Barkatul Mujauddin

A Simplified Guide To Kubesphere

A Simplified Guide To Kubesphere

Barkatul Mujauddin's photo
Barkatul Mujauddin
·

14 min read

Table of contents

About KubeSphere

  • KubeSphere is a distributed operating system for cloud-native application management, using Kubernetes as its kernel. It provides a plug-and-play architecture, allowing third-party applications to be seamlessly integrated into its ecosystem.
  • KubeSphere also represents a multi-tenant enterprise-grade Kubernetes container platform with full-stack automated IT operation and streamlined DevOps workflows. It provides developer-friendly wizard web UI, helping enterprises to build out a robust and feature-rich platform. It boasts the most common functionalities needed for enterprise Kubernetes strategies
  • KubeSphere is 100% open source and available on GitHub where you can find all the source code, documents and discussions.
  • KubeSphere is a member of CNCF and a Kubernetes Conformance Certified platform, further enriching CNCF CLOUD NATIVE Landscape.
  • KubeSphere can be deployed on any existing version-compatible Kubernetes cluster on any infrastructure including virtual machine, bare metal, on-premises, public cloud and hybrid cloud.

About KubeKey

  • The KubeSphere team developed KubeKey, an open-source brand-new installer, to help enterprises quickly set up a Kubernetes cluster on public clouds or data centers.
  • Users have the option to install Kubernetes only or install both KubeSphere and Kubernetes.
  • KubeKey provides users with different installation options such as all-in-one installation and multi-node installation.
  • It is also an efficient tool to install cloud-native add-ons, and upgrade and scale your Kubernetes cluster.

KubeSphere Ecosystem Tools

  • KubeSphere integrates a wide breadth of major ecosystem tools related to Kubernetes, ranging from cloud-native apps to the underlying container runtimes. These open-source projects serve as the backend components of KubeSphere, which interact with the KubeSphere console through standard APIs, thus providing consistent user experiences to reduce complexity.
  • KubeSphere also features new capabilities that are not yet available in upstream Kubernetes, alleviating the pain points of Kubernetes including storage, network, security and usability. Not only does KubeSphere allow developers and DevOps teams use their favorite tools in a unified console, but, most importantly, these functionalities are loosely coupled with the platform since they are pluggable and optional.

Features of KubeSphere

KubeSphere provides enterprises with a robust, secure and feature-rich platform, boasting the most common functionalities needed for enterprises adopting Kubernetes, such as multi-cluster deployment and management, network policy configuration, Service Mesh (Istio-based), DevOps projects (CI/CD), security management, Source-to-Image and Binary-to-Image, multi-tenant management, multi-dimensional monitoring, log query and collection, alerting and notification, auditing, application management, and image registry management. It also supports various open source storage and network solutions, as well as cloud storage services.

The following modules elaborate on the key features and benefits provided by KubeSphere :

Provisioning and Maintaining Kubernetes

Provisioning Kubernetes Clusters

KubeKey allows you to deploy Kubernetes on your infrastructure out of box, provisioning Kubernetes clusters with high availability. It is recommended that at least three master nodes are configured behind a load balancer for production environment.

Kubernetes Resource Management

KubeSphere provides a graphical web console, giving users a clear view of a variety of Kubernetes resources, including Pods and containers, clusters and nodes, workloads, secrets and ConfigMaps, services and Ingress, jobs and CronJobs, and applications. With wizard user interfaces, users can easily interact with these resources for service discovery, HPA, image management, scheduling, high availability implementation, container health check and more.

Cluster Upgrade and Scaling

The next-gen installer KubeKey provides an easy way of installation, management and maintenance. Moreover, it supports rolling upgrades of Kubernetes clusters so that the cluster service is always available while being upgraded. Also, you can add new nodes to a Kubernetes cluster to include more workloads by using KubeKey.

