This secret is the critical link that acts as the conduit between Kubernetes and GCP control planes. When the key is registered with Kubernetes as a secret, CRDs use it to access the API associated with GCP resources. The IAM Owner role and the associated Service Account key provide the required permissions for external applications to talk to GCP. If a resource depends on other resources, they can be referenced in the YAML definition.Additional Roles and Role Bindings in Kubernetes may be created to allow or restrict access to GCP resources.GCP resources mapped to CRDs are defined in a YAML file and created through kubectl.A new namespace that matches the name of the GCP project is created in Kubernetes.Config Connector is installed as a set of CRDs in a dedicated Kubernetes namespace.The Service Account key (a JSON file) is registered with Kubernetes as a Secret.An IAM Service Account with role Owner is created in GCP.The steps below explain the workflow involved in registering GCP resources with Kubernetes: The way Config Connector takes advantage of GCP primitives such as service accounts combined with Kubernetes primitives of role-based access control (RBAC) and secrets is fascinating. The familiar kubectl tool can be used to manipulate these objects. Each GCP service such as Cloud Spanner, Cloud SQL, Cloud Pub/Sub is exposed as a custom resource definition that can be treated like any other Kubernetes object. While other cloud providers such as Azure and AWS are using Open Service Broker API to connect cloud resources to Kubernetes, Google has deprecated it in favor of Config Connector.Ĭonfig Connector takes advantage of CRDs to register custom objects that map to a variety of GCP resources. I could use Minikube running on my dev machine as the control plane to configure and provision a Cloud SQL instance in GCP. Config Connector is a recently launched addon to Kubernetes to make GCP resources first-class citizens in the cloud native world: Check out my tutorial from last week where I demonstrated how to install and use Config Connector to manage GCP resources from Minikube.Įven though Config Connector is designed for GKE, it can be easily installed in any Kubernetes environment. It is slowly but steadily moving towards making Kubernetes the front and center of GCP operations and management. With so much investment in Kubernetes Engine and related products, Google wants GKE to be the preferred management layer for both cloud native and traditional operations. Migrate for Anthos moves and converts workloads directly into containers that run in Google Kubernetes Engine (GKE).Įven though Config Connector is designed for GKE, it can be easily installed in any Kubernetes environment. Its hybrid cloud strategy based on Anthos revolves around Kubernetes. Google is making a big push of making Kubernetes the front and center of Google Cloud Platform (GCP). KubeVirt enabled the orchestration of VMs through Kubernetes scheduler and controller. The Virtual Kubelet project from Microsoft attempted to bridge the gap between the Kubernetes control plane and external resource schedulers such as IoT Hub and Container Instances. The maturity of Custom Resource Definitions (CRDs) made it possible to bring external resource management into the Kubernetes fold. The cloud native community has been making steady progress in that direction. Almost a year ago, I wrote an article highlighting the transformation of Kubernetes into a universal control plane.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |