In-depth Analysis on PouchContainer

PouchContainer is Alibaba Group’s open-source, efficient, lightweight, enterprise level rich-container engine technology with strong isolation, high portability and low resource consumption. It can help enterprises quickly implement the containerization of inventory services and improve the utilization of physical resources in ultra-large-scale data centers.

PouchContainer is derived from Alibaba’s internal use cases. In the initial development stage, Alibaba engineers spared no effort to develop a container technology capable of safeguarding Internet applications. The engineers’ devotion is evidenced by the creation of PouchContainer which features strong isolation and the rich container capabilities. PouchContainer is well tested and proven by its large-scale performance during Alibaba’s Double 11 Shopping event. This Alibaba-developed container service is an inclusive technology designed to help enterprises quickly implement the containerization of their inventory services.

Alibaba had a huge volume of internal inventory services when it first came into contact with container technologies. One of the critical issues they faced was determining how to quickly containerize inventory services. Container technologies have gradually become more popular over several years of development. However, some enterprises with large inventory services are still trying to determine how to implement the containerization of their inventory services. In the cloud native field, the majority of the advanced ideas advocated by Cloud Native Computing Foundation (CNCF) are based on the containerization of services. If an enterprise falls behind in containerization of its cloud native services, it will have no way to implement subsequent open source technologies like container orchestration and Service Mesh.

Seven years of practical experience with the PouchContainer technology have proven to the industry that this rich container technology is the first choice for enterprises seeking to containerize their inventory services.

What Is a Rich Container?

  1. Container images offer quick service delivery.
  2. The container environment is compatible with the enterprise’s original O&M system.

From the technical perspective, the rich container provides an efficient way to help enterprises pack more content required for their services, instead of only service applications themselves, into one single container image, including O&M suites and system services. Additionally, compared to a simple single-process container, a rich container is significantly different in terms of process organization and structure — manager processes like systemd can be automatically run when the container runs. As a result, an application in a rich container can run in the same way as it would on a physical machine, without having to change any service code or O&M code. It is safe to say that the rich container is a more general application-oriented mode.

In other words, is capable of ensuring service delivery speed without intruding on development or O&M processes, which allows IT staff to focus their energy on service innovations.

Application Scenarios

The PouchContainer rich container technology is applicable to all scenarios where an enterprise needs to consider compatibility with its original O&M systems in the process of service containerization.

Implementation of Rich Containers

A rich container is 100% compatible with the OCI images common in the community. The container uses the image’s file system as its rootfs at startup. As for running method and functionality, the container also include hook methods (prestart hook and poststop hook) which are run when the container starts or stops respectively.

Internal Running Process of Rich Container

  1. The init process of pid=1
  2. The container image’s CMD
  3. The system “service” process in the container
  4. User-defined O&M components

The init Process of pid=1

  1. systemd
  2. sbin/init
  3. dumb-init

It is well known that traditional containers, serving as an isolated running environment, have some disadvantages in the management of internal processes. For example, the failure to retrieve zombie processes causes containers to consume too many resources and additional memory. These containers’ internal system service processes cannot be managed in a friendly way, leading to a lack of basic functions required for services, such as the cron and syslogd system services. Traditional containers fail to provide support for running some systems primarily because these systems need to call systemd to install the RPM package.

However, from the perspective of the O&M methodology, the init process in the rich container can resolve all of the aforementioned problems, providing a better application experience. The init process is designed to be able to wait for a killed process, easily solving the issue of Zombie processes as demonstrated by the above image. It can also manage system processes, which is one of its primary jobs. The init process handles the majority of the most basic and traditional O&M capabilities and lays a solid foundation for O&M systems.

The Container Image’s CMD

The container image’s CMD represents the core applications and therefore is the core of the rich container. All O&M adaption is to ensure that service applications can run in a more stable manner.

The System “service” Process in the Container

PouchContainer’s rich container takes into consideration applications that have numerous needs and system service delivery. The init process in the rich container is capable of comprehensively managing a variety of system service processes natively.

User-defined O&M Components

Because of the init process in the rich container, user-defined O&M components can run in a stable and healthy way as they did before, enabling smooth operations and maintenance.

Rich Container Start and Stop Execution Hooks

PouchContainer’s rich container mode allows users to conveniently specify the application’s start and stop execution hooks: prestart hook and poststop hook. The prestart hook specified by the O&M team can help the application perform some initialization operations in the container that are compliant with O&M requirements before the application runs, including initializing network routing tables, getting the application’s execution permissions, and downloading certificates required for runtime. The poststop hook that the O&M team specifies can help the application perform unified follow-up work when the application stops running or exits due to an exception, for example, cleaning intermediate data to provide a purified environment for the next startup. If the application exits due to an exception, the error will be immediately reported to meet O&M requirements.

As we can see, the start and stop hooks in the rich container increase O&M capability and considerably improve the ability of the O&M team to flexibly manage applications.

Summary

The open-source PouchContainer is expected to bring the industry huge benefits at a reasonably affordable cost. With this technology, Alibaba hopes to help many enterprises implement the containerization of their inventory services, save more time, quickly embrace cloud native technologies, and take a big stride towards digital transformation.

Reference:

https://www.alibabacloud.com/blog/in-depth-analysis-on-pouchcontainer_593880?spm=a2c41.11868930.0.0

Follow me to keep abreast with the latest technology news, industry insights, and developer trends.