Multi-cluster Management and Deployment

  • As the IT world sees a growing number of cloud-native applications reshaping software portfolios for enterprises, users tend to deploy their clusters across locations, geographies, and clouds. Against this backdrop, KubeSphere has undergone a significant upgrade to address the pressing need of users with its brand-new multi-cluster feature.
  • With KubeSphere, users can manage the infrastructure underneath, such as adding or deleting clusters. Heterogeneous clusters deployed on any infrastructure (for example, Amazon EKS and Google Kubernetes Engine) can be managed in a unified way. This is made possible by a central control plane of KubeSphere with two efficient management approaches available.
    • Solo - Independently deployed Kubernetes clusters can be maintained and managed together in KubeSphere container platform.
    • Federation - Multiple Kubernetes clusters can be aggregated together as a Kubernetes resource pool. When users deploy applications, replicas can be deployed on different Kubernetes clusters in the pool. In this regard, high availability is achieved across zones and clusters.

DevOps Support

KubeSphere provides a pluggable DevOps component based on popular CI/CD tools such as Jenkins. It features automated workflows and tools including binary-to-image (B2I) and source-to-image (S2I) to package source code or binary artifacts into ready-to-run container images.

CI/CD Pipeline

  • Automation - CI/CD pipelines and build strategies are based on Jenkins, streamlining and automating the development, test and production process. Dependency caches are used to accelerate build and deployment.
  • Out-of-box - Users can ship their Jenkins build strategy and client plugin to create a Jenkins pipeline based on Git repository/SVN. They can define any step and stage in the built-in Jenkinsfile. Common agent types are embedded, such as Maven, Node.js and Go. Users can customize the agent type as well.
  • Visualization - Users can easily interact with a visualized control panel to set conditions and manage CI/CD pipelines.
  • Quality Management - Static code analysis is supported to detect bugs, code smells and security vulnerabilities.
  • Logs - The entire running process of CI/CD pipelines is recorded.

Source-to-Image

  • Source-to-Image (S2I) is a toolkit and automated workflow for building reproducible container images from source code. S2I produces ready-to-run images by injecting source code into a container image and making the container ready to execute from source code.
  • S2I allows you to publish your service to Kubernetes without writing a Dockerfile. You just need to provide a source code repository address, and specify the target image registry. All configurations will be stored as different resources in Kubernetes. Your service will be automatically published to Kubernetes, and the image will be pushed to the target registry as well.

Binary-to-Image

  • Similar to S2I, Binary-to-Image (B2I) is a toolkit and automated workflow for building reproducible container images from binary (for example, Jar, War, Binary package).
  • You just need to upload your application binary package, and specify the image registry to which you want to push. The rest is exactly the same as S2I.

Istio-based Service Mesh

KubeSphere service mesh provides fine-grained traffic management, observability, tracing, and service identity and security management for a distributed application. Therefore, developers can focus on core business. With service mesh management of KubeSphere, users can better track, route and optimize communications within Kubernetes for cloud-native apps.

Traffic Management

  • Canary release represents an important deployment strategy of new versions for testing purposes. Traffic is separated with a pre-configured ratio into a canary release and a production release respectively. If everything goes well, users can change the percentage and gradually replace the old version with the new one.
  • Blue-green deployment allows users to run two versions of an application at the same time. Blue stands for the current app version and green represents the new version tested for functionality and performance. Once the testing results are successful, application traffic is routed from the in-production version (blue) to the new one (green).
  • Traffic mirroring enables teams to bring changes to production with as little risk as possible. Mirroring sends a copy of live traffic to a mirrored service.
  • Circuit breaker allows users to set limits for calls to individual hosts within a service, such as the number of concurrent connections or how many times calls to this host have failed.

Visualization

KubeSphere service mesh has the ability to visualize the connections between microservices and the topology of how they interconnect. In this regard, observability is extremely useful in understanding the interconnection of cloud-native microservices.

Distributed Tracing

Based on Jaeger, KubeSphere service mesh enables users to track how services interact with each other. It helps users gain a deeper understanding of request latency, bottlenecks, serialization and parallelism via visualization.

Multi-tenant Management

In KubeSphere, resources (for example, clusters) can be shared between tenants. First, administrators or managers need to set different account roles with different authorizations. After that, members in the platform can be assigned with these roles to perform specific actions on varied resources. Meanwhile, as KubeSphere completely isolates tenants, they will not affect each other at all.

