Simplified Network

Cluster Creation/Deletion: From the perspective of service sharing and isolation, multiple types of container clusters can be created, and the nodes of the container clusters support the form of VMs or bare metals.

Cluster Scale-In/Out: Supports scale-up of cluster management node specification and horizontal expansion/reduction (scale in/out) of cluster working nodes.

Cluster Maintenance: Supports cluster version upgrade management for major versions (cross-kubernetes versions) and minor versions. Supports the replacement of faulty nodes in the cluster.

Supports native core binding, enhanced core binding, and huge pages to better meet the high-performance computing requirements of services.

CPU Score-Level Requests: You can apply for non-integer CPUs, and configure exclusive CPUs and shared CPUs for containers at the same time to meet high service performance requirements and improve resource usage.

CPU Exclusive: The specified CPUs are used independently to prevent host processes from preempting resources and meet the requirements of high-performance service scenarios.

CPU Topology: The CPU topology transparently transmits container applications to meet the multi-thread binding requirements.

Exclusive Use of Level-Pod CPUs: Specifies the range of CPUs used by the Pod to prevent Pod preemption outside the group and meet the isolation requirements of resource groups.

NUMA Affinity: NUMA affinity of CPUs and NIC VFs meets the requirements of high-performance scenarios.

Interrupt Kernel Binding: Flexibly controls kernel binding to meet the requirements for node performance optimization.

Huge Page: Huge pages can be configured by node, and can be dynamically configured to be easier to use and more flexible.

Makes unified management of GPU configurations, performance statistics, status monitoring and alarms, and topology display.

Multi-tenant applications are deployed on the same node without affecting service performance, improving resource utilization.

Provides persistent service data storage for containerized applications based on K8S CSI, supports local and block PVCs, and supports dynamic storage class provisioning.

Enhances the native Kubernetes network, supports multiple network planes, and provides multiple Pods of multiple networks based on the multus multi-plug-in mechanism. The default plug-in is cilium, the extended plane supports plug-ins such as ipvlan, sriov, ovs, dpdk, and hostnic, and both the extended plane and the default plane (default) support high-performance networkPolicy (including Pod-level and namespace-level) based on ebpf. It supports carrier-class QoS control and IPv4&IPv6 dual stacks. SRIOV and DPDK are used to improve forwarding performance. Applications can use SRIOV/DPDK in non-privileged mode to improve network performance.

1. System Reliability

Controller (Main Control Node) HA: The main control node supports 3-group and 9-controller HA to avoid single-point failures.

Backup and Restoration: Platform management data can be backed up and restored.

Supporting NTP Jump Protection: When the clock source changes greatly, the system stops synchronizing time with the clock source.

2. Node Reliability

Node HA: The cluster monitoring module monitors the Node status. If the node is faulty, the cluster monitoring module resets the node, restarts the node, and adds the node to the container cloud cluster.

Volume Disconnection: This function realizes monitoring of the BM CaaS POD volume disconnection/recovery. When CIE POD volume is disconnected/recovered, policy based notification is implemented.

Network Port Fault Protection: The bond interface can report alarms when faults occur, and supports automatic switchover.

3. Application Reliability

Pod HA: The platform monitors the operational status of PODs based on the Kubernetes Replication Controller function to ensure the proper operation of the PODs. Supports self-healing and probes.

The security technology requirements for containers are designed to check and monitor the security in the system development, deployment, and operation phases. The CSA STAR meets the standards, supports the security hardening capabilities of CIS benchmarks and mainstream manufacturers, and meets the requirements of the EU GDPR privacy protection standard.

Comprehensive Monitoring of Resource Objects: Covers infrastructure objects such as k8s resources, nodes, network interfaces, and storage.

Construction based on the Cloud-Native O&M Technology Stack: The excellent technology stacks Prometheus and fluentbit in the cloud-native O&M field are used to build the system. The architecture is open but not closed.

Perfect O&M Capabilities: Based on the summarized O&M data, the platform provides unified O&M capabilities at all layers, including performance query and task creation, alarm/log configuration and query, visual dashboard and resource view, and preventive maintenance/one-click collection.

O&M Portal: Provides a unified portal to meet the routine O&M requirements of system management and common tenants through permission-based and domain-based management.

Northbound O&M Interface: Provides various rest/snmp/syslog/ftp interfaces and supports interconnection with third-party systems.

Lossless Upgrade of the Container Platform: End-to-end automatic lossless upgrade is supported. The PODs of APPs are upgraded in batches in accordance with the service affinity. During the upgrade process, services are not affected.