How To Build Kubernetes Platform (构建Kubernetes平台方案参考)

  • Architecture
    • Architecture Diagram
      • Non-Prod Environment
      • Prod Environment
  • Cluster Networking
  • Container RepositorySetup
    • Minikube For Dev Env
    • Kubeadm For Non-Prod Env
    • Other IaaC For Prod Env
  • Devops
    • CI/CD
    • Source Code Management
    • PipeLine
    • Monitoring
      • Dashboard
      • Metrics
    • Security
      • Pod Service Account
      • Pod Security Policy
    • Auth
      • Authentication
      • Authenrization
      • Multi-Tenancy
    • Application Architecture
    • Microservice
    • Servcie Mesh
  • Training
    • Knowledge
      • Kubernets
      • ETCD
      • Containter
      • Networking
  • Orgnization & People

Architecture

Architecture Diagram

Non-Prod Environment

Prod Environment

Cluster Networking

Kubernetes supports for third-party netwroking the cluster via CNI plugin. for more infromation, please see Cluster Networking.

According to this chinese blog, Principles and Solutions of Kubernetes Networking from Yourongyun the three top of CNI providers for kubernetes cluster based on VMs are Project CalicoFlannel, Weave Net.

And also, here is comparison of variable networking solutions, https://github.com/xelatex/homepage/blob/master/source/_posts/Battlefield-Calico-Flannel-Weave-and-Docker-Overlay-Network.md

If just only considering performance, Project Calico should be perferred.

Container Repository

Two options as follows,

Option 1, Private Repository, such as Harbor.

Option 2, Repositories from Cloud Providers, such as AWS ECR.

Setup

We can refer to Picking the Right Solution in Kubernetes offical document to select a setup solution. Considering our goal of building a kuberletes platform based on VMs in our on-premises data center.

Minikube For Dev Env

Minikube can be engaed to create a kubernets development in a local local single machine.

For more information about Minikube, please read Running Kubernetes Locally via Minikube.

Kubeadm For Non-Prod Env

Using Kubeadm, we can build a kubernetes cluster for non-prod environment, which runs master key components as containers.

For more Kubeadm information, please see Using kubeadm to Create a Cluster.

Other IaaC For Prod Env

For creating a kubernetes cluster on VMs for Prod Env, We need to a infrastructure automation tool, such as Ansible, to have this done.

Here is a reference of Creating Kubernets Cluster via Ansible

Devops

CI/CD

Source Code Management

For small and agile web projects, such SaaS applications, considering adopting GitHub Flow. For more information, please refer to GitHub Flow.

For desk or client applications, such PC desk application, ISO/Android App, or being different time windows for delivery and release of applications, considering GitLab Flow. For more information please refer to Gitlab Flow.

PipeLine

Monitoring

Dashboard

Using Kubernetes Dashboard as Web-based UI for Kubernets clusters to manage the cluster itself along with its attendant resources.

For more information, please see Web-UI(Dashboard).

Metrics

Here is official suggested solution as follows. For more informaton, please see Tools for Monitoring Compute, Storage, and Network Resources

Grafana + Heapster / Prometheus + cAdvisor + InfluxDB

Heapster as a metircs aggregator and processor

InfluxDB time series database for storage

Grafana as a dashboarding and alerting solution

cAdvisor has been built in Kubelet, which collects host metrics like CPU, disk space, and memory utilization, in addition to container metrics.

And also, here is a practical example, How to Utilize the “Heapster + InfluxDB + Grafana” Stack in Kubernetes for Monitoring Pods.

Logging

ELK

APM

zipkin

pinpoint

Security

Pod Service Account

For more information, please see the User Guide to Service Accounts.

Pod Security Policy

For more information, please see Pod Security Policies

Auth

Authentication

For more information, please see Authenticating

Support SSO integration, such as SAML,AD OpenID, Auth2?

Authenrization

For more information, please see https://kubernetes.io/docs/admin/authorization/

ABAC/RBAC

Multi-Tenancy

Hypernetes

For more information, please see Hypernetes: Bringing Security and Multi-tenancy to Kubernetes

Application Architecture

Microservice

Here is a chinese blog about how to select open source tools for building a micorservice.

https://mp.weixin.qq.com/s/bsuveX-E6E2fKZ24mj03nQ

Servcie Mesh

Linkerd

Envoy

Istio

Training

Knowledge

Kubernets

Document

Kubernetes Handbook (Chinese Version)

ETCD

For more information, please see ETCD Document.

Containter

Docker

For moe information, please see https://docs.docker.com/.

CRI-O

For more information, please see http://cri-o.io/.

OCI

OCI is a container specification named Open Container Initiative, consisting of OCI Runtime Specification and OCI Image Format

Networking

ip/route/iptables/ipvs etc

Container Netwroking

OpenVswitch

CNI - Calico/Flannel

CNM bridge/host/none/(overlay)plugin

Orgnization & People

p.MsoNormal,li.MsoNormal,div.MsoNormal { margin: 0cm; margin-bottom: .0001pt; font-size: 12.0pt; font-family: 宋体 }
h1 { margin-right: 0cm; margin-left: 0cm; font-size: 24.0pt; font-family: 宋体; font-weight: bold }
h2 { margin-right: 0cm; margin-left: 0cm; font-size: 18.0pt; font-family: 宋体; font-weight: bold }
h3 { margin-right: 0cm; margin-left: 0cm; font-size: 13.5pt; font-family: 宋体; font-weight: bold }
h4 { margin-right: 0cm; margin-left: 0cm; font-size: 12.0pt; font-family: 宋体; font-weight: bold }
a:link,span.MsoHyperlink { color: blue; text-decoration: underline }
a:visited,span.MsoHyperlinkFollowed { color: purple; text-decoration: underline }
p { margin-right: 0cm; margin-left: 0cm; font-size: 12.0pt; font-family: 宋体 }
p.msonormal0,li.msonormal0,div.msonormal0 { margin-right: 0cm; margin-left: 0cm; font-size: 12.0pt; font-family: 宋体 }
span.Heading1Char { font-family: 宋体; font-weight: bold }
span.Heading2Char { font-family: "DengXian Light"; font-weight: bold }
span.Heading3Char { font-family: 宋体; font-weight: bold }
span.Heading4Char { font-family: "DengXian Light"; font-weight: bold }
.MsoChpDefault { font-size: 10.0pt }
div.WordSection1 { }
ol { margin-bottom: 0cm }
ul { margin-bottom: 0cm }

