[Record of production environment K8S from construction to operation and maintenance (2)] Control System automatically builds and manages Kubernetes Cluster
1. The foregoing
In this hot era of automation, everything seems to be considered whether it can be automated and reduce manual work. Software development and system construction are no exception. Many automated tools have been produced. When we want to build a large-scale system with dozens or even hundreds of servers, using automated tools will indeed improve work efficiency and reduce human errors. This makes us seem to have no reason not to use it. The use of automated tools is not to follow the trend, but to benefit from the convenience that these tools bring to me.
But everything has two sides, that is, there is a good side and a bad side. The use of automation can easily build a system for you, even a foolish operation. You can create the system you want with just a few buttons. This will cause us to no longer install and configure manually, and it will not If you truly understand its principles, you will not encounter various problems, and you will not be able to control it if you stop solving them. The ancients said: "It's not enough to talk about life if you haven't stepped on a pit". This is the truth. Your experience and your value are complementary to the detours you have stepped on.
2. Why do we need this Control System subsystem in K8S system
So, why do we need such a subsystem in our K8S production environment? It depends on what it can bring us, the reason is very simple, no one wants to do things that are not good. First of all, I gave K8S Control System a name, maybe not so professional, but it does this thing, so the name is very suitable.
Take Pivotal Container Service (PKS) as an example this time to introduce what this subsystem can do. (Pivotal did not give us money to praise him, we are not an internet celebrity, we just used it)
2-1. Automated construction
As we said before, automation is essential. In the actual production environment, there are many servers in a Kubernetes Cluster, and there may be multiple Clusters. Using the automated Kubernetes Cluster installation and configuration function of Pivotal Container Service (PKS), you can quickly build what you want Kubernetes Cluster greatly improves development productivity.
2-2. Kubernetes Cluster management
When managing multiple Kubernetes Clusters, it must not be an easy task. For example, Kubernetes upgrades, cluster start and stop, and system backups are usually simple things that happen in a production environment, and in the production environment of multiple Clusters, this simple thing becomes complicated. Using the comprehensive Kubernetes Cluster management function of Pivotal Container Service (PKS) allows us to accomplish these things elegantly in the production environment. In addition, through the use of Pivotal Container Service (PKS) to help us achieve isolation between multiple Clusters, security strategies, performance enhancements, etc., greatly improving the operation and maintenance productivity.
2-3. Convenient version management and release tools
Speaking of container technology, Docker image and Manifest file will definitely not be avoided. The system we build will ultimately provide services through their operation. Then the version management and template management of these important things are indispensable. Pivotal Container Service (PKS) comes with Harbor and Helm, which saves us the work of building Harbor and Helm environments and can be used directly. Using Harbor and Helm can elegantly implement rolling upgrades and rollbacks of services in a production environment. Greatly shorten the release time.
2-4. Virus detection
Virus detection has to be considered in the production environment. If you install Antivirus software in an ordinary server, I believe everyone will do it, but if you install Antivirus software in Kubernetes Cluster, it is estimated that most people don't know what to do. The Pivotal Container Service (PKS) service comes with Antivirus software, which can easily realize virus detection on Kubernetes Cluster. Greatly improve system security.
2-5. Shake the pot
I won’t say much about it. People who know it will naturally understand. This kind of paid service, and it’s still not a cheap paid service, should bear the responsibility of doing it.
3. Pivotal Container Service (PKS) composition
The entire Control System subsystem must have at least 5 machines. Each machine has a different function. We will only briefly introduce them.
3-1.Ops(Ops Manager)
The initial operation interface, the operation of the PKS service can be completed through it.
3-2.BOSH
Control infrastructure (such as vSphere, AWS, etc.), automate the construction of Kubernetes clusters, life and death monitoring, expansion and version upgrades. Accept the requirements of Enterprise PKS and convert to basic vSphere and NSX-T operations. Realize the daily operation of the Kubbernetes cluster after deployment.
3-3.Plan(Enterprise PKS)
The core component of Enterprise PKS. Including the binary files required by the Kubbernetes cluster and the method of constructing the Kubernetes cluster (manifesto) to manage the Kubbernetes cluster.
3-4.Harbor
It provides functions like Docker Hub and Docker Registry that can save and publish container images, as well as user authentication and vulnerability scanning functions.
3-5.Antivirus
Provides the function of virus detection for Kubernetes Cluster
4 Conclusion
This K8S Control System subsystem is indispensable in the production environment. As for what services and tools are selected, it is not important. In addition to Pivotal’s PKS, there are other service tools of the same type, whether paid or free, as long as It can meet the needs of our production environment, or it is recommended to make full use of such services or tools to improve our productivity.
Author: rm * Team
Date: 2020/09/05