K8s in Rancher architecture analysis

In the Rancher 1.0 version, Rancher gradually increased Kubernetes, Swarm, Mesos and other multi-arranging engine support, many friends have doubts, such as the Cattle engine and the relationship between these in the end what? How does each engine support it? How does your business environment choose? We will gradually unveil these mysteries to understand the infrastructure in order to be effective in the analysis of problems, and then accurately locate the problem and solve the problem, because there is no one production environment is completely reliable. Based on this background, this time we first introduce you to kubernetes in Rancher architecture.

From the current Rancher development rhythm, the Cattle engine has been defined as Rancher's infrastructure engine, and Rancher's infrastructure services include what? as follows:

  • Networking, Rancher's unified web service, provided by the rancher-net component
  • Load Balancer, Rancher load balancing service, the current view of the routine is basically based on Haproxy to build
  • DNS Service, Rancher's DNS service, mainly to provide service discovery capabilities, provided by the Rancher-DNS component
  • Metadata Service, Rancher's Metadata Service, Metadata is a tool that we use to compose applications – compose, which can be flexible to inject specific information into a service
  • Persistent Storage Service, persistent storage service is currently provided by convoy, and for the realization of the real back-end storage Rancher there are longhorn not completely released
  • Audit Logging, audit log service is an important attribute in the enterprise scene, is currently integrated within the Cattle is not completely separated

So Rancher access to any of a choreography engine, and ultimately the infrastructure services will be integrated into the engine, Kubernetes in Rancher's approach is the case.

Kubernetes the role of each component can be classified as three categories Master, Minion, Etcd, Master is mainly kube-apiserver, kube-scheduler, kube-controller-manager, Minion mainly kubelet and kube-proxy. Rancher in order to integrate k8s control function, but also in the Master added kuberctrld, ingress-controller, kubernetes-agent three services to get through Rancher and K8s, and each node will rely on Rancher Rancher-DNS, Rancher-metadata, Rancher-net these infrastructure services.

Write a picture here

Since K8s are based on the Cattle engine, so after the deployment of K8s, we can clearly see the overall deployment situation through Link Graph.

Write a picture here

The entire service is based on the Rancher-compose construction of the Cattle engine. After adding the new nodes, the kubelet and kube-proxy services are automatically added (using the Global Label feature), and the health-check mechanism is added to each component to ensure a certain degree of high availability The Taking into account the minimum of one up to 3 nodes, single agent host can deploy K8s, three node agent host is more reasonable.

K8s cluster after the completion of the deployment, we can add a variety of application services, the current Rancher support management K8s service, pod, replication-controller, etc., we can use a picture to describe the application view structure.

Write a picture here

Rancher-net component will assign an IP to each pod, Rancher-DNS is replaced by K8s Skydns to achieve service discovery, inside the pod container can still access the Rancher-metadata service to obtain metadata information. In addition to these three basic services, we mentioned earlier kuberctrld, ingress-controller, kubernetes-agent also plays an important role in the play.

Whether it is K8s or Rancher, some of the abstract objects (such as Rancher's stack / service, or K8s serivice / pod) will have events in the update, in any service entry to change these abstract objects will have events, so To ensure that Rancher and k8s can be aware of each other's updates, then kubernetes-agent came into being.

Write a picture here

Information changes such as namespaces, services, replicationcontrollers, pods, etc., such as K8s, are notified to Rancher in a timely manner, and changes to the Host resource management changes (such as changes in host labels) are also notified to K8s.

Simply to say kubernetes-agent is to maintain the Rancher and K8s between the object consistency, and really want to create through the Rancher K8s service or pod like the object, but also need another service to achieve, it is kubectrld, intuitive It is packaged kubectrl, which achieved kubectl create / apply / get and other functions.

Write a picture here

All the K8s object creation request will take the cattle engine, the cattle will request the proxy to kubectrld to start an api service. In addition, Rancher events are monitored to assist in the implementation of CRUDs for related objects.

K8s on the creation of the service for external exposure visit, it will inevitably use the LoadBalancer Type and Ingress kind, note K8s concept under the LoadBalancer and Ingress slightly different, LoadBalancer's main concern in L4 support http / tcp, and Ingrees is To achieve L7 load balancing and can only support http. K8s LoadBalancer need to implement a Cloud Provider in K8s, currently only GCE, and Rancher is to maintain their own K8s version of which provided Rancher Cloud Provider. For Ingress is to provide the Ingress-controller component, which implements the K8s ingress framework, you can get ingress information and the implementation of the corresponding interface. Of course, both will call the Cattle api to create Rancher load balancing, and are completed by Haproxy responsible for the balance function.

Write a picture here

With the current momentum of the K8s community, Rancher should keep up-to-date and constantly update the functional optimization architecture. Until Rancher 1.2 is released, CNI support will be a milestone when Kubernetes in Rancher will be more mature and It is best to use Kubernetes release strides forward.

Source: Rancher Labs

Heads up! This alert needs your attention, but it's not super important.