-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathalgolia.json
1380 lines (1380 loc) · 369 KB
/
algolia.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
[
{
"title": "关于",
"uri": "about",
"content": "Hugo LoveIt Logo gopherize me realfavicongenerator net",
"objectID": "about",
"date": "2020-10-15T12:10:35.000Z",
"draft": false,
"lightgallery": true,
"math": {
"enable": true
}
},
{
"title": "AWS - EBS",
"uri": "posts/cloud/aws_learning/ebs",
"content": "1 AWS Elastic Block Store EBS AWS EBS Volume EC2 Instance Instance EBS Instance EBS Volume Instance Instance Instance EBS Multi Attach EBS Volume AZ EBS AZ Instance AZ EBS Snapshot Snapchat EBS 2 EBS Volume Type EBS Volume SSD iops HHD throughput Previous generation Volume 2 1 SSD SSD EBS General Purpose SSD Instance gp3 Volume gp3 3000 IOPS 125 MiB s EBS optimized Instance gp2 gp2 IO IO IO IO IO IOPS IOPS gp2 IOPS Volume Volume IOPS IO Volume IO Provisioned IOPS SSD io2 Block Express Instance io2 I O io1 io2 SSD 2 2 HDD HDD Throughput Optimized HDD st1 HDD st1 Volume IO Cold HDD sc1 HDD sc1 Volume IO CloudWatch EBS BurstBalance gp2 st1 sc1 3 EBS 3 1 Volume State Volume State Volume Creating Volume Available Volume Attach In use Volume Attach Deleting Volume Deleted Volume Error Volume 3 2 Attach Volume Attach Volume Instance Instance Available Volume Instance Volume AZ 3 3 Multi Attach Multi Attach Volume io1 io2 AZ Instance Multi Attach Instance Volume Instance Volume Multi Attach 3 4 Detach Volume Attach Volume Detach Volume Instance Instance umount Detach Volume Volume Attachment busy Volume umount Volumes AvailabilityZone us west 2b Attachments AttachTime 2016 07 21T23 44 52 000Z InstanceId i fedc9876 VolumeId vol 1234abcd State busy DeleteOnTermination false Device dev sdf Volume Attachment detaching Force Detach Instance cache metadata 3 5 Delete Volume Delete Volume Volume Volume Volume Attach 3 6 Restore Root Volume Restore Root Volume Instance Root Volume Snapshot Volume Replacement Task Task 4 EBS 4 1 EBS Volume Volume 5min IO 5min Volume impaired Volume IO IO IO Volume Auto Enable IO IO IO 1min IO CloudWatch 5min Volume IO io io2 gp3 IO IO ok warning impaired IO insufficient data 4 2 Volume Volume Volume Volume Awaiting Action Enable IO IO IO Enabled IO IO Auto Enabled Auto Enable IO IO Normal Degraded Severely Degraded Stalled 5 EBS Snapshot 5 1 Volume Snapshot Snapshot Snapshot Snap Snap B Snap Snap A 20GiB Snapshot 14GiB Snapshot Snapshot Snapshot Snap Snap Snap 4GiB 6GiB Snap B Snapshot S3 Snapshot 5 2 5 2 1 Volume Volume Snapshot ID Snapshot Volume AZ Snapshot Snapshot AZ AZ Snapshot Volume Volume S3 IO Volume 5 2 2 Snapshot Snapshot AZ Snapshot Encrypted Snapshot S3 S3 5 2 3 Snapshot Standard tier Snapshot Standard tier Archive tier Snapshot Archive tier Archive tier Snapshot 75 Snapshot Snapshot Standard tier 72h Snapshot 6 EBS 6 1 Modify Volume EBS Volume Volume Type Size IOPS Throughput Umount Detach Volume Volume Type Volume Type Modify Volume Volume type Size Volume modifying optimizing completed ",
"objectID": "posts/cloud/aws_learning/ebs",
"date": "2022-05-25T13:43:54.000Z",
"description": "",
"weight": 4,
"draft": false,
"author": "Shiori",
"lightgallery": true,
"tags": [
"aws"
],
"categories": [
"AWS 学习"
]
},
{
"title": "AWS - EKS",
"uri": "posts/cloud/aws_learning/eks",
"content": "1 EKS EKS Control Plane Kubernetes ETCD APIServer AWS AWS ELB ELB APIServer EKS Node EKS Node EC2 Instance APIServer Endpoint 1 1 EKS eksctl EKS AWS Console Web EKS AWS CLI AWS API EKS EKS External Service AWS CLI NodeGroup 1 2 Kubernetes AWS EKS AWS Kubernetes Node Node AWS Update EKS Kubernetes Version 1 3 Addon Addon AWS EKS EKS Addon AWS CLI addon aws eks describe addon versions Addon VPC CNI CoreDNS kube proxy EBS CSI 2 Node EKS Worker Node Managed Node Group Node Group EC2 Instance Kubernetes Node Group Node Node Group Node Node Group EC2 ASG Node Group ASG Self Managed Node EC2 Instance Kubernetes AWS Fargate Managed Node Group Managed Node Group 2 1 Node Auto Scale EKS AutoScaling Kubernetes Cluster AutoScaler AWS Scale Group Instance Karpenter EC2 fleet Instance 2 1 1 Cluster AutoScaler Cluster AutoScaler ASG Instance Cluster Autoscaler IAM Policy Cluster AutoScaler Role Policy Trust Relationship EKS OIDC Provider ID AssumeRole Cluster AutoScaler RBAC ServiceAccount annotation Role kubectl annotate serviceaccount cluster autoscaler eks amazonaws com role arn arn aws iam ACCOUNT_ID role AmazonEKSClusterAutoscalerRole eksctl create iamserviceaccount Role ServiceAccount Cluster AutoScaler 3 Storage AWS EBS Kubernetes StorageClass PV AWS EBS EBS io1 gp2 gp3 sc1 st1 Kubernetes AWS EBS CSI EBS StorageClass Kubernetes EBS CSI Kubernetes EBS CSI AWS EBS Kubernetes EBS CSI StorageClass Provisioner PV EBS CSI 3 1 EBS CSI EBS CSI Addon EBS CSI EKS AWS CLI Helm YAML EBS CSI Driver StorageClass provisioner ebs csi aws com AWS EBS CSI kind StorageClass apiVersion storage k8s io v1 metadata name gp3 provisioner ebs csi aws com allowVolumeExpansion true volumeBindingMode WaitForFirstConsumer parameters type gp3 fsType ext4 iops 4000 throughput 400 3 2 EFS EBS EFS Pod EFS Pod EFS EFS EFS CSI Helm YAML EFS CSI StorageClass kind StorageClass apiVersion storage k8s io v1 metadata name efs sc provisioner efs csi aws com parameters provisioningMode efs ap fileSystemId fs 92107410 directoryPerms 700 gidRangeStart 1000 optional gidRangeEnd 2000 optional basePath dynamic_provisioning optional 4 Network EKS 4 1 Control Plane Control Plane VPC AWS EKS EKS Node VPC Subnet AWS Subnet Control Plane ENI ENI Node APIServer 4 2 Node Node VPC EKS VPC Node Group Node VPC Subnet 4 3 Pod Node Pod Subnet IP Pod Node Pod IP Secondary IP Node ENI Pod Node SecurityGroup Pod EKS Pod Pod VPC Subnet CNI 4 4 Service Service Node Pod LoadBalancer Ingress AWS ELB ALB Service Ingress AWS Load Balancer Controller ELB ALB AWS Load Balancer Controller EKS Addon 5 Security 5 1 APIServer EKS APIServer Public APIServer APIServer IP Kubernetes VPC APIServer VPC AWS Public Private APIServer APIServer IP Public VPC APIServer VPC Private APIServer VPC APIServer VPC APIServer AWS IAM Kubernetes RBAC 5 2 APIServer APIServer APIServer APIServer EKS APIServer Kubernetes IAM Entity Kubernetes AWS User Role APIServer Kubernetes EKS APIServer Webhook Token Webhook Service AWS STS STS IAM kubectl aws eks get token STS Token kubectl APIServer HTTP Head Token APIServer STS Token STS IAM EKS 5 3 Kubernetes RBAC ",
"objectID": "posts/cloud/aws_learning/eks",
"date": "2022-05-02T14:01:07.000Z",
"description": "",
"weight": 4,
"draft": false,
"author": "Shiori",
"lightgallery": true,
"tags": [
"aws"
],
"categories": [
"AWS 学习"
]
},
{
"title": "AWS - ELB",
"uri": "posts/cloud/aws_learning/elb",
"content": "1 LB LB Domain LB Client LB LB IP AZ IP LB Region AZ LB AZ LB Listener LB Listener Port Listener Client LB Port Target Rule ALB Listener Rule HTTP Path HTTP Method Target Group Listener Target Group Target Target Instance 2 Domain LB Scheme Internet facing LB Public IP Publich Subnet Internal LB Private IP LB Domain LB Domain Subnet Public Private IP LB Domain elb amazonaws com 3 Listener Listener Domain Protocol Port Domain Protocol Port Listener Listener Protocol ALB Protocol HTTP HTTPs NLB Protocol TCP TCP_UDP TLS UDP Port Port Default Action Target Group 3 1 Rule ALB Listener Rule HTTP 80 Listener HTTP Path Rule Host Header HTTP Header Header HTTP Request Method Method Path Path Query string Source IP IP Rule Listener Default Action Rule 4 Target Group Listener Rule Target Group Target Group Target Group Instance EC2 Instance LB Subnet EC2 Instance IP IPv4 Lambda Lambda ALB ALB ALB Target Group Port Listener Port Target Group Port Target 4 1 Health Check Target Group Health Check LB Target Health Check Healthy Unhealthy Health Check Healthy threshold Unhealthy Healthy Health Check Healthy threshold Target Unhealthy LB Target Healthy Health Check TCP TCP HTTP HTTP Path HTTP Code HTTP HTTPs Path HTTP Code UDP NLB TCP 5 Application Load Balancer ALB VPC AZ Subnet LB Subnet ENI LB IP nslookup LB Subnet ENI IP LB ENI LB Security Group LB 5 1 LB LB provisioning LB active LB active_impaired LB failed LB 5 2 Access Log ELB Access Log LB Access Log AWS S3 bucket S3 ELB 5min LB Access Log AWSLogs elasticloadbalancing elasticloadbalancing__ log gz IP Access Log Entry http 2018 07 02T22 23 00 186641Z app my loadbalancer 50dc6c495c0c9188 192 168 131 39 2817 10 0 0 1 80 0 000 0 001 0 000 200 200 34 366 GET http www example com 80 HTTP 1 1 curl 7 46 0 arn aws elasticloadbalancing us east 2 123456789012 targetgroup my targets 73e2d6bc24d8a067 Root 1 58337262 36d228ad5d99923122bbe354 0 2018 07 02T22 22 48 364000Z forward 10 0 0 1 80 200 5 3 Deletion Protection LB Deletion Protection Deletion Protection LB 5 4 Connection idle timeout Client LB Client LB LB Target idle timeout LB idle timeout 60s LB Target HTTP keep alive 5 5 Desync mitigation mode LB HTTP LB Target Desync mitigation mode Target HTTP LB httpdesyncguardian desync mitigation mode Classifications Monitor mode Defensive mode Strictest mode Compliant Allowed Allowed Allowed Acceptable Allowed Allowed Blocked Ambiguous Allowed Allowed Blocked Severe Allowed Blocked Blocked 5 6 HEAD ALB X Forwarded HTTP HEAD Target X Forwarded For Client IP LB Target Target IP ALB Target HTTP HEAD X Forwarded For Target IP X Forwarded For Client X Forwarded Proto Client ALB X Forwarded Port Client ALB A Za z0 9 HTTP HEAD ALB HTTP HEAD 5 7 Sticky Sessions ALB Target Sticky Sessions Session Target Session Target Sticky Sessions Cookie ALB Cookie ALB Client Target AWSALB Cookie Cookie 7 ALB Client Client AWSALB Cookie Target Target unhealthy Target Cookie C",
"objectID": "posts/cloud/aws_learning/elb",
"date": "2021-12-04T13:13:45.000Z",
"description": "ELB ALB NLB",
"weight": 4,
"draft": false,
"author": "Shiori",
"lightgallery": true,
"tags": [
"aws"
],
"categories": [
"AWS 学习"
]
},
{
"title": "AWS - IAM",
"uri": "posts/cloud/aws_learning/iam",
"content": "AWS AWS IAM IAM Authentication Authorization Entity User User Group Role Entity 1 AWS AWS AWS API Console Username Password CLI Access Key Secret Key AK SK SDK AK SK AWS Service Assume Role API Region AWS API IAM CloudTrail API SK SK AWS AK SK AK 5min AK SK AK SK AWS 2 Root User IAM User User Group 2 1 Root User AWS Account Root User Root User MFA AWS Organization Account Root User Service Control Policy Account Root User Admin IAM User Admin IAM User IAM User 2 2 IAM User IAM User AWS IAM IAM Policy IAM User Username Password AK SK IAM User AK SK IAM User User 2 3 User Group User User User Group IAM Policy Group Group User 2 4 Service Control Policy AWS Organization Account Organization Service Control Policy Account Account Entity Policy Root User Service Control Policy Policy IAM Policy 3 Policy Policy Policy User Role AWS Policy Policy Resource based Policy Version 2012 10 17 Statement Action ec2 Effect Allow Resource Effect Allow Action iam CreateServiceLinkedRole Resource Condition StringEquals iam AWSServiceName autoscaling amazonaws com ec2scheduled amazonaws com elasticloadbalancing amazonaws com spot amazonaws com spotfleet amazonaws com transitgateway amazonaws com Statement Effect Allow Deny Action NotAction API ec2 start Resource NotResource ARN Condition Principal Resource based Policy User Service Resource Principal Resource Principal Principal Condition 3 1 Policy Policy AWS AWS User Role Policy Policy Identity based Policy Policy User Role Resource based Policy Policy S3 Bucket Policy Entity Lambda Policy Entity Lambda 4 Role User Username Password AK SK Role AWS Assume Role AWS User User User Assume Role AWS Role Role Policy Role User Service Assume Role Assume Role Revoke Role Policy Role User Resource User Resource Role 4 1 Trust Relationship User Service Assume Role Role Role Trust Relationship Assume Role Trust Relationship Policy sts AssumeRole sts AssumeRoleWithWebIdentity API Assume Version 2012 10 17 Statement Effect Allow Principal Service ec2 amazonaws com Action sts AssumeRole 4 2 Session Policy Assume Role Session Policy Assume Role Policy Session Policy 4 3 Assume Role Assume Role sts AssumeRole sts AssumeRoleWithWebIdentity API Trust Relationship IAM Policy Assume User Service AK SK Token AWS AWS STS 5 Permission Boundary Admin User Entity Policy IAM User User Permission Boundary Entity Policy User Role Permission Boundary Permission Boundary Permission Boundary User Role User Policy iam CreateUser API Permission Boundary Effect Allow Action User API iam CreateUser Condition StringEqua1s iam permissionsBoundary arn aws iam ACCOUNT_ID policy PolicyX Permission Boundary Policy 6 Policy IAM Policy Identity based Policy Resource based Policy Session Policy Permission Boundary Service Control Policy IAM API Policy Policy Deny Deny ",
"objectID": "posts/cloud/aws_learning/iam",
"date": "2021-12-01T13:47:56.000Z",
"description": "AWS IAM 相关概念",
"weight": 4,
"lightgallery": true,
"author": "Shiori",
"tags": [
"aws"
],
"categories": [
"AWS 学习"
]
},
{
"title": "AWS - KMS",
"uri": "posts/cloud/aws_learning/kms",
"content": "1 Key Management Service KMS KMS KMS AWS KMS AWS Envelope Encryption KMS KMS Key Data Key AWS Data Key KMS Key Data Key Master Key Data Key KMS Data Key Data Key Data Key KMS KMS KMS HSM KMS Key Data Key KMS KMS Key KMS Key S3 KMS S3 2 2 1 KMS Key KMS KMS Key KMS KMS KMS Key ID KMS Key KMS 2 1 1 KMS Customer managed key KMS Key Rotate AWS managed key AWS KMS AWS Customer managed key AWS managed key AWS managed key AWS managed key AWS owned key AWS AWS AWS owned key 2 1 2 KMS KMS AWS KMS Data Key KMS KMS KMS 2 2 Enable Disable KMS Key Enabled KMS Key KMS Key KMS Key Key Key 2 3 Rotate 2 3 1 KMS KMS Key KMS KMS Key KMS Key KMS Data Key 2 3 2 KMS Key KMS Key KMS Key Key Key ID ARN KMS Key KMS Key Rotate manually 2 4 Delete Key KMS Key KMS Key AWS KMS Key Disable Key 30 7 30 KMS Key Pending deletion KMS Key Rotate Pending deletion KMS Key kms CancelKeyDeletion API 2 5 Multi Region Key KMS Key Regional Region KMS Multi Region KMS Key Multi Region Key primary key replica key KMS Key Multi Region Region KMS Key primary key Region replica key primary key replica key Key Policy Grant Alias Tag Region Key Region Key 3 KMS Key KMS KMS Key KMS API Encrypt KMS Key aws kms encrypt key id plaintext CiphertextBlob KeyId EncryptionAlgorithm SYMMETRIC_DEFAULT Decrypt aws kms decrypt key id ciphertext blob KeyId Plaintext aGVsbG8K EncryptionAlgorithm SYMMETRIC_DEFAULT 4 Alias KMS Key Key ID Alias Key Alias KMS Key Alias ARN Alias KMS Key Alias KMS Key Alias KMS Key Alias KMS Key KMS Key Alias Alias KMS Key KMS Key Alias Alias KMS API Alias alias Alias Regional Resource Region Alias Alias Region AWS managed key Alias alias aws Alias KMS Key kms RequestAlias KMS API Alias Key ID kms ResourceAliases KMS API KMS Key Alias Key ID 5 KMS Key IAM Policy Key Policy KMS Key Grant Entity KMS 5 1 Key Policy Key Policy KMS Key KMS Key Key Policy KMS Key Key Policy Version 2012 10 17 Statement Sid Describe policy statement Effect Allow Principal AWS arn aws iam 111122223333 user Alice Action kms DescribeKey Resource Condition StringEquals kms KeySpec SYMMETRIC_DEFAULT 5 2 Grant Grant KMS Key Grant KMS Key Entity Grant AWS KMS Key Grant Grant KMS Key Grant Grant KMS Key Grant Grant Token 5 2 1 Grant KMS CreateGrant API Grant Name Grant Key ID KMS Key ID Operations Grantee principal Entity Role User Retiring principal Entity Constraints aws kms create grant key id 1234abcd 12ab 34cd 56ef 1234567890ab grantee principal arn aws iam 111122223333 user exampleUser operations Decrypt retiring principal arn aws iam 111122223333 role adminRole constraints EncryptionContextSubset Department IT 5 2 2 Grant Constraint Grant Constraint 5 2 3 Grant Token Grant Grant Token Grant Token Grant ",
"objectID": "posts/cloud/aws_learning/kms",
"date": "2022-05-05T13:21:14.000Z",
"description": "",
"weight": 4,
"draft": false,
"author": "Shiori",
"lightgallery": true,
"tags": [
"aws"
],
"categories": [
"AWS 学习"
]
},
{
"title": "AWS - Private Link",
"uri": "posts/cloud/aws_learning/private-link",
"content": "1 AWS VPC Service VPC Service VPC Peering VPC Transit Gateway VPC Private Link Endpoint Service AWS VPC Peering Transit Gateway C S Private Link Client Endpoint Service C S Saas Service Private Link Endpoint AWS Service Gateway Endpoint Interface Endpoint Endpoint Service Saas Service Gateway Load Balancers Gateway Load Balancer 2 Endpoint 2 1 Interface Endpoint AWS Service Interface Endpoint Interface Endpoint AWS Subnet ENI DNS IP Service S3 Interface Endpoint Endpoint Security Group Interface Endpoint Service VPC Subnet aws ec2 create vpc endpoint vpc id vpc 1a2b3c4d vpc endpoint type Interface service name com amazonaws us east 1 s3 subnet ids subnet 7b16de0c security group id sg 1a2b3c4d tag specifications ResourceType vpc endpoint Tags Key service Value S3 Subnet Service ENI Endpoint DNS name aws ec2 describe vpc endpoints vpc endpoint id vpce 099deb00b40f00e22 query VpcEndpoints DnsEntries DnsName vpce 0e5d025c8b9244b00 frjqbhg9 s3 us west 2 vpce amazonaws com HostedZoneId Z1YSA3EXCYUU9Z DnsName vpce 0e5d025c8b9244b00 frjqbhg9 us west 2b s3 us west 2 vpce amazonaws com HostedZoneId Z1YSA3EXCYUU9Z DnsName vpce 0e5d025c8b9244b00 frjqbhg9 us west 2a s3 us west 2 vpce amazonaws com HostedZoneId Z1YSA3EXCYUU9Z Regional DNS name endpointid serviceid region vpce amazonaws com Zonal DNS name endpointid serviceid az region vpce amazonaws com Domain S3 Domain bucket dns_name aws s3 ls s3 bucket endpoint url https bucket vpce 0e5d025c8b9244b00 frjqbhg9 us west 2a s3 us west 2 vpce amazonaws com endpoint url Endpoint Service Route53 Region S3 Domain Alias Endpoint DNS AZ Domain Subnet ENI IP Region Domain ENI IP 2 2 Gateway Endpoint Gateway Endpoint S3 DynamoDB Private Link Gateway Endpoint Interface Endpoint Route Table Gateway Endpoint Route Table Gateway Endpoint VPC VPC S3 Gateway Endpoint Gateway Endpoint VPC Route Table aws ec2 create vpc endpoint vpc id vpc 1a2b3c4d service name com amazonaws us east 1 s3 route table ids rtb 11aa22bb Route Table Route Endpoint ID aws ec2 describe route tables route table ids rtb 11aa22bb jq RouteTables 0 Routes DestinationCidrBlock 10 0 0 0 16 GatewayId local Origin CreateRouteTable State active DestinationCidrBlock 0 0 0 0 0 GatewayId igw 062a0bf05cf1a616a Origin CreateRoute State active DestinationPrefixListId pl 68a54001 GatewayId vpce 049adc53b12f5de85 Origin CreateRoute State active Prefix List S3 Endpoint URL S3 Gateway Endpoint aws ec2 describe prefix lists prefix list ids pl 68a54001 PrefixLists Cidrs 3 5 76 0 22 3 5 80 0 21 18 34 48 0 20 52 92 128 0 17 52 218 128 0 17 PrefixListId pl 68a54001 PrefixListName com amazonaws us west 2 s3 3 Endpoint Service Endpoint AWS Service AWS Service Private Link Endpoint Service 3 1 Service Provider Service Provider Endpoint Service NLB GLB NLB GLB Endpoint Service Endpoint Service Service NLB aws ec2 create vpc endpoint service configuration network load balancer arns arn aws elasticloadbalancing us east 1 123456789012 loadbalancer net nlb vpce e94221227f1ba532 acceptance required privateDnsName exampleservice com acceptance required Service Provider privateDnsName DNS name DNS name Endpoint Service Endpoint Service Service AWS Account IAM User IAM Roles ARN Endpoint Service aws ec2 modify vpc endpoint service permissions service id vpce svc 03d5ebb7d9579a2b3 add allowed principals arn aws iam 123456789012 user admin Endpoint Service AWS DNS name vpce amazonaws com Endpoint Service DNS Consumer Interface Endpoint Service AWS DNS name vpce amazonaws com Region vpce amazonaws com Zone 3 2 Service Consumer Service Consumer Interface Endpoint Provider Endpoint Service Interface Endpoint Service ID Provider Provider DNS name Consumer DNS private dns enabled AWS PrivateLink Blog VPC Endpoint ",
"objectID": "posts/cloud/aws_learning/private-link",
"date": "2022-07-11T12:03:39.000Z",
"description": "",
"weight": 4,
"draft": false,
"author": "Shiori",
"lightgallery": true,
"tags": [
"aws"
],
"categories": [
"AWS 学习"
]
},
{
"title": "AWS - 地理概念",
"uri": "posts/cloud/aws_learning/region-and-az",
"content": "1 Region Data Center DC AWS DC Region us west us east eu west Region Region Regional Zonal Regional Service Region AZ AWS Service 2 Available Zone Region Available Zone AZ AZ DC us west 1 us west 2 Region AZ AZ 3 Region AZ DC Region AZ AZ AZ IDC Region AZ 4 Edge Location Edge Location CloudFront Route53 Edge Location 5 AWS aws amazon com 21 Region Region AWS amazonaws cn Region govcloud",
"objectID": "posts/cloud/aws_learning/region-and-az",
"date": "2021-06-23T14:13:47.000Z",
"description": "Region、AZ、DC",
"weight": 4,
"draft": false,
"author": "Shiori",
"lightgallery": true,
"tags": [
"aws"
],
"categories": [
"AWS 学习"
]
},
{
"title": "AWS - S3",
"uri": "posts/cloud/aws_learning/s3",
"content": "1 Storage Type S3 S3 Standard S3 Intelligent Tiering S3 Standard IA AZ S3 One Zone IA AZ S3 Glacier 1 5 S3 Deep Archive 12 Amazon S3 2 2 1 S3 Lifecycle S3 Lifecycle Bucket Transition Storage Type 30 S3 Standard IA 1 S3 Glacier Expiration S3 S3 Lifecycle CLI JSON Rules Filter Prefix documents Status Enabled Transitions Days 365 StorageClass GLACIER Expiration Days 3650 ID ExampleRule Filter Bucket prefix tag Status Transitions Enabled Disabled Transition Expiration Expiration 2 1 1 Transition Transition Storage Type 2 1 2 Expiration Expiration S3 HEAD GET HTTP HEAD 2 2 Object Lock Object Lock Object Lock Retention period Legal hold Legal hold Object Lock Bucket Object Lock Object 2 2 1 S3 Bucket Object Lock Bucket AWS CLI SDK Object Lock Console object properties Retention Period Legal hold 2 2 2 Retention Period Retention Period Governance mode IAM User Compliance mode User root user object Retention Period Retention Period S3 Retain Until Date object object Retention Period object version object version object 15 object S3 60 S3 60 object object object Retan Until Date 2 2 3 Legal hold Legal hold object version Legal hold 2 3 Replication Replication Object Replication Object Object Object Object Storage Type Bucket Storage Type Replication Object Bucket Object Object Object Bucket Object owner override Object Object Region Region Bucket Replication Object 15 Object S3 Replication Time Control RTC Replication S3 RTC 15 S3 99 99 2 3 1 Replication Bucket Region Region Bucket Region Bucket Bucket Version Control S3 Bucket Bucket Bucket Object READ READ_ACP Object ACL Bucket Object Lock Bucket Object Lock Bucket Bucket Bucket Object AWS Bucket Requester Pays Bucket 2 3 2 S3 Bucket Replication Object Object SSE S3 SSE KMS Object Object Object Bucket Object Object ACL Object Tag Object Lock S3 Bucket Replication Object S3 Object Object Bucket Bucket B Bucket B Bucket C Bucket B Object Bucket C Object Replication Bucket S3 Object SSE C Object AWS S3 Glacier S3 Glacier Deep Archive Object Bucket Object S3 Lifecycle Lifecycle Object Replication Object AWS Support 2 4 Batch Operation S3 Batch Operation S3 S3 Batch Operation Job S3 Batch Operation Job Job Job Object Operation Object Object Object Job Operation Task Task Job Task S3 Lambda API Job Batch Operation Object Task Manifest Job Object 2 4 1 Batch Operation Job Operation Object Manifest Object Manifest S3 Bucket Priority Job Job Job RoleArn Job IAM Role Report Tags Description Batch Operation Manifest Job S3 Job ID 2 4 2 Batch Operation Copy Manifest Object Region Bucket Object Invoke AWS Lambda function AWS Lambda Manifest Object Batch Operation Object Lambda LambdaInvoke API Replace object tags Manifest Object Tag Delete object tags Manifest Object ",
"objectID": "posts/cloud/aws_learning/s3",
"date": "2021-12-06T13:07:09.000Z",
"description": "",
"weight": 4,
"draft": false,
"author": "Shiori",
"lightgallery": true,
"tags": [
"aws"
],
"categories": [
"AWS 学习"
]
},
{
"title": "AWS - VPC 与 Service 通信",
"uri": "posts/cloud/aws_learning/vpc-and-aws",
"content": "1 VPC Peering VPC Peering VPC VPC Region AWS VPC Peering VPC VPC Instance RDS VPC VPC Peering VPC1 VPC2 VPC3 1 1 VPC Peering VPC Peering VPC VPC VPC Peering VPC Requester VPC VPC VPC Peering Accepter VPC Route Table VPC VPC Peering Destination Target Status Propagated 172 31 0 0 16 pcx 1353251 Active No Network ACL Instance Security Group IP VPC 1 2 VPC Peering VPC Peering 1 3 VPC Peering VPC Peering VPC VPC Peering VPC VPC Peering VPC B Accept VPC Peering Route Table VPC Subnet Route Table VPC Destination Peering ID pcx xxxx Network ACL Subnet Network ACL Security Group Instance Security Group 2 Transit Gateway Transit Gateway TGW VPC IP TGW VPC Transit Gateway Attachment Attachment VPC TGW Transit Gateway Route Table TGW Route Table TGW Associations Associations Attachment Route Table Attachment Route Table Route Table Attachment Route propagation Attachment Route Table 2 2 Attachment Attachment VPC Transit Gateway VPC Subnet Connect SD WAN Direct Connect Transit Gateway Peering Transit Gateway VPN 2 2 1 VPC Attach VPC AZ Subnet TGW Subnet Route Table Attach VPC Attachment VPC TGW Subnet Subnet Route Table TGW ID Destination Target Status Propagated 10 99 99 0 24 tgw 0b20f516255224ace Active No Attachment Subnet ENI ENI TGW 2 2 2 Transit Gateway Peering Transit Gateway Peering TGW TGW VPC Peering TGW Peering Peering TGW Peering TGW Route Table TGW Peering Attachment Peering Connection TGW TGW Route Table Attachment ID Destination Target Status Propagated 17 31 0 0 24 tgw attach 069fe98e37eb88937 Active No 2 3 Route Table TGW TGW Route Table TGW Route Table 2 3 1 Association TGW Route Table Association Route Table Attachment Route Table Route Table Attachment TGW Route Table Attachment TGW Route Table Association Attachment Route Table Attachment TGW Attachment Attachment Route Table Attachment 2 3 2 Route propagation Route propagation Attachment Route Table Route type Propagated VPC Attachment Route Table VPC CIDR CIDR Attachment ID Resource ID Resource type Route type 10 0 0 0 24 tgw attach 053ad9590c5ceba7c vpc 04547264eb685fb15 VPC Propagated Direct Connect BGP Route Table Connect Attachment Connect Attachment VPC 2 3 3 Prefix list references Prefix list Prefix list CIDR 2 4 Multicast TGW Multicast Attachment 3 Endpoint Private Link Route Table Route Table Subnet AWS AWS Rule Target Rule Target vpc endpoint id Endpoint Endpoint Service Endpoint Instance Private IP Service Endpoint Service Network Interface Endpoint Subnet Service Endpoint Gateway Endpoints Interface Endpoints Gateway Load Balancer Endpoints Private Link 3 1 Gateway Endpoint Gateway Endpoint AWS S3 DynamoDB Endpoint S3 DynamoDB Gateway Endpoint Gateway Endpoint Endpoint Gateway DynamoDB S3 Route Table Endpoint vpce id Destination Target Status Propagated pl 6ea54007 vpc a2984bc5 Active No Instance Service Endpoint 3 2 Interface Endpoint AWS Service Interface Endpoint Interface Endpoint Network Interface Private IP Private DNS Interface Endpoint Endpoint AWS Instance Private IP Private DNS Service Interface Endpoint S3 DynamoDB Service 3 3 Gateway Load Balancer Endpoint Gateway L",
"objectID": "posts/cloud/aws_learning/vpc-and-aws",
"date": "2021-11-29T13:15:05.000Z",
"description": "",
"weight": 4,
"draft": false,
"author": "Shiori",
"lightgallery": true,
"tags": [
"aws"
],
"categories": [
"AWS 学习"
]
},
{
"title": "AWS - VPC 与 Internet 通信",
"uri": "posts/cloud/aws_learning/vpc-and-internet",
"content": "1 Internet Gateway Internet Gateway VPC Instance Internet Gateway Internet Gateway VPC Instance IP Public IP Elastic IP IPv6 Route Table Instance Internet Gateway Security Group Network ACL Instance Internet Gateway Public IP Private IP Outbound Internet Gateway Private IP Public IP Elastic IP Inbound Internet Gateway Public IP Elastic IP Private IP Instance Public IP Elastic IP Internet Gateway Instance IP IP IP 2 Egress only Internet Gateway Instance IPv6 Internet Gateway IPv6 IPv6 Instance Egress only Internet Gateway IPv6 Instance Client Server Egress only Internet Gateway response Instance 3 NAT Device NAT Device Private Subnet Instance Internet NAT Device IP NAT Device Elastic IP NAT Device Instance",
"objectID": "posts/cloud/aws_learning/vpc-and-internet",
"date": "2021-11-29T13:12:48.000Z",
"description": "Internet Gateway、NAT Device",
"weight": 4,
"draft": false,
"author": "Shiori",
"lightgallery": true,
"tags": [
"aws"
],
"categories": [
"AWS 学习"
]
},
{
"title": "AWS - VPC 基本概念",
"uri": "posts/cloud/aws_learning/vpc",
"content": "1 VPC Subnet VPC Virtual Private Cloud Subnet VPC Region CIDR Block IP Subnet VPC AZ AZ EC2 Instance Subnet 1 1 Default Nondefault Region Default VPC Default VPC Internet Gateway Default Network ACL AZ Default Subnet Instance VPC Default VPC Default Subnet VPC Subnet Nondefault VPC Nondefault Subnet 1 2 Public Private Internet Gateway Subnet Public Subnet Private Subnet VPC Internet Gateway Public VPC Private VPC 2 IP Private IP VPC IP Instance Private IP Public IP AWS Public IP IP Instance Subnet Auto assign public IPv4 address Instance Instance Public IP Elastic IP IP Elastic IP Instance Instance VPC IPv6 Instance IPv6 IPv6 IP IPv4 IPv6 3 Route Table VPC Route Table Main Route Table VPC Route Table Subnet Main Route Table Custom Route Table Route Table Subnet Custom Route Table Main Route Table Route Table Subnet Route Table Subnet Gateway Route Table Internet Gateway Local Gateway Route Table Local Gateway 3 1 Route Rule Route Table Route Rule Destination Target Status Propagated 172 31 0 0 16 local Active No 0 0 0 0 0 igw 3518715d Active No Destination 0 0 0 0 0 CIDR pl id Prefix Lists Target local Subnet igw id Internet Gateway nat gateway id NAT Device vgw id Virtual Private Gateway lgw id Outposts Local Gateway cagw id Carrier Gateway pcx id VPC Peering Connection eigw id Egress only Internet Gateway tgw id Transit Gateway eni id Network Interface vpce id Gateway Endpoint vpc endpoint id VPC Endpoint Propagated Virtual Private Gateway Route Table Subnet VPC Subnet Route Table Subnet AWS 4 Elastic Network Interface ENI Elastic Network Interface VPC Private IP Public IP ENI ENI Private IP Public Elastic IP Public IP Private IP IPv6 MAC Security Group Instance ENI Primary Network Interface Instance ENI Instance ENI Primary ENI Instance ENI Instance IP Security Group Instance ENI 5 Security Group Security Group ENI Inbound rules Outbound rules Inbound rules ENI Inbound rules Outbound rules ENI Rule Type Protocol Port Range Destination Source Description SSH TCP 22 0 0 0 0 0 Allow SSH Type Protocol TCP UDP ICMP Port Range ALL Destination Source Inbound Rule Source Outbound Rule Destination Security Group Outbound Inbound Inbound Outbound Source IP Port Destination IP Port NAT 6 Network ACL Network ACL Subnet Inbound rules Outbound rules Inbound rules Subnet Allow Deny Outbound rules Subnet Allow Deny VPC ACL ACL Subnet ACL VPC ACL Subnet ACL ACL ACL Security Group Network ACL Inbound Outbound rules Network ACL Rule Rule Number Type Protocol Port Range Destination Source Allow Deny 100 Custome TCP TCP 123 0 0 0 0 0 Allow traffic 0 0 0 0 0 Deny Rule Number Type Protocol Port Range Destination Source Inbound Rule Source Outbound Destination Allow Deny Rule Number Rule Allow Deny Rule 100 Rule 5 VPC DNS VPC Route 53 Resolver DNS Instance IP IPv6 DNS IP IP Private DNS VPC IP Region us east 1 ip ec2 internal Region ip compute internal Public DNS Region us east 1 ec2 compute 1 amazonaws com Region ec2 region compute amazonaws com VPC enableDnsSupport DNS VPC enableDns",
"objectID": "posts/cloud/aws_learning/vpc",
"date": "2021-06-25T14:13:47.000Z",
"description": "VPC 基本概念,包括:VPC、Subnet、ENI、ACL、Security Group 等",
"weight": 4,
"draft": false,
"author": "Shiori",
"tags": [
"aws"
],
"categories": [
"AWS 学习"
]
},
{
"title": "容器网络总结",
"uri": "posts/cloud/cloud_native/docker/how_docker_work/container-network-summary",
"content": "docker 1 docker 5 bridge bridge iptables host net namespace overlay docker daemon overlay docker daemon macvlan macvlan none driver net namespace docker ubuntu 20 04 5 4 0 52 generic docker docker version Client Version 19 03 8 API version 1 40 Go version go1 13 8 Git commit afacb8b7f0 Built Wed Oct 14 19 43 43 2020 OS Arch linux amd64 Experimental false Server Engine Version 19 03 8 API version 1 40 minimum version 1 12 Go version go1 13 8 Git commit afacb8b7f0 Built Wed Oct 14 16 41 21 2020 OS Arch linux amd64 Experimental false containerd Version 1 3 3 0ubuntu2 GitCommit runc Version spec 1 0 1 dev GitCommit docker init Version 0 18 0 GitCommit 2 2 1 cgroup namespace 2 2 docker net namespace namespace host container net namespace net namespace iptables net_filter net namespace namespace docker net namespace namespace namespace mount mount nsfs run docker netns 9779108cb6b0 type nsfs rw net namespace netns inode inode docker top br0_container UID PID PPID C STIME TTY TIME CMD root 92658 92640 0 Nov06 pts 0 00 00 00 bin bash ls lhi proc 92658 ns net 474863 lrwxrwxrwx 1 root root 0 Nov 7 12 42 proc 92658 ns net net 4026532287 inode net inode ls lhi run docker netns 9779108cb6b0 4026532287 r r r 1 root root 0 Nov 6 19 47 run docker netns 9779108cb6b0 net namespace namespace 2 3 bridge bridge bridge bridge brdige IP bridge IP IP net_filter bridge Linux bridge 2 4 veth pair veth pair veth veth veth pair net namespace net namespace veth veth bridge bridge veth pair Linux veth 2 5 macvlan macvlan mac ip net namespace macvlan bridge private macvlan macvlan Linux interfaces virtual networking 3 Bridge 3 1 Bridge 1 bridge docker docker network create driver bridge subnet 192 168 100 0 24 ip range 192 168 100 0 26 gateway 192 168 100 1 opt com docker network bridge name mybr0 mybridge0 2e61a7dc333c1bc61d9cb86503ce4cd5a7435977ea2f9b7cc97fc71ae0e2bb93 driver bridge driver subnet 192 168 100 0 24 bridge ip range 192 168 100 0 26 ip gateway 192 168 100 1 IP opt com docker network bridge name mybr0 bridge mybridge0 docker network ifconfig bridge bridge IP gateway IP ifconfig mybr0 flags 4099 mtu 1500 inet 192 168 100 1 netmask 255 255 255 0 broadcast 192 168 100 255 ether 02 42 46 8a cf 34 txqueuelen 0 Ethernet RX packets 0 bytes 0 0 0 B RX errors 0 dropped 0 overruns 0 frame 0 TX packets 0 bytes 0 0 0 B TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 brctl show bridge name bridge id STP enabled interfaces mybr0 8000 0242efdb0984 no bridge bridge iptables NAT iptables nat filter nat iptables t nat L nv Chain PREROUTING policy ACCEPT 2 packets 88 bytes target prot opt source destination DOCKER 0 0 0 0 0 0 0 0 0 0 ADDRTYPE match dst type LOCAL Chain INPUT policy ACCEPT 2 packets 88 bytes target prot opt source destination Chain OUTPUT policy ACCEPT 124 packets 8797 bytes target prot opt source destination DOCKER 0 0 0 0 0 127 0 0 0 8 ADDRTYPE match dst type LOCAL Chain POSTROUTING policy ACCEPT 124 packets 8797 bytes target prot opt source destination MASQUERADE mybr0 192 168 100 0 24 0 0 0 0 0 Chain DOCKER 2 references target prot opt source destination RETURN mybr0 0 0 0 0 0 0 0 0 0 0 PREROUTING OUTPUT DOCKER POSTROUTING mybridge0 192 168 100 0 24 ip MASQUERADE ip ip mybr0 mybridge0 MASQUERADE mybr0 mybr0 filter in mybr0 filter iptables t filter L nv Chain INPUT policy ACCEPT 61774 packets 79M bytes Chain FORWARD policy",
"objectID": "posts/cloud/cloud_native/docker/how_docker_work/container-network-summary",
"date": "2020-11-06T12:40:51.000Z",
"description": "描述 docker 下容器网络模型与实现",
"weight": 4,
"draft": false,
"author": "Shiori",
"tags": [
"docker",
"container"
],
"categories": [
"Docker 原理总结"
]
},
{
"title": "容器启停原理总结",
"uri": "posts/cloud/cloud_native/docker/how_docker_work/container-start-stop-summary",
"content": "1 1 1 Create docker create create RWLayer 1 2 rootfs docker root init etc resolve conf etc hosts hostname nameserver docker docker init docker save etresolve conf init COW storagedriver init union mount docker create rm t ubuntu 361c520da78f848d639d65f042fcf5d448c13cbc4ce8c251dcba2250162b48fe inspect docker inspect 361c520da78f GraphDriver Data LowerDir var lib docker overlay2 d063d1d9c81d0c72d7384ea999dbd77b33d04b942ef94a5aabc6fb6cf984194c init diff var lib docker overlay2 0336c489d40e65588748265a95f18328ddb1f5bcb9ebf10909fbf3f5f35b9496 diff var lib docker overlay2 77d3ac91877751678bfec0576dab39ccd4b73666f8040aef387ef47ff30b4cf1 diff var lib docker overlay2 ec8326178c990b52970a65371fd375737fdf256db597aa821a2b0f7d79bcc6f3 diff var lib docker overlay2 385038374d3d369e98724926d0e1c240dcb74e31b1663ec1cb434c43ca2826f1 diff MergedDir var lib docker overlay2 d063d1d9c81d0c72d7384ea999dbd77b33d04b942ef94a5aabc6fb6cf984194c merged UpperDir var lib docker overlay2 d063d1d9c81d0c72d7384ea999dbd77b33d04b942ef94a5aabc6fb6cf984194c diff WorkDir var lib docker overlay2 d063d1d9c81d0c72d7384ea999dbd77b33d04b942ef94a5aabc6fb6cf984194c work Name overlay2 ls var lib docker overlay2 d063d1d9c81d0c72d7384ea999dbd77b33d04b942ef94a5aabc6fb6cf984194c diff link lower work var lib docker driver driver driver overlay2 diff work diff var lib docker overlay2 xxx init init diff ls var lib docker overlay2 d063d1d9c81d0c72d7384ea999dbd77b33d04b942ef94a5aabc6fb6cf984194c init committed diff link lower work tree var lib docker overlay2 d063d1d9c81d0c72d7384ea999dbd77b33d04b942ef94a5aabc6fb6cf984194c init diff var lib docker overlay2 d063d1d9c81d0c72d7384ea999dbd77b33d04b942ef94a5aabc6fb6cf984194c init diff dev console pts shm etc hostname hosts mtab proc mounts resolv conf mount 3 docker create docker ps a inspect create var lib docker containers ID cd var lib docker containers ls 361c520da78f848d639d65f042fcf5d448c13cbc4ce8c251dcba2250162b48fe ls 361c520da78f848d639d65f042fcf5d448c13cbc4ce8c251dcba2250162b48fe checkpoints config v2 json hostconfig json config v2 json var lib docker containers docker daemon docker daemon docker daemon container 1 2 Start docker start Create Stop Start rootfs init union mount containerd docker run docker create docker run 2 rootfs rootfs init union mount union mount docker start 361c520da78f 361c520da78f mount union mount mount overlay var lib docker overlay2 d063d1d9c81d0c72d7384ea999dbd77b33d04b942ef94a5aabc6fb6cf984194c merged type overlay rw relatime lowerdir var lib docker overlay2 l O2TO66S3K4MTADSAAX6VXGTWSJ var lib docker overlay2 l UHTTQ5AJKPR23Y3V7J4ZLOIFDR var lib docker overlay2 l VWIFLRAQOPMH7LBAQQ5DDGIYVM var lib docker overlay2 l LQBRTVETGGWVU2OHWC42443K7X var lib docker overlay2 l 5PDNI5HSOH6UMUDNWF4VMR46TS upperdir var lib docker overlay2 d063d1d9c81d0c72d7384ea999dbd77b33d04b942ef94a5aabc6fb6cf984194c diff workdir var lib docker overlay2 d063d1d9c81d0c72d7384ea999dbd77b33d04b942ef94a5aabc6fb6cf984194c work xino off nsfs run docker netns 4500ea4f0025 type nsfs rw ls lh var lib docker overlay2 l O2TO66S3K4MTADSAAX6VXGTWSJ lrwxrwxrwx 1 root root 77 Nov 14 15 51 var lib docker overlay2 l O2TO66S3K4MTADSAAX6VXGTWSJ d063d1d9c81d0c72d7384ea999dbd77b33d04b942ef94a5aabc6fb6cf984194c init diff init merged var lib docker overlay2 l O2TO66S3K4MTADSAAX6VXGTWSJ 3 net namespace net namespace net namespace net namespace net namesapce net namespace ",
"objectID": "posts/cloud/cloud_native/docker/how_docker_work/container-start-stop-summary",
"date": "2020-11-13T07:45:03.000Z",
"description": "容器启动背后的执行过程",
"weight": 4,
"draft": false,
"author": "Shiori",
"tags": [
"docker",
"container"
],
"categories": [
"Docker 原理总结"
]
},
{
"title": "Kubernetes - 认证与鉴权机制",
"uri": "posts/cloud/cloud_native/kubernetes/k8s_learning/authentication-and-authorization",
"content": "1 APIServer API Authentication Authorization APIServer APIServer Username kube admin user example com UID ID Group system master devops team Extra fields ServiceAccount Kubernetes ServiceAccount Token 2 APIServer Client APIServer CA Bearer Token Client HTTP Header Token APIServer Token Proxy Proxy APIServer 2 1 X509 Client Cert SSL TLS TLS X509 Client Cert API APIServer CA APIServer CA CertificateSigningRequests APIServer Certificate Signing Requests 2 1 1 Client APIServer Client APIServer CA APIServer Client Common Name 2 1 2 APIServer client ca file X509 Client Cert CA client ca file APIServer Client Client APIServer tls cert file tls private key file 2 1 3 kube config curl APIServer CA TLS Client CA APIServer cat kubeconfig grep certificate authority data awk print 2 base64 d ca crt Client cat kubeconfig grep client certificate data awk print 2 base64 d client crt cat kubeconfig grep client key data awk print 2 base64 d client key curl APIServer curl cert client crt cacert ca crt key client key cat config grep server awk print 2 api v1 namespaces default pods Client CA APIServer insecure CA 2 2 Static Token File APIServer Static Token Token Token APIServer Token 2 2 1 APIServer Static Token APIServer Token APIServer Token Static Token CSV Token Username UID TOKEN USER_NAME UID extra args API HTTP Header Authorization Bearer Token Authorization Bearer 31ada4fd adec 460c 809a 9e56ceb75269 APIServer Token Static Token Token Static Token Static Token 2 2 2 APIServer token auth file token_file APIServer APIServer Token 2 2 3 Static Token File APIServer APIServer token auth file kind kind Cluster apiVersion kind x k8s io v1alpha4 nodes role control plane static token control plane extraMounts hostPath root static token containerPath etc kubernetes pki static token kubeadmConfigPatches kind ClusterConfiguration apiServer APIServer etc kubernetes pki Pod extraArgs token auth file etc kubernetes pki static token role worker role worker Token 123123 kind kind 123 token 123123 kind kind ClusterRoleBinding kind ClusterRoleBinding apiVersion rbac authorization k8s io v1 metadata name for user subjects kind User name kind kind apiGroup rbac authorization k8s io roleRef kind ClusterRole name cluster admin apiGroup rbac authorization k8s io Static Token Client insecure APIServer curl H Authorization Bearer 123123 insecure APIServer api v1 namespaces kube system pods 2 3 Bootstrap Tokens Kubernetes Token Bootstrap Token 2 3 1 Bootstrap Token Secret kube system namespace apiVersion v1 kind Secret metadata name bootstrap token abcdef namespace kube system type bootstrap kubernetes io token stringData auth extra groups system bootstrappers kubeadm default node token expiration 2022 03 27T16 01 26Z token id abcdef token secret 0123456789abcdef usage bootstrap authentication true usage bootstrap signing true auth extra groups Bootstrap Token system bootstrappers token id APIServer Token ID a z0 9 6 token secret APIServer Token Secret a z0 9 16 expiration Token Token controller manager TokenCleaner Bootstrap Token Secret Bootstrap Token Secret Format API HTTP Header Authorization Bearer Token Authorization Bearer abcdef 0123456789abcdef APIServer Token ID Token Secret Bootstrap Token Secret Bootstrap Token Secret system bootstrappers 2 3 2 Bootstrap Token APIServer enable bootstrap token auth Bootstrap Token controller manager controllers tokencleaner TokenCleaner 2 3 3 Bootstrap Token ",
"objectID": "posts/cloud/cloud_native/kubernetes/k8s_learning/authentication-and-authorization",
"date": "2022-03-24T12:05:42.000Z",
"description": "Kubernetes 认证与鉴权机制的实现",
"weight": 4,
"draft": false,
"author": "Shiori",
"lightgallery": true,
"tags": [
"k8s",
"云计算"
],
"categories": [
"Kubernetes 学习"
]
},
{
"title": "Kubernetes - 证书相关",
"uri": "posts/cloud/cloud_native/kubernetes/k8s_learning/certificate",
"content": "1 Kubernetes Kubernetes TLS mTLS client cert client key server ca cert server cert server key client ca cert Kubernetes TLS Client Server CA CA 1 1 Kubectl APIServer Kubectl Client Cert Client Key Server CA Cert kubeconfig users name kind kind user client certificate data REDACTED Client Cert client key data REDACTED Client Key clusters cluster certificate authority data DATA OMITTED CA Cert name kind kind Kubernetes APIServer Server Cert Server Key Client CA Cert kube apiserver tls cert file var lib kubernetes kube apiserver pem Server Cert tls private key file var lib kubernetes kube apiserver key pem Server Key client ca file var lib kubernetes cluster root ca pem Client CA Cert APIServer ETCD APIServer Client Cert Client Key Server CA Cert kube apiserver etcd certfile var lib kubernetes kube apiserver etcd client pem Client Cert etcd keyfile var lib kubernetes kube apiserver etcd client key pem Client Key etcd cafile var lib kubernetes cluster root ca pem CA Cert ETCD Server Cert Server Key Client CA Cert etcd cert file etc etcd kube etcd pem Server Cert key file etc etcd kube etcd key pem Server Key peer trusted ca file etc etcd cluster root ca pem Client CA Cert Scheduler APIServer Scheduler APIServer Kubectl APIServer Controller APIServer APIServer Controller Controller APIServer Kubectl APIServer KubeProxy APIServer APIServer KubeProxy KubeProxy ServiceAccount apiVersion v1 kind Pod spec serviceAccount kube proxy Kubelet APIServer Kubelet Client Cert Client Key Server CA Cert kubeconfig kubelet kubeconfig etc kubernetes kubelet conf Kubelet Server Cert Server Key Client CA Cert kubelet config var lib kubelet config yaml apiVersion kubelet config k8s io v1beta1 kind KubeletConfiguration tlsPrivateKeyFile var lib kubelet pki kubelet crt Server Cert tlsCertFile var lib kubelet pki kubelet key Server Key authentication x509 clientCAFile etc kubernetes pki ca crt Client CA Cert tlsPrivateKeyFile tlsCertFile Kubelet cert dir var lib kubelet pki APIServer Kubectl APIServer APIServer Client Cert Client Key Server CA Cert kube apiserver kubelet client certificate var lib kubernetes kube apiserver kubelet client pem Client Cert kubelet client key var lib kubernetes kube apiserver kubelet client key pem Client Key kubelet certificate authority var lib kubernetes cluster root ca pem Server CA Cert 1 2 ControlPlane Node hostPath Pod etc kubernetes pki apiserver etcd client crt APIServer ETCD Client Cert apiserver etcd client key APIServer ETCD Client Key apiserver kubelet client crt APIServer Kubelet Client Cert apiserver kubelet client key APIServer Kubelet Client Key apiserver crt APIServer Server Cert apiserver key APIServer Server Key ca crt APIServer Server CA Cert ca key APIServer Server CA Key etcd ca crt ETCD Server CA Cert ca key ETCD Server CA Key server crt ETCD Server Cert server key ETCD Server Key sa key ServerAccount Token sa pub ServerAccount Token Scheduler Kubelet APIServer kubeconfig Node hostPath Pod etc kubernetes admin conf controller manager conf Controller Manager kubeconfig kubelet conf Kubelet kubeconfig scheduler conf Scheduler kubeconfig Kubelet var lib kubelet CA etc kubernetes pki ca crt kubelet client current pem APIServer Client Cert Client Key kubelet crt Kubelet Server Cert kubelet key Kubelet Server Key 2 Kubernete Kubernete API Group certificates k8s io CertificateSigningRequest CSR Controller Manager Controller Manager CA Cert CA Key APIServer CA kube controller manager cluster signing cert file etc kubernetes pki ca crt cluster signing key file etc kubernetes pki ca key 2 3 CertificateSigningRequest Server Key Server CSR cat Pending CertificateSigningRequest",
"objectID": "posts/cloud/cloud_native/kubernetes/k8s_learning/certificate",
"date": "2022-06-13T13:01:06.000Z",
"description": "",
"weight": 4,
"draft": false,
"author": "Shiori",
"lightgallery": true,
"tags": [
"k8s",
"云计算"
],
"categories": [
"Kubernetes 学习"
]
},
{
"title": "Kubernetes - CNI 概念与实现",
"uri": "posts/cloud/cloud_native/kubernetes/k8s_learning/cni",
"content": "1 CNI Plugin Kubernetes CNI Plugin Node Pod CNI Container Network Interface API CNI Plugin Node Kubelet Pause CNI Plugin Pod CNI Kubelet Network Configuration CNI Plugin Stdin Env Stdout 2 CNI Spec CNI Spec CNI Network Configuration CNI Execution Protocol CNI ADD CHECK DEL VERSION CNI CNI 2 1 Network Configuration Network Configuration CNI Network CNI calico calico bandwidth portmap name k8s pod network cniVersion 0 3 1 plugins type calico datastore_type kubernetes mtu 0 nodenamefileoptional false log_level Info logfilepath var log calico cni cni log ipam type calico ipam assignipv4 true assignipv6 false container_settings allowipforwarding false policy type k8s kubernetes k8sapiroot https 10 0 0 1 443 kubeconfig etc cni net d calico kubeconfig type bandwidth capabilities bandwidth true type portmap snat true capabilities portMappings true cniVersion CNI name disableCheck CHECK plugins ADD DEL CHECK plugins type type capabilities well known ipMasq IP masquerade ipam IPAM dns DNS 2 2 Execution Protocol Execution Protocol Interface Chained bandwidth 2 2 1 CNI Stdin CNI JSON Network Configuration Env Env Env CNI_COMMAND ADD DEL CHECK VERSION CNI_CONTAINERID ID CNI_NETNS network namespace namespace run netns ns CNI_IFNAME interface CNI_ARGS FOO BAR ABC 123 CNI_PATH CNI 2 2 2 Success Error _Version VERSION Spec Result Types 2 2 3 CNI ADD DEL CHECK VERSION Spec CNI Operations 3 CNI API CNI CNI API Pod API type CNI interface AddNetworkList ctx context Context net NetworkConfigList rt RuntimeConf types Result error CheckNetworkList ctx context Context net NetworkConfigList rt RuntimeConf error DelNetworkList ctx context Context net NetworkConfigList rt RuntimeConf error GetNetworkListCachedResult net NetworkConfigList rt RuntimeConf types Result error GetNetworkListCachedConfig net NetworkConfigList rt RuntimeConf byte RuntimeConf error AddNetwork ctx context Context net NetworkConfig rt RuntimeConf types Result error CheckNetwork ctx context Context net NetworkConfig rt RuntimeConf error DelNetwork ctx context Context net NetworkConfig rt RuntimeConf error GetNetworkCachedResult net NetworkConfig rt RuntimeConf types Result error GetNetworkCachedConfig net NetworkConfig rt RuntimeConf byte RuntimeConf error ValidateNetworkList ctx context Context net NetworkConfigList string error ValidateNetwork ctx context Context net NetworkConfig string error NetworkConfigList Network Configuration NetworkConfig CNI CNIConfig CNI API CNI CNIConfig type CNIConfig struct Path string exec invoke Exec cacheDir string Path CNI etc cni net d exec exec cacheDir 3 1 Pod AddNetworkList AddNetwork Pod AddNetworkList AddNetworkList executes sequence plugins ADD command func c CNIConfig AddNetworkList ctx context Context list NetworkConfigList rt RuntimeConf types Result error var err error var result types Result CNI _ net range list Plugins result err c addNetwork ctx list Name list CNIVersion net result rt cache c cacheAdd result list Bytes list Name rt return result nil func c CNIConfig addNetwork ctx context Context name cniVersion string net NetworkConfig prevResult types Result rt RuntimeConf types Result error pluginPath err c exec FindInPath net Network Type c Path err utils ValidateContainerID rt ContainerID err utils ValidateNetworkName name err utils ValidateInterfaceName rt IfName newConf err buildOneConfig name cniVersion net prevResult rt plugin ADD return invoke ExecPluginWithResult ctx pluginPath newConf Bytes c args ADD rt c exec 3 2 Pod DelNetworkList DelNetwork Pod DelNetworkList ",
"objectID": "posts/cloud/cloud_native/kubernetes/k8s_learning/cni",
"date": "2022-01-25T14:11:28.000Z",
"description": "CNI 概念与实现",
"weight": 4,
"draft": false,
"author": "Shiori",
"lightgallery": true,
"tags": [
"k8s",
"云计算"
],
"categories": [
"Kubernetes 学习"
]
},
{
"title": "Kubernetes - 网络设计",
"uri": "posts/cloud/cloud_native/kubernetes/k8s_learning/container-network",
"content": "1 Kubernetes Service Pod Service Pod IP Pod IP NAT Kubernetes CNI CNI Plugin Kubernetes Pod Node Pod NAT Node Agent System Daemon kubelet Node Pod Pod Host Network NAT Pod 2 Container Container Pod Container Pod Container Network Namespace Container Container Host Container localhost 3 Pod Pod Pod Container IP Pod Container 3 1 Docker Bridge Bridge Host Container Container Net Namespace Pod Node Node Container Veth Pair Node Pod Pod Container Veth Node Pod Node Container Veth Node Kubernetes Overlay Network 3 2 Flannel UDP container 1 src 100 96 1 2 dst 100 96 2 3 Node Node1 docker0 docker0 Node flanneld flanneld flannel0 TUN Node flanneld flanneld container 1 flanneld IP Node Node2 flanneld IP Node ETCD IP Node flanneld UDP Node2 flanneld Node2 flanneld container 2 Node2 docker0 container 2 Flannel docker0 flannel0 flanneld IP Node Node Node flanneld UDP 3 3 3 2 Node Container Node Container VXLAN VXLAN Node Container Flannel VXLAN Host Route Route Table Node Node Node Route Table Node Flannel host gw Calico BGP eBPF eBPF Calico eBPF Cilium eBPF Calico BGP Node Calico CNI Plugin Container Veth Pair calixxx eth0 Inbound Rule calixxx Route Rule Container Node Veth Pair Container Outbound Rule Node Felix Node Route Rule Node Route Rule Node Route Table Node Calico Node BGP Node BGP Peer Node to Node Mesh Node BGP Client Node BGP Client P2P Node Node 100 Route Reflector Calico Node Node BGP Node Node 3 4 3 2 3 3 Node Node 4 Pod Service Pod P2P Pod Service C S Pod Service Service Pod IP Pod Service Domain Service Service IP Pod DNS Server DNS Server etc resolv conf DNS Pod Service IP Service Kubernetes Service Endpoint Service Service Service IP Pod IP Node kube proxy kube proxy Service userspace deprecated Pod kube proxy kube proxy Service Pod iptables default kube proxy iptables iptables Service Pod ipvs kube proxy IPVS IPVS Service Pod CNI Plugin Service kube proxy 4 1 userspace userspace kube proxy Service kube proxy Node kube proxy Service Pod Endpoints Pod iptables Pod Service kube proxy iptables Service IP Port kube proxy Pod Service IP Port iptables Node kube proxy kube proxy Service Pod iptables kube proxy userspace 4 2 iptables iptables kube proxy iptables Service Pod kube proxy iptables kube proxy Watch Service Endpoints iptables Pod Service IP Port kube proxy iptables Service Pod iptables Service iptables iptables iptables 4 3 IPVS IPVS kube ",
"objectID": "posts/cloud/cloud_native/kubernetes/k8s_learning/container-network",
"date": "2022-08-31T12:22:14.000Z",
"description": "",
"weight": 4,
"draft": false,
"author": "Shiori",
"lightgallery": true,
