Shulou(Shulou.com)05/31 Report--

Today, I will talk to you about how to analyze the outline design of container cloud Paas platform based on K8s. Many people may not know much about it. In order to make you understand better, the editor has summarized the following for you. I hope you can get something from this article.

The container cloud Paas platform based on K8s should be something that every company using K8s must do. Today we try to take the application as the center and build building blocks to complete the design of a minimum version of container cloud Paas platform, Let's Go.

1. Basic function

We expect to achieve a self-service as much as possible, so we will not consider some operations such as approval and so on. In this part, we will complete the key process of the application from packaging to launch.

1.1 Image Packaging

When the R & D code is written, the code needs to be deployed in the production environment, and the smallest unit of deployment is usually the Docker image, so we need to implement a self-service image packaging service to achieve the delivery from the source code to the docker image.

After the R & D submits the code to the GIt code repository, the code warehouse administrator can set a callback hook to notify our deployment pipeline, follow the deployment pipeline to build the target image according to the steps set before, and publish the constructed image to our image repository.

In which the deployment pipeline, we can directly use the old Jenkins, or we can choose Tekton, a cloud native deployment tool.

1.2 basic Services

If only from the point of view of the application itself, in addition to the basic running environment and code, it usually depends on some basic services (regardless of the dependencies of the application layer), such as mysql, redis, kafka and other basic services, but such services may not be in K8s (except opeartor), then we need a self-service integration method. Here we integrate through service catalog, and users only need to apply. Then you can get the corresponding basic service resources by yourself.

1.3 Log monitoring

After the app is launched, how can we get the corresponding health status? We usually need logs and monitoring to assist. We hope that a way can be used to collect logs and monitoring items for self-service. At this time, we need a way to integrate with the monitoring and logging system, and it will also involve respective monitoring alarms. For logs, we use EFK to collect logs, and monitoring is completed by Prometheus. In addition, in addition to the basic resource monitoring of the application We can let the business also expose the corresponding business indicators, so that we can achieve the monitoring of the indicator level of the business layer.

1.4 load balancing

After the application is launched, it is usually necessary to provide external access. In K8s, because of network reasons, it is usually necessary to expose the internal service of the network through ingress. To provide users with a component that can automatically associate services and load balancers, there are usually two options for load balancing components: established load balancing components (Nginx/Kong/Haproxy) and Micro Service Gateway (Traefik). The core of the choice is usually whether we want to transform it or not. For example, if we want to do some basic verification, circuit breaker, current limiting and other implementation on ingress, we need to carry out secondary development, then we need to choose the ingress of the appropriate technology stack.

These Ingress usually need some proprietary nodes, that is, only responsible for the operation of ingress, commonly known as Proxy nodes, we need to combine the stains in K8s to carry out some control, and only allow ingress containers to schedule to these nodes.

1.5 deploy updates

Most applications will iterate the code with the iteration of the product or bug repair, but in K8s it is usually what we call image update, which can be done automatically with the help of deployment of K8s

When applying updates, it is usually necessary to carry out grayscale testing, that is, only some users are allowed to access it, and if there is an exception, it will be rolled back immediately. If it is normal, the entire application cluster will be scrolled back, but the implementation of this method in K8s is mainly achieved through Deployment. Here, we mainly create a new Deployment according to the proportion of user gray, and continue to update the old Deployment if successful.

1.6 Application offline

For offline applications, we usually need to release the corresponding resources. A gc module may be needed here, which is responsible for cleaning up various resources of the application.

So far, based on some basic requirements of k8s and applications, we have completed the full lifecycle management of basic versions of applications based on cloud native, such as code packaging, online monitoring, deployment updates, observability (log monitoring), etc.

two。 Function realization of Paas platform based on K8s

In this section, we mainly focus on the implementation of some functions related to the Paas platform based on K8s plane, including: multi-tenant management, auto scaling, capacity planning, configuration management, shared storage, cluster management, application market and other functions.

2.1 Multi-tenant isolation

Multi-tenancy is an important mechanism based on paas platform. The essence of multi-tenancy is to achieve resource isolation, which usually includes physical isolation and software isolation. The so-called physical isolation is carried out on physical entities (such as servers), while software isolation refers to access isolation of resources through access control, considering that most companies usually do not physically isolate k8s. So we can directly use namespace in K8s to do several times the isolation of the software.

2.2 Elastic expansion

Auto scaling on demand is a typical feature of Paas platform, while K8s comes with HPA (horizontal automatic scaling), and realizes VPA (vertical automatic scaling) and Cluster automatic scaling through autoscaler. Depending on these controllers, we can easily provide users with auto scaling (generally or horizontally more).

2.3 capacity Planning

The main goal of capacity planning is to achieve resource isolation by defining the resource quota of each business line, at the same time, resource charging can be carried out through capacity calculation, and future capacity planning and decision-making resource procurement, cost accounting and control of enterprises are carried out. This part mainly depends on the ResourceQuota of K8s to achieve quota function, and to do cost accounting through monitoring data.

2.4 configuration Management

In the process of application development, some configuration information is usually used, such as basic log, cache, database and other configuration information. In the previous environment, it was managed either based on env files or based on the configuration center, while in K8s Chinese names can be managed through configMap and Secret resources, that is, configuration data is separated from images, and automatic configuration loading is realized according to the environment.

2.5 shared Storage

Shared storage in K8s mainly depends on PV/PVC. This is partly because the infrastructure of each company is relatively different, which usually needs to be adjusted according to the company's existing technical capabilities. The specific implementation depends on the implementation of CSI, which is not explained here.

2.6 Cluster Management

In the internal environment of the company, sometimes disaster recovery backup and other considerations are needed, then multi-computer room deployment is needed. Then our PAAS platform also needs to have this ability of multi-cluster management. In fact, it is also suitable for production, testing and other multi-environment cluster management. Cluster management is mainly to solve the problem of platform multi-environment deployment, and to manage all clusters of the whole group through one platform.

2.7 Application Market

The application market mainly refers to some applications such as redis, etcd, kafka middleware, etc. In addition to the integration of the service catalog mentioned earlier, we also allow users to create some basic services through opeartor, thus promoting the containment of the infrastructure. This part usually needs to be fine-tuned according to the current environment and open source opeartor, so as to adapt to the company's internal environment.

2.8 user Center

In many companies, there are usually some internal user center services, which can be integrated for user authentication and even some permission control of the container cloud platform to avoid duplicating wheels.

2.9 basic functions

In addition to the above business functions, we usually have to carry out basic functions, such as operation audit, permission control, security control and other basic functions, so we already have a basic available cloud native Paas platform based on K8s.

3. Summary of Container Paas platform

Through the above infrastructure, we can usually get an application-based container PaaS platform based on K8s, and from a variety of functions, based on various resources of K8s, we only need little development work to complete the construction of the entire Paas platform. From the next section, we begin to carry out some key parts of the development work, and some K8s operator development, Let's Go.

After reading the above, do you have any further understanding of how to analyze the outline design of container cloud Paas platform based on K8s? If you want to know more knowledge or related content, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.