4 Component model #
This section describes the various components being used to create a K3s solution deployment, in the perspective of top to bottom ordering. When completed, the K3s instance can be used as the application infrastructure for cloud-native workloads and can be imported into SUSE Rancher for management.
4.1 Component overview #
By using:
Software
Kubernetes Platform - K3s
Linux Operating System - SUSE Linux Enterprise Micro
Compute Platform
Lenovo ThinkSystem SE350 Edge Server
Lenovo ThinkEdge SE450 Edge Server
you can create the necessary infrastructure and services. Further details for these components are described in the following sections.
4.2 Software - K3s #
K3s is packaged as a single binary, which is about 50 megabytes in size. Bundled in that single binary is everything needed to run Kubernetes anywhere, including low-powered IoT and Edge-based devices. The binary includes:
the container runtime
important host utilities such as iptables, socat and du
The only OS dependencies are the Linux kernel itself and a proper dev, proc and sysfs mounts (this is done automatically on all modern Linux distributions). K3s bundles the Kubernetes components:
kube-apiserver,
kube-controller-manager,
kube-scheduler,
kubelet and
kube-proxy
into combined processes that are presented as a simple server and agent model, as represented in the following figure:
K3s can run as a complete cluster on a single node or can be expanded into a multi-node cluster. Besides the core Kubernetes components, these are also included:
containerd,
Flannel,
CoreDNS,
ingress controller and
a simple host port-based service load balancer.
All of these components are optional and can be swapped out for your implementation of choice. With these included components, you get a fully functional and CNCF-conformant cluster so you can start running apps right away. K3s is now a CNCF Sandbox project, being the first Kubernetes distribution ever to be adopted into sandbox.
As K3s can be deployed on a single or multiple nodes, the next sections describe the suggested component layering approach.
4.3 Software - SUSE Linux Enterprise Micro #
SUSE Linux Enterprise Micro combines the assurance of enterprise-grade security and compliance with the immutability and portability of a modern, lightweight operating system. The top 4 features are:
- Immutable OS
Immutable design ensures the OS is not altered during runtime and runs reliably every single time. Security signed and verified transactional updates are easy to rollback if things go wrong.
- Security and Compliance
Fully open source and built using open standards, SUSE Linux Enterprise Micro leverages SUSE Linux Enterprise common code base, to provide FIPS 140-2, DISA SRG/STIG, integration with CIS and Common Criteria certified configurations. Includes fully supported security framework (SELinux) with policies.
- Architectural Flexibility
Both Arm and x86-64 architectures are supported so you can deploy edge applications with confidence across multiple architectures.
- Kubernetes-Ready
You can easily combine SUSE Linux Enterprise Micro with the latest cloud-native technologies including SUSE Rancher, Rancher Kubernetes Engine, Longhorn persistent block storage, and K3s, the world’s most popular Kubernetes distribution for use in low resource, distributed edge locations.
As a result, you get an ultra-reliable infrastructure platform that is also simple to use and comes out-of-the-box with best-in-class compliance. Furthermore, SUSE’s flexible subscription model ensures enterprise assurance for any edge, embedded or IoT deployment without vendor lock-in. A free, evaluation copy can be downloaded or if the organization already has subscriptions, both install media and updates can be obtained from SUSE Customer Center.
4.4 Compute Platform #
Leveraging the enterprise grade functionality of the operating system mentioned in the previous section, many compute platforms can be the foundation of the deployment:
Virtual machines on supported hypervisors or hosted on cloud service providers
Physical, baremetal or single-board computers, either on-premises or hosted by cloud service providers
To complete self-testing of hardware with SUSE YES Certified Process, you can download and install the respective SUSE operating system support-pack version of SUSE Linux Enterprise Server and the YES test suite. Then run the tests per the instructions in the test kit, fixing any problems encountered and when corrected, re-run all tests to obtain clean test results. Submit the test results into the SUSE Bulletin System (SBS) for audit, review and validation.
Certified systems and hypervisors can be verified via SUSE YES Certified Bulletins and then can be leveraged as supported nodes for this deployment, as long as the certification refers to the respective version of the underlying SUSE operating system required.
Designed and built with the unique requirements for edge servers in mind, Lenovo ThinkEdge Edge Servers are versatile enough to stretch the limitations of server locations, providing a variety of connectivity and security options and easily managed with Lenovo XClarity Controller.
- Lenovo XClarity Controller
The Lenovo XClarity Controller is an embedded out-of-band management system in every Lenovo ThinkSystem and ThinkEdge server to standardize, simplify and automate foundation server management tasks. It provides an uncluttered user interface, intuitive dashboards, at-a-glance status visualizations and easy access to common actions that helps you deploy and manage servers with ease. XClarity Controller is built on open standards to help standardize communication and inter-operability, and improve portability of applications and data. Redfish-compliant REST APIs and other industry standards enable you to manage Lenovo ThinkSystem and ThinkEdge servers on your own terms.
Multiple edge server models exist in Lenovo Edge Servers portfolio, as detailed in the following sections.
4.4.1 Lenovo ThinkSystem SE350 Edge Server #
The ThinkSystem SE350 Edge Server is SUSE YES Certified Hardware.
- Lenovo ThinkSystem SE350 Edge Server
The ThinkSystem SE350 Edge Server is a purpose-built server that is half the width and significantly shorter than a traditional server, making it ideal for deployment in tight spaces. It can be mounted on a wall, stacked on a shelf or mounted in a rack. The ThinkSystem SE350 puts increased processing power, storage and network closer to where data is generated, allowing actions resulting from the analysis of that data to take place more quickly.
4–16 server cores with up to 256 GB of memory
broad-wired and wireless connectivity
rugged, extended operating temperature of 0–55°C, up to 40G shock & 3Grms vibration with optional dust filter
up to 16 TB of SSD storage
small form factors with flexible mounting options
low-touch deployment
highly secure with optional SED encrypted storage for user data, as well as motion and intrusion tamper detection
4.4.2 Lenovo ThinkEdge SE450 Edge Server #
The ThinkEdge SE450 Edge Server is SUSE YES Certified Hardware.
- Lenovo ThinkEdge SE450 Edge Server
The ThinkEdge SE450 Edge Server is a single-socket server, with a 2U height and short depth case that can go almost anywhere. It can be mounted on a wall, placed on the floor like a tower server, or mounted in a rack. This rugged edge server can handle continuous operating temperatures from 5°C to 45°C, and some configurations are designed to meet NEBS Level-3 and ETSI requirements for 96 hours operating excursions from –5°C to 55°C as well as tolerance to locations with high dust and vibration. The ThinkEdge SE450 Edge Server is based on the 3rd Gen Intel Xeon Scalable processor and is designed to virtualize traditional IT applications as well as new transformative AI systems, providing the processing power, storage, accelerator, and networking technologies required for today’s edge workloads.
10-36 server cores with up to 1TB of memory
broad-wired and wireless connectivity
supports up to four single-width GPUs or two double-width GPUs
offers up to four PCIe 4.0 slots plus a slot dedicated to the OCP adapter
offers additional physical security features such as a chassis intrusion switch and a lockable front bezel
A sample bill of materials, in the Chapter 9, Appendix, cites the necessary quantites of all components, along with a reference to the minimum resource requirements needed by the software components.