Published 2022-10-21

Operational Simplicity with Tencent Kubernetes Engine (TKE) and Spectro Cloud Palette Platform

CEO & Co-Founder @ Spectro Cloud
Senior Solution Architect @ Tencent Cloud

Born out of the open-source Kubernetes system, Tencent Kubernetes Engine (TKE) provides container-centric, highly scalable and high-performance container management services. Fully compatible with Kubernetes' native API and capable of expanding Tencent Cloud's Kubernetes plugins, such as CBS and CLB, TKE supports containerized applications with a complete set of functions such as efficient deployment, resource scheduling, service discovery, and dynamic scaling. Further, it ensures environmental consistency during user development, testing and OPS, making it easier to manage large-scale container clusters and helping users reduce costs and improve efficiency. TKE is free of charge, and other paid supplementary cloud products will be billed separately.

Spectro Cloud is excited to announce the extension of its Palette platform for TKE support on Tencent Cloud. Spectro Cloud Palette is an enterprise Kubernetes management platform that brings consistency, flexibility and operational efficiency for any Kubernetes clusters in any environment, whether it is public cloud, private cloud, bare metal, or edge locations. With its unique declarative management approach, Palette extends Cluster-API to full-stack to manage add-ons and applications all together with Kubernetes infrastructure. Enterprises can use this full-stack declarative model (Cluster Profile) as a single source of truth to drive day-0 design, day-1 deployment and day-2 upgrade across thousands of clusters. It also makes it super easy to integrate with CI/CD, GitOps and external automation tools such as the popular Infrastructure-as-Code framework Terraform.

image1

Why Cluster-API?

Cluster API (CAPI) is a CNCF Kubernetes sub-project focused on providing declarative APIs and tooling to simplify provisioning, upgrading, and operating multiple Kubernetes clusters.

Started by the Kubernetes Special Interest Group (SIG) Cluster Lifecycle, the Cluster API project uses Kubernetes-style APIs and patterns to automate cluster lifecycle management for platform operators. The supporting infrastructure, like virtual machines, networks, load balancers, and VPCs, as well as the Kubernetes cluster configuration are all defined in the same way that application developers operate deploying and managing their workloads. This enables consistent and repeatable cluster deployments across a wide variety of infrastructure environments.

Cluster-API uses Kubernetes (admin cluster) to manage user’s Kubernetes clusters. The user cluster can be described as a manifest which will be mapped to basic CRD constructs like Cluster and Machine, along with target environment specific placement properties. Unlike some early cluster management solutions that use script or proprietary orchestrator, using Kubernetes as the orchestrator and the declarative desired state based management for other Kubernetes clusters avoids re-inventing the wheel.

Cluster-API is also acting as an abstraction layer with different infrastructure-as-a-Service and managed Kubernetes service providers, so that the cluster declarative model will work across multiple environments consistently with minimum changes on cloud-specific properties. Today it supports more than 20 different infrastructure provider implementations including Tencent Cloud’s open-source CAPI provider. With the power of the open-source community and every cloud infrastructure contributing to it, CAPI has the richest environment support than any other Kubernetes management solutions on the market.

image2

Spectro Cloud Palette TKE Support

Spectro Cloud co-developed the Tencent Cloud CAPI provider and contributed back to the upstream Tencent Cloud github repository. Once the CAPI provider is integrated with Spectro Cloud Palette platform, all existing Palette functionalities including multi-cluster lifecycle management, zero-trust access control, cost visibility, day-2 operations, Terraform automation will all work for TKE clusters.

Let’s take a deep look at each of Palette functionalities with TKE support:

Cluster Profile and Packs

With TKE integration, now for Tencent Cloud as a target environment, the user will be able to select TKE infrastructure stacks including TKE Managed OS, TKE Kubernetes version, Tencent Global Router as CNI, and Tencent Cloud Block Storage as CSI layer.

image3

image4

Tencent Cloud Specific Placement

Once the Cluster Profile is created, users will be able to use it to deploy one or multiple TKE clusters. All Tencent Cloud specific placement properties, such as region, SSH key name, VPC ID, cluster endpoint access, cluster size, node instance type, placement availability zones and corresponding subnets, can be configured in the Deployment Wizard. The available choices of the placement properties are all dynamically queried based on the cloud account the user is using so that it can be tied to the user's RBAC on the cloud resources he/she can access. Furthermore, Palette will periodically synchronize Tencent Cloud’s instance specifications and price information With up-to-date pricing, and cluster size, the Deployment Wizard estimates the cluster hourly running cost.

