RubyGems - kubernetes - Versions diffs - 0.0.1 → 0.0.2 - Mend

kubernetes 0.0.1 → 0.0.2

Files changed (20) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: a0ddd0473607bd2d2156094bac09c6fe20e45c13
-  data.tar.gz: e099266b4c4ab18e148958c6deed8d48bb30fe9b
+  metadata.gz: 539462ebb2116c4c87a9c4b1ae6b37365d31f228
+  data.tar.gz: 6df6c8c7febba33265b4b581c846c92744709d0d
 SHA512:
-  metadata.gz: 2ebc86e727d3aaa8e261aaaf4d3e4c59b4116e221e3ec9fd05072589d8e8224d8303ca050df864f249e6b885fcafc028e98373ac49dda4142bcadcb32162935a
-  data.tar.gz: 478322427cf293073197f582e44f0b12dbb44ef2fcc6891ce4005cc42d65ca9a8864d59dfa05a21b2ad0ea38eb305428ec0c08d8ff655267ca3f76f9fb04034f
+  metadata.gz: 0eedf3fdc292d4387cd983cb92d7a7f5514a8bdc25781937800e9a7a8e2322b2295e5665908c9fa58544064828fa2325eec9c18f693c8b91e8e38e23266fabd9
+  data.tar.gz: 9d8326d0af203cbcc9b3df93030a33e166a49c0c3afa4c8d4a508b2b3fba36cc410636e9876379a561fd9f49dc7f95a46b6a1b163a58df8a1d842e84cfe46e89

data/Makefile ADDED Viewed

@@ -0,0 +1,53 @@
+# Old-skool build tools.
+#
+# Targets (see each target for more information):
+#   all: Build code.
+#   check: Run tests.
+#   test: Run tests.
+#   clean: Clean up.
+OUT_DIR = _output
+GODEPS_PKG_DIR = Godeps/_workspace/pkg
+export GOFLAGS
+# Build code.
+#
+# Args:
+#   WHAT: Directory names to build.  If any of these directories has a 'main'
+#     package, the build will produce executable files under $(OUT_DIR)/go/bin.
+#     If not specified, "everything" will be built.
+#   GOFLAGS: Extra flags to pass to 'go' when building.
+#
+# Example:
+#   make
+#   make all
+#   make all WHAT=cmd/kubelet GOFLAGS=-v
+all:
+	hack/build-go.sh $(WHAT)
+.PHONY: all
+# Build and run tests.
+#
+# Args:
+#   WHAT: Directory names to test.  All *_test.go files under these
+#     directories will be run.  If not specified, "everything" will be tested.
+#   TESTS: Same as WHAT.
+#   GOFLAGS: Extra flags to pass to 'go' when building.
+#
+# Example:
+#   make check
+#   make test
+#   make check WHAT=pkg/kubelet GOFLAGS=-v
+check test:
+	hack/test-go.sh $(WHAT) $(TESTS)
+.PHONY: check test
+# Remove all build artifacts.
+#
+# Example:
+#   make clean
+clean:
+	rm -rf $(OUT_DIR)
+	rm -rf $(GODEPS_PKG_DIR)
+.PHONY: clean

data/docs/access.md ADDED Viewed

@@ -0,0 +1,252 @@
+# K8s Identity and Access Management Sketch
+This document suggests a direction for identity and access management in the Kubernetes system.
+## Background
+High level goals are:
+   - Have a plan for how identity, authentication, and authorization will fit in to the API.
+   - Have a plan for partitioning resources within a cluster between independent organizational units.
+   - Ease integration with existing enterprise and hosted scenarios.
+### Actors
+Each of these can act as normal users or attackers.
+   - External Users: People who are accessing applications running on K8s (e.g. a web site served by webserver running in a container on K8s), but who do not have K8s API access.
+   - K8s Users : People who access the K8s API (e.g. create K8s API objects like Pods)
+   - K8s Project Admins: People who manage access for some K8s Users
+   - K8s Cluster Admins: People who control the machines, networks, or binaries that comprise a K8s cluster.
+   - K8s Admin means K8s Cluster Admins and K8s Project Admins taken together.
+### Threats
+Both intentional attacks and accidental use of privilege are concerns.
+For both cases it may be useful to think about these categories differently:
+  - Application Path - attack by sending network messages from the internet to the IP/port of any application running on K8s.  May exploit weakness in application or misconfiguration of K8s.
+  - K8s API Path - attack by sending network messages to any K8s API endpoint.
+  - Insider Path - attack on K8s system components.  Attacker may have privileged access to networks, machines or K8s software and data.  Software errors in K8s system components and administrator error are some types of threat in this category.
+This document is primarily concerned with K8s API paths, and secondarily with Internal paths.   The Application path also needs to be secure, but is not the focus of this document.
+### Assets to protect
+External User assets:
+   - Personal information like private messages, or images uploaded by External Users
+   - web server logs
+K8s User assets:
+  - External User assets of each K8s User
+  - things private to the K8s app, like:
+    - credentials for accessing other services (docker private repos, storage services, facebook, etc)
+    - SSL certificates for web servers
+    - proprietary data and code
+K8s Cluster assets:
+  - Assets of each K8s User
+  - Machine Certificates or secrets.
+  - The value of K8s cluster computing resources (cpu, memory, etc).
+This document is primarily about protecting K8s User assets and K8s cluster assets from other K8s Users and K8s Project and Cluster Admins.
+### Usage environments
+Cluster in Small organization:
+   - K8s Admins may be the same people as K8s Users.
+   - few K8s Admins.
+    - prefer ease of use to fine-grained access control/precise accounting, etc.
+ - Product requirement that it be easy for potential K8s Cluster Admin to try out setting up a simple cluster.
+Cluster in Large organization:
+   - K8s Admins typically distinct people from K8s Users.  May need to divide K8s Cluster Admin access by roles.
+   - K8s Users need to be protected from each other.
+   - Auditing of K8s User and K8s Admin actions important.
+   - flexible accurate usage accounting and resource controls important.
+   - Lots of automated access to APIs.
+   - Need to integrate with existing enterprise directory, authentication, accounting, auditing, and security policy infrastructure.
+Org-run cluster:
+   - organization that runs K8s master components is same as the org that runs apps on K8s.
+   - Minions may be on-premises VMs or physical machines; Cloud VMs; or a mix.
+Hosted cluster:
+  - Offering K8s API as a service, or offering a Paas or Saas built on K8s
+  - May already offer web services, and need to integrate with existing customer account concept, and existing authentication, accounting, auditing, and security policy infrastructure.
+  - May want to leverage K8s User accounts and accounting to manage their User accounts (not a priority to support this use case.)
+  - Precise and accurate accounting of resources needed.  Resource controls needed for hard limits (Users given limited slice of data) and soft limits (Users can grow up to some limit and then be expanded).
+K8s ecosystem services:
+ - There may be companies that want to offer their existing services (Build, CI, A/B-test, release automation, etc) for use with K8s.  There should be some story for this case.
