-
Notifications
You must be signed in to change notification settings - Fork 14k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
add blog about cloud provider migration #46342
add blog about cloud provider migration #46342
Conversation
✅ Pull request preview available for checkingBuilt without sensitive environment variables
To edit notification comments on pull requests, go to your Netlify site configuration. |
cb2a86d
to
ced0480
Compare
ced0480
to
b3acce3
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
thanks for posting this @andrewsykim !
author: > | ||
Andrew Sy Kim (Google), | ||
Michelle Au (Google), | ||
Michael McCune (RedHat) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
very minor nit
Michael McCune (RedHat) | |
Michael McCune (Red Hat) |
Signed-off-by: andrewsykim <andrewsy@google.com>
b3acce3
to
b515b2d
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This article is OK to merge. If you're willing to revise it either before or after publication, please consider the feedback from this review.
Accepting suggestions from this review will improve readers' experience.
/lgtm
/approve
It's more useful to merge this than to run another review cycle.
Each subsystem was critical to achieve full feature parity with built-in capabilities and required several releases to bring each subsystem to GA-level maturity with a safe and | ||
reliable migration path. More on each subsystem below. | ||
|
||
### Cloud Controller Manager |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
(nit; OK to fix up post merge)
### Cloud Controller Manager | |
### Cloud controller manager |
|
||
Learn more about Cloud Controller Manager [here](/docs/concepts/architecture/cloud-controller). | ||
|
||
### API Server Network Proxy |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
(nit; OK to fix up post merge)
### API Server Network Proxy | |
### API server network proxy |
|
||
Learn more about the API Server Network Proxy [here](https://github.com/kubernetes-sigs/apiserver-network-proxy). | ||
|
||
### Kubelet Credential Provider |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
(nit)
### Kubelet Credential Provider | |
### Credential provider plugins for the kubelet |
|
||
Learn more about Kubelet Credential Provider [here](https://kubernetes.io/docs/tasks/administer-cluster/kubelet-credential-provider/). | ||
|
||
### CSI In-tree Storage Migration Plugins |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
(nit)
### CSI In-tree Storage Migration Plugins | |
### Storage plugin migration from in-tree to CSI |
|
||
Learn more about In-tree Storage migration in [this blog post](https://kubernetes.io/blog/2019/12/09/kubernetes-1-17-feature-csi-migration-beta/). | ||
|
||
## What’s Next? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
(nit; OK to fix up post merge)
## What’s Next? | |
## What's next? |
|
||
### API Server Network Proxy | ||
|
||
The API Server Network Proxy project, initiated in 2018 in collaboration with SIG API Machinery, aimed to replace the SSH tunneler functionality within the kube-apiserver. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
(nit)
The API Server Network Proxy project, initiated in 2018 in collaboration with SIG API Machinery, aimed to replace the SSH tunneler functionality within the kube-apiserver. | |
The _API server network proxy_ project, initiated in 2018 in collaboration with SIG API Machinery, aimed to replace the existing SSH tunneling functionality within the kube-apiserver. |
I think “existing” helps clarity, but it's up to you if you don't like the tautology.
This tunneler had been used to securely proxy traffic between the Kubernetes control plane and nodes, but it heavily relied on provider-specific implementation details embedded in the kube-apiserver to establish these SSH tunnels. | ||
|
||
Now, the API Server Network Proxy is a GA-level extension point within the kube-apiserver. It offers a generic proxying mechanism that can route traffic from the API server to nodes through a secure proxy, | ||
eliminating the need for the API server to have any knowledge of the specific cloud provider it is running on. This project also introduced the Konnectivity project, which has seen growing adoption in production environments. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
(nit; OK to fix up post merge, and only if you'd like to)
Could link to https://kubernetes.io/docs/concepts/architecture/control-plane-node-communication/#konnectivity-service here.
|
||
### Kubelet Credential Provider | ||
|
||
The Kubelet credential provider plugin was developed to replace the kubelet's built-in functionality for dynamically fetching credentials for image registries hosted on Google Cloud, AWS, or Azure. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
(nit; OK to fix up post merge, and only if you'd like to)
The Kubelet credential provider plugin was developed to replace the kubelet's built-in functionality for dynamically fetching credentials for image registries hosted on Google Cloud, AWS, or Azure. | |
Support for kubelet credential provider plugins was developed to replace the kubelet's built-in functionality for dynamically fetching credentials for image registries hosted on Google Cloud, AWS, or Azure. |
### Kubelet Credential Provider | ||
|
||
The Kubelet credential provider plugin was developed to replace the kubelet's built-in functionality for dynamically fetching credentials for image registries hosted on Google Cloud, AWS, or Azure. | ||
This capability was convenient as it allowed the kubelet to seamlessly retrieve short-lived tokens for pulling images from GCR, ECR, or ACR. However, like other areas of the project, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
(nit; OK to fix up post merge, and only if you'd like to)
This capability was convenient as it allowed the kubelet to seamlessly retrieve short-lived tokens for pulling images from GCR, ECR, or ACR. However, like other areas of the project, | |
The legacy capability was convenient as it allowed the kubelet to seamlessly retrieve short-lived tokens for pulling images from GCR, ECR, or ACR. However, like other areas of Kubernetes, supporting |
?
This capability was convenient as it allowed the kubelet to seamlessly retrieve short-lived tokens for pulling images from GCR, ECR, or ACR. However, like other areas of the project, | ||
this required the kubelet to have specific knowledge of different cloud environments and APIs. | ||
|
||
Introduced in 2019, the credential provider plugin offers a generic extension point for the kubelet to execute plugin binaries that dynamically provide credentials for images hosted on various clouds. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
(nit; OK to fix up post merge, and only if you'd like to)
Introduced in 2019, the credential provider plugin offers a generic extension point for the kubelet to execute plugin binaries that dynamically provide credentials for images hosted on various clouds. | |
Introduced in 2019, the credential provider plugin mechanism offers a generic extension point for the kubelet to execute plugin binaries that dynamically provide credentials for images hosted on various clouds. |
A plugin is something you plug in, not the extension point that enables the plugging in.
LGTM label has been added. Git tree hash: fc4338b550606e3ac762bcc592f8b219e517b69a
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: sftim The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please send in a post-merge PR to fix the filename, so it matches the actual publication date,
Add blog about cloud provider removal effort (KEP-2395).