【编者的话】本文介绍了VMware最近宣布的两项容器解决方案,分别是整合了vSphere的容器技术(vSphere Integrated Containers,简称vIC)和Photon平台,并与现有方案进行了对比。
最近,VMware宣布了几项关于容器的和如何构建云原生应用(cloud-native application)的 技术和方案 。这次公告的目标客户是传统的VMWare客户,他们的特点是他们会关注Docker等新技术,同时对于离开可信的供应商又是比较谨慎的。 整合了vSphere的容器技术(vSphere Integrated Containers) 和 Photon平台 给与了这些客户一个机会来开始构建云原生应用。
然而,VMware提出的大量的新技术和新术语对于传统的VMware管理员们、架构师们和顾问们带来了新的挑战。本篇博文尝试搞清楚这些新的方案,并与现有方案进行对比。
第一个方案是整合了vSphere的容器技术(vSphere Integrated Containers,简称vIC),这是VMware提出的一个进化的容器方案。根据VMware的介绍,vIC的理念是,容器本质上是"一个打包了依赖的、用于执行的、存在于私有命名空间(private namespace)的、资源受限的二进制可执行文件",而容器宿主(container host)是“一个包含了必要的存储和网络架构的计算资源池,用于管理容器”。如果你接受这样一个前提的话,那么是什么构成容器和容器宿主并不重要,只要开发者们可以使用类似Docker APIs这样的标准容器APIs来访问这些资源就可以了。
vIC是从Bonneville项目发展而来,它将容器技术解构成了若干基本能力,然后通过组合VMware的ESXi, Photon OS和Instant Clone等技术来替换这些能力。这个解决方案可以将传统的vSphere架构和容器技术连接起来,使得VMware管理员使用熟悉的VMware工具(如vSphere)来管理这些特定类型的容器。
通过下面这张图来对比一下Docker容器技术和整合了vSphere的容器技术。
在vIC架构中,ESXi虚拟层(hypervisor)替代Linux服务器作为Docker容器的宿主机操作系统。为了替代Linux内核隔离机制来创建容器,如namepaces和cgroups,vIC借助了ESXi的硬件虚拟化机制来创建容器虚拟机(container VMs)。为了使传统的vSphere虚拟机具备和Linux容器相匹配的启动速度,vIC使用Photon OS的一个“微小版本”(pico version)作为VM,并创建一个0开销的拷贝,成为JeVM(Just enough VM)。JeVM是一种新型的容器VM,共享父虚拟机的内存。当内存页发生改变的时候,写时拷贝(copy-on-write)操作将为子虚拟机创建一个新的内存页。每当一个新的容器创建时,都会重复这一过程。
vIC的其中一个优势是,可以使用现有的工具(如vCenter)来管理容器宿主机,原因是容器宿主机本质上就是一台ESXi主机或者vSphere集群。这意味着vIC可以利用vSphere的高级功能,如HA、vMotion和分布式资源调度(Distributed Resource Scheduling,简称DRS)。我们把这种抽象称为虚拟容器宿主机(virtual container host,简称VIH)。VMware将VIH定义为“具有完全动图边界的容器终结点(Container endpoint with completely dynamic boundaries),在这个边界内,vSphere资源管理器处理容器如何放置,从而虚拟Docker宿主机可以使一个完整的vSphere集群,也可以是这个集群的一部分”。这对于有些人可能很容易混淆,我的理解是,DRS允许容器虚拟机可以在vSphere集群中的ESXi宿主机之间来回移动。这样一来,我们可以把托管传统虚拟机的vSphere集群称为虚拟的VM宿主机(virtual VM host)。
作为容器终结点,VIH机制向开发者暴露了Docker APIs,使得他们与vIC交互的方式和与基于Linux的Docker容器的交互方式是完全相同的。同时,VIH和vIC实例可以通过vSphere网页客户端管理,就像传统的vSphere资源一样。
来自VMware的Georg Hicken提供的这张幻灯片很好地做了总结:
如果说vIC是针对从传统虚拟机过渡到容器的客户的解决方案,那么Photon平台就是针对完全使用容器和Kubernetes、Mesos等容器管理工具的客户的解决方案。
Photon is architected to provide the type of scale and speed being trumpeted by vendors who are advocating for "Google-Style" Infrastructures in the datacenter. VMware is looking to acc
omplish this in Photon by replacing the traditional ESXi hypervisor with a new lightweight "microvisor," containers as units of application delivery, and management of the stack using a new control plane, called the Photon Controller, that is optimized for container management.
A good way to begin getting a handle on the Photon Platform is by comparing with another container infrastructure, such as CoreOS' Tectonic Platform.
Starting with the Photon Machine layer, you can see that the Photon Machine, which is a new ESXi based "microvisor combined with Photon OS, provides the container host OS and container runtime. This can be confusing at first since in the Tectonic stack, the Linux-based minimal OS called CoreOS is considered the container host OS and is differentiated from their container runtime, which is typically RKT but can also be Docker. In VMware's literature, however, they seem to treat the microvisor as the container host OS and call Photon OS the container runtime. This is an area I would like to have better understanding of the technology.
Moving up the stack, the Photon Controller is a distributed control plane and resource manager that is intended to be used to manage a fleet of Photon Machines. The Photon Controller should not have the scalability limitations of a monolithic controller like vCenter. This is one of the reason VMware themselves pitch vIC, which will be managed by vCenter, as a container solution for moderate scale and Photon Platform as the solution for large scale container infrastructures.
As the diagram above shows, the Photon Controller is being positioned as a uber-manager for container management/resource scheduling systems such as Docker Machine/Compose/Swarm, Kubernetes, and Apache Mesos. In other words, you would use Photon Controller to provision and manage Kubernete and Mesos clusters while the the latter container management systems would manage their owns pods or nodes. An analogy might be vRealize Automation (vRA) managing different vSphere clusters where the ESXi hosts in the clusters are themselves managed by vCenter instances. The Photon Controller is being bundled with Project Lightwave to provide identity access management and future plans are to include other capabilities and plugins to enable the Controller to be used for infrastructure provisioning, monitoring, and management.
VMware are making some bold moves in their quest to remain relevant in a container-centric cloud-native future. While many are quick to dismiss VMware as a legacy company that will be left behind, it is important to remember the VMware customer base will likely be moving to containers cautiously. With vIC and Photon Platform, VMware has solutions that they can offer customers to help with that transition at whatever pace is appropriate for a specific customer. There is no guarantee though of success for VMware in this new cloud-native world where open source software reigns. They've taken some positive steps such as creating a cloud-native apps team and open sourcing their Photon Controller. However, it remains to be seen if VMware get it right and prove that they are not just paying lip service to open source. In any case, they should not be ignored or discounted.
Meanwhile, I encourage readers to look at the resources below to learn more about vIC and Photon Platform:
How To Choose The Best Infrastructure Stack For Your Cloud-Native Applications
Project Bonneville and vSphere Integrated Containers
vSphere Integrated Controllers - Technology Walk Through
VMware Photon Controller Deep Dive
原文链接: Sorting Out VMware's Container Technologies (翻译:夏彬)