  • Multi-tenancy - It provides role-based fine-grained authentication in a unified way and a three-tier authorization system.
  • Unified authentication - For enterprises, KubeSphere is compatible with their central authentication system that is base on LDAP or AD protocol. Single sign-on (SSO) is also supported to achieve unified authentication of tenant identity.
  • Authorization system - It is organized into three levels: cluster, workspace and project. KubeSphere ensures resources can be shared while different roles at multiple levels are completely isolated for resource security.

Observability

Multi-dimensional Monitoring

KubeSphere features a self-updating monitoring system with graphical interfaces that streamline the whole process of operation and maintenance. It provides customized monitoring of a variety of resources and includes a set of alerts that can immediately notify users of any occurring issues.

  • Customized monitoring dashboard - Users can decide exactly what metics need to be monitored in what kind of form. Different templates are available in KubeSphere for users to select, such as Elasticsearch, MySQL, and Redis.
  • O&M-friendly - The monitoring system can be operated in a visualized interface with open standard APIs for enterprises to integrate their existing systems.
  • Third-party compatibility - KubeSphere is compatible with Prometheus, which is the de facto metrics collection platform for monitoring in Kubernetes environments.
  • Multi-dimensional monitoring at second-level precision.
  • Ranking - Users can sort data by node, workspace and project, which gives them a graphical view of how their resources are running in a straightforward way.
  • Component monitoring - It allows users to quickly locate any component failures to avoid unnecessary business downtime.

Alerting, Events, Auditing and Notifications

  • Customized alerting policies and rules - The alerting system is based on multi-tenant monitoring of multi-dimensional metrics. The system will send alerts related to a wide spectrum of resources such as pod, network and workload. In this regard, users can customize their own alerting policy by setting specific rules, such as repetition interval and time. The threshold and alerting level can also be defined by users themselves.
  • Accurate event tracking - KubeSphere allows users to know what is happening inside a cluster, such as container running status (successful or failed), node scheduling, and image pulling result. They will be accurately recorded with the specific reason, status and message displayed in the web console. In a production environment, this will help users to respond to any issues in time.
  • Enhanced auditing security - As KubeSphere features fine-grained management of user authorization, resources and network can be completely isolated to ensure data security. The comprehensive auditing feature allows users to search for activities related to any operation or alert.
  • Diversified notification methods - Emails represent a key approach for users to receive notifications of relevant activities they want to know. They can be sent based on the rule set by users themselves, who are able to customize the sender email address and their receiver lists.

Log Query and Collection

  • Multi-tenant log management - In KubeSphere log search system, different tenants can only see their own log information. Logs can be exported as records for future reference.
  • Multi-level log query - Users can search for logs related to various resources, such as projects, workloads, and pods. Flexible and convenient log collection configuration options are available.
  • Multiple log collectors - Users can choose log collectors such as Elasticsearch, Kafka, and Fluentd.

  • On-disk log collection - For applications whose logs are saved in a Pod sidecar as a file, users can enable Disk Log Collection.

    Application Management and Orchestration

  • App Store - KubeSphere provides an app store based on OpenPitrix, an industry-leading open source system for app management across the whole lifecycle, including release, removal, and distribution.
  • App repository - In KubeSphere, users can create an app repository hosted either in object storage (such as QingStor or AWS S3) or in GitHub.
  • App template - With app templates, KubeSphere provides a visualized way for app deployment with just one click. Internally, app templates can help different teams in the enterprise to share middleware and business systems.

Multiple Storage Solutions

  • Open source storage solutions are available such as GlusterFS, CephRBD, and NFS.
  • NeonSAN CSI plugin connects to QingStor NeonSAN to meet core business requirements for low latency, high resilience, and high performance.
  • QingCloud CSI plugin connects to various block storage services in QingCloud platform.

Multiple Network Solutions

  • Open source network solutions are available such as Calico and Flannel.
  • OpenELB, a load balancer developed for bare metal Kubernetes clusters, is designed by KubeSphere development team.

Why KubeSphere

  • KubeSphere provides high-performance and scalable container service management for enterprises.
  • It aims to help them accomplish digital transformation driven by cutting-edge technologies, and accelerate app iteration and business delivery to meet the ever-changing needs of enterprises.

Here are the six major advantages of KubeSphere.