+Pods configs should be largely portable between Org-run and hosted configurations.
+# Design
+Related discussion:
+- https://github.com/GoogleCloudPlatform/kubernetes/issues/442
+- https://github.com/GoogleCloudPlatform/kubernetes/issues/443
+This doc describes two security profiles:
+  - Simple profile:  like single-user mode.  Make it easy to evaluate K8s without lots of configuring accounts and policies.  Protects from unauthorized users, but does not partition authorized users.
+  - Enterprise profile: Provide mechanisms needed for large numbers of users.  Defence in depth.  Should integrate with existing enterprise security infrastructure.
+K8s distribution should include templates of config, and documentation, for simple and enterprise profiles.  System should be flexible enough for knowledgeable users to create intermediate profiles, but K8s developers should only reason about those two Profiles, not a matrix.
+Features in this doc are divided into "Initial Feature", and "Improvements".   Initial features would be candidates for version 1.00.
+## Identity
+###userAccount
+K8s will have a `userAccount` API object.
+- `userAccount` has a UID which is immutable.  This is used to associate users with objects and to record actions in audit logs.
+- `userAccount` has a name which is a string and human readable and unique among userAccounts.  It is used to refer to users in Policies, to ensure that the Policies are human readable.  It can be changed only when there are no Policy objects or other objects which refer to that name.  An email address is a suggested format for this field.
+- `userAccount` is not related to the unix username of processes in Pods created by that userAccount.
+- `userAccount` API objects can have labels
+The system may associate one or more Authentication Methods with a
+`userAccount` (but they are not formally part of the userAccount object.)
+In a simple deployment, the authentication method for a
+user might be an authentication token which is verified by a K8s server.  In a
+more complex deployment, the authentication might be delegated to
+another system which is trusted by the K8s API to authenticate users, but where
+the authentication details are unknown to K8s.
+Initial Features:
+- there is no superuser `userAccount`
+- `userAccount` objects are statically populated in the K8s API store by reading a config file.  Only a K8s Cluster Admin can do this.
+- `userAccount` can have a default `namespace`.  If API call does not specify a `namespace`, the default `namespace` for that caller is assumed.
+- `userAccount` is global.  A single human with access to multiple namespaces is recommended to only have one userAccount.
+Improvements:
+- Make `userAccount` part of a separate API group from core K8s objects like `pod`.  Facilitates plugging in alternate Access Management.
+Simple Profile:
+   - single `userAccount`, used by all K8s Users and Project Admins.  One access token shared by all.
+Enterprise Profile:
+   - every human user has own `userAccount`.
+   - `userAccount`s have labels that indicate both membership in groups, and ability to act in certain roles.
+   - each service using the API has own `userAccount` too. (e.g. `scheduler`, `repcontroller`)
+   - automated jobs to denormalize the ldap group info into the local system list of users into the K8s userAccount file.
+###Unix accounts
+A `userAccount` is not a Unix user account.  The fact that a pod is started by a `userAccount` does not mean that the processes in that pod's containers run as a Unix user with a corresponding name or identity.
+Initially:
+- The unix accounts available in a container, and used by the processes running in a container are those that are provided by the combination of the base operating system and the Docker manifest.
+- Kubernetes doesn't enforce any relation between `userAccount` and unix accounts.
+Improvements:
+- Kubelet allocates disjoint blocks of root-namespace uids for each container.  This may provide some defense-in-depth against container escapes. (https://github.com/docker/docker/pull/4572)
+- requires docker to integrate user namespace support, and deciding what getpwnam() does for these uids.
+- any features that help users avoid use of privileged containers (https://github.com/GoogleCloudPlatform/kubernetes/issues/391)
+###Namespaces
+K8s will have a have a `namespace` API object.  It is similar to a Google Compute Engine `project`.  It provides a namespace for objects created by a group of people co-operating together, preventing name collisions with non-cooperating groups.  It also serves as a reference point for authorization policies.
+Namespaces are described in [namespace.md](https://github.com/GoogleCloudPlatform/kubernetes/blob/master/docs/namespaces.md),
+or will be once [#1114](https://github.com/GoogleCloudPlatform/kubernetes/pull/1114) is merged.
+In the Enterprise Profile:
+   - a `userAccount` may have permission to access several `namespace`s.
+In the Simple Profile:
+   - There is a single `namespace` used by the single user.
+Namespaces versus userAccount vs Labels:
+- `userAccount`s are intended for audit logging (both name and UID should be logged), and to define who has access to `namespace`s.
+- `labels` (see docs/labels.md) should be used to distinguish pods, users, and other objects that cooperate towards a common goal but are different in some way, such as version, or responsibilities.
+- `namespace`s prevent name collisions between uncoordinated groups of people, and provide a place to attach common policies for co-operating groups of people.
+## Authentication
+Goals for K8s authentication:
+- Include a built-in authentication system with no configuration required to use in single-user mode, and little configuration required to add several user accounts, and no https proxy required.
+- Allow for authentication to be handled by a system external to Kubernetes, to allow integration with existing to enterprise authorization systems.  The kubernetes namespace itself should avoid taking contributions of multiple authorization schemes.  Instead, a trusted proxy in front of the apiserver can be used to authenticate users.
+  - For organizations whose security requirements only allow FIPS compliant implementations (e.g. apache) for authentication.
+  - So the proxy can terminate SSL, and isolate the CA-signed certificate from less trusted, higher-touch APIserver.
+  - For organizations that already have existing SaaS web services (e.g. storage, VMs) and want a common authentication portal.
+- Avoid mixing authentication and authorization, so that authorization policies be centrally managed, and to allow changes in authentication methods without affecting authorization code.
+Initially:
+- Tokens used to authenticate a user.
+- Long lived tokens identify a particular `userAccount`.
+- Administrator utility generates tokens at cluster setup.
+- OAuth2.0 Bearer tokens protocol, http://tools.ietf.org/html/rfc6750
+- No scopes for tokens.  Authorization happens in the API server
+- Tokens dynamically generated by apiserver to identify pods which are making API calls.
+- Tokens checked in a module of the APIserver.
+- Authentication in apiserver can be disabled by flag, to allow testing without authorization enabled, and to allow use of an authenticating proxy.  In this mode, a query parameter or header added by the proxy will identify the caller.
+Improvements:
+- Refresh of tokens.
+- SSH keys to access inside containers.
+To be considered for subsequent versions:
+- Fuller use of OAuth (http://tools.ietf.org/html/rfc6749)
+- Scoped tokens.
+- Tokens that are bound to the channel between the client and the api server
+     - http://www.ietf.org/proceedings/90/slides/slides-90-uta-0.pdf
+     - http://www.browserauth.net
+## Authorization
+K8s authorization should:
+- Allow for a range of maturity levels, from single-user for those test driving the system, to integration with existing to enterprise authorization systems.
+- Allow for centralized management of users and policies.  In some organizations, this will mean that the definition of users and access policies needs to reside on a system other than k8s and encompass other web services (such as a storage service).
