Introduction: Kubernetes as the cloud native era “operating system”, familiar with and use it is a necessary skill for every user. This article provides an overview of the knowledge graph of container service Kubernetes. Some of the content references the knowledge graph on the web to help users better understand K8s.

An overview of the

Container service Kubernetes knowledge graph, part of the content refer to a knowledge graph online, more combined with Ali cloud container service.

Knowledge links and remarks

Docker principle

• KVM–> ECS

Blog.csdn.net/weixin_4369…

• Network tunneling technology –>VPC

Blog.csdn.net/wangjianno2…

• NameSpace

Blog.csdn.net/a352193394/… Note: The technique used in Linux containers to achieve “isolation” : Namespace. Namespace technology actually modifies the scope of the application process’s view of the entire computer. Its access is restricted by the operating system and can only “see” certain specified contents.

• CGroup

Blog.csdn.net/wudongxu/ar… Note: Linux Control Group. Its main function is to limit the upper limit of resources that a process group can use, including CPU, memory, disk, network bandwidth, and so on.

• RootFS(Union FS)

Coolshell. Cn/articles / 17… Note: Rootfs is an operating system file, configuration, and directory, not the operating system kernel. In Linux, these two parts are stored separately. The kernel image of the specified version is loaded only when the operating system starts up.

• windows 2019

Note: WindowServer 2019 supports namespace

Container service deployment

• Docker Desktop

www.docker.com/products/do… Note: It is strongly recommended to install this software for learning on Mac machines

• kubernetes

Note: Kubernetes cluster, Aliyun container service support

• DashBoard

Kubernetes. IO/docs/tasks /… Note: Kubernetes cluster GUI management tool, container services Console integration and extension of this application

• EasyPack

Github.com/liumiaocn/e… Note: A batch of scripts that deploy clusters such as Kubernetes

• minikube

Kubernetes. IO/docs/tasks /… Note: Mini new K8s

Tool components

• kubectl

Note: docs.kubernetes.org.cn/61.html k… Management tool for running Kubernetes cluster commands

• kubeadm

Kubernetes. IO/docs/refere… Note: official tools for quick installation and configuration of the Kubernetes cluster

• Helm

Note: Similar to RPM, yum, K8s is a tool for installing components (software package: chart)

• APP Hub

developer.aliyun.com/hub Note: In the Open Cloud Native Application Center, all default Helm Charts (Helm format applications) are regularly synchronized from the Helm Hub north American official site and hosted on Github. In this process, the Cloud Native Application Center will automatically “localize” all Charts that are synchronized.

• CFSSL

Github.com/cloudflare/… Note: CFSSL is an open source PKI/TLS tool, often used for K8s certificate creation

• Aliyun private image repository

Cr.console.aliyun.com/aliyun remark: launch a mirror image of the warehouse, it is suggested that using the enterprise edition

• Cloud – effect configuration mirror warehouse

Cn.aliyun.com/product/yun… Note: Cloud effect enterprise Settings, configuration support to pull images from ali Cloud private image warehouse

• Harbor Mirror warehouse

Goharp. IO Note: Open source free enterprise Registry server for storing and distributing Docker images

component

• kube-apiserver(Master)

Kubernetes. IO/docs/refere… Note: A layer of official default Apiserver (static Pod) encapsulated on Generic Server

• etcd(Master)

Etcd. IO Note: Class ZK is based on the implementation of Raft protocol and starts processes

• Kube-scheduler(Master)

Kubernetes. IO/docs/refere… Note: Dispatcher responsible for pod distribution to Node (static pod)

• kube-controller-manager(Master)

Kubernetes. IO/docs/refere… Note: Controllers for base objects such as Deployment (static Pod)

• cloud-controller-manager(Master)

Kubernetes. IO/docs/refere… Note: The controller used for cloud resource use is a Daemonset controller for cloud service integration.

• kubelet(Node)

Kubernetes. IO/docs/refere… Note: Communicates with the Master to manage the life cycle of worker(Node)

• kube-proxy(Node)

Kubernetes. IO/docs/refere… Note: Daemonset network agent running on the node

• containner runtime(Node)

Note: CRI interface

• DNS

Kubernetes. IO/docs/concep… Note: Aliyun container service uses CoreDNS(Deployment)

• Ingress controller

Kubernetes. IO/docs/concep… Note: Aliyun container service uses nginx Ingress Controller, which can be used as a unified routing (deployment) for HTTPS services.

