Functions

UCS Clusters

UCS supports unified management of clusters across clouds and regions. The following types of clusters are supported:

• Huawei Cloud clusters: Huawei Cloud CCE standard and Turbo clusters
• On-premises clusters: Kubernetes clusters that are provisioned by UCS but running on your on-premises data center, such as UCS on Bare Metal and UCS on VMware
• Attached clusters: Third-party Kubernetes clusters that comply with Cloud Native Computing Foundation (CNCF) standards, such as AWS EKS clusters, Google Cloud GKE clusters, and self-managed Kubernetes clusters

Fleets

A fleet contains multiple clusters. You can use fleets to classify associated clusters. You can also use a fleet for the unified management of multiple clusters, including permissions management, security policy configuration, configuration management, and multi-cluster orchestration. For more information, see Fleets.

Cluster Federation

Cluster federation is a multi-cloud container orchestration capability provided by Karmada. Cluster federation aims to manage multi-cluster applications in cross-cloud and cross-region scenarios, with features such as unified multi-cluster management, application deployment, service discovery, and auto scaling. For more information, see Cluster Federation.

Figure 1 Cluster federation architecture

Image Repositories

UCS integrates Huawei Cloud SoftWare Repository for Containers (SWR), which provides easy, secure, and reliable management over container images throughout their lifecycles, facilitating the deployment of containerized applications.

SWR allows you to securely host and efficiently distribute images on the cloud to smoothly run your services in containers. You do not need to build or maintain image repositories. For more information, see Image Repositories.

Permission Management

UCS permissions management allows you to grant permissions to IAM users and user groups under your tenant accounts. UCS combines the advantages of IAM and Kubernetes RBAC to provide a variety of authorization methods, including IAM fine-grained and token authorization and cluster-, fleet-, cluster namespace–, and fleet namespace–level authorization. For more information, see UCS Permissions.

Figure 2 Permission design

Policy Center

Ensuring the consistency of configuration and security policies is challenging and is important to O&M efficiency. To solve this problem, UCS provides the policy center function implemented by the Gatekeeper based on the Open Policy Agent (OPA). This function helps you define and execute consistent policies in multiple clusters and unify the compliance status of resources.

You can create, manage, and monitor the implementation of policies across multiple clusters (fleets). In this way, you can ensure that all clusters comply with the same security and compliance requirements, thereby improving O&M efficiency. This centralized policy management makes it easier for you to cope with complex enterprise environments while ensuring that all resources are in compliance at any time, achieving higher O&M efficiency and stronger security. For more information, see Policy Center.

Configuration Management

GitOps is a deployment template that uses the Git repository to manage applications. The Git repository is the only source for deploying applications in Kubernetes clusters to achieve continuous application deployment and multi-cluster GitOps delivery, meeting requirements such as high-availability application deployment and distribution of system components across clusters. GitOps assumes that each infrastructure is represented as a file in a storage system with versioning functions, and there is an automated process that seamlessly synchronizes modified applications to the operating environment.

This idea can be better implemented based on declarative APIs and control loops in the Kubernetes ecosystem. This system builds on declarative specifications leading to eventual convergence and consistency. For details, see Configuration Management.

Traffic Distribution

UCS distributes requests globally according to user locations and service policies across clouds and clusters, implementing intelligent traffic distribution and scheduling. It also schedules application access traffic across domains in real time on demand.

With Domain Name Service (DNS), user requests to the same domain name can be responded to by different backend clusters, according to the users' carrier and region. Such traffic splitting reduces the latency in cross-domain and cross-network access. For more information, see Traffic Distribution.

Figure 3 Traffic management diagram

Container Intelligent Analysis

Container Intelligent Analysis (CIA) is a next-generation O&M platform for cloud native containers. It monitors applications and resources in real time, collects metrics and events to analyze application health, and visualizes multi-dimensional data. Compatible with mainstream open-source components, it supports quick fault locating. For more information, see Intelligent Container Analysis.

Container Migration

The container migration service of Huawei Cloud UCS provides you with a reliable, secure, flexible, and efficient migration solution. Huawei Cloud UCS allows you to migrate cloud native applications from Kubernetes clusters in your on-premises data center or of another cloud provider to the Kubernetes clusters managed by Huawei Cloud UCS. In this way, you can implement unified O&M for less expensive and more efficient management.

Migrating applications from one environment to another is a challenging task, so you need to plan and prepare carefully. For more information, see Container Migration.

Pipeline

CodeArts Pipeline provides automated release management from building to rollout for UCS fleets in multi-cloud scenarios. It helps you develop an overall, agile, and efficient application delivery solution.

Using pipelines to release fleets makes it easier to release applications across clouds in a scenario where public, private, and edge clouds coexist. For more information, see Pipeline.

Figure 4 Pipeline release process