Components
Key features and components
1. KubeDNA Doctor - Scaling & Recovery -
KubeDNA Doctor proactively monitors the health of your cluster and reacts to undesirable events, ensuring it maintains the desired state. For instance, if a power outage affects certain VMs, KubeDNA Doctor will create new VMs and reschedule any missing pods. Additionally, it monitors cluster metrics to dynamically scale resources based on demand, ensuring service continuity during peak loads and optimizing resource usage during low-demand periods.
2. Automated Certificate Management
KubeDNA automates SSL/TLS certificate management, including creation, renewal, and configuration, ensuring secure communication within and across clusters without manual intervention.
3. Components and Patching
KubeDNA includes a set of default and optional components to enhance functionality and customization:
3.1 Default components:
* KubeDNA Operator:
Installs and manages all you operators and components that are running inside your cluster to be fully integrated and operational. KubeDNA Operator ensures interoperability between all operators and components by keeping configurations updated.
* KubeDNA Docter:
KubeDNA Docter monitors the cluster. This is a crucial process that is not only reactive but also proactive. This means that continuously keeping an eye on the cluster helps to detect unwanted changes early and respond to them before they escalate into larger issues. By regularly checking the cluster, potential problems can be quickly identified and resolved, which enhances the overall stability and performance of the system.
* Metrics:
Metrics Server collects resource metrics from Kubelets and exposes them in Kubernetes apiserver through Metrics API for use by Horizontal Pod Autoscaler and Vertical Pod Autoscaler.
* Prometheus:
Prometheus is an open-source monitoring and alerting toolkit that integrates seamlessly with Kubernetes. To allow application developers to use Prometheus, KubeDNA offers support for installing the Custom Resource Definition (CRD).
* Nginx-internal:
For internal cluster traffic through a VPN, Nginx serves as an ingress controller, managing secure routing between Kubernetes services. Nginx provides seamless access to internal dashboards like MinIO and RabbitMQ, ensuring secure and efficient operations within the cluster.
* CoreDNS:
CoreDNS is a flexible, extensible, and scalable DNS server that serves as the default DNS provider in Kubernetes clusters. Its primary role is to handle DNS resolution within the cluster, allowing services, pods, and external resources to communicate efficiently using human-readable domain names instead of IP addresses.
3.2. Certificate Management
Cert-manager:
Manages SSL/TLS certificates for secure communications click here if you want to know more.
Cert-manager-CSI:
Adds support for Kubernetes CSI drivers.
Trust-manager:
Maintains certificate trust configurations click here if you want to know more.
3.3. Storage
MinIO Operator:
The MinIO Operator in a Kubernetes cluster provides a simplified way to deploy and manage MinIO, a high-performance, S3-compatible object storage solution. It enables the creation and scaling of distributed MinIO instances within the cluster, ensuring data availability and redundancy. With its integration into Kubernetes, the operator automates tasks like provisioning, configuration, and updates, making it an efficient choice for managing object storage in dynamic, containerized environments.
Storage-class-hetzner:
This is a Container Storage Interface (CSI) driver for Hetzner Cloud, enabling the use of ReadWriteOnce volumes within Kubernetes and other container orchestrators. It provides seamless integration with Hetzner-compatible storage classes, allowing you to provision, connect, and manage Hetzner Volumes effortlessly. Each volume can be dynamically expanded up to 10 TB at any time, ensuring scalability to meet your storage needs.
3.4. Tools
Cluster-secret:
The cluster secret in Kubernetes is a type of secret object that is intended to store sensitive data (such as passwords, tokens, API keys, or certificates) and make it accessible across the entire cluster rather than being limited to a single namespace. Unlike standard secrets, which are scoped to a specific namespace, cluster secrets are typically implemented using custom resource definitions (CRDs) or external tools to provide secure and centralized management of sensitive data for all namespaces in a Kubernetes cluster. This approach ensures consistent access control, encryption, and lifecycle management for secrets at a cluster-wide level.
3.5. Connectivities
Nginx-external:
When handling external communication, Nginx serves as an ingress controller, managing incoming traffic from clients and routing it to the appropriate Kubernetes services. It provides critical features such as SSL termination, load balancing, and security protections like rate limiting and web application firewalls (WAF). Additionally, it optimizes performance for external clients through caching and compression, ensuring fast and secure access to services.
3.6. Databases
Cloud native Postgres (CNPG):
Cloud Native Postgres (CNPG) is designed to bring high availability, scalability, and resilience to PostgreSQL in Kubernetes environments. It monitors the health of PostgreSQL clusters, automatically handles failovers, and ensures minimal downtime during events such as node failures.
3.7. Message brokers
RabbitMQ:
RabbitMQ High Availability (HA) ensures reliable and continuous message brokering in Kubernetes environments. By leveraging clustering and failover mechanisms, RabbitMQ maintains message delivery and processing even during node failures. This setup provides scalability, fault tolerance, and consistent communication for distributed systems.
3.8. Analytics
Open-Telemetry:
OpenTelemetry is an open-source framework for collecting, processing, and exporting telemetry data such as traces, metrics, and logs from applications. It provides a unified set of APIs, libraries, and tools to help developers gain insights into application performance and behavior across distributed systems, enabling better observability and diagnostics.
OpenSearch & OpenSearch-Dashboard:
OpenSearch is an open-source search, analytics, and visualization platform designed for processing and exploring large volumes of data in real time. It supports full-text search, log analytics, and custom data analysis with scalability and flexibility. OpenSearch Dashboards is the visualization and user interface component of the platform, allowing users to interact with their data through intuitive charts, graphs, and dashboards, making it easier to monitor, analyze, and derive insights from their datasets. Together, they provide a powerful solution for search and observability use cases.
3.9. Automated Patching
KubeDNA ensures that all components are automatically patched as new updates or security fixes are released, requiring no manual intervention. This automated patching feature keeps your cluster secure, up-to-date, and compliant with the latest standards.