about cluster • Kubernetes Front-end Control Plane • Provides RESTful interface • Returns state objects as JSON • Provides core control loops for platform • Watches shared state through apiserver • external access • Interfaces with local iptables The Kubernetes Runtime Components • Runtime Objects Component Description Pods A grouping of one or more containers as an atomic unit Namespaces A in NSX b) Creates a logical switch c) Creates a T1 router and attaches it to the pre-configured global T0 router d) Creates a router port on the T1 router, attaches it to the LS, and assigns an IP

§ K8s is a production- grade container orchestration platform § Declarative management of objects using configuration files. § More introductions, go to • K8s official document http://kubernetes ensures that all (or some) Nodes run a copy of a Pod • In OpenWhisk, we deploy strictly mangaged objects as StatefulSet or DaemonSet: – Controller – Invoker – Kafka Jobs • A job creates one ClusterIP service: – Controller – Invoker – Nginx – Kafka – Zookeeper – Redis Other objects used in OW charts • ConfigMap: like nginx deployment configuration • Secrets: like DB access

50 • API Object Oriented Programming Core of API “OO” 1.API objects stores in etcd 2.Control loops (Sync Loop) to reconcile API objects Example kubelet SyncLoop kubelet SyncLoop proxy proxy The heart of Kubernetes orchestrator • drives the cluster state based on the changes to the API objects for { desired := getDesiredState() current := getCurrentState() makeChanges(desired, current)

架构 Cache Informer 机制 Cache 如何获取到本地（内存中） Informer 启动后会通过 reflector 的 list & watch 机制获取某种资源的 全量 objects。list 可以简单理解为一个 HTTP GET 请求，watch 为一 个 HTTP/2 长连接 Cache 如何保持与 API Server 一致性 list & watch 机制中，list *Builder) For(object client.Object, opts ...ForOption) *Builder {...} // Owns defines types of Objects being *generated* by the ControllerManagedBy, and configures the ControllerManagedBy to respond to client.Object, eventhandler handler.EventHandler, opts ...WatchesOption) *Builder Reconcile Loop(Objects Generation) // SetControllerReference sets owner as a Controller OwnerReference on controlled. //

mtu 1500 qdisc pfifo_fast state UP #k8s服务器本身用于通信的网口 inet 10.99.1.61/24 brd 10.99.1.255 scope global 3: docker0: mtu 1500 qdisc noqueue state DOWN #docker默认的容器网络 #Service 网络，使用ipvs实现 inet 10.7.0.1/32 scope global kube-ipvs0 valid_l� forever preferred_l� forever inet 10.7.0.10/32 scope global kube-ipvs0 #当访问这些ip加某端口时转为真 实的pod ip 0/32 brd 10.244.0.0 scope global flannel.1 7: cni0: mtu 1450 #网桥设备，是本 服务器上的pod网络的网关 inet 10.244.3.1/24 brd 10.244.3.255 scope global cni0 8: veth57d7a776@if3:

container Ø High-performance Ø Safe autoscaling decisions Ø Personalized configuration of VWA objects Ø Cooperate with HPA through events Vertical Workload AutoScaler (VWA) Recommender Prometheus Deploy HPAPlus-Controller independently. Ø High Performance. Ø Personalized configuration of HPA objects. Ø Calculate replicas based on pod resource request or limit. Ø Cooperate with CronHPA and VWA

检测框架 Ver.1 { 自动化 Ver.1 自动化 Autopilot Engine Command Policy Executor Task Node Node Node Global Job Custom Job Node Script Image 1. 根据集群类型、版本、场景生成检测策略 2. 根据策略执行检测任务 3. 检测任务支持脚本或容器镜像 Ver 目标受众为非程序员、业务员或最终客户 典型的 DSL • 正则表达式 Ver.2 动态化 Dynamic Engine Command Policy Executor Task Node Node Node Global Job Custom Job Node Script Image Report Builder Report Executor Autopilot Engine Ver.2

reference 可 帮助您找到所有对象的spec格式。 原⽂ https://kubernetes.io/docs/concepts/overview/working-with-objects/kubernetes-objects/ 06-理解K8s对象 22 名称 Kubernetes REST API中的所有对象都会被Name和UID明确标识。 对于⽤户提供⾮唯⼀属性，Kubernetes提供 ⽣产共享客户端库/⼯具（⽤于部 署、管理、内省）变得更加困难。 原⽂ https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ 10-Annotation 30 K8s架构及基本概念 架构图 Master（主节点） K8s⾥的Master指是集群控制节点，⼀个K8s集群需要有⼀个M selector requirement。 关于Label Selector：https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ ，本⽂的示例种 也有⽤到两种selector。 如何使⽤ReplicaSet ⽀持Replication Controller的⼤多数 kubectl 命令也⽀持ReplicaSets。

com/Mirantis/virtlet Virtlet compares with other CRI Virtlet Architecture Daemonset Pod Virtlet Deploying Objects DaemonSet ConfigMap ClusterRole/Role Service Account virtlet solution Virtlet Pros define

quota MEM quota Storage quota Device (GPU) quota …. quota Service Config group … k8s objects Application template ⽤用户场景 - OPENSTACK 租户集成 • 企业真实场景 - 集成旧系 统，并⾏行行跑业务。 • 资源对照表 • Tenant