AKE 1.4.0

Deploying Arcfra Kubernetes Engine>
Before deployment

Planning addons for the workload cluster

For the management clusters, Calico CNI, AVE CSI, and log addons are installed by default without any planning required. Workload clusters support addons such as CNI, CSI, monitoring, log, external load balancers, and Ingress. You can plan according to your actual business needs. Different types of workload clusters support different combinations of CNI and CSI addons.

For more information about various addons, refer to Cluster addons.

VM-based workload cluster

VM-based workload clusters support two types of CNI and two types of CSI addons, which can be freely combined with each other. Different combinations correspond to different network preparations, so it is recommended that you confirm the addon combination in advance and make the necessary network preparations.

Taking the network topology below as an example, the four workload clusters use four different combinations.

Workload cluster A1: Calico CNI and AVE CSI addons are enabled.
Workload cluster B: AIC CNI and AVE CSI addons are enabled.
Workload cluster C1: Calico CNI and ABS CSI addons are enabled.
Workload cluster C2: AIC CNI and ABS CSI addons are enabled.

Note:

Before using the AIC CNI addon, the ACOS cluster where the workload cluster using this addon is located must be associated with the ANS service. When using the AIC CNI addon, AIC does not support configuring the externalTrafficPolicy attribute for services, nor does it support the IPVS mode of kube-proxy.

Physical-machine-based workload cluster

For CNI addons, only Calico CNI is supported. For CSI addons, you can use the ABS CSI addon. If you choose not to use this addon, you may use alternative methods, such as configuring local disks on physical machines as the storage backend after the cluster is created, or installing a third-party CSI addon to support various Kubernetes volume types.

Cluster addons

AKE supports the installation of the following addons for the Kubernetes clusters. You can also install other similar applications as needed.

CNI (Container Network Interface)

Addon name and version Description Scenario

Calico CNI (3.26.4) Calico is an open-source network solution for container intercommunication. It leverages the BGP protocol to exchange routing information between nodes and encapsulates container traffic using IP in IP or VXLAN modes, offering reliability, flexibility, and compatibility with other networking solutions. It is suitable for various scenarios and is a stable, feature-rich, and widely used CNI.

AIC CNI (1.2.3)

Addon name and version	Description	Scenario
Calico CNI (3.26.4)	Calico is an open-source network solution for container intercommunication. It leverages the BGP protocol to exchange routing information between nodes and encapsulates container traffic using IP in IP or VXLAN modes, offering reliability, flexibility, and compatibility with other networking solutions.	It is suitable for various scenarios and is a stable, feature-rich, and widely used CNI.
AIC CNI (1.2.3)	AIC (Arcfra Integrated CNI) is a CNI provided by Arcfra based on ANS. AIC can fully leverage the synergy between AKE service and ACOS, integrating container networks with ACOS virtualization networks, achieving unified management of container and virtualization networks. It also supports creating network policies for Kubernetes pods to control network access between pods.	Suitable for the following scenarios: Requires unified management of Kubernetes and VM networks, and creation of unified security access control policies. Simplicity of container networking is preferred over technical knowledge of BGP, Overlay, and other networking technologies. Note: Using the AIC CNI is not recommended for scenarios where an Ingress controller exposed outside the cluster via NodePort or LoadBalancer is used to access an Nginx service deployed in the cluster, and the access frequency is low. In addition, AIC CNI does not support configuring the `externalTrafficPolicy` attribute for services, nor does it support the `IPVS` mode of kube-proxy.

AIC (Arcfra Integrated CNI) is a CNI provided by Arcfra based on ANS.

AIC can fully leverage the synergy between AKE service and ACOS, integrating container networks with ACOS virtualization networks, achieving unified management of container and virtualization networks. It also supports creating network policies for Kubernetes pods to control network access between pods.

Suitable for the following scenarios:

Requires unified management of Kubernetes and VM networks, and creation of unified security access control policies.
Simplicity of container networking is preferred over technical knowledge of BGP, Overlay, and other networking technologies.

