This diagram depicts the physical Kubernetes architecture within HPE Ezmeral Container Platform.
Local workstations are used to:
- Access the web interface.
- Directly access service endpoints running on containers via the Gateway host(s) in
the format
<gateway_ip>:<port>, where<gateway_ip>is the IP address of a Gateway host and<port>is the mapped port of the service endpoint. For example, assume that a Kubernetes container is running a service endpoint that can be accessed remotely, and that the Gateway host has an IP address of192.168.100.150. If the Gateway host has mapped the service endpoint running on the Kubernetes container to Port12345, then you can access that endpoint by navigating to192.169.100.150:12345. Gateway hosts can also offer load-balanced access to multiple instances of the same service endpoint within a cluster. See Gateway Hosts and Load Balancing. - Access the REST API.
- Access Kubernetes clusters using Kubeconfig and Kubectl.
The Platform Control Plane consists of:
-
Either one, three, or five Controller hosts. See Controller, Gateway, and Worker Hosts.
The Controller host(s) authenticate users via the authentication proxy, using either the internal database or an LDAP/AD server. See User Authentication. The Authenticating Proxy consists of:
- A server-side application that receives API requests from clients (usually from the
kubectltool) and (if they are properly authenticated) adds one or more groups to the request. The authenticating proxy then forwards the request to thekube-apiserverpod, and forwards any responses to the request back to the user. - A client-side
kubectlplugin.
The Control Plane handles the installation, configuration, upgrade, and monitoring of Kubernetes hosts, clusters, and tenants.