s = 1 net.ipv4.ip_forward = 1 EOF #前3行表示bridge设备在二层转发时也去调用iptables配置的三层规则（包含 conntrack） # sysctl -p #加载配置 ⑧防火墙放行端口 TCP: 6443，2379，2380，10250~10252，30000~32767 UDP: 8285，8472 "insecure-registries": [ "cof-lee.com:5443" ], "exec-opts": [ "na�ve.cgroupdriver=systemd" ] } # mkdir -p /etc/systemd/system/docker.service.d # docker info ★docker会修改防火墙规则，导致pod网络不通 # vi /usr/lib/s service #在[Service]下的ExecStart=/usr/bin/dockerd -H fd:// 这行下面再添加一行： ExecStartPost=/usr/sbin/iptables -P FORWARD ACCEPT # systemctl daemon-reload # systemctl restart docker ★默认还加了DOCKER-USER这个forward链，默认全部return，导致不通，也得

⾼可⽤集群：https://yq.aliyun.com/articles/505382 kubespray(ansible)⾃动化安装k8s集群：https://www.cnblogs.com/iiiiher/p/8128184.html TIPS：⾥⾯有将如何替换gcr镜像为国内镜像 Installing Kubernetes On-premises/Cloud Providers with Kubes 明了Service与Pod之间的关系 提问：RC、Pod、Service三者之间的关系是怎样的？ 参考⽂档 容器Docker与kubernetes：http://www.cnblogs.com/stonehat/p/5148455.html Kubernetes扫盲：http://blog.csdn.net/frank_zhu_bj/article/details/51824697 Kubernetes微服务架构应⽤实践：http://www READY STATUS RESTARTS AGE LABELS nginx-deployment-2035384211-7ci7o 1/1 Running 0 18s app=nginx,pod-template-hash=203538 4211 nginx-deployment-2035384211-kzszj

chain • Pros • Iptables is widely adopted in popular Linux distributions • Cons • O(N^2) in control plane / O(N) in data plane • Poor in scheduling algorithm • Iptables rules are difficult to debug IPVS mode • Services are organized in hash table • IPVS DNAT • conntrack/iptables SNAT • Pros • O(1) time complexity in control/data plane • Stably runs for two decades • Support rich scheduling from local-in to PREROUTING • The challenges • Skb’s pointer to route is NULL during PREROUTING • No de-fragment is done during PREROUTING IPVS bypass conntrack (con.) • Egress • Original way • Nf local-out

�����������-�������� ����� ���� ���� ���� �� �����p� ��KK PW�I • ����KKn�sr���s�������O���T���b� • �����+� �D�������n����������)�� • �A�e�� �4��1����2s��Bs�/� �o�� ���(02s��(02 PW �� • ��������������� • ���� ���� ���� ���� ���� ���� ������ ��� �� �� �� �� ��O� ������� ������� ���� ���� � ���� ���� �� �LP� ���� ���� ��B� AP� /P �� ��� ������I ��� �� ��� ���� � Kubernetes�� ����������� �S�vn�b ����f ���k�� �������������� B������������� ����������o�� ��ts�C ������lp �������lp �����lp ������� ��������o�� ������ �����b o������������ ����� �m�e� r��ce� PB��������� grep pgm awk sed

Iptables��Service���� ��Iptables������� IPVS��Service���� Iptables vs. IPVS Kubernetes�Service ����onl��a�o� - ��������������t� - ���������� - �����IP�n������� - �������� - ��������� Kubernetes Service�Endpoints 2.3.4/32 --dport 80 -j DNAT --to-destination 10.20.30.40:8080 • IptablesU����R�� Ø statistic�S����o���� iptables -t nat -A PREROUTING -d 1.2.3.4 --dport 80 -m statistic --mode random --probability .25 vs. IPVS Iptables�������� • �B������ KUBE-SERVICES������KUBE-SVC-*������service��������� ��������O(N) • �B���� ���� • ���� �������iptables�������/�������kernel lock Another app is currently holding

40000 P100 (1GPU) P100 (32GPU) V100 (8GPU) V100 (32GPU) RestNet50 模型训练速度（images/second） 分布式训练/GPU硬件升级加速明显 模拟数据训练时间 108 15.12 4.62 3.39 1 0 20 40 60 80 100 120 P100 (1GPU) P100 (8GPU) (8GPU) P100 (32GPU) V100 (8GPU) V100 (32GPU) RestNet50 模型训练时间(hours) V100 8卡 : 157.9元/小时 x 4 = 631.6 元 P100 1卡：12.78 元/小时 x108 = 1380.24 元 数据访问的新挑战 1.强大的算力需要匹配的I/O吞吐 2.计算存储分离导致I/O延迟 3.单机缓存无法满足海量数据加速

run a Kubernetes SIG.. Kris Nova . . t h a t b r i n g s a n o p e n s o u r c e p r o j e c t . . Kris Nova ..to Kris Nova Microsoft ACS ..while working

114.114.114 IPV6INIT=no 打开虚机网络： Step3. 虚拟机磁盘 2 分区&格式化 fdisk -l fdisk /dev/sdb 依法选择 n,p,1,t,l,8e,w fdisk –l pvcreate /dev/sdb1 vgdisplay vgextend centos /dev/sdb1 vgdisplay lvcreate lvcreate -l 100%free -n docker centos lvdisplay mkfs.xfs -n ftype=1 /dev/mapper/centos-docker mkdir -p /var/lib/docker mount /dev/mapper/centos-docker /var/lib/docker echo "/dev/mapper/centos-docker /var/lib/docker net.bridge.bridge-nf-call-iptables = 1 net.ipv4.ip_forward = 1 vm.swappiness=0 EOF sysctl -p C. 安装 ipvs 【注】ipvs 将作为 kube-proxy 的代理模式 Step1: 安装 yum install ipvsadm ipset sysstat conntrack

手动扩展 • 滚动更新 • 多版本追踪 Worker (Container Host) P1R1 Worker (Container Host) P1R2 P2R1 P1R1 P2R1 Worker (Container Host) P1R3 P2R2 P2R2 Master API K K K Deployment_Y.yaml ContainerImage1 Replicas: 1 ContainerImage2 Replicas: 2 P1R1 P1R2 P2R1 SACC2017 在Kubernetes中部署Fabric SACC2017 • Fabric的应用面临几个问题： – 大量配置文件，繁琐且容易出错。 – 开发人员无法专注于应用开发。 – 基于Fabric身份管理的设计，网络中节点增减的步骤繁多。 -it cli-2586364563-vclmr bash --namespace=org1 • 执行Fabric命令，如创建channel： $ peer channel create -o orderer0.orgorderer1:7050 \ -c mychannel -f ./channel-artifacts/channel.tx 使用 Fabric Cluster SACC2017

CE) Un i f i ed A P Is M u l ti -Cluster M a na gement M u l ti -Ten ant M a nagement K u bernetes In tegration API S e r ver C o r e /C ustom R e s ourc es API S e r ver C o r e /C ustom R R e s ourc es API S e r ver C o r e /C ustom R e s ourc es Oth er tool s/systems In tegra ti on Other tools/systems Alauda Cloud Enterprise (ACE) Alauda Cloud Enterprise - DevOps • 开放式 DevOps