Skip to content

Commit

Permalink
Translate CCM concepts to French
Browse files Browse the repository at this point in the history
  • Loading branch information
remyleone committed Jun 21, 2019
1 parent 1929512 commit 79fcfc8
Showing 1 changed file with 262 additions and 0 deletions.
262 changes: 262 additions & 0 deletions content/fr/docs/concepts/architecture/cloud-controller.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,262 @@
---
title: Concepts sous-jacents au Cloud Controller Manager
content_template: templates/concept
weight: 30
---

{{% capture overview %}}

The cloud controller manager (CCM) concept (not to be confused with the binary) was originally created to allow cloud specific vendor code and the Kubernetes core to evolve independent of one another.
The cloud controller manager runs alongside other master components such as the Kubernetes controller manager, the API server, and scheduler.
It can also be started as a Kubernetes addon, in which case it runs on top of Kubernetes.

The cloud controller manager's design is based on a plugin mechanism that allows new cloud providers to integrate with Kubernetes easily by using plugins.
There are plans in place for on-boarding new cloud providers on Kubernetes and for migrating cloud providers from the old model to the new CCM model.

This document discusses the concepts behind the cloud controller manager and gives details about its associated functions.

Voici l'architecture d'un cluster Kubernetes sans le cloud controller manager:

![Pre CCM Kube Arch](/images/docs/pre-ccm-arch.png)

{{% /capture %}}

{{% capture body %}}

## Design

In the preceding diagram, Kubernetes and the cloud provider are integrated through several different components:

* Kubelet
* Kubernetes controller manager
* Kubernetes API server

The CCM consolidates all of the cloud-dependent logic from the preceding three components to create a single point of integration with the cloud.
The new architecture with the CCM looks like this:

![CCM Kube Arch](/images/docs/post-ccm-arch.png)

## Components of the CCM

The CCM breaks away some of the functionality of Kubernetes controller manager (KCM) and runs it as a separate process.
Specifically, it breaks away those controllers in the KCM that are cloud dependent.
The KCM has the following cloud dependent controller loops:

* Node controller
* Volume controller
* Route controller
* Service controller

In version 1.9, the CCM runs the following controllers from the preceding list:

* Node controller
* Route controller
* Service controller

{{< note >}}
Volume controller was deliberately chosen to not be a part of CCM.
Due to the complexity involved and due to the existing efforts to abstract away vendor specific volume logic, it was decided that volume controller will not be moved to CCM.
{{< /note >}}

The original plan to support volumes using CCM was to use Flex volumes to support pluggable volumes.
However, a competing effort known as CSI is being planned to replace Flex.

Considering these dynamics, we decided to have an intermediate stop gap measure until CSI becomes ready.

## Functions of the CCM

The CCM inherits its functions from components of Kubernetes that are dependent on a cloud provider.
This section is structured based on those components.

### 1. Kubernetes controller manager

The majority of the CCM's functions are derived from the KCM.
As mentioned in the previous section, the CCM runs the following control loops:

* Node controller
* Route controller
* Service controller

#### Node controller

The Node controller is responsible for initializing a node by obtaining information about the nodes running in the cluster from the cloud provider.
The node controller performs the following functions:

1. Initialize a node with cloud specific zone/region labels.
2. Initialize a node with cloud specific instance details, for example, type and size.
3. Obtain the node's network addresses and hostname.
4. In case a node becomes unresponsive, check the cloud to see if the node has been deleted from the cloud.
If the node has been deleted from the cloud, delete the Kubernetes Node object.

#### Route controller

The Route controller is responsible for configuring routes in the cloud appropriately so that containers on different nodes in the Kubernetes cluster can communicate with each other.
The route controller is only applicable for Google Compute Engine clusters.

#### Service Controller

The Service controller is responsible for listening to service create, update, and delete events.
Based on the current state of the services in Kubernetes, it configures cloud load balancers (such as ELB, Google LB, or Oracle Cloud Infrastructure LB) to reflect the state of the services in Kubernetes.
Additionally, it ensures that service backends for cloud load balancers are up to date.

### 2. Kubelet

Le contrôleur de noeud contient les fonctionnalités du kubelet dépendant du cloud.
Prior to the introduction of the CCM, the kubelet was responsible for initializing a node with cloud-specific details such as IP addresses, region/zone labels and instance type information.
The introduction of the CCM has moved this initialization operation from the kubelet into the CCM.

In this new model, the kubelet initializes a node without cloud-specific information.
However, it adds a taint to the newly created node that makes the node unschedulable until the CCM initializes the node with cloud-specific information.
It then removes this taint.

## Mécanisme de plugin

The cloud controller manager uses Go interfaces to allow implementations from any cloud to be plugged in.
Specifically, it uses the CloudProvider Interface defined [here](https://github.com/kubernetes/cloud-provider/blob/9b77dc1c384685cb732b3025ed5689dd597a5971/cloud.go#L42-L62).

The implementation of the four shared controllers highlighted above, and some scaffolding along with the shared cloudprovider interface, will stay in the Kubernetes core.
Implementations specific to cloud providers will be built outside of the core and implement interfaces defined in the core.

For more information about developing plugins, see [Developing Cloud Controller Manager](/docs/tasks/administer-cluster/developing-cloud-controller-manager/).

## Autorisation

This section breaks down the access required on various API objects by the CCM to perform its operations.

### Contrôleur de nœud

The Node controller only works with Node objects.
It requires full access to get, list, create, update, patch, watch, and delete Node objects.

v1/Node:

- Get
- List
- Create
- Update
- Patch
- Watch
- Delete

### Route controller

The route controller listens to Node object creation and configures routes appropriately.
It requires get access to Node objects.

v1/Node:

- Get

### Service controller

The service controller listens to Service object create, update and delete events and then configures endpoints for those Services appropriately.

To access Services, it requires list, and watch access.
To update Services, it requires patch and update access.

To set up endpoints for the Services, it requires access to create, list, get, watch, and update.

v1/Service:

- List
- Get
- Watch
- Patch
- Update

### Autres

The implementation of the core of CCM requires access to create events, and to ensure secure operation, it requires access to create ServiceAccounts.

v1/Event:

- Create
- Patch
- Update

v1/ServiceAccount:

- Create

The RBAC ClusterRole for the CCM looks like this:

```yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: cloud-controller-manager
rules:
- apiGroups:
- ""
resources:
- events
verbs:
- create
- patch
- update
- apiGroups:
- ""
resources:
- nodes
verbs:
- '*'
- apiGroups:
- ""
resources:
- nodes/status
verbs:
- patch
- apiGroups:
- ""
resources:
- services
verbs:
- list
- patch
- update
- watch
- apiGroups:
- ""
resources:
- serviceaccounts
verbs:
- create
- apiGroups:
- ""
resources:
- persistentvolumes
verbs:
- get
- list
- update
- watch
- apiGroups:
- ""
resources:
- endpoints
verbs:
- create
- get
- list
- watch
- update
```
## Implémentations des fournisseurs de cloud
Les fournisseurs de cloud suivants ont implémenté leur CCM:
* [Digital Ocean](https://github.com/digitalocean/digitalocean-cloud-controller-manager)
* [Oracle](https://github.com/oracle/oci-cloud-controller-manager)
* [Azure](https://github.com/kubernetes/cloud-provider-azure)
* [GCP](https://github.com/kubernetes/cloud-provider-gcp)
* [AWS](https://github.com/kubernetes/cloud-provider-aws)
* [BaiduCloud](https://github.com/baidu/cloud-provider-baiducloud)
* [Linode](https://github.com/linode/linode-cloud-controller-manager)
## Administration de cluster
Complete instructions for configuring and running the CCM are provided
[here](/docs/tasks/administer-cluster/running-cloud-controller/#cloud-controller-manager).
{{% /capture %}}

0 comments on commit 79fcfc8

Please sign in to comment.