Deploy k8s

k8s deploy use kubeadm, it deploy master apiserver, scheduler, control manager and kubelet ; in k8s worker it deploy kebulet which is node agent. 

 

Taint is used to mark the speical  node e.g where master is running ; other pod will not run in this node as consequence. 

weave/calico etc network plugin need to be added 

 

k8s pod

in docker, docker container is implemented by Linux Cgroup (for limiation e.g cpu, memory), Namespace (for isolation) and rootfs (for file system). Containers in same pod shareds same network namespace and volume, it is implemented by a infra container which will create the network namespae first, and other containers in same pod join this network. 

Init container will start first than normal container;  it is called sidecar usually, e.g flunted log containee. 

 

pod is like VM, container is like the process running in the VM. Pod can select target Node byusing nodeselctor. 

POD Pending-- Yaml file has been submited saved in ETCD, some container in this pod has not been created successfully 

POD running -- Pod has been combined with a Node, and the containers has running

POD succeeded -- Pod has finsihed the work and quit successfully, you will see it if the container is job/cornjob

Pod failed  -  at leant one container is non-0 return value 

 

Pod restart policy:

Alwasy: as long as the contianer not running, it will restart , POD status will be running forever .

OnFrailure: Only restart if container falied; if a pod has mutiple container, it the pod will be in failure if all container stopped.

Nerver

 

Podpreset can be used to combine developer's yaml with other info needed in k8s yaml e.g vlume, port number

 

Pod Deployment 

bash-5.1$ ke get deployment
NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE
bsc         3             3                3               3            1y

 

Service Account 

Pod has differnet service account, some of them allow GET to Kube API, some of them is evetything. The SA info is saved as secret ; it is attached as vllume 

 

Stateful

1) pod need to be started by correct order and new created pod has same network idendtity as old one.

2) The voulme should be persistent -- acheieved by using PV

Headless service is representd by A dns hostname, and it point to the IP for the pod behind it directly. 

by using stateful controller , the pod created will be labled with number e,g web-0, web-1; if a headless service combined, then both of them will have their own dns name e.g web-0.nginx ; by this way the request to a sepcific dns will always arrive at sepcific pod. 

 

Deamonset 

a) each node has one and only has one pod ; 2) new node will be added this pod

used for logging plugin, network plugin; monitoring etc. 

 

 

 

Monitoring  

Data collected by

a) nodeexported which runs as demonset in node; it catchs cpu , memory, etc 

b) metrics about k8s component,  work queue etc 

c) core metrics, pod, node, 

Metrics based on resouce:

Utilisation 

Satruation 

Errors 

Metrics based on Service

Request Rate 

request Errors

Request Duration