容器编排界的“三皇会战”，Kubernetes的奥斯特里茨！

Posted 2021-04-16 大魏分享

“三皇会战”，即奥斯特里茨战役。战方为法兰西帝国皇帝拿破仑·波拿巴，俄罗斯帝国沙皇亚历山大一世，神圣罗马帝国皇帝弗朗茨二世。法国军队在拿破仑的指挥下，迅速击败数量更多的对手，取得了决定性胜利。自此，拿破仑成为了欧洲的新霸主。

在IT界，K8s同样在较短的时间里，确立了其在容器编排界的统治地位，具体内容，请参照本文。

文章原题目为：

《容器编排器之战回顾，这是一场还没有拉开大幕，就结束了的战斗》

在2017年底，K8s速战速决地结束了这场战斗，宣布获胜；战争的结果是，所有竞争对手都选择了对K8s的兼容。也就是说，其它的各种平台在各自的编排器框架里内置了K8s，对于OpenShift这样以前就内置了K8S的厂家而言，可以说是把握对了方向，一开始就押对了宝。本文是根据Mesosphere公司的大拿Karl KARL ISENBERG曾经分享过多次的一份演讲稿改版的。

KARL ISENBERG 是谁？

所在公司?

• Mesosphere（当前）

• Pivotal

做过的产品?

• DC/OS

• Kubernetes

• CloudFoundry

• BOSH

联络信息：

• github.com/karlkfi

• twitter.com/karlkfi

• linkedin.com/in/karlkfi

• karl.isenberg.us

基础架构的进化

传统的应用架构在逐渐向下面两种架构演变。

可扩展的单体应用架构

关键词：

• Online 基于互联网

• Latency Routed 用户访问基于延迟路由

• Multi-Region 多区部署

• Load Balanced 负载均衡接入

• Multi-Zone 多个Zone

• Replicated 应用实例多副本

• Auto-Scaled 容量自动化收缩

• Data Replication 区内数据多副本

• Data Synchronization 跨区数据同步

可扩展的微服务架构

上图出处：Wheel of Doom ，来自 A Journey into Microservices by Hailo

应用+裸金属服务器

APPLICATION PROVISIONING ON BARE METAL

应用+IaaS

APPLICATION PROVISIONING ON VIRTUAL INFRASTRUCTURE PLATFORM (IaaS)

“Ultimately, utility cloud providers have exposed how difficult it is to properly operate data centers — and reminded all of us that the ability to expertly operate infrastructure is what really fuels the consumption of open source infrastructure.” –Brian Stein (Rackspace VP - 2017)

应用+PaaS/aPaaS+IaaS

APPLICATION PLATFORM (PaaS / aPaaS) ON INFRASTRUCTURE PLATFORM (IaaS)

“The goal of Cloud Foundry is to put more of the controls back in the hands of developers so they can self-provision, so there aren’t a lot of roadblocks in their way. But it gives a lot of guardrails.” – Chip Childers (Cloud Foundry Foundation CTO - 2017)

容器编排器+IaaS

CONTAINER ORCHESTRATION ON INFRASTRUCTURE PLATFORM (IaaS)

“…traditional “PaaS” roles have now been taken over by containers… The piece that is left for PaaS is the part that was always the most important part of PaaS in the first place, and that’s the opinionated developer experience.” –Brendan Burns (Kubernetes Cofounder - 2017)

CaaS+IaaS

CONTAINER PLATFORM (CaaS) ON INFRASTRUCTURE PLATFORM (IaaS)

CaaS+裸金属服务器

CONTAINER PLATFORM (CaaS) ON BARE METAL

FaaS+IaaS

FUNCTION PLATFORM (FaaS) ON INFRASTRUCTURE PLATFORM (IaaS)

“If your PaaS can efficiently start instances in 20ms that run for half a second, then call it serverless.” –Adrian Cockcroft-(AWS VP - 2016)

FaaS+CaaS

FUNCTION PLATFORM (FaaS) ON CONTAINER PLATFORM (CaaS)

FaaS+CaaS+IaaS

FUNCTION PLATFORM (FaaS) ON CONTAINER PLATFORM (CaaS) ON INFRASTRUCTURE PLATFORM (IaaS)

