Service Fabric 和容器Service Fabric and containers

介绍Introduction

Azure Service Fabric 是一款分布式系统平台,可方便用户轻松打包、部署和管理可缩放的可靠微服务和容器。Azure Service Fabric is a distributed systems platform that makes it easy to package, deploy, and manage scalable and reliable microservices and containers.

Service Fabric 是 21Vianet 推出的跨计算机群集部署微服务的容器业务流程协调程序Service Fabric is 21Vianet's container orchestrator for deploying microservices across a cluster of machines. Service Fabric 受益于多年来在 Azure 上大规模运行服务所吸取的经验教训。Service Fabric benefits from the lessons learned during its years running services at Azure at massive scale.

微服务的开发方法有多种,包括使用 Service Fabric 编程模型ASP.NET Core 或部署任意选定代码Microservices can be developed in many ways from using the Service Fabric programming models, ASP.NET Core, to deploying any code of your choice. 或者,如果你只想部署和管理容器,则Service Fabric 也是一个不错的选择。Or, if you just want to deploy and manage containers, Service Fabric is also a great choice.

默认情况下,Service Fabric 以进程形式部署和激活这些服务。By default, Service Fabric deploys and activates these services as processes. 进程能够以最快的速度激活、以最高的密度使用群集中的资源。Processes provide the fastest activation and highest density usage of the resources in a cluster. Service Fabric 还可以部署容器映像中的服务。Service Fabric can also deploy services in container images. 此外,可以在同一应用程序中混合进程中的服务和容器中的服务。You can also mix services in processes, and services in containers, in the same application.

若要立即在 Service Fabric 上体验容器,请尝试学习快速入门、教程或示例:To jump right in and try out containers on Service Fabric, try a quickstart, tutorial, or sample:

快速入门:将 Linux 容器应用程序部署到 Service FabricQuickstart: Deploy a Linux container application to Service Fabric
快速入门:将 Windows 容器应用程序部署到 Service FabricQuickstart: Deploy a Windows container application to Service Fabric
将现有 .NET 应用容器化Containerize an existing .NET app
Service Fabric 容器示例Service Fabric Container Samples

什么是容器What are containers

容器提供一个不可变的环境用于运行应用程序,可以解决在不同计算环境中可靠运行应用程序的问题。Containers solve the problem of running applications reliably in different computing environments by providing an immutable environment for the application to run in. 容器将应用程序及其所有依赖项(例如库和配置文件)包装到该应用程序自身的独立“框架”中,该框架包含在容器内部运行软件所需的一切组件。Containers wrap an application and all of its dependencies, such as libraries and configuration files, into its own isolated 'box' that contains everything needed to run the software inside the container. 无论容器在何处运行,其内部的应用程序始终会获得所需的一切组件来运行适当版本的依赖库、任何配置文件和需要运行的其他所有项目。Wherever the container runs, the application inside it always has everything it needs to run such as the right versions of its dependent libraries, any configuration files, and anything else it needs to run.

容器直接在内核顶层运行,在文件系统与其他资源之间界定了范围。Containers run directly on top of the kernel and have an isolated view of the file system and other resources. 容器内部的应用程序不知道其容器外部的其他任何应用程序或进程。An application in a container has no knowledge of any other applications or processes outside of its container. 每个应用程序及其运行时、依赖项和系统库都在容器中运行,在容器各自的独立操作系统范围内拥有完全专属访问权限。Each application and its runtime, dependencies, and system libraries run inside a container with full, private access to the container's own isolated view of the operating system. 除了方便提供应用程序所需的所有依赖项,使应用程序能够在不同的计算环境中运行以外,安全性和资源隔离也是在 Service Fabric 中使用容器的重要优势 - 否则需要在进程中运行服务。In addition to making it easy to provide all of your application's dependencies it needs to run in different computing environments, security and resource isolation are important benefits of using containers with Service Fabric--which otherwise runs services in a process.

相比于虚拟机,容器具有以下优势:Compared to virtual machines, containers have the following advantages:

  • 小 :容器使用单个存储空间和层的版本与更新,提高了效率。Small: Containers use a single storage space and layer versions and updates to increase efficiency.
  • :容器无需启动整个操作系统,因此启动速度更快,通常在几秒内即可启动。Fast: Containers don't have to boot an entire operating system, so they can start much faster--typically in seconds.
  • 可移植性:容器化的应用程序映像可以移植到云中或本地运行、移植到虚拟机中运行,或者直接在物理机上运行。Portability: A containerized application image can be ported to run in the cloud, on premises, inside virtual machines, or directly on physical machines.
  • 资源监管:可以限制容器可在其主机上消耗的物理资源的容器。Resource governance: A container can limit the physical resources that it can consume on its host.

容器类型和受支持的环境Container types and supported environments

Service Fabric 支持 Linux 和 Windows 上的容器,也支持 Windows 上的 Hyper-V 隔离模式。Service Fabric supports containers on both Linux and Windows, and supports Hyper-V isolation mode on Windows.

Linux 上的 Docker 容器Docker containers on Linux

Docker 提供 API 用于在 Linux 内核容器上创建和管理容器。Docker provides APIs to create and manage containers on top of Linux kernel containers. Docker 中心提供一个用于存储和检索容器映像的中心存储库。Docker Hub provides a central repository to store and retrieve container images. 有关基于 Linux 的教程,请参阅在 Linux 上创建第一个 Service Fabric 容器应用程序For a Linux-based tutorial, see Create your first Service Fabric container application on Linux.

