Starting with version 26, the D2000 system supports containerization on the Kubernetes (K8s) platform.
This document contains a basic overview of features and functionality.
Overview
The containerized D2000 has the following features:
- Each D2000 process has a separate image and is run as a separate pod. It can be started, shut down, restarted, and updated independently using K8s tools.
- The D2000 installation is located in the /opt/d2000 directory.
- The D2000 Server process and its associated processes (CLC, EVH, EDS, ARC, ...) have a shared disk space mapped:
- The D2000 installation configuration files are located in the /config/d2000 directory (instance.properties, ConsolesInfo.txt, LicenceRun.code files). This directory is published in the environment variable D2000_HOME.
- The D2000 application configuration files are located in the application directory /opt/d2000/app/<appname> (application.properties, client.properties files).
- The log directory is located in the installation directory (/opt/d2000/log).
- The configuration, logging, and archive databases are on PostgreSQL database servers located outside the Kubernetes environment. Pods with D2000 Server and D2000 Archiv processes have configured ODBC connections to the respective databases (configuration file /config/odbc/odbc.ini published in the environment variable ODBCINI).
Note: To prevent TCP connections between D2000 processes and PostgreSQL database servers from being disconnected, it is necessary to set non-zero KeepaliveTime and KeepaliveInterval parameters in the ODBC connection configurations in the configuration file /config/odbc/odbc.ini, the recommended value is 60 seconds:
KeepaliveTime = 60
KeepaliveInterval = 60 - The D2000 Server, D2000 Kom, and D2000 Web server processes have the appropriate capabilities set (access to privileged network ports, raw sockets, or special files [serial ports]) using the capabilities setting (in the configuration YAML files and in the supplied container images).
- Licensing: In the K8s environment, an external License Server is used (it can be a public Ipesoft license server or a license server in the customer's infrastructure that uses a Nitrokey USB key).
Note: It is theoretically possible to use a containerized License Server that would run as a pod on a dedicated node and have access to a Nitrokey USB key connected to that node; this functionality is not yet supported.
Reference implementation
The reference implementation includes a redundant (2-node) D2000 application.
In the K8s environment, two D2000 Server processes (A, B) are running, with an anti-affinity configuration to ensure that they do not run on the same node. Within the application, all necessary processes are run as separate pods, with an affinity configuration to ensure that they run on the same node as the corresponding D2000 Server.
The redundant application has two D2000 Archiv processes, operating as instances (active and passive) and connecting to the active (HOT) D2000 Server process. Using the affinity configuration, it is achieved that instance 1 runs on a node with D2000 Server A, instance 2 on a node with D2000 Server B.
The D2000 CfgSynchroAuto utility is automatically run by the D2000 Server process when connecting the second D2000 Server process to redundancy, to synchronize the configuration databases.
The D2000 Arcsynchro utility is automatically run by the corresponding instance of the D2000 Archiv process at startup to patch a hole in its archive database.
Configuration YAML files are generated using Help Chart files.
Network transfers
The following ports are allowed in the Kubernetes cluster environment by default:
- TCP ports 3119 (mapped to TCP ports of D2000 Server processes): access of D2000 clients (D2000 HI, D2000 CNF, D2000 GrEditor, D2000 System Console).
- UDP ports 3119 (mapped to UDP ports of D2000 Server processes): communication between D2000 System Console and D2000 Server processes using unicasts (multicasts do not work in the K8s environment).
Note: Setting "externalTrafficPolicy: Local" in the YAML configuration files of D2000 Server processes will cause UDP packets from the external environment (from D2000 System Console) to have their source IP addresses preserved, and therefore, the response from the D2000 Server process can be sent to the correct (external) IP address.
Note: The IP addresses of the D2000 Server processes must be configured in the Windows registry and specified to the D2000 System Console process using the /RF or /S startup parameters, and the redundant group name and kernel name must match. The IP addresses must be specified not as private K8s, but as external ones that are available to processes outside the K8s environment.
Example: starting D2000 System Console: sysconsole.exe /RFk8s_dev
Definition of the redundant group k8s_dev in the registry:Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Ipesoft\D2000V70\Redundancy]
[HKEY_LOCAL_MACHINE\SOFTWARE\Ipesoft\D2000V70\Redundancy\k8s_dev]
[HKEY_LOCAL_MACHINE\SOFTWARE\Ipesoft\D2000V70\Redundancy\k8s_dev\Kernel_1]
"IpAddr1"="192.168.253.82"
"Name"="a"
[HKEY_LOCAL_MACHINE\SOFTWARE\Ipesoft\D2000V70\Redundancy\k8s_dev\Kernel_2]
"IpAddr1"="192.168.253.83"
"Name"="b"
Redundant group displayed in the D2000 System Console (external IP addresses from the redundant group configuration are displayed, not the internal 10.x.y.z IP addresses assigned to individual Pods).
Note: In order for the D2000 System Console to be able to display the console window of processes, it is necessary to disable the Establish direct TCP/IP connection for remote console viewing item in the Settings menu, so that console information goes through the D2000 Server process and its open TCP port 3119.
The following ports are allowed to the external environment by default:
- TCP port 5432: D2000 Server process access to the configuration and monitoring database, D2000 Archiv process access to the archive database.
- Access to license servers. If public license servers are used, it is necessary to allow access to TCP ports 443 to the lic-v2-a.ipesoft.com and lic-v2-b.ipesoft.com servers.
Pridať komentár