On June 24th, 2020, the CNCF TOC board voted to admit several new projects into the Sandbox family. There are three stages defined by CNCF based on maturity of a project: Sandbox, Incubation and Graduation. Sandbox is the beginning and probation stage of an open source project. Projects entering Sandbox cannot claim themselves to be "CNCF Project" yet.
In the past, it was quite hard to be admitted into Sandbox. Recently, things have changed. The CNCF TOC has decided to lower the barrier to enter Sandbox while raising the bar at Incubation. As a result, we see many projects swamp into CNCF Sandbox.
The newly admitted projects are quite diverse in cloud native landscaping and are focusing on production use cases. Here are a few examples:
Crossplane manages infrastructure for your platform. It is the official implementation of OAM (open application model). The major advantage of Crossplane over other infrastructure provision projects such as Terraform is that Crossplane enables workload portability across different cloud providers. I.e., you are able to provision a resource on Azure and access it from Alibaba Cloud.
Kuma is yet another service mesh project by Kong. To be more specific, it is the control plane of service mesh. It's a light weight service mesh like Linkerd. Unlike Linkerd, the data plane is Envoy, the same as Istio. Kuma can work on both Kubernetes and VMs, which reminds people of the AWS App Mesh.
Dex also enters very crowded CNCF area: security. The projects already in the same landscape include ORY Hydra, Keycloak and Gluu, etc. Dex is relatively lightweight. It doesn't support username/passwords authentication but does federated logins pretty well. It focuses on using OpenID to authenticate on Kubernetes.
Cloud Custodian is a stateless rules engine for cloud audit, management, and governance. It is sponsored by Capital One. Cloud Custodian started as an AWS resource management tool. Now it has grown into a federated management tool across different cloud vendors.
There are two networking projects getting into the Sandbox. BFE is an open-source layer 7 load balancer derived from proprietary Baidu FrontEnd. The competition in this section includes Nginx, Envoy and Traefik. Another project is CNI-Genie. It is a multi-networking plugin for Kubernetes. CNI-Genie allows user to decide which CNI implementation to use at run time instead of cluster creation time.
There are a few other projects not covered here. It's quite exciting to see so many projects joining CNCF Sandbox as well as the maturity of Cloud native adoption.
OpenYurt has been accepted into CNCF sandbox, marking Alibaba's achievement in integrating container and edge computing technologies.
In the era of IoT, more and more users prefer to process data at the edge instead of transferring it back to the data center. By doing so, users can save both time and networking costs. However edge computing brings its own challenges.
The major difficulty is with networking, and it comes in two-fold. The first challenge is quite obvious: The networking from edge to data center is less stable than that inside the data center. The current Kubernetes health check and synchronization mechanism assumes stable networking. The second challenge is the operational complexities. For example, most data centers have ingress firewalls.
So how can we ensure the connections initiated by edge worker nodes to the API server will not get rejected? A more complicated situation is how can we support edge workload lifecycle management, rolling updates and auto scaling when the workloads are scattered over different geo locations? These challenges are beyond the scopes of upstream Kubernetes.
At Alibaba cloud, we seize this opportunity and offer the market ACK@edge, an edge computing product built on top of Kubernetes. It enhances the edge and data center synchronization. Its main features include: Work node autonomy to deal with the unstable networking. Edge tunnel to ensure secure and reverse communication between the edge worker node and the data center. ACK@edge has been widely adopted into different use cases such as video streaming, AI and IoT data processing.
To benefit the community, a little while ago we decided to open source the core technology of the ACK@edge product to the public. And that's how OpenYurt was born. We are committed that the commercial product will use the same upstream OpenYurt code base.
Recently, CNCF has adopted several edge computing projects into its inventory. That's an indication that cloud native edge computing is gaining momentum. Compared to other projects, OpenYurt is 100% compatible with upstream Kubernetes. It doesn't change any upstream code. Instead, all the features are added on to the upstream Kubernetes. So users can easily convert back and forth between an OpenYurt cluster and a regular Kuberntes cluster. Another difference is an OpenYurt cluster has control planes in the data center and (some) worker nodes at the edge. The edge worker nodes can be either X86 or ARM architecture. But they are normal computer servers nonetheless.
This article provides an overview of the Dragonfly project and discusses how it is promoted from a sandbox level project to a CNCF incubation project.
Dragonfly is a cloud-native open-source image and file distribution system developed by Alibaba Cloud to solve cloud-native image distribution in Kubernetes-centered applications. Recently, the Technical Oversight Committee (TOC) of the Cloud Native Computing Foundation (CNCF) voted to promote Dragonfly as the incubation project.
In October 2018, Dragonfly officially became a CNCF sandbox level project and started its cloud-native journey to help users improve the experience of distributing images and files in Kubernetes. It allows enterprise engineers to focus on applications rather than infrastructure management. To learn more about Dragonfly, click here.
