上执行，不可 在master上执行！！ ★k8s初始化报错（树莓派） CGROUPS_MEMORY: missing [ERROR SystemVerifica�on]: missing required cgroups: memory 因为树莓派系统默认未启动cgroup_memory，解决方法： # vi /boot/firmware/cmdline.txt #如果有这个文件就编辑此文件 console=�y1 root=/dev/mmcblk0p3 roo�stype=ext4 elevator=deadline rootwait 这行后面添加 cgroup_enable=memory cgroup_memory=1 #是在行尾添加，不是另起一行 # reboot #重启后生效 ★第4章、K8S高可用集群搭建 前面几章只装了 #资源需求，定义了容器所需要的最小资源量，便于调度，不 能小于jvm中的Xms memory: "256Mi" cpu: "200m" limits: #资源限制，定义了容器最大可以消耗的资源上限，对应jvm中 的Xmx memory: "256Mi" cpu: "200m" #1核cpu为

io/google_containers/pause:0.8.0 resources: requests: cpu: 100m memory: 100Mi 13-Node 39 将 cpu 和 memory 值设置为您要保留的资源量。将该⽂件放在清单⽬录中（kubelet的 --config=DIR 标志）。 在想要 预留资源的每个kubelet上执⾏此操作。 io/google_samples/gb-frontend:v3 resources: requests: cpu: 100m memory: 100Mi env: - name: GET_HOSTS_FROM value: dns # If your cluster io/google_samples/gb-frontend:v3 Port: 80/TCP Requests: cpu: 100m memory: 100Mi Environment: GET_HOSTS_FROM: dns Mounts: Volumes:

regions and zones – add cloud provider ​What is NUMA? ​How to solve potential issues with CPU and memory intensive workloads ​Kubernetes default resource management ​How it works ​Extending the functionality themselves within vSphere failure domains. 11 What is NUMA? Non Uniform Memory Architecture 12 Why should you care about NUMA? Memory intensive workloads Nearly all database servers (e.g. Oracle, MongoDB) system’s memory as possible. Where does this lead? Node 0 32GB Node 1 21GB 2 CPU Nodes – NUMA host When Linux initially allocates a threads, it is assigned a preferred node, by default memory allocations

regions and zones – add cloud provider What is NUMA? How to solve potential issues with CPU and memory intensive workloads Kubernetes default resource management How it works Extending the functionality themselves within vSphere failure domains. 11 What is NUMA? Non Uniform Memory Architecture 12 Why should you care about NUMA? Memory intensive workloads Nearly all database servers (e.g. Oracle, MongoDB) system’s memory as possible. Where does this lead? Node 0 32GB Node 1 21GB 2 CPU Nodes – NUMA host When Linux initially allocates a threads, it is assigned a preferred node, by default memory allocations

latency • Network • Security • DEK in the clear in memory • Secret in the clear in memory • kubeconfig in the clear in memory • KEK in the clear in memory ü leak ALL DEKs ü leak ALL secrets ü trust collapse area protected by the processor (aka. Enclave) Example: Intel SGX • Strong isolation • Encrypted memory • SW/HW attacks prevented TEE-based KMS Plugin [1] • Address performance & latency concerns • compromise Ø kubeconfig maliciously reused by attackers Ø kubeconfig in the clear in clients’ memory Ø leak users’ secrets • Sending to / receiving from malicious software entity (logic) TEE-based

limits: cpu: 2000m memory: 1024Mi requests: cpu: 1000m memory: 1024Mi securityContext: capabilities: curly braces after 'resources:'. # limits: # cpu: 100m # memory: 128Mi # requests: # cpu: 100m # memory: 128Mi autoscaling: enabled: false minReplicas: 1 maxReplicas: curly braces after 'resources:'. # limits: # cpu: 100m # memory: 128Mi # requests: # cpu: 100m # memory: 128Mi autoscaling: enabled: false minReplicas: 1 maxReplicas:

Multi-Batch InPlaceUpdate Ø Support HPA, CronHPA, VWA (Vertical Workload Autoscaler) Ø Keep share memory during Pod upgrade Ø Scaled Up with LGV (Last Good Version) Ø Per Pod Per PV Ø Per Workload Per ��� ���������������������������������������������������� StatefulSetPlus Operator Ø Keep share memory during Pod upgrade Ø Upgrade jitter (a few ms) for keep-alive services Flexible and dynamic resource

Container) 介绍 在单一系统的内核层通过一套 API 在应用层提供硬件及软 件环境隔离的 Linux 环境（containers 。在内核层，通过 cgroup 来提供硬件环境的隔离（例如 CPU，Memory， Block I/O，网络等等 和通过 namespace 来提供软件层面 的隔离（例如 process tree，网络，user IDs 和挂载的文件 系统 。 Container 框架 用户操作日志 • 对用户的操作进行记录 • 对用户的资源使用状况进行统计 • 对多用户的资源使用状况进行统计 监控 • 实时的集群及 Containers 信 息监控（包括CPU，Memory， BIO，Networking • 监控预警的阀值设置 • 收集监控日志 存储管理 • 对于所有 Kubernetes Volume 按照业务类型提供统一的管理 • 用户在进行Volume操作的时候

x容器最多只用50%的CPU和128MB的内存： $ kubectl set resources deployment nginx-app -c=nginx --limits=cpu=500m,memory=128Mi deployment "nginx" resource requirements updated Yaml文件中可以通过配置实现相同的效果： apiVersion: v1 kind: app: nginx name: nginx spec: containers: - image: nginx name: nginx resources: limits: cpu: "500m" memory: "128Mi" 29 www.h3c.com Confidential 秘密 29 29 K8s基本概念和术语介绍 资源对象分类： 类别 名称 资源对象 Pod、 Replica Set、

* gc-controller! • ������������������������! tidb-scheduler! • �� k8s �� scheduler ������(cpu/memory/ affinity)! • �� k8s scheduler ���� PV ���! • �� PD �������� TiKV ����(����� ����������)! tidb-volume-