ilovejava.io/petclinic-app ${project.version} ... github.com/GoogleContainerTools/jib me/talk/docker-tips-and-tricks github.com/GoogleContainerTools/jib Containerizing with Docker Project JAR docker Docker Daemon Container Image Dockerfile build send build push Registry github Some Java Developer Somewhere github.com/GoogleContainerTools/jib Containerizing, simplified Project Container image build on registry github.com/GoogleContainerTools/jib Steps: github.com/Goo

scheduler policy Build tasks and the dependent environments（sidecar） Share files between containers, or cache build files Container Image - Image of build / dependent environment [] Command [] Args - Argument [] Env - Environment variable [] VolumeMounts - Files to be shared or persisted [] Resources - Resource requirement ActiveDeadlineSeconds Timeout Version Control sync / watch clean history jobs Basic Concepts（partial） Repository Managed Project Pipeline / Stage / Task Dockerfile / Scripts Common Configuration ConfigMap/Secret Data Volume

today Our Journey to The Land of Containers Project X By the end of 2016, we started our Kubernetes journey by developing a deployment tool called Project X. The goal is to create a tool that is easy Well-Designed Abstraction • As the consequence of the first issue, it was hard for us to extend Project X to keep up with new features released in Kubernetes or Nomad. Not Easily Extendable • Because bandwidth to work on all of them at once. Start with a Bang! Multiple Approaches Kubeadm Improve Project X Focus on Kubernetes only Design better abstractions Work with small number of teams at a time

coupling the kube-controller-manager to cloud- provider specific code. In order to free the Kubernetes project of this dependency, the cloud-controller-manager was introduced. CSI provider for vSphere • Container Docker and Cloud Foundry. Cluster API provider for vSphere • The Cluster API is a Kubernetes project to bring declarative, Kubernetes-style APIs to cluster creation, configuration, and management. version 1.13) and will graduate to Stable/GA in a couple of releases. Status within the Kubernetes project 9 Moving out of tree: the CSI Provider Why it exists Handles C/R/U/D of storage volumes Coordinate

Kubernetes Clusters Desired state of Application The difference between PKS and Kubernetes Open Source Project – Google/Pivotal/VMware 21 Container scheduling, scale, resiliency, and Day 2 Desired state of Image Push Image Sign Trusted Image Scan Image For CVEs kubectl apply RBAC Project Project Project Replic ation Developer Structured Data Metrics Alerts Events VMware vRealize Operations

secret命令 创建Secret） 假设Pod需要访问数据库。Pod所使⽤的⽤户名和密码在本地机器上的 ./username.txt 和 ./password.txt ⽂件中。 # Create files needed for rest of example. $ echo -n "admin" > ./username.txt $ echo -n "1f2d1e2e67df" > ./password 供Pod中的容器使⽤。 它们也可被系统的其他部分使⽤， ⽽不会直接暴露在Pod内。例如，它们可保存系统其他部分应该使⽤的凭据，从⽽代表你外部系统进⾏交互。 Using Secrets as Files from a Pod（使⽤Secret作为来⾃Pod的⽂件） 在Pod中的volume中使⽤Secret： 1. 创建⼀个secret或使⽤现有的secret。多个Pod可引⽤相同的secret。 中指定的key。如果要投影Secret中的所有key，那么所有 key都必须列在 items 字段中。 所有列出的key必须存在于相应的Secret中。否则，Volume不会被创建。 Secret files permissions （Secret⽂件权限） 你也可以指定⼀个Secret的权限模式位。如不指定，默认使⽤ 0644 。可指定整个Secret Volume的默认模式，并根据 需要覆盖每个key。

and install the latest version of apiserver-builder • Create project path in your GOPATH • Go into your project path and init your project ‘your-domain’ would be like your private tenant name. • Then

管理理基于规则的镜像仓库 • 其他企业需要的优化功能 企业典型的多租户模型 租户 Tenant User User group Namespace Deployment Registry 
 project CI/CD workspace Pod … resources CPU quota MEM quota Storage quota Device (GPU) quota Application template ⽤用户场景 - OPENSTACK 租户集成 • 企业真实场景 - 集成旧系 统，并⾏行行跑业务。 • 资源对照表 • Tenant 与 Project • Namespace 与 Network(Neutron) • Service/Ingress 与 LBaaS(Neutron) • openstack/kuryr- kubernetes

cr-get Kubertnetes集群 ⽤用户管理理 ⽤用户：U1、U2 Think in Cloud . 北北京 基于RBAC实现账号管理理隔离 • 抽象Project对象给User使⽤用 • Project与每个集群的NS⼀一⼀一对应 • User在每个集群上都有对应模拟账号，⽤用于NS授权 NS ServiceAccount：SS Kubertnetes集群 NS:

CRs. • Node-Operator: difference Machine and Node state, manage Node softwares and configure files. • Machine: the instance of Machine CRD with node basic information, which represent a node desired