"tags": [
"k8s",
"云计算"
],
"categories": [
"Kubernetes 学习"
]
},
{
"title": "Kubernetes - CRD",
"uri": "posts/cloud/cloud_native/kubernetes/k8s_learning/crd",
"content": "1 Kubernetes k8s TiDB Operator Operator TiDB PD TiDB TiKV Pod Pod Service TiDBCluster CustomResource TiDB TiDBCluster Kubernetes TiDB Operator CRD Controller TiDBCluster Kubernetes CustomResourceDefinition Resource k8s CRD CustomResource Controller CR Pod k8s API CR CustomResource Pod Service CRD CR CR Controller 2 CRD CRD CustomResource k8s CRD apiVersion apiextensions k8s io v1beta1 kind CustomResourceDefinition metadata name crontabs stable example com spec group stable example com versions name v1beta1 version enabled disabled Served flag served true One one version marked storage version storage true name v1 served true storage false scope Namespaced names plural name used URL apis plural crontabs singular crontab kind CronTab shortNames ct additionalPrinterColumns name Spec type string description cron spec defining interval CronJob run jsonPath spec cronSpec metadata name spec group API Group REST API apis URL versions REST API apis scope Namespaced Cluster names plural CRD singular CRD kind CR CR shortNames kubectl additionalPrinterColumns kubectl CR spec CRD controller gen CRD 2 1 URL CRD API Server Endpoint URL HTTP CR URL apis namespaces API endpoint apis stable example com v1 namespaces crontabs 2 2 Validation spec validation CR kube apiserver feature gates CustomResourceValidation true apiVersion apiextensions k8s io v1beta1 kind CustomResourceDefinition metadata name crontabs stable example com spec group stable example com version v1 scope Namespaced names plural crontabs singular crontab kind CronTab shortNames ct validation openAPIV3Schema schema validating custom objects openAPIV3Schema properties spec properties cronSpec type string pattern d d s d d 4 replicas type integer minimum 1 maximum 10 spec cronSpec spec replicas 1 10 openAPIV3Schema OpenAPI v3 schemas 2 3 Defaulting Nullable OpenAPI v3 validation schema apiVersion apiextensions k8s io v1 spec cronSpec spec image null apiVersion apiextensions k8s io v1 kind CustomResourceDefinition metadata name crontabs stable example com spec group stable example com versions name v1 served true storage true schema openAPIV3Schema schema validating custom objects openAPIV3Schema type object properties spec type object properties cronSpec type string pattern d d s d d 4 default 5 0 image type string nullable true replicas type integer minimum 1 maximum 10 default 1 scope Namespaced names plural crontabs singular crontab kind CronTab shortNames ct 2 4 Subresources subresouces URL status scale Subresource status status status RBAC status status status status scale scale Kubernetes HPA CRD kubectl scale CRD spec group stable example com versions name v1 subresources status scale specReplicasPath spec replicas statusReplicasPath status replicas labelSelectorPath status labelSelector scale specReplicasPath CR statusReplicasPath CR labelSelectorPath CR Label Selector 2 5 Categories spec names categories kubectl apiVersion apiextensions k8s io v1 kind CustomResourceDefinition metadata name crontabs stable example com spec names categories categories CR all kubectl 2 6 Finalizer Finalizer CR CR apiVersion stable example com v1 kind CronTab metadata finalizers stable example com finalizer finalizers Finalizer Controller Kubernetes metadata deletionTimestamp finalizers Controller metadata deletionTimestamp finalizers Controler metadata deletionGracePeriodSeconds finalizers Kubernetes 3 CR CRD CR CR spec k8s Controller CronTab apiVersion stable example com v1 kind CronTab metadata name ",
"objectID": "posts/cloud/cloud_native/kubernetes/k8s_learning/crd",
"date": "2021-06-10T11:45:54.000Z",
"description": "CRD 概念与使用",
"weight": 4,
"draft": false,
"author": "Shiori",
"tags": [
"k8s",
"云计算"
],
"categories": [
"Kubernetes 学习"
]
},
{
"title": "Kubernetes - 集群中的 DNS",
"uri": "posts/cloud/cloud_native/kubernetes/k8s_learning/dns-in-k8s",
"content": "1 Pod DNS 1 1 Pod DNS Pod CoreDNS pod DNS POD IP DNS nslookup 192 168 166 168 tidb cluster dev pod cluster local Server 10 96 0 10 Address 1 10 96 0 10 kube dns kube system svc cluster local Name 192 168 166 168 tidb cluster dev pod cluster local Address 1 192 168 166 168 my tidb cluster dev tidb 0 my tidb cluster dev tidb peer tidb cluster dev svc cluster local Deployment DaemonSet Pod CoreDNS Pod svc DNS 1 2 hostname subdomain Pod hostname Pod Pod hostname spec hostname hostname spec subdomain spec hostname webapp 1 subdomain mysubdomain Pod Kubernetes DNS svc Headless Service DNS DNS DNS Pod StatefulSet Headless Service StatefulSet Pod kubectl po my tidb cluster dev pd 0 o yaml spec hostname my tidb cluster dev pd 0 pod hostname subdomain my tidb cluster dev pd peer StatefulSet Headless Service name 1 3 DNS Pod spec dnsPolicy DNS DNS Default Node DNS ClusterFirst domain DNS Node ClusterFirstWithHostNet Pod hostNetwork DNS host None Kubernetes DNS spec dnsConfig spec dnsConfig DNS spec dnsPolicy None dnsConfig nameservers 8 8 8 8 searches ns1 svc cluster domain example my dns search suffix options name ndots value 2 name edns0 Pod etc resolv conf nameserver 8 8 8 8 search ns1 svc cluster domain example my dns search suffix option natods 2 eth0 2 Service DNS Service DNS Service Service DNS svc cluster_domain cluster local namespace namespace Service 3 Node DNS DNS kube dns Service ClusterIP DNS DNS Kubernetes Node DNS DNS Node CoreDNS Node DNS Pod DNS Node DNS DaemonSet Pod k8s gcr io k8s dns node cache DNS Kubernetes NodeLocal DNSCache 4 CoreDNS 1 11 Kubernetes DNS CoreDNS Go DNS 4 1 CoreDNS CoreDNS CoreDNS DNS loadbalance DNS loop DNS cache health Endpoint kubernetes Kubernetes zone etcd etcd zone file RFC11035 zone hosts etc hosts zone auto reload Corefile forward DNS prometheus Prometheus URL pprof URL debug pprof log DNS errors CoreDNS Pod coredns ConfigMap CoreDNS ConfigMap CoreDNS k configmaps coredns n kube system o yaml kind ConfigMap data Corefile 53 errors health lameduck 5s ready kubernetes cluster local in addr arpa ip6 arpa pods insecure fallthrough in addr arpa ip6 arpa ttl 30 prometheus 9153 forward etc resolv conf max_concurrent 1000 cache 30 loop reload loadbalance Kubernetes Core DNS DNS",
"objectID": "posts/cloud/cloud_native/kubernetes/k8s_learning/dns-in-k8s",
"date": "2021-06-07T13:16:11.000Z",
"description": "",
"weight": 4,
"draft": false,
"author": "Shiori",
"tags": [
"k8s",
"云计算"
],
"categories": [
"Kubernetes 学习"
]
},
{
"title": "Kubernetes - HPA 与 VPA",
"uri": "posts/cloud/cloud_native/kubernetes/k8s_learning/hpa-and-vpa",
"content": "HPA Metric Server Pod Pod HPA Controller scale 1 Pod desiredReplicas ceil currentReplicas currentMetricValue metricValue currentReplicas Pod currentMetricValue Metrics metricValue Metric currentMetricValue metricValue Value desiredMetricValue currentMetricValue AverageValue targetAverageValue currentMetricValue Pod Metric Utilization targetAverageUtilization currentMetricValue Pod Metric Metric metric HPA metric desiredReplicas metric desiredReplicas 1 1 desiredReplicas currentReplicas 1 tolerance HPA Controller tolerance 0 1 10 desiredReplicas currentReplicas 10 10 1 2 desiredReplicas Pod Pod Pod Pod DeletionTimeStamp nil Pod metric value Pod Ready CPU desiredMetricValue Pod currentReplicas desiredReplicas targetAverageValue targetAverageUtilization Scaleup Pod MetricValue 0 desiredReplicas Scaledown Pod MetricValue 100 desiredReplicas 1 3 HPA Pod kube controller manager horizontal pod autoscaler downscale stabilization 5min HPA 2 Spec HorizontalPodAutoscaler spec scaleTargetRef apiVersion apps v1 kind Deployment name test minReplicas 1 maxReplicas 10 metrics type Resource resource name cpu target type Utilization averageUtilization 50 behavior scaleUp stabilizationWindowSeconds 0 selectPolicy policies scaleDown minReplicas maxReplicas scaleTargetRef HPA Deployment StatefulSet ReplicaSet metrics Kubernetes metric behavior 2 1 HPA scale scale HPA Deployment StatefulSet scale subresource CRD spec scaleTargetRef spec scaleTargetRef apiVersion apps v1 kind Deployment name test 2 2 Metric HPA Kubernetes Metric HPA Kubernetes APIServer Metric Metric Kubernetes APIServer Custom APIServer Aggregate APIServer HPA Metric Resource CPU Mem metrics k8s io Kubernetes metrics server Custom Kubernetes custom metrics k8s io Adapter Custom APIServer External Kubernetes external metrics k8s io Adapter Custom APIServer Custom Metric spec metrics spec metrics type Resource resource name cpu target type Utilization averageUtilization 50 type Resource Resource Pod CPU Mem CPU target type Utilization CPU Mem target type AverageValue Mem type Resource resource name cpu target type Utilization averageUtilization 60 ContainerResource Resource Pod Container CPU Mem CPU target type Utilization CPU Mem target type AverageValue Mem type ContainerResource containerResource name cpu container application Pod application target type Utilization averageUtilization 60 Pods Custom Pod metrics server Pod target type AverageValue type Pods pods metric name packets per second target type AverageValue averageValue 1k Object Custom Kubernetes metrics server Ingress QPS target type AverageValue type Value type Object object metric name requests per second describedObject apiVersion networking k8s io kind Ingress name main route target type Value value 2k External External Kubernetes 2 3 Behavior spec behavior HPA Controller behavior scaleDown stabilizationWindowSeconds 300 policies type Percent value 100 periodSeconds 15 scaleUp stabilizationWindowSeconds 0 policies type Percent value 100 periodSeconds 15 type Pods value 4 periodSeconds 15 selectPolicy Max scaleDown scaleUp 2 3 1 policies behavior scaleDown stabilizationWindowSeconds 300 policies type Percent value 100 periodSeconds 15 scaleUp stabilizationWindowSeconds 0 policies type Percent value 100 periodSeconds 15 type Pods value 4 periodSeconds 15 selectPolicy Max type periodSeconds value type Pods Percent ",
"objectID": "posts/cloud/cloud_native/kubernetes/k8s_learning/hpa-and-vpa",
"date": "2021-12-20T11:16:27.000Z",
"description": "HPA 算法定义",
"weight": 4,
"draft": false,
"author": "Shiori",
"lightgallery": true,
"tags": [
"k8s",
"云计算"
],
"categories": [
"Kubernetes 学习"
]
},
{
"title": "Kubernetes - 理解 kubeconfig",
"uri": "posts/cloud/cloud_native/kubernetes/k8s_learning/kubeconfig",
"content": "1 kubeconfig kubectl kubeconfig apiVersion v1 kind Config current context federal context clusters cluster certificate authority path to my cafile server https horse org 4443 name horse cluster cluster insecure skip tls verify true server https pig org 443 name pig cluster contexts context cluster horse cluster namespace chisel ns user green user name federal context context cluster pig cluster namespace saw ns user black user name queen anne context preferences colors true users name blue user user token blue token name green user user client certificate path to my client cert client key path to my client key clusters Kubernetes contexts users Cluster User Context User Cluster Context kubectl User Cluster 1 1 Cluster Cluster Kubernetes Cluster Cluster contains information communicate kubernetes cluster type Cluster struct Server address kubernetes cluster https hostname port Server string json server TLSServerName used check server certificate TLSServerName empty hostname used contact server used TLSServerName string json tls server name omitempty InsecureSkipTLSVerify skips validity check server s certificate will HTTPS connections insecure InsecureSkipTLSVerify bool json insecure skip tls verify omitempty CertificateAuthority path cert file certificate authority CertificateAuthority string json certificate authority omitempty CertificateAuthorityData contains PEM encoded certificate authority certificates Overrides CertificateAuthority CertificateAuthorityData byte json certificate authority data omitempty ProxyURL URL proxy used requests made client URLs http https socks5 schemes supported ProxyURL string json proxy url omitempty Extensions holds additional information useful extenders so reads writes don t clobber unknown fields Extensions NamedExtension json extensions omitempty Server Kubernetes InsecureSkipTLSVerify APIServer CertificateAuthority APIServer CA CertificateAuthorityData APIServer CA clusters cluster certificate authority data DATA OMITTED server https 127 0 0 1 37958 name kind kind kubectl config view certificate authority data DATA OMITTED DATA OMITTED 1 2 User User Kubernetes APIServer User User AuthInfo contains information describes identity information use tell kubernetes cluster are type AuthInfo struct ClientCertificate path client cert file TLS ClientCertificate string json client certificate omitempty ClientCertificateData contains PEM encoded data client cert file TLS Overrides ClientCertificate ClientCertificateData byte json client certificate data omitempty ClientKey path client key file TLS ClientKey string json client key omitempty ClientKeyData contains PEM encoded data client key file TLS Overrides ClientKey ClientKeyData byte json client key data omitempty datapolicy security key Token bearer token authentication kubernetes cluster Token string json token omitempty datapolicy token TokenFile pointer file contains bearer token as described above Token TokenFile present Token takes precedence TokenFile string json tokenFile omitempty Impersonate username imperonate name matches flag Impersonate string json as omitempty ImpersonateGroups groups imperonate ImpersonateGroups string json as groups omitempty ImpersonateUserExtra contains additional information impersonated user ImpersonateUserExtra mapstringstring json as user extra omitempty Username username basic authentication kubernetes cluster Username string json username omitempty Password password basic authentication kubernetes cluster Password string json password omitempty datapolicy password AuthProvider specifies custom authentication plugin kubernetes cluster AuthProvider AuthProviderConfig json auth provider omitempty Exec specifies custom exec based authentication plugin kubernetes cluster Exec ExecConfig json exec omitempty Extensions holds additional information useful extenders so reads writes don t clobber unknown fields Extensions NamedExtension json extensions omitempty X509 Client Cert ClientCertificate ClientCertificateData client ClientKey ClientKeyData client users name kind kind user client certificate data REDACTED client key data REDACTED Token Static Token File Static Token File Static Token File Token TokenFile Token Token users name kind kind user token REDACTED username password Authentication Proxy Authn Proxy username password Nginx Proxy kubectl username pa",