+- Allow processes running in K8s Pods to take on identity, and to allow narrow scoping of permissions for those identities in order to limit damage from software faults.
+- Have Authorization Policies exposed as API objects so that a single config file can create or delete Pods, Controllers, Services, and the identities and policies for those Pods and Controllers.
+- Be separate as much as practical from Authentication, to allow Authentication methods to change over time and space, without impacting Authorization policies.
+K8s will implement a relatively simple
+[Attribute-Based Access Control][http://en.wikipedia.org/wiki/Attribute_Based_Access_Control] model.
+The model will be described in more detail in a forthcoming document.  The model
+- Be less complex than XACML
+- Be easily recognizable to those familiar with Amazon IAM Policies.
+- Have a subset/aliases/defaults which allow it to be used in a way comfortable to those users more familiar with Role-Based Access Control.
+Authorization policy is set by creating a set of Policy objects.
+The API Server will be the Enforcement Point for Policy. For each API call that it receives, it will construct the Attributes needed to evaluate the policy (what user is making the call, what resource they are accessing, what they are trying to do that resource, etc) and pass those attribytes to a Decision Point.  The Decision Point code evaluates the Attributes against all the Policies and allows or denys the API call.  The system will be modular enough that the Decision Point code can either be linked into the APIserver binary, or be another service that the apiserver calls for each Decision (with appropriate time-limited caching as needed for performance).
+Policy objects may be applicable only to a single namespace or to all namespaces; K8s Project Admins would be able to create those as needed.  Other Policy objects may be applicable to all namespaces; a K8s Cluster Admin might create those in order to authorize a new type of controller to be used by all namespaces, or to make a K8s User into a K8s Project Admin.)
+## Accounting
+The API should have a `quota` concept (see (https://github.com/GoogleCloudPlatform/kubernetes/issues/442
+).  A quota object relates a namespace (and optionally a label selector) to a maximum quantity of resources that may be used (see resources.md).
+Initially:
+- a `quota` object is immutable.
+- for hosted K8s systems that do billing, Project is recommended level for billing accounts.
+- Every object that consumes resources should have a `namespace` so that Resource usage stats are roll-up-able to `namespace`.
+- K8s Cluster Admin sets quota objects by writing a config file.
+Improvements:
+- allow one namespace to charge the quota for one or more other namespaces.  This would be controlled by a policy which allows changing a billing_namespace= label on an object.
+- allow quota to be set by namespace owners for (namespace x label) combinations (e.g. let "webserver" namespace use 100 cores, but to prevent accidents, don't allow "webserver" namespace and "instance=test" use more than 10 cores.
+- tools to help write consistent quota config files based on number of minions, historical namespace usages, QoS needs, etc.
+- way for K8s Cluster Admin to incrementally adjust Quota objects.
+Simple profile:
+   - a single `namespace` with infinite resource limits.
+Enterprise profile:
+   - multiple namespaces each with their own limits.
+Issues:
+- need for locking or "eventual consistency" when multiple apiserver goroutines are accessing the object store and handling pod creations.
+## Audit Logging
+API actions can be logged.
+Initial implementation:
+- All API calls logged to nginx logs.
+Improvements:
+- API server does logging instead.
+- Policies to drop logging for high rate trusted API calls, or by users performing audit or other sensitive functions.

data/docs/architecture.dia ADDED Viewed

Binary file

data/docs/architecture.svg ADDED Viewed

@@ -0,0 +1,523 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.0//EN" "http://www.w3.org/TR/2001/PR-SVG-20010719/DTD/svg10.dtd">
+<svg width="68cm" height="53cm" viewBox="-55 -75 1348 1045" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
+  <g>
+    <g>
+      <rect style="fill: #ffffff" x="662" y="587.938" width="630" height="381"/>
+      <rect style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #000000" x="662" y="587.938" width="630" height="381"/>
+    </g>
+    <g>
+      <rect style="fill: #ffffff" x="689" y="651.938" width="580" height="292"/>
+      <rect style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #000000" x="689" y="651.938" width="580" height="292"/>
+    </g>
+    <text font-size="12.8" style="fill: #000000;text-anchor:start;font-family:sans-serif;font-style:normal;font-weight:normal" x="687" y="619.938">
+      <tspan x="687" y="619.938">Minion</tspan>
+    </text>
+    <g>
+      <rect style="fill: #ffffff" x="721.2" y="698.938" width="69.6" height="38"/>
+      <rect style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #000000" x="721.2" y="698.938" width="69.6" height="38"/>
+      <text font-size="12.8" style="fill: #000000;text-anchor:middle;font-family:sans-serif;font-style:normal;font-weight:normal" x="756" y="721.838">
+        <tspan x="756" y="721.838">kubelet</tspan>
+      </text>
+    </g>
+    <g>
+      <rect style="fill: #ffffff" x="821.676" y="698.938" width="76.65" height="38"/>
+      <rect style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #000000" x="821.676" y="698.938" width="76.65" height="38"/>
+      <text font-size="12.8" style="fill: #000000;text-anchor:middle;font-family:sans-serif;font-style:normal;font-weight:normal" x="860.001" y="721.838">
+        <tspan x="860.001" y="721.838">cAdvisor</tspan>
+      </text>
+    </g>
+    <text font-size="12.8" style="fill: #000000;text-anchor:start;font-family:sans-serif;font-style:normal;font-weight:normal" x="711" y="675.938">
+      <tspan x="711" y="675.938">docker</tspan>
+    </text>
+    <g>
+      <g>
+        <rect style="fill: #ffffff" x="720.2" y="764.038" width="148" height="133"/>
+        <rect style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #000000" x="720.2" y="764.038" width="148" height="133"/>
+      </g>
+      <g>
+        <rect style="fill: #ffffff" x="760.55" y="834.038" width="89.3" height="38"/>
+        <rect style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #000000" x="760.55" y="834.038" width="89.3" height="38"/>
+        <text font-size="12.8" style="fill: #000000;text-anchor:middle;font-family:sans-serif;font-style:normal;font-weight:normal" x="805.2" y="856.938">
+          <tspan x="805.2" y="856.938">container</tspan>
+        </text>
+      </g>
+      <g>
+        <rect style="fill: #ffffff" x="749.8" y="824.138" width="89.3" height="38"/>
