Jump to contentJump to page navigation: previous page [access key p]/next page [access key n]
documentation.suse.com / Layered Stack Deployment of SUSE Rancher / Component model
Applies to SUSE Linux Enterprise Server 15 SP3, K3s 1.20.14, SUSE Rancher 2.5.12

4 Component model

This section describes the various components being used to create a SUSE Rancher solution deployment, in the perspective of top to bottom ordering. When completed, the SUSE Rancher instance enables the management of multiple, downstream Kubernetes clusters.

4.1 Component overview

By using:

  • Software

    • Multi-cluster Management Server - SUSE Rancher

    • Kubernetes Platform - K3s

    • Linux Operating System - SUSE Linux Enterprise Server

  • Compute Platform

    • Supermicro Supermicro SuperServer

you can create the necessary infrastructure and services. Further details for these components are described in the following sections.

4.2 Software - SUSE Rancher

SUSE Rancher is a Kubernetes native multi-cluster container management platform. It addresses these challenges by delivering the following key functions, as shown in the following figure:

Rancher overview
Figure 4.1: Component Overview - SUSE Rancher
Certified Kubernetes Distributions

SUSE Rancher supports management of any CNCF certified Kubernetes distribution for:

  • development, edge, branch workloads, SUSE offerings like K3s, a CNCF certified lightweight distribution of Kubernetes

  • workload infrastructures, either on-premise or public-cloud based, SUSE offerings like Rancher Kubernetes Engine (RKE) or Rancher Kubernetes Engine Government (RKE2), as CNCF certified Kubernetes distributions for both bare-metal and virtualized servers

  • the public cloud, hosted Kubernetes services like

    • Amazon Elastic Kubernetes Service (EKS⁠[4]),

    • Azure Kubernetes Service (AKS⁠[5]) and

    • Google Kubernetes Engine (GKE⁠[6]).

Simplified Cluster Operations and Infrastructure Management

SUSE Rancher provides simple, consistent cluster operations including provisioning and templates, configuration and lifecycle version management, along with visibility and diagnostics.

Security and Authentication

SUSE Rancher integrates and utilizes existing directory services, to automate processes and apply a consistent set of identity and access management (IAM) plus security policies for all the managed clusters, no matter where they are running.

Policy Enforcement and Governance

SUSE Rancher includes audit and security guideline enforcement, monitoring and logging functions, along with user, network and workload policies distributed across all managed clusters.

Platform Services

SUSE Rancher also provides a rich catalog of services for building, deploying and scaling containerized applications, including app packaging, logging, monitoring and service mesh.

Tip
Tip

Learn more information about SUSE Rancher

For a production implementation of SUSE Rancher, deploying upon a Kubernetes platform is required and the next sections describe the suggested component layering approach.

4.3 Software - K3s

K3s is packaged as a single binary, which is about 50 megabytes in size. Bundled in that single binary is everything needed to run Kubernetes anywhere, including low-powered IoT and Edge-based devices. The binary includes:

  • the container runtime

  • important host utilities such as iptables, socat and du

The only OS dependencies are the Linux kernel itself and a proper dev, proc and sysfs mounts (this is done automatically on all modern Linux distributions). K3s bundles the Kubernetes components:

  • kube-apiserver,

  • kube-controller-manager,

  • kube-scheduler,

  • kubelet and

  • kube-proxy

into combined processes that are presented as a simple server and agent model, as represented in the following figure:

K3s overview
Figure 4.2: Component Overview - K3s

K3s can run as a complete cluster on a single node or can be expanded into a multi-node cluster. Besides the core Kubernetes components, these are also included:

  • containerd,

  • Flannel,

  • CoreDNS,

  • ingress controller and

  • a simple host port-based service load balancer.

All of these components are optional and can be swapped out for your implementation of choice. With these included components, you get a fully functional and CNCF-conformant cluster so you can start running apps right away. K3s is now a CNCF Sandbox project, being the first Kubernetes distribution ever to be adopted into sandbox.

Tip
Tip

Learn more information about K3s

4.4 Software - SUSE Linux Enterprise Server

SUSE Linux Enterprise Server (SLES) is an adaptable and easy-to-manage platform that allows developers and administrators to deploy business-critical workloads on-premises, in the cloud and at the edge. It is a Linux operating system that is adaptable to any environment – optimized for performance, security and reliability. As a multimodal operating system that paves the way for IT transformation in the software-defined era, this simplifies multimodal IT, makes traditional IT infrastructure efficient and provides an engaging platform for developers. As a result, one can easily deploy and transition business-critical workloads across on-premises and public cloud environments.

Designed for interoperability, SUSE Linux Enterprise Server integrates into classical Unix and Windows environments, supports open standard interfaces for systems management, and has been certified for IPv6 compatibility. This modular, general purpose operating system runs on four processor architectures and is available with optional extensions that provide advanced capabilities for tasks such as real time computing and high availability clustering. SUSE Linux Enterprise Server is optimized to run as a high performing guest on leading hypervisors and supports an unlimited number of virtual machines per physical system with a single subscription. This makes it the perfect guest operating system for virtual computing.

