Container Image = Runs in a Pod (~1:1) • Replicas = QTY of Pods that must be running Worker Node Worker Node Worker Node Kubernetes Master Node (Master & etcd nodes) API K K K App_Y.yaml ContainerImage1 ContainerImage2 Replicas: 2 https://youtu.be/PH-2FfFD2PU 14 VM VM VM VM Kubernetes Trend Worker Node The Kubernetes Master Node Basic Components Master Node ETCD kube-apiserver kube-controller-manager Affinity/Anti-Affinity Capable The Kubernetes Worker Node Basic Components Master Node ETCD kube-apiserver kube-controller-manager kube-Scheduler Worker Node CRI-containerd Kubeproxy Kubelet •

21 K8s 集群模型 • 一个或多个主节点 (master) • 一个或多个工作节点(worker) • 命名空间（Namespaces） – 用于命名分隔资源的逻辑组 K8s Cluster Worker node 1 Worker node 2 Worker node 3 Master SACC2017 Pod的概念 • Pod是K8s中一个或多个容器组成的部署单位 Claim Developer Owned Worker Claim Pod 24 SACC2017 Kubernetes的Services • 服务类型 – ClusterIP – NodePort – LoadBalancer • 服务发现 – DNS – 环境变量 25 Worker Node Service Pod 1 Pod 复制控制器Replication Controller • 自动恢复 • 手动扩展 • 滚动更新 • 多版本追踪 Worker (Container Host) P1R1 Worker (Container Host) P1R2 P2R1 P1R1 P2R1 Worker (Container Host) P1R3 P2R2 P2R2 Master API K

underlying tier of high availability and automated placement options, for both control plane and worker nodes. 2 levels of scheduling and resource management are active. ​Currently no automatic scheduling scheduler continuously pull pods off the queue, evaluates the pod’s requirements, and assigns it to a worker node. 6 Kubenetes scheduling What does the scheduler do: As pod are created, they are place in the queue, evaluates the pod’s requirements, and assigns it to a worker node. Placement Decision Stages: 1. Filter out impossible worker nodes a. Filters are called predicates - extensible in code with

underlying tier of high availability and automated placement options, for both control plane and worker nodes. 2 levels of scheduling and resource management are active. Currently no automatic scheduling scheduler continuously pull pods off the queue, evaluates the pod’s requirements, and assigns it to a worker node. 6 Kubenetes scheduling What does the scheduler do: As pod are created, they are place in queue, evaluates the pod’s requirements, and assigns it to a worker node. Placement Decision Stages: 1. Filter out impossible worker nodes a. Filters are called predicates - extensible in code with

需通过⾸云集群管理⻚⾯进⾏上述操作 创建集群 进⼊集群⻚⾯ -> 右上⻆点击创建集群 设置集群名称 -> 选择虚拟数据中⼼ -> 选择集群私⽹ip⽹段 -> 选择计费⽅式-> 设置master节点 - > 设置worker节点 -> 选择HA配置 -> 选择集群公⽹ip -> 设置集群ssh登录密码 -> 确认⽆误后点击 确认 2.使⽤须知 集群管理 1.简介 2.使⽤须知 3.操作说明 4 5 8 添加worker节点 进⼊集群⻚⾯ -> 选择需要操作的集群 -> 点击集群扩容 核对集群ID -> 选择增加节点类型为worker -> 选择计算类型与规格 -> 添加云盘（可不选）-> 设置 添加数量 -> 输⼊登录⽤户密码 -> 核对⽆误后，点击确定进⾏添加 9 进⼊节点查看⻚⾯ -> 选择对应集群，新添加节点状态由创建中 -> 正常代表添加成功 删除worker节点（master节点不可移除） 删除worker节点（master节点不可移除） 进⼊节点查看⻚⾯ -> 选择对应集群，选择要删除的worker节点 -> 点击删除 10 点击删除后，仔细阅读提示后，没问题点击确认执⾏删除操作 进⼊节点查看⻚⾯ -> 选择对应集群，删除节点状态由删除中 -> 节点消失代表删除成功 11 设置节点调度 进⼊节点查看⻚⾯ -> 选择对应集群 -> 选择要设置的节点 -> 设置是否可调度 仔细阅读提示，没问题后点击确认

(Fuse) Worker (local) Worker (remote) Master Training POD Tier0: 1-2GB/S Short Circuit: 1-6GB/S Network: 300M/S Alluxio在Kubernetes上的架构 K8S node Pod Pod K8S node K8S node Alluxio Worker Pod RAM/SSD/HDD RAM/SSD/HDD fuse K8S node K8S node Alluxio Worker Pod RAM/SSD/HDD fuse K8S node Alluxio Worker Pod RAM/SSD/HDD fuse TensorFlow TensorFlow Alluxio Master Pod Pod MXNet MXNet Pod Pod Caffe Alluxio读取的数据块优先保存到本地，但是当本地空间不足时， 不会驱逐本地数据块而是将读取数据缓存到邻近节点 alluxio.worker.tieredstore.level0.dirs.quota 100GB 缓存存储的容量上限。 alluxio.worker.tieredstore.level0.watermark.high.rat io 0.99 后台驱逐任务启动条件，本例子中条件本地空间超过100

© 2019, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Amazon Confidential 配置 worker nodes AWS CloudFormation eksctl Partners …更多 Terraform Pulumi Rancher © 2019, Amazon Web Services 0/10 客户网 关 公司数 据中心 On-premises 10.1.0.0/16 VPN / DX Pod Outbound Traffic SNAT EKS worker node Primary elastic network interface Pod Secondary elastic network interface Pod – 100 AWS 全球基础架构 区域 可用区 边缘站点 由AWS用户管理 由AWS管理 KUBELET K8s RBAC APP HOST AWS IAM 容器 升级 加固 监控 WORKER NODE 配置 升级 加固 监控 NETWORK 配置 VPC 网络策略 路由表 NACLs 数据 网络流量保护 客户端加密 服务端加密 EKS CONTROL PLANE CONTROL

env: - name: initReplicas value: 3 - name: worker_connections fromParam: connections parameters: - name: connections description: "The setting for worker connections" type: number default: 1024 required: application Component 核心workload 可访问 可复制 长久运行 Server √ √ √ Singleton Server √ × √ Worker × √ √ Singleton Worker × × √ Task × √ × Singleton Task × × × apiVersion: core.oam.dev/v1alpha1 kind: Component env: - name: initReplicas value: 3 - name: worker_connections fromParam: connections parameters: - name: connections description: "The setting for worker connections" type: number default: 1024 required:

控制平面元件 (Control Plane Components) 2. etcd 狀態資料庫 3. 控制平面設置 (Control Plane Configuration) 4. 工作節點 (Worker Node) 5. 政策 (Policies) ©2019 VMware, Inc. 10 Use Cases: Security Architecture Guidance / Replacement 企業可依照自己的團隊分工選擇各種角色隔離或者指派到相同對象 PKS對於平台各租戶/層級都有明確角色存取控管 (RBAC)設計 Master Worker Worker Pod Pod kube-cluster Master Worker Worker Pod Pod kube-cluster PKS API BOSH Ops Manager BOSH

容器调度与编排 Spark-Master Serverless Kubernetes集群 Demo: 基于Serverless Kubernetes的Spark数据处理 Worker-1 Worker-2 Worker-N Pod Pod Pod Pod Client spark-submit 开始使用 Get Started • 现开放区域：杭州、上海、美西，公测期间免费，欢迎试用