·日查询：10亿+，读取数据：5PB+ ## 目录 - 计算形态的发展与日志系统的演变 - 阿里Kubernetes日志平台实践 - 应用案例分析 - 未来展望 ## 问题1：DaemonSet or Sidecar DaemonSet 耦合性 可靠性 性价比  - 中小集群：DaemonSet - 大型、PASS集群：Sidecar Logtail docker engine ## 问题2：如何降低资源消耗 • 每台物理机40个容器：40GB SSD FUSE • 5W台物理机：2PB 性能分析 审计 数控交流 数控交流 性能分析 监控报警 合规检查 云产品打通 数据转储 平台核心功能 ETL 搜索 实时分析 机器学习流计算 离线分析 全方位日志采集 DaemonSet Sidecar B Stdout 文件 Journal Event Appender ![Image](/uploads/documents/b/7/9/c/b79c

会影响Node上的现有的Pod。这对于做Node重启之前的准备工作很有用。例如，要将node标记为不可调度，可使用如下命令： kubectl cordon $NODENAME 请注意，由DaemonSet Controller创建的Pod会绕过Kubernetes调度程序，并且不遵循节点上的unschedulable属性。因为，我们假设daemon进程属于机器，即使在准备重启时正被耗尽。 ## Set 以及 Deployment、Pod预期不会终止，例如Web服务器。 ReplicationController仅适用于 restartPolicy 为Always的Pod。 • DaemonSet，每台机器都需要运行一个Pod，因为它们提供特定于机器的系统服务。 以上三种类型的Controller都包含一个PodTemplate。建议创建适当的Controller，让Controll elet或Docker）。 ## Job（作业） 对于可预期会终止的Pod（即批处理作业），可以使用 Job 而非ReplicaSet。 ## DaemonSet 对于提供机器级功能（例如机器监控或日志）的Pod，请使用 DaemonSet 而非ReplicaSet。这些Pod的生命周期与机器的生命周期相关：在其他Pod启动之前，这些Pod需要在机器上运行；当机器准备重启/关闭时，可安全终止这些Pod。

Kubernetes. Install Cilium Install Cilium as DaemonSet [https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/] into your new Kubernetes cluster. The DaemonSet will automatically install itself as quick-install.yaml first. Alternatively, it is possible to manually generate a YAML manifest for the Cilium DaemonSet and Hubble Relay/UI as follows. The generated YAML can be applied on top of an existing installation: --set hubble.ui.enabled=true > cilium-with-hubble.yaml # This will modify your existing Cilium DaemonSet and ConfigMap kubectl apply -f cilium-with-hubble.yaml The Cilium agent pods will be restarted

Key-Value store clang+LLVM iproute2 Firewall Rules Privileges Upgrade Guide Running a pre-flight DaemonSet Upgrading Micro Versions Upgrading Minor Versions Rolling Back Version Specific Notes Advanced I nstall Cilium Install Cilium as DaemonSet [https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/] into your new Kubernetes cluster. The DaemonSet will automatically install itself as nstall Cilium Install Cilium as a DaemonSet [https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/] into your new Kubernetes cluster. The DaemonSet will automatically install itself as

Kubernetes. Install Cilium Install Cilium as DaemonSet [https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/] into your new Kubernetes cluster. The DaemonSet will automatically install itself as /sys/fs/bpf Install Cilium Install Cilium as DaemonSet [https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/] into your new Kubernetes cluster. The DaemonSet will automatically install itself as --set global.hubble.relay.enabled=true \ --set global.hubble.ui.enabled=true Restart the Cilium daemonset to allow Cilium agent to pick up the ConfigMap changes: kubectl rollout restart -n $CILIUM_NAMESPACE

Install Cilium Install Cilium as DaemonSet [https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/] into your new Kubernetes cluster. The DaemonSet will automatically install itself as Delete VPC CNI (aws-node DaemonSet) Cilium will manage ENIs instead of VPC CNI, so the aws-node DaemonSet has to be deleted to prevent conflict behavior. Note Once aws-node DaemonSet is deleted, EKS will not not try to restore it. kubectl -n kube-system delete daemonset aws-node Prepare & Deploy Cilium Note First, make sure you have Helm 3 installed [https://helm.sh/docs/using_helm/#install-helm]. If you

## I nstall Cilium Install Cilium as DaemonSet [https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/] into your new Kubernetes cluster. The DaemonSet will automatically install itself as cilium kubectl create -f cilium.yaml The NodeInit DaemonSet is required to prepare the GKE nodes as nodes are added to the cluster. The NodeInit DaemonSet will perform the following actions: • Reconfigure yaml kubectl create -f cilium.yaml This will create both the main cilium daemonset, as well as the cilium-node-init daemonset, which handles tasks like mounting the BPF filesystem and updating the existing

issues due to aws-node DaemonSet flushing Linux routing tables. The issues can be fixed by restarting all pods, alternatively to avoid such issues you can delete aws-node DaemonSet prior to installing Cilium OK /¯¯\__/¯¯\ Hubble: disabled \__/¯¯\__/ ClusterMesh: disabled \__/ DaemonSet cilium Desired: 2, Ready: 2/2, Available: 2/2 Deployment cilium-operator ipv4NativeRoutingCIDR=$NATIVE_CIDR The NodeInit DaemonSet is required to prepare the GKE nodes as nodes are added to the cluster. The NodeInit DaemonSet will perform the following actions: Reconfigure

-f 0000-buildconfig.yaml 4. 构建器 Pod 成功完成后，将驱动程序容器镜像部署为 DaemonSet。 a. 驱动程序容器必须使用特权安全上下文运行，才能在主机上加载内核模块。以下 YAML 文件包含用于运行驱动程序容器的 RBAC 规则和 DaemonSet。将此 YAML 保存为 1000-drivercontainer.yaml。 apiVersion: v1 system:serviceaccount:simple-kmod-demo:simple-kmod-driver-container --- apiVersion: apps/v1 kind: DaemonSet metadata: name: simple-kmod-driver-container spec: selector: matchLabels: app: si Operator 可用。 #### 4.3. 内核模块部署 对于每个 Module 资源，内核模块管理 (KMM) 可以创建多个 DaemonSet 资源： ● 集群中运行的每个兼容内核版本有一个 ModuleLoader DaemonSet。 - 一个设备插件 DaemonSet（如果已配置）。 模块加载守护进程设置资源运行 ModuleLoader 镜像来加载内核模块。模块加载程序镜像是一个 OCI

## 容器化  - Proxy Daemonset - 每台宿主机一台Proxy - Proxy地址文件 - Mount到所有pod - 客户端容器监听文件，根据地址文件找Proxy - 切换地址到remote proxy，轻易实现优雅退出和滚动升级 - 增强隔离性 - Local Proxy被pod共享 - 自保护，对来源方限流和流量转移 - 资源适配 - 根据宿主机的硬件配置定制不同资源配置的Daemonset ## Overall  ## 保持客户端选择proxy的自由度和灵活性，在我们的实践中好处大于坏处 #### 胖客户端 vs. service mesh vs. cluster ||胖客户端|Sidecar（物理机）Daemonset（云）|Cluster（HTTP）| |---|---|---|---| |接入难度|容易。打入依赖包即可|容易。需依赖SDK|容易。需依赖SDK| |编码难度|容易。IDL接口规范|容易。I