Architecture

Edit

Separation of frontend and backend

KubeSphere separates frontend from backend, and it itself is a cloud native application and provides open standard REST APIs for external systems to use. Please see API documentation for details. The following figure is the system architecture. KubeSphere can run anywhere from on-premise datacenter to any cloud to edge. In addition, it can be deployed on any Kubernetes distribution.

Architecture

Components List

Back-end componentFunction description
ks-accountAccount service provides APIs for account and role management
ks-apiserverThe KubeSphere API server validates and configures data for the API objects which include Kubernetes objects. The API Server services REST operations and provides the frontend to the cluster’s shared state through which all other components interact.
ks-apigatewayThe API gateway is responsible for handling external requests for KubeSphere services.
ks-consoleKubeSphere console offers KubeSphere console service
ks-controller-managerKubeSphere controller takes care of business logic, for example, when create a workspace, the controller will automatically create corresponding permissions and configurations for it.
metrics-serverKubernetes monitoring component collects metrics from Kubelet on each node.
Prometheusprovides monitoring metrics and services of clusters, nodes, workloads, API objects.
Elasticsearchprovides log indexing, querying and data management. Besides the built-in service, KubeSphere supports the integration of external Elasticsearch service.
Fluent Bitcollects logs and forwarding them to ElasticSearch or Kafka.
Jenkinsprovides CI/CD pipeline service.
SonarQubeis an optional component that provides code static checking and quality analysis.
Source-to-Imageautomatically compiles and packages source code into Docker image.
Istioprovides microservice governance and traffic control, such as grayscale release, canary release, circuit break, traffic mirroring and so on.
Jaegercollects sidecar data and provides distributed tracing service.
OpenPitrixprovides application lifecycle management such as template management, deployment, app store management, etc.
Alertprovides configurable alert service for cluster, workload, Pod, and container etc.
Notificationis an integrated notification service; it currently supports mail delivery method.
Rediscaches the data of ks-console and ks-account.
MySQLis the shared database for cluster back-end components including monitoring, alarm, DevOps, OpenPitrix etc.
PostgreSQLSonarQube and Harbor’s back-end database
OpenLDAPis responsible for centralized storage and management of user account and integrates with external LDAP server.
Storagebuilt-in CSI plug-in collecting cloud platform storage services. It supports open source NFS/Ceph/Gluster client.
Networksupports Calico/Flannel and other open source network plug-ins to integrate with cloud platform SDN.

Service Components

Each component has many services, see Service Components for more details.

Service Components