Part 2 of this 2-part series introduces hybrid cloud/multi-cloud deployment using Alibaba Cloud Distributed Cloud Container Platform (ACK One).
The Japanese market is a highly competitive marketplace for cloud infrastructure vendors, but nearly 30% of the Japanese domestic market is still on-premises.
Here are some what-ifs:
These what-ifs sound like pipe dreams, but several products or services have already made them a reality. Alibaba Cloud ACK One is one of those services that makes the what-ifs above a reality. This article introduces ACK One.
In this article, the definition of hybrid/multi-cloud refers to "to combine multiple public clouds and on-premises networks to operate them as a centralized service infrastructure (common infrastructure).”
Alibaba Cloud ACK One is a service that supports hybrid cloud/multi-cloud environments based on Kubernetes. Flexible configuration of multi-clusters across different environments is supported because ACK One centrally manages the Kubernetes clusters of AWS, Azure, Google Cloud, and on-premises data centers using the fully managed Kubernetes service, Alibaba Cloud Container Service for Kubernetes (ACK). With Kubernetes, you can operate ACK One based on ACK (even on other clouds or on-premises data centers) by simply logging on to the destination Kubernetes clusters in ACK One.
Alibaba Cloud ACK One product service has the following features:
ACK One provides centralized management of Kubernetes clusters deployed on the cloud, at the edge, or in data centers. This ensures a consistent user experience when managing cloud-native applications in different environments based on Alibaba Cloud-standard best practices. Also, you can centrally implement security measures and cost-reduction plans.
ACK One allows you to manage the scheduling and distribution of jobs and job quotas for different tenants in multi-environment scenarios in a centralized manner. This improves resource utilization, enables data exchange between heterogeneous data sources in different regions, and accelerates AI computing and big data computing.
ACK One allows you to back up, restore, and migrate data. This enables cross-region cluster redundancy and ensures service continuity based on an active-active application architecture.
ACK One provides security policies for applications in hybrid cloud and multi-cluster scenarios. ACK One performs inspections to detect configuration risks and security vulnerabilities.
ACK One provides a distributed application delivery system that allows you to deploy applications across regions and clusters. This way, you can access the required applications from the closest access point in all regions.
ACK One allows you to manage north-south and east-west traffic in multi-cluster and multi-region scenarios based on Alibaba Cloud standard best practices. Also, ACK One offers Alibaba Cloud Service Mesh (ASM) to manage the traffic of microservices. This feature is compatible with Istio.
This feature provides Alibaba Cloud services and cloud-native components validated by ACK One. You can deploy the services and components to a region or cluster with a few clicks.
As of October 28, 2022, ACK One is available in the following four regions: China (Hong Kong), Singapore, Indonesia (Jakarta), and Japan (Tokyo)
ACK One paved the way for hybrid cloud and multi-cloud, so we can implement what we have been able to do on the cloud or on-premises in a cheaper and easier way and achieve what we could not do before.
For example, we can perform the following operations:
Depending on the feature configurations, policies, and manifest files, you can freely switch between the development, staging, and production environments and switch between on-premises and cloud environments based on the environments where you want to deploy applications.
Build a three-tier web service with Kubernetes clusters offered by Alibaba Cloud and Azure. Global Traffic Management (GTM) manages the Kubernetes cluster in the event of failure by starting it and automatically switching it over while constantly checking its health. Data in the data layer (such as database) is replicated between Relational Database Service (RDS) instances using Data Transmission Service (DTS).
Automatic deployment, centralized control, O&M of applications on the public cloud and on-premises environment
Deploy and configure databases (such as TiDB, YugabyteDB, and CockroachDB) on multi-cloud OLTP distributed databases.
Additionally, it is possible to create various solutions with ACK One that could not be accomplished with a single cloud or on-premises platform.
For example, using the services of Azure Kubernetes Service (AKS), we are developing a machine learning model with Kubeflow, but:
By integrating AKS, ACK, and ACK One, you can solve the following Azure-specific issues through mutual collaboration:
Alibaba Cloud ACK One can be used as a stepping stone to achieve multi-cloud approaches of Azure and AWS.
You can solve various problems in a single environment based on the deployment of ACK One. The cost of connecting to ACK One varies (※), but you can experience the true value and worth of the cloud.
※ The total cost may be high or low depending on the scenario.
This article provides two demos:
In this demo, two Alibaba Cloud accounts are provided. This demo aims to create service access within multi-clusters across IPs and ports of the pod by connecting the two accounts with VPC peering connection and registering their Alibaba Cloud Kubernetes clusters with the ACK One cluster. The following figure shows the configuration and environment:
Demo
In this demo, Alibaba Cloud and Google Cloud are connected with VPN Gateway. After registering Alibaba Cloud Kubernetes clusters and GKE with ACK One cluster, this demo aims to demonstrate that GKE can access the ACK service by connecting to the internal network over VPN Gateway. The following figure shows the configuration and environment:
Demo
This demo proves that if ACK One is Kubernetes, you can create a hybrid cloud/multi-cloud environment by registering Kubernetes clusters with platforms (such as on-premises and public cloud platforms).
