20-管理容器的计算资源 21-Kubernetes资源分配 22-将Pod分配到Node 23-容忍与污点 24-Secret 25-Pod优先级和抢占 26-Service 27-Ingress Resources 28-动态⽔平扩容 29-实战：使⽤K8s编排Wordpress博客 2 简介 Kubernetes开源书。不啰嗦了，JUST READ IT. GitHub地址：https://github loyments、HorizontalPodAutoscalers、Ingress、Jobs和ReplicaSets都被启⽤。可通 过在apiserver上设置 --runtime-config 来启⽤其他扩展资源。 --runtime-config 接受逗号分隔值。 例如：要禁⽤ Deployments和Ingress，可设置 --runtime-config=extensions/v 1beta1/deployments=false,extensions/v1beta1/ingress=false 05-Kubernetes API 19 原⽂ https://kubernetes.io/docs/concepts/overview/kubernetes-api/ 05-Kubernetes API 20 理解K8s对象 这个⻚⾯描述了Kubernetes对象在Kubernetes

statefulset/nginx-statefulset --replicas=3 #scale命令调整的副本数会写入相应的dep/sts配置清单中 ★第8章、Service和Ingress ★创建Service ①ClusterIP类型 # vi mynginx-svc.yml #内容如下 apiVersion: v1 kind: Service ★创建ingress ①部署ingress控制器 ingress控制器（Ingress Controller）得单独安装，Ingress控制器可基于某ingress 资源定义的规则将客户端的请求流量直接转发至与Service对应的后端pod资源 上，绕过service直接转发到真实pod上。Ingress资源是基于h�p的host名或url的 转发规则 k8s-ingress-nginx官网地址 k8s-ingress-nginx官网地址 h�ps://kubernetes.github.io/ingress-nginx/deploy/ # wget h�ps://raw.githubusercontent.com/kubernetes/ingress-nginx/controller- v1.2.0/deploy/sta�c/provider/cloud/deploy.yaml 或者 wget h�ps://limaofu

ServiceAccount metadata: name: traefik-ingress-controller --- kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1beta1 metadata: name: traefik-ingress-controller rules: - apiGroups: io/v1beta1 metadata: name: traefik-ingress-controller roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: traefik-ingress-controller subjects: - kind: ServiceAccount ServiceAccount name: traefik-ingress-controller namespace: default kubectl apply -f 2-rbac.yaml Step3: 创建 traefik 配置文件的 configmap vi 3-configmap.yaml kind: ConfigMap apiVersion: v1 metadata:

500 pod • 成本优化：按需创建，支持spot和预留实例劵 • Kubernetes兼容性： deployment/statfulset/job/service/ingress/CRD • ALB Ingress: 基于SLB 7 layer • Knative serving on ASK：automatic scaling in knative • 集成ARMS, SLS Elastic Serverless Kubernetes Architecture Cloud-scale Nodeless Kubernetes Etcd Watch Pod, Service, Ingress resource change ECI Two-way sync of resources K8S resources CRUD K8S Client Elastic Container Container Instance Pod Viking agent Container Container Pod Get Pod status Service/Ingress DNS Entry SLB Private Zone ASK-Scheduler K8S API Server Metrics API CloudMonitor, Prometheus HPA Controller

• 默认 service type: ClusterIP Kubernetes Ingress 对象支持 © 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential ALB Ingress controller AWS Resources Kubernetes Cluster Cluster Node Node Kubernetes API Server ALB Ingress Controller Node HTTP Listener HTTPS Listener Rule: /cheeses Rule: /charcuterie TargetGroup: Green (IP Mode) TargetGroup: Blue (Instance rights reserved. Amazon Confidential ALB Ingress controller 发布v1.0版本，支持Kubernetes生产环境 由Amazon EKS 团队提供支持 Github开源: https://github.com/kubernetes-sigs/aws-alb- ingress-controller © 2019, Amazon Web Services

Haproxy 负载均衡 �. 访问 WordPress ⽅法⼆：Ingress 外⽹访问 WordPress 配置⽅法 �. 创建 Namespace 和 PVC 资源 �. 部署MySQL容器组 �. 部署WordPress容器组 �. 创建 Service �. 创建 Ingress �. Haproxy 策略配置上述 Ingress 与服务映射的 �� 端⼝ �. 访问 Wordpress "/nfsshare/wordpress" # ⽬录可⾃⾏修改为 /nfssahre/ 10 vers: "4.0" 11 mode: "777" ⽅法⼆：Ingress 外⽹访问 WordPress 配置⽅法 1. 创建 Namespace 和 PVC 资源 85 12 reclaimPolicy: "Delete" 创建Namespace 创建命令 填写域名 -> 选择关联的服务和端⼝映射（80） -> ⽆误 后，点击确认 4. 创建 Service 5. 创建 Ingress 91 复⽤部署 WordPress 集群使⽤的 Haproxy -> 点击策略配置 点击添加策略 6. Haproxy 策略配置上述 Ingress 与服务映射的 80 端⼝ 92 填写 Haproxy 策略名称 -> 选择 HTTP 类型 -> 填写上述暴露的

���� �������� ����(1/2) • ������ • ����������� • ������������ • ������ • ���������� • ��Ingress�� • �����90%���Service�� • �����A/B Test • ��>10S �����Service��� ��������� • ���Service������B�� EMR Interactive Analytics DLA Log Service / Analytics �� Flink Storm ����������� Audit Ingress Mesh Event HPA Kubernetes������ ��� ���� Mesh ���� Stdout �� Event … DaemonSet Sidecar Appender I������� • ������ • ���DCS� • �I�c��� ��� ������ ��Mesh/Trace�� ��Ingress�� ������ ��� ������ ServiceMesh�� Ingress�� ���� ���da����+��0e� ���� ��+����+1��e�A ������� ��� ����B • ��API���������

tc hooks • Triggered by ingress/egress packets IPVS bypass conntrack • Why IPVS depends on conntrack? • Iptables/conntrack SNAT • How IPVS bypasses conntrack? • Ingress • Move IPVS Netfilter hook program is easy to deploy • How to do SNAT in eBPF • Do SNAT in TC egress • Do reverse SNAT in TC ingress Tc egress Hit eBPF map? Does SNAT nic nic Y N • How IPVS talks with eBPF program? • eBPF

HorizontalPodAutoscaler CustomMetricsServer Prometheus Service Monitor Istio Virtual Service Deployment Ingress Service YAML 文件 代码、应用、CICD 流水线 容器 Pod Controller 调度 Node Sidecar CNI CSI 为了更好的用户体验： 用户 期望： 做抽象容易形成“谷仓” • 一个抽象满足不了所有场景，所以… 有状态应用 PaaS 无状态应用 PaaS Serverless PaaS 用户 Kubernetes Cert Manager Ingress Let’s Encrypt Flagger Virtual Service Manual Scaling App CRD HPA Knative Service Cert Operator Virtual Machine Gateway Route Traffic Alert Monitor Service Binding Rollout Ingress interoperability Application Application Application Platform foo Platform bar Serverless baz

deployment requirements § Config Maps § Daemon Sets § Deployments § Events § Endpoints § Ingress § Jobs § Nodes § Namespaces § Pods § Persistent Volumes § Replica Sets § Secrets § Services • ConfigMap: like nginx deployment configuration • Secrets: like DB access credentials • Ingress Component Launch Sequence • In Kubernetes, we can use the following mechanisms to handle the