4 Component model #
This section describes the various components being used to create a SUSE Rancher solution deployment, in the perspective of top to bottom ordering. When completed, the SUSE Rancher instance enables the management of multiple, downstream Kubernetes clusters.
4.1 Component overview #
By using:
Software
Multi-cluster Management Server - SUSE Rancher
Kubernetes Platform - K3s
Linux Operating System - SUSE Linux Enterprise Micro
Compute Platform
Cisco UCS
you can create the necessary infrastructure and services. Further details for these components are described in the following sections.
4.2 Software - SUSE Rancher #
SUSE Rancher is a Kubernetes native multi-cluster container management platform. It addresses these challenges by delivering the following key functions, as shown in the following figure:
- Certified Kubernetes Distributions
SUSE Rancher supports management of any CNCF certified Kubernetes distribution for:
development, edge, branch workloads, SUSE offerings like K3s, a CNCF certified lightweight distribution of Kubernetes
workload infrastructures, either on-premise or public-cloud based, SUSE offerings like Rancher Kubernetes Engine (RKE) or Rancher Kubernetes Engine Government (RKE2), as CNCF certified Kubernetes distributions for both bare-metal and virtualized servers
the public cloud, hosted Kubernetes services like
- Simplified Cluster Operations and Infrastructure Management
SUSE Rancher provides simple, consistent cluster operations including provisioning and templates, configuration and lifecycle version management, along with visibility and diagnostics.
- Security and Authentication
SUSE Rancher integrates and utilizes existing directory services, to automate processes and apply a consistent set of identity and access management (IAM) plus security policies for all the managed clusters, no matter where they are running.
- Policy Enforcement and Governance
SUSE Rancher includes audit and security guideline enforcement, monitoring and logging functions, along with user, network and workload policies distributed across all managed clusters.
- Platform Services
SUSE Rancher also provides a rich catalog of services for building, deploying and scaling containerized applications, including app packaging, logging, monitoring and service mesh.
Learn more information about SUSE Rancher
For a production implementation of SUSE Rancher, deploying upon a Kubernetes platform is required and the next sections describe the suggested component layering approach.
4.3 Software - K3s #
K3s is packaged as a single binary, which is about 50 megabytes in size. Bundled in that single binary is everything needed to run Kubernetes anywhere, including low-powered IoT and Edge-based devices. The binary includes:
the container runtime
important host utilities such as iptables, socat and du
The only OS dependencies are the Linux kernel itself and a proper dev, proc and sysfs mounts (this is done automatically on all modern Linux distributions). K3s bundles the Kubernetes components:
kube-apiserver,
kube-controller-manager,
kube-scheduler,
kubelet and
kube-proxy
into combined processes that are presented as a simple server and agent model, as represented in the following figure:
K3s can run as a complete cluster on a single node or can be expanded into a multi-node cluster. Besides the core Kubernetes components, these are also included:
containerd,
Flannel,
CoreDNS,
ingress controller and
a simple host port-based service load balancer.
All of these components are optional and can be swapped out for your implementation of choice. With these included components, you get a fully functional and CNCF-conformant cluster so you can start running apps right away. K3s is now a CNCF Sandbox project, being the first Kubernetes distribution ever to be adopted into sandbox.
Learn more information about K3s
4.4 Software - SUSE Linux Enterprise Micro #
SUSE Linux Enterprise Micro combines the assurance of enterprise-grade security and compliance with the immutability and portability of a modern, lightweight operating system. The top 4 features are:
- Immutable OS
Immutable design ensures the OS is not altered during runtime and runs reliably every single time. Security signed and verified transactional updates are easy to rollback if things go wrong.
- Security and Compliance
Fully open source and built using open standards, SUSE Linux Enterprise Micro leverages SUSE Linux Enterprise common code base, to provide FIPS 140-2, DISA SRG/STIG, integration with CIS and Common Criteria certified configurations. Includes fully supported security framework (SELinux) with policies.
- Architectural Flexibility
Both Arm and x86-64 architectures are supported so you can deploy edge applications with confidence across multiple architectures.
- Kubernetes-Ready
You can easily combine SUSE Linux Enterprise Micro with the latest cloud-native technologies including SUSE Rancher, Rancher Kubernetes Engine, Longhorn persistent block storage, and K3s, the world’s most popular Kubernetes distribution for use in low resource, distributed edge locations.
