企业容器云服务技术方案

1、企业容器云服务技术方案Private Container Services1传统虚拟机技术新时代容器技术服务器更轻量更快速更便捷服务器虚拟化操作系统操作系统应用1虚拟机操作系统应用2虚拟机应用1容器应用2容器应用3容器应用4容器VS.以应用为中心以OS为中心2Docker主要概念Docker Hub(Public registry)Docker-registry(Private registry)容器Container镜像Images仓库RepositoriesAnalyticsDB3虚拟机容器CPU:E5620内存: 16GB存储: 本地盘静态Web服务器Nginx 实例数动态Web服务器T

2、omcat 实例数5001001530HP DL388 G7 “Docker性能在多项指标上明显优于以KVM为代表的虚拟机技术，可以和裸机性能媲美” IBM Docker和虚拟机性能分析比较报告4Docker容器与传统虚拟机的比较功能点容器虚拟机内核模式共享宿主机内核自有内核用户运用场景DevOpsITOps扩展性10 to 1000 servers3 to 30 servers启动速度秒级分钟级性能接近原生弱于原生存储空间占用一般为MB级别一般为GB级别隔离性安全隔离完全隔离成本低高计算资源扩展私有数据中心和公有云私有数据中心5底层技术组件核心管理平台基础架构云 (IaaS)容器云(CaaS

3、)上层服务展现让容器技术在企业落地+新一代云计算传统云计算开源的容器管理平台帮助构建企业私有容器服务6一个只有20MB的专门运行容器的操作系统Rancher容器服务架构概览7Rancher CatalogAD/LDAPAlerts/EventsEnvironment 1Environment NNetwork ServicesStorage ServicesContainer Orchestration and SchedulingUser MgmtOps MgmtEnvironment8SDNLoad BalancerHealth CheckService DiscoveryStorage

4、MgmtDNSDNSDNSDocker ComposeKubernetesDocker CLIHosts9EnvironmentsCloudsDevStagingProdUsersStackscompose.ymldocker-compose.ymllb: image: haproxy links: - webweb: image: php links: - db - zookeeperzookeeper: image: zookeeperdb: image: mysqldocker-compose.ymllb: image: haproxy links: - webweb: image: p

5、hp links: - db - zookeeperzookeeper: image: zookeeperdb: image: mysqldocker-compose.ymllb: image: haproxy links: - webweb: image: php links: - db - zookeeperzookeeper: image: zookeeperdb: image: mysqldocker-compose.ymllb: image: haproxy links: - webweb: image: php links: - db - zookeeperzookeeper: i

6、mage: zookeeperdb: image: mysqldocker-compose.ymllb: image: haproxy links: - webweb: image: php links: - db - zookeeperzookeeper: image: zookeeperdb: image: mysqldocker-compose.ymllb: image: haproxy links: - webweb: image: php links: - db - zookeeperzookeeper: image: zookeeperdb: image: mysqldocker-

7、compose.ymllb: image: haproxy links: - webweb: image: php links: - db - zookeeperzookeeper: image: zookeeperdb: image: mysqldocker-compose.ymllb: image: haproxy links: - webweb: image: php links: - db - zookeeperzookeeper: image: zookeeperdb: image: mysqldocker-compose.ymllb: image: haproxy links: -

8、 webweb: image: php links: - db - zookeeperzookeeper: image: zookeeperdb: image: mysqldocker-compose.ymllb: image: haproxy links: - webweb: image: php links: - db - zookeeperzookeeper: image: zookeeperdb: image: mysqldocker-compose.ymllb: image: haproxy links: - webweb: image: php links: - db - zook

9、eeperzookeeper: image: zookeeperdb: image: mysqldocker-compose.ymllb: image: haproxy links: - webweb: image: php links: - db - zookeeperzookeeper: image: zookeeperdb: image: mysqldocker-compose.ymllb: image: haproxy links: - webweb: image: php links: - db - zookeeperzookeeper: image: zookeeperdb: im

10、age: mysqldocker-compose.ymllb: image: haproxy links: - webweb: image: php links: - db - zookeeperzookeeper: image: zookeeperdb: image: mysqldocker-compose.ymllb: image: haproxy links: - webweb: image: php links: - db - zookeeperzookeeper: image: zookeeperdb: image: mysqldocker-compose.ymllb: image:

11、 haproxy links: - webweb: image: php links: - db - zookeeperzookeeper: image: zookeeperdb: image: mysqldocker-compose.ymllb: image: haproxy links: - webweb: image: php links: - db - zookeeperzookeeper: image: zookeeperdb: image: mysqlRancher SDN10ContainerContainerHost 1Host 2docker0 bridgedocker0 b

12、ridgeeth0eth0 1eth0 9eth00001IPSEC TunnelContainerVMeth0eth002Rancher load balancer11Host 1Host 2132HAproxyHAproxyeth0 1eth0 99:801:80DNS: Rancher storage12Host 1Host 2Container VMControllerReplicaReplicaContainerControllerReplicaReplicaContainerControllerReplicaReplica13Private Container ServiceLin

13、uxLinuxLinuxLinuxLinuxLinuxApp CatalogOrchestrationSchedulingMonitoringAccess ControlNetworkStorageDistributed DBRegistryEngineSecurityRancher, Helm, Compose, Kubernetes, Marathon, Swarm, Kubernetes, Mesos, cAdvisor, Sysdig, Datadog, LDAP, AD, GitHub, DockerHub, Quay.io, Docker, Rkt, Notary, Vault,

14、VXLAN, IPSEC, HAProxy, Ceph, Gluster, Swift, Etcd, Consul, MongoDB, RancherOS是“容器化”的Linux14Linux KernelPID 1 System DockerdhcpconsoleUser-level containersSystem containersUser Dockerinitrdudev支持PXE, iPXE支持安装驱动和服务程序支持ARM芯片将支持快速镜像拉取(P2P)将支持自研的分布式存储可以提供定制服务151. 管理私有云、混合云容器环境2. 支持构建企业应用商店和一键部署4. 助力构建轻量级

15、PaaS服务3. 优化CI/CD 部署流水线践行DevOps四大解决方案16互联网F5Rancher管理机阿里云主机1阿里云主机2112.95.X.X:2808015:808055120.25.X.X10112.74.X.X安全组物理机3虚拟机1nginxnginx私有数据中心阿里云（深圳）物理机1物理机2物理机49.116应用仓库namenodedatanodeSDN容器网络SDN容器网络9.11744.454.464.47Hadoop集群MySQL集群部署流水线Nginx Web应用混合云架构下的容器服务17私有数据中心阿里云安全加密容器云平台应用A应用B应用C应用A应用C应用在不同云间动

16、态扩容和迁移安全加密18创建虚拟机部署应用美国通用电气公司（GE）的经验是，用了IaaS后，部署VM只要15分钟，而应用的部署配置却仍要3个星期以上。虚拟机已Ready马上就好IaaS仅仅实现了快速部署虚拟机!Rancher改变了应用管理的模式19docker-compose.ymllb: image: haproxy links: - webweb: image: php links: - db - zookeeperzookeeper: image: zookeeper links: - zookeeperdb: image: mysqlLBWebZookeeperMySQLCompose

17、实现以十分简单的文件描述复杂的应用结构rancher-compose -url -access-key -secret-key -p up -drancher-compose.ymllb:scale: 1 load_balancer_config: name: lb configweb:scale: 2zookeeper:scale: 1db:scale: 120构建企业应用商店和一键部署应用能力应用上架一键部署BMC Remedy，安装包有十几GB22Hadoop 集群一键部署Hadoop 集群和一键部署23NameNode容器配置管理Slave探测配置23DataNode容器配置管理配置D

18、ataNode容器配置管理配置DataNode容器配置管理配置DataNode容器配置管理配置动态新增datanode节点，实时扩展Hadoop集群能力Rancher 元数据服务http:/rancher-metadata24RHEL6OS配置WebLogicWLS配置应用EAR应用配置abc123!#$配置随便改，程序能测通就好DEVRHEL6OS配置WebLogicWLS配置应用EAR应用配置def456&*配置很重要，我要稳定和安全Ops安全加固优化生产环境管好虚拟机就好云管理员关掉FW随便配测试环境测好的应用在生产环境一定能正常工作吗？经理测试环境生产环境?25RHEL6OS配置Web

19、LogicWLS配置应用EAR应用配置abc123!#$DEVRHEL6OS配置WebLogicWLS配置应用EAR应用配置def456&*Ops安全加固优化生产环境关掉FW随便配测试环境应用EAR50MB50GB一堆配置，难以自动 化过程慢长，也需要改配置从测试到生产，部署方案一从测试到生产，部署方案二测试环境生产环境26开发编译容器化测试部署/升级运营场景3：践行开发部署一体化DevOps大幅度提升构建效率更高明的测试环境管理便利地版本升级、回滚27SVN开发机Jenkins主机环境部署节点Rancher容器主机Docker镜像库测试环境1：x.x.x.x:7001测试环境2：x.x.x.x:7002容器主机