add blog about cloud provider migration #46342
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
k8s-ci-robot
added
do-not-merge/work-in-progress
k8s-ci-robot
added
area/blog
✅ Pull request preview available for checkingBuilt without sensitive environment variables
To edit notification comments on pull requests, go to your Netlify site configuration. |
andrewsykim
force-pushed
the
cloud-provider-migration-blog
branch
2 times, most recently
from
cb2a86d
to
ced0480
Compare
andrewsykim
changed the title
andrewsykim
changed the title
k8s-ci-robot
removed
the
do-not-merge/work-in-progress
andrewsykim
force-pushed
the
cloud-provider-migration-blog
branch
from
ced0480
to
b3acce3
Compare
elmiko
reviewed
May 17, 2024
| author: > | ||
| Andrew Sy Kim (Google), | ||
| Michelle Au (Google), | ||
| Michael McCune (RedHat) |
There was a problem hiding this comment.
very minor nit
Suggested change
| Michael McCune (RedHat) | |
| Michael McCune (Red Hat) |
Signed-off-by: andrewsykim <andrewsy@google.com>
andrewsykim
force-pushed
the
cloud-provider-migration-blog
branch
from
b3acce3
to
b515b2d
Compare
sftim
reviewed
May 18, 2024
There was a problem hiding this comment.
This article is OK to merge. If you're willing to revise it either before or after publication, please consider the feedback from this review.
Accepting suggestions from this review will improve readers' experience.
/lgtm
/approve
It's more useful to merge this than to run another review cycle.
| Each subsystem was critical to achieve full feature parity with built-in capabilities and required several releases to bring each subsystem to GA-level maturity with a safe and | ||
| reliable migration path. More on each subsystem below. | ||
|
|
||
| ### Cloud Controller Manager |
There was a problem hiding this comment.
(nit; OK to fix up post merge)
Suggested change
| ### Cloud Controller Manager | |
| ### Cloud controller manager |
|
|
||
| Learn more about Cloud Controller Manager [here](/docs/concepts/architecture/cloud-controller). | ||
|
|
||
| ### API Server Network Proxy |
There was a problem hiding this comment.
(nit; OK to fix up post merge)
Suggested change
| ### API Server Network Proxy | |
| ### API server network proxy |
|
|
||
| Learn more about the API Server Network Proxy [here](https://github.com/kubernetes-sigs/apiserver-network-proxy). | ||
|
|
||
| ### Kubelet Credential Provider |
There was a problem hiding this comment.
(nit)
Suggested change
| ### Kubelet Credential Provider | |
| ### Credential provider plugins for the kubelet |
|
|
||
| Learn more about Kubelet Credential Provider [here](https://kubernetes.io/docs/tasks/administer-cluster/kubelet-credential-provider/). | ||
|
|
||
| ### CSI In-tree Storage Migration Plugins |
There was a problem hiding this comment.
(nit)
Suggested change
| ### CSI In-tree Storage Migration Plugins | |
| ### Storage plugin migration from in-tree to CSI |
|
|
||
| Learn more about In-tree Storage migration in [this blog post](https://kubernetes.io/blog/2019/12/09/kubernetes-1-17-feature-csi-migration-beta/). | ||
|
|
||
| ## What’s Next? |
There was a problem hiding this comment.
(nit; OK to fix up post merge)
Suggested change
| ## What’s Next? | |
| ## What's next? |
|
|
||
| ### API Server Network Proxy | ||
|
|
||
| The API Server Network Proxy project, initiated in 2018 in collaboration with SIG API Machinery, aimed to replace the SSH tunneler functionality within the kube-apiserver. |
There was a problem hiding this comment.
(nit)
Suggested change
| The API Server Network Proxy project, initiated in 2018 in collaboration with SIG API Machinery, aimed to replace the SSH tunneler functionality within the kube-apiserver. | |
| The _API server network proxy_ project, initiated in 2018 in collaboration with SIG API Machinery, aimed to replace the existing SSH tunneling functionality within the kube-apiserver. |
I think “existing” helps clarity, but it's up to you if you don't like the tautology.
| This tunneler had been used to securely proxy traffic between the Kubernetes control plane and nodes, but it heavily relied on provider-specific implementation details embedded in the kube-apiserver to establish these SSH tunnels. | ||
|
|
||
| Now, the API Server Network Proxy is a GA-level extension point within the kube-apiserver. It offers a generic proxying mechanism that can route traffic from the API server to nodes through a secure proxy, | ||
| eliminating the need for the API server to have any knowledge of the specific cloud provider it is running on. This project also introduced the Konnectivity project, which has seen growing adoption in production environments. |
There was a problem hiding this comment.
(nit; OK to fix up post merge, and only if you'd like to)
Could link to https://kubernetes.io/docs/concepts/architecture/control-plane-node-communication/#konnectivity-service here.
|
|
||
| ### Kubelet Credential Provider | ||
|
|
||
| The Kubelet credential provider plugin was developed to replace the kubelet's built-in functionality for dynamically fetching credentials for image registries hosted on Google Cloud, AWS, or Azure. |
There was a problem hiding this comment.
(nit; OK to fix up post merge, and only if you'd like to)
Suggested change
| The Kubelet credential provider plugin was developed to replace the kubelet's built-in functionality for dynamically fetching credentials for image registries hosted on Google Cloud, AWS, or Azure. | |
| Support for kubelet credential provider plugins was developed to replace the kubelet's built-in functionality for dynamically fetching credentials for image registries hosted on Google Cloud, AWS, or Azure. |
| ### Kubelet Credential Provider | ||
|
|
||
| The Kubelet credential provider plugin was developed to replace the kubelet's built-in functionality for dynamically fetching credentials for image registries hosted on Google Cloud, AWS, or Azure. | ||
| This capability was convenient as it allowed the kubelet to seamlessly retrieve short-lived tokens for pulling images from GCR, ECR, or ACR. However, like other areas of the project, |
There was a problem hiding this comment.
(nit; OK to fix up post merge, and only if you'd like to)
Suggested change
| This capability was convenient as it allowed the kubelet to seamlessly retrieve short-lived tokens for pulling images from GCR, ECR, or ACR. However, like other areas of the project, | |
| The legacy capability was convenient as it allowed the kubelet to seamlessly retrieve short-lived tokens for pulling images from GCR, ECR, or ACR. However, like other areas of Kubernetes, supporting |
?
| This capability was convenient as it allowed the kubelet to seamlessly retrieve short-lived tokens for pulling images from GCR, ECR, or ACR. However, like other areas of the project, | ||
| this required the kubelet to have specific knowledge of different cloud environments and APIs. | ||
|
|
||
| Introduced in 2019, the credential provider plugin offers a generic extension point for the kubelet to execute plugin binaries that dynamically provide credentials for images hosted on various clouds. |
There was a problem hiding this comment.
(nit; OK to fix up post merge, and only if you'd like to)
Suggested change
| Introduced in 2019, the credential provider plugin offers a generic extension point for the kubelet to execute plugin binaries that dynamically provide credentials for images hosted on various clouds. | |
| Introduced in 2019, the credential provider plugin mechanism offers a generic extension point for the kubelet to execute plugin binaries that dynamically provide credentials for images hosted on various clouds. |
A plugin is something you plug in, not the extension point that enables the plugging in.
k8s-ci-robot
added
the
lgtm
|
LGTM label has been added. Git tree hash: fc4338b550606e3ac762bcc592f8b219e517b69a
|
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: sftim The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
approved
sftim
reviewed
May 18, 2024
There was a problem hiding this comment.
Please send in a post-merge PR to fix the filename, so it matches the actual publication date,
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Add blog about cloud provider removal effort (KEP-2395).