"objectID": "posts/cloud/cloud_native/kubernetes/k8s_learning/kubeconfig",
"date": "2022-04-27T09:02:24.000Z",
"description": "KubeConfig 结构",
"weight": 4,
"draft": false,
"author": "Shiori",
"lightgallery": true,
"tags": [
"k8s",
"云计算"
],
"categories": [
"Kubernetes 学习"
]
},
{
"title": "Kubernetes - Object 与 API 规则",
"uri": "posts/cloud/cloud_native/kubernetes/k8s_learning/object-and-api",
"content": "1 1 1 Kubernetes Group Version Resource Group API Version API Resource API etcd etcd alias edctl etcdctl cacert etc kubernetes pki etcd ca crt cert etc kubernetes pki etcd peer crt key etc kubernetes pki etcd peer key edctl registry prefix keys only registry pingcap com tidbinitializers mycluster mycluster init registry pingcap com tidbmonitors mycluster mycluster registry pods kube system coredns 7c7788d75c cggn5 yaml apiVersion batch v2alpha1 Group Version kind CronJob Resource Kubernetes Group Version Resource name 1 2 REST Kubernetes API HTTP REST POST PUT GET DELETE HTTP method Kubernetes OpenAPI https openapi v2 API TOEKN TOKEN kubectl describe secrets kubectl secrets n kube system grep admin cut f1 d n kube system grep E token cut f2 d tr d t tr d APIServer APISERVER kubectl config view grep server cut f 2 d tr d curl H Authorization Bearer TOKEN APISERVER openapi v2 k jq swagger 2 0 info title Kubernetes version v1 21 1 paths 2 Kubernetes URL apis namespaces version Kubernetes Semantic Version Alpha version alpha v1alpha1 Bug API Beta version beta v2beta3 API GA verison v1 3 API Groups API Kubernetes API API Groups API Groups Core Groups Legacy Groups Container Pod Service api v1 Group spec spec apiVersion v1 API Groups apis spec group spec apiVersion apps v1 Deployments RollingUpdates ReplicaSet extensions API DaemonSet ReplicaSet Ingresses batch Job autoscaling HPA certificate k8s io rbac authorization k8s io v1 RBAC policy Pod CRD Kubernetes API Group API 3 1 API Group API Group API Server API runtime config batch v1 false batch v1 API 4 Kubernetes API REST HTTP API API non namespace apis apis namespace apis namespaces namespace apis namespaces namespace name 4 1 Watch etcd Kubernetes resourceVersion etcd client watch resourceVersion api v1 namespaces test pods watch 1 resourceVersion 10245 200 OK Transfer Encoding chunked Content Type application json type ADDED object kind Pod apiVersion v1 metadata resourceVersion 10596 type MODIFIED object kind Pod apiVersion v1 metadata resourceVersion 11020 etcd 5min HTTP Code 410 Gone client 410 list watch event bookmark event Client SDK Reflector 4 2 HTTP URL 1 9 Kubernetes limit continue 500 Pod limit 500 api v1 pods limit 500 200 OK Content Type application json kind PodList apiVersion v1 metadata resourceVersion 10245 continue ENCODEDCONTINUETOKEN items returns pods 1 500 Pod continue ENCODEDCONTINUETOKEN api v1 pods limit 500 continue ENCODEDCONTINUETOKEN 200 OK Content Type application json kind PodList apiVersion v1 metadata resourceVersion 10245 continue continue token empty reached end list items returns pods 1001 1253 continue resourceVersion 4 3 Kubernetes JSON client protobuf Accept application vnd kubernetes protobuf protobuf Content Type application vnd kubernetes protobuf protobuf CRD API Protobuf Accept Accept application vnd kubernetes protobuf application json 4 4 finalization metadata deletionTimestamp Finalizers deletionTimestamp Update Event delete Finalizers finalizer etcd Delete Event 5 API Kubernetes API Authentication Authorization Admission Control ",
"objectID": "posts/cloud/cloud_native/kubernetes/k8s_learning/object-and-api",
"date": "2021-06-12T07:32:36.000Z",
"description": "API 版本管理规则与扩展方式",
"weight": 4,
"draft": false,
"author": "Shiori",
"tags": [
"k8s",
"云计算"
],
"categories": [
"Kubernetes 学习"
]
},
{
"title": "Kubernetes - Pod 基本概念",
"uri": "posts/cloud/cloud_native/kubernetes/k8s_learning/pod",
"content": "1 Pod Pod Borg Pod Pod Supervisor goreman Kubernetes Pod 1 1 Pause Pod pause infra pause k8s gcr io pause namespace namespace namespace B B B A Kubernetes pause pause namespace pause namespace pause pause namespace namespace 1 2 Pod network uts ipc namespace Pod PID namespace Pod spec shareProcessNamespace true pid namespace Pod Volume 2 Dynamic Pod Static Pod 2 1 Dynamic Pod ReplicaSet Deployment Pod Pod Pod Pod Kubernetes APIServer Pod Pod Dynamic Pod 2 2 Static Pod Pod Pod Static Pod Pod kubelet kubelet Node Kubernetes kubelet Pod HTTP 2 2 1 kubelet staticPodPath kubelet yaml json Pod APIServer Pod Pod Pending Pod yaml 2 2 2 HTTP kubelet manifest url kubelet URL yaml json Pod 3 Pod 3 1 Pod phase Pod status phase Pod status phase Running Pod Pending Pod Pod Pending Running Pod Succeeded Pod 0 Pod Failed Pod 0 Unknown Pod Node kubectl pods STATUS phase Pod status containerStatuses state reason Pod kubectl pods o yaml status phase 3 2 Container State Kubernetes Pod status containerStatuses state Waiting image init container Running Terminated status containerStatuses state 3 2 1 Kubernetes postStart entrypoint kubelet postStart Running preStop kubelet preStop kubelet kubelet apiVersion v1 kind Pod metadata name lifecycle demo spec containers name lifecycle demo container image nginx lifecycle postStart httpGet path port 80 preStop exec command bin sh c nginx s quit killall 0 nginx sleep 1 done httpGet HTTP exec 3 3 Pod Condition Pod status conditions Pod condition Conditon PodScheduled Pod Initialized Init Container ContainersReady Ready Pod Service Endpoints Ready Readiness Probe status conditions lastProbeTime null lastTransitionTime 2021 06 11T07 11 46Z status True type Initialized lastProbeTime null lastTransitionTime 2021 06 12T15 32 39Z message containers unready status pd reason ContainersNotReady status False type Ready lastProbeTime null lastTransitionTime 2021 06 12T15 32 39Z message containers unready status pd reason ContainersNotReady status False type ContainersReady lastProbeTime null lastTransitionTime 2021 06 11T07 11 46Z status True type PodScheduled Condition type condition status condition True False Unknown lastProbeTime condition lastTransitionTime condition status reason condition status message conditon status 3 3 1 condition condition spec readinessGates condition condition controller controller condition true condition Ready condition condition true Ready condition true apiVersion v1 kind Pod metadata name centos spec readinessGates conditionType www example com feature 1 3 4 Pod spec restartPolicy Pod Always kubelet OnFailure 0 kubelet kubelet kubelet 1n 2n 4n 5min 10min kubelet handle 4 Probe Probe Pod Pod LivenessProbe ReadinessProbe StartupProbe Probe Pod 4 1 LivenessProbe Liveness",
"objectID": "posts/cloud/cloud_native/kubernetes/k8s_learning/pod",
"date": "2021-06-05T16:29:21.000Z",
"description": "Pod 基本概念",
"weight": 4,
"draft": false,
"author": "Shiori",
"tags": [
"k8s",
"云计算"
],
"categories": [
"Kubernetes 学习"
]
},
{
"title": "Kubernetes - PV PVC StorageClass",
"uri": "posts/cloud/cloud_native/kubernetes/k8s_learning/pv-pvc-storageclass",
"content": "1 PV PV Persistent Volume Local PV PV 1 1 Spec Status PV apiVersion v1 kind PersistentVolume metadata name pv0003 spec capacity storage 5Gi volumeMode Filesystem accessModes ReadWriteOnce persistentVolumeReclaimPolicy Recycle storageClassName slow mountOptions hard nfsvers 4 1 nfs path tmp server 172 17 0 2 capacity volumeMode Volume Modes accessModes Access Mode storageClassName StorageClass StorageClass class PVC PV persistentVolumeReclaimPolicy PV Reclaim Policy mountOptions PV Node Kubernetes PV Mount Points nodeAffinity PV Local PV nodeAffinity 1 2 Phase Lifecycle Phase PV apiVersion v1 kind PersistentVolume spec status phase Available Phase Available PV PVC Bound PV PVC spec claimRef PVC spec claimRef apiVersion v1 kind PersistentVolumeClaim name tikv main cluster tikv 2 namespace default resourceVersion 1121998 uid 12612562 cc49 4f66 a76d 34bce001e1eb Released persistentVolumeReclaimPolicy Retain PV PVC Released Released PVC spec claimRef spec claimRef PV Available Failed persistentVolumeReclaimPolicy Recycle PV Failed PV 5 Provisioning PV PV StorageClass Binding PV PVC Using Pod PVC Volume StorageObjectInUseProtection PVC Releasing Pod Volume PVC Reclaiming PV PV Deleting PV PV Kubernetes 1 3 Reclaim Policy Reclaim Policy PVC PV Retain PVC PV PV Released PV Released PV AWS EBS GCE PD Released PV PV spec volumeName PVC Delete PVC PV Recycle Deprecated Recycle PVC PV rm rf volume PV 1 4 Volume Mode Volume Mode Filesystem Mount Pod Device Kubernetes Block Pod Kubernetes Pod 1 5 Access Mode Access Mode Pod Volume ReadWriteOnce Node Pod Read Write ReadOnlyMany Node Read ReadWriteMany Node Read Write ReadWriteOncePod Pod Read Write accessMode AccessMode 1 6 Finalizer PVC PV kubernetes io pv protection Finalizer PV PVC Pod kubernetes io pvc protection Finalizer PVC 2 PVC PVC Persistent Volume Claim Pod PV namespace Pod PV PVC Pod PV PVC PV 2 1 Spec Status PVC PV PV apiVersion v1 kind PersistentVolumeClaim metadata name myclaim spec accessModes ReadWriteOnce volumeMode Filesystem volumeName foo pv resources requests storage 8Gi storageClassName slow StorageClass selector matchLabels release stable matchExpressions key environment operator In values dev volumeMode Volume Modes accessModes Access Mode volumeName PV name Bind PV name resources Pod selector PV PV storageClassName StorageClass StorageClass 2 2 Phase PVC status phase PVC status phase Bound Pending PVC PV spec volumeName Bound PVC PV spec volumeName PV Lost PV PVC Bound spec volumeName spec volumeName PV spec volumeName PV PV PVC PV PVC 2 3 StorageClass PVC spec storageClassName PV StorageClass StorageClass PV PVC storageClassName storageClassName storageClassName StorageClass PV PVC storageClassName Default StorageClass storageClassName Default StorageClass storageClassName storageClassName 2 4 PVC Pod Pod template pvc volume PVC apiVersion v1 kind Pod metadata name mypod spec containers name myfrontend image nginx volumeMounts volume mountPath var www html name mypd volumes name mypd volume PVC persistentVolumeClaim claimName myclaim PVC 3 StorageClass PV Static Provision PV Dynamic Provision StorageClass PVC PV StorageClass PVC PV Driver Provisioner PV Provisioner 3 1 Spec StorageClass",
"objectID": "posts/cloud/cloud_native/kubernetes/k8s_learning/pv-pvc-storageclass",
"date": "2021-06-08T07:43:09.000Z",
"description": "PV PVC StorageClass 概念与使用",
"weight": 4,
"draft": false,
"author": "Shiori",
"tags": [
"k8s",
"云计算"
],
"categories": [
"Kubernetes 学习"
]
},
{
"title": "Kubernetes - RBAC 与 ServiceAccount",
"uri": "posts/cloud/cloud_native/kubernetes/k8s_learning/rbac",