image5

image6

Multi-Cluster Management

The Cluster Profile is more than a deployment blueprint or template. It is used as the desired state for the clusters to avoid configuration draft and drive update lifecycle management. If any cluster deviates from the defined desired state (e.g., someone accidentally deleted a cluster node in the TKE console), the system will auto correct such configuration drift via self-healing. If the Cluster Profile is updated, then all clusters that are using that particular Cluster Profile will show there is an update available for the user to trigger the update. All upgrades will be rolling upgraded with zero downtime.

image7

Zero-trust Access Control

For each Kubernetes cluster managed by Palette, there is a management agent running in the spectrocloud namespace. This agent enables reverse proxy and OIDC authentication/authorization against external Identity Providers (IDP) such as Okta, Azure AD, and more. Unlike many other solutions that use fixed certificate-based auth in kubeconfig, OIDC based auth requires users to authenticate against IDP so even if the kubeconfig file is leaked it will not breach the security. This is a true zero-trust security model. For more details, please see this blog: Secured Access to Kubernetes from Anywhere with Zero Trust.

image8

Cost Visibility

Palette provides the unified operation model across all clusters and environments. The cluster’s infrastructure cost (instance and storage costs) are tracked based on their running duration and it can further breakdown the cost by namespace and application services, and enables enterprises to do team level showback/chargeback if it is desired. The next step would be to build some AI based recommendations for cost optimization.

image9

Day-2 Operations

In addition to declarative full-stack deployment and upgrade lifecycle management, Palette also provides many day-2 operations for the Kubernetes clusters such as backup/restore, certificate rotation, security and conformance scans, and remote troubleshooting.

image10

image11

GitOps and Terraform Automations

Although Palette provides a very intuitive and user friendly UI, for managing hundreds, even thousands of clusters at scale, it requires automation. Palette natively supports GitHub Actions and its open-source Terraform provider, has over 3.4M downloads.

image12

Summary

The combined Spectro Cloud and Tencent Cloud TKE helps enterprises take advantage of modern Kubernetes multi-cluster management best practices and the unique features and region coverages provided by Tencent Cloud. This enables Global 2000 enterprises to keep the consistent and unified operation experience anywhere regardless of the target environment differences. This is a huge enabler for enterprises to use Tencent Cloud as the infrastructure provider in China and other APAC markets.

Author Bio
CEO & Co-Founder @ Spectro Cloud
Tenry has more than 20 years of experience system software. Prior to co-found Spectro Cloud, he most recently led the architecture for Cisco's multi-cloud management and private cloud solutions, after his previous company, CliQr, was acquired by Cisco. He has more than 15 patents in the fields of scalable distributed systems, enterprise system management and security.
Senior Solution Architect @ Tencent Cloud
Jianhe is a certified Tencent, AWS, and Google Cloud Architect. He has more than 20 years of experience managing product development, pre-sales, services delivery, and customer success. Prior to Tencent Cloud, he led a SaaS team on building enterprise Cloud native applications. Before that, he led a professional services team for enterprise integration and business process management.

Related Articles

  • Blog Posts

    How to keep your Kubernetes secrets… secret

    Read our article
  • Blog Posts

    Kubernetes for dummies tutorial

    Read our article
  • Blog Posts

    Enterprise challenges for containers and Kubernetes

    Read our article
  • Blog Posts

    Why we Invested in Spectro Cloud

    Read our article
Be the first to receive the latest on
K8s, Palette, our upcoming webinar, events, and much more!

We are using the information you provide to us to send you our montly newsletter. You may unsubscribe at any time.
For more information, please see our Privacy Policy.

Spectro Cloud uniquely enables organizations to manage Kubernetes in production, at scale. Our Palette management platform gives effortless control of the full Kubernetes lifecycle, across clouds, data centers, bare metal and edge environments.
Connect with us
Connect with us

© 2022 Spectro Cloud®. All rights reserved.