According to Yi Li, a senior technical expert at Alibaba Cloud, "as one of the key technologies across the container platform in the Alibaba ecosystem, Dragonfly supports the deployment and delivery of billions of application services every year and is used by many enterprises and customers around the world. Alibaba looks forward to continuously improving Dragonfly to make it more efficient and easier to use."
Dragonfly is designed to solve distribution problems in cloud-native scenarios. The project consists of the following three key parts:
In the words of TOC member and project sponsor, Dr. Liang Sheng, "Dragonfly improves the efficiency of image and file distribution by using P2P technologies and improves user experience by reducing the network load of the image warehouse. As organizations around the world migrate workloads to container stacks, we expect Dragonfly adoption to keep on increasing significantly."
Dragonfly is currently integrated with other CNCF projects, including Prometheus, Containerd, Harbor, Kubernetes, and Helm. The maintainers of the project come from Alibaba, ByteDance, eBay, and Meitu. The project contributors come from more than 20 companies, including Walmart, VMware, and NVIDIA.
Since entering the CNCF sandbox stage, Dragonfly has grown rapidly in various industries, including e-commerce, telecommunications, finance, and the Internet. It is also used by various customers, including Alibaba, China Mobile, Shopee, Bilibili, Ant Financial, Huya, and Didi.
China Mobile Zhejiang branch has adopted Dragonfly in the production environment for more than three years, involving more than 1,000 physical computers. Currently, they are running more than 200 business systems and 1,700 application modules on Dragonfly.
Shopee is a Singapore E-commerce platform under the Sea Group with its business across Malaysia, Thailand, Taiwan, Indonesia, Vietnam, and the Philippines, and offers customers a simple, secure, and fast way to shop online. Shopee has used Dragonfly for more than one year in the production environment, involving more than 10,000 physical machines.
The Chinese video comment website, Bilibili, has adopted Dragonfly in the test and production environments of more than 3,900 machines. Furthermore, engineers from Bilibili work with and make contributions to the Dragonfly community on registry verification and stability.
Alibaba Cloud Container Registry Enterprise Edition (ACR EE) is a leading cloud-native asset management platform in China. It provides secure management and efficient distribution of products such as Docker or OCI images and Helm charts. It is widely used by top enterprises in many industries. In combination with Dragonfly's large-scale image distribution capability, ACR EE ensures rapid scaling and deployment of customers' container services. The ACR team works with the community to promote Dragonfly's continuous optimization based on enterprise cloud-native scenarios and cloud environments.
One-stop management console simplifies operations including domain name resolution, application deployment and server management.
Alibaba Cloud ECS provides the highest SLA commitment for both single instance and multple instances in multiple availability zones among the top cloud providers worldwide.
Containers and serverless programming improve efficiency in software delivery and deployment. The evolution of the standard architecture includes the following changes:
The standard architecture becomes more elastic due to these changes. However, these changes also pose more challenges to operations and maintenance (O&M) and diagnostics. To address this issue, a series of development and operations (DevOps)-oriented diagnostic and analysis systems emerge. These systems include centralized logging systems, centralized metrics systems, and distributed tracing systems.
In addition to Jaeger, Alibaba Cloud also supports the OpenTracing link tracing service Tracing Analysis.
Kubernetes is a popular orchestration technology for open-source containers.Publication of applications with Kubernetes offers unique management advantages. For more information, see Kubernetes documentation.The Container Service Kubernetes clusters provided by Alibaba Cloud have passed CNCF standardized tests and can operate stably while integrated with other Alibaba Cloud products, such as SLB and Network Attached Storage (NAS).
After creating a Kubernetes cluster in Container Service and importing it to EDAS,you can use image, WAR and JAR to deploy applications in the Container Service Kubernetes cluster from EDAS console.
This course is designed to help IT companies that want to containerize business applications, as well as cloud computing engineers and operations & maintenance engineers who want to understand and learn how to diagnose problems and monitor the containerized application. By learning this course, you can fully understand what the problem diagnosis of containerized applications is, the common problems of containerized applications, the basic workflow of diagnosing problems, the monitoring scheme and common tools of containerized applications, and the visual monitoring scheme based on Alibaba Cloud Container Service.
This course aims to help IT companies who want to container their business applications, and cloud computing engineers or enthusiasts who want to learn container technology and Kubernetes. By learning this course, you can fully understand what Kubernetes is, why we need Kubernetes, the basic architecture of Kubernetes, some core concepts and terms of Kubernetes, and how to build a Kubernetes cluster on the Alibaba cloud platform, so as to provide reference for the evaluation, design and implementation of application containerization.
Alibaba Developer - September 16, 2020
Alibaba Developer - February 9, 2021
Alibaba Developer - February 26, 2020
Alibaba Developer - September 16, 2020
Alibaba Clouder - April 12, 2021
Alibaba Cloud Serverless - February 17, 2023
More Posts by Alibaba Clouder