Windows Server 容器Windows Server containers

Windows Server 2016 提供两种不同类型的容器,它们的隔离程度有所不同。Windows Server 2016 provides two different types of containers that differ by level of isolation. Windows Server 容器与 Docker 容器相似,因为两者都能提供命名空间和文件系统隔离,但与它们运行所在的主机共享内核。Windows Server containers and Docker containers are similar because both have namespace and file system isolation, while sharing the kernel with the host they are running on. 在 Linux 上,这种隔离一贯是由控制组 (cgroup) 和命名空间提供的,Windows Server 容器的行为与此类似。On Linux, this isolation has traditionally been provided by cgroups and namespaces, and Windows Server containers behave similarly.

包含 Hyper 支持的 Windows 容器提供更多隔离性和安全性,因为任何容器都不与其他容器或主机共享操作系统内核。Windows containers with Hyper-V support provide more isolation and security because no container shares the operating system kernel with any other container, or with the host. 由于具有这么高的安全隔离性,启用 Hyper-V 的容器适合用于对付潜在恶意的多租户方案。With this higher level of security isolation, Hyper-V enabled containers are targeted at potentially hostile, multi-tenant scenarios. 有关基于 Windows 的教程,请参阅在 Windows 上创建第一个 Service Fabric 容器应用程序For a Windows-based tutorial, see Create your first Service Fabric container application on Windows.

下图显示了可用的各种不同类型的虚拟化和隔离级别。The following figure shows the different types of virtualization and isolation levels available. Service Fabric 平台Service Fabric platform

使用容器的方案Scenarios for using containers

下面是典型示例,其中容器是一个不错的选择:Here are typical examples where a container is a good choice:

  • IIS 直接迁移:可将现有 ASP.NET MVC 应用放在容器中,而无需将其迁移到 ASP.NET Core。IIS lift and shift: You can put an existing ASP.NET MVC app in a container instead of migrating it to ASP.NET Core. 这些 ASP.NET MVC 应用都依赖于 Internet Information Services (IIS)。These ASP.NET MVC apps depend on Internet Information Services (IIS). 可以从预先创建的 IIS 映像中将这些应用程序打包成容器映像,然后再使用 Service Fabric 部署。You can package these applications into container images from the precreated IIS image and deploy them with Service Fabric. 有关 Windows 容器的信息,请参阅 Windows Server 上的容器映像See Container Images on Windows Server for information about Windows containers.

  • 将容器和 Service Fabric 微服务混合:可将现有容器映像用作应用程序的一部分。Mix containers and Service Fabric microservices: Use an existing container image for part of your application. 例如,对于应用程序的 Web 前端,可以使用 NGINX 容器;对于更密集的后端计算,可以使用有状态服务。For example, you might use the NGINX container for the web front end of your application and stateful services for the more intensive back-end computation.

  • 降低“干扰性邻居”服务的影响:可以使用容器的资源调控能力来限制服务在主机上使用的资源。Reduce impact of "noisy neighbors" services: You can use the resource governance ability of containers to restrict the resources that a service uses on a host. 如果某些服务可能会消耗许多资源,因而影响其他服务的性能(例如,长时间运行的类似于查询的操作),请考虑将这些服务放入具有资源监管功能的容器中。If services might consume many resources and affect the performance of others (such as a long-running, query-like operation), consider putting these services into containers that have resource governance.

Service Fabric 对容器的支持Service Fabric support for containers

Service Fabric 支持在 Linux 上部署 Docker 容器,在 Windows Server 2016 上部署 Windows Server 容器,同时支持 Hyper-V 隔离模式。Service Fabric supports the deployment of Docker containers on Linux, and Windows Server containers on Windows Server 2016, along with support for Hyper-V isolation mode.

Service Fabric 提供一个应用程序模型,其中的容器表示放置多个服务副本的应用程序主机。Service Fabric provides an application model in which a container represents an application host in which multiple service replicas are placed. Service Fabric 还支持来宾可执行方案,在其中不是使用内置的 Service Fabric 编程模型,而是在容器内打包以任何语言或框架编写的现有应用程序。Service Fabric also supports a guest executable scenario in which you don't use the built-in Service Fabric programming models but instead package an existing application, written using any language or framework, inside a container. 此方案是容器的常见用例。This scenario is the common use-case for containers.

还可以在容器内部运行 Service Fabric 服务You can also run Service Fabric services inside a container. 目前针对在容器内运行 Service Fabric 服务的支持有限。Support for running Service Fabric services inside containers is currently limited.

Service Fabric 提供多种容器功能,可帮助构建由容器化的微服务组成的应用程序,例如:Service Fabric provides several container capabilities that help you build applications that are composed of containerized microservices, such as:

  • 容器映像部署和激活。Container image deployment and activation.
  • 资源治理包括默认设置 Azure 群集上的资源值。Resource governance including setting resource values by default on Azure clusters.
  • 存储库身份验证。Repository authentication.
  • 容器端口到主机端口的映射。Container port to host port mapping.
  • 容器到容器的发现和通信。Container-to-container discovery and communication.
  • 能够配置和设置环境变量。Ability to configure and set environment variables.
  • 能够设置容器的安全凭据。Ability to set security credentials on the container.
  • 容器的不同网络模式选择。A choice of different networking modes for containers.

后续步骤Next steps

本文已介绍 Service Fabric 为运行容器而提供的支持。In this article, you learned about the support Service Fabric provides for running containers. 接下来,我们将演示其中的每项功能并说明其用法。Next, we will go over examples of each of the features to show you how to use them.

在 Linux 上创建第一个 Service Fabric 容器应用程序Create your first Service Fabric container application on Linux
在 Windows 上创建第一个 Service Fabric 容器应用程序Create your first Service Fabric container application on Windows
了解更多关于 Windows 容器的信息Learn more about Windows Containers