Born out of the open-source Kubernetes system, Tencent Kubernetes Engine (TKE) provides container-centric, highly scalable and high-performance container management services. Fully compatible with Kubernetes' native API and capable of expanding Tencent Cloud's Kubernetes plugins, such as CBS and CLB, TKE supports containerized applications with a complete set of functions such as efficient deployment, resource scheduling, service discovery, and dynamic scaling. Further, it ensures environmental consistency during user development, testing and OPS, making it easier to manage large-scale container clusters and helping users reduce costs and improve efficiency. TKE is free of charge, and other paid supplementary cloud products will be billed separately.
Spectro Cloud is excited to announce the extension of its Palette platform for TKE support on Tencent Cloud. Spectro Cloud Palette is an enterprise Kubernetes management platform that brings consistency, flexibility and operational efficiency for any Kubernetes clusters in any environment, whether it is public cloud, private cloud, bare metal, or edge locations. With its unique declarative management approach, Palette extends Cluster-API to full-stack to manage add-ons and applications all together with Kubernetes infrastructure. Enterprises can use this full-stack declarative model (Cluster Profile) as a single source of truth to drive day-0 design, day-1 deployment and day-2 upgrade across thousands of clusters. It also makes it super easy to integrate with CI/CD, GitOps and external automation tools such as the popular Infrastructure-as-Code framework Terraform.
Cluster API (CAPI) is a CNCF Kubernetes sub-project focused on providing declarative APIs and tooling to simplify provisioning, upgrading, and operating multiple Kubernetes clusters.
Started by the Kubernetes Special Interest Group (SIG) Cluster Lifecycle, the Cluster API project uses Kubernetes-style APIs and patterns to automate cluster lifecycle management for platform operators. The supporting infrastructure, like virtual machines, networks, load balancers, and VPCs, as well as the Kubernetes cluster configuration are all defined in the same way that application developers operate deploying and managing their workloads. This enables consistent and repeatable cluster deployments across a wide variety of infrastructure environments.
Cluster-API uses Kubernetes (admin cluster) to manage user’s Kubernetes clusters. The user cluster can be described as a manifest which will be mapped to basic CRD constructs like Cluster and Machine, along with target environment specific placement properties. Unlike some early cluster management solutions that use script or proprietary orchestrator, using Kubernetes as the orchestrator and the declarative desired state based management for other Kubernetes clusters avoids re-inventing the wheel.
Cluster-API is also acting as an abstraction layer with different infrastructure-as-a-Service and managed Kubernetes service providers, so that the cluster declarative model will work across multiple environments consistently with minimum changes on cloud-specific properties. Today it supports more than 20 different infrastructure provider implementations including Tencent Cloud’s open-source CAPI provider. With the power of the open-source community and every cloud infrastructure contributing to it, CAPI has the richest environment support than any other Kubernetes management solutions on the market.
Spectro Cloud Palette TKE Support
Spectro Cloud co-developed the Tencent Cloud CAPI provider and contributed back to the upstream Tencent Cloud github repository. Once the CAPI provider is integrated with Spectro Cloud Palette platform, all existing Palette functionalities including multi-cluster lifecycle management, zero-trust access control, cost visibility, day-2 operations, Terraform automation will all work for TKE clusters.
Let’s take a deep look at each of Palette functionalities with TKE support:
Cluster Profile and Packs
With TKE integration, now for Tencent Cloud as a target environment, the user will be able to select TKE infrastructure stacks including TKE Managed OS, TKE Kubernetes version, Tencent Global Router as CNI, and Tencent Cloud Block Storage as CSI layer.
Tencent Cloud Specific Placement
Once the Cluster Profile is created, users will be able to use it to deploy one or multiple TKE clusters. All Tencent Cloud specific placement properties, such as region, SSH key name, VPC ID, cluster endpoint access, cluster size, node instance type, placement availability zones and corresponding subnets, can be configured in the Deployment Wizard. The available choices of the placement properties are all dynamically queried based on the cloud account the user is using so that it can be tied to the user's RBAC on the cloud resources he/she can access. Furthermore, Palette will periodically synchronize Tencent Cloud’s instance specifications and price information With up-to-date pricing, and cluster size, the Deployment Wizard estimates the cluster hourly running cost.
The Cluster Profile is more than a deployment blueprint or template. It is used as the desired state for the clusters to avoid configuration draft and drive update lifecycle management. If any cluster deviates from the defined desired state (e.g., someone accidentally deleted a cluster node in the TKE console), the system will auto correct such configuration drift via self-healing. If the Cluster Profile is updated， then all clusters that are using that particular Cluster Profile will show there is an update available for the user to trigger the update. All upgrades will be rolling upgraded with zero downtime.
Zero-trust Access Control
For each Kubernetes cluster managed by Palette, there is a management agent running in the spectrocloud namespace. This agent enables reverse proxy and OIDC authentication/authorization against external Identity Providers (IDP) such as Okta, Azure AD, and more. Unlike many other solutions that use fixed certificate-based auth in kubeconfig, OIDC based auth requires users to authenticate against IDP so even if the kubeconfig file is leaked it will not breach the security. This is a true zero-trust security model. For more details, please see this blog: Secured Access to Kubernetes from Anywhere with Zero Trust.
Palette provides the unified operation model across all clusters and environments. The cluster’s infrastructure cost (instance and storage costs) are tracked based on their running duration and it can further breakdown the cost by namespace and application services, and enables enterprises to do team level showback/chargeback if it is desired. The next step would be to build some AI based recommendations for cost optimization.
In addition to declarative full-stack deployment and upgrade lifecycle management, Palette also provides many day-2 operations for the Kubernetes clusters such as backup/restore, certificate rotation, security and conformance scans, and remote troubleshooting.
GitOps and Terraform Automations
Although Palette provides a very intuitive and user friendly UI, for managing hundreds, even thousands of clusters at scale, it requires automation. Palette natively supports GitHub Actions and its open-source Terraform provider, has over 3.4M downloads.
The combined Spectro Cloud and Tencent Cloud TKE helps enterprises take advantage of modern Kubernetes multi-cluster management best practices and the unique features and region coverages provided by Tencent Cloud. This enables Global 2000 enterprises to keep the consistent and unified operation experience anywhere regardless of the target environment differences. This is a huge enabler for enterprises to use Tencent Cloud as the infrastructure provider in China and other APAC markets.