Shulou(Shulou.com)05/31 Report--

This article shows you how to carry out the overall architecture and performance analysis of TKEStack, the content is concise and easy to understand, it will definitely brighten your eyes. I hope you can get something through the detailed introduction of this article.

Stack is included in the name of TKEStack, which also indicates that TKEStack is different from other container products. It will create a set of technology stacks with the TKE container platform as the core, oriented to network, storage, applications, services and other fields, and expand the platform's capability boundaries in the underlying resource control and upper business services. All these capabilities will be open source under TKEStack, and community users and partners can participate in contribution and sharing.

Overall architecture

The overall architecture of TKEStack adopts the design concept of Kubernetes on Kubernetes, which fully meets the high availability and expansibility of platform services.

Global: the cluster is responsible for running the components required by the entire TKEStack platform itself.

Cluster: the business cluster is managed by the TKEStack console and is responsible for running the business

Installer: load installation of Global clusters and management components

Auth: authority authentication component that provides user authentication and authorization related functions

Gateway: the gateway component and runs the Web interface service of the console

Platform: a platform management component that provides platform services that include functions such as cluster management

Business: a business management component that provides background services for business management-related functions

Monitor: monitoring service component, providing monitoring collection, reporting, alarm related services

Notify: notification function component, which provides functions related to message notification

Registry: image service component that provides platform image repository and charts repository services

Galaxy: a network plug-in that provides multiple network mode services for clusters

Logagent: log management component that provides log management services for the platform

Audit: design components that provide audit services

Global cluster provides the supporting environment of container cloud platform and various components needed to run itself, including business management component, platform management component, authority authentication component, monitoring and alarm component, registry image repository component, gateway front-end page gateway component and so on. Each component is flexibly deployed in the global cluster in the form of workload, and multiple copies of each component are deployed in a highly available manner. Failures such as an exception of a single component or the disconnection of a host node will not affect the normal operation of the global cluster. The management functions that TKEStack can still provide and the normal business access of users will not be affected.

In terms of scalability, clusters are flexibly configured according to different scenarios. For example, in order to carry online services with high traffic and high reliability, it is necessary to improve the specification and configuration of global clusters so that they can manage large-scale and massive business clusters and application resources; for individual developers or small and medium-sized businesses, it can even be simplified to a global cluster composed of only a few nodes and carry services through the cluster.

Capability characteristics

Through the integration and use of TKEStack, it not only supports the whole set of functions such as K8S native resource scheduling, deployment and operation, service discovery and elastic scaling, but also supports a variety of features to facilitate user access and use, and realize the value-added of its own services through flexible expansion functions.

Native support

TKEStack is a K8S release that focuses on Kubernetes technology stack, integrates ease of use and expansibility, conforms to the Kubernetes interface standard, and the bottom layer of the product is fully compatible with the standard Kubernetes. Therefore, applications and services based on Kubernetes ecology can be seamlessly migrated to TKEStack, and users with standard K8S operation and maintenance management experience can smoothly switch to the TKEStack platform.

TKEStack follows the latest K8S version and supports all available features and security patches. Through flexible cluster management functions, it is convenient to update and upgrade the cluster to help users experience and use the latest ecological technologies. As a cloud native infrastructure platform, any application or project that conforms to cloud native specifications and standards can be built and run in TKEStack.

Simple and easy to use

UI, which is the same as Tencent's public cloud version, has a simple and friendly interface, supports the configuration of various K8S resources, facilitates the smooth creation and management of container applications, and reduces the learning and operation costs of the container platform. TKEStack also has complete image warehouse and application store functions, and contains Tencent's excellent open source container application templates, making it easy for users to deploy high-quality and stable application services at one click.

Multi-cluster management

Support to create independent clusters or manage existing Kubernetes clusters on different infrastructures, and centrally manage multiple clusters through pages or command line, realizing the unified management capability of multi-clusters in hybrid cloud scenarios. Simply provide the api address, token and ca certificates that need to manage the cluster, and TKEStack can manage the cluster. The management operation will not pollute the imported cluster, and the managed cluster will not add additional load or configuration. Unified and consistent user rights and business management and other functions help users to flexibly switch between clusters, convenient deployment and management of multi-cluster applications.

For more information, please refer to Cluster Management

Multi-tenant management

Support for multi-tenant management and inter-tenant isolation, not only limited to accounts, but also including clusters, namespaces, businesses, image repositories, etc., to meet the needs of large and medium-sized enterprises management. And under the tenant level, there is a concept of business, which can span clusters, providing users with unified quota management, namespaces, business quotas, image warehouses, application stores and other management capabilities. It is convenient for users to orchestrate business applications in multi-cluster scenarios.

TKEStack provides unified and open authentication and authorization management. By expanding kubernetes's authz and authn's webhook, all clusters do not need to configure RBAC separately, and provide a unified cross-cluster resource authorization for the upper layer. TKEStack's own authentication and authorization system is supported by complete K8S Style API and oidc authentication protocols, which can be easily integrated by third-party integrators or developers into their own products to achieve bundled services with TKEStack. Enterprise users can easily map the existing account system or organizational structure to the TKEStack platform, so as to save the workload of container platform docking and focus on the development of their own high-value business.

