Alibaba Cloud’s Container Service Upgraded: Cloud-Native Just Got a Bit More Powerful

Kubernetes: The Underlying Force behind Cloud Native

In the early days, most of the applications running in Kubernetes were stateless. However, nowadays, an increasing number of enterprises are migrating their core business systems, data intelligence workloads, and innovation-related workloads to Kubernetes. Currently, at Alibaba, cloud services like Enterprise Distributed Application Service (EDAS), Microservice Engine (MSE), Dataphin, and Data Lake Analytics are all deployed on Alibaba Cloud’s Container Service for Kubernetes.

  • Production usage of cloud-native applications and projects have increased by more than 200% on average since December 2017. (You can check out more about this here.)
  • According to the annual Developer Survey provided by Stack Overflow this year, Containers and Kubernetes have become the most popular tech after Linux.
  • According to the prediction made by Gartner in this year’s container best practices: “By year 2022, 75% of the global companies will be running containerized apps in production environments-three times today’s rate.”
  • For the aggregation of sample data, Alibaba Cloud’s Blink solution that can be deployed on Alibaba Cloud’s Container Service for Kubernetes was used. The performance of real-time computing is 2.4 times higher than open-source alternatives.
  • The Real-time machine training of Alibaba’s offerings supports up to 10 billion samples retrieved in real time and trillions of super large sparse models.
  • Last, the inference part of Weibo’s machine leaning model adopted Alibaba Cloud’s Container Service for Kubernetes inference framework, which can synchronously schedule heterogeneous cluster resources. This solution makes it possible to handle up to 500,000 queries per second.

ACK 2.0: Make Kubernetes Easy-to-Use

When it comes to applying Kubernetes on a large scale, there are many challenges to overcome. For example, how can one ensure the security and compliance of Kubernetes and its applications? How can one manage online and offline Kubernetes clusters in a unified manner? And how can one make full use of the top and underlying Kubernetes ecosystems? Well, in this latest upgrade to the service, Alibaba Cloud’s Container Service team has worked hard to make sure that any and all customers can easily handle these issues.

Provide End-to-end Security Capabilities for Enterprises

First, let’s discuss security and see how you can guarantee end-to-end security in the cloud-native era.

  • High elasticity and high density. Unlike, in the past, when only a few applications could run on a server, now hundreds of applications can run on a single server, which makes these servers over ten times more efficient than traditional servers. Given the automatic recovery of containers and other features, a container running on server A may run on server B the next minute.
  • Agility and fast iteration. With the help of containers and DevOps, applications are iterated several times faster than they used to be.
  • High security standards. Due to the adoption of open standards and the organized production of the software industry, increasingly third party open-source software is being used. However, this poses more security risks. Based on these facts, the features of containers will have higher standards on cloud-native security.
  • The security of the underlying infrastructure. Container Service supports network isolation and end-to-end data encryption. Alibaba Cloud primary and Resource Access Management (RAM) accounts are associated with the Kubernetes Role-Based Access Control (RBAC) system to support fine-grained permission management and auditing.
  • The security of the intermediate software supply chain. Technologies such as image scan and BYOK-based disk encryption are adopted to achieve DevSecOps, which means that everyone is responsible for security.
  • The security of the top runtime environment. Technologies such as runtime scans, multi-tenant management, and the key management service (KMS) are used to provide a higher level of security.
  • Supports container runtime scanning. In Alibaba Cloud Security Center, you can view monitoring data and blocked threats for both container and non-container runtimes. This achieves static and dynamic management of application development lifecycles.
  • Provides an end-to-end application release chain. This chain is observable, traceable, configurable, and highly intelligent, and can be used to optimize your delivery efficiency. Moreover, the release will be interrupted when a vulnerability is detected and the release of applications is completely manageable.
  • Supports global application distribution. Images can be distributed to servers across all regions over the world to improve the efficiency of application releases or updates by up to seven times.

Expand the Boundaries of Cloud Computing

Let’s go back to the second question now: how can you manage on-premises Kubernetes clusters and cloud-based Kubernetes clusters at the same time. Well, our ACK provides a cloud computing solution without borders to resolve this issue.

  • Unified cluster management, unified security governance, application management, and observability, and elastic scaling across different cloud infrastructure.
  • Cloud-native hybrid cloud uses Alibaba Cloud’s Cloud Enterprise Network to connect both VPC networks and on-premises networks deployed in different regions as a ring network. This helps you achieve network-wide interconnection, nearby access, and fast response.
  • Cloud-native hybrid cloud uses smart network traffic management to optimize service access strategies based on regions, improving business continuity.

Serverless Infrastructure

Now let’s go back to the third question: how can you manage work of upgrading and maintaining large amounts of nodes in Kubernetes clusters. At Alibaba Cloud, we think that the serverless architecture can be used to resolve this issue and help enterprise reduce operations and maintenance costs.

Stay Open: Container Application Market Launched

As cloud-native architecture continues mature, at Alibaba we are hoping to partner with other enterprises and service providers to help contribute towards building an open cloud-native ecosystem.

  1. Intel, the largest manufacturer of personal computer parts and CPUs in the global market. Its product Clear Linux can create optimized base images for applications based on Aliyun Linux 2, and then release these images to the Alibaba Cloud container application market as container images. All of this means that more customers can run containers in a secure, lightweight, and efficient manner.
  2. Aozhe (奥哲) Network Technology Co., Ltd. is the leading business process management (BPM) supplier in China. Their BPM product Yunshu (云枢, literally “cloud hub”) will be available in the container application market to help enterprises perform digitalized online operations.
  3. Fortinet is an industry-leading network security and malware protection company headquartered in Silicon Valley. It provides high-security and high-performance solutions for communications with low costs. Fortinet will release container security suites in the container application market to help enterprises and customers guarantee container runtime security.

New Foundation, New Computing Capability, and New Ecosystem

Last but not least, let’s review the evolution of cloud-native Container Service for Kubernetes version 2.0 and its future. At Alibaba Cloud, it is our vision to work together to build the new foundation, new computing compatibility, and new ecosystem in this cloud-native era.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Alibaba Cloud

Alibaba Cloud

Follow me to keep abreast with the latest technology news, industry insights, and developer trends. Alibaba Cloud website: