kubeadm init --config /etc/kubeadm-init.yaml #初始化集群 当出现Your Kubernetes control-plane has ini�alized successfully!这行时说明初始化 k8s成功了 记住最后2行命令，是用来让node结点加入集群的命令（含token） ★第2章、部署k8s版本>=1 kubeadm init --config /etc/kubeadm-init.yaml #初始化集群 当出现Your Kubernetes control-plane has ini�alized successfully!这行时说明初始化 k8s成功了 记住最后2行命令，是用来让node结点加入集群的命令（含token） ★附、crictl命令 csi-node-driver-fn7zd 2/2 Running 2 (10m ago) 11m # Remove the taints on the control plane so that you can schedule pods on it. # kubectl describe node master1.cof-lee.com | grep

also supports an underlying tier of high availability and automated placement options, for both control plane and worker nodes. 2 levels of scheduling and resource management are active. ​Currently regions and zones – add cloud provider ​What is NUMA? ​How to solve potential issues with CPU and memory intensive workloads ​Kubernetes default resource management ​How it works ​Extending the functionality themselves within vSphere failure domains. 11 What is NUMA? Non Uniform Memory Architecture 12 Why should you care about NUMA? Memory intensive workloads Nearly all database servers (e.g. Oracle, MongoDB)

also supports an underlying tier of high availability and automated placement options, for both control plane and worker nodes. 2 levels of scheduling and resource management are active. Currently no regions and zones – add cloud provider What is NUMA? How to solve potential issues with CPU and memory intensive workloads Kubernetes default resource management How it works Extending the functionality themselves within vSphere failure domains. 11 What is NUMA? Non Uniform Memory Architecture 12 Why should you care about NUMA? Memory intensive workloads Nearly all database servers (e.g. Oracle, MongoDB)

Label 允许⽤户随⼼所欲地组织他们的资源。Annotation 允许⽤户使⽤⾃定义信息来装饰资源以⽅便他们的⼯作流程， 并为管理⼯具提供检查点状态的简单⽅法。 此外， Kubernetes control plane 所⽤的API 与开发⼈员和⽤户可⽤的API相同。⽤户可以使⽤ their own API 编写⾃⼰ 的控制器，例如 scheduler ，这些API可由通⽤ command-line us 。您必须提供spec ，它描述了对象所期望的状态——您希望对象所具有的特性。status描述对象的实际状态，由Kubernetes系统提供和更 新。在任何时候，Kubernetes Control Plane都会主动管理对象的实际状态，从⽽让其匹配你所期望的状态。 例如，Kubernetes Deployment是⼀个表示在集群上运⾏的应⽤程序的对象。在创建Deployment时，可设置 io/google_containers/pause:0.8.0 resources: requests: cpu: 100m memory: 100Mi 13-Node 39 将 cpu 和 memory 值设置为您要保留的资源量。将该⽂件放在清单⽬录中（kubelet的 --config=DIR 标志）。 在想要 预留资源的每个kubelet上执⾏此操作。

Architecture and Features • CRD and operator design • Pipeline / Stage/ Task / Task Template / Version Control • Logging, monitoring, autoscaling, high availability • Extensibility / Integration • CI/CD Architecture and Features • CRD and operator design • Pipeline/Stage/Task/Task Template/Version Control/UI generation/Volume... • Logging, monitoring, autoscaling, high availability • Extensibility/Integration Job status Pipeline / Stage / Task Task Template Pipeline / Stage / Task build logs Version Control sync / watch clean history jobs Basic Concepts（partial） Repository Managed Project Pipeline

RollingUpdate ? Ø What are the advantages of batch gray release ? • more reliable and better control • More flexible • More efficient StatefulSetPlus StatefulSetPlus Service (Kube-proxy, CLB, etc Multi-Batch InPlaceUpdate Ø Support HPA, CronHPA, VWA (Vertical Workload Autoscaler) Ø Keep share memory during Pod upgrade Ø Scaled Up with LGV (Last Good Version) Ø Per Pod Per PV Ø Per Workload Per ��� ���������������������������������������������������� StatefulSetPlus Operator Ø Keep share memory during Pod upgrade Ø Upgrade jitter (a few ms) for keep-alive services Flexible and dynamic resource

��������� Kubernetes Focus on long running service. Driving current state towards desired state with control loops YARN Focus on scheduling jobs ���������� ���� Kubernetes Container centric – bottom up. on RPC Only application-level metadata persisted. Container data is not persisted. Recover from in-memory state from peers ��������� ������� kubernetes CRI compatible. Docker etc. YARN Docker + TAR ball

cloud Virtual Machine/Bare Metal Increasing focus on business logic Decreasing concern (and control) on infrastructure implementation Container Orchestration Serverless Computing • 更加关注业务应用 降低服务运行成本：无需再为闲置的计算资源付费（No Cost when Idle） • 灵活选择容器资源规格（Fine-grained cost model） • 提高资源利用率 CPU (vCPU) Memory (GB) 1 Min. 2 and Max. 8GB, in 1GB increments 2 Min. 4 and Max. 16GB, in 1GB increments 4

latency • Network • Security • DEK in the clear in memory • Secret in the clear in memory • kubeconfig in the clear in memory • KEK in the clear in memory ü leak ALL DEKs ü leak ALL secrets ü trust collapse area protected by the processor (aka. Enclave) Example: Intel SGX • Strong isolation • Encrypted memory • SW/HW attacks prevented TEE-based KMS Plugin [1] • Address performance & latency concerns • compromise Ø kubeconfig maliciously reused by attackers Ø kubeconfig in the clear in clients’ memory Ø leak users’ secrets • Sending to / receiving from malicious software entity (logic) TEE-based

limits: cpu: 2000m memory: 1024Mi requests: cpu: 1000m memory: 1024Mi securityContext: capabilities: curly braces after 'resources:'. # limits: # cpu: 100m # memory: 128Mi # requests: # cpu: 100m # memory: 128Mi autoscaling: enabled: false minReplicas: 1 maxReplicas: curly braces after 'resources:'. # limits: # cpu: 100m # memory: 128Mi # requests: # cpu: 100m # memory: 128Mi autoscaling: enabled: false minReplicas: 1 maxReplicas: