Overview of Tencent Cloud Managed Kubernetes Service and Its Integration

Tencent Cloud has been offering a fully managed Kubernetes service since the end of 2016. The service provides one‑click cluster deployment with complete isolation: each user gets dedicated compute and control nodes, and the cluster network resides within the user's own VPC.

The platform handles the full lifecycle of a cluster, including creation, deletion, scaling of compute nodes, and initialization of core Kubernetes components and certificates. A visual console allows users to expose services without writing manual code.

Additional capabilities include integrated monitoring of pod memory usage and Kubernetes events, which are linked to Tencent Cloud’s Cloud Monitor. The ecosystem also offers a Docker image repository, TencentHub, and CI/CD features for a one‑stop cloud solution.

The presentation covers the essential Kubernetes components (kube‑apiserver, kube‑controller‑manager, kube‑scheduler, kubelet, kube‑proxy) and explains their roles. It also introduces custom components developed by Tencent: hpa‑metrics‑server (adds bandwidth metrics to HPA), cbs‑provisioner (enables CBS block storage for pods), and ccs‑log‑collector (collects container logs).

Network integration follows three Kubernetes requirements: no‑NAT intra‑pod communication, full node‑to‑pod connectivity, and consistent IP visibility. Tencent Cloud implements a flat network using VPC routing (global route) rather than overlay solutions like Flannel. Pods receive CIDR blocks from VPC routes, enabling direct routing between pods and nodes.

For storage, the service integrates Tencent Cloud CBS (block storage) and CFS (NFS). Volume provisioning is performed by the kube‑controller‑manager, which creates cloud disks, attaches them to nodes, and mounts them inside pods. Storage plugins have evolved from in‑tree implementations to FlexVolume binaries and now to CSI drivers, with plans to migrate fully to CSI.

Logging is achieved via a custom Fluentd‑based controller that watches a LogCollector CRD, generates Fluentd configurations, and reloads the daemon. Logs from /var/log/containers are routed to back‑ends such as Kafka or Tencent Cloud CIS. Monitoring collects pod performance metrics via cAdvisor agents on each node and forwards them to Cloud Monitor, enabling HPA based on CPU, inbound/outbound bandwidth, etc.

Two deployment models are described: (1) early‑stage deployment on a single CVM with isolated master components in the user’s VPC; (2) a newer model where Kubernetes masters run as pods inside a dedicated management cluster, leveraging VPC elastic network interfaces to bridge between the management VPC and user VPCs. This approach uses Etcd operators for per‑cluster Etcd instances, reducing resource waste and simplifying upgrades via Kubernetes rolling updates.

The Q&A clarifies that the managed service aims to provide transparent operations, allowing developers to focus on application development while Tencent handles master scaling, Etcd maintenance, and log/monitoring infrastructure.