  1. Unified management of clusters across cloud providers - As container usage ramps up, enterprises are faced with increased complexity of cluster management as they deploy clusters across cloud and on-premises environments. To address the urgent need of users for a uniform platform to manage heterogeneous clusters, KubeSphere sees a major feature enhancement with substantial benefits. Users can leverage KubeSphere to manage, monitor, import and operate clusters across regions, clouds and environments.

  2. Powerful observability - The observability feature of KubeSphere has been greatly improved with key building blocks enhanced, including monitoring, logging, auditing, events, alerting and notification. The highly functional system allows users to observe virtually everything that happens in the platform.

  3. Automated DevOps - The KubeSphere DevOps system is built with Jenkins as the engine, which is abundant in plugins. On top of that, Jenkins provides an enabling environment for extension development, making it possible for the DevOps team to work smoothly across the whole process (developing, testing, building, deploying, monitoring, logging, notifying, etc.) in a unified platform.

  4. Fine-grained access control - KubeSphere supports fine-grained access control across different levels, including clusters, workspaces and projects. Users with specific roles can operate on different resources.

  5. Out-of-box microservices governance - KubeSphere provides users with a well-diversified portfolio of solutions to traffic management, including canary release, blue-green deployment, traffic mirroring and circuit breaking. With a highly interactive web console, KubeSphere allows users to view how microservices interconnect with each other in a straightforward way. This helps users to monitor apps, locate failures, and improve performance.

  6. Vibrant open source community - As an open-source project, KubeSphere represents more than just a container platform for app deployment and distribution. The KubeSphere team believes that a true open-source model focuses more on sharing, discussions and problem solving with everyone involved. Together with partners, ambassadors and contributors, and other community members, the KubeSphere team files issues, submits pull requests, participates in meetups, and exchanges ideas of innovation.

Architecture

  • KubeSphere separates frontend from backend, and it itself is a cloud native application and provides open standard REST APIs for external systems to use.
  • KubeSphere can run anywhere from on-premise datacenter to any cloud to edge. In addition, it can be deployed on any Kubernetes distribution.
  • The following figure is the system architecture.

Components List

  • ks-apiserver - The KubeSphere API server validates and configures data for the API objects which include Kubernetes objects. The API Server services REST operations and provides the frontend to the cluster's shared state through which all other components interact.
  • ks-console - KubeSphere console offers KubeSphere console service.
  • ks-controller-manager - KubeSphere controller takes care of business logic, for example, when create a workspace, the controller will automatically create corresponding permissions and configurations for it.
  • metrics-server - Kubernetes monitoring component collects metrics from Kubelet on each node.
  • Prometheus - provides monitoring metrics and services of clusters, nodes, workloads, API objects.
  • Elasticsearch - provides log indexing, querying and data management. Besides the built-in service, KubeSphere supports the integration of external Elasticsearch service.
  • Fluent Bit - collects logs and forwarding them to ElasticSearch or Kafka.
  • Jenkins - provides CI/CD pipeline service.
  • SonarQube - is an optional component that provides code static checking and quality analysis.
  • Source-to-Image - automatically compiles and packages source code into Docker image.
  • Istio - provides microservice governance and traffic control, such as grayscale release, canary release, circuit break, traffic mirroring and so on.
  • Jaeger - collects sidecar data and provides distributed tracing service.
  • OpenPitrix - provides application lifecycle management such as template management, deployment, app store management, etc.
  • Alert - provides configurable alert service for cluster, workload, Pod, and container etc.
  • Notification - is an integrated notification service; it currently supports mail delivery method.
  • Redis - caches the data of ks-console and ks-account.
  • MySQL - is the shared database for cluster back-end components including monitoring, alarm, DevOps, OpenPitrix etc.
  • PostgreSQL - SonarQube and Harbor's back-end database.
  • OpenLDAP - is responsible for centralized storage and management of user account and integrates with external LDAP server.
  • Storage - built-in CSI plug-in collecting cloud platform storage services. It supports open source NFS/Ceph/Gluster client.
  • Network - supports Calico/Flannel and other open source network plug-ins to integrate with cloud platform SDN.

If you've reached so far thanks for reading, hopefully this blog has helped you get a better understanding on kubesphere.