关键词:
title: 构建企业级就绪Kubernetes容器平台
author: susu
production ready Kubernetes cluster
What if you need a production ready Kubernetes cluster, but for some reason you cannot use the existing cloud offerings, such as Google Container Engine? Kubernetes can be installed on a variety platforms, including on-premises VMs, VMs on a cloud provider, and bare-metal servers. There are several tools that allow installing production ready Kubernetes cluster on a variety of targets:
- kargo
- kube-deploy
- kubeadm
- Kubespray
When deploying a Kubernetes cluster in production, one should take care of several things to ensure the best possible outcome. High Availability of master nodes helps minimize downtime and data loss as
well as eliminates single point of failure. Networking should be both robust and scalable to handle growing needs (e.g., The number of nodes in a cluster to handle more replicas). Finally, some users may want to take advantage of multi-site support to uniformly handle geographically dispersed data centers.
HIGH AVAILABILITY
Possible cases of failure in Kubernetes clusters usually point to pods, nodes, and master nodes. Pod failures can be handled by built-in Kubernetes features, so the main concern here is to provide persistent storage if needed. Node failures can be handled by master nodes and require use of services outside of Kubernetes. For example, kubelet talks to an external load-balancer rather than directly to clients; if the entire node fails, traffic can be load balanced to the node with corresponding pods. Finally, the master controller can fail, or one of its services can die. We need to replicate the master controller and its components for a Highly Available environment. Fortunately, multiple master nodes are also accounted for in Kubernetes.
Furthermore, when it comes to monitoring the deployment, It is advisable that process watchers be implemented to “watch” the services that exist on the master node. For example, the API service can be monitored by a kubelet. It can be configured with less aggressive security settings to monitor non-Kubernetes components such as privileged containers. On a different level is the issue of what happens if a kubelet dies. Monitoring processes can be deployed to ensure that the kubelet can be restarted. Finally, redundant storage service can be achieved with clustered etcd.
SECURITY
First of all, direct access to cluster nodes (either physical or through SSH) should be restricted. kubectl exec allows access to containers—this should be enough. Use Security Contexts to segregate privileges. Defining quotas for resources helps prevent DoS attacks. Selectively grant users permissions according to their business needs. Finally, consider separating network traffic that is not related (e.g., The load balancer only needs to see a front-end service, while the back-end service has no need to contact the load balancer).
SCALE
Kubernetes allows for adding and removing nodes dynamically. Each new node has to be configured appropriately and pointed at the master node. The main processes of interest are kubelet and kube-proxy. For larger scale clusters, a means of automation is preferred, such as Ansible or Salt. If the cluster is running on one of supported cloud providers, there is also an option to try the Cluster Autoscaler.
时速云企业级容器paas技术沙龙第九期深圳站
...的主流。越来越多的企业开始使用基于Kubernetes技术构建企业级容器PaaS平台,从而加速业务应用的交付、提高运维效率、实现微服务架构升级。可以预见,未来几年企业级容器PaaS将会迎来 查看详情
kubernetes平台上更安全的构建容器镜像工具-kaniko
背景在云原生趋势下,用容器的方式来进行软件产品交付越来越普通,对于云原生的DevOps,它的CICD环境完全运行在容器中,镜像的构建也是在容器中完成的。而我们不仅要考虑如何在容器中成功构建镜像,也需要考虑如何以更... 查看详情
63kubespshe(代码片段)
...1、KubeSphere是在目前主流容器调度平台Kubernetes之上构建的企业级分布式多租户容器平台(KubeSphere多租户容器平台),提供简单易 查看详情
如何构建企业级的容器云paas平台
...厚PaaS、轻应用、微服务”为构架设计总体原则,来构建企业级容器云PaaS平台,实现集中化管控,并为上层应用系统提供基础技术服务和公共业务组件服务。容器云PaaS平台架构设计遵从以下设计原则。(1)先进性和成熟性互联... 查看详情
两大容器管理平台,kubernetes与openshift有啥区别?