"content": "1 Kubernetes Kubernetes RBAC RBAC Role Base Access Control RBAC Role Kubernetes API Subject User Group ServiceAccount RoleBinding Role Subject Role Subject RoleBinding Subject RoleBinding Role Subject 2 Role ClusterRole 2 1 Role Role Kubernetes namespaced Resouce Role namespace kind Role apiVersion rbac authorization k8s io v1 metadata namespace default name pod reader rules apiGroups resources pods verbs get watch list metadata namespace Role namespace rules apiGroups API Group core API Group rules resources Resource rules verbs rules mynamespace Pod GET Watch List get list watch create update patch delete deletecollection 2 2 ClusterRole ClusterRole non namespaced Resource namespace non namespaced Resource kind ClusterRole apiVersion rbac authorization k8s io v1 metadata namespace omitted ClusterRoles not namespaced name secret reader rules apiGroups resources secrets verbs get watch list rules apiGroups API Group core API Group rules resources Resource rules verbs rules namespace Secret GET Watch List 2 2 1 ClusterRole ClusterRole ClusterRole ClusterRole apiVersion rbac authorization k8s io v1 kind ClusterRole metadata name monitoring aggregationRule clusterRoleSelectors matchLabels rbac example com aggregate to monitoring true rules rules aggregationRule ClusterRole ClusterRole rules 2 3 Kubernetes API Pod rules apiGroups resource pods pods log verbs get list 2 4 rules resourceName rules apiGroups resource configmap resourceName mu configmap verbs update get list watch create deletecollections 2 5 Role ClusterRole Kubernetes Role ClusterRole system ClusterRole RoleBinding label kubernetes io bootstrappiong rbac defaults APIServer Role Role Subject Role ClusterRole Role Default roles role bindings 3 RoleBinding ClusterRoleBinding 3 1 RoleBinding RoleBinding Role Subject RoleBinding Subject namespace role binding allows jane read pods default namespace kind RoleBinding apiVersion rbac authorization k8s io v1 metadata name read pods namespace default subjects kind User name jane apiGroup rbac authorization k8s io kind ServiceAccount name default roleRef kind Role name pod reader apiGroup rbac authorization k8s io RoleBinding ClusterRole RoleBinding namespace 3 2 ClusterRoleBinding ClusterRoleBinding Subject 3 2 1 ClusterRole ClusterRole aggregationRule ClusterRole ClusterRole kind ClusterRole apiVersion rbac authorization k8s io v1 metadata name monitoring aggregationRule label selector clusterRoleSelectors matchLabels rbac example com aggregate to monitoring true rules Rules ClusterRole kind ClusterRole apiVersion rbac authorization k8s io v1 metadata name monitoring endpoints labels rbac example com aggregate to monitoring true rules will added monitoring role rules apiGroups resources services endpoints pods verbs get list watch 4 Subject Subject User User Group ServiceAccount Kubernetes User User User 4 1 User User Group User User User shiori Pod kind ClusterRole apiVersion rbac authorization k8s io v1 metadata name pod admin rules apiGroups resources pods verbs kind ClusterRoleBinding apiVersion rbac authorization k8s io v1 metadata name shiori pod admin subjects kind User name shiori apiGroup rbac authorization k8s io roleRef kind ClusterRole name pod admin apiGroup rbac authorization k8s io shiori kubectl nodes as shiori Error server Forbidden nodes forbidden User shiori cannot list resource nodes API group cluster scope kubectl pods as shiori No resources found default namespace User Group User group group User Group User Kubernetes RoleBinding ClusterRoleBinding User Group system unauthenticated apiVersion rbac authorization k8s io v1 kind ClusterRoleBinding metadata annotations rbac authorization kubernete",
"objectID": "posts/cloud/cloud_native/kubernetes/k8s_learning/rbac",
"date": "2021-06-08T12:05:39.000Z",
"description": "",
"weight": 4,
"draft": false,
"author": "Shiori",
"tags": [
"k8s",
"云计算"
],
"categories": [
"Kubernetes 学习"
]
},
{
"title": "Kubernetes - Update 与 Rollback",
"uri": "posts/cloud/cloud_native/kubernetes/k8s_learning/rolling-upgrade",
"content": "1 1 1 Update Deployment DaemonSet StatefulSet spec template Pod Rolling Update kubectl set image deployment v1 apps nginx deployment nginx nginx 1 16 1 kubectl rollout status kubectl rollout status deployment nginx deployment Waiting deployment nginx deployment rollout finish 1 3 new replicas updated Waiting deployment nginx deployment rollout finish 1 3 new replicas updated Waiting deployment nginx deployment rollout finish 2 3 new replicas updated Waiting deployment nginx deployment rollout finish 2 3 new replicas updated Waiting deployment nginx deployment rollout finish 2 3 new replicas updated Waiting deployment nginx deployment rollout finish 1 old replicas pending termination Waiting deployment nginx deployment rollout finish 1 old replicas pending termination deployment nginx deployment successfully rolled 1 2 Rollback kubectl rollout history Deployment DaemonSet StatefulSet kubectl rollout history deployment nginx deployment deployment apps nginx deployment REVISION CHANGE CAUSE 1 2 record true Change Cause revision Pod template kubectl rollout history deployment nginx deployment revision 2 deployment apps nginx deployment revision 2 Pod Template Labels app nginx pod template hash ff6655784 Containers nginx Image nginx 1 16 1 Port 80 TCP Host Port 0 TCP Environment Mounts Volumes kubectl rollout undo to revision kubectl rollout undo deployment nginx deployment deployment apps nginx deployment rolled back Rollback Update 1 3 1 3 1 Deployment Deployment ReplicaSet spec strategy type Pod RollingUpdate Recreate Pod Pod RollingUpdate spec strategy type RollingUpdate rollingUpdate maxUnavailable 10 maxSurge 10 maxUnavailable Pod 25 maxUnavailable 30 Pod 70 maxSurge Pod 25 maxSurge 30 Pod 130 Deployment Pod Buffer StatefulSet Pod spec revisionHistoryLimit 3 minReadySeconds 30 paused false revisionHistoryLimit ReplicaSet 10 0 minReadySeconds Pod Pod minReadySeconds Pod 0 Pod paused Deployment Pod template kubectl rollout pause resume Deployment 1 3 2 DaemonSet DaemonSet spec strategy type RollingUpdate OnDelete Pod DaemonSet spec strategy type RollingUpdate rollingUpdate maxUnavailable 10 maxUnavailable Pod 25 maxUnavailable 30 Pod 70 spec revisionHistoryLimit 3 minReadySeconds 30 revisionHistoryLimit ControllRevision 10 0 minReadySeconds Pod 0 Pod minReadySeconds Pod 0 Pod 1 3 3 StatefulSet DaemonSet StatefulSet spec strategy type RollingUpdate OnDelete Pod StatefulSet spec updateStrategy rollingUpdate partition 3 type RollingUpdate partition Pod partition Pod Pod 4 partition 2 pod 3 pod 2 pod 1 pod 0 StatefulSet spec podManagementPolicy OrderedReady Pod Pod Parallel Pod spec revisionHistoryLimit 3 minReadySeconds 30 revisionHistoryLimit ControllRevision 10 0 minReadySeconds Pod 0 Pod minReadySeconds Pod 0 Pod 1 4 1 4 1 Deployment DaemonSet Status Update status replicas 3 updatedReplicas 3 readyReplicas 3 availableReplicas 3 unavailableReplicas 0 conditions lastTransitionTime 2022 05 16T12 13 27Z lastUpdateTime 2022 05 16T12 13 27Z message Deployment minimum availability reason MinimumReplicasAvailable status True type Available lastTransitionTime 2022 05 16T12 12 57Z lastUpdateTime 2022 05 18T12 21 22Z message ReplicaSet nginx deployment 5cc64f49d7 successfully progressed reason NewReplicaSetAvailable status True type Progressing observedGeneration 7 Pod replicas Pod RS status replica updatedReplicas Pod RS status replica readyReplicas Ready Pod RS status readyReplicas availableReplicas Available Pod RS status availableReplicas unavailableReplicas Unavailable Pod RS spec replica ",
"objectID": "posts/cloud/cloud_native/kubernetes/k8s_learning/rolling-upgrade",
"date": "2022-05-11T13:24:25.000Z",
"description": "Update 与 Rollback 原理",
"weight": 4,
"draft": false,
"author": "Shiori",
"lightgallery": true,
"tags": [
"k8s",
"云计算"
],
"categories": [
"Kubernetes 学习"
]
},
{
"title": "Kubernetes - Pod 调度机制",
"uri": "posts/cloud/cloud_native/kubernetes/k8s_learning/schedule-preemption-eviction",
"content": "1 Pod Scheduler 2 Schedule 2 1 nodeSelector Pod spec nodeSelector Pod kv label kv Pod apiVersion v1 kind Pod metadata name nginx labels env test spec containers name nginx image nginx imagePullPolicy IfNotPresent nodeSelector disktype ssd label disktype ssd label label kubernetes io hostname failure domain beta kubernetes io zone failure domain beta kubernetes io region topology kubernetes io zone topology kubernetes io region beta kubernetes io instance type node kubernetes io instance type kubernetes io os kubernetes io arch 2 2 nodeName spec nodeName Pod apiVersion v1 kind Pod metadata name nginx spec containers name nginx image nginx nodeName kube 01 kube 01 2 3 affinity 2 3 1 nodeAffinity spec affinity nodeAffinity nodeSelector label Pod requiredDuringSchedulingIgnoredDuringExecution nodeSelector preferredDuringSchedulingIgnoredDuringExecution Pod apiVersion v1 kind Pod metadata name with node affinity spec affinity nodeAffinity requiredDuringSchedulingIgnoredDuringExecution nodeSelectorTerms matchExpressions key kubernetes io e2e az name operator values e2e az1 e2e az2 preferredDuringSchedulingIgnoredDuringExecution weight 1 preference matchExpressions key another node label key operator values another node label value containers name with node affinity image k8s gcr io pause 2 0 nodeSelectorTerms matchExpressions weight 1 100 weight 2 3 2 Pod spec affinity podAffinity Pod label Pod requiredDuringSchedulingIgnoredDuringExecution preferredDuringSchedulingIgnoredDuringExecution spec affinity podAntiAffinity Pod Pod Pod topologyKey label topology kubernetes io zone label topologyKey topology kubernetes io zone Pod Pod apiVersion apps v1 kind Deployment metadata name web server spec selector matchLabels app web store replicas 3 template metadata labels app web store spec affinity podAntiAffinity requiredDuringSchedulingIgnoredDuringExecution labelSelector matchExpressions key app operator values web store topologyKey kubernetes io hostname podAffinity requiredDuringSchedulingIgnoredDuringExecution labelSelector matchExpressions key app operator values store topologyKey kubernetes io hostname containers name web app image nginx 1 16 alpine podAntiAffinity app web store Pod podAffinity app store Pod Pod app store Pod 2 4 taint tolerations affinity taint Pod taint Pod Pod toleration taint 2 4 1 taint kubectl taint taint kubectl taint nodes node1 key1 value1 NoSchedule node1 key1 value1 traint NoSchedule taint kubectl taint nodes node1 key1 value1 NoSchedule taint kv toleration taint effect NoSchedule Pod Pod PreferNoSchedule Pod NoExecute Pod Pod Kubernetes node kubernetes io not ready NoExecute Ready false node kubernetes io unreachable NoExecute Ready unknown node kubernetes io memory pressure node kubernetes io disk pressure NoSchedule node kubernetes io pid pressure NoSchedule PID node kubernetes io network unavailable NoSchedule node kubernetes io unschedulable NoSchedule node cloudprovider kubernetes io uninitialized NoSchedule DaemonSet Pod NoExecute taint Pod 2 4 2 tolerations Pod spec tolerations taint taint operator Exist key operator Equal key val effect apiVersion v1 kind Pod metadata name nginx labels env test spec containers name nginx image nginx imagePullPolicy IfNotPresent tolerations key example key operator Exists effect NoSchedule key example key effect NoSchedule taint spec tolerations tolerationSeconds tolerations key key1 operator Equal value value1 effect NoExecute tolerationSeconds 3600 taint 3600 3 Eviction 3 1 kubelet CPU Mem inode kubelet Pod kubelet Pod Failed Pod",
"objectID": "posts/cloud/cloud_native/kubernetes/k8s_learning/schedule-preemption-eviction",
"date": "2021-06-23T12:09:25.000Z",
"description": "Pod 调度,抢占与驱逐",
"weight": 4,
"draft": false,
"author": "Shiori",
"tags": [
"k8s",
"云计算"
],
"categories": [
"Kubernetes 学习"
]
},
{
"title": "Kubernetes - Service 与 Endpoint",
"uri": "posts/cloud/cloud_native/kubernetes/k8s_learning/service-and-endpoint",
"content": "1 Service Pod IP Service Service Web 3 Pod Pod 2 Service 2 1 Spec Service apiVersion v1 kind Service metadata name string namespace string labels name string annotations name string spec selector type string clusterIP string sessionAffinity string ports name string protocol string port int targetPort int nodePort int status loadBalancer ingress ip string hostname string topologyKeys key externalName string spec selector Service Pod spec type Service Service spec clusterIP spec sessionAffinity spec ports NodePort spec status LoadBalancer spec topologyKeys key Node Pod spec externalName ExternalName service 2 2 k8s RoundRobin Pod SessionAffinity IP Pod Pod spec sessionAffinity ClientIP SessionAffinity 2 3 Service TCP Service UDP Service LoadBalancer HTTP PROXY SCTP 1 17 Service Endpoint spec ports AppProtocol spec ports port 8080 targetPort 8080 AppProtocol HTTP 3 Kubernetes Service DNS 3 1 Pod Service namespace Service ENV Headless Service _PORT PORT_ PORT__ADDR PORT__PORT PORT__PROTO SERVICEHOST SERVICEPORT SERVICEPORT_ service spec port 0 port xxxPORTxxx kubernetes service Pod APIServer 3 2 DNS Service DNS svc cluster CoreDNS DNS Service spec ports name _ svc http tcp svc local DNS spec ports protocol TCP port 8080 targetPort 8080 name http nslookup namespace nslookup namespace DNS 4 Service Service Service 4 ClusterIP Pod ClusterIP Port VIP NodePort NodePort ClusterIP ClusterIP Port Node LoadBalancer LoadBalancer NodePort Node IP Node ExternalName DNS selector Pod ClusterIP NodePort LoadBalancer ExternalName 4 1 ClusterIP ClusterIP Service VIP Port Pod Port VIP apiVersion v1 kind Service metadata name service python spec ports port 3000 protocol TCP targetPort 443 selector run pod python Pod type ClusterIP IP TCP 3000 443 Service 4 2 NodePort NodePort ClusterIP kubectl port forward svc xxx Service NodePort service spec ports nodePort apiVersion v1 kind Service metadata name service python spec ports port 3000 protocol TCP targetPort 443 nodePort 30080 selector run pod python type NodePort ClusterIP 30080 4 3 LoadBalancer Node k8s k8s NodePort k8s LoadBalancer Service NodePort apiVersion v1 kind Service metadata name service python spec ports port 3000 protocol TCP targetPort 443 nodePort 30080 selector run pod python type LoadBalancer externalTrafficPolicy Local spec externalTrafficPolicy spec LoadBalancer service metadata annotations metadata name my service annotations service beta kubernetes io aws load balancer access log enabled true Specifies whether access logs enabled load balancer service beta kubernetes io aws load balancer access log emit interval 60 interval publishing access logs specify interval either 5 60 minutes service beta kubernetes io aws load balancer access log s3 bucket name my bucket name Amazon S3 bucket access logs stored service beta kubernetes io aws load balancer access log s3 bucket prefix my bucket prefix prod logical hierarchy created Amazon S3 bucket example my bucket prefix prod LoadBalancer LoadBalancer 4 4 ExternalName Service Pod ExternalName Pod ExternalName Service kind Service apiVersion v1 metadata name service python spec ports port 3000 protocol TCP targetPort 443 type ExternalName externalName remote server url com serivce spec externalName Pod Service 5 Endpoint ",