For more information, please refer to access Management

Friendly management platform for operation and maintenance

TKEStack is committed to creating a friendly management platform for operation and maintenance personnel to help them liberate from the complicated labor. TKEStack provides complete and detailed monitoring and logging services with fine granularity to monitor and record every log in every container under the cluster. And provide intelligent installation tools and inspection tools to help operators manage the whole process of the platform, find risk points in advance and improve the reliability of the system.

Quick installation

TKEStack installs using the tke-installer installation tool to guide users to deploy the TKEStack container platform with one click through the interface. The tke-installer installation tool can check basic environment information and automatically adapt x86 or arm installation drivers and images. The offline installation method eliminates the trouble of users pulling the image, which greatly improves the efficiency of container platform deployment.

Tke-installer automatically waits for and checks the completion of each step of the installation, automatically prompts the corresponding information in the log interface if there is an error in the intermediate process, and supports selecting a new installation or continuing the installation from the failed step according to the needs of the user. It also supports customizing the installation process in hook. Users can add their own scripts or commands at three hook points before installation, after cluster ready, and after installation to achieve customization of platform installation.

For more installation information, please see TKEStack installation instructions.

Monitor and control system

Eliminating the complex operation of deploying and configuring prometheus, TKEStack provides a fine-grained monitoring system with high availability and scalability, monitoring CPU,GPU, memory, video memory, network bandwidth, disk io and other indicators in real time, and automatically drawing trend curves to help operators grasp the running status of the platform in all dimensions.

TKEStack monitors the status of the cluster through prometheus components, prometheus components automatically install and configure through addon extension components, and use influxdb,elasticsearch and other storage monitoring data. Monitoring data and metrics are integrated into the platform interface to be displayed in a unified chart style. You can query monitoring data at multiple levels such as clusters, nodes, business, workload and containers at different times, granularities and other conditions, and master the running status of the platform in a full dimension.

At the same time, in terms of availability and scalability, we support the use of thanos architecture to provide reliable fine-grained monitoring and alarm services, and build fine-grained monitoring capabilities with high availability and scalability.

For more information, please see the introduction to thanos architecture.

Log service

Provides in-cluster log collection feature, which supports sending logs of services in the cluster or specific path files of cluster nodes to consumers such as Kafka, Elasticsearch, and collecting container standard output logs, container file logs and host file logs. It also provides event persistence, audit and other functions to record cluster events and operation logs in real time to help operators store and analyze resource life cycle, resource scheduling and exception alarms within the cluster.

Log collection needs to be enabled manually for each cluster. When log collection is enabled, log-collector runs in the form of DaemonSet in the cluster. According to the collection source and consumer end configured by users through log collection rules, log collection is carried out from the collection source, and the log content is sent to the consumer end.

Collect the standard output log of the container-collect the standard output log of the specified container in the cluster. The collected log information will be output to the consumer end specified by the user in JSON format, and the relevant Kubernetes metadata will be automatically attached, including the label and annotation of the pod to which the container belongs.

Collect the file logs in the container-collect the logs of the files in the specified pod in the cluster. Users can flexibly configure the required containers and paths according to their own needs. The collected log information will be output to the consumer specified by the user in JSON format, and the relevant Kubernetes metadata will be attached, including the label and annotation of the pod to which the container belongs.

Collect file logs in the host-collect the logs of the specified CVM path of all nodes in the cluster. Log-collector will collect the file logs that meet the specified path rules on all nodes in the cluster, output them to the output specified by the user in JSON format, and attach the user-specified metadata, including the path of the log source file and the user-defined metadata.

For more log information, please see Log Management.

Platform inspection

Kube-javis, a patrol tool, can be flexibly configured and expanded through the way of plugin plug-in, multi-dimensional check the health status of the cluster under the TKEStack platform, support integration into the TKEStack platform, and regularly run and output diagnosis results and repair recommendations.

Extended component support and management

The characteristic function of Tkestack is to customize the ability of the cluster and expand the function of the cluster in the way of expanding components. TKEStack has supported a variety of extension components, including:

GPUManager-GPUManager provides a GPU manager for All-in-One, which is implemented based on the K8S Device Plugin plug-in system, and provides GPU virtualization, topology allocation, GPU sharing, GPU index query, GPU container pre-check and other functions, supporting users to efficiently use GPU devices in K8S cluster.

TApp-Tapp is a newly designed workload combined with more than 10 years of massive operation experience of Tencent, which is implemented in the form of CRD. Tapp can run stateful and stateless applications, which makes up for the deficiency that StatefulSet can not update containers in batches. It is compatible with traditional operation and maintenance habits, better supports traditional stateful applications, and can achieve grayscale upgrade and multi-version release management.

CronHPA-use crontab mode to automatically expand the workload periodically and periodically scale up and down the workload at a given scheduling time.

LBCF-A general load balancer control plane framework that encapsulates the obscure operation mechanism of K8S and exposes it in the form of Webhook, and provides strong scalability to meet the individual needs of business when using load balancer.

CSIOperator-responsible for the deployment and maintenance of CSI-related components to help users use storage in the cluster.

IPAM-through the installation of IPAM extension components, the K8S scheduling plug-in is extended to realize the configuration and management of Float IP to meet the special needs of complex applications.

The above content is how to analyze the overall architecture and performance of TKEStack. Have you learned any knowledge or skills? If you want to learn more skills or enrich your knowledge reserve, you are welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.