VMware容器解決方案一覽

【編者的話】本文介紹了VMware最近宣布的兩項容器解決方案，分別是整合了vSphere的容器技術（vSphere Integrated Containers，簡稱vIC）和Photon平臺，并與現有方案進行了對比。

最近，VMware宣布了幾項關于容器的和如何構建云原生應用（cloud-native application）的 技術和方案 。這次公告的目標客戶是傳統的VMWare客戶，他們的特點是他們會關注Docker等新技術，同時對于離開可信的供應商又是比較謹慎的。 整合了vSphere的容器技術（vSphere Integrated Containers） 和 Photon平臺 給與了這些客戶一個機會來開始構建云原生應用。

然而，VMware提出的大量的新技術和新術語對于傳統的VMware管理員們、架構師們和顧問們帶來了新的挑戰。本篇博文嘗試搞清楚這些新的方案，并與現有方案進行對比。

vSphere Integrated Containers

第一個方案是整合了vSphere的容器技術（vSphere Integrated Containers，簡稱vIC），這是VMware提出的一個進化的容器方案。根據VMware的介紹，vIC的理念是，容器本質上是"一個打包了依賴的、用于執行的、存在于私有命名空間（private namespace）的、資源受限的二進制可執行文件"，而容器宿主（container host）是“一個包含了必要的存儲和網絡架構的計算資源池，用于管理容器”。如果你接受這樣一個前提的話，那么是什么構成容器和容器宿主并不重要，只要開發者們可以使用類似Docker APIs這樣的標準容器APIs來訪問這些資源就可以了。

vIC是從Bonneville項目發展而來，它將容器技術解構成了若干基本能力，然后通過組合VMware的ESXi, Photon OS和Instant Clone等技術來替換這些能力。這個解決方案可以將傳統的vSphere架構和容器技術連接起來，使得VMware管理員使用熟悉的VMware工具（如vSphere）來管理這些特定類型的容器。

通過下面這張圖來對比一下Docker容器技術和整合了vSphere的容器技術。

在vIC架構中，ESXi虛擬層（hypervisor）替代Linux服務器作為Docker容器的宿主機操作系統。為了替代Linux內核隔離機制來創建容器，如namepaces和cgroups，vIC借助了ESXi的硬件虛擬化機制來創建容器虛擬機（container VMs）。為了使傳統的vSphere虛擬機具備和Linux容器相匹配的啟動速度，vIC使用Photon OS的一個“微小版本”（pico version）作為VM，并創建一個0開銷的拷貝，成為JeVM（Just enough VM）。JeVM是一種新型的容器VM，共享父虛擬機的內存。當內存頁發生改變的時候，寫時拷貝（copy-on-write）操作將為子虛擬機創建一個新的內存頁。每當一個新的容器創建時，都會重復這一過程。

vIC的其中一個優勢是，可以使用現有的工具（如vCenter）來管理容器宿主機，原因是容器宿主機本質上就是一臺ESXi主機或者vSphere集群。這意味著vIC可以利用vSphere的高級功能，如HA、vMotion和分布式資源調度（Distributed Resource Scheduling，簡稱DRS）。我們把這種抽象稱為虛擬容器宿主機（virtual container host，簡稱VIH）。VMware將VIH定義為“具有完全動圖邊界的容器終結點（Container endpoint with completely dynamic boundaries），在這個邊界內，vSphere資源管理器處理容器如何放置，從而虛擬Docker宿主機可以使一個完整的vSphere集群，也可以是這個集群的一部分”。這對于有些人可能很容易混淆，我的理解是，DRS允許容器虛擬機可以在vSphere集群中的ESXi宿主機之間來回移動。這樣一來，我們可以把托管傳統虛擬機的vSphere集群稱為虛擬的VM宿主機（virtual VM host）。

作為容器終結點，VIH機制向開發者暴露了Docker APIs，使得他們與vIC交互的方式和與基于Linux的Docker容器的交互方式是完全相同的。同時，VIH和vIC實例可以通過vSphere網頁客戶端管理，就像傳統的vSphere資源一樣。

來自VMware的Georg Hicken提供的這張幻燈片很好地做了總結：

Photon Platform

如果說vIC是針對從傳統虛擬機過渡到容器的客戶的解決方案，那么Photon平臺就是針對完全使用容器和Kubernetes、Mesos等容器管理工具的客戶的解決方案。

Photon is architected to provide the type of scale and speed being trumpeted by vendors who are advocating for "Google-Style" Infrastructures in the datacenter. VMware is looking to acc

omplish this in Photon by replacing the traditional ESXi hypervisor with a new lightweight "microvisor," containers as units of application delivery, and management of the stack using a new control plane, called the Photon Controller, that is optimized for container management.

A good way to begin getting a handle on the Photon Platform is by comparing with another container infrastructure, such as CoreOS' Tectonic Platform.

Starting with the Photon Machine layer, you can see that the Photon Machine, which is a new ESXi based "microvisor combined with Photon OS, provides the container host OS and container runtime. This can be confusing at first since in the Tectonic stack, the Linux-based minimal OS called CoreOS is considered the container host OS and is differentiated from their container runtime, which is typically RKT but can also be Docker. In VMware's literature, however, they seem to treat the microvisor as the container host OS and call Photon OS the container runtime. This is an area I would like to have better understanding of the technology.

Moving up the stack, the Photon Controller is a distributed control plane and resource manager that is intended to be used to manage a fleet of Photon Machines. The Photon Controller should not have the scalability limitations of a monolithic controller like vCenter. This is one of the reason VMware themselves pitch vIC, which will be managed by vCenter, as a container solution for moderate scale and Photon Platform as the solution for large scale container infrastructures.

As the diagram above shows, the Photon Controller is being positioned as a uber-manager for container management/resource scheduling systems such as Docker Machine/Compose/Swarm, Kubernetes, and Apache Mesos. In other words, you would use Photon Controller to provision and manage Kubernete and Mesos clusters while the the latter container management systems would manage their owns pods or nodes. An analogy might be vRealize Automation (vRA) managing different vSphere clusters where the ESXi hosts in the clusters are themselves managed by vCenter instances. The Photon Controller is being bundled with Project Lightwave to provide identity access management and future plans are to include other capabilities and plugins to enable the Controller to be used for infrastructure provisioning, monitoring, and management.

Summary And Additional Resources

VMware are making some bold moves in their quest to remain relevant in a container-centric cloud-native future. While many are quick to dismiss VMware as a legacy company that will be left behind, it is important to remember the VMware customer base will likely be moving to containers cautiously. With vIC and Photon Platform, VMware has solutions that they can offer customers to help with that transition at whatever pace is appropriate for a specific customer. There is no guarantee though of success for VMware in this new cloud-native world where open source software reigns. They've taken some positive steps such as creating a cloud-native apps team and open sourcing their Photon Controller. However, it remains to be seen if VMware get it right and prove that they are not just paying lip service to open source. In any case, they should not be ignored or discounted.

Meanwhile, I encourage readers to look at the resources below to learn more about vIC and Photon Platform:

How To Choose The Best Infrastructure Stack For Your Cloud-Native Applications

Project Bonneville and vSphere Integrated Containers

vSphere Integrated Controllers - Technology Walk Through

VMware Photon Controller Deep Dive

原文鏈接： Sorting Out VMware's Container Technologies （翻譯：夏彬）