Skip to main content

Ankra Produced Kubernetes Clusters

With the orchestration of cloud resources complete, a robust infrastructure is now ready to support the deployment of our Kubernetes and container layers. Ankra enhances native Kubernetes tools with its proprietary automation, simplifying usage and providing out-of-the-box solutions to streamline cluster management for Day 2 Operations and beyond. To read more about how the orchestration works before kubernetes, read here

Architecture

The diagram presents a managed Kubernetes cluster infrastructure orchestrated by Ankra's platform, with the following components: archiect

  • Kubernetes Cluster: The overarching managed environment for container orchestration.
  • Operation System Automation: Ankra automates the operating system tasks necessary for Kubernetes, likely including security patches and performance optimisations.
  • Kubernetes Automation: Ankra also automates the Kubernetes-related operations, such as cluster scaling, self-healing, and updates.
  • Control Plane: Managed by Ankra, it consists of multiple instances for redundancy and high availability.
  • Worker Nodes: These are the machines that run the containers and execute the application workloads.
  • External KubeAPI LoadBalancer: This load balancer ensures that API requests are evenly distributed to the control plane nodes.
  • Kubernetes Ingress: This component manages external access to the cluster services, routing traffic to the appropriate services.

Observability

Ankra offers a web interface and API that deliver real-time insights into your Kubernetes cluster, eliminating the need for reverse tunnels or complex command-line parsing. Post CI/CD deployment, Ankra Observability steps in to provide live data and metrics, allowing you to measure the impact of CI/CD processes and make informed decisions.

Ankra Provisioning

Ankra Kubernetes offers an authentic, on-demand Kubernetes experience, built live upon execution. We eschew pre-packaged Kubernetes binaries that may harbor shared secrets or outdated information. Instead, Ankra ensures a freshly-built Kubernetes at runtime, providing a standard, unmodified cluster complemented by the simplicity and reliability of Ankra's automated setup and maintenance tools. This hands-on approach grants Kubernetes administrators complete control for custom configurations and compliance with regulatory standards.

Add-ons

To accelerate your Kubernetes deployment, Ankra facilitates the integration of general-purpose applications, mitigating the complexity of configuration and production deployment. We are rapidly expanding this list. If you feel that there is an add-on not covered here then we would enjoy to hear from you and what matters to you.

The following add-ons are currently supported:

  • Prometheus: A time-series database to store all metrics.
    • Alert Manager: Monitors metrics and triggers alerts for any unhealthy signs.
  • Grafana: Provides data visualisation tools for better insight.
  • Nginx-Ingress-Controller: Manages external access to the services in a cluster, typically HTTP.
  • EBS-CSI-Provider: Automates the provisioning of AWS EBS volumes for your applications.
  • Cert-Manager: Automates the management and issuance of TLS certificates. # Architecture

Access

Ankra employs an automated system that configures authentication for the Kubernetes cluster. This process involves:

  • Generating and managing private keys and certificates for secure communication within the cluster jumphost's.
  • Creating and distributing kubeconfig files to users, which contain the necessary credentials and endpoints to interact with the Kubernetes API.
  • Providing these credentials through Ankra's platform's UI or API, enabling users to securely access the cluster without directly managing the underlying authentication mechanisms.

Through its UI or API, Ankra allows users to securely obtain their clusters kubeconfig files, which include the necessary context, cluster, and user details. Ankra also provides a private key for authenticating to the cluster to the jumphost. instructions and personalised commands are provided under the access tab in a cluster from Ankra's Platform. This streamlines the process of setting up kubectl, the Kubernetes command-line tool, on a user's local machine, allowing them to interact with the cluster without manual configuration.

Provisioning jobs

To get a fully working production grade Kubernetes running on our robust infrastructure, Ankra performs the following jobs:

Operating System

  • Operating System Auditing
  • Operating System Hardening
  • Operating System Kubernetes Configuration
  • Operating System CRIO/Containerd installation

Kubernetes

  • Kubernetes Install & Configure Control-Plane
  • Kubernetes Install & Configure Work-Nodes
  • Kubernetes Integrate Ankra Authentication
  • Install & enable Flannel/Calico
  • Install Ankra Tunnelling Agent - This agent allows Ankra to provide observability and Day 2 operations with clusters behind a NAT Gateway, no ports exposed.
  • Install Addons
  • Configure Service Monitoring's