● ... Installation - SSH - Install kubelet - $pkgmanager install kubelet - Install container runtime - $pkgmanager install [docker|rkt] - Start kubelet - Systemctl start kubelet Installation - master kops, kubeup.sh, kube-AWS,... AWS, GCP API node1 node2 node3 Upgrade - SSH - Upgrade container runtime - Upgrade Kubelet Upgrade - master - SSH - Upgrade master components Upgrade - etcd - SSH - Upgrade updates ● Upstream improvements in Kubernetes directly translate to improvements in managing Kubernetes Simplify Node Bootstrap On-host requirements become: ● Kubelet ● Container Runtime (docker, rkt, …)

默认情况下，某些资源和API组已被启⽤。可通过在apiserver上设置 --runtime-config 来启⽤或禁⽤它们。 -- runtime-config 接受逗号分隔的值。例如：要禁⽤ batch / v1 ，请设置 --runtime-config=batch/v1=false ；想启 ⽤ batch/v2alpha1 ，可设置 --runtime-config=batch/v2alpha1 。 -manager来获取 --runtime-config 的更改。 启⽤组中的资源 默认情况下，DaemonSets、Deployments、HorizontalPodAutoscalers、Ingress、Jobs和ReplicaSets都被启⽤。可通 过在apiserver上设置 --runtime-config 来启⽤其他扩展资源。 --runtime-config 接受逗号分隔值。 接受逗号分隔值。 例如：要禁⽤ Deployments和Ingress，可设置 --runtime-config=extensions/v1beta1/deployments=false,extensions/v1beta1/ingress=false 05-Kubernetes API 19 原⽂ https://kubernetes.io/docs/concepts/overview/kubernetes-api/

jibDockerBuild $ docker run -p 8080:8080 micronaut-jib:0.1 github.com/GoogleContainerTools/jib A “compiler” for containers github.com/GoogleContainerTools/jib Dockerfile “script” FROM base container the container Produces some layers Produces some layers github.com/GoogleContainerTools/jib Compiler + Containerizer github.com/GoogleContainerTools/jib Code Executable Compile github.com/Goo com/GoogleContainerTools/jib Possibilities for a container “compiler” github.com/GoogleContainerTools/jib Possibilities for a container “compiler” Smart inferences Container optimizations Even faster

域的复杂有状态应用程序。 给出了用 TPR + controller- runtime 早期版本的 sample： etcd operator K8s 1.9 版本发布，CRD进入 beta 阶段并正式取代 TPR； controller-runtime 加入 K8s 社 区并正式发布； 自此，CRD + controller-runtime 逐渐成为开发 operator 的首选 Operator Operator = CRD + control loop, i.e, Declaretive API + Automation; kubebuilder + controller-runtime + helm Operator Capability Levels Installation of the workload • Operator deploys an Operand 的是最终一致性（eventual consistency）。 期间遇到网络、API Server 报错等异常时，会有重试机制 Controller-runtime 的 Informer 增加一段逻辑：如果上层 GET 某个 object 没有对应的 informer， controller-runtime 会马上为其增加 informer 并完成初始化 Cache 注意事项 Cache 中的对象都保存在内存中，如果对象很多，内存占用会比较大，

59983e0387b2f", GitTreeState:"clean", BuildDate:"2023-09-13T09:34:32Z", GoVersion:"go1.20.8", Compiler:"gc", Pla�orm:"linux/amd64"} # kubeadm config images list #查看k8s其他组件的docker镜像名，默认用 k8s

cmd/aslan/main.go 缺少：源码、Golang Runtime 1 5 从 Dockerfile 说起 还缺三个条件： 1、源码从哪来？ 2、Golang Runtime 从哪来？ 3、PID=1 的进程替换成源码运行，如果进程停 止，容器将 Crash，怎么阻止？ 解决问题： 1、从本地同步到容器 2、将业务容器的镜像替换为 Runtime 镜像 3、替换 PID=1 进程为阻塞进程：

api dockerd runtime pod CRI Spec Deployment • yum install -y kubelet kubeadm kubectl • sed -i '2 i\Environment="KUBELET_EXTRA_ARGS=--container- runtime=remote --container-runtime-endpoint=/var/run/xxx

kube-controller-manager kube-Scheduler Worker Node CRI-containerd Kubeproxy Kubelet • Container Runtime Interface • Responsible for downloading images • Runs containers • Can use other runtimes such Creates virtual IP for external access • Interfaces with local iptables The Kubernetes Runtime Components • Runtime Objects Component Description Pods A grouping of one or more containers as an atomic

deploy REAL vm (traditional vm app) Focus : container security Virtlet Virtlet is a Kubernetes runtime server which allows you to run VM workloads, based on QCOW2 images. https://github.com/Mirantis/virtlet container? k8s + docker + kata not easy kubernetes(dockershim) does not support to choose OCI runtime k8s + docker + kata not easy kata container network hotplug (support now) Dockershim / Docker

.go file import “text/template” Kops 1.4 embed in .go file import “text/template” parse at runtime How do we develop ? ? ? No Yes make go-bindata go build ./kops change work? Kops 1.4 also We couldn’t test our “text/template” code Kops 1.5 ..also We would still get panics at runtime.. Kops 1.5 List of things we ne