Written by Sundar Nadathur of Intel
EMCO has a broad vision for end-to-end orchestration that includes not only deployment of complex workloads in a wide range of scenarios but also automation of the infrastructure needed by such workloads, ranging from networking and service mesh to application security. The focus on application infrastructure automation sets EMCO apart from most other orchestrators. The 22.09 release takes EMCO closer to production in many ways, provides an upgraded GUI, enhances workflow integration, reduces dependence on remote git servers for GitOps, and takes important first steps towards Confidential Computing with Intel (R) SGX.
The EMCO 22.09 release, as part of the drive to enable deployment in production scenarios, brings many significant enhancements in observability and resiliency of the EMCO microservices:
- Observability: Monitoring and troubleshooting in production requires the system to be observable using logs, metrics, traces, etc. This release will help the administrator in all these areas. Request flows through core EMCO microservices such as the orchestrator can now be traced using OpenTelemetry-compatible tools such as Jaeger. EMCO microservices now implement many useful metrics and expose them to Prometheus.
- Resiliency: Production deployments at scale have to withstand disruptive scenarios such as process crashes, node failures or power outages. EMCO microservices have been thoroughly tested in this release for their ability to resume after a restart without losing data. Any gaps observed in this validation effort will get fixed over the subsequent releases.
- Unified Storage Planning: A deployment of EMCO will require storage for different uses, such as the two databases (mongo and etcd), logs, metrics and traces. EMCO does not mandate any specific storage provisioner, leaving it to each deployment. In this release, EMCO has been validated with NFS storage using the NFS Provisioner that is part of the EMCO repository. This shows customers at least one path to a successful deployment with unified storage for different usages.
EMCO’s Graphical User Interface (GUI) has been updated as part of this release. The GUI allows a user to onboard composite applications and clusters, define logical clouds, and create deployment intent groups. The user can deploy, upgrade, and terminate composite applications in different levels of logical clouds. With this release, the GUI can handle traffic intents via the Distributed Traffic Controller in EMCO.
EMCO added support for Temporal workflow integration in 22.03; in the previous 22.06 release and in this one, workflows can be invoked as part of the application lifecycle events, i.e., specific workflows can be run before or after application deployment, update, and termination. With the addition of support for gitea, a local self-hosted git server, administrators can now handle GitOps scenarios with no dependence on network access to remote git servers. Logical clouds support for Anthos has been added in this release.
An important aspect of security in a production deployment is the safe storage and provisioning of private keys and other secrets. Intel’s Software Guard Extensions (R) technology enables Confidential Computing by protecting data in use by an application inside secure enclaves. With this release, the newly added ca-cert controller provisions the needed SGX resources in EMCO-managed clusters that have Intel (R) SGX enabled and also provisions keys in the key server. This enables deployed applications to use certificates whose keys are securely protected. This feature is proof of concept in this release and will be refined in the future releases.
This release reinforces the position of EMCO as a leading open source orchestrator that goes beyond the basics by orchestrating the infrastructure needs of modern cloud-native applications, including security, in addition to catering to the complex deployment scenarios that they require.