原文地址:https://www.cnblogs.com/anor/p/8436428.html

时间: 2024-10-08 03:40:10

How To Build Kubernetes Platform (构建Kubernetes平台方案参考)的相关文章

bluemix部署(二)构建kubernetes工作环境

本文接上篇.在bluemix中构建kubernetes容器. 1.创建集群 左上角的三横,选容器,然后创建集群. 注意区域,免费版,给个名字,创建集群吧. 继续正在部署,这个可能要15-30分钟,真不确定,为了给你们截图做教程,我把我原来的删了. 下面根据提示的先决条件安装工具. 2.安装集群工具2.1 IBM cloud CLI https://console.bluemix.net/docs/cli/reference/bluemix_cli/get_started.html#getting

Kubernetes+Docker的云平台在CentOS7系统上的安装

Kubernetes+Docker的云平台在CentOS7系统上的安装 1.运行VirtualBox5. 2.安装CentOS7系统. 注意:选择Basic Server类型 安装过程略. 3.修改计算机IP和计算机名. 1)nmtui 1. 修改主机名: nmcli general hostname slave1.smartmap.com 2. 修改网络连接 nmcli connection edit enp0s3 nmcli> goto ipv4 nmcli ipv4> set metho

10分钟快速搭建Kubernetes容器集群平台

官方提供Kubernetes部署3种方式 minikube Minikube是一个工具,可以在本地快速运行一个单点的Kubernetes,尝试Kubernetes或日常开发的用户使用.不能用于生产环境. 官方文档:https://kubernetes.io/docs/setup/minikube/ kubeadm kubeadm可帮助你快速部署一套kubernetes集群.kubeadm设计目的为新用户开始尝试kubernetes提供一种简单的方法.目前是Beta版. 官方文档:https://

02:Kubernetes集群部署——平台环境规划

1.官方提供的三种部署方式: minikube: Minikube是一个工具,可以在本地快速运行一个单点的Kubernetes,仅用于尝试Kubernetes或日常开发的用户使用. 部署地址:https://kubernetes.io/docs/setup/minikube/ kubeadm Kubeadm也是一个工具,提供kubeadm init和kubeadm join,用于快速部署Kubernetes集群. 部署地址:https://kubernetes.io/docs/reference

kubernetes学习01—kubernetes介绍

一.简介 1.Kubernetes代码托管在GitHub上:https://github.com/kubernetes/kubernetes/. 2.Kubernetes是一个开源的,容器集群管理系统,Kubernetes的目标是让部署容器化的应用简单并且高效(powerful),Kubernetes提供了应用部署,规划,更新,维护的一种机制.通过Kubernetes你可以: 快速部署应用 快速扩展应用 无缝对接新的应用功能 节省资源,优化硬件资源的使用 3.Kubernetes一个核心的特点就

maven工程中警告[WARNING] Using platform encoding (GBK actually) to copy filtered resources, i.e. build is platform dependent!

[WARNING] Using platform encoding (GBK actually) to copy filtered resources, i.e. build is platform dependent! [警告]使用时平台编码格式(GBK actually)进行解析的文件资源,也就是说,构建是依赖于平台的! 错误原因:一些源文件的编码格式并不是工具平台的默认的解析格式,二者有冲突,所以报错 解决方法:在maven工程中的父工程POM中加入以下代码" <properties

Kubernetes系列02—Kubernetes设计架构和设计理念

1.Kubernetes设计架构 Kubernetes集群包含有节点代理kubelet和Master组件(APIs, scheduler, etc),一切都基于分布式的存储系统.下面这张图是Kubernetes的架构图. 2.Kubernetes节点 2.1 介绍 ① 在这张系统架构图中,我们把服务分为运行在工作节点上的服务和组成集群级别控制板的服务. ② Kubernetes节点有运行应用容器必备的服务,而这些都是受Master的控制. ③ 每次个节点上当然都要运行Docker.Docker来

驱动开发读书笔记. 0.04 linux 2.6 platform device register 平台设备注册 1/2 共2篇

驱动开发读书笔记. 0.04  linux 2.6 platform device register 平台设备注册  1/2 共2篇下面这段摘自 linux源码里面的文档 : Documentation/driver-model/platform.txt Device Enumeration 82 ~~~~~~~~~~~~~~~~~~ 83 As a rule, platform specific (and often board-specific) setup code will 84 reg

驱动开发读书笔记. 0.05 linux 2.6 platform device register 平台设备注册 2/2 共2篇

驱动开发读书笔记. 0.05 linux 2.6 platform device register 平台设备注册 2/2 共2篇 下面这段摘自 linux源码里面的文档 : 内核版本2.6.22Documentation/driver-model/platform.txt找到一篇译文:http://blog.csdn.net/yili_xie/article/details/5193609 Device Enumeration 82 ~~~~~~~~~~~~~~~~~~ 83 As a rule