+        <rect style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #000000" x="749.8" y="824.138" width="89.3" height="38"/>
+        <text font-size="12.8" style="fill: #000000;text-anchor:middle;font-family:sans-serif;font-style:normal;font-weight:normal" x="794.45" y="847.038">
+          <tspan x="794.45" y="847.038">container</tspan>
+        </text>
+      </g>
+      <g>
+        <rect style="fill: #ffffff" x="739.4" y="814.238" width="89.3" height="38"/>
+        <rect style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #000000" x="739.4" y="814.238" width="89.3" height="38"/>
+        <text font-size="12.8" style="fill: #000000;text-anchor:middle;font-family:sans-serif;font-style:normal;font-weight:normal" x="784.05" y="837.138">
+          <tspan x="784.05" y="837.138">container</tspan>
+        </text>
+      </g>
+      <text font-size="12.8" style="fill: #000000;text-anchor:start;font-family:sans-serif;font-style:normal;font-weight:normal" x="794.2" y="830.538">
+        <tspan x="794.2" y="830.538"></tspan>
+      </text>
+      <text font-size="12.8" style="fill: #000000;text-anchor:start;font-family:sans-serif;font-style:normal;font-weight:normal" x="742.2" y="790.538">
+        <tspan x="742.2" y="790.538">Pod</tspan>
+      </text>
+    </g>
+    <g>
+      <g>
+        <rect style="fill: #ffffff" x="1085.6" y="764.038" width="148" height="133"/>
+        <rect style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #000000" x="1085.6" y="764.038" width="148" height="133"/>
+      </g>
+      <g>
+        <rect style="fill: #ffffff" x="1125.95" y="834.038" width="89.3" height="38"/>
+        <rect style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #000000" x="1125.95" y="834.038" width="89.3" height="38"/>
+        <text font-size="12.8" style="fill: #000000;text-anchor:middle;font-family:sans-serif;font-style:normal;font-weight:normal" x="1170.6" y="856.938">
+          <tspan x="1170.6" y="856.938">container</tspan>
+        </text>
+      </g>
+      <g>
+        <rect style="fill: #ffffff" x="1115.2" y="824.138" width="89.3" height="38"/>
+        <rect style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #000000" x="1115.2" y="824.138" width="89.3" height="38"/>
+        <text font-size="12.8" style="fill: #000000;text-anchor:middle;font-family:sans-serif;font-style:normal;font-weight:normal" x="1159.85" y="847.038">
+          <tspan x="1159.85" y="847.038">container</tspan>
+        </text>
+      </g>
+      <g>
+        <rect style="fill: #ffffff" x="1104.8" y="814.238" width="89.3" height="38"/>
+        <rect style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #000000" x="1104.8" y="814.238" width="89.3" height="38"/>
+        <text font-size="12.8" style="fill: #000000;text-anchor:middle;font-family:sans-serif;font-style:normal;font-weight:normal" x="1149.45" y="837.138">
+          <tspan x="1149.45" y="837.138">container</tspan>
+        </text>
+      </g>
+      <text font-size="12.8" style="fill: #000000;text-anchor:start;font-family:sans-serif;font-style:normal;font-weight:normal" x="1159.6" y="830.538">
+        <tspan x="1159.6" y="830.538"></tspan>
+      </text>
+      <text font-size="12.8" style="fill: #000000;text-anchor:start;font-family:sans-serif;font-style:normal;font-weight:normal" x="1107.6" y="790.538">
+        <tspan x="1107.6" y="790.538">Pod</tspan>
+      </text>
+    </g>
+    <g>
+      <g>
+        <rect style="fill: #ffffff" x="902.9" y="764.038" width="148" height="133"/>
+        <rect style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #000000" x="902.9" y="764.038" width="148" height="133"/>
+      </g>
+      <g>
+        <rect style="fill: #ffffff" x="943.25" y="834.038" width="89.3" height="38"/>
+        <rect style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #000000" x="943.25" y="834.038" width="89.3" height="38"/>
+        <text font-size="12.8" style="fill: #000000;text-anchor:middle;font-family:sans-serif;font-style:normal;font-weight:normal" x="987.9" y="856.938">
+          <tspan x="987.9" y="856.938">container</tspan>
+        </text>
+      </g>
+      <g>
+        <rect style="fill: #ffffff" x="932.5" y="824.138" width="89.3" height="38"/>
+        <rect style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #000000" x="932.5" y="824.138" width="89.3" height="38"/>
+        <text font-size="12.8" style="fill: #000000;text-anchor:middle;font-family:sans-serif;font-style:normal;font-weight:normal" x="977.15" y="847.038">
+          <tspan x="977.15" y="847.038">container</tspan>
+        </text>
+      </g>
+      <g>
+        <rect style="fill: #ffffff" x="922.1" y="814.238" width="89.3" height="38"/>
+        <rect style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #000000" x="922.1" y="814.238" width="89.3" height="38"/>
+        <text font-size="12.8" style="fill: #000000;text-anchor:middle;font-family:sans-serif;font-style:normal;font-weight:normal" x="966.75" y="837.138">
+          <tspan x="966.75" y="837.138">container</tspan>
+        </text>
+      </g>
+      <text font-size="12.8" style="fill: #000000;text-anchor:start;font-family:sans-serif;font-style:normal;font-weight:normal" x="976.9" y="830.538">
+        <tspan x="976.9" y="830.538"></tspan>
+      </text>
+      <text font-size="12.8" style="fill: #000000;text-anchor:start;font-family:sans-serif;font-style:normal;font-weight:normal" x="924.9" y="790.538">
+        <tspan x="924.9" y="790.538">Pod</tspan>
+      </text>
+    </g>
+    <g>
+      <rect style="fill: #ffffff" x="924.748" y="698.938" width="57.1" height="38"/>
+      <rect style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #000000" x="924.748" y="698.938" width="57.1" height="38"/>
+      <text font-size="12.8" style="fill: #000000;text-anchor:middle;font-family:sans-serif;font-style:normal;font-weight:normal" x="953.298" y="721.838">
+        <tspan x="953.298" y="721.838">Proxy</tspan>
+      </text>
+    </g>
+  </g>
+  <g>
+    <rect style="fill: #ffffff" x="662" y="192" width="630" height="381"/>
+    <rect style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #000000" x="662" y="192" width="630" height="381"/>
+  </g>
+  <g>
+    <rect style="fill: #ffffff" x="689" y="256" width="580" height="292"/>
+    <rect style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #000000" x="689" y="256" width="580" height="292"/>
+  </g>
+  <text font-size="12.8" style="fill: #000000;text-anchor:start;font-family:sans-serif;font-style:normal;font-weight:normal" x="687" y="224">
+    <tspan x="687" y="224">Minion</tspan>
+  </text>
+  <g>
+    <rect style="fill: #ffffff" x="721.2" y="303" width="69.6" height="38"/>
+    <rect style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #000000" x="721.2" y="303" width="69.6" height="38"/>
