| I don't think its documented in any official capacity, but we (sig cluster ops) did generate some visuals that might aid in grokking the topology of Kubernetes as a whole, and we did model this after production-setups. A few things to keep in mind: These maps are service centric, and abstract units as vertical columns in their respective diagrams. Services must be HA to be considered “production ready” Additional concerns that may/may-not be represented here: - TLS Security on all endpoints
- TLS Key Rotation in the event of compromise/upgrade/expiration
- Durable storage backed workloads
- ETCD state snapshots for cluster point-in-time recovery
- User/RBAC - this still needs more info before i can outline it (time limited)
- Network policy for namespace/application isolation (this is an unspoken requirement for many business units) The diagrams: Kubernetes cluster services
https://docs.google.com/drawings/d/1U4GBSg9Sdn7JspoxDyA4qwGM... Kubernetes Binary Services Topology map
https://docs.google.com/drawings/d/10sXtgdelUI3GbWjrYh2z5vhF... Kubernetes Cluster node Maps (3)
https://docs.google.com/drawings/d/1x1PEE0RKvCRnP5JCAjmfbr_7... We left off working on a Network draft diagram, and if you’re interested in contributing/participating in this process, join us in the #sig-cluster-ops slack channel. We meet thursdays (or have, new year schedule dependent) |