Bare Metal Deployment

development

#1

Hi,

We are working on Kubernetes to deploy on Bare Metal VMs. So I created a deployment diagram with ports and traffic . Please review the architecture and let me know if I am missing something. And also any suggestions that cam improve my idea is welcome.

Kind Regards,
Sudhakar


#2

Looks nice!

What OS are you using for the Nodes?

Have you considered running containerd instead of docker for the container runtime?


#3

On a quick look, it makes sense.

Is something in particular you are unsure about? Or what should we look more carefully for? Not sure if you are asking to see if you understand the architecture or for something else :slight_smile:


#4

@macintoshprime
Hi,
Thank you very much for looking into it.
OS is Redhat Linux and we are going to use docker for container runtime.

Kind Regards,
Sudhakar Mallela


#5

@rata
Hi,
Thanks for looking into it.

The Vms will be in different VDC.
And the Master and Nodes can only be accessed with VPN.
So I want to know the ports that I mentioned here are sufficient enough for the Master to Node, Node to Master, Node to Node and External users to the applications are enough or not.
If I am missing something please suggest me.

Kind Regards,
Sudhakar Mallela


#6

@rata
I would like to use weave network for Pod communication.
Is the 6783 port is enough for Pod network b/w Nodes.


#7

Are you running with Docker Enterprise? I am using RHEL in my clusters and Docker is no longer supported unless you’re using Docker Enterprise. As a result we are looking to switch over to containerd.

As your on RHEL you might also want to look at CRI-O. That is unless you specifically need Docker.


#8

Sorry, I don’t know what is vdc. What is it? :slight_smile:

Not sure all the ports, but for sure I think node to node it is not enough. Nodes communicate and load balancer his kube-proxy, that will use a very wide range of ports and each service type nodePort or load balancer is an open port on the nodes.

Why do you want to know the ports? For the knowledge itself or to restrict and harden? Maybe network Policy is best.

What do you want to achieve? :slight_smile:


#9

@macintoshprime

Thanks a lot. Could you please provide me some links where I can explore containerd in Kubernetes.

Kind Regards,
Sduhakar Mallela


#10

@macintoshprime
Please help me with the below.

What is the best way to install Kubernetes on RHEL with CRI-O as an alternative to docker?
Does CRI-O officially comes with Kubernetes?
Can we use CRI-O in Kubernetes installed with Kubespray?


#11

No runtime officially comes with Kubernetes. You must ensure there is a runtime in place, or whatever tooling you use installs one for you.

Yes, you’re best to see what sort of things they support is to check out their own docs in the kubespray repo.

Kubespray documents what they support quite well. :slight_smile:


#12

@mrbobbytables: Thank you.

It seems with CRI-O, scaling and upgrading the cluster is not supported with kubespray. Any suggestions on this.
How we can achieve scaling and upgrading if we choose CRI-O.
Please let me know if any alternative available to this.


#13

The only other option would be to look at some of the other k8s installers, kubeadm for example. That said if kubespray is the one you want to use stick with its recommends.