Security Level:

Container and Serverless at Edge Connected to Cloud

Ying Xiong, Cloud Platform Chief Architect @ Huawei

2

About Me

u Chief Architect of Cloud Platform @ Huawei

u Head of Seattle cloud lab @ Huawei

u A board Member of CNCF Foundation

u Formal Principal Dev Manager of Azure @ Microsoft u Formal Enterprise Technical Architect @ AT&T

3

Container and Serverless @ Edge Cloud

n  What Is Edge Cloud ü  Computing resources at edge and managed by Cloud -

extension of central cloud ü  Resource ownership – cloud provider or customers ü  Apps are scheduled & deployed onto edge from Cloud ü  Bidirectional communication between edge and cloud.

n  Why We Do Edge Cloud ü  Video surveillance scenario ü  Industry IoT scenario ü  Smart home scenario

4

Challenges for Edge Cloud

n  Resource constraints

n  Network instability (self managed when offline)

n  No access from public network (private network)

n  Manage multi-tenant edge resources from cloud

n  Edge to edge communication

5

Kubernetes @ Edge

n  What happens when an edge node lost the network connection? Kubernetes

Kubelet Kubelet

n  No communication channel for data plane

n  No serverless@edge support – push serverless functions to edge node.

6

HL Design for Edge Cloud

CloudHub

Kubernetes API Server

ETCD

EdgeHub

Edge Controller

Container & Serverless Function Repository EdgeSync

Cloud Edge Node

ETCD

EventHub

KubeEdge Func Repo Events from devices

Containers

Functions

Ø  CloudHub / EdgeHub

Ø  Edge Controller

Ø  Metadata Sync & Local Store

Ø  KubeEdge

Ø  EventHub

EdgeSync

7

CloudHub & Edge Hub

n  A custom protocol over TCP/IP designed for edge-cloud communication

n  Is reliable, bi-directional multiplex channel with scalability and multi-tenancy on cloud end.

n  Support http (current), websocket, grpc and tcp/ip

n  AuthN: Edge node uses certificate to authenticate itself to the cloud

8

Edge Controller

n An Kubernetes controller plugin managing edge nodes, including registering new edge nodes

n Watch app spec changes on behalf of edge nodes & sync metadata to edge nodes

n Update Kubernetes on node and app status on the edge through CloudHub / Edge Hub

9

Metadata Sync

n  Trimmed down version (MVCC/gRPC/Raft) of ETCD on edge storing a copy of metadata relevant to that edge node

n  App (pod) spec changes (new deploy, or upgrade or remove exist app) sync from cloud to edge

n  Node and app status data sync from edge to cloud

EdgeSync Kubernetes API Server

EdgeSync ETCD Min

KubeEdge

10

KubeEdge

n KubeEdge manages runtime environment and app (container) lifecycle on the edge nodes

n KubeEdge is an optimized version of kubelet on edge managing lifecycle of containers & functions

n KubeEdge can work offline when network connection is lost. It also responses to edge events & starts corresponding functions on the edge.

Copyright©2016 Huawei Technologies Co., Ltd. All Rights Reserved. The information in this document may contain predictive statements including, without limitation, statements regarding the future financial and operating results, future product portfolio, new technology, etc. There are a number of factors that could cause actual results and developments to differ materially from those expressed or implied in the predictive statements. Therefore, such information is provided for reference purpose only and constitutes neither an offer nor an acceptance. Huawei may change the information at any time without notice.

Thank You.

Q/A