20-管理容器的计算资源 21-Kubernetes资源分配 22-将Pod分配到Node 23-容忍与污点 24-Secret 25-Pod优先级和抢占 26-Service 27-Ingress Resources 28-动态⽔平扩容 29-实战：使⽤K8s编排Wordpress博客 2 简介 Kubernetes开源书。不啰嗦了，JUST READ IT. GitHub地址：https://github 本⽂概述了Kubernetes集群中所需的各种组件。 Master组件 Master组件提供K8s集群的控制⾯板。Master对集群进⾏全局决策（例如调度），以及检测和响应集群事件（例如：当 replication controller所设置的 replicas 不够时，启动⼀个新的Pod）。 Master可在集群中的任意节点上运⾏。然⽽，简单起⻅，设置脚本通常在同⼀个VM上启动所有Master组件，并且不会 在该VM上运⾏⽤户的容器。请阅读 d数据提供备份计划。 kube-controller-manager kube-controller-manager 运⾏Controller，它们是处理集群中常规任务的后台线程。逻辑上来讲，每个Controller都是⼀ 个单独的进程，但为了降低复杂性，它们都被编译成独⽴的⼆进制⽂件并运⾏在⼀个进程中。 这些控制器包括： Node Controller：当节点挂掉时，负责响应。 Replication

#查看k8s其他组件的docker镜像名，默认用 k8s.gcr.io/的镜像源地址 k8s.gcr.io/kube-apiserver:v1.19.4 k8s.gcr.io/kube-controller-manager:v1.19.4 k8s.gcr.io/kube-scheduler:v1.19.4 k8s.gcr.io/kube-proxy:v1.19.4 k8s.gcr.io/pause:3 /etc/kubeadm-init.yaml #查看需要的镜 像 cof-lee.com:5443/k8s/kube-apiserver:v1.19.4 cof-lee.com:5443/k8s/kube-controller-manager:v1.19.4 cof-lee.com:5443/k8s/kube-scheduler:v1.19.4 cof-lee.com:5443/k8s/kube-proxy:v1 #查看k8s其他组件的docker镜像名，默认用 k8s.gcr.io/的镜像源地址 registry.k8s.io/kube-apiserver:v1.28.2 registry.k8s.io/kube-controller-manager:v1.28.2 registry.k8s.io/kube-scheduler:v1.28.2 registry.k8s.io/kube-proxy:v1.28.2 registry

metadata: name: traefik-ingress-controller --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1beta1 metadata: name: traefik-ingress-controller rules: - apiGroups: [""] io/v1beta1 metadata: name: traefik-ingress-controller roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: traefik-ingress-controller subjects: - kind: ServiceAccount ServiceAccount name: traefik-ingress-controller namespace: default kubectl apply -f 2-rbac.yaml Step3: 创建 traefik 配置文件的 configmap vi 3-configmap.yaml kind: ConfigMap apiVersion: v1 metadata:

service type: ClusterIP Kubernetes Ingress 对象支持 © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential ALB Ingress controller AWS Resources Kubernetes Cluster Cluster Node Node Kubernetes API Server ALB Ingress Controller Node HTTP Listener HTTPS Listener Rule: /cheeses Rule: /charcuterie TargetGroup: Green (IP Mode) TargetGroup: Blue (Instance Mode) reserved. Amazon Confidential ALB Ingress controller 发布v1.0版本，支持Kubernetes生产环境 由Amazon EKS 团队提供支持 Github开源: https://github.com/kubernetes-sigs/aws-alb- ingress-controller © 2019, Amazon Web Services, Inc

CustomMetricsServer Prometheus Service Monitor Istio Virtual Service Deployment Ingress Service YAML 文件 代码、应用、CICD 流水线 容器 Pod Controller 调度 Node Sidecar CNI CSI 为了更好的用户体验： 用户 期望： K8s 提供： 研发与运维人员日益增长的应用管理诉求 做抽象容易形成“谷仓” • 一个抽象满足不了所有场景，所以… 有状态应用 PaaS 无状态应用 PaaS Serverless PaaS 用户 Kubernetes Cert Manager Ingress Let’s Encrypt Flagger Virtual Service Manual Scaling App CRD HPA Knative Service Cert 简单的“客户端”抽象： DCL (Data Configuration Language) 对 K8s 资源进行抽象实际上就是在操纵 YAML 数据，通过 DCL 来完成相比于 CRD + controller 更简单 CUE • 功能强大：专注于操纵数据，而不是写 代码 • 完全兼容 JSON • 简单直观：schema 和 value 语法一致 完整的 k8s YAML 抽象数据 PaaS

