kubernetes

resources

k8s中pod、Role、config这些都是 resources

resources documents

common

apiVersion
kind
metadata

pod/Service/ReplicaSet/metadata

spec
status

kubenetes的本质

容器镜像-静态
容器运行时-动态
容器编排

Workloads

Pods
Workload Resources
- Deployments
- ReplicaSet
- DaemonSet

什么场景使用？ ensures that all (or some) Nodes run a copy of a Pod.

running a cluster storage daemon on every node

running a logs collection daemon on every node

running a node monitoring daemon on every node

Long Running Task

Deployment
StatefulSet
DaemonSet

Batch Job

Job
CronJob

ConfigMap

used to store non-confidential data in key-value pairs

non-confidential

key-value pairs

how to use

Inside a container command and args

Environment variables for a container

Add a file in read-only volume, for the application to read

Write code to run inside the Pod that uses the Kubernetes API to read a ConfigMap

使用ConfigMap避免硬编码。可以认为主要解决配置的问题，比如不同环境的数据库地址。ConfigMap不是用来储存大量的数据(小于1MB)。

怎么直接使用yaml文件+配置文件，all in one的方式

注意事项

pod和ConfigMap，在相同的namespace (使用API可以访问其他namespace的)
configMap挂载到volume，能否动态更新？？？
注意使用文件的方式，挂载到volume的方式

Secrets

Deploy and update secrets and application configuration without rebuilding your image and without exposing secrets in your stack configuration.

Secrets let you store and manage sensitive information, such as passwords, OAuth tokens, and ssh keys.

As files in a volume mounted on one or more of its containers.
As container environment variable.
By the kubelet when pulling images for the Pod.
[ ~~不能从API获取?~~] 当然可以

Event

Event is a report of an event somewhere in the cluster.

involvedObject <Object> -required- The object that this event is about.

metadata <Object> -required- Standard object’s metadata.

ingress

service

a Service is an abstraction which defines a logical set of Pods

service to Pods

Services without selectors

iptables proxy mode
IPVS proxy mode
kube-proxy

DNS ingress mesh istio

RBAC Authorization

rbac

Role

A Role always sets permissions within a particular namespace

ClusterRole

ClusterRoles have several uses

RoleBinding

ClusterRoleBinding

binding

Controller Pattern

desired state: controller making the current state come closer to desired state

kubeconfig & serviceAccount

优缺点，如何使用，跨集群如何使用

k8s的架构非常灵活，基本可以在任何地方通过和API交互做很多control的工作

Workload

Deployment and ReplicaSet
StatefulSet
DaemonSet
Job and CronJob
Garbage colletion
time-to-live after finished controller(removes Jobs once a defined time has passed since they completed. )

StatefulSet

本身还是挂的pod,pod和container都一样都是1对多。这种特性下，调度需要什么特殊处理？

Scheduler

Scheduler Watches新建未被分配到Node上的pod。 k8s的scheduler 本身也是一个controller,基本方式都一样，watch pod创建，然后binding到Node

kube-scheduler is default scheduler

Filtering

Scoring

include individual and collective resource requirements, hardware / software / policy constraints, affinity and anti-affinity specifications, data locality, inter-workload interference, and so on.

两种方法可以配置调度器的过滤和打分

Scheduling Policies configure Predicates for filtering and Priorities for scoring.

Scheduling Profiles configure Plugins:QueueSort, Filter, Score, Bind, Reserve, Permit, and others

Scheduling Framework

a pluggable architecture for Kubernetes Scheduler that makes scheduler customizations easy. 怎么编译、部署？单独部署还是和原有调度器一起部署

Nodes

kubelet

runtime

kube-proxy

Node controller

assigning a CIDR block to the node

keeping the node controller’s internal list of nodes up to date

monitoring the nodes’ health

Node capacity

容量使用

包括 kubelet管理的所有pod

不包括直接启动的容器和其他程序的占用

Resource Quotas

ResourceQuota for each namespace
the quota system tracks usage
will fail with HTTP status code 403 FORBIDDEN

Extending Kubernetes

CRD

自定义控制器

问题

定义CRD. 只要定义了CRD，那么就可以kubectl create CRD.
client 感知CRD,kubectl 只会有类型？
- 可以加一个CRD controller 来处理这个CRD的CRUD

CR是Kubernetes API的扩展. operator也是一种CRD

两种方法
- Custom resources
- Kubernetes API Aggregation Layer
  - 可以是有自有的etcd
  - 更加灵活

Custom resources

内置的pods,configmap等都是resource。通过API可以操作这些资源对象

现在很多资源对象都是以这种模块化的方式，安装到集群的。

custom resources let you store and retrieve structured data. When you combine a custom resource with a custom controller, custom resources provide a true declarative API.

自定义controller

running

restclient.Config

kubeClient

InformerFactory(kubeClient, 30s)

exampleClient 自定义资源的client

InformerFactory(exampleClient, 30s)

NewController

InformerFactory.Start(stopCh)

controller.RUN

Aggregation Layer

CRD or Aggregated API

Client

不同语言的client

通过和API交互对资源对象操作

状态

status

events

conditions

如何跟踪不同的状态

log

k8s klog

-v=NUM 的方式设置log level

-v=4, 展示0-4级别的 -v=X where X is the desired maximum level to log.

klog level

多集群

kubefed

docker

ENTRYPOINT

CMD

Shell form

Exec form

contributors

https://github.com/kubernetes/community/tree/master/contributors/guide#getting-started

open issues
file new ones

how to express

comment on pull request
create pull request
create issue
review pull request
push (code)

pull requests(PR)

review comments
pull request discussion

bugs/tasks/enhancements

GitHub’s tracker is called Issumes.

Milestones

Labels

Assignees

什么是调度、编排、集群管理

Orchestration is a broad term that refers to container scheduling, cluster management, and possibly the provisioning of additional hosts.

How Does a Scheduler Make Scheduling Decisions?

One of the biggest responsibilities of schedulers is host selection

client-java-proto

pod等资源的java对象

Storage

Volumes
PV/PVC(like Node/Pod)
CSI
storageClass
manage data in Docker
- mount point
- volume
- tmpfs
- rootfs/writable layer

vpc Deserialization event

structure

chess

scheduling resource

liveness/readiness/startup probes

KEP

A Kubernetes Enhancement Proposal (KEP) is a way to propose, communicate and coordinate on new efforts for the Kubernetes project. You can read the full details of the project in KEP-0000.

imperative/declarative

A declarative approach defines the desired state of the system
An imperative tool will require you to figure out how those changes should be applied.

AutoScaling

scaling up/down/out/in
Caas Container as a Service

scheduling storage

Storage Capacity Tracking reaches GA in Kubernetes 1.24 Problems we have solved Problems we have not solved

Pod Scheduling Readiness

This KEP aims to add a .spec.schedulingGates field to Pod’s API, to mark a Pod’s schedule readiness. Integrators can mutate this field to signal to scheduler when a Pod is ready for scheduling.