What is Sangfor Kubernetes Engine?
Sangfor Kubernetes Engine (SKE) is a container management platform based on Kubernetes. Integrated with Sangfor HCI and managed through Sangfor Cloud Platform (SCP), it provides a unified solution for running and managing containers and virtual machines with ease, reliability, and security.
SKE Architecture
SKE Use Cases
Deploy New Containerized Applications
Sangfor Kubernetes Engine (SKE) is the perfect solution for organizations aiming to deploy containerized applications. It offers a powerful and scalable platform to run, manage, and expand containerized workloads with efficiency and reliability.
Run and Manage Containers & VMs Together
Sangfor Kubernetes Engine (SKE) provides a unified platform for businesses to efficiently run and manage both containerized applications and virtual machine workloads. This integration ensures a seamless, streamlined, and highly efficient IT environment.
Transition to a Microservices Architecture
Sangfor Kubernetes Engine (SKE) is an ideal solution for organizations shifting to a microservices architecture. It simplifies the deployment and management of microservices, allowing each service to be independently scaled and updated for greater agility and efficiency.
SKE Features and Capabilities
Unified Management
Containers and virtual machines will continue to coexist in enterprise infrastructure, making separate management inefficient. By integrating Sangfor Kubernetes Engine (SKE) with Sangfor HCI, users gain unified management for both containers and virtual machines. This includes centralized control over accounts, permissions, monitoring, and alerts, enhancing overall operational efficiency.
Automated Deployment of K8s Clusters
Setting up a Kubernetes (K8s) cluster traditionally requires executing multiple backend operations and numerous commands, making it a complex and error-prone process.
With Sangfor Kubernetes Engine (SKE), users can effortlessly create a production-ready Kubernetes cluster in just a few steps—typically within 15 minutes. This streamlined approach eliminates the need for manual OS installation and configuration, enabling rapid deployment of business applications.
Out-of-the-Box Production-Ready Components
Sangfor Kubernetes Engine (SKE) comes with a rich set of pre-built components, offering out-of-the-box functionality for seamless application deployment and comprehensive visualized monitoring. This enables quick onboarding of business workloads with stable runtime operations.
For efficient troubleshooting, SKE provides multiple log types. Additionally, it includes a built-in high-performance load balancing solution, simplifying ongoing maintenance and ensuring optimized performance.
High Availability & Reliability
Kubernetes alone lacks effective mechanisms to detect suboptimal health in underlying physical or virtual machines, leading to potential reliability risks.
Sangfor Kubernetes Engine (SKE) enhances reliability by leveraging Sangfor HCI’s High Availability (HA) features, including sub-health monitoring and the Distributed Resource Scheduler (DRS). These mechanisms prevent applications from running on unhealthy nodes, ensuring stable business operations. Additionally, cluster node host exclusion enforces a mutual exclusion policy, prioritizing the distribution of Kubernetes cluster nodes across different physical hosts for improved fault tolerance.
Comprehensive Security
Sangfor Kubernetes Engine (SKE) ensures robust security for Kubernetes clusters by integrating Sangfor HCI’s advanced security features, security policies, and operating system hardening techniques, including automated patching.
For cluster nodes, SKE automatically enforces distributed firewall policies, blocking high-risk ports while allowing necessary ones through a whitelisting approach.
As Kubernetes environments grow, misconfigurations can introduce security vulnerabilities. To mitigate this, SKE includes built-in admission policies to regulate application deployments and audit logs to quickly detect and trace high-risk configurations. For non-compliant actions, the system provides remediation options, such as allowing with auditing or blocking unauthorized changes.
Seamless Integration with Distributed Storage
Cloud-native applications require persistent storage for various types of data, including business data, cache data, logs, and other critical information that must be retained over time.
With Sangfor Kubernetes Engine (SKE), cloud-native applications can directly leverage the distributed storage of Sangfor HCI without the need for additional storage resource pools. This integration delivers high-performance, enterprise-grade storage with enhanced reliability while significantly reducing the Total Cost of Ownership (TCO).
The solution is designed to support high-performance workloads, such as containerized database deployments, ensuring seamless storage access and operational efficiency.
SKE Network Architecture on HCI
The Sangfor Kubernetes Engine (SKE) network is hosted on a virtual network, ensuring seamless and efficient communication between pods across physical hosts. This is achieved through the integration of the Container Network Interface (CNI) and the use of both virtual and physical network links.
To enhance network performance, SKE leverages Cilium’s BPF (Berkeley Packet Filter) mode, which minimizes the need for user-space network packet processing, significantly reducing latency. With zero-copy, direct in-kernel packet processing, SKE delivers performance speeds comparable to those of the Data Plane Development Kit (DPDK), optimizing network efficiency for high-demand workloads.
Container Network Traffic Visualization
The transition to a cloud-native architecture has significantly increased the number of microservices, leading to more complex internal access relationships and traffic flows. This complexity makes it challenging to identify necessary ports for business operations, complicating security management and access control.
SKE resolves this challenge by providing real-time visualization of access relationships for cloud-native applications. This enhances problem identification and troubleshooting efficiency, allowing businesses to quickly assess container network conditions. Additionally, it helps identify exposed service details, such as protocols and ports, enabling better security protection and control.