Programmer Think

Authorization The above authentication process only confirms that both sides of the communication confirm that the other party is trusted and can communicate with each other. Authentication is to determine which resources the requestor has. API Server currently supports the following authorization policies (set through the startup parameter &q ...

Background summary Recently, helm3 has deployed resources in k8S/k3s clusters. In China, Alibaba, Netease and Tsinghua are always keen to be image sources. Because there are always one or another problems in domestic and foreign networks, the difference between your ability and others is how you quickly deal with such network problems, which w ...

Introduction: RocketMQ Operator: a powerful tool for RocketMQ operation and maintenance control in the cloud native era: Introduction: RocketMQ Operator has joined OperatorHub and officially entered the Operator community. Starting from practice and combining with cases, this paper will illustrate how to quickly build a RocketMQ cluster on Kub ...

background As more and more data intensive applications such as big data and AI begin to be deployed and run in Kubernetes environment, the differences between the design concept of data intensive application computing framework and the original flexible application layout of cloud lead to data access and computing bottlenecks. Cl ...

1, Life cycle of Pod The Pod follows a predefined life cycle, starting from the Pending phase. If at least one of the main containers starts normally, it enters the Running phase. Then it depends on whether any container in the Pod ends in the Failed state and enters the Succeeded or Failed phase. During Pod operation, Kubernetes can restart ...

Background introduction In some cases, we are using Kubernetes as the cloud platform for business applications. We want to realize the blue-green deployment of applications to iterate the application version. lstio is too heavy and complex, and it is positioned in flow control and grid governance; Ingress nginx introduces Canary function in ve ...

Secret A Secret is an object that contains a small amount of sensitive information, such as a password, token, or key. Such information may be placed in the Pod protocol or in the image. Using Secret means you don't need to include confidential data in your application code. (this passage comes from the official website) The use process i ...

Statefulset (II) The Kubernetes project introduces a set of API objects called Persistent Volume Claim (PVC) and Persistent Volume (PV) Define a PVC and declare the attributes of the desired Volume kind: PersistentVolumeClaim apiVersion: v1 metadata: name: pv-claim spec: accessModes: - ReadWriteOnce resources: requests: sto ...

Running logic of kubebuilder summary The following is kubebuilder's Architecture diagram . You can see that the outermost layer is driven by a component called Manager, which contains multiple components. The mapping relationship between gvk and informer is saved in the Cache, which is used to Cache kubernetes objects through informer. The Con ...

controller Controllers follow a common choreography pattern in k8s projects: control loops Follow the following pseudocode: for { Actual state := Get objects in the cluster X Actual state of( Actual State) Expected state := Get objects in the cluster X Expected state of( Desired State) if Actual state == Expected state{ Don't do an ...