Architecture

Architecture Diagram

Non-Prod Environment

Prod Environment

Cluster Networking

Kubernetes supports for third-party netwroking the cluster via CNI plugin. for more infromation, please see Cluster Networking.

According to this chinese blog, Principles and Solutions of Kubernetes Networking from Yourongyun the three top of CNI providers for kubernetes cluster based on VMs are Project CalicoFlannel, Weave Net.

And also, here is comparison of variable networking solutions, https://github.com/xelatex/homepage/blob/master/source/_posts/Battlefield-Calico-Flannel-Weave-and-Docker-Overlay-Network.md

If just only considering performance, Project Calico should be perferred.

Container Repository

Two options as follows,

Option 1, Private Repository, such as Harbor.

Option 2, Repositories from Cloud Providers, such as AWS ECR.

Setup

We can refer to Picking the Right Solution in Kubernetes offical document to select a setup solution. Considering our goal of building a kuberletes platform based on VMs in our on-premises data center.

Minikube For Dev Env

Minikube can be engaed to create a kubernets development in a local local single machine.

For more information about Minikube, please read Running Kubernetes Locally via Minikube.

Kubeadm For Non-Prod Env

Using Kubeadm, we can build a kubernetes cluster for non-prod environment, which runs master key components as containers.

For more Kubeadm information, please see Using kubeadm to Create a Cluster.

Other IaaC For Prod Env

For creating a kubernetes cluster on VMs for Prod Env, We need to a infrastructure automation tool, such as Ansible, to have this done.

Here is a reference of Creating Kubernets Cluster via Ansible

Devops

CI/CD

Source Code Management

For small and agile web projects, such SaaS applications, considering adopting GitHub Flow. For more information, please refer to GitHub Flow.

For desk or client applications, such PC desk application, ISO/Android App, or being different time windows for delivery and release of applications, considering GitLab Flow. For more information please refer to Gitlab Flow.

PipeLine

Monitoring

Dashboard

Using Kubernetes Dashboard as Web-based UI for Kubernets clusters to manage the cluster itself along with its attendant resources.

For more information, please see Web-UI(Dashboard).

Metrics

Here is official suggested solution as follows. For more informaton, please see Tools for Monitoring Compute, Storage, and Network Resources

Grafana + Heapster / Prometheus + cAdvisor + InfluxDB

Heapster as a metircs aggregator and processor

InfluxDB time series database for storage

Grafana as a dashboarding and alerting solution

cAdvisor has been built in Kubelet, which collects host metrics like CPU, disk space, and memory utilization, in addition to container metrics.

And also, here is a practical example, How to Utilize the “Heapster + InfluxDB + Grafana” Stack in Kubernetes for Monitoring Pods.

Logging

ELK

APM

zipkin

pinpoint

Security

Pod Service Account

For more information, please see the User Guide to Service Accounts.

Pod Security Policy

For more information, please see Pod Security Policies

Auth

Authentication

For more information, please see Authenticating

Support SSO integration, such as SAML,AD OpenID, Auth2?

Authenrization

For more information, please see https://kubernetes.io/docs/admin/authorization/

ABAC/RBAC

Multi-Tenancy

Hypernetes

For more information, please see Hypernetes: Bringing Security and Multi-tenancy to Kubernetes

Application Architecture

Microservice

Here is a chinese blog about how to select open source tools for building a micorservice.

https://mp.weixin.qq.com/s/bsuveX-E6E2fKZ24mj03nQ

Servcie Mesh

Linkerd

Envoy

Istio

Training

Knowledge

Kubernets

Document

Kubernetes Handbook (Chinese Version)

ETCD

For more information, please see ETCD Document.

Containter

Docker

For moe information, please see https://docs.docker.com/.

CRI-O

For more information, please see http://cri-o.io/.

OCI

OCI is a container specification named Open Container Initiative, consisting of OCI Runtime Specification and OCI Image Format

Networking

ip/route/iptables/ipvs etc

Container Netwroking

OpenVswitch

CNI - Calico/Flannel

CNM bridge/host/none/(overlay)plugin

Orgnization & People

How To Build Kubernetes Platform (构建Kubernetes平台方案参考)的更多相关文章

  1. 基于Kubernetes/K8S构建Jenkins持续集成平台(下)

    基于Kubernetes/K8S构建Jenkins持续集成平台(下) Jenkins-Master-Slave架构图回顾: 安装和配置NFS NFS简介 NFS(Network File System ...

  2. 基于Kubernetes/K8S构建Jenkins持续集成平台(上)-1

    基于Kubernetes/K8S构建Jenkins持续集成平台(上)-1 Jenkins的Master-Slave分布式构建 什么是Master-Slave分布式构建 Jenkins的Master-S ...

