1. Articles
  2. Managed Kubernetes
  3. Technical Resources

Articles in this section

Exposed APIs, Software Versions, and Reserved Resources

Avatar
Michael M.
  • Updated
Follow

We list here some details on the APIs we expose, the software versions we use and the resources we reserve on each node.

OVH APIs

We have added a Kubernetes section to the OVHcloud API.
Using it you will be able to add and remove nodes, update and reset your clusters or getting kubectl configuration.

If you have never used the OVH API, you can see the basis on First Steps with the OVHcloud API.

Kubernetes versions

Currently, we support the following Kubernetes releases:

  • 1.20

If you run a Managed Kubernetes Service using an older version we strongly encourage you to use the version upgrade feature to receive official support for your cluster.

You will find more details about our End-of-Sale, End-of-Service and End-of-life-Policy in the dedicated section.

We will closely follow the Kubernetes releases, and new versions will be regularly available.

OS and Docker versions

The OS and Docker demon version on your nodes will be regularly updated. Current versions are:

  • OS: Ubuntu 18.04 LTS
  • Docker: 18.06.3
  • Containerd: 1.4.3

CRI (Container Runtime Interface)

As recommended by Kubernetes, docker used as CRI is now deprecated since 1.20, more information here.

  • If you create a new cluster or a node pool after February 2021, the 19th (in any supported Kubernetes version) or if you upgrade an existing cluster to 1.20, containerd is used as the default CRI for each nodes. Docker remains installed in our managed OS to ensure compatibilty for specific use cases.

CNI (Cluster Network Interface)

The CNI plugin installed is canal which embedded calico for policy and flannel for networking.

The versions installed depends on the Kubernetes version:

  • 1.20: calico 3.10.3, flannel 0.11.0

Enabled policies

Configuration

API

Admission plugins (defaults are not listed here):

  • AlwaysPullImages: Force every new pod to pull the required images every time. In a multi-tenant cluster users can be assured that their private images can only be used by those who have the credentials to pull them.
  • NodeRestriction: Ensure that the kubelet is restricted to the Node and Pod objects that it could modify as defined. Such kubelets will only be allowed to modify their own NodeAPI object and PodAPI objects that are bound to their node.

Authorization modes:

  • Node: Authorize API requests made by kubelets.
  • RBAC: Role-based access control is a method of regulating access to computer or network resources based on the roles of individual users within an organization.

Feature gates:

  • TTLAfterFinished: Allow a TTL controller to clean up resources after they finish execution.

Kubelet

  • protect-kernel-defaults: Protect tuned kernel parameters from overriding kubelet default kernel parameter values.

Reserved resources

Each worker node has 1 GB of RAM and 100 mCPU reserved for Kubernetes components.
This reserved quotas may evolve in the future, the page will be updated when it does

Related articles