The previous article introduced ： What is cloud native and the definition and arrangement of cloud native applications , Today, we mainly introduce the runtime environment that cloud Nativity depends on . Cloud native — Arrangement and management

Catalog

One 、 Runtime environment Runtime

1） Start container code  

2） Persistent storage tools  

3） The network environment  

Two 、 Cloud native storage Cloud Native Storage

Facing problems

Problem solving ideas

Technical solutions

3、 ... and 、 Container runtime Container Runtime

Facing problems

Problem solving ideas

Technical solutions

Four 、 Cloud native network Cloud Native Network

Facing problems

Problem solving ideas

Technical solutions

5、 ... and 、 summary

One 、 Runtime environment Runtime

Previously, we have introduced the upper part of cloud native environment application deployment and orchestration , Today we will learn about the environment that the application runtime depends on — The runtime layer .

The runtime layer is divided into three parts ：

1） Start container code  

The code used to start the container , Called container runtime ;

2） Persistent storage tools  

The persistence layer storage tool that the container depends on ;

3） The network environment  

Manage the network environment on which the container depends .

The runtime environment guarantees the application at runtime , It can run smoothly and reliably 、 Data security and resource isolation . so to speak , The runtime layer contains everything the container needs to run in a cloud native environment .

Here we should not confuse these with actual storage containers and network containers . Here we only focus on the normal start and stop of the guarantor platform 、 How to help the container platform store data 、 And allow the environment on which mutual communication depends , It is also an abstract concept of the running environment .

Two 、 Cloud native storage Cloud Native Storage

  Cloud native storage , It mainly stores the persistent data of the application , It is also commonly referred to as a persistent volume or persistent layer .

In order to ensure that the application can run reliably , Applications need to be able to easily access storage .

When we know persistent data , Generally use database 、 Message middleware, etc . It is mainly to ensure that data will not be lost when the application is restarted .

Usually , When expanding or shrinking the container , Then containerized applications will be constantly created and deleted , It will even change the physical location of application deployment . in addition , The dynamic nature of cloud native architecture 、 Flexibility and scalability .

This also brings great challenges to ensuring that data is not lost during application restart . This is why cloud native storage must be independent of the service node .

Facing problems

Question 1 ： Portability

We know , Usually data storage , Will be based on a certain hardware environment . For example, disk. 、 Memory . The hardware itself is constrained by the infrastructure environment .

In the actual storage interface , Different data centers may depend on different storage environments , For example, some platforms use containers , Some platforms use physical machines ; Some platforms require high environment configuration 、 Some require low configuration and so on , These differences make portability very difficult .

Question two ： Automatic configuration

Because the cloud environment is elastic , Therefore, manual configuration naturally cannot meet the requirements of this dynamic expansion . therefore , To benefit from the elasticity of the cloud , Automatic configuration storage must be realized . So cloud native storage is customized for this new cloud native feature .

Problem solving ideas

1） Dynamic ： Provide cloud native storage dynamically configurable options for containers .

2） Standardization ： Standardization of interfaces between containers and storage providers .

3） Security ： Through automatic backup and recovery , It provides a good data self-protection mechanism .

The former means using a container storage interface compatible with cloud Nativity , And can store automatic configuration , Eliminate manual bottlenecks , And then realize the automatic expansion and self-healing of storage .

Technical solutions

Cloud native storage is largely through container storage interfaces (CSI) Realized , It provides a standard API, Used to provide file and block storage for containers . There are many tools in this category , Including open source tools and tools provided by suppliers , They make use of CSI On demand storage for containers .

Container storage interface （Container Storage Interface）, abbreviation CSI,CSI Try to establish an industry standard interface specification , With the help of CSI Container arrangement system （CO） Any storage system can be exposed to its own container workload .

Besides , There are also technologies designed to address other cloud native storage challenges .Minio It's a popular project , It provides object storage with S3 Compatible API.Velero Tools like help simplify backup and recovery K8S The process of persistent data used by the cluster itself and Applications .

Minio yes Apache License v2.0 Open source distributed storage system , It supports S3 Service interface of cloud storage , It is very suitable for supporting a large amount of unstructured data , A file can be any size , From dozens of K To the biggest 5TB, It is also a very lightweight service , It can be used in combination with other applications .

3、 ... and 、 Container runtime Container Runtime

  The container itself is a set of computational constraint processes for executing or starting applications . Containerized applications think they run on their own dedicated computers , And don't realize that they are sharing resources with other application processes .

