Alibaba Cloud ACK Pro and ACK@Edge: Cloud-Native Evolution for Enterprises

Kubernetes-based Cloud-Native Computing

Kubernetes-based cloud-native computing has also become a new operating system. A growing number of industries and enterprises adopt and benefit from the prototype of the cloud-native operating system. Alibaba Cloud also continuously refines the cloud-native operating system provided for customers. What outstanding features does the cloud-native operating system have?

Major Strengths of ACK Pro: High Reliability, High Security, and High Scheduling Performance

ACK Pro inherits all the strengths from ACK clusters of the Managed Edition, such as managed primary nodes and high availability. In addition, ACK Pro clusters provide higher reliability, security, and scheduling performance. ACK Pro is applicable to enterprise customers with massive services in production environments, where high stability and security are required.

High Reliability

ACK Pro is built for massive production environments in enterprises. A single ACK Pro cluster supports up to 5,000 nodes. Management resources can be automatically scaled. The etcd uses encrypted disks and adopts frequent cold and hot backup and geo-disaster recovery. Management components such as kube-apiserver and etcd have enhanced observability. You can view monitoring metrics of core management components on dashboards and set alert rules for them. The ACK team has also strengthened the autonomy mechanism for the managed primary components, striving to detect and fix errors in a timely manner to minimize adverse impact. In addition, the ACK team has made an official commitment that cluster management can provide an SLA-warrantied availability of 99.95% and customers can be compensated for the failure to meet the availability.

Robust Security

Container security has been valued by an increasing number of customers. ACK Pro further improves the security features during application deployment and running by introducing a new security management module. The module provides several features. First, the module allows you to configure container security policies. You can define a Kubernetes Pod Security Policy (PSP) to check whether a request to deploy and update a pod in the cluster is valid. Second, the module allows you to configure inspection jobs for the cluster. The module can scan and detect security risks in the workload configurations of the cluster and interprets the information in the inspection reports. Based on this, you can learn whether the runtime configurations of applications in the current state are secure in real time. Third, the module monitors runtime security and generates alerts. Specifically, it scans and terminates malicious image startup, viruses, and malware and detects attacks on the container side, such as intrusions into containers, container escapes, and high-risk operations on containers. ACK Pro also allows you to encrypt and decrypt secrets data by using the keys defined in Alibaba Cloud Key Management Service (KMS). This way, secrets can be encrypted when they are stored in disks. In addition, ACK Pro supports sandboxed containers and encrypted computing clusters, providing comprehensive security assurance.

High Performance Scheduling

ACK Pro has enhanced the scalability of the native kube-scheduler in Kubernetes. It supports batch scheduling. You can schedule a group of associated processes or jobs to a cluster at a time based on the All-or-Nothing principle. This prevents deadlocks caused by scheduling failures of some jobs. In addition, it provides topology-aware CPU scheduling for CPU-sensitive workloads. This ensures resource allocation to this type of business and avoids performance deterioration caused by context switching. In our best practices, intelligent CPU scheduling improves the performance of applications in X-Dragon-based Elastic Compute Service (ECS) Bare Metal instances by 60% to 150% and decreases the latency of applications by 100% under high loads.

Commercialized ACK@Edge Has Helped Several Enterprises Implement Edge Containers

In the era of the Internet of Everything (IoE), many enterprises are exploring the measures to extend the computing power of intelligent edges to edge nodes such as IoT devices. They are seeking to increase the connection speed, improve the real-time performance of services, and reduce the transmission restrictions caused by the central cloud and network.

Original Source:

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store