Skip to main content

Kubernetes

Kubernetes, also known as K8s, is an open-source system for automating deployment, scaling, and management of containerized applications.

It groups containers that make up an application into logical units for easy management and discovery. Kubernetes builds upon 15 years of experience of running production workloads at Google, combined with best-of-breed ideas and practices from the community.

ApplicationExternally AccessibleDescription
https://pgadmin.rizing.devNoPostgres pgadmin client
https://rizing.devYesRizing developer guide
https://apps.rizing.devYesApps launchpad
https://uptime.rizing.devYesApp Uptime dashboard
https://registry.rizing.devYesRizing's private container registry
https://echo-server.rizing.devYesSimple echo server
https://omni.rizing.devYesOmni testing site
https://arcgis.rizing.devYesArcGIS Portal and server
https://draw.rizing.devYesSimple vector drawing canvas
https://identity.rizing.devYesKeycloak identity server

If an application is NOT marked as "externally accessible" then you must be on the Rizing VPN to access it.

Tech Stack

LogoNameDescription
AnsibleAutomate bare metal provisioning and configuration
FluxCDGitOps tool built to deploy workloads and applications to Kubernetes
cert-managerCloud native certificate management
CloudflareDNS and Tunnel
DockerEphermeral PXE server and convenient tools container
GrafanaOperational dashboards
HelmThe package manager for Kubernetes
K3sLightweight distribution of Kubernetes
KubernetesContainer-orchestration system, the backbone of this project
LokiLog aggregation system
LonghornCloud native distributed block storage for Kubernetes
MetalLBBare metal load-balancer for Kubernetes
NginxKubernetes Ingress Controller
PrometheusSystems monitoring and alerting toolkit
RenovateAutomatically update dependencies
Docker RegistryPrivate container registry

Clusters

All major cluster manifests are defined and maintained in a Rizing gitops monorepository on ADO. The monorepo contains definitions for workloads (base manifests) which are shared across various clusters. Each cluster is then see the README.md in the root of the repository for more details.

Current major clusters:

ClusterPrimary DomainPublish BranchDescription
on-prem staginghttps://rizing.xyzstagingStaging cluster for the production on-premises cluster, used to test out changes before applying to production
on-prem productionhttps://rizing.devproductionOn-premises cluster housing the majority of internal Rizing tools
cloud-products productionhttps://rizing.appproductionProduction cluster housing Rizing's SaaS products.
cloud-operations productionhttps://rizing.cloudproductionProduction cluster housing utilities to support other clusters (Harbor registry, MinIO, etc.)

Currently cluster changes are deployed when a change is made the cluster's "publishing branch" (see table above and diagram below).

GitOps branch publishing workflow

Cluster resources

diagram source

On-prem Production Cluster

IP addresses

IP AddressDescription
23.111.141.181External static IP address into the on-premise environment
10.3.81.160Internal load balanced K3s service IP (MetalLB)
10.3.81.159Kube-vip load balanced virtual IP used for control plain HA
10.3.81.160-1165Available (MetalLB) load balancer service IPs

Cluster Nodes

NodeIPRole
kd3-110.3.81.151Control plane
kd3-210.3.81.152Control plane
kd3-310.3.81.153Control plane
kd3-410.3.81.154Worker 1

Cluster Overview

Overview diagram

diagram source

Domains

The on-prem Kubernetes cluster has a wildcard domain setup for *.rizing.dev. The wildcard domains are registered with Rizing's GoDaddy account but DNS is setup and managed through Cloudflare.

Dynamic External Domains

The following domains have dynamic wildcard DNS routing in place which will route all matching domains to the Kubernetes cluster.

warning

This means that you should ONLY assign an ingress host that matches one of these patterns if you want the application to be exposed externally. Once the ingress is setup, the URI will be instantly available externally (no additional DNS setup is necessary).

  • *.preview.rizing.dev ➙ on-premise PRD cluster (10.3.81.160)
  • *.development.rizing.dev ➙ on-premise PRD cluster (10.3.81.160)
  • *.staging.rizing.dev ➙ on-premise PRD cluster (10.3.81.160)
  • *.production.rizing.dev ➙ on-premise PRD cluster (10.3.81.160)

On-prem Staging Cluster

IP addresses

IP AddressDescription
23.111.141.181External static IP address into the on-premise environment
10.3.81.160Internal load balanced K3s service IP (MetalLB)
10.3.81.159Kube-vip load balanced virtual IP used for control plain HA
10.3.81.160-1165Available (MetalLB) load balancer service IPs

Cluster Nodes

NodeIPRole
kd3-dev-110.3.81.155Control plane
kd3-dev-210.3.81.156Control plane
kd3-dev-310.3.81.157Worker 1

Cluster Overview

Overview diagram

diagram source

Domains

The on-prem staging cluster has a wildcard domain setup for *.rizing.xyz. The wildcard domains are registered with Rizing's GoDaddy account but DNS is setup and managed through Cloudflare.

External Domains

This cluster does not have any external DNS routing in place. All requests to this cluster/domain need to be made while on the RIZINGIO domain (VPN).

Cloud-products Production Cluster

The cloud-products cluster is deployed in Azure Kubernetes Services (AKS) environment and houses Rizing's SaaS product offerings.

IP addresses

IP AddressDescription
51.8.40.167External static IP address into the cloud-products cluster

Cluster Nodes

The cluster node count changes based on workload.

Domains

The cloud-products Kubernetes cluster has a wildcard domain setup for *.rizing.app. The wildcard domains are registered with Rizing's GoDaddy account but DNS is setup and managed through Cloudflare.

Dynamic External Domains

The following domains have dynamic wildcard DNS routing in place which will route all matching domains to the Kubernetes cluster.

warning

This means that you should ONLY assign an ingress host that matches one of these patterns if you want the application to be exposed externally. Once the ingress is setup, the URI will be instantly available externally (no additional DNS setup is necessary).

  • *.rizing.app ➙ cloud-products cluster (51.8.40.167)

Cloud-operations Production Cluster

The cloud-operations cluster is deployed in Azure Kubernetes Services (AKS) environment and houses utility apps/services to support various production Kubernetes needs - such as storing and replicating database backups and providing a container registry (with storage and replication capability).

IP addresses

IP AddressDescription
48.216.129.165External static IP address into the cloud-operations cluster

Cluster Nodes

The cluster node count changes based on workload.

Domains

The cloud-operations Kubernetes cluster has a wildcard domain setup for *.rizing.app. The wildcard domains are registered with Rizing's GoDaddy account but DNS is setup and managed through Cloudflare.

Dynamic External Domains

The following domains have dynamic wildcard DNS routing in place which will route all matching domains to the Kubernetes cluster.

warning

This means that you should ONLY assign an ingress host that matches one of these patterns if you want the application to be exposed externally. Once the ingress is setup, the URI will be instantly available externally (no additional DNS setup is necessary).

  • *.rizing.cloud ➙ cloud-operations cluster (48.216.129.165)

Pull Requests

One major benefit of the Dev/Test Kubernetes cluster (with dynamic wildcard DNS) is the ability to create "sandboxed" preview deployments for every PR.

PR workflow

diagram source

The Pull Request workflow is achieved by having a single/authoritative source of truth - which is the Kubernetes deployment manifests (gitops) repository. This repository represents the state of deployments within the cluster and the deployments will automatically adjust anytime the repository changes (using FluxCD).

CI/CD Manifests

diagram source

Resources

Tools