2024-08-14 - Cloud Native Istanbul - Cloud Native API Control Planes

mail240075 76 views 37 slides Aug 15, 2024

Slide 1 of 37

About This Presentation

The Kubernetes Resource Model (KRM) has proven to be amazing at building consistent, high quality APIs. Its extensibility has driven mass adoption by third party “operators”. The kcp project (accepted into the CNCF Sandbox in 2023) extends Kubernetes API concepts beyond container orchestration. ...

Size: 451.6 KB

Language: en

Added: Aug 15, 2024

Slides: 37 pages

Slide Content

KCP:
Cloud Native API Control Planes
Marvin Beckers

2
Marvin Beckers
Team Lead @ Kubermatic
& KCP Maintainer
github.com/embik
linkedin.com/in/marvinbeckers
hachyderm.io/@embik

Agenda
1.Kubernetes as an API Layer
2.Lightweight Clusters to the Rescue
3.What is KCP?
a.Workspaces
4.The API Marketplace
a.Create APIs with APIExports
b.Enable APIs with APIBindings
5.Demo
6.Wrapping Up

3

Kubernetes as an API Layer
4

REST API Conventions with Kubernetes
5
/apis/<group>/<version>/[namespaces/<namespace>/] <resourcetype>[/<name>]
APIs in Kubernetes
are grouped.
Each API group is
also versioned.
Resources are optionally
namespaced.
Resources have a speciﬁc
resource type that deﬁnes
their schema.
Resources are
uniquely named.

6
Some Examples

7
The Kubernetes API is pretty awesome!
(that’s it. That’s the tweet post slide)

8
But …

●CRDs are cluster-scoped, so everyone shares them.
●Kubernetes clusters are local, not meant to scale across regions.
●You don’t need the workload orchestration part for APIs.

Lightweight Clusters
9
to the rescue?

Hosted Control Planes
10
Infrastructure (Kubernetes)
Datastore
CRDs
RBAC
Control Plane
Datastore
CRDs
RBAC
Control Plane
Datastore
CRDs
RBAC
Control Plane

11
What if …

12
… we “virtualized” API servers?

13
“Logical” Clusters
Infrastructure (Kubernetes)
Datastore
RBAC
Bound APIs
CRDs
Logical Cluster
RBAC
Bound APIs
CRDs
Logical Cluster
RBAC
Bound APIs
CRDs
Logical Cluster

What is KCP?
14

15
A horizontally scalable control
plane for Kubernetes-style APIs.

16
Sandbox project
(since end of 2023)

Workspace
17
A multi-tenancy unit of isolation in kcp.
Each workspaces has its own available API
resource types.
API objects are not shared across workspaces.
Delegation of administrative permissions to
workspace owners.
Workspaces are cheap.

18
https://kcp:6443/clusters/root
https://kcp:6443/clusters/root:org-a
https://kcp:6443/clusters/ root:org-a:team-a
root
org-a …
… …team-a
Workspaces are organized in a tree (or multiple).

19
$ kubectl ws .
Current workspace is "root".

$ kubectl get ws
NAME TYPE REGION PHASE URL AGE
org-a organization Ready https://… 69d
org-b organization Ready https://… 65d

$ kubectl ws org-a
Current workspace is "root:org-a" (type root:organization).

$ kubectl get ws
NAME TYPE REGION PHASE URL AGE
team-a team Ready https://… 3m23s
team-b team Ready https://… 3m18s

$ kubectl ws team-a
Current workspace is "root:org-a:team-a" (type root:team).
And you can navigate them!

20
The API Marketplace

21
Service teams should provide
services, not ﬁddle with their own
API server implementation.

22
Create APIs with APIExports

APIExport
23
apiVersion: apis.kcp.io/v1alpha1
kind: APIExport
metadata:
name: demo.embik.me
spec:
latestResourceSchemas:
- v1.certificates.demo.embik.me
- v1.pizzas.demo.embik.me
Resource schemas deﬁne
resources, just like CRDs.

Virtual Workspaces for Controllers
24
Proxy that provides a computed view
Controller
Virtual Workspace KCP
ObjectsTransformed Objects

25
APIExport
Virtual
Workspace
Pizza a Pizza b Certiﬁcate a
Pizza a Pizza c
Certiﬁcate b Pizza b
root
root:org-a
root:org-b
…/clusters/*/…
Access requires special RBAC!

How to Build a KCP-aware Controller
26github.com/kcp-dev/controller-runtime
Use kcp-aware client and cache
Reconcile in Virtual Workspace via Cluster
Reconcile with logical cluster in context
ctx = kontext.WithCluster(ctx, logicalcluster.Name(request.ClusterName))
1
2
3
sigs.k8s.io/controller-runtime/pkg/cluster.Cluster
MapperProvider: kcp.NewClusterAwareMapperProvider,
NewClient: kcp.NewClusterAwareClient,
NewCache: kcp.NewClusterAwareCache,
NewAPIReader: kcp.NewClusterAwareAPIReader,

Enable APIs with APIBindings
27

28
$ kubectl api-resources
NAME SHORTNAMES APIVERSION NAMESPACED KIND
configmaps cm v1 true ConfigMap
events ev v1 true Event
namespaces ns v1 false Namespace
resourcequotas quota v1 true ResourceQuota
secrets v1 true Secret
serviceaccounts sa v1 true ServiceAccount
[...]
workspaces ws tenancy.kcp.io/v1alpha1 false Workspace
workspacetypes tenancy.kcp.io/v1alpha1 false WorkspaceType
[...]
https://kcp:6443/clusters/ root:org-a/api
Available APIs in a Workspace

Powered by APIBindings
29
$ kubectl get apibindings
NAME AGE READY
tenancy.kcp.io-3wb5h 30d True
topology.kcp.io-cua3o 30d True
apiVersion: apis.kcp.io/v1alpha1
kind: APIBinding
metadata:
name: tenancy.kcp.io-3wb5h
spec:
reference:
export:
name: tenancy.kcp.io
path: root
This references an APIExport in a different workspace!

APIBindings across Workspaces
30
root
org-a …
team-db team-ateam-os
bind API

RBAC Extension for APIBindings
31
Binding to exported APIs
requires RBAC permissions
on the APIExport.
apiVersion:
rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: bind-apiexport
rules:
- apiGroups:
- apis.kcp.io
resources:
- apiexports
verbs:
- use
resourceNames:
- demo.embik.me

Demo
32
We are using:

●https://github.com/kcp-dev/kcp
●https://github.com/kcp-dev/kcp/tree/main/cli/cmd/kubectl-workspace
●https://github.com/embik/kubectl-switch-ws
●https://github.com/kcp-dev/controller-runtime/tree/kcp-0.18/examples/kcp
Let’s see KCP in action!

Wrapping Up
33

34
Software is APIs are eating the world.

35
Let’s use technology we know …

36
… and create open platforms!

Wrapping Up
37
1.kcp is building a global control plane for API-driven platforms.
2.Workspaces allow to mirror organizational hierarchy.
3.Providing Kubernetes-style APIs at scale is incredibly easy.

It’s a community project! We welcome everyone to build the project’s future
together.

2024-08-14 - Cloud Native Istanbul - Cloud Native API Control Planes

About This Presentation

Slide Content

Tags

Categories

Download

Quick Actions

Statistics

Related Slideshows

2024-08-14 - Cloud Native Istanbul - Cloud Native API Control Planes

About This Presentation

Slide Content

Slide 1

Slide 2

Slide 3

Slide 4

Slide 5

Slide 6

Slide 7

Slide 8

Slide 9

Slide 10

Slide 11

Slide 12

Slide 13

Slide 14

Slide 15

Slide 16

Slide 17

Slide 18

Slide 19

Slide 20

Slide 21

Slide 22

Slide 23

Slide 24

Slide 25

Slide 26

Slide 27

Slide 28

Slide 29

Slide 30

Slide 31

Slide 32

Slide 33

Slide 34

Slide 35

Slide 36

Slide 37

Tags

Categories

Download

Quick Actions

Statistics

Related Slideshows

Pray For The Peace Of Jerusalem and You Will Prosper

Don_t_Waste_Your_Life_God.....powerpoint

VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf

Fertility awareness methods for women in the society

Chapter 5 Arithmetic Functions Computer Organisation and Architecture

syakira bhasa inggris (1) (1).pptx.......