...以容器管理平台对于任何企业来说都是必不可少的工具。Kubernetes和OpenShift是市场上最受欢迎的两个容器管理平台。而OpenShift是基于Kubernetes的,那么二者之间到底有哪些区别呢?OpenShift是由红帽(RedHat)开发的容器化软件解决方... 查看详情
一文说清kubesphere容器平台的价值
...什么会选择KubeSphere。对于企业KubeSphere是什么KubeSphere是在Kubernetes之上构建的多租户容器平台,以应用为中心,提供全栈的IT自动化运维的能力,简化企业的DevOps工作流。使用KubeSphere 查看详情
搞定大规模容器平台生产落地十大实践
Kubernetes已经成为企业容器平台的标配,在大部分企业,小规模容器平台已经试用了一段时间,然而当容器平台规模大了之后,尤其是用于生产,可能会遇到各种各样的问题,这里我们总结十大问题。第零... 查看详情
Kubernetes 就绪探测失败错误
】Kubernetes就绪探测失败错误【英文标题】:KubernetesReadinessprobefailederror【发布时间】:2018-07-1011:45:46【问题描述】:使用helmupgrade命令在kubernetes上运行我的容器时,我收到此错误:\'就绪探测失败:获取http://172.17.0.6:3003/:拨号tc... 查看详情
kubernetes企业项目实战04基于k8s构建efk+logstash+kafka日志平台(中)(代码片段)
...面本篇文章所用到的资料文件下载地址:kibana-v7.2.0-kubernetes文档类资源-CSDN下载ht 查看详情
jenkins和k8s构建企业级devops容器云平台(代码片段)
什么是DevOps?DevOps中的Dev是Devlopment(开发),Ops是Operation(运维),用一句话来说DevOps 就是打通开发运维的壁垒,实现开发运维一体化。DevOps整个流程包括敏捷开发->持续集成->持续交付->... 查看详情
rancher概述
...r支持市场中主流的容器编排和调度框架,包括DockerSwarm、Kubernetes和Mesos。一个用户能够同时创建多个Swarm或Kubernetes集群。他们能够使用本地的Swarm或Kubernetes工具管理自己的应用。除了DockerSwarm、Kubernetes和Mesos,Rancher也支持自己的... 查看详情
如何在kubernetes上构建新的应用管理平台?
【导语】云原生时代,直接使用Kubernetes和云基础设施过于复杂,如用户需要学习很多底层细节、应用管理的上手成本高、容易出错、故障频频。随着云计算的普及,不同云又有不同的细节,进一步加剧了上述问题... 查看详情
linux企业运维——kubernetespod生命周期(代码片段)
Linux企业运维——Kubernetes(三)Pod生命周期文章目录Linux企业运维——Kubernetes(三)Pod生命周期1、Pod生命周期简介2、init容器2.1、init容器的作用2.2、init初始化容器3、探针3.1、livenessProbe存活探针3.2、readinessProbe就... 查看详情
rancher容器管理平台-实战训练营-免费视频培训
培训简介:Rancher2.0版基于开源的Kubernetes,拥有简洁直观的界面,解决了Kubernetes原生UI易用性不佳、Kubernetes学习曲线陡峭的问题,能统一管理多Kubernetes集群。借助Rancher2.0,企业在生产环境中部署和管理Kubernetes更加便捷。Ran... 查看详情
kubernetes如何构建高可用集群
Kubernetes高可用层级最底层是基础架构,包含主机上架,通电,安装操作系统,操作系统层面有没有防火墙,然后它主机的网络是怎么样的,底层的网络是怎么样的。集群在企业做生产运维的话,要和企业的认证授权平台去做集... 查看详情
kubernetes企业项目实战04基于k8s构建efk+logstash+kafka日志平台(上)(代码片段)
目录一、日志对我们来说到底重不重要?日志打印的常见级别二、常见的日志收集方案2.1EFK2.2ELKStack2.3 ELK+filebeat2.4其他方案三、EFK组件详细介绍 3.1Elasticsearch组件介绍3.2Filebeat组件介绍1)Flebeat和Beat关系2)Filebeat... 查看详情
devops架构师--05从零开始构建基于kubernetes的devops平台
文章目录基于Kubernetes的DevOps平台实践DevOps、CI、CD介绍瀑布式流程敏捷开发DevOpsJenkins初体验Kubernetes环境中部署jenkins安装汉化插件Jenkins基本使用演示演示目标演示准备演示过程Master-Slaves(agent)模式Jenkins定制化容器本章小结流... 查看详情
rancherprime2.7:向企业级容器管理平台深度进化
一直以来,在众多Kubernetes开源管理平台选项中,Rancher深受社区用户的青睐。SUSE在确保开源产品持续灵活演进的同时,也致力于满足企业用户的使用场景,为此SUSE正式推出RancherPrime。RancherPrime是Rancher的一种分发... 查看详情