By using the following components, you can create the necessary infrastructure and services:
- Multicluster management server: SUSE Rancher
- Kubernetes platform: K3s
- Linux operating system: SUSE Linux Enterprise Micro
SUSE Rancher
SUSE Rancher is a Kubernetes-native multicluster container management platform. It addresses the challenges that are described in Business challenges by delivering several key functions, as shown in the following figure:
Figure 1. SUSE Rancher component overview
Certified Kubernetes distribution
SUSE Rancher supports management of any CNCF-certified Kubernetes distribution for:
- Development, edge, and branch workloads as well as SUSE offerings such as K3s, a CNCF-certified lightweight distribution of Kubernetes
- Workload infrastructures—on-premises or public-cloud based SUSE offerings such as RKE or RKE2 as CNCF-certified Kubernetes distributions for both bare-metal and virtualized servers
- Public-cloud hosted Kubernetes services:
- Amazon Elastic Kubernetes Service (EKS1)
- Azure Kubernetes Service (AKS2)
- Google Kubernetes Engine (GKE3)
What SUSE Rancher provides
The main features that SUSE Rancher offers are:
- Simplified cluster operations and infrastructure management: SUSE Rancher provides simple, consistent cluster operations including provisioning and templates, configuration, and life-cycle version management along with visibility and diagnostics.
- Security and authentication: SUSE Rancher uses existing directory services to automate processes and apply consistent identity and access management (IAM) plus security policies for all the managed clusters, no matter where they are running.
- Policy enforcement and governance: SUSE Rancher includes audit and security guideline enforcement, monitoring, and logging functions along with user, network, and workload policies that are distributed across all managed clusters.
- Platform services: SUSE Rancher provides a rich catalog of services for building, deploying, and scaling containerized applications, including application packaging, logging, monitoring, and service mesh.
For more information, see Managed Kubernetes Cluster Operations.
Tip: For a production SUSE Rancher implementation, deployment on a Kubernetes platform is required. The following sections of this guide describe the suggested approach to component layering. To verify that each component is supported by SUSE, see the SUSE Rancher Support Matrix.
Kubernetes platform: K3s
K3s, the most popular Kubernetes distribution for use in low-resource, distributed edge locations, is packaged as a single binary file of approximately 50 MB. Bundled in that single binary file is everything that you need to run Kubernetes anywhere, including low-powered IoT and Edge-based devices. The binary file includes:
- The container run-time
- Important host utilities such as iptables, socat, and du
The only operating system dependencies are the Linux kernel itself and dev, proc, and sysfs mounts (the dependencies are fully integrated in all modern Linux distributions). K3s takes the following Kubernetes components:
- kube-apiserver
- kube-controller-manager
- kube-scheduler
- kubelet
- kube-proxy
and bundles them into combined processes that are presented as a simple server and agent model, as shown in the following figure:
Figure 2. K3s overview
K3s can run as a complete cluster on a single node or be expanded into a multinode cluster. Besides the core Kubernetes components, the K3s bundle includes:
- containerd
- Flannel
- CoreDNS
- Ingress controller
- A simple host port-based service load balancer
With these components, you have a fully functional and CNCF-conformant cluster so that you can start running apps right away. K3s is now a CNCF sandbox project, the first Kubernetes distribution ever to be adopted into sandbox.
Note: All these components are optional and can be swapped out in your implementation.
For more information about K3s, see Lightweight certified Kubernetes with Rancher.
SUSE Linux Enterprise Micro combines the assurance of enterprise-grade security and compliance with the immutability and portability of a modern, lightweight operating system. The top features that SUSE Linux Enterprise Micro offers are:
- Immutable operating system design: The design of the operating system ensures that it is not altered during run-time and runs reliably every time. Security-signed and verified transactional updates are easy to roll back if things go wrong.
- Security and compliance: Fully open source and built using open standards, SUSE Linux Enterprise Micro uses the SUSE Linux Enterprise common code base to provide FIPS 140-2, DISA SRG/STIG, integration with CIS and Common Criteria certified configurations. It includes a fully supported security framework (SELinux) with policies. For more information, see SUSE Security.
- Architectural flexibility: Both ARM and X86-64 architectures are supported, so you can deploy edge applications with confidence across multiple architectures.
- Kubernetes-ready: You can combine SUSE Linux Enterprise Micro with the latest cloud-native technologies including SUSE Rancher, RKE, Rancher Kubernetes Engine 2 (RKE2), Longhorn persistent block storage, and K3s for a reliable infrastructure platform that is easy to use and comes with best-in-class compliance. Further, SUSE’s flexible subscription model ensures enterprise assurance for any edge, embedded, or IoT deployment without vendor lock-in.
Download a free evaluation copy of SUSE Linux Enterprise Micro from the SUSE Linux Enterprise Micro page on the SUSE website. If your organization has a subscription, you can obtain both the installation media and updates for SUSE Linux Enterprise Micro from the SUSE Customer Center.