Overview

Architecture Overview

A single binary is installed and configured on all nodes to participate in the [Kubernetes][io-kubernetes] cluster. Once started, it is then able to bootstrap and supervise role-appropriate agents per node while sourcing needed content from the network.

A number of Open Source technologies are in use to make this all work :

• [K3s][io-k3s]
  • [Helm Controller][gh-helm-controller]
• [K8s][io-kubernetes]
  • [API Server][gh-kube-apiserver]
  • [Controller Manager][gh-kube-controller-manager]
  • [Kubelet][gh-kubelet]
  • [Scheduler][gh-kube-scheduler]
  • [Proxy][gh-kube-proxy]
• [etcd][io-etcd]
• [runc][gh-runc]
• [containerd][io-containerd]/[cri][gh-cri-api]
• [CNI][gh-cni]: [Cilium][io-cilium]
• [CoreDNS][io-coredns]
• [Ingress NGINX Controller][io-ingress-nginx]
• [Metrics Server][gh-metrics-server]
• [Helm][sh-helm]

All of these, except the NGINX Ingress Controller, are compiled and statically linked with Go+BoringCrypto

Embedded Etcd

Using an embedded datastore means leveraging a database that runs within the Kubernetes cluster, typically as a containerized service, e.g. etcd. This option simplifies deployment and could improve performance and security.

Embedded Etcd is the default datastore. It is the only embedded option that allows to deploy RKE2 in HA mode. Unless explicitly unset, one etcd pod will be deployed per RKE2 server and all the etcd instances will maintain a quorum. Deployment includes tools to easily create snapshots when using this datastore as explained in the backup/restore.