• Heapster & influxdb

Note: Timing database for monitoring data acquisition and storage (Deployment)

• Federation

Kubernetes. IO/docs/concep… Note: Cluster federation, high availability, resource synchronization, etc

• kube-flannel

Note: The official web plugin aliyun also provides its own Terway component (Daemonset).

• logtail

Help.aliyun.com/document_de… Note: Aliyun Log Collection Component (Daemonset)

Based on the object

• POD

Docs.kubernetes.org.cn/312.html container group, run the container basic units, kubectl get the pods

• Node

Docs.kubernetes.org.cn/304.html cluster section…

• NameSpace

Note: docs.kubernetes.org.cn/242.html…

• Deployement

Note: docs.kubernetes.org.cn/317.html…

• Daemonset

Kubernetes. IO/docs/concep… Note: Similar to daemons

• StatefulSet

Docs.kubernetes.org.cn/443.html remark: stateful deployment

• Job & CronJob

Kubernetes. IO/docs/concep… Note: Scheduling tasks

• Static POD

Kubernetes. IO/docs/tasks /… Note: In a static POD configuration, YAML is in Master

• HPA

Kubernetes. IO/docs/tasks /… Note: Horizontal scaling scheduler

• Service

Kubernetes. IO/docs/concep… Note: Service exposure configuration, including Cluster,NodePort, and SLB

• Ingress

Note: www.kubernetes.org.cn/1885.html routing, ali cloud provided by default nginx ingress

• Secret

Kubernetes. IO/docs/concep… Note: Confidential dictionary, including TLS, private warehouse key, Opaque

• ServiceAccount

Kubernetes. IO/docs/refere… Note: The account used for resource objects, for example, granting access permission to a private image of a Namespace

• RBAC

Kubernetes. IO/docs/refere… Note: K8s supports role-based access control,role, and roleBinding

• Volume

Kubernetes. IO/docs/concep… Note: Mapping disk

• Storge Class

Kubernetes. IO/docs/concep…

• CustomResourceDefinition

Note: User-defined extended resources

Plug-in extension

• CNI(Falnnel/Terway)

Kubernetes. IO/docs/concep… Note: Container network interface

• FlexVolume

github.com/fstab/cifs Note: Open source Volume plug-in is used by The Ari Cloud

• Cloud Provider

Note: Cloud service provisioning interface

Container service optimization – Best practices

• Master selection and disk specifications

[1] yq.aliyun.com/articles/59… [2] yq.aliyun.com/articles/62… ?

• Network selection

Yq.aliyun.com/articles/59… ?

• Worker node selection

Yq.aliyun.com/articles/60…

• Ingress Controller is deployed independently

• Master change with

Help.aliyun.com/document_de…

• A node is changed or restarted, removed, or added

• Basic image development

• Service combines with SLB

• Cluster audit

Help.aliyun.com/document_de…

• Deployment implementation releases in batches
• StatefulSet releases in batches

Yq.aliyun.com/articles/62…

• Set permissions on the Fortress by application

Yq.aliyun.com/articles/71…

• Pods are deployed evenly

Yq.aliyun.com/articles/71…

• Applications go offline gracefully, exit gracefully
• ApiServer access
• monitoring

Service governance

• Istio

Istio. IO Note: The most popular grid service architecture supported by Aliyun

• Linkerd

Linkerd. IO /2/ Overview/Note: The first product proposed by grid Services company

• Cloud effect

www.aliyun.com/product/yun… Note: support container service K8s CI/CD ali cloud production

• Jenkins

Jenkins. IO /zh/ Note: Famous for the most commonly used CI/CD products, container service by one-click install products

Cloud native technology edu.aliyun.com/roadmap/clo public class… Note: Aliyun and CNCF (Cloud Native Computing Foundation) jointly developed this set of cloud native technology open course, the course is free of charge!

“This article reprinted from ali cloud developer community” the original links: developer.aliyun.com/article/715…