Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 2 months ago.
Improve this question
Can somebody explain the difference in tooling between Crossplane and Cluster API from the perspective of a managed kubernetes platform provision ?
https://github.com/kubernetes-sigs/cluster-api
I was using crossplane for sometime to create k8s clusters and recently got to know that Cluster API is also having the same capability to provision k8s clusters.
Cluster API
Cluster API is one of the projects in CNCF that you can use the create and manage the Kubernetes clusters. it's more like Kubeadm, kind, k3s, minikube(not for prod usecase) with YAML config & CLI.
You can create the YAML file and provision the Kubernetes cluster and manage it with that. There are different providers(AWS, AKS, GCP) available so you can use a provider-set service account or Access key secret and once you apply YAML to cluster API it will create a K8s cluster based on config and provider.
So with this, you can manage multiple Kubernetes clusters.
With cluster API YAML config you can create/manage K8s cluster on AWS, GCP, On-prem etc.
Crossplane
Consider crossplane as a deployment or service you are running on Kubernetes first.
You pass YAML config to cross-plane service based on rules it will create/manage the resources outside on cloud providers. It will also create/Manage the RDS, CloudSQL instances, Kubernetes clusters and other resources that the cloud provider supports.
It has also concept of provider(AWS, GCP, AKS)
Crossplane uses Kubernetes as the underlying platform to expose these features and workflows to manage cloud infrastructure outside of Kubernetes, such as data centers, the cloud or the edge. It installs a set of components called providers by extending Kubernetes to manage resources from cloud providers
Cluster API is a Kubernetes project to bring declarative, Kubernetes-style APIs to cluster creation, configuration, and management.
Kubernetes container orchestration technology has swept the enterprise world, with 75% of organizations running containers in production soon (most orchestrated by Kubernetes). Kubernetes delivers a cloud-native platform for application delivery, runtime, and scaling. While these are huge benefits for scale out applications, providing all these capabilities comes at the expense of the complexity of the platform itself. These complexities can be categorized as
Complex and heavyweight lifecycle management: significant time and resources needed to provision, upgrade, and maintain the control planes of clusters. Each cloud has a different set of IaaS primitives that need to be cobbled together to make a “cluster”.
Intricate and involved integrations for basic components such as storage, networking, security, and others.
Blockquote
Difficult and not always consistent multi-cluster management and operations.
Cluster API
Provisioning Kubernetes clusters is never an easy task. When there are 1000+ clusters, definitely want to have a standardized approach to ease tasks. Some of might know tools like kOps, Kubespray. Imagine Cluster API as their alternative solution, but more powerful!
According to the official page, "Cluster API is a Kubernetes sub-project focused on providing declarative APIs and tooling to simplify provisioning, upgrading, and operating multiple Kubernetes clusters."
Here are some highlighted points of Cluster API:
Pure YAML-based. Kubernetes style. Super handy.
Support any mainstream infrastructure provider. Provision your Kubernetes clusters in cloud/on-premise environments in the same place.
Managed Kubernetes services support. AWS EKS, Azure AKS, GCP GKE all are supported.
Bring your own infrastructure. Reuse existing infrastructures. Focus on provisioning Kubernetes clusters.
Crossplane
Crossplane uses Kubernetes as the underlying platform to expose these features and workflows to manage cloud infrastructure outside of Kubernetes, such as data centers, the cloud, or the edge.
It installs a set of components called providers by extending Kubernetes to manage resources from cloud providers. Providers build on the Kubernetes API, along with the custom resources and controllers, and expose declarative APIs to manage cloud provider resources.
Crossplane is geared toward platform teams and operators looking to build abstractions and easier-to-consume infrastructure components based on an organization's needs. It has a few concepts, such as CompositeResourceDefinition and Composition, that enable teams to extend and build on top of the default resources exposed for a cloud provider.
First of all lets understand what is Crossplane and what is Cluster API
Cluster API
Cluster API is a Kubernetes sub-project focused on providing declarative APIs and tooling to simplify provisioning, upgrading, and operating multiple Kubernetes clusters.
