Kubernetes满⾜了在⽣产中运⾏的应⽤程序的⼀些常⻅需求，例如： Co-locating helper processes ，促进组合应⽤程序和保留”⼀个应⽤程序的每个容器“模型 Mounting storage systems Distributing secrets Checking application health Replicating application instances Using "dev" , "environment" : "qa" , "environment" : "production" "tier" : "frontend" , "tier" : "backend" , "tier" : "cache" "partition" : "customerA" , "partition" : "customerB" "track" : "daily" (production, qa) tier notin (frontend, backend) partition !partition 第⼀个示例选择Key等于 environment ，Value等于 production 或 qa 的所有资源。 第⼆个示例选择Key等于 tier ，Value不等于 frontend 或 backend ，以及所有Key不等于 tier 的所有资源。 第三个示例选择Key包含

51~53）使用haproxy做反向代理 frontend k8s_api_tcp_6443 bind *:6443 mode tcp default_backend my_k8s_cluster_6443 backend my_k8s_cluster_6443 mode tcp balance roundrobin server s1 10.99 count/deployments.extensions: "2" persistentvolumeclaims: "2" #可以创建的pvc总数 requests.storage: 20Gi #可以创建的pvc存储需求存储空间总量限额 EOF # kubectl apply -f resourceQuota-testxx.yaml "web.xxx.com" h�p: paths: - path: / #若不指定url，则默认就是/根路径，全部转发 backend: serviceName: mynginx-svc servicePort: 1380 - host: "web2.xxx.com" h�p:

Architecture Storage vSphere Kubelet Datastore1 K8s Vol dataVol.vmdk K8s vSphere Cloud provider Kubernetes Worker (VM) Pod Tools, Libs, SW Redis DB K8s API vCenter Create Storage Class Create thin-disk Provisioner: vSphere Volume Diskformat: thin Name: volume-claim Storage class: thin-disk Accessmode: readwrite Storage: 2GB Podspec includes: Persistent volume claim Filesystem mount point RedisDB vRealize Ops, Log Insight For Comprehensive Visibility 32 UI and API Backend Advanced Analytics Engine Metrics Collection and Storage Iterate & Troubleshoot Issues Trend & Alert on Anomalies Visualize

超大集群，有效降低资源碎片率 落地效果 读写 QPS > 1w • 背景介绍 • 设计思路 • 性能优化 • 落地效果 • 未来演进 影响力构建 集成进入 Kubernetes 作为新型 Storage Backend 已经开源，以 TiKV 作为存储引擎 持续优化和完善系统 架构演进 • 目前所有消息严格要求有序 • 消息不重不丢、严格有序，所以写必须单点 • Kubernetes 本质是一个最终一致性的系统

Checked into Github ○ Accessible by users who shouldn’t have access, e.g., CEO ○ Stored in public storage buckets Secret management requirements Identity Require strong identities and least privilege KMS plugin for Kubernetes ● Secrets are in etcd, with root of trust in Vault Kubernetes auth backend for HashiCorp Vault ● Authenticate to Vault using a K8s service account Kubernetes secrets: requirements

Kubernetes Service�Endpoints Label Selector Label: app=backend IP: 172.17.10.1 Port: 80 Label: app=MyApp Container Container Label: app=backend IP: 172.17.10.2 Port: 80 Label: app=MyApp Container Container Controller Label: app=MyApp Replicas: 2 Service <10.0.0.11>:<9376> Label: app=MyApp Endpoints: track backend pod changes <172.17.10.1>:<80> <172.17.10.2>:<80> ... Cluster DNS record: pod1.clusterdomain pod2

Ingress properties: - name: path value: "/" applicationScopes: - my-vpc-network - componentName: backend instanceName: database applicationScopes: - my-vpc-network vpc-3a1p8n container- 8q93re slb-7yt83n Application Configuration：组装与自包含 OAM 加持下的 Kubernetes PaaS K8s 团队 运维 研发 监控报警 灰度发布 日志 扩缩容 负载均衡 web backend Trait Promethus Operator Elasticsearch Operator database Component OpenKruise RDS operator ……

OpenWhisk • Technical details • Demo What is serverless ? What is serverless ? Serverless＝ Backend as a Service Functions as a Service • Zero server ops – No provisioning, updating, and managing

com/GoogleContainerTools/jib Me Java Developer Building website for pet clinic Wants to containerize the backend Wants container on registry ilovejava.io/petclinic-app github.com/GoogleContainerTools/jib github

PROVISIONER AGE 4 wordpress-sc-001 cds/nas 30m sc.yaml 内容如下 1 apiVersion: storage.k8s.io/v1 2 kind: StorageClass 3 metadata: 4 name: wordpress-sc-001 5 provisioner: nas 15 spec: 16 accessModes: 17 - ReadWriteOnce 18 resources: 19 requests: 20 storage: 20Gi 21 storageClassName: wordpress-sc-001 22 --- 23 apiVersion: v1 24 kind: PersistentVolumeClaim 30 spec: 31 accessModes: 32 - ReadWriteOnce 33 resources: 34 requests: 35 storage: 20Gi 36 storageClassName: wordpress-sc-001 创建⼀个Secret变量存放MySQL密码 2. 部署MySQL容器组 74 创建命令 1