Architecture

Architecture Diagram

Non-Prod Environment

Prod Environment

Cluster Networking

Kubernetes supports for third-party netwroking the cluster via CNI plugin. for more infromation, please see Cluster Networking.

According to this chinese blog, Principles and Solutions of Kubernetes Networking from Yourongyun the three top of CNI providers for kubernetes cluster based on VMs are Project CalicoFlannel, Weave Net.

And also, here is comparison of variable networking solutions, https://github.com/xelatex/homepage/blob/master/source/_posts/Battlefield-Calico-Flannel-Weave-and-Docker-Overlay-Network.md

If just only considering performance, Project Calico should be perferred.

Container Repository

Two options as follows,

Option 1, Private Repository, such as Harbor.

Option 2, Repositories from Cloud Providers, such as AWS ECR.

Setup

We can refer to Picking the Right Solution in Kubernetes offical document to select a setup solution. Considering our goal of building a kuberletes platform based on VMs in our on-premises data center.

Minikube For Dev Env

Minikube can be engaed to create a kubernets development in a local local single machine.

For more information about Minikube, please read Running Kubernetes Locally via Minikube.

Kubeadm For Non-Prod Env

Using Kubeadm, we can build a kubernetes cluster for non-prod environment, which runs master key components as containers.

For more Kubeadm information, please see Using kubeadm to Create a Cluster.

Other IaaC For Prod Env

For creating a kubernetes cluster on VMs for Prod Env, We need to a infrastructure automation tool, such as Ansible, to have this done.

Here is a reference of Creating Kubernets Cluster via Ansible

Devops

CI/CD

Source Code Management

For small and agile web projects, such SaaS applications, considering adopting GitHub Flow. For more information, please refer to GitHub Flow.

For desk or client applications, such PC desk application, ISO/Android App, or being different time windows for delivery and release of applications, considering GitLab Flow. For more information please refer to Gitlab Flow.

PipeLine

Monitoring

Dashboard

Using Kubernetes Dashboard as Web-based UI for Kubernets clusters to manage the cluster itself along with its attendant resources.

For more information, please see Web-UI(Dashboard).

Metrics

Here is official suggested solution as follows. For more informaton, please see Tools for Monitoring Compute, Storage, and Network Resources

Grafana + Heapster / Prometheus + cAdvisor + InfluxDB

Heapster as a metircs aggregator and processor

InfluxDB time series database for storage

Grafana as a dashboarding and alerting solution

cAdvisor has been built in Kubelet, which collects host metrics like CPU, disk space, and memory utilization, in addition to container metrics.

And also, here is a practical example, How to Utilize the “Heapster + InfluxDB + Grafana” Stack in Kubernetes for Monitoring Pods.

Logging

ELK

APM

zipkin

pinpoint

Security

Pod Service Account

For more information, please see the User Guide to Service Accounts.

Pod Security Policy

For more information, please see Pod Security Policies

Auth

Authentication

For more information, please see Authenticating

Support SSO integration, such as SAML,AD OpenID, Auth2?

Authenrization

For more information, please see https://kubernetes.io/docs/admin/authorization/

ABAC/RBAC

Multi-Tenancy

Hypernetes

For more information, please see Hypernetes: Bringing Security and Multi-tenancy to Kubernetes

Application Architecture

Microservice

Here is a chinese blog about how to select open source tools for building a micorservice.

https://mp.weixin.qq.com/s/bsuveX-E6E2fKZ24mj03nQ

Servcie Mesh

Linkerd

Envoy

Istio

Training

Knowledge

Kubernets

Document

Kubernetes Handbook (Chinese Version)

ETCD

For more information, please see ETCD Document.

Containter

Docker

For moe information, please see https://docs.docker.com/.

CRI-O

For more information, please see http://cri-o.io/.

OCI

OCI is a container specification named Open Container Initiative, consisting of OCI Runtime Specification and OCI Image Format

Networking

ip/route/iptables/ipvs etc

Container Netwroking

OpenVswitch

CNI - Calico/Flannel

CNM bridge/host/none/(overlay)plugin

Orgnization & People

How To Build Kubernetes Platform (构建Kubernetes平台方案参考)的更多相关文章

  1. 基于Kubernetes/K8S构建Jenkins持续集成平台(下)

    基于Kubernetes/K8S构建Jenkins持续集成平台(下) Jenkins-Master-Slave架构图回顾: 安装和配置NFS NFS简介 NFS(Network File System ...

  2. 基于Kubernetes/K8S构建Jenkins持续集成平台(上)-1

    基于Kubernetes/K8S构建Jenkins持续集成平台(上)-1 Jenkins的Master-Slave分布式构建 什么是Master-Slave分布式构建 Jenkins的Master-S ...