平台频谱 platform spectrum

从左到右，资源的抽象程度不断提高；最左侧的弹性最高，最右侧的速率最高。

下图是不同类型里的厂商和软件。

容器平台层次

容器编排器的层次如下：

• User workloads 用户工作负载

• Distributed container management 分布式容器管理

• Local container management 本地容器管理

• Container agnostic infrastructure 容器无关性基础架构

容器平台的层次如下：

CONTAINER PLATFORM

• User workloads 用户工作负载

• System management & service enablement 系统管理和服务管理

• Distributed container management 分布式容器管理

• Local container management 本地容器管理

• Container aware infrastructure 容器感知的基础架构

• Container agnostic infrastructure 容器无关的基础架构

分布式操作系统的层次如下：

容器平台功能点

运行态的能力

1 容器

• Resource Isolation

• Resource Constraints

• Process Tree

• Environment Isolation

• Shell / Exec

2 镜像

• Build

• Layers

• Download

• Cache

• Publish

• Prune

3 网络

• Container

• Bridge

• Host

• Virtual

• Overlay

• Remote

• User-defined

• Port Mapping

4 数据卷 - Ephemeral - Host - Backup / Restore - Copy In / Out - Shared

编排器的能力

调度

• Placement

• Replication/Scaling

• Readiness Checking

• Resurrection

• Rescheduling

• Rolling Updates

• Collocation

• Daemons

• Cron Jobs

资源管理

• Memory

• CPU

• GPU

• Ephemeral Volumes

• Remote Persistent Volumes

• Local Persistent Volumes

• Ports

• IPs (per container)

服务管理

• Labels

• Groups/Namespaces

• Dependencies

• Load Balancing (L7)

• VIPs (L3/L4 LB)

• DNS

• DNS Proxy

• Secrets

• Config Mgmt

运维方面的能力

管理

• GUI

• CLI

• Metrics API

• Logs API

• Events API

• Rolling Upgrades

• Backups & Restores

MULTI-INFRASTRUCTURE

• Multi-cloud

• Multi-zone

• Multi-region

• Hybrid-cloud

• Federation

系统服务

• Auto-Scaling

• Package Management

• Service Catalog

• Service Brokers

• Admin Proxy

• API Gateway

平台的能力

容器网络

• Overlay

• Routing

• Network Address Translation (NAT)

• Firewalls

• Access Control Lists

• Quality of Service

容器存储

• Local Volumes

• Remote Volumes

• Block Storage

• File System Storage

• Object Storage

平台数据库

• Lock Service

• Key-Value Database

• Relational Database

• Time Series Database

安全

• User Accounts

• Service Accounts

• System/User Space

• E2E Encryption

• Non-root User Workloads

• Audit Logging

• Public Key Infrastructure

• Certifications

多租户

• User Groups

• Permissions

• RBAC

• ABAC

• Resource Sharing

• FIFO

• Fair

• Quotas

• Branding

• Quality of Service

非功能需求

稳定性

• Performance

• Responsiveness

• Efficiency

可用性

• Fault Tolerance

• Robustness,

• Reliability,

• Resilience,

• Disaster Recovery

灵活性

• Format Support,

• Interoperability,

• Extensibility,

• Container Runtimes

可用度

• Familiarity,

• Maintainability,

• Compatibility,

• Debuggability

可移植性

• Host OS,

• Cloud,

• Bare-Metal,

• Hybrid

安全性

• Encryption Quality,

• Vulnerability Process,

• Fast Patching,

• Backporting

容器平台对比

市场里的主要技术厂商如下。

其它值得考虑的厂商如下。

下面的能力对比的时间点是 06/2017，这个时候K8s是否能胜出还是个悬念。

调度

图示说明：

• 绿勾：包含此能力

• 横杠：New/External/Partial/Experimental

资源管理

服务管理

如何选择

第一阵营：重量级

KUBERNETES

• Huge community

• Solid API

• Some assembly required

• Multitude of vendors/installers

OPENSHIFT

• Application platform based on Kubernetes

• Always trailing Kubernetes releases

• No assembly required

• Open core, enterprise platform

DC/OS

• Runs native applications (non-Docker)

• Specialized in data services

• Ambitious scope (on-prem AWS)

• No assembly required

• Open core, enterprise platform

DOCKER

• Huge community

• Fast moving API

• Integrated orchestration and runtime

• Recent pivot from runtime to orchestration

• Open core, enterprise platform

第二阵营：轻量级

EC2 CONTAINER SERVICE (ECS)

• Hosted-only solution

• Tight integration with AWS services

• Closed platform

RANCHER CATTLE

• Gateway to Kubernetes, Mesos, and Docker

• Open platform, enterprise support

NOMAD

• Provisioner with orchestration features

• Runs native applications (non-Docker)

• Tight integration with Vault and Consul

• Some assembly required

• Open platform, enterprise support

KONTENA

• Simple to set up

• No assembly required

• Open core, enterprise platform

Karl个人的考察点？

• Which is more important to you: velocity or flexibility?

• Do you want an opinionated application platform?

• Do you need to support Big Data initiatives and pipelines?

• Do you want a hosted solution?

• Are you willing to build out your own integrations?

• Do you need on-prem & hybrid capabilities?

• Do you want to avoid infrastructure lock-in?

• Are you already invested in a specific infrastructure?

• Are you already invested in a specific operating system?

• Do you need **federation and multi-region **support?

• Do you want multi-tenancy or is multi-instance good enough?

• How important are seamless automated rolling upgrades?

• How many nines do your customers need?

• How important is reverse compatibility & API stability?

• Do you need to support non-Docker workloads?

扫码参与DevOpsDays北京站大会，享受折上折的票价。