By Alibaba Cloud Container Service Team
The survival and development of enterprises were uncertain throughout 2020. As a result of the ever-changing challenges, digital innovation capabilities are more important to enterprises than ever before.
During the pandemic, more enterprises have strengthened their beliefs and quickened their paces in cloud migration and digital transformation. They actively explore the implementation of cloud-native architecture transformation. During the 2020 Double 11 Global Shopping Festival, Alibaba achieved a major breakthrough in cloud-native technologies for its core system. Based on the cloud-native architecture, enterprises can maximize cloud usage and focus on business developments. Developers can also improve development efficiency based on cloud-native technologies and products and focus more on business logic implementation. Cloud-native technologies represented by containers have become the easiest way to realize the value of the cloud.
As the cornerstone of cloud-native development, the new trends and challenges of container technology have attracted a lot of attention. At the beginning of 2021, Technical Experts from the Alibaba Cloud Container Service for Kubernetes Team present six key interpretations of container technology trends for this year.
By Tang Zhimin, Senior Technical Expert of Alibaba Cloud Container Service for Kubernetes
According to the newly released CNCF China Cloud-Native Survey in 2020, 72% of interviewees use Kubernetes in production. Over the past year, the booming cloud-native ecosystem of Alibaba Cloud also proved that cloud-native technologies are becoming the easiest way to realize the value of the cloud. Early-stage stateless applications, AI big data, and storage applications are also applying container technologies. Container technologies, such as Kubernetes, have become a new interface for cloud computing and will continue to bring more value.
By Wang Siyu, Technical Expert of Alibaba Cloud, Author of OpenKruise
Thanks to Kubernetes's concept of final-state, cloud-native architectures naturally enable high automation. In the process of making cloud-native applications, the advantages of automation can be fully utilized, including the maintenance of replicas number, version consistency, error retry, and asynchronous event-driven. Compared with the previous process-oriented O&M mode, this improvement results in a new concept and technology. Building a more automated and cloud-native oriented infrastructure for applications is one of the key areas to explore in 2021:
By Sun Jianbo, Technical Expert of Alibaba Cloud and Director of the open-source project, Open Application Model (OAM)
As container technology develops, more enterprises focus on how to improve the business performance of container technology. The cloud-native ecosystem that uses Kubernetes as a delivery interface is growing. More teams add more expansion capabilities based on Kubernetes to build a highly scalable cloud-native platform centered on "applications."
By Huang Yuqi, Senior Technical Expert of Alibaba Cloud and Director of OpenYurt (the open-source cloud-native project for edge computing)
With the development of 5G, IoT, live broadcasts, and CDN, more computing forces and businesses are sinking to data sources or closer to end users to obtain good response times and reduce costs. This is different from the traditional central mode of computing, edge computing. In the future, it will demonstrate three trends:
The scale and complexity of edge computing are increasing daily, leading to the overwhelming shortage of O&M methods and capabilities. As a result, cloud-edge integrated O&M and collaboration have become an architectural consensus. Supported by cloud-native, cloud-edge integration is accelerating rapidly:
Cloud-native edge computing is the new border of cloud-native and the future of edge computing.
By Zhang Kai, Senior Technical Expert of Alibaba Cloud, responsible for Alibaba Cloud Container Service for Kubernetes and the Cloud-Native AI solution R&D
By Che Yang, Senior Technical Expert of Alibaba Cloud and Co-Sponsor of the open-source project, Fluid
Data is the core asset of an enterprise. Cloud-native technologies will promote more data-driven applications over the next few years to support the digital and intelligent IT transformation of an enterprise. Migrating traditional big data and HPC applications to Kubernetes platforms smoothly is a problem for the cloud-native community. This does not include cloud-native AI, which is developed by Docker and supported by Kubernetes. There are new trends, including traditional task schedulers, fine-grained scheduling of containerized resources, new scenarios of elastic data tasks, and a unified cloud-native base for AI and big data.
By Yang Yubing, Senior Technical Expert of Alibaba Cloud Container Service for Kubernetes
Containers have become the standard for application delivery and a unit for the delivery of computing resources and supporting facilities in the cloud-native era. Container runtimes with Linux containers, such as runC, offer excellent features, such as lightweight, high efficiency, self-inclusion, and one-time package and operation. They are very popular among containers, developers, and users.
Although increasingly popular container technology and applications become a new interface for cloud computing, container technology in the cloud computing environment still faces new challenges. Multiple containers share the same kernel, resulting in inherent disadvantages in isolation and security. Therefore, it limits the application scenarios and development of containers that can only be applied in single-rent scenarios, such as the internal enterprise environment. However, when cloud-native products are delivered to containers of different tenants, strong isolation is a must, even if it's on the same host. In the era of cloud-native products, container runtime needs to ensure good security isolation. In addition to the features above, container security is a top priority. Containers implemented with lightweight virtualization, such as KATA, are gradually becoming the standard container runtime for multi-tenant scenarios.
In addition to the runtime, security isolation at the network, disk, image, and Kubernetes API level must be resolved. This involves multiple tenants and the running of untrusted code. Therefore, all resources that are available to users must be isolated, including targets for network access, storage resources for use, and image contents that can be downloaded or accessed locally. Security protection requires multi-level deep protection to prevent the vulnerabilities of the isolation implementation from being exploited. In addition to VPC isolation, network protection needs detailed isolation of network strategies. Computing isolation needs namespaces, system calls, and virtualization-related isolation. For storage isolation, DiskQuota isolation must be performed on the host, except for virtualization-related isolation. Apart from network isolation, image isolation also requires local image reference isolation. These are implemented for strong isolation and multi-layer deep isolation.
The container security technology also faces other new challenges. After virtualization is introduced, container technology is no longer implemented in a lightweight manner. Optimizing the virtualization technology in a lightweight and efficient way has become a problem we must solve. There are lightweight virtualization technologies in the industry, such as gVisor and Crosvm (from Google) and Firecracker (from Amazon.) Alibaba also provides the virtualization container technology Daishu to solve this problem.
Alibaba Clouder - May 7, 2021
Alibaba Clouder - December 31, 2020
Alibaba Clouder - January 4, 2021
DavidZhang - April 30, 2021
Alibaba Clouder - January 14, 2021
Alibaba Clouder - February 19, 2021
Deploy custom Alibaba Cloud solutions for business-critical scenarios with Quick Start templates.Learn More
This solution helps you easily build a robust data security framework to safeguard your data assets throughout the data security lifecycle with ensured confidentiality, integrity, and availability of your data.Learn More
Alibaba Cloud experts provide retailers with a lightweight and customized big data consulting service to help you assess your big data maturity and plan your big data journey.Learn More
Alibaba Cloud provides big data consulting services to help enterprises leverage advanced data technology.Learn More
More Posts by Alibaba Developer