Note:

Using the AIC CNI is not recommended for scenarios where an Ingress controller exposed outside the cluster via NodePort or LoadBalancer is used to access an Nginx service deployed in the cluster, and the access frequency is low.

In addition, AIC CNI does not support configuring the externalTrafficPolicy attribute for services, nor does it support the IPVS mode of kube-proxy.

CSI (Container Storage Interface)

Addon name and version	Description	Scenario
AVE CSI (1.0.5)	AVE CSI is a CSI driver independently developed by Arcfra. Each Kubernetes persistent volume corresponds to a virtual volume mounted on the virtual machine, and the persistent volumes created using AVE CSI can benefit from performance advantages such as data locality. It supports online volume expansion, volume snapshots, provisioning volumes from snapshots, and volume cloning operations. It is easy to use and does not require additional configurations. It supports mounting up to 60 persistent volumes per node.	It is suitable for scenarios with performance requirements and no excessive demands on the number of persistent volumes mounted per node.
ABS CSI (2.8.0)	ABS CSI is a CSI driver independently developed by Arcfra. It mounts iSCSI LUNs from the Arcfra block storage service to the node virtual machines through the storage network, and provides them as persistent volumes for Kubernetes pods. It supports mounting up to 128 persistent volumes per node, and also supports online volume expansion, volume snapshots, provisioning volumes from snapshots, volume cloning, and volume identity authentication. When using it, you need to configure an additional dedicated NIC for each node and assign an IP address to each NIC.	It is suitable for scenarios with certain requirements on the number of persistent volumes mounted per node.

Addon name and version

Description

Scenario

AVE CSI (1.0.5)

AVE CSI is a CSI driver independently developed by Arcfra. Each Kubernetes persistent volume corresponds to a virtual volume mounted on the virtual machine, and the persistent volumes created using AVE CSI can benefit from performance advantages such as data locality.

It supports online volume expansion, volume snapshots, provisioning volumes from snapshots, and volume cloning operations. It is easy to use and does not require additional configurations.

It supports mounting up to 60 persistent volumes per node.

It is suitable for scenarios with performance requirements and no excessive demands on the number of persistent volumes mounted per node.

ABS CSI (2.8.0)

ABS CSI is a CSI driver independently developed by Arcfra. It mounts iSCSI LUNs from the Arcfra block storage service to the node virtual machines through the storage network, and provides them as persistent volumes for Kubernetes pods.

It supports mounting up to 128 persistent volumes per node, and also supports online volume expansion, volume snapshots, provisioning volumes from snapshots, volume cloning, and volume identity authentication.

When using it, you need to configure an additional dedicated NIC for each node and assign an IP address to each NIC.

It is suitable for scenarios with certain requirements on the number of persistent volumes mounted per node.

Node group autoscaling

Addon name and version	Description
Cluster Autoscaler (1.26.8-sks.1)	Cluster Autoscaler supports automatic adjustment of the number of nodes in a Kubernetes cluster. It automatically increases the number of nodes when pods cannot run in the cluster due to resource constraints, and decreases the number of nodes when nodes are underutilized for a long time.

Addon name and version

Description

Cluster Autoscaler (1.26.8-sks.1)

Cluster Autoscaler supports automatic adjustment of the number of nodes in a Kubernetes cluster.

It automatically increases the number of nodes when pods cannot run in the cluster due to resource constraints, and decreases the number of nodes when nodes are underutilized for a long time.

GPU

Addon name and version	Description
NVIDIA GPU Operator (23.6.2-sks.1)	The NVIDIA GPU Operator is an open-source tool provided by NVIDIA for simplifying the management and configuration of NVIDIA GPU devices for Kubernetes clusters.