+    <text font-size="12.8" style="fill: #000000;text-anchor:middle;font-family:sans-serif;font-style:normal;font-weight:normal" x="756" y="325.9">
+      <tspan x="756" y="325.9">kubelet</tspan>
+    </text>
+  </g>
+  <g>
+    <rect style="fill: #ffffff" x="821.676" y="303" width="76.65" height="38"/>
+    <rect style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #000000" x="821.676" y="303" width="76.65" height="38"/>
+    <text font-size="12.8" style="fill: #000000;text-anchor:middle;font-family:sans-serif;font-style:normal;font-weight:normal" x="860.001" y="325.9">
+      <tspan x="860.001" y="325.9">cAdvisor</tspan>
+    </text>
+  </g>
+  <text font-size="12.8" style="fill: #000000;text-anchor:start;font-family:sans-serif;font-style:normal;font-weight:normal" x="711" y="280">
+    <tspan x="711" y="280">docker</tspan>
+  </text>
+  <g>
+    <g>
+      <rect style="fill: #ffffff" x="720.2" y="368.1" width="148" height="133"/>
+      <rect style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #000000" x="720.2" y="368.1" width="148" height="133"/>
+    </g>
+    <g>
+      <rect style="fill: #ffffff" x="760.55" y="438.1" width="89.3" height="38"/>
+      <rect style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #000000" x="760.55" y="438.1" width="89.3" height="38"/>
+      <text font-size="12.8" style="fill: #000000;text-anchor:middle;font-family:sans-serif;font-style:normal;font-weight:normal" x="805.2" y="461">
+        <tspan x="805.2" y="461">container</tspan>
+      </text>
+    </g>
+    <g>
+      <rect style="fill: #ffffff" x="749.8" y="428.2" width="89.3" height="38"/>
+      <rect style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #000000" x="749.8" y="428.2" width="89.3" height="38"/>
+      <text font-size="12.8" style="fill: #000000;text-anchor:middle;font-family:sans-serif;font-style:normal;font-weight:normal" x="794.45" y="451.1">
+        <tspan x="794.45" y="451.1">container</tspan>
+      </text>
+    </g>
+    <g>
+      <rect style="fill: #ffffff" x="739.4" y="418.3" width="89.3" height="38"/>
+      <rect style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #000000" x="739.4" y="418.3" width="89.3" height="38"/>
+      <text font-size="12.8" style="fill: #000000;text-anchor:middle;font-family:sans-serif;font-style:normal;font-weight:normal" x="784.05" y="441.2">
+        <tspan x="784.05" y="441.2">container</tspan>
+      </text>
+    </g>
+    <text font-size="12.8" style="fill: #000000;text-anchor:start;font-family:sans-serif;font-style:normal;font-weight:normal" x="794.2" y="434.6">
+      <tspan x="794.2" y="434.6"></tspan>
+    </text>
+    <text font-size="12.8" style="fill: #000000;text-anchor:start;font-family:sans-serif;font-style:normal;font-weight:normal" x="742.2" y="394.6">
+      <tspan x="742.2" y="394.6">Pod</tspan>
+    </text>
+  </g>
+  <g>
+    <g>
+      <rect style="fill: #ffffff" x="1085.6" y="368.1" width="148" height="133"/>
+      <rect style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #000000" x="1085.6" y="368.1" width="148" height="133"/>
+    </g>
+    <g>
+      <rect style="fill: #ffffff" x="1125.95" y="438.1" width="89.3" height="38"/>
+      <rect style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #000000" x="1125.95" y="438.1" width="89.3" height="38"/>
+      <text font-size="12.8" style="fill: #000000;text-anchor:middle;font-family:sans-serif;font-style:normal;font-weight:normal" x="1170.6" y="461">
+        <tspan x="1170.6" y="461">container</tspan>
+      </text>
+    </g>
+    <g>
+      <rect style="fill: #ffffff" x="1115.2" y="428.2" width="89.3" height="38"/>
+      <rect style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #000000" x="1115.2" y="428.2" width="89.3" height="38"/>
+      <text font-size="12.8" style="fill: #000000;text-anchor:middle;font-family:sans-serif;font-style:normal;font-weight:normal" x="1159.85" y="451.1">
+        <tspan x="1159.85" y="451.1">container</tspan>
+      </text>
+    </g>
+    <g>
+      <rect style="fill: #ffffff" x="1104.8" y="418.3" width="89.3" height="38"/>
+      <rect style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #000000" x="1104.8" y="418.3" width="89.3" height="38"/>
+      <text font-size="12.8" style="fill: #000000;text-anchor:middle;font-family:sans-serif;font-style:normal;font-weight:normal" x="1149.45" y="441.2">
+        <tspan x="1149.45" y="441.2">container</tspan>
+      </text>
+    </g>
+    <text font-size="12.8" style="fill: #000000;text-anchor:start;font-family:sans-serif;font-style:normal;font-weight:normal" x="1159.6" y="434.6">
+      <tspan x="1159.6" y="434.6"></tspan>
+    </text>
+    <text font-size="12.8" style="fill: #000000;text-anchor:start;font-family:sans-serif;font-style:normal;font-weight:normal" x="1107.6" y="394.6">
+      <tspan x="1107.6" y="394.6">Pod</tspan>
+    </text>
+  </g>
+  <g>
+    <g>
+      <rect style="fill: #ffffff" x="902.9" y="368.1" width="148" height="133"/>
+      <rect style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #000000" x="902.9" y="368.1" width="148" height="133"/>
+    </g>
+    <g>
+      <rect style="fill: #ffffff" x="943.25" y="438.1" width="89.3" height="38"/>
+      <rect style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #000000" x="943.25" y="438.1" width="89.3" height="38"/>
+      <text font-size="12.8" style="fill: #000000;text-anchor:middle;font-family:sans-serif;font-style:normal;font-weight:normal" x="987.9" y="461">
+        <tspan x="987.9" y="461">container</tspan>
+      </text>
+    </g>
+    <g>
+      <rect style="fill: #ffffff" x="932.5" y="428.2" width="89.3" height="38"/>
+      <rect style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #000000" x="932.5" y="428.2" width="89.3" height="38"/>
+      <text font-size="12.8" style="fill: #000000;text-anchor:middle;font-family:sans-serif;font-style:normal;font-weight:normal" x="977.15" y="451.1">
+        <tspan x="977.15" y="451.1">container</tspan>
+      </text>
+    </g>
+    <g>
+      <rect style="fill: #ffffff" x="922.1" y="418.3" width="89.3" height="38"/>
+      <rect style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #000000" x="922.1" y="418.3" width="89.3" height="38"/>
+      <text font-size="12.8" style="fill: #000000;text-anchor:middle;font-family:sans-serif;font-style:normal;font-weight:normal" x="966.75" y="441.2">
+        <tspan x="966.75" y="441.2">container</tspan>
+      </text>
+    </g>
+    <text font-size="12.8" style="fill: #000000;text-anchor:start;font-family:sans-serif;font-style:normal;font-weight:normal" x="976.9" y="434.6">
+      <tspan x="976.9" y="434.6"></tspan>
+    </text>
+    <text font-size="12.8" style="fill: #000000;text-anchor:start;font-family:sans-serif;font-style:normal;font-weight:normal" x="924.9" y="394.6">