As a result, you get an ultra-reliable infrastructure platform that is also simple to use and comes out-of-the-box with best-in-class compliance. Furthermore, SUSE’s flexible subscription model ensures enterprise assurance for any edge, embedded or IoT deployment without vendor lock-in. A free, evaluation copy can be downloaded or if the organization already has subscriptions, both install media and updates can be obtained from SUSE Customer Center.
4.5 Compute Platform #
Leveraging the enterprise grade functionality of the operating system mentioned in the previous section, many compute platforms can be the foundation of the deployment:
Virtual machines on supported hypervisors or hosted on cloud service providers
Physical, baremetal or single-board computers, either on-premises or hosted by cloud service providers
To complete self-testing of hardware with SUSE YES Certified Process, you can download and install the respective SUSE operating system support-pack version of SUSE Linux Enterprise Server and the YES test suite. Then run the tests per the instructions in the test kit, fixing any problems encountered and when corrected, re-run all tests to obtain clean test results. Submit the test results into the SUSE Bulletin System (SBS) for audit, review and validation.
Certified systems and hypervisors can be verified via SUSE YES Certified Bulletins and then can be leveraged as supported nodes for this deployment, as long as the certification refers to the respective version of the underlying SUSE operating system required.
- Cisco UCS C-Series Rack Servers
Cisco UCS C-Series Rack Servers delivers unified computing in an industry-standard form factor to reduce TCO and increase agility. Each server addresses varying workload challenges through a balance of processing, memory, I/O, and internal storage resources. These servers can be deployed as stand-alone servers or as part of a Cisco Unified Computing System (Cisco UCS) managed environment to take advantage of Cisco’s standards-based unified computing innovations that help reduce customers’ Total Cost of Ownership (TCO) and increase their business agility. ~
Server product-line and model options abound in the Cisco UCS C-Series Rack Servers, including:
Cisco UCS C240 SD M5 is a high-performance compute solution in a dense 2-socket, 2-Rack-Unit, 22” form-factor to handle the most critical real-time compute applications. This front-access server can be deployed as stand-alone servers or as part of a Cisco Unified Computing System (Cisco UCS) to deliver an exceptional management experience for a variety of applications by:
incorporating the 2nd generation of Intel Xeon Scalable processors, Intel Optane Memory, and various drive options including All-NVMe, SAS and SATA drives.
being density optimized to accommodate space constrained environments while still offering industry-leading performance and expandability. It supports a wide range of workloads from enterprise to edge applications such as Multi-access Edge Compute (MEC).
NoteCisco UCS Hardware Compatibilty List provides a lookup tool for Servers & OS Support, for versions of SUSE offerings.
Cisco Intersight:: To simplify multiple compute module setups and configurations, leverage Cisco Intersight which is is an API driven, cloud-based system management platform that integrates with the Cisco Integrated Management Controller. It is designed to help organizations to achieve their IT management and operations with a higher level of automation, simplicity, and operational efficiency. It is a new generation of global management tool for the Cisco UCS and Cisco HyperFlex systems and provides a holistic and unified approach to managing the customers’ distributed and virtualized environments. Cisco Intersight simplifies the installation, monitoring, troubleshooting, upgrade, and support for your infrastructure with the following benefits:
Provide Cloud Based Management: The ability to manage Cisco UCS and Cisco HyperFlex from the cloud provides the customers the speed, simplicity, and easy scaling in the management of their infrastructure whether in the datacenters or remote and branch office locations.
Automation: Unified API in Cisco UCS and Cisco HyperFlex systems enables policy-driven configuration and management of the infrastructure and it makes Intersight itself and the devices connected to it fully programmable and DevOps friendly. An even more advanced infrastructure-as-code approach with Intersight can use Terraform.
Analytics and Telemetry: Intersight monitors the health and relationships of all the physical and virtual infrastructure components. It also collects telemetry and configuration information for developing the intelligence of the platform in the way in accordance with Cisco information security requirements.
Connected Cisco Technical Assistance Center (TAC): Solid integration with Cisco TAC enables more efficient and proactive technical support. Intersight provides enhanced operations automation by expediting sending files to speed troubleshooting.
Recommendation Engine: Driven by analytics and machine learning, Intersight recommendation engine provides actionable intelligence for IT operations management from the daily increasing knowledge base and practical insights learned in the entire system.
Management as A Service: Cisco Intersight provides management as a service and is designed to be infinitely scalable and easy to implement. It relieves users of the burden of maintaining systems management software and hardware.
A sample bill of materials, in the Chapter 9, Appendix, cites the necessary quantites of all components, along with a reference to the minimum resource requirements needed by the software components.