CKE

CKE is a distributed service that automates Kubernetes cluster management.

Project Status: Testing for production.

Requirements

CKE requirements

• etcd
• Vault

Node OS Requirements

• Docker

  Data in Docker volumes must persist between reboots.

• A user who belongs to docker group

• SSH access for the user

Features

• Bootstrapping and life-cycle management.

  CKE can bootstrap a Kubernetes and etcd cluster from scratch. CKE can also add or remove nodes to/from the Kubernetes and etcd cluster.

• Managed etcd cluster

  CKE manages an etcd cluster for Kubernetes. Other applications may also store their data in the same etcd cluster. Backups of etcd data are automatically taken by CKE.

  Details are described in docs/etcd.md.

• CRI runtimes

  In addition to Docker, CRI runtimes such as containerd or cri-o can be used to run Kubernetes Pods.

• Kubernetes features:

  • HA control plane.
  • RBAC is enabled.
  • Ready for PodSecurityPolicy
  • Ready for API aggregation.
  • Secret data are encrypted at rest.
  • CNI network plugins.
  • CoreDNS add-on.
  • Node-local DNS cache services.
  • Nodes can be registered with Taints.
  • Preparation of Scheduler extender.

• User-defined resources:

  CKE automatically creates or updates Kubernetes API resources such as Deployments, Namespaces, or CronJobs that are defined by users. This feature helps users to automate Kubernetes cluster maintenance.

• Sabakan integration

  CKE can be integrated with sabakan, a service that automates physical server management, to generate cluster configuration automatically.

  Sabakan is not a requirement; cluster configuration can be supplied externally by a YAML file.

• High availability

  CKE stores its configurations in etcd to share them among multiple instances. Etcd is also used to elect a leader instance that exclusively controls the Kubernetes cluster.

• Operation logs

  To track problems and life-cycle events, CKE keeps operation logs in etcd.

Programs

This repository contains these programs:

• cke: the service.
• ckecli: CLI tool for cke.

To see their usage, run them with -h option.

Documentation

docs directory contains tutorials and specifications.

Usage

Run CKE with docker

$ docker run -d --read-only \
    --network host --name cke \
    quay.io/cybozu/cke:1.14 [options...]

Install ckecli to host file system

$ docker run --rm -u root:root \
    --entrypoint /usr/local/cke/install-tools \
    --mount type=bind,src=DIR,target=/host \
    quay.io/cybozu/cke:1.14

License

CKE is licensed under MIT license.