+      <tspan x="924.9" y="394.6">Pod</tspan>
+    </text>
+  </g>
+  <g>
+    <rect style="fill: #ffffff" x="924.748" y="303" width="57.1" height="38"/>
+    <rect style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #000000" x="924.748" y="303" width="57.1" height="38"/>
+    <text font-size="12.8" style="fill: #000000;text-anchor:middle;font-family:sans-serif;font-style:normal;font-weight:normal" x="953.298" y="325.9">
+      <tspan x="953.298" y="325.9">Proxy</tspan>
+    </text>
+  </g>
+  <g>
+    <rect style="fill: #ffffff" x="126.911" y="92.49" width="189.4" height="38"/>
+    <rect style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #000000" x="126.911" y="92.49" width="189.4" height="38"/>
+    <text font-size="12.8" style="fill: #000000;text-anchor:middle;font-family:sans-serif;font-style:normal;font-weight:normal" x="221.611" y="115.39">
+      <tspan x="221.611" y="115.39">kubecfg (user commands)</tspan>
+    </text>
+  </g>
+  <text font-size="12.8" style="fill: #000000;text-anchor:start;font-family:sans-serif;font-style:normal;font-weight:normal" x="142.476" y="866.282">
+    <tspan x="142.476" y="866.282"></tspan>
+  </text>
+  <g>
+    <path style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #000000" d="M 921.724,322.317 A 70.7456,70.7456 0 0 0 790.8,322"/>
+    <polygon style="fill: #000000" points="924.195,329.333 916.879,320.879 922.342,322.066 926.569,318.408 "/>
+    <polygon style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #000000" points="924.195,329.333 916.879,320.879 922.342,322.066 926.569,318.408 "/>
+  </g>
+  <g>
+    <line style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #000000" x1="790.8" y1="331.5" x2="811.94" y2="331.5"/>
+    <polygon style="fill: #000000" points="819.44,331.5 809.44,336.5 811.94,331.5 809.44,326.5 "/>
+    <polygon style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #000000" points="819.44,331.5 809.44,336.5 811.94,331.5 809.44,326.5 "/>
+  </g>
+  <g>
+    <rect style="fill: #ffffff" x="876.576" y="75.6768" width="70.2" height="38"/>
+    <rect style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #000000" x="876.576" y="75.6768" width="70.2" height="38"/>
+    <text font-size="12.8" style="fill: #000000;text-anchor:middle;font-family:sans-serif;font-style:normal;font-weight:normal" x="911.676" y="98.5768">
+      <tspan x="911.676" y="98.5768">Firewall</tspan>
+    </text>
+  </g>
+  <g>
+    <path style="fill: #ffffff" d="M 886.242 -47.953 C 876.87,-48.2618 858.694,-41.7773 861.25,-27.8819 C 863.806,-13.9865 876.018,-10.8988 881.13,-14.9129 C 886.242,-18.9271 873.178,4.54051 898.17,10.7162 C 923.161,16.8919 935.941,7.01079 932.249,-0.0912821 C 928.557,-7.19336 954.117,16.5832 966.045,2.99658 C 977.973,-10.59 953.833,-23.5589 958.945,-21.7062 C 964.057,-19.8535 979.677,-22.3237 974.565,-45.4827 C 969.453,-68.6416 923.445,-50.7321 928.557,-54.1287 C 933.669,-57.5253 920.889,-74.5086 904.986,-71.112 C 889.082,-67.7153 887.954,-61.5516 886.25,-47.965 L 886.242,-47.953z"/>
+    <path style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #000000" d="M 886.242 -47.953 C 876.87,-48.2618 858.694,-41.7773 861.25,-27.8819 C 863.806,-13.9865 876.018,-10.8988 881.13,-14.9129 C 886.242,-18.9271 873.178,4.54051 898.17,10.7162 C 923.161,16.8919 935.941,7.01079 932.249,-0.0912821 C 928.557,-7.19336 954.117,16.5832 966.045,2.99658 C 977.973,-10.59 953.833,-23.5589 958.945,-21.7062 C 964.057,-19.8535 979.677,-22.3237 974.565,-45.4827 C 969.453,-68.6416 923.445,-50.7321 928.557,-54.1287 C 933.669,-57.5253 920.889,-74.5086 904.986,-71.112 C 889.082,-67.7153 887.954,-61.5516 886.25,-47.965 L 886.242,-47.953"/>
+    <text font-size="12.8" style="fill: #000000;text-anchor:middle;font-family:sans-serif;font-style:normal;font-weight:normal" x="922.428" y="-23.1971">
+      <tspan x="922.428" y="-23.1971">Internet</tspan>
+    </text>
+  </g>
+  <g>
+    <line style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #000000" x1="912.986" y1="12.703" x2="911.878" y2="65.9428"/>
+    <polygon style="fill: #000000" points="911.723,73.4412 906.932,63.3394 911.878,65.9428 916.929,63.5474 "/>
+    <polygon style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #000000" points="911.723,73.4412 906.932,63.3394 911.878,65.9428 916.929,63.5474 "/>
+  </g>
+  <g>
+    <line style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #000000" x1="911.676" y1="113.677" x2="951.207" y2="293.491"/>
+    <polygon style="fill: #000000" points="952.818,300.816 945.787,292.123 951.207,293.491 955.554,289.976 "/>
+    <polygon style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #000000" points="952.818,300.816 945.787,292.123 951.207,293.491 955.554,289.976 "/>
+  </g>
+  <g>
+    <line style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #000000" x1="939.022" y1="341" x2="803.77" y2="366.309"/>
+    <polygon style="fill: #000000" points="796.398,367.689 805.308,360.935 803.77,366.309 807.147,370.764 "/>
+    <polygon style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #000000" points="796.398,367.689 805.308,360.935 803.77,366.309 807.147,370.764 "/>
+  </g>
+  <g>
+    <line style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #000000" x1="953.298" y1="341" x2="970.506" y2="360.758"/>
+    <polygon style="fill: #000000" points="975.431,366.414 965.093,362.157 970.506,360.758 972.634,355.589 "/>
+    <polygon style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #000000" points="975.431,366.414 965.093,362.157 970.506,360.758 972.634,355.589 "/>
+  </g>
+  <g>
+    <line style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #000000" x1="967.572" y1="341" x2="1149.96" y2="366.739"/>
+    <polygon style="fill: #000000" points="1157.39,367.788 1146.79,371.341 1149.96,366.739 1148.18,361.439 "/>
+    <polygon style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #000000" points="1157.39,367.788 1146.79,371.341 1149.96,366.739 1148.18,361.439 "/>
+  </g>
+  <g>
+    <rect style="fill: #ffffff" x="-54" y="370.5" width="562" height="383.25"/>
+    <rect style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #000000" x="-54" y="370.5" width="562" height="383.25"/>
+  </g>
+  <g>
+    <rect style="fill: #ffffff" x="-30" y="416.75" width="364" height="146"/>
+    <rect style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #000000" x="-30" y="416.75" width="364" height="146"/>
+  </g>
+  <g>
+    <rect style="fill: #ffffff" x="418.775" y="551" width="176.225" height="121"/>
+    <rect style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #000000" x="418.775" y="551" width="176.225" height="121"/>
+    <text font-size="12.8" style="fill: #000000;text-anchor:middle;font-family:sans-serif;font-style:normal;font-weight:normal" x="506.887" y="583.4">
+      <tspan x="506.887" y="583.4">Distributed</tspan>