While the container is running , It is a kind of software that executes containerized applications . If there is no runtime software support , Only container images , That is, specify the static file of the container application . That still requires the resources provided by the runtime , To ensure that the application can start or stop smoothly in the container .

Facing problems

We know , Container image is a kind of file with application specification . Therefore, container image startup needs to be standardized 、 Security and isolation .

Question 1 ： Standardization

No matter where your container image runs , All need a set of standard operation rules and procedures .

Question two ： Security

In terms of security , First, ensure the security of the container image , For example, restrict access 、 Operation authority, etc .

Question 3 ： Isolation

If you don't want an application to not affect other applications or be affected by its application . such as , An application in the same location crashes without affecting the normal operation of other applications . At this time, it is necessary to effectively isolate applications . Of course , You also need to provide independent resources for applications , for example CPU、 Storage and memory .

Problem solving ideas

Container runtime , Start the application in all environments in a standardized way and set the corresponding security boundaries . such as CRI-O or gVisor When the runtime strengthens their security boundaries . The runtime also sets resource limits for the container . If there is no resource restriction , Applications may consume resources as needed , It may occupy the resources of other applications . therefore , We need to always set up resources for our respective applications , To ensure that services do not affect each other .

Technical solutions

Containerd It belongs to Docker Part of the product . It and CRI-O Are standard container runtime implementation environments .Containerd It's from Docker The bottom container separated from the runtime , Use and Docker There's no difference . It emphasizes simplicity 、 Robustness and portability .containerd You can manage the full container lifecycle in the host , Including the transmission and storage of container image 、 Container execution and management 、 Storage and networking, etc .

There are also tools that can extend the use of containers to other technical directions , such as Kata, It allows you to use containers as VM function . Other technologies aim to solve specific container related problems , such as gVisor, It provides an additional layer of security between the container and the operating system .

Four 、 Cloud native network Cloud Native Network

We know , Containers communicate with each other through cloud native network machines , Of course, it also includes the communication with the infrastructure layer .

In distributed applications , There are usually multiple application components , They need the help of the network to achieve different purposes . therefore , It needs to be based on the existing network , Create a virtual network , Designed for communication between applications .

Facing problems

such as , When we want to complete a task everyday , It often requires multiple application combinations to achieve . Need office software Office To document , You need to use demo software or remote video when demonstrating , Even need to use chat tools to communicate .

If each of the above components runs in its own container . So that all these independent parts can be used as a cohesive Application , The container needs to provide a dedicated communication network .

We know , Data and messages flowing between containers may contain sensitive or private data , Because the cloud native network uses software to control 、 Check and modify the data flow .

Therefore, the management between containers 、 Protection and isolation are relatively easy . And in some cases , You may want to expand container networks and network policies , Such as firewall and access rules , To allow applications to connect to virtual machines or services running outside the container network . The programmable and often declarative nature of cloud native networks makes these possible .

Problem solving ideas

among , Container network interface (CNI) Provide network capabilities for containerized applications . Such as Flannel, It's simple , Provide basic connection to the container . There are other things like NSX-T It provides a complete software defined network layer , For each K8S Namespace creates an isolated virtual network .

The container network needs to be at least Pod（ Containerization is applied in K8S Where it runs ） Distribute IP Address , To allow other processes to access .

Technical solutions

Container network interface (CNI), Similar to the storage and container storage interface mentioned above , To a large extent, it makes the diversity and innovation in this field possible .

CNI Standardized the network layer to Pod Ways to provide functionality . For you K8S Choosing the right container network for the environment is very important , There are many tools to choose from . such as Weave Net、Antrea、Calico and Flannel Both provide an effective open source network layer . Their functions are quite different , We need to make targeted choices in combination with the actual scene .

Besides , Many vendors use software to define Networks (SDN) Tool support and extension K8S The Internet , Provide more checks on network traffic and implement different network strategies , Container networks and policies have even been extended to a wider range of data centers .

therefore , The cloud native network is also gradually improving , To solve the problems of network management and data security between containers .

5、 ... and 、 summary

This section mainly introduces the cloud native environment , The runtime environment on which the application depends . Through the above analysis , We know the runtime environment , It mainly focuses on the normal startup and shutdown of the guarantor platform 、 How to help the container platform store data 、 And allow mutual network communication .

in addition , The continuous emergence of many new technologies , It also formed a trend that the cloud primary environment gradually tends to improve . Future period , We believe that cloud native applications will bring us all the business value and use experience before .