Monitoring

Addon name and version	Description
kube-prometheus (0.13.0-r2)	Kube-prometheus is a collection project that integrates common Kubernetes monitoring manifests, Grafana dashboards, Prometheus rules, as well as documentation and scripts. It uses Prometheus Operator and Prometheus to provide easy-to-operate, end-to-end monitoring for Kubernetes clusters. Prometheus is an open-source monitoring and alerting tool used for collecting, storing, and querying performance data of applications and systems to ensure system reliability and stability.
obs-monitoring-agent (1.4.0)	Used together with kube-prometheus, it collects monitoring data provided by Prometheus and sends it to Arcfra observability service.

Addon name and version

Description

kube-prometheus (0.13.0-r2)

Kube-prometheus is a collection project that integrates common Kubernetes monitoring manifests, Grafana dashboards, Prometheus rules, as well as documentation and scripts. It uses Prometheus Operator and Prometheus to provide easy-to-operate, end-to-end monitoring for Kubernetes clusters.

Prometheus is an open-source monitoring and alerting tool used for collecting, storing, and querying performance data of applications and systems to ensure system reliability and stability.

obs-monitoring-agent (1.4.0)

Used together with kube-prometheus, it collects monitoring data provided by Prometheus and sends it to Arcfra observability service.

Logging

Addon name and version	Description
Elasticsearch (8.11.3-sks.1)	Elasticsearch is a distributed, full-text search engine based on the Lucene library. It is used for real-time storage, search, and analysis of large-scale data.
Fluent Bit (0.46.7)	Fluent Bit is a fast, lightweight, and scalable log data collector and forwarder designed specifically for collecting, processing, and forwarding log data.
Kibana (8.11.3-sks.2)	Kibana is an open-source data visualization platform used for integration with Elasticsearch to perform real-time analysis and visualization of large-scale data.
Elastic Curator (8.0.8)	Elastic Curator is an index lifecycle management tool for Elasticsearch. It is used to automatically delete expired log indices, helping optimize storage space and maintain cluster performance.
Logging Operator (0.3.0-sks.1)	Logging Operator is a Kubernetes-native log pipeline orchestration component that supports configuring and managing Fluent Bit for log collection, filtering, and routing, enabling an efficient log processing workflow.
Event Exporter (1.6.1)	Event Exporter is an open-source tool for collecting Kubernetes cluster events. It can export events to monitoring systems such as Prometheus, helping operators quickly identify cluster anomalies and analyze runtime status.

External load balancer

Addon name and version	Description
MetalLB (0.14.8)	MetalLB is an open-source, Kubernetes-based load balancer used to provide external access capabilities for services within a Kubernetes cluster.

Ingress controller

Addon name and version	Description
Contour (1.27.0-sks.1)	Contour is an open-source Kubernetes Ingress controller that uses Envoy as an edge proxy, leveraging Envoy's high performance and powerful traffic control capabilities to provide highly flexible and scalable Ingress control.

Certificate management

Addon name and version	Description
cert-manager (1.15.4)	cert-manager is an automated certificate management tool used for automatically issuing and managing certificates for Kubernetes applications within a Kubernetes cluster.

Time zone

Addon name and version	Description
k8tz (0.16.0-sks.2)	k8tz is a Kubernetes admission controller and a CLI tool that injects time zone into pods. k8tz can eﬀortlessly standardize the selected time zone across pods and namespaces automatically.

NTP Management

Addon name and version	Description
ntpm (1.1.0-rc15)	ntpm is an Arcfra-developed NTP management tool used for automating the configuration and management of NTP services on operating systems.

Agent

Addon name and version	Description
host-config-agent (0.2.4)	host-config-agent is an Arcfra-developed host configuration agent addon used to receive node configuration tasks and execute them on the node hosts. It is automatically enabled in AKE clusters.
warden (0.2.0)	warden is an Arcfra-developed component for multi-tenant identity authentication in AKE. It is automatically enabled in AKE clusters.

In this article

VM-based workload cluster
Physical-machine-based workload cluster
Cluster addons