+      <tspan x="506.887" y="599.4">Watchable</tspan>
+      <tspan x="506.887" y="615.4">Storage</tspan>
+      <tspan x="506.887" y="631.4"></tspan>
+      <tspan x="506.887" y="647.4">(implemented via etcd)</tspan>
+    </text>
+  </g>
+  <g>
+    <rect style="fill: #ffffff" x="201.314" y="594.318" width="154.6" height="38"/>
+    <rect style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #000000" x="201.314" y="594.318" width="154.6" height="38"/>
+    <text font-size="12.8" style="fill: #000000;text-anchor:middle;font-family:sans-serif;font-style:normal;font-weight:normal" x="278.614" y="617.218">
+      <tspan x="278.614" y="617.218">replication controller</tspan>
+    </text>
+  </g>
+  <g>
+    <rect style="fill: #ffffff" x="94.8884" y="617.914" width="86.15" height="38"/>
+    <rect style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #000000" x="94.8884" y="617.914" width="86.15" height="38"/>
+    <text font-size="12.8" style="fill: #000000;text-anchor:middle;font-family:sans-serif;font-style:normal;font-weight:normal" x="137.963" y="640.814">
+      <tspan x="137.963" y="640.814">Scheduler</tspan>
+    </text>
+  </g>
+  <g>
+    <rect style="fill: #ffffff" x="80.162" y="594.318" width="86.15" height="38"/>
+    <rect style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #000000" x="80.162" y="594.318" width="86.15" height="38"/>
+    <text font-size="12.8" style="fill: #000000;text-anchor:middle;font-family:sans-serif;font-style:normal;font-weight:normal" x="123.237" y="617.218">
+      <tspan x="123.237" y="617.218">Scheduler</tspan>
+    </text>
+  </g>
+  <text font-size="12.8" style="fill: #000000;text-anchor:start;font-family:sans-serif;font-style:normal;font-weight:normal" x="-34.876" y="699.256">
+    <tspan x="-34.876" y="699.256">Master components</tspan>
+    <tspan x="-34.876" y="715.256">Colocated, or spread across machines,</tspan>
+    <tspan x="-34.876" y="731.256">as dictated by cluster size.</tspan>
+  </text>
+  <text font-size="12.7998" style="fill: #000000;text-anchor:start;font-family:sans-serif;font-style:normal;font-weight:normal" x="506.887" y="611.5">
+    <tspan x="506.887" y="611.5"></tspan>
+  </text>
+  <text font-size="12.7998" style="fill: #000000;text-anchor:start;font-family:sans-serif;font-style:normal;font-weight:normal" x="506.887" y="611.5">
+    <tspan x="506.887" y="611.5"></tspan>
+  </text>
+  <g>
+    <rect style="fill: #ffffff" x="136.717" y="468.5" width="172.175" height="70"/>
+    <rect style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #000000" x="136.717" y="468.5" width="172.175" height="70"/>
+    <text font-size="12.7998" style="fill: #000000;text-anchor:middle;font-family:sans-serif;font-style:normal;font-weight:normal" x="222.804" y="491.4">
+      <tspan x="222.804" y="491.4">REST</tspan>
+      <tspan x="222.804" y="507.4">(pods, services,</tspan>
+      <tspan x="222.804" y="523.4">rep. controllers)</tspan>
+    </text>
+  </g>
+  <g>
+    <rect style="fill: #ffffff" x="165.958" y="389.5" width="115" height="54"/>
+    <rect style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #000000" x="165.958" y="389.5" width="115" height="54"/>
+    <text font-size="12.7998" style="fill: #000000;text-anchor:middle;font-family:sans-serif;font-style:normal;font-weight:normal" x="223.458" y="412.4">
+      <tspan x="223.458" y="412.4">authorization</tspan>
+      <tspan x="223.458" y="428.4">authentication</tspan>
+    </text>
+  </g>
+  <g>
+    <rect style="fill: #ffffff" x="2.35" y="476.5" width="91.3" height="54"/>
+    <rect style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #000000" x="2.35" y="476.5" width="91.3" height="54"/>
+    <text font-size="12.7998" style="fill: #000000;text-anchor:middle;font-family:sans-serif;font-style:normal;font-weight:normal" x="48" y="499.4">
+      <tspan x="48" y="499.4">scheduling</tspan>
+      <tspan x="48" y="515.4">actuator</tspan>
+    </text>
+  </g>
+  <text font-size="12.7998" style="fill: #000000;text-anchor:start;font-family:sans-serif;font-style:normal;font-weight:normal" x="-13" y="436.75">
+    <tspan x="-13" y="436.75">APIs</tspan>
+  </text>
+  <g>
+    <line style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #000000" x1="123.237" y1="594.318" x2="55.4248" y2="536.798"/>
+    <polygon style="fill: #000000" points="49.7052,531.946 60.5656,534.602 55.4248,536.798 54.097,542.228 "/>
+    <polygon style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #000000" points="49.7052,531.946 60.5656,534.602 55.4248,536.798 54.097,542.228 "/>
+  </g>
+  <g>
+    <line style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #000000" x1="123.237" y1="594.318" x2="172.833" y2="545.341"/>
+    <polygon style="fill: #000000" points="178.169,540.071 174.567,550.655 172.833,545.341 167.541,543.54 "/>
+    <polygon style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #000000" points="178.169,540.071 174.567,550.655 172.833,545.341 167.541,543.54 "/>
+  </g>
+  <g>
+    <line style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #000000" x1="278.614" y1="594.318" x2="229.688" y2="545.385"/>
+    <polygon style="fill: #000000" points="224.385,540.081 234.992,543.618 229.688,545.385 227.92,550.688 "/>
+    <polygon style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #000000" points="224.385,540.081 234.992,543.618 229.688,545.385 227.92,550.688 "/>
+  </g>
+  <g>
+    <line style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #000000" x1="223.458" y1="443.5" x2="223.059" y2="458.767"/>
+    <polygon style="fill: #000000" points="222.863,466.265 218.126,456.137 223.059,458.767 228.123,456.399 "/>
+    <polygon style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #000000" points="222.863,466.265 218.126,456.137 223.059,458.767 228.123,456.399 "/>
+  </g>
+  <g>
+    <line style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #000000" x1="308.892" y1="503.5" x2="362.29" y2="504.346"/>
+    <polygon style="fill: #000000" points="369.789,504.465 359.711,509.306 362.29,504.346 359.87,499.307 "/>
+    <polygon style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #000000" points="369.789,504.465 359.711,509.306 362.29,504.346 359.87,499.307 "/>
+  </g>
+  <g>
+    <line style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #000000" x1="318.054" y1="544.587" x2="410.665" y2="606.112"/>
+    <polygon style="fill: #000000" points="320.821,540.422 309.725,539.053 315.287,548.752 "/>
+    <polygon style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #000000" points="320.821,540.422 309.725,539.053 315.287,548.752 "/>
+    <polygon style="fill: #000000" points="416.912,610.263 405.816,608.894 410.665,606.112 411.35,600.564 "/>
+    <polygon style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #000000" points="416.912,610.263 405.816,608.894 410.665,606.112 411.35,600.564 "/>
