On August 16-17, the influential domestic open source event 2020 OpenInfra Days China hosted by the OpenStack Foundation was held online. This conference focused on "intelligent open source infrastructure", and launched discussions and technical prospects on the evolution of infrastructure around application scenarios such as artificial intelligence, machine learning, 5G, and container infrastructure, hardware automation, networks and storage. The conference invited technical experts and senior industry leaders from the global community to share the outlook and exploration paths of global frontier infrastructure technologies.
At this conference, Queen Ming Wang, container architect and product line leader of EasyStack, brought the theme of "Kubernetes and OpenStack 1+1 greater than 2 to build a new generation of private cloud and container cloud", shared the best practices of hundreds of enterprise customers, shared how to combine the advantages of the two to build an evolving new generation of private cloud, how to make full use of OpenStack's cloud infrastructure capabilities, and provide users with Kubernetes container cloud capabilities.
Currently, customers are facing numerous challenges when building a new generation of private clouds or container clouds: First, they cannot continue to evolve and acquire new cloud capabilities. With the increasing acceptance of multi-cloud by customers, more and more different platforms of x86 and non-x86 are used in customer IT resources, but customers cannot manage heterogeneous CPU resource pools in a unified manner. In addition, the customer’s private cloud and container cloud are often built separately, and the unified orchestration of different business loads of containers, virtual machines, and bare metal cannot be realized. Different semantic models are required for management, and the storage, network, and network of the IaaS and PaaS layers cannot be connected. The user and permission system cannot guarantee the security of cloud native applications under multi-tenancy.
OpenStack, as the de facto standard for private clouds, has powerful infrastructure management capabilities; Kubernetes, as the unified control plane of the data center, has powerful application management capabilities. When building a new generation of private cloud and a new generation of container cloud, Easy Cloud has achieved Kubernetes and OpenStack 1+1 greater than 2. Each new generation of private cloud ECS is born a set of Kubernetes clusters, bringing customers a new experience , At present, the new generation of private cloud ECS has served more than 1,000 domestic and foreign large and medium-sized enterprises, with tens of thousands of nodes deployed.
1. Unified architecture, supporting control plane and cloud native services at the same time
Use Kubernetes to unify the IaaS platform and PaaS platform infrastructure. Kubernetes not only supports cloud platform control plane services, but also provides users with self-built Kubernetes container clusters that can be managed throughout the life cycle to support users' cloud native services.
The supervisor cluster (EOS, EasyStack Orchestration Service) constructed by EasyStack Cloud is not only a control plane management cluster, which can run on bare metal servers, orchestrating the management control plane to provide cloud infrastructure, but also a user service cluster (EKS, EasyStack Kubernetes Service). Meta clusters can run on cloud hosts to help users make full use of cloud infrastructure capabilities.
2. Realize the evolution of a new generation of private cloud based on Kubernetes
EasyStack ECS, a new generation of private cloud, is based on a safe, stable, and efficient new-generation data center distributed cloud operating system. Through an integrated and scenario-based design concept, the platform and the service are separated, realizing the evolution of the entire platform Capabilities, including evolving product form, evolving service capabilities, and evolving support scenarios.
All control plane services of ECS's new-generation private cloud ECS are cloud-native and continuously updated to make the evolution process smooth and uninterrupted. Based on evolvable core features, private clouds can evolve into container cloud capabilities, which are constantly changing with the development of customer business forms.
3. Create a multi-cloud heterogeneous management platform for heterogeneous CPU architecture
With the general trend of localization and the increasing acceptance of multi-cloud by customers, more and more applications in customer IT resources will run on both x86 and non-x86 platforms. Different architecture resource pools need to be optimized and run independently. Easy Cloud Application Kubernetes accesses the cloud platform with a unified authority system, reuses cloud infrastructure capabilities such as mirror warehouses, stable, reliable and high-performance storage, uniformly distributes and schedules applications, and realizes unified management of heterogeneous CPU architecture.
4. Full plane orchestration realizes unified management of IaaS platform and container
Realizing unified management between private cloud and container cloud and direct network connection between different loads is an urgent need of current customers. Ejet Cloud uses a unified declarative management method to integrate virtual machines, bare metal and other services into the Kubernetes ecosystem in the CRD+ Operator mode, so that virtual machines/bare metals can also be cloud-native, making full use of the cloud infrastructure provided The full-plane unified network solution realizes VPC isolation of different tenants and direct access to Layer 2 in the subnet.
The core behind the realization of unified management of different business loads is the use of Kubernetes' Declarative API + controller principle. The Kubernetes API is declarative rather than imperative, which makes it very convenient for Kubernetes to access different business ecosystems. The CRD+ Operator mode is used to open up and unify the north-south and east-west interfaces at the same time: unified access specifications for the south and unified integration interfaces for the north , The east-west direction fully reuses the list-watch mechanism and connects with Kubernetes core resources and control logic.
5. Security enhancement, introducing cloud host-level security isolation mechanism into containers
By introducing the cloud host-level security isolation mechanism into the container, the new generation of container cloud has the convenience of containers and the cloud host-level security isolation capability, providing the ultimate container experience. Its core is a deeply optimized cloud operating system and virtualization components, which eliminates the need for nested containers inside the cloud host, improving performance and reducing losses.
6. OpenStack cloud infrastructure provides Kubernetes with a unified permission system, unified network, and unified storage
The development of Kubernetes requires the integration of OpenStack cloud infrastructure capabilities. For example, relying on OpenStack Neutron can provide an SDN network solution for Kubernetes, use Neutron to uniformly manage the network of the container platform and the OpenStack platform, realize the direct connection between the container and the container, and between the container and the VM, and the bare metal. It can also connect the advanced Neutron Features are introduced into the container network, such as security group, FloatingIP, QoS, LBaaS, FWaaS, VPNaaS, etc. In addition, it can also rely on OpenStack Cinder/Manila to provide storage solutions, and rely on OpenStack Keystone to achieve unified permissions and secure isolation between tenants.
Kubernetes and OpenStack have complementary advantages, fully integrate and give play to their respective advantages, and can form an effect of 1+1>2. When building a new generation of private cloud and container cloud, Easy Cloud fully integrates the advantages of the two, uses Kubernetes to unify the IaaS platform and PaaS platform infrastructure, and integrates services such as virtual machines and bare metal into Kubernetes in the CRD+ Operator mode Ecosystem allows virtual machines/bare metals to be cloud-native; OpenStack is used to provide Kubernetes with a unified permission system, unified network solution, and unified storage. In summary, OpenStack cloud infrastructure needs to integrate Kubernetes capabilities, and Kubernetes also needs to integrate OpenStack cloud infrastructure, and the two 1+1 achieve an effect greater than 2.
Articles above are taken from source below. For the complete version of the article please click link: