forked from pivotal-cf/docs-pks
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcontrol-plane.html.md.erb
82 lines (53 loc) · 4.16 KB
/
control-plane.html.md.erb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
---
title: PKS Cluster Management
owner: PKS
---
This topic describes how Pivotal Container Service (PKS) manages the deployment of Kubernetes clusters.
##<a id="overview"></a>Overview
Users interact with PKS and PKS-deployed Kubernetes clusters in two ways:
* Deploying Kubernetes clusters with BOSH and managing their lifecycle.
These tasks are performed using the PKS command line interface (CLI) and the PKS control plane.
* Deploying and managing container-based workloads on Kubernetes clusters.
These tasks are performed using the Kubernetes CLI, `kubectl`.
##<a id="cluster-management"></a>Cluster Lifecycle Management
The PKS control plane enables users to deploy and manage Kubernetes clusters.
For communicating with the PKS control plane, PKS provides a command line interface, the PKS CLI.
See [Installing the PKS CLI](installing-pks-cli.html) for installation instructions.
###<a id="control-plane"></a>PKS Control Plane Overview
The PKS control plane manages the lifecycle of Kubernetes clusters deployed using PKS.
The control plane allows users to do the following through the PKS CLI:
* View cluster plans
* Create clusters
* View information about clusters
* Obtain credentials to deploy workloads to clusters
* Scale clusters
* Delete clusters
* Create and manage network profiles for VMware NSX-T
In addition, the PKS control plane can upgrade all existing clusters using the **Upgrade all clusters** BOSH errand.
For more information, see [Upgrade Kubernetes Clusters](upgrade-pks.html#upgrade-instances) in _Upgrading PKS_.
###<a id="architecture"></a>PKS Control Plane Architecture
The PKS control plane is deployed on a single VM that includes the following components:
* The PKS API server
* The PKS Broker
* A User Account and Authentication (UAA) server
The following illustration shows how these components interact:
<%= image_tag('images/pks-overview.png') %>
The PKS API Load Balancer is used for AWS, GCP, and vSphere without NSX-T deployments. If PKS is deployed on vSphere with NSX-T, a DNAT rule is configured for the PKS API host so that it is accessible. For more information, see the [Share the PKS API Endpoint](installing-nsx-t.html#retrieve-endpoint) section in _Installing PKS on vSphere with NSX-T Integration_.
####<a id="uaa"></a>UAA
When a user logs in to or logs out of the PKS API through the PKS CLI, the PKS CLI communicates with UAA to authenticate them.
The PKS API permits only authenticated users to manage Kubernetes clusters.
For more information about authenticating, see [PKS API Authentication](pks-api-auth.html).
UAA must be configured with the appropriate users and user permissions.
For more information, see [Managing Users in PKS with UAA](manage-users.html).
####<a id="pks-api"></a>PKS API
Through the PKS CLI, users instruct the PKS API server to deploy, scale up, and delete Kubernetes clusters as well as show cluster details and plans.
The PKS API can also write Kubernetes cluster credentials to a local kubeconfig file, which enables users to connect to a cluster through `kubectl`.
The PKS API sends all cluster management requests, except read-only requests, to the PKS Broker.
####<a id="pks-broker"></a>PKS Broker
When the PKS API receives a request to modify a Kubernetes cluster, it instructs the PKS Broker to make the requested change.
The PKS Broker consists of an [On-Demand Service Broker](https://docs.pivotal.io/svc-sdk/odb/index.html) and a Service Adapter. The PKS Broker generates a BOSH manifest and instructs the BOSH Director to deploy or delete the Kubernetes cluster.
For PKS deployments on vSphere with NSX-T, there is an additional component, the PKS NSX-T Proxy Broker.
The PKS API communicates with the PKS NSX-T Proxy Broker, which in turn communicates with the NSX Manager to provision the Node Networking resources.
The PKS NSX-T Proxy Broker then forwards the request to the On-Demand Service Broker to deploy the cluster.
##<a id="workload-management"></a>Cluster Workload Management
PKS users manage their container-based workloads on Kubernetes clusters through `kubectl`. For more information about `kubectl`, see [Overview of kubectl](https://kubernetes.io/docs/reference/kubectl/overview/) in the Kubernetes documentation.