4.5 Compute Platform

Leveraging the enterprise grade functionality of the operating system mentioned in the previous section, many compute platforms can be the foundation of the deployment:

  • Virtual machines on supported hypervisors or hosted on cloud service providers

  • Physical, baremetal or single-board computers, either on-premises or hosted by cloud service providers

Note
Note

To complete self-testing of hardware with SUSE YES Certified Process, you can download and install the respective SUSE operating system support-pack version of SUSE Linux Enterprise Server and the YES test suite. Then run the tests per the instructions in the test kit, fixing any problems encountered and when corrected, re-run all tests to obtain clean test results. Submit the test results into the SUSE Bulletin System (SBS) for audit, review and validation.

Tip
Tip

Certified systems and hypervisors can be verified via SUSE YES Certified Bulletins and then can be leveraged as supported nodes for this deployment, as long as the certification refers to the respective version of the underlying SUSE operating system required.

Supermicro servers take advantage of the latest CPU technologies available. The new servers have been shown to produce more work per watt than ever before. Thus, additional workloads can not only be performed in less time, but at a lower cost as well. Supermicro systems can support up to 6TB of memory per socket.

4.5.1 SYS-120C-TN10R Rack Servers

Note
Note

The Supermicro SYS-120C-TN10R is SUSE YES Certified Hardware.

The SYS-120C-TN10R Rack Servers provide the following attributes:

Ultimate Flexibility
  • CPU: Up to 270W and 40 cores

  • Memory: 4TB DDR4-3200 memory in 16 DIMM slots w/ support of Intel Optane PMEM 200 series

  • Storage: Up to 10x all hybrid drive bays (NVMe/SAS/SATA) + Flexible internal storage options (dual NVMe M.2 / SATADOM)

  • Expansion: Up to 2 standard PCIe 4.0 FHHL expansion slots + 2 AIOM for OCP 3.0 NIC; Building block solution for different applications and environment

  • 860W Platinum level redundant PWS

Efficient and Cost-Effective
  • Cost optimized for large volume deployment

  • Tool-less mechanical design for rapid deployment

  • Hot-swap storage and PWS for easy maintenance.

  • IPMI, serial port and service tag for easy management

Compact
  • Compact system design makes no waste of internal space

  • < 600mm chassis depth

  • Fully utilized system resource with 12 NVMe, 4 PCIe 4.0 x16 + 2 PCIe 4.0 x8 expansion

Secure
  • Security is top priority

  • TPM 1.2/2.0, signed firmware, Silicon Root of Trust

  • Secure Boot, System Erase

  • FIPS Compliance, Trusted Execution Environment

Application Ready
  • Balanced architecture between CPUs and optimized for scalable compute, database, GPU, tiered storage and I/O intensive applications

  • Support open standards like OpenBMC and OCP 3.0

Keep it Green
  • Optimized thermal design

  • High efficiency Platinum level PWS (AC/DC)

  • Reduced waste with bulk packaging and customizable accessories

4.5.2 SYS-620C-TN12R Rack Servers

Note
Note

The Supermicro SYS-620C-TN12R is SUSE YES Certified Hardware.

The SYS-620C-TN12R Rack Servers provide the following attributes:

Ultimate Flexibility
  • CPU: Up to 270W and 40 cores

  • Memory: 4TB DDR4-3200 memory in 16 DIMM slots w/ support of Intel Optane PMEM 200 series

  • Storage: Up to 12 all hybrid drive bays (NVMe/SAS/SATA) + Flexible internal storage options (dual NVMe M.2 / SATADOM)

  • Expansion: Up to 6 standard PCIe 4.0 expansion slots + 2 AIOM for OCP 3.0 NIC; Up to 2 FHFL DW GPUs or 6 LP GPUs

  • Building block solution for different applications and environment

  • 1200W Titanium level redundant PWS

Efficient and Cost-Effective
  • Cost optimized for large volume deployment

  • Tool-less mechanical design for rapid deployment

  • Hot-swap storage and PWS for easy maintenance.

  • IPMI, serial port and service tag for easy management

Compact
  • Compact system design makes no waste of internal space

  • < 650mm chassis depth

  • Fully utilized system resource with 12 NVMe, 4 PCIe 4.0 x16 + 2 PCIe 4.0 x8 expansion

Secure
  • Security is top priority

  • TPM 1.2/2.0, signed firmware, Silicon Root of Trust

  • Secure Boot, System Erase

  • FIPS Compliance, Trusted Execution Environment

Application Ready
  • Balanced architecture between CPUs and optimized for scalable compute, database, GPU, tiered storage and I/O intensive applications

  • Cost and performance optimized down to component level

  • Support open standards like OpenBMC and OCP 3.0

We Keep it Green
  • Optimized thermal design

  • High efficiency Titanium level PWS (AC/DC)

  • Reduced waste with bulk packaging and customizable accessories

Note
Note

A sample bill of materials, in the Chapter 9, Appendix, cites the necessary quantites of all components, along with a reference to the minimum resource requirements needed by the software components.