③创建Secret secret资源是区分命名空间的 ★命令行方式创建secret 创建账号密码验证secret # kubectl create secret generic database-auth --from-literal=username=root --from- literal=password=passwd123 创建存储于某文件的认证secret # kubectl kubernetes.io/tls 2 7s database-auth Opaque 2 10m myssh-key-secret Opaque 2 3m43s # kubectl get secret database-auth -oyaml #secret的文本信息均以base64编码 "2023-12-05T21:19:48Z" name: database-auth namespace: default resourceVersion: "1167" uid: 38790a7e-30ee-4b75-8132-18bca66ca512 type: Opaque ★基于清单文件创建secret # cat > database-auth2.yaml <

0 码力 | 126 页 | 4.33 MB | 1 年前

3

Protocal = tcp Host = redis-cluster-headless Port = 6379 Password = redis123 Database = 0 MaxIdle = 10 MaxActive = 300 IdleTimeout = 180 DialConnectTimeout = t:27017 Direct = true Timeout = 3 PoolLimit = 10 Mode = monotonic Database = admin User = Password = [InfluxDB] Address = http://influxdb2-headless:9999 t:27017 Direct = true Timeout = 3 PoolLimit = 10 Mode = monotonic Database = admin User = Password = [OpenService] Address =

Performance measurement Test topology Test result Service type Short connection cps Short connection P99 latency Long connection pps ClusterIP +40% -31% not available NodePort +64% -47% +22% Test IPVS-BPF IPVS 0 20000 40000 60000 80000 100000 120000 140000 160000 180000 Nodeport short connection Instructions/req Lessons from eBPF • No loop support in eBPF verifier (Linux 4.14) • #param

with Google Cloud Console On-Prem/Public Cloud Provider Any K8s Cluster GCP Connection Proxy K8s API Server Connection Agent End-User Single-Pane of Glass Market- place & Service- Catalog & Builder Stackdriver GCP Services Securing Your Connection to GCP ● GKE Connect Agent installs in your cluster ● Encrypted connection from the K8s cluster to GCP ● No public IP required

path value: "/" applicationScopes: - my-vpc-network - componentName: backend instanceName: database applicationScopes: - my-vpc-network vpc-3a1p8n container- 8q93re slb-7yt83n rds- 1uy31m OAM 运维 研发 监控报警 灰度发布 日志 扩缩容 负载均衡 web backend Trait Promethus Operator Elasticsearch Operator database Component OpenKruise RDS operator …… • OAM • Helm/CNAB • GitOps • Rollout • Workload Controller

architecture Application architecture PHP-based Admin application Shared state in Redis and SQL database Scalable userfacing API in GoLang Queuing system Application technologies Best of breed-technologies

2010 2015- Now 2010- Now 2012- Now Bare metals Way to Kubernetes Search Grid Hadoop PoP Database Frontend VM Kubernetes plays magic api etcd kind: metadata: spec: control loop control loop

kubectl delete deployment hello-node 服务停⽤ minikube stop 遇到问题处理 1. kubectl get nodes 报错 The connection to the server 127.0.0.1:55000 was refused - did you specify the right host or port? 解决⽅法：

UDP�SCTP���IPV4�IPV6 • ���������� Ø rr, wrr, lc, wlc, sh, dh, lblc… • ������ Ø persistent connection���� IPVS��� IPVS������ • ����LB��: Direct Routing(DR), Tunneling, NAT Ø DR�����L2������������

Memory Architecture 12 Why should you care about NUMA? Memory intensive workloads Nearly all database servers (e.g. Oracle, MongoDB), present a workload which will attempt to detect and consume as