The ack-cluster-agent component is deployed in Kubernetes clusters when you register on-premises Kubernetes clusters and Kubernetes clusters of other clouds to ACK One. The ack-cluster-agent component only reads cluster version and node information from the clusters, thus eliminating potential risks. For example, a user or a service can see Kubernetes cluster information for other users or services. At the same time, the ack-cluster-agent component does not write data to the registered clusters or affect other components, thereby providing optimal isolation in terms of data security.
Security groups are configured for ACK One. If the 80/8080 port is not accessible, you cannot access the multi-cluster service. If the Kubernetes cluster deployed in a data center is registered with ACK using the public endpoint of the API server, you can control the access to the Server Load Balancer (SLB) of the API server listened on port 6443. This helps you avoid potential security risks.
Alibaba Cloud provides Security Center, which is a system that identifies, analyzes, notifies, and manages security threats on various platforms and infrastructures in real-time. Security Center can be installed and used in Kubernetes clusters registered with ACK One.
ACK One, as mentioned earlier, not only creates a hybrid cloud/multi-cloud environment, but also breaks away from cloud vendor lock-in. However, other public clouds provide similar services.
| Multi-Cloud Support | Hybrid-Cloud Support | Multi-Cluster Management | Centralized Configuration Management | Service Mesh | Fully Managed with Unified Management | |
| Alibaba Cloud ACK One | 〇 | 〇 | 〇 | 〇 | 〇 | 〇 |
| Amazon ECS/EKS Anywhere | × | △ | △ | △ | 〇 | × |
| Azure Arc | 〇 | 〇 | 〇 | 〇 | 〇 | 〇 |
| Google Cloud Anthos | 〇 | 〇 | 〇 | 〇 | 〇 | 〇 |
| Red Hat OpenShift | 〇 | 〇 | 〇 | 〇 | 〇 | 〇 |
| Rancher | 〇 | 〇 | 〇 | × | × | × |
Note:
〇 means support.
× means not support.
△ means in support but not fully done or planned for the future.
Also, the unique features of ACK One and the capability of product services (other than Alibaba Cloud) that support such features are not taken into account. Therefore, the writer plans to investigate further later.
Alibaba Cloud ACK One can link any Kubernetes platform and can control, operate, monitor, and manage several different environments in a unified manner. In addition, it provides features (such as automatic scaling) across different environments while maintaining resource balance, automatic failover, automatic backups, and cost visualization, and offering a variety of new options. ACK One is available for free during the public preview, so please try it if you are interested in ACK One. You can create a hybrid cloud/multi-cloud environment in the console with a few clicks.
*Start Hybrid Cloud and Multi-Cloud with Alibaba Cloud ACK One [Part One]:
https://www.alibabacloud.com/blog/start-hybrid-cloud-and-multi-cloud-with-alibaba-cloud-ack-one-part-one_599689
This article has been translated from SoftBank.
https://www.softbank.jp/biz/blog/cloud-technology/articles/202211/ack-one-part2/
Start Hybrid Cloud and Multi-Cloud with Alibaba Cloud ACK One [Part One]
Manage Serverless Kubernetes Clusters in Alibaba Cloud ACK One
9 posts | 0 followers
FollowHironobu Ohara - February 3, 2023
Hironobu Ohara - May 18, 2023
Alibaba Container Service - November 13, 2019
Alibaba Clouder - March 2, 2021
Hironobu Ohara - April 5, 2023
Alibaba Cloud Community - February 3, 2023
9 posts | 0 followers
Follow
Function Compute
Alibaba Cloud Function Compute is a fully-managed event-driven compute service. It allows you to focus on writing and uploading code without the need to manage infrastructure such as servers.
Learn More
Hybrid Cloud Solution
Highly reliable and secure deployment solutions for enterprises to fully experience the unique benefits of the hybrid cloud
Learn More
Elastic High Performance Computing Solution
High Performance Computing (HPC) and AI technology helps scientific research institutions to perform viral gene sequencing, conduct new drug research and development, and shorten the research and development cycle.
Learn More
Hybrid Cloud Storage
A cost-effective, efficient and easy-to-manage hybrid cloud storage solution.
Learn MoreMore Posts by Hironobu Ohara
5899472934528320 August 3, 2023 at 7:53 pm
Nice article. I have a very similar case but I wonder whether establishing a VPN connection between a cluster in Mainland China and GCP data canter is legal?