Shulou(Shulou.com)06/03 Report--

Kubernetes has become a recognized de facto standard for container orchestration in the industry, and it is almost omnipresent. It's hard to meet an IT practitioner who has never understood the technology of Kubernetes. Software development, testing, and infrastructure are all within its "business scope".

You need an etcd database, kube-controller, kube-scheduler, certificate, core-DNS, etc.

In addition to creating the environment and management processes, the strategic and tactical planning of the company is also particularly important. Few companies begin to adopt containers simply to meet infrastructure needs. Your container environment design and technology stack are more likely to support old and new computing forms while avoiding reuse of assets, resources, and costs. (examples of the functions of the technology stack and design are as follows)

Figure 1 build container technology stack

Fig. 2 Container environment design

Management and automation

Rancher is an open source enterprise Kubernetes management platform that provides Kubernetes-as-a-Service (Kubernetes as a service) for enterprise users. Its simple and intuitive interface style and operation experience greatly solve the long-standing problems of poor ease of use and steep learning curve of Kubernetes native UI. By using Rancher, you can avoid the pain of manually creating Kubernetes clusters and set up clusters automatically with one click. It also provides a set of features required for K8s clusters, including configuration, access control, global DNS, disaster recovery, monitoring, logging, and cluster upgrades. Using Ansible, you can configure CentOS VMs for K8s nodes.

Logging and monitoring

Rancher has a built-in FluentD deployment that can be used to build the EFK stack. Each cluster can be configured to push FluentD logs to the Elasticsearch instance.

Kibana is an open source visualization platform that makes it extremely easy to view and search Elasticsearch logs.

Elasticsearch Github repo:

Https://github.com/helm/charts/tree/master/stable/elasticsearch

Prometheus is a high-quality solution for collecting monitoring metrics. Prometheus server can be used to store time series data, alert-manager can be used to manage alarms, node-exporter can derive metrics from nodes, and Kube-state-metrics can generate metrics for all K8s objects.

Prometheus Github repo:

Https://github.com/helm/charts/tree/master/stable/prometheus

However, Prometheus lacks a user interface, so it requires Grafana, a data visualization tool. It can connect to Prometheus server and provide charts and dashboard for monitoring.

Grafana Github repo:

Https://github.com/helm/charts/tree/master/stable/grafana

Management and automation

Rancher is an open source enterprise Kubernetes management platform that provides Kubernetes-as-a-Service (Kubernetes as a service) for enterprise users. Its simple and intuitive interface style and operation experience greatly solve the long-standing problems of poor ease of use and steep learning curve of Kubernetes native UI. By using Rancher, you can avoid the pain of manually creating Kubernetes clusters and set up clusters automatically with one click. Using Ansible, you can configure CentOS VMs for K8s nodes.

Logging and monitoring

Rancher has a built-in FluentD deployment that can be used to build the EFK stack. Each cluster can be configured to push FluentD logs to the Elasticsearch instance.

Kibana is an open source visualization platform that makes it extremely easy to view and search Elasticsearch logs.

Elasticsearch Github repo:

Https://github.com/helm/charts/tree/master/stable/elasticsearch

Prometheus is a high-quality solution for collecting monitoring metrics. Prometheus server can be used to store time series data, alert-manager can be used to manage alarms, node-exporter can derive metrics from nodes, and Kube-state-metrics can generate metrics for all K8s objects.

Prometheus Github repo:

Https://github.com/helm/charts/tree/master/stable/prometheus

However, Prometheus lacks a user interface, so it requires Grafana, a data visualization tool. It can connect to Prometheus server and provide charts and dashboard for monitoring.

Grafana Github repo:

Https://github.com/helm/charts/tree/master/stable/grafana

Persistent storage

Everything in Kubernetes is dynamic and stateless, which violates the principles of traditional storage schemes. Therefore, choosing a feasible persistent storage solution is one of the difficulties you will face. There are many popular solutions on the market, such as Ceph, Rook, StarageIO and Portworx.

Among them, Portworx has the dynamic encryption configuration of data mobility, high availability, independence and persistent volumes. On the worker node, we recommend that anotherdisk (vmdk) create a storage pool through Portworx. Portworx is equipped with an intelligent scheduler called stork, which can save licensing costs by installing Portworx on only a few worker nodes.

You can use this helm chart to deploy Portworx:

Https://github.com/portworx/helm/tree/master/charts/portworx

Container security

Container security is constantly evolving, and because of the dynamic nature of pod, it is critical to make all processes and communications within the container visible and controllable. Neuvector can provide continuous runtime protection for hosts and pod, and it can protect containers from security vulnerabilities by scanning Kubernetes clusters, nodes, pod, and container images. In addition, an additional advantage is the ability to provide docker and kubernetes benchmarks for clusters. It can also become a network firewall by learning the good behavior of pod/service, and dynamically create security policies based on this. When service is in protected Mode, it can prevent any unauthorized process or network traffic from running for that pod or service.

You can use this helm chart to deploy Neuvector:

Https://github.com/neuvector/neuvector-helm

Load balancing

Once the applications are deployed in the K8S cluster, there are several options to expose them outside the cluster. Another factor to consider is if you are migrating the application from the traditional infrastructure to the container and want to keep the rollback state or want to retain the services that have now been migrated to the K8S cluster in the traditional environment.

AVI Networks can provide a software-defined load balancer with a control plane and a service plane. This load balancer provides load balancing, traffic management, auto scaling, and end-to-end automated K8S services. AVI deploys the service engine as PODS on the K8S cloud, which can handle north-south traffic (that is, traffic between clients and servers), as well as load balancing of K8S services.

Each time you create an ingress in the K8S cloud, AVI is configured with a DNS server and an IPAM pool, and virtual services can be created automatically. It allocates an IP from IPAM, creates a DNS portal, and configures the backend pod pool. AVI can also add various HTTP policies and network security policies through the comments of ingress.

CI/CD tool

Because everything and its dependencies are packaged into containers, Kubernetes can make continuous deployment a reality, and it can also schedule workloads from specific worker nodes. The rolling update strategy can perform continuous deployment with zero downtime.

Jenkins is an excellent continuous integration and mirror building tool that provides integration with Gitlab, Nexus, JFrog artifactory, SonarQube, Neuvector, Fority, Helm, and Rancher to form a complete CI/CD pipeline.

Helm packages the entire application stack into chart, including pod, services, secert, ingress, persistent storage, and so on. Helm can also maintain consistent deployment across different environments. (as shown below)

Figure 3 Container components

All in all, there are many ways to help build the Kubernetes platform, making it easier than ever to deploy applications in a K8S cluster. I hope this will give you a better understanding of the areas you need to focus on and which tools or platforms can make K8S clustering a reality in the enterprise.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.