Kubernetes(2014)

kubecon 2019

openshift(IBM)/cloud foundary(vmware)

k8s 的 co-founder Brendan Burns

Awesome-Kubernetes

Kubernetes is a powerful system, developed by Google, for managing containerized applications in a clustered environment.

Coded in Go.

调度系统,网络,存储,安全,监控monitoring and logging

Run godoc in localhost:
godoc -http :8000

Access : http://localhost:8000/pkg/

         http://godoc.golangtc.com/pkg/

Glossary

  1. self-hosted kubernetes : 自托管kubernetes;Self-hosted Kubernetes runs control plane components as pods. A one-time bootstrapping process is done to set up that control plane. Configuring hosts becomes much more minimal, requiring only a running Kubelet. This favours performing rolling upgrades through Kubernetes, the cluster system, and provisioning immutable host infrastructure. A node’s only job is to be a “dumb” member of the larger cluster.

  2. In-cluster load balancing: netfiter+iptables and IPVS
  3. IPVS (IP Virtual Server): IPVS (IP Virtual Server) is also built on top of netfilter and implements transport-layer load balancing as part of the Linux kernel. IPVS is incorporated into the LVS (Linux Virtual Server), where it runs on a host and acts as a load balancer in front of a cluster of real servers.
  4. IPVLAN: IP Virtual Local Area Network
  5. This close grouping means that Pods are ideally suited for symbiotic relationships between their containers (这种紧密的分组意味着Pods非常适合其容器之间的共生关系), such as a main serving container and a background data-loading container. Keeping the container images separate generally makes it more agile for different teams to own or reuse the container images, but grouping them together in a Pod at runtime enables them to operate cooperatively
  6. pod代理边车(sidecar)/边车(Sidecar)模式:早期有一些摩托车,除了主驾驶位,还带一个边车位,可以额外坐一个人。业务代码进程(相当于主驾驶)共享一个代理(相当于边车);Pod (容器组),英文中 Pod 是豆荚的意思。从名字的含义可以看出,Pod 是一组有依赖关系的容器。Pod 是 Kubernetes 集群中最基本的资源对象,每个 Pod 由一个或多个业务容器和一个根容器 (Pause 容器) 组成。
  7. 数据面板Data Plane/控制面板Control Plane
  8. Kubernetes reverse proxy/ingress controller(Nginx). https://www.reddit.com/r/kubernetes/comments/aos35y/kubernetes_ingress_controllers_how_to_choose_the/
  9. Kubernetes ingress is a collection of routing rule that govern how external users access services running in a Kubernetes clusters. Note that an ingress controller typically doesn't eliminate the need for an external load balancer --- the ingress controller simply adds an additional layer of routing and control behind the load balancer.
  10. Kubernetes ingress is a work-in-progress. Organizations appear to be converging on an external load balancer that sends external traffic to a service router (API Gateway, ingress controller). This service router is declaratively configured via Kubernetes annotations.
  11. Service 是对后端提供服务的一组 Pod 的抽象,Service 会绑定到一个固定的虚拟 IP上。该虚拟 IP 只在 Kubernetes Cluster 中可见,但其实该虚拟 IP 并不对应一个虚拟或者物理设备,而只是 IPtables 中的规则,然后再通过 IPtables 将服务请求路由到后端的 Pod 中。
  12. Webhooks are automated messages sent from apps when something happens. They have a message—or payload—and are sent to a unique URL—essentially the app's phone number or address.
  13. Kubernetes offers features to help run highly available applications at the same time as frequent voluntary disruptions. We call this set of features Disruption Budgets --- Kubernetes提供的功能可帮助在频繁发生自愿中断的同时运行高可用性应用程序。 我们称这组功能为“中断预算”

  14. kubernetes将Admission Controller分为三种:

    1. validating,验证型。用于验证k8s的资源定义是否符合规则

    2. mutating,修改型。用于修改k8s的资源定义,比如加个label什么的

    3. 二者皆是,即同一个AC,既是验证型又是修改型

  15. Kubernetes多租户隔离: 多租户是基于paas平台的一种重要机制,多租户的本质是实现资源的隔离,资源的隔离通常又包含物理隔离和软件隔离,所谓物理隔离即在物理实体上(比如服务器)就进行隔离,而软件隔离则是指通过准入控制来进行资源的访问隔离,考虑大多数的公司内部通常不会对k8s进行物理隔离,所以我们这里可以直接使用k8s中的namespace来做软件的隔离

  16. "watch chan error: etcdserver: mvcc: required revision has been compacted" literally means the watched revision is compacted. This is working as designed, when attempts to re-establish a watch from a resourceVersion that is no longer available would prompt the caller to re-list objects and obtain a new current resourceVersion to watch from..

