Kubernetes introduction to proficient | kubernetes cluster security - Authentication

Authorization The above authentication process only confirms that both sides of the communication confirm that the other party is trusted and can communicate with each other. Authentication is to determine which resources the requestor has. API Server currently supports the following authorization policies (set through the startup parameter &q ...

Posted by dgudema on Thu, 10 Mar 2022 13:44:45 +0100

K3s cluster Helm3 rapid deployment of Operator & Prometheus at home and abroad

Background summary Recently, helm3 has deployed resources in k8S/k3s clusters. In China, Alibaba, Netease and Tsinghua are always keen to be image sources. Because there are always one or another problems in domestic and foreign networks, the difference between your ability and others is how you quickly deal with such network problems, which w ...

Posted by maxpouliot on Tue, 08 Mar 2022 19:08:06 +0100

Operation and maintenance: RocketMQ Operator, a powerful tool for RocketMQ operation and maintenance control in the cloud native Era

Introduction: RocketMQ Operator: a powerful tool for RocketMQ operation and maintenance control in the cloud native era: Introduction: RocketMQ Operator has joined OperatorHub and officially entered the Operator community. Starting from practice and combining with cases, this paper will illustrate how to quickly build a RocketMQ cluster on Kub ...

Posted by mikes127 on Tue, 08 Mar 2022 03:20:56 +0100

Fluid gives data elasticity a pair of invisible wings - Custom elastic expansion

background As more and more data intensive applications such as big data and AI begin to be deployed and run in Kubernetes environment, the differences between the design concept of data intensive application computing framework and the original flexible application layout of cloud lead to data access and computing bottlenecks. Cl ...

Posted by stevieontario on Mon, 07 Mar 2022 22:21:29 +0100

Containerization Technology: the life cycle of Pod in Kubernetes

1, Life cycle of Pod The Pod follows a predefined life cycle, starting from the Pending phase. If at least one of the main containers starts normally, it enters the Running phase. Then it depends on whether any container in the Pod ends in the Failed state and enters the Succeeded or Failed phase. During Pod operation, Kubernetes can restart ...

Posted by cosmos33 on Mon, 07 Mar 2022 22:09:27 +0100

Take a small notebook and remember how kubernetes ingress nginx releases blue, green and gray

Background introduction In some cases, we are using Kubernetes as the cloud platform for business applications. We want to realize the blue-green deployment of applications to iterate the application version. lstio is too heavy and complex, and it is positioned in flow control and grid governance; Ingress nginx introduces Canary function in ve ...

Posted by hrdyzlita on Mon, 07 Mar 2022 15:22:44 +0100

Private credentials: Secret

Secret A Secret is an object that contains a small amount of sensitive information, such as a password, token, or key. Such information may be placed in the Pod protocol or in the image. Using Secret means you don't need to include confidential data in your application code. (this passage comes from the official website) The use process i ...

Posted by platnium on Sat, 05 Mar 2022 17:21:18 +0100

In depth analysis of Kubernetes -- Chapter 5: Kubernetes arrangement principle_ Controller_ StatefulSet

Statefulset (II) The Kubernetes project introduces a set of API objects called Persistent Volume Claim (PVC) and Persistent Volume (PV) Define a PVC and declare the attributes of the desired Volume kind: PersistentVolumeClaim apiVersion: v1 metadata: name: pv-claim spec: accessModes: - ReadWriteOnce resources: requests: sto ...

Posted by astronaut on Sat, 05 Mar 2022 15:14:05 +0100

Running logic of kubebuilder operator

Running logic of kubebuilder summary The following is kubebuilder's Architecture diagram . You can see that the outermost layer is driven by a component called Manager, which contains multiple components. The mapping relationship between gvk and informer is saved in the Cache, which is used to Cache kubernetes objects through informer. The Con ...

Posted by gevo12321 on Sat, 05 Mar 2022 10:11:55 +0100

In depth analysis of Kubernetes -- Chapter 5: Kubernetes arrangement principle_ Controller_ Deployment

controller Controllers follow a common choreography pattern in k8s projects: control loops Follow the following pseudocode: for { Actual state := Get objects in the cluster X Actual state of( Actual State) Expected state := Get objects in the cluster X Expected state of( Desired State) if Actual state == Expected state{ Don't do an ...

Posted by dmcdivitt on Sat, 05 Mar 2022 07:49:15 +0100