:

Github.com/AliyunConta…

5) ACR (Container Image Warehouse Service)

Cr.console.aliyun.com/cn-hangzhou…

6) Backup center

Help.aliyun.com/document_de…

7) Rancher cluster

Rancher.com/docs/ranche…

8) Create a registered cluster and connect it to the local DATA center cluster

Help.aliyun.com/document_de…

9) Create a backup task

Help.aliyun.com/document_de…

10) ack – image – builder

Github.com/AliyunConta…

11) the sync – repo

Github.com/AliyunConta…

12) ACR (Container Image Warehouse Service)

Cr.console.aliyun.com/cn-hangzhou…

13) Restore the Kunbernetes application across clusters

Help.aliyun.com/document_de…

👇👇 Click here to view container Services ACK product details!

The recent hot

Cloud Native accelerator, here for you

Waiting for you! Click on the image below to learn more