MKEx reference architecture¶
MKEx is an integrated stack, with MKE container orchestration, or MCR container engines, in a productized configuration that is delivered on a minimal version of RHEL-compatible, ostree-based Rocky Linux.
You can deploy MKEx configurations on either bare metal or virtual machines, from an ISO image that is assembled and validated by Mirantis. The image is available online, as well as in file form for air-gapped installation.
Mirantis Kubernetes Engine (MKE)¶
The MKE product documentation provides full detail on the MKE Reference Architecture.
ostree-based Rocky Linux¶
Mirantis, in conjunction with our partner CIQ, built an ostree-based Rocky Linux operating system with Mirantis Container Runtime (MCR) and Mirantis Kubernetes Engine (MKE), to provide users with an immutable, atomic upgrade/rollback, versioning stack that offers a high degree of predictability and resiliency.
The sshd is disabled by default. System administrators can enable it to access the node, though, and disable it prior to installing the OS. With sshd disabled, users will be unable to access the nodes, and will thus have to use Mirantis-provided debug Pods to troubleshoot MKE clusters.
Mirantis has configured rotating logs (100M) by default cat
/etc/docker/daemon.json, and system administrators can change the value as
necessary.
To keep the footprint small and secure, only the required Linux packages are installed. System administrators can add custom packages or set specific kernel parameters through Ansible, or any other IaC software. Note, though, that the ansible-pull command is installed by default, to enable the use of Ansible outside of sshd.
Note
To ensure that the image is consistent, users should contact Mirantis support and request the inclusion of specific packages in the ISO image.