500 pod • 成本优化：按需创建，支持spot和预留实例劵 • Kubernetes兼容性： deployment/statfulset/job/service/ingress/CRD • ALB Ingress: 基于SLB 7 layer • Knative serving on ASK：automatic scaling in knative • 集成ARMS, SLS Elastic Serverless Kubernetes Architecture Cloud-scale Nodeless Kubernetes Etcd Watch Pod, Service, Ingress resource change ECI Two-way sync of resources K8S resources CRUD K8S Client Elastic Container Pod Get Pod status Service/Ingress DNS Entry SLB Private Zone ASK-Scheduler K8S API Server Metrics API CloudMonitor, Prometheus HPA Controller Cloud Controller Manager Serverless Scheduler

Kubernetes developers: • The Golang programming patterns of Kubernetes (Controller, codegen etc) • Write your own Controller • gPRC based interface design in Kubernetes (CRI as example) • For Deployment I need co-scheduling I have many Pod replicas Service I want to proxy my Pod replicas Ingress I want to expose my Services DaemonSet I run as daemon StatefulSet I am stateful Job I only Pattern 1: Controller • Control everything by Controller • Level driven, not edge driven edge level Image: https://speakerdeck.com/thockin/edge-vs-level-triggered-logic Controller • The heart

deployment requirements § Config Maps § Daemon Sets § Deployments § Events § Endpoints § Ingress § Jobs § Nodes § Namespaces § Pods § Persistent Volumes § Replica Sets § Secrets § Services https://github.com/apache/incubator-openwhisk-deploy-kube Technical details Deployment • A Deployment controller provides declarative updates for Pods and ReplicaSets. • Stands for a long running task, can Pod • In OpenWhisk, we deploy strictly mangaged objects as StatefulSet or DaemonSet: – Controller – Invoker – Kafka Jobs • A job creates one or more pods and ensures that a specified

Service Deployment Ingress Service YAML 文件 代码、应用、CICD 流水线 容器 Pod Controller 调度 Node Sidecar CNI CSI 研发都要做 Kubernetes 专家？ Kubernetes 构建 Platform on Kubernetes 控制器 各种各样的控制器（Controller） 容器 虚拟机 负载均衡 访问控制 流量配置 Pod Deployment Service Node Custom Resource 业务运维 业务研发 按需绑定 关键词：用户友好，应用层语义和抽象 平台工程师 Controller 目标二：一个高可扩展的应用管理平台 关键词：可插拔，可扩展，模块化，没有抽象程度锁定 应用 Deployment Knative Service Function 抽象程度：高 Job Container Virtual Machine Gateway Route Traffic Alert Monitor Service Binding Rollout Ingress interpretability Infra Ops Application Configuration Application Configuration Application

研发自己的诉求如何传达给运维和基础设施？ K8s 扩展能力的真实情况 我的 Zookeeper 该用 哪种K8s Workload 接入？ 你恐怕得写个 Operator…… Operator是啥？ CRD Controller Informer Reflector Event Handler Loop … 我们业务压力大. 一定要学这些么…… 那好吧, 我们帮你写…. 业务方运维 K8s 团队 运维如何上手K8s的扩展能力？ Pinterest 有赞 Kubernetes API 到底应该怎么玩儿？ Kubernetes Deployment Service Pod Node RBAC 研发 运维 K8s 团队 Ingress Kubernetes K8s 团队 运维能力的模块化描述 API 运维 研发视角的应用描述 API 研发 K8s 的 All-in-One API K8s + 分层化 API 设计 my-awesome-app spec: components: - componentName: frontend instanceName: web-front-end traits: - name: Ingress properties: - name: path value: "/" applicationScopes: - my-vpc-network - componentName: backend