  3. 基于Kubernetes/K8S构建Jenkins持续集成平台(上)-2

    基于Kubernetes/K8S构建Jenkins持续集成平台(上)-2 Kubernetes实现Master-Slave分布式构建方案 传统Jenkins的Master-Slave方案的缺陷 Mas ...

  4. 基于Docker&Kubernetes构建PaaS平台基础知识梳理

    点击上方"开源Linux",选择"设为星标" 回复"学习"获取独家整理的学习资料! 基于Docker&Kubernetes构建Paa ...

  5. 通过重新构建Kubernetes来实现更具弹性的容器编排系统

    通过重新构建Kubernetes来实现更具弹性的容器编排系统 译自:rearchitecting-kubernetes-for-the-edge 摘要 近年来,kubernetes已经发展为容器编排的 ...

  6. bluemix部署(二)构建kubernetes工作环境

    本文接上篇.在bluemix中构建kubernetes容器. 1.创建集群 左上角的三横,选容器,然后创建集群. 注意区域,免费版,给个名字,创建集群吧. 继续正在部署,这个可能要15-30分钟,真不 ...

  7. Kubernetes+Docker的云平台在CentOS7系统上的安装

    Kubernetes+Docker的云平台在CentOS7系统上的安装 1.运行VirtualBox5. 2.安装CentOS7系统. 注意:选择Basic Server类型 安装过程略. 3.修改计 ...

  8. 使用 Elastic 技术栈构建 Kubernetes全栈监控

    以下我们描述如何使用 Elastic 技术栈来为 Kubernetes 构建监控环境.可观测性的目标是为生产环境提供运维工具来检测服务不可用的情况(比如服务宕机.错误或者响应变慢等),并且保留一些可以 ...

  9. 10分钟搭建Kubernetes容器集群平台【转】

    官方提供3种方式部署Kubernetes minikube Minikube是一个工具,可以在本地快速运行一个单点的Kubernetes,尝试Kubernetes或日常开发的用户使用.不能用于生产环境 ...

随机推荐

  1. I.MX6 新版、旧版u-boot不兼容问题

    /************************************************************************* * I.MX6 新版.旧版u-boot不兼容问题 ...

  2. [Selenium] 操作页面元素等待时间

    WebDriver 在操作页面元素等待时间时,提供2种等待方式:一个为显式等待,一个为隐式等待,其区别在于: 1)显式等待:明确地告诉 WebDriver 按照特定的条件进行等待,条件未达到就一直等待 ...

  3. 使用JavaScript实现弹出层效果的简单实例

    转自:https://www.jb51.net/article/85475.htm 实现弹出层效果的思路非常简单:将待显示的内容先隐藏,在触发某种条件后(如点击按钮),将原本隐藏的内容显示出来. 实现 ...

  4. CodeForces 1103C. Johnny Solving

    题目简述:给定简单(无自环.无重边)连通无向图$G = (V, E), 1 \leq n = |V| \leq 2.5 \times 10^5, 1 \leq m = |E| \leq 5 \time ...

  5. Table View Programming Guide for iOS---(一)---About Table Views in iOS Apps

    About Table Views in iOS Apps Table views are versatile user interface objects frequently found in i ...

  6. JAVA基础-面向对象06

    一.封装 1. 封装概念和体现 封装:包装的意思,隐藏被封装的事物的信息:生活中的包装:快递:食品:电子产品……方便:好看易用:安全: Java程序中的包装: 类:包装了同一类事物的共性信息: 函数: ...

  7. web安全之XSS攻击原理及防范

    阅读目录 一:什么是XSS攻击? 二:反射型XSS 三:存储型XSS 四:DOM-based型XSS 五:SQL注入 六:XSS如何防范? 1. cookie安全策略 2. X-XSS-Protect ...

  8. (4)ASP.NET Core 中间件

    1.前言 整个HTTP Request请求跟HTTP Response返回结果之间的处理流程是一个请求管道(request pipeline).而中间件(middleware)则是一种装配到请求管道以 ...

  9. C++开发工程师面试题库 200~250道

    199  MFC中SendMessage和PostMessage的区别?答:PostMessage 和SendMessage的区别主要在于是否等待应用程序做出消息处理.PostMessage只是把消息 ...

  10. python __builtins__ enumerate类 (21)

    21.'enumerate', 用于将一个可遍历的数据对象(如列表.元组或字符串)组合为一个索引序列,同时列出数据和数据下标,一般用在 for 循环当中. class enumerate(object ...