  17. kube-proxy - repeated message about iptables in the log - Not using `--random-fully` in the MASQUERADE rule for iptables

    because the local version of iptables does not support it; k8s1.16.0 +flannel+kube-proxy出现 --random-fully解决

HA Kubernetes Clusters

  1. Running a single K8s cluster in multiple Availability zones in AWS Cloud

lstio

  1. (Setting up) Kubernetes The Hard Way (Great)

  2. Kubernetes The Hard Way on Azure

  3. Istio and the Future of Service Meshes

  4. 服务网格大比拼:Istio、Linkerd、Linkerd2和Consul (2018/09)

  5. Kubernetes Ingress Controllers: How to choose the right one: Part 1

  6. Production Ready Ingress on Kubernetes

  7. Kubernetes NodePort vs LoadBalancer vs Ingress? When should I use what?

  8. 浅析从外部访问 Kubernetes 集群中应用的几种方式

  9. How Kubernetes Ingress and LoadBalancer resources work together

  10. Kubernetes Networking 101 – Ingress resources

  11. Bare-metal considerations (Nginx Ingress Controller)
  12. MetalLB: a load balancer for bare metal Kubernetes clusters
  13. k8s源码分析
  14. 浅谈Kubernetes生产架构

Setup

  1. Kubernetes Setup Using Ansible and Vagrant
  2. kubeadm HA master(v1.14.0)离线包 + 自动化脚本 + 常用插件 For Centos/Fedora
  3. 二进制部署Kubernetes v1.13.4 HA可选(Calico 2019-03 Ansible)
  4. kubernetes v1.11 二进制部署(二)之Openssl自签TLS证
  5. Kubernetes+Docker+Calico集群安装配置(2018-06 high-level architecture)

  6. 安装calico网络组件

  7. Kubernetes集群部署记录 (openssl+calico)

  8. Getting started with Calico on Kubernetes

  9. Kubernetes集群之清除集群 (TLS Boostrap说明)

  10. 和我一步步部署 kubernetes 集群(including cluster deletion)

  11. How To Create a Kubernetes 1.11 Cluster Using Kubeadm on Ubuntu 18.04

  12. Configuring HA Kubernetes cluster on bare metal servers with kubeadm

  13. Install and Configure Kubernetes (k8s) 1.13 on Ubuntu 18.04 LTS / Ubuntu 18.10

  14. Installing Kubernetes from binaries: Pt.2鈥娾€斺€奵onfiguring certificates with cfssl(比较全)

Kubernetes Architecture

  1. Kubernetes High Availability
  2. Demystifying High Availability in Kubernetes Using Kubeadm
  3. On setting up highly available Kubernetes clusters(Great)
  4. Jimmysong Kubernetes Handbook
  5. 当 K8s 集群达到万级规模,阿里巴巴如何解决系统各组件性能问题?

  6. Kubernetes deep dive: API Server – part 1(Great) (authors of Programming Kubernetes)

  7. Level Triggering and Reconciliation in Kubernetes
  8. 我花了10个小时,写出了这篇K8S架构解析

Operator(Kubernetes运维)

  1. 蔚来汽车的Kubernetes实践
  2. Delaying Shutdown to Wait for Pod Deletion Propagation

  3. Effectively Managing Kubernetes Access from the Terminal (Important)

  4. Github gopass project

  5. Scaling Redis Cluster via Kubernetes Horizontal Pod Autoscaler

Self hosting kubernetes

  1. Self hosting kubernetes
  2. kubeadm workshop
  3. How To Create a Kubernetes Cluster Using Kubeadm on Ubuntu 18.04
  4. Use Kubeadm to Create a Kubernetes Cluster
  5. Implementation design for kubeadm
  6. 2020 云原生 7 大趋势预测
  7. Kubectl running inside docker

  8. cross build pause with buildx

Ingress Nginx Controller

  1. proxy timeout annotations have no effect on nginx
  2. nginx + ingress + gunicorn 环境上传大文件报错问题的解决思路

Kubernetes node ip changes

  1. Changing master IP address #338

ISO makeup

  1. Converting a virtual disk image: VDI or VMDK to an ISO you can distribute

results matching ""

    No results matching ""