Provide declarative APIs
Give the tools to simplify provisioning, upgrading and operating multiple clusters
Helps to manage the lifecycle (create, scale, upgrade, destroy) of Kubernetes-conformant cluster (uses a declarative API)
Give you the ability to work on different environments (on-premisses and cloud)
Can find this and more about kubernets cluster api at https://cluster-api.sigs.k8s.io/
Crossplane
Crossplane is a framework for building cloud native control planes without needing to write code. It has a highly extensible backend that enables you to build a control plane that can orchestrate applications and infrastructure no matter where they run, and a highly configurable frontend that puts you in control of the schema of the declarative API it offers.
I've found a few interesting posts about Crossplane vs Kubernetes API's
https://blog.crossplane.io/crossplane-vs-cloud-infrastructure-addons/
https://www.infracloud.io/blogs/cluster-provisioning-using-crossplane/
Its not much but hope this helps
I have a question about giving access to k8s cluster. For example, new member joined our team. He created certificatesigningrequest and I approved it. Then created kubeconfig and give it to him to access our cluster. One day if he leave our team how can remove his access? I want he can not access to our cluster with this kubeconfig.
Imho you should use an external authentication provider. You can take a look at https://dexidp.io/docs/kubernetes/ which is an abstraction layer to other IDaaS-Providers like Azure, Google, Github and many more. For example, if your company uses Active Directory, you can control the access to the cluster using group memberships, where withdrawing access is then part of the company-wide leaver process.
Wanted to check if we can achieve clustering (active-active) for WSO2 APIM deployed on 2 nodes (all profiles on both nodes)?
You can.
You have to share databases and mount registry between 2 servers.
Also you need to enable clustering between them.
To share synapse configuration files (of APIs), you needs enable deployment synchronizing between 2 servers too. When you configure publishers, it should be configured so that both publishers publish to a single gateway (i.e. one specific node). And dep sync (or something like rSync) should do the synapse file syncing between 2 servers.
Yes, you can. You will need to front the two nodes with a load balancer, enable registry mounting, share the databases etc. You can refer the below document for more details on how to cluster the APIM nodes.
https://docs.wso2.com/display/CLUSTER44x/Clustering+API+Manager+2.0.0
This is more of a high level question. But say you have a large number of applications, many of them distributed (server/clusters) and they share configuration parameter.
What is a good way to store this application specific configuration (preferable in a central place) without relying on a single point of failure.
For configuration I mean things like "database server addresses", "web services endpoint", "Logging file name" and even why not some business related constants and parameter.
Some of this parameter could eventually be changed at runtime so the application needs to be able to also query dynamically these parameters.
I can think of an application storing the configuration at a local file (forget about the format) or a central database to store the same.
But I would like to ask the community if there are standards for handling configuration of multiple distributed systems.
Thanks.
Apache ZooKeeper is a centralized service for maintaining configuration information, naming, providing distributed synchronization, and providing group services.
I am working with silverlight project that is consuming domain services. Actually i find that quite messy as one domain service class and metadata. I have already worked with Wcf services and found them very easy to update and handle. But domain service's modification (as new field or tables are added) is really a pain.
I want to know why people prefer domain services over silverlight enabled Wcf services? I mean advantages or disadvantages of both and performance implication
After goggling i found this are things you should see :
To authenticate users faster in the domain
To authenticate resources(gps etc) faster for the users
Utilization of resources
Utilization of network and descreasing the overall traffic in the
network.
The main benefit is that of the users and passwords management, which
could grow to be massive amount of work having to manage them
individually on each independent servers. The proposed changes of
migrating the whole platform to Active Directory environment will
assist in propagating the changes (such as new users, password
changes, new security requirements via GPO, etc) on to the servers
(which will run as domain clients, only 1 or 2 will run Primary and
Secondary ADC. Not all these servers are going to run host AD or be
an ADC, server OS is used due to it's robustness and reliability).
disadvantage
cost of infrastructure
good planning is must
Complex structure for user