+  </g>
+  <g>
+    <line style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #000000" x1="221.611" y1="130.49" x2="223.389" y2="379.764"/>
+    <polygon style="fill: #000000" points="223.442,387.264 218.371,377.3 223.389,379.764 228.371,377.229 "/>
+    <polygon style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #000000" points="223.442,387.264 218.371,377.3 223.389,379.764 228.371,377.229 "/>
+  </g>
+  <g>
+    <path style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #000000" d="M 606 581.25 C 636.898,581.25 679.302,322 711.464,322"/>
+    <polygon style="fill: #000000" points="606,576.25 596,581.25 606,586.25 "/>
+    <polygon style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #000000" points="606,576.25 596,581.25 606,586.25 "/>
+    <polygon style="fill: #000000" points="718.964,322 708.964,327 711.464,322 708.964,317 "/>
+    <polygon style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #000000" points="718.964,322 708.964,327 711.464,322 708.964,317 "/>
+  </g>
+  <g>
+    <path style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #000000" d="M 606 641.75 C 636.898,641.75 679.302,717.938 711.464,717.938"/>
+    <polygon style="fill: #000000" points="606,636.75 596,641.75 606,646.75 "/>
+    <polygon style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #000000" points="606,636.75 596,641.75 606,646.75 "/>
+    <polygon style="fill: #000000" points="718.964,717.938 708.964,722.938 711.464,717.938 708.964,712.938 "/>
+    <polygon style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #000000" points="718.964,717.938 708.964,722.938 711.464,717.938 708.964,712.938 "/>
+  </g>
+  <g>
+    <path style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #000000" d="M 790.8 708.438 C 825,677.75 879,674.75 916.908,702.665"/>
+    <polygon style="fill: #000000" points="922.947,707.112 911.93,705.209 916.908,702.665 917.86,697.156 "/>
+    <polygon style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #000000" points="922.947,707.112 911.93,705.209 916.908,702.665 917.86,697.156 "/>
+  </g>
+  <g>
+    <line style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #000000" x1="801.8" y1="727.438" x2="811.94" y2="727.438"/>
+    <polygon style="fill: #000000" points="801.8,722.438 791.8,727.438 801.8,732.438 "/>
+    <polygon style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #000000" points="801.8,722.438 791.8,727.438 801.8,732.438 "/>
+    <polygon style="fill: #000000" points="819.44,727.438 809.44,732.438 811.94,727.438 809.44,722.438 "/>
+    <polygon style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #000000" points="819.44,727.438 809.44,732.438 811.94,727.438 809.44,722.438 "/>
+  </g>
+  <g>
+    <path style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #000000" d="M 934.594 747.007 C 928,762 804,738 797.63,754.926"/>
+    <polygon style="fill: #000000" points="939.171,749.02 938.62,737.853 930.017,744.994 "/>
+    <polygon style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #000000" points="939.171,749.02 938.62,737.853 930.017,744.994 "/>
+    <polygon style="fill: #000000" points="794.988,761.945 793.831,750.825 797.63,754.926 803.19,754.347 "/>
+    <polygon style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #000000" points="794.988,761.945 793.831,750.825 797.63,754.926 803.19,754.347 "/>
+  </g>
+  <g>
+    <path style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #000000" d="M 974.333 745.616 C 998,776 1131,714 1154.77,755.585"/>
+    <polygon style="fill: #000000" points="978.277,742.543 968.188,737.727 970.388,748.689 "/>
+    <polygon style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #000000" points="978.277,742.543 968.188,737.727 970.388,748.689 "/>
+    <polygon style="fill: #000000" points="1158.49,762.097 1149.19,755.896 1154.77,755.585 1157.87,750.934 "/>
+    <polygon style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #000000" points="1158.49,762.097 1149.19,755.896 1154.77,755.585 1157.87,750.934 "/>
+  </g>
+  <g>
+    <line style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #000000" x1="960.522" y1="745.233" x2="970.506" y2="756.696"/>
+    <polygon style="fill: #000000" points="964.293,741.949 953.955,737.692 956.752,748.517 "/>
+    <polygon style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #000000" points="964.293,741.949 953.955,737.692 956.752,748.517 "/>
+    <polygon style="fill: #000000" points="975.431,762.352 965.093,758.095 970.506,756.696 972.634,751.527 "/>
+    <polygon style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #000000" points="975.431,762.352 965.093,758.095 970.506,756.696 972.634,751.527 "/>
+  </g>
+  <g>
+    <path style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #000000" d="M 478.975 491 C 552.046,491 637.129,312.5 711.464,312.5"/>
+    <polygon style="fill: #000000" points="478.975,486 468.975,491 478.975,496 "/>
+    <polygon style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #000000" points="478.975,486 468.975,491 478.975,496 "/>
+    <polygon style="fill: #000000" points="718.964,312.5 708.964,317.5 711.464,312.5 708.964,307.5 "/>
+    <polygon style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #000000" points="718.964,312.5 708.964,317.5 711.464,312.5 708.964,307.5 "/>
+  </g>
+  <g>
+    <path style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #000000" d="M 478.933 505.457 C 677,522.75 650,676.75 712.305,704.479"/>
+    <polygon style="fill: #000000" points="479.368,500.476 468.971,504.587 478.498,510.438 "/>
+    <polygon style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #000000" points="479.368,500.476 468.971,504.587 478.498,510.438 "/>
+    <polygon style="fill: #000000" points="719.157,707.529 707.988,708.031 712.305,704.479 712.054,698.895 "/>
+    <polygon style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #000000" points="719.157,707.529 707.988,708.031 712.305,704.479 712.054,698.895 "/>
+  </g>
+  <g>
+    <line style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #000000" x1="93.65" y1="503.5" x2="126.981" y2="503.5"/>
+    <polygon style="fill: #000000" points="134.481,503.5 124.481,508.5 126.981,503.5 124.481,498.5 "/>
+    <polygon style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #000000" points="134.481,503.5 124.481,508.5 126.981,503.5 124.481,498.5 "/>
+  </g>
+  <g>
+    <rect style="fill: #ffffff" x="372.025" y="477.5" width="95.95" height="54"/>
+    <rect style="fill: none; fill-opacity:0; stroke-width: 2; stroke: #000000" x="372.025" y="477.5" width="95.95" height="54"/>
+    <text font-size="12.7998" style="fill: #000000;text-anchor:middle;font-family:sans-serif;font-style:normal;font-weight:normal" x="420" y="500.4">
+      <tspan x="420" y="500.4">kubelet</tspan>
+      <tspan x="420" y="516.4">info service</tspan>
+    </text>
+  </g>
+</svg>