  3. 基于Kubernetes/K8S构建Jenkins持续集成平台(上)-2

    基于Kubernetes/K8S构建Jenkins持续集成平台(上)-2 Kubernetes实现Master-Slave分布式构建方案 传统Jenkins的Master-Slave方案的缺陷 Mas ...

  4. 基于Docker&Kubernetes构建PaaS平台基础知识梳理

    点击上方"开源Linux",选择"设为星标" 回复"学习"获取独家整理的学习资料! 基于Docker&Kubernetes构建Paa ...

  5. 通过重新构建Kubernetes来实现更具弹性的容器编排系统

    通过重新构建Kubernetes来实现更具弹性的容器编排系统 译自:rearchitecting-kubernetes-for-the-edge 摘要 近年来,kubernetes已经发展为容器编排的 ...

  6. bluemix部署(二)构建kubernetes工作环境

    本文接上篇.在bluemix中构建kubernetes容器. 1.创建集群 左上角的三横,选容器,然后创建集群. 注意区域,免费版,给个名字,创建集群吧. 继续正在部署,这个可能要15-30分钟,真不 ...

  7. Kubernetes+Docker的云平台在CentOS7系统上的安装

    Kubernetes+Docker的云平台在CentOS7系统上的安装 1.运行VirtualBox5. 2.安装CentOS7系统. 注意:选择Basic Server类型 安装过程略. 3.修改计 ...

  8. 使用 Elastic 技术栈构建 Kubernetes全栈监控

    以下我们描述如何使用 Elastic 技术栈来为 Kubernetes 构建监控环境.可观测性的目标是为生产环境提供运维工具来检测服务不可用的情况(比如服务宕机.错误或者响应变慢等),并且保留一些可以 ...

  9. 10分钟搭建Kubernetes容器集群平台【转】

    官方提供3种方式部署Kubernetes minikube Minikube是一个工具,可以在本地快速运行一个单点的Kubernetes,尝试Kubernetes或日常开发的用户使用.不能用于生产环境 ...

随机推荐

  1. 「LuoguP3369」 【模板】普通平衡树 (用vector乱搞平衡树

    Description 您需要写一种数据结构(可参考题目标题),来维护一些数,其中需要提供以下操作: 插入 x 数 删除 x 数(若有多个相同的数,应只删除一个) 查询 x 数的排名(排名定义为比当前 ...

  2. 023--python os、sys、json、pickle、xml模块

    一.os模块 os.getcwd() 获取当前工作目录,即当前python脚本工作的目录路径 >>> os.getcwd() 'C:\\Python36' os.chdir(&quo ...

  3. 两行代码搞定网站gzip压缩

    网站使用gzip压缩的好处就不用多说了吧,自行脑补,来说一下如何使用nodejs实现gzip压缩,只需要两行代码,so ease. 通过nodejs实现gzip 需要用到的模块 compression ...

  4. 洛谷 - P1426 - 小鱼会有危险吗 - 模拟

    https://www.luogu.org/problemnew/show/P1426 题目说的是小鱼进入探测器一秒后就会有危险,所以不应该让小鱼先游,而是先检测探测器. #include<bi ...

  5. = =写个prim希望能够巨巨们看的懂

    prim算法---典型的贪心算法 求最小生成树的算法 (Minimum Spanning Tree)最小生成树: 算法思想:设图G顶点集合为U,首先任意选择图G中的一点作为起始点a,将该点加入集合V, ...

  6. 基于FBX SDK的FBX模型解析与加载 -(四)

    8. 骨骼蒙皮动画 骨骼蒙皮动画是当前游戏引擎中最常用的一种动画方式,关于其基本原理网络上的资料较多,关于到涉及的其它较复杂操作,如插值.融合等在这里也就先不再讨论了,而且其实现方式也与具体引擎的动作 ...

  7. C#读取大文件

    有些时候需要读取文件,小文件的时候效率的影响可以忽略,但是当文件上M,上G的时候,这个时候,效率问题就非常重要了,下面将对一个3G的文件,用C#的方式读取,对比效率的影响. 1. FileStream ...

  8. Apereo CAS Server服务端搭建教程

    不说废话了,直接看搭建过程吧. 首先到下载源码,https://github.com/apereo/cas-overlay-template/tree/4.2 附上地址,本次版本为4.2,下载源码后如 ...

  9. python 列表 元组

    1.列表的基本声明和赋值 #声明一个空列表 变量 = [] 或者 变量 = list() var = [1] var2 = list() # 声明带有数据的列表 var = [1,2,3,'一','二 ...

  10. Qt之对话框QDialog

    这一节主要讲述对话框类,先讲述两种不同类型的对话框,再介绍Qt提供的几个标准对话框.对应本节的内容,可以在帮助索引中查看 QDialog 和 Dialog Windows 关键字. 一.模态和非模态对 ...