Why Kubernetes(K8S)
A Docker, Docker – Compose, and the Docker, Docker – Compose is not complicated to operate, why to a Kubernetes?
Indeed, with Docker and docker-compose, it is indeed convenient for deployment of operation and maintenance. A few commands can directly start an environment, and add a Volume to modify the corresponding configuration file, so that most of the environment deployment requirements can be realized.
The question is, what if the server is running low at this point?
Adding hardware, as you’ve learned about distributed thinking, is at some point cheaper than piling hardware on a single machine, and the problem with piling hardware is that the server doesn’t have enough hardware interfaces, and if it doesn’t have enough slots, it’s even worse. So now the mainstream plan is to add machines, horizontal expansion, in the case of adding machines, this time to copy all the application environment in the past, the problem lies in how to manage the whole cluster, or how to manage the whole cluster has been containerized, how to balance performance?
Some people may think that since the copy past, that is, the first Nginx, modify the Nginx configuration file, add a machine configuration information is good, and the traffic will balance over. So the question is, what if there’s a resource skew?
With all these problems, we needed a tool that could help us manage the cluster, and that could help us coordinate the various machines.
Kubernetes is the hottest in the industry right now.
Here I share a document that I got by chance, which divides K8S into two parts: theory and practice. Both of them can get twice the result with half the effort. Let’s take a look at the document content
Theory of article
Understanding cluster Controllers Unified entrance Controller manager Controller manager SharedInformer ListWatcher Service controller Route controller
Cluster network details
Cluster Network Construction: Initial Cluster Node Pod phasecommunication
Cluster Scaling Principle
Principle of node addition Manually add an existing node Automatically adds existing nodes ! /bin/bash The cluster expansion Automatic telescopic Principle of node reduction
Authentication and Scheduling
In this section, we take a simple containerized Web application as an example, focusing on how the client is authenticated by the Kubernetes cluster API Server and how the container application is dispatched to the appropriate node.
The caged program Two-way digital certificate authentication KubeConfig file Pod configuration
Three key points and an implementation of cluster service
In my experience, it is not easy to understand the concept of K8S cluster service. Especially when we based on specious understanding, to investigate service-related problems, it will be very difficult.
This is reflected in the novice, for the ping service IP address, such as basic problems, are difficult to understand; Understanding service-specific IPtables configurations can be a challenge even for experienced engineers.
What is the nature of K8S cluster service Own messenger Bring service into reality An implementation Reverse proxy of a service with a custom chain
Mirror pull this little thing
Automatic pull of private mirrors may seem simple compared to other K8s clustering features. In most cases, a mirror pull failure is related to permissions. Therefore, when dealing with relevant problems, we tend to say easily: this problem is very simple, it must be a problem of authority. But the reality is that we often spend more than one person’s time on a problem without finding the cause. This is mainly our image pull, especially private image automatic pull principle understanding is not deep. In this article, the author will lead you to discuss the relevant principles.
Sequentially, the private image automatically pulls through ali Cloud Acr Credential Helper, K8s cluster API Server and Kubelet components, and finally to the Docker container runtime. But I’m going to start from the back, starting with the most basic Docker image pull.
Mirror pull this little thing Understand OAuth 2.0 protocol Docker’s role K8s implementation of private image automatic pull Ali Cloud implementation of Acr Credential Helper
practice
After reading this article, cluster nodes do not go offline
Need to know what is knowledge of Kubernetes PLEG container runtime Docker Daemon call stack Containerd call stack analysis what is Dbus RunC request Dbus Systemd Live repair was Debugging issues
Node goes offline sister
Phenomenon of the problem The logic Ready in three minutes. Stalled PLEG unresponsive Terwayd
Why can’t we delete the cluster namespace?
What is the Controller doing? Start at the cluster entrance Back to the communication between the cluster entry node and the Pod Why isn’t Route Controller working? Cluster nodes access cloud resources A larger problem
Ali Cloud ACK product security group configuration management
Security Group Role in ACK Products Security group and ACK cluster Network How to manage security group rules of AN ACK cluster Access between IDC and the cluster Use multiple security groups Manage cluster nodes Use new security groups Manage nodes Typical Problems and Solutions Restrict cluster access to public networks or operation-level NAT reserved addresses Communication between container groups and nodes is abnormal
Half live microservices
Half live microservices The inescapable big picture Agents and agent lifecycle management Implementation of readiness checks Control plane and data plane simple reasons
Summary of the tragic situation of Ca certificate expiration at 2 am
Constantly restarting Citadel certificates in general to verify the Citadel certificate system
The above is the overview of this document, understand the 6 core principles at a time, understand the basic theory, learn the magnificent operation of the 6 typical problems, no matter architect or developer, or operation and maintenance, can learn a lot from it.
How to get information: JAVA Architecture Crash Notes