HKE Add-ons Services

Overview

This guide provides detailed information on how to integrate and utilize some of the various HKE add-ons such as Ambassador, Cilium, CloudNativePG, InAccel, and Falco within your HostSpace Kubernetes Engine (HKE) environment. Each of these applications can be deployed using HKE to enhance your API management, networking, database management, compute acceleration, and security capabilities.

Ambassador Service Integration with HKE

Overview: Ambassador is an open-source, Kubernetes-native API Gateway designed for managing microservices. It leverages the Envoy Proxy to provide dynamic routing, observability, and security features.

Primary Functions:

  • API Gateway: Manage and route API traffic within your Kubernetes environment.

  • Service Mesh Integration: Seamlessly integrate with service meshes like Istio.

  • Security: Enforce authentication and authorization policies.

  • Monitoring and Observability: Collect and visualize metrics and logs.

Key Features:

  • Dynamic Routing: Easily configure routing rules for your services.

  • Authentication: Support for various authentication mechanisms including OAuth and JWT.

  • Rate Limiting: Control API usage and prevent abuse.

  • TLS Termination: Secure traffic with SSL/TLS termination.

  • Custom Plugins: Extend functionality with custom plugins.

Use Cases:

  • Microservices Management: Efficiently route traffic between microservices.

  • API Management: Control access and usage of your APIs.

  • Service Mesh: Enhance observability and security within a service mesh.

Official Documentation: Ambassador Documentation

Cilium Service Integration with HKE

Overview: Cilium is an open-source project providing networking, security, and observability for cloud-native environments using eBPF technology.

Primary Functions:

  • Networking: High-performance networking for Kubernetes clusters.

  • Security: Fine-grained security policies for microservices.

  • Observability: Deep visibility into network traffic and application behavior.

Key Features:

  • eBPF-based: Leverages eBPF for efficient packet processing.

  • Identity-aware Security: Enforce security policies based on service identity.

  • Transparent Encryption: Encrypt traffic transparently between services.

  • Network Policies: Define and enforce network policies within Kubernetes.

  • Hubble Integration: Use Hubble for detailed observability and troubleshooting.

Use Cases:

  • Secure Networking: Protect communications between microservices.

  • Network Troubleshooting: Gain insights into network traffic and troubleshoot issues.

  • Performance Monitoring: Monitor and optimize network performance.

Official Documentation: Cilium Documentation

CloudNativePG Service Integration with HKE

Overview: CloudNativePG is an open-source operator for managing PostgreSQL databases on Kubernetes, providing high availability, automated backups, and monitoring.

Primary Functions:

  • Database Management: Automate the deployment and management of PostgreSQL clusters.

  • High Availability: Ensure database availability with automated failover and recovery.

  • Backup and Restore: Schedule regular backups and perform point-in-time recovery.

  • Monitoring: Integrate with Prometheus and Grafana for database monitoring.

Key Features:

  • Cluster Management: Easily deploy and manage PostgreSQL clusters.

  • Automated Failover: Automatic failover to standby instances.

  • Scalability: Scale PostgreSQL clusters horizontally.

  • Data Protection: Automated backup and restore functionalities.

  • Observability: Monitor database performance with built-in metrics.

Use Cases:

  • High Availability: Ensure continuous database availability.

  • Backup and Recovery: Protect data with automated backups and recovery options.

  • Database Monitoring: Gain insights into database performance and health.

Official Documentation: CloudNativePG Documentation

InAccel Service Integration with HKE

Overview: InAccel provides FPGA (Field Programmable Gate Array) acceleration for cloud-native applications, enhancing performance for compute-intensive tasks by offloading them to FPGAs.

Primary Functions:

  • FPGA Management: Manage FPGA resources within your Kubernetes environment.

  • Compute Acceleration: Accelerate compute-intensive workloads using FPGAs.

  • Resource Allocation: Efficiently allocate FPGA resources to applications.

Key Features:

  • Kubernetes Integration: Seamlessly manage FPGAs within Kubernetes.

  • Performance Boost: Significant performance improvements for specific workloads.

  • Flexibility: Support for various FPGA types and configurations.

  • Ease of Use: Simplify FPGA resource management with Kubernetes operators.

Use Cases:

  • High-Performance Computing: Enhance performance for HPC applications.

  • Data Processing: Accelerate data processing tasks like machine learning and analytics.

  • Scientific Computing: Improve efficiency for scientific and research workloads.

Official Documentation: InAccel Documentation

Falco Service Integration with HKE

Overview: Falco is an open-source runtime security tool that detects and alerts on anomalous activity within your containers and hosts. It provides real-time security monitoring and intrusion detection.

Primary Functions:

  • Runtime Security: Monitor and detect security threats in real-time.

  • Anomaly Detection: Identify suspicious activity and policy violations.

  • Alerting: Send alerts to notify administrators of potential security incidents.

Key Features:

  • Custom Rules: Define custom rules to detect specific security threats.

  • Kubernetes Integration: Monitor Kubernetes clusters for security issues.

  • Syscall Monitoring: Track system calls to detect malicious behavior.

  • Event Logging: Log and analyze security events for forensic purposes.

Use Cases:

  • Container Security: Protect containerized applications from threats.

  • Intrusion Detection: Detect unauthorized access and activities.

  • Compliance Monitoring: Ensure compliance with security policies and regulations.

Official Documentation: Falco Documentation


Last updated