"objectID": "posts/cloud/cloud_native/kubernetes/k8s_learning/service-and-endpoint",
"date": "2021-06-06T14:03:01.000Z",
"description": "",
"weight": 4,
"draft": false,
"author": "Shiori",
"tags": [
"k8s",
"云计算"
],
"categories": [
"Kubernetes 学习"
]
},
{
"title": "Kubernetes - StatefulSet",
"uri": "posts/cloud/cloud_native/kubernetes/k8s_learning/statefulset",
"content": "1 Pod Pod Deployment RelicSets Pod 1 1 Pod Service p2p Pod Pod Pod 1 1 PVC Pod Pod PVC Pod PVC Pod IP Pod Pod Pod Pod Pod Pod Pod 0 N Pod0 Pod0 PVC Pod0 DNS Pod0 Pod1 StatefulSet PVC Headless Service Pod 2 StatefulSet 2 1 Spec StatefuleSet apiVersion apps v1 kind StatefulSet metadata name web spec serviceName nginx replicas 2 selector matchLabels app nginx template metadata labels app nginx spec containers name nginx image k8s gcr io nginx slim 0 8 ports containerPort 80 name web volumeMounts name www mountPath usr share nginx html volumeClaimTemplates metadata name www spec accessModes ReadWriteOnce resources requests storage 1Gi storageClassName shared ssd storage serviceName Headless Service replicas selector Pod selector Pod template Pod template volumeClaimTemplates PVC metadata name PVC spec PVC spec 2 2 Status StatefulSet status status collisionCount 0 currentReplicas 3 currentRevision my cluster 69545dcd7d observedGeneration 1 readyReplicas 3 replicas 3 updateRevision my cluster 69545dcd7d updatedReplicas 3 currentReplicas Pod currentRevision updatedReplicas Pod updateRevision Pod label controller revision hash Revision Pod StatefulSet metadata labels controller revision hash my cluster 69545dcd7d Pod controller revision hash label StatefulSet updateRevision Pod StatefulSet Pod 2 3 PV StorageClass PVC StatefulSet Headless Service StatefulSet Pod spec replicas 0 Pod 2 4 Pod spec podManagementPolicy Pod OrderedReady Pod Pod Pod Parallel Pod 2 5 Pod spec updateStrategy Pod spec template spec updateStrategy rollingUpdate partition 3 type RollingUpdate type updateStrategy RollingUpdate OnDelete Pod Pod Pod RollingUpdate Pod Pod Pod 2 5 1 Partitions spec updateStrategy rollingUpdate partition Pod Pod Pod partition 1 kubectl patch statefulset web p spec updateStrategy type RollingUpdate rollingUpdate partition 3 statefulset web patched StatefulSet kubectl patch statefulset web type json p op replace path spec template spec containers 0 image value gcr io google_containers nginx slim 0 7 statefulset web patched web 1 web 2 web 0 kubectl pods n mytest NAME READY STATUS RESTARTS AGE web 0 1 1 Running 0 3m2s web 1 1 1 Running 0 30s web 2 1 1 Running 0 50s StatefulSet Pod StatefulSet Pod StatefulSet StatefulSet Pod StatefulSet Kubernetes",
"objectID": "posts/cloud/cloud_native/kubernetes/k8s_learning/statefulset",
"date": "2021-06-09T11:55:46.000Z",
"description": "StatefulSet 概念与使用",
"weight": 4,
"draft": false,
"author": "Shiori",
"tags": [
"k8s",
"云计算"
],
"categories": [
"Kubernetes 学习"
]
},
{
"title": "Kubernetes - 资源更新机制与 CLI 实现",
"uri": "posts/cloud/cloud_native/kubernetes/k8s_learning/update-resource-mechanism",
"content": "1 Update Update HTTP Put Kubernetes Kubernetes resourceVersion metadata resourceVersion etcd modified index etcd resourceVersion resourceVersion resourceVersion etcd resourceVersion resourceVersion Controller Update Update resourceVersion 2 Patch Patch HTTP Patch Server Side Apply Kubernetes Patch patch resourceVersion Patch Server Side Apply 4 Patch HTTP Content Type Header JSON Patch Merge Patch Strategic Merge Patch Apply Patch 2 1 JSON Patch JSON Patch Patch RFC 6901 Content Type application json patch json JSON Patch op replace path spec template spec containers 0 image value app image v2 0 2 2 Merge Patch Merge Patch JSON Merge Patch Patch RFC 7386 Content Type application merge patch json Merge Patch null null container spec template spec containers name app image app image v2 name nginx image nginx alpline Merge Patch 2 3 Strategic Merge Patch Strategic Merge Patch Kubernetes Patch key Merge Patch Pod Container patchMergeKey name container name key patchMergeKey name patchStrategy merge Containers Container json containers patchStrategy merge patchMergeKey name protobuf bytes 2 rep name containers key map Merge Patch nginx container container spec template spec containers name nginx image nginx mainline Strategic Merge Patch Kubernetes Kubernetes Custom Resource 2 4 Server Side Apply Kubernetes 1 16 Server Side Apply Apply Patch 2 4 1 Server Side Apply Manager Server Side Apply Manager Conlict Manager Conflict Server Side Apply Manager metadata managedFields apiVersion v1 kind ConfigMap metadata name test cm namespace default labels test label test managedFields manager kubectl operation Apply apiVersion v1 time 2010 10 10T0 00 00Z fieldsType FieldsV1 fieldsV1 f metadata f labels f test label f data f key data key value data key metadata labels test label kubectl Apply Manager Shared Manager Manager Conflict managedFields API HTTP fieldManager query Manager Apply 2 4 2 Merge Server Side Apply Strategic Merge Patch Merge Patch APISever diff Strategic Merge Patch Merge Patch Patch Server Side Apply kubectl apply diff APISever 2 4 3 Conflict Conflict force query Manager Manager Shared Manager Shared Manager 3 CLI 3 1 kubectl apply 3 1 1 client side apply kubectl apply client side apply last applied configuration annotation diff kubectl apply apply POST HTTP last applied configuration annotation apply Kubernetes PATCH HTTP Patch strategic merge patch apply Kubernetes PATCH HTTP Patch merge patch kubectl apply kubectl create last applied configuration annotation kubectl apply kubectl patch kubectl apply last applied configuration annotation diff Patch 3 1 2 server side apply kubectl apply server side server side apply force conflicts field manager Manager kubectl server side apply APIServer kubectl annotation diff PATCH HTTP APISever diff 3 2 kubectl patch kubectl patch Patch Diff Strategic Merge Patch type Patch 3 3 kubectl edit kubectl edit kubectl apply annotation diff Patch Patch Kubernetes Server Side Apply Blog K8s",
"objectID": "posts/cloud/cloud_native/kubernetes/k8s_learning/update-resource-mechanism",
"date": "2022-01-13T03:22:02.000Z",
"description": "Update、Apply、Server Side Apply",
"weight": 4,
"draft": false,
"author": "Shiori",
"lightgallery": true,
"tags": [
"k8s",
"云计算"
],
"categories": [
"Kubernetes 学习"
]
},
{
"title": "Kubernetes - 存储设计",
"uri": "posts/cloud/cloud_native/kubernetes/k8s_learning/volume",
"content": "1 Volume Kubernetes Volume Volume Volume Kubernetes Volume Provision Delete Volume Block Device Volume AWS EBS Attach Detach Volume Node Node Block Device Volume AWS Attach Detach EBS EC2 Instance Mount Unmount Volume Node Dir Volume Node Volume Mount Block Device SetUp TearDown Volume Node Dir Volume Bind Mount Volume hostpath secret configmap Attach SetUp 1 1 PVC Volume Deploy PVC Deploy PVC Provision Volume PV Controller StorageClass Volume PV PV Bind PV PV Controller PV PVC Attach Volume Controller Manager AttachDetach Controller Attach Volume Node Node Mount Device Kubelet Volume Manager Mount Setup Volume Kubelet Volume Manager Pod 2 Volume Plugin Volume Kubernetes Provision Attach Volume Plugin Kubernetes Volume Plugin Volume Plugin ConfigMap HostPath Volume Plugin Controller Manager In Tree Plugin Kubernetes CSI Container Storage Interface Volume Controller Provision Delete CSI Plugin Watch PVC Attach Detach CSI Plugin Watch VolumeAttachment Mount Unmount Kubelet CSI Plugin RPC SetUp TearDown Kubelet CSI Plugin RPC FlexVolume deprecated Controller Manager Volume 3 CSI Kubernetes CSI Plugin Controller RPC Service Controller Volume Provision Delete Attach Detach Kubernetes Controller PVC VolumeAttachment RPC Service Volume Mount Unmount Kubelet Mount Unmount RPC Service CSI Plugin Kubernetes Controller Volume CSI Plugin Sidecar CSI Plugin Watch PVC VolumeAttachment Volume Kubernetes CSI Driver gRPC Service Service CSI Identity CSI CSI Controller Volume CSI Node Node Service Volume Sidecar Kubelet CSI Driver CSI Plugin 3 1 Sidecar Sidecar Watch CSI Driver CSI Driver Pod node driver registrar CSI Node NodeGetInfo CSI Node Kubelet external provisioner Watch PVC CSI Controller CreateVolume Volume external attacher Watch VolumeAttachment CSI Controller ControllerPublishVolume ControllerUnpublishVolume Volume Attach Node external attacher Attach Volume MountDevice Setup Kubelet CSI Node external snapshotter snapshot controller Watch VolumeSnapshot VolumeSnapshotContent snapshotter Watch VolumeSnapshotConent CSI Controller CreateSnapshot DeleteSnapshot ListSnapshot external resizer Watch PersistentVolumeClaim PVC CSI Controller ControllerExpandVolume Volume livenessprobe CSI Liveness Probe Kubernetes Kubernetes CSI Sidecar Containers Sidecar 3 2 CSI Identity CSI Identity service Identity name version rpc GetPluginInfo GetPluginInfoRequest returns GetPluginInfoResponse rpc GetPluginCapabilities GetPluginCapabilitiesRequest returns GetPluginCapabilitiesResponse rpc Probe ProbeRequest returns ProbeResponse 3 3 CSI Controller CSI Controller Volume Provision Delete Attach Detach Snapshot Controller Master service Controller Volume rpc CreateVolume CreateVolumeRequest returns CreateVolumeResponse Volume rpc DeleteVolume DeleteVolumeRequest returns DeleteVolumeResponse Attach Volume Node rpc ControllerPublishVolume ControllerPublishVolumeRequest returns ControllerPublishVolumeResponse Detach Volume rpc ControllerUnpublishVolume ControllerUnpublishVolumeRequest returns ControllerUnpublishVolumeResponse Volume rpc ValidateVolumeCapabilities ValidateVolumeCapabilitiesRequest returns ValidateVolumeCapabilitiesResponse Volume rpc ListVolumes ListVolumesRequest returns ListVolumesResponse rpc GetCapacity GetCapacityRequest returns GetCapacityResponse Controller rpc ControllerGetCapabilities ControllerGetCapabilitiesRequest returns ControllerGetCapabilitiesResponse Snapshot rpc CreateSnapshot CreateSnapshotRequest returns CreateSnapshotResponse Snapshot rpc DeleteSnapshot ",
"objectID": "posts/cloud/cloud_native/kubernetes/k8s_learning/volume",
"date": "2021-11-11T14:35:42.000Z",
"description": "Kubernetes Volume 设计与 CSI 基本概念",
"weight": 4,
"draft": false,
"author": "Shiori",
"lightgallery": true,
"tags": [
"k8s",
"云计算"
],
"categories": [
"Kubernetes 学习"
]
},
{
"title": "K8s 编程 - 1 - 基本概念",
"uri": "posts/cloud/cloud_native/kubernetes/k8s_programming/1-basic",
"content": "Kubernetes Controller Programming Kubernetes 1 Controller 1 1 Control Loop Controller Control Loop Watch Pod APIServer 1 2 RPC Kubernetes APIServer Watch Deployment Pod Deployment Controller Watch Deployment Deployment ReplicaSet ReplicaSet Controller Watch ReplicaSet ReplicaSet Pod Scheduler Controller Watch Pod Pod spec nodeName Scheduler Pod Node Node Pod spec nodeName APIServer kubectl Watch Pod Pod spec nodeName Node Pod Controller Control Loop Controller 1 3 Controller Kubernetes APIServer Optimistic Concurrency APIServer Client var err error retries 0 retries 2 1 HTTP API APIServer RESTful HTTP API JSON Protobuf Protobuf JSON REST HTTP HTTP Verb Method HTTP HTTP POST HTTP PUT HTTP PATCH HTTP DELETE API HTTP API 2 2 API 2 2 1 Kind Kind Kind JSON kind Golang Kind kind Pod kind Pod PodLists NodeLists scale Status 2 2 2 API Group Group Kind Job ScheduledJob batch API Group 2 2 3 Version API Group Version v1beta1 APIServer APIServer Storage Version 2 2 4 Resource HTTP API Endpoint pods HTTP Endpoint Resource Resource Endpoint pod nginx port forward pod nginx logs Endpoint SubResource CRD subresouces spec group stable example com versions name v1 subresources status scale specReplicasPath spec replicas Kind Resource Resource HTTP API Path Kind etcd Kind Resource OperatorHub API Programming Kubernetes",
"objectID": "posts/cloud/cloud_native/kubernetes/k8s_programming/1-basic",
"date": "2021-08-06T05:59:17.000Z",
"description": "K8s 编程需要知晓的一些基本概念",
"weight": 4,
"draft": false,
"author": "Shiori",
"lightgallery": true,
"tags": [
"k8s",
"云计算"
],
"categories": [
"Kubernetes 编程"
]
},
{
"title": "K8s 编程 - 2 - 编程基础",
"uri": "posts/cloud/cloud_native/kubernetes/k8s_programming/2-client-go",
"content": "Kubernetes Controller Programming Kubernetes 1 1 1 k8s io client go Operator k8s io client go Kubernetes client client go Kubernetes Kubernetes 1 x y client go client go client go 9 0 0 1 2 k8s io api k8s io api Kubernetes GroupVersion Pod core Group k8s io api core v1 types go 1 3 k8s io apimachinery k8s io apimachinery Kubernetes API apimachinery API ObjectMeta TypeMeta GetOptions API Machinery API 2 client go 2 1 Go client go import metav1 k8s io apimachinery pkg apis meta v1 k8s io client go tools clientcmd k8s io client go kubernetes config kubeconfig flag String kubeconfig kube config kubeconfig file flag Parse config err clientcmd BuildConfigFromFlags kubeconfig client set clientset err kubernetes NewForConfig config client set pod err clientset CoreV1 Pods book Get example metav1 GetOptions CR ClientSet ClientSet Group Version Client Pod ServiceAccount var run secrets kubernetes io serviceaccount Token kubeconfig ClientSet Kubernetes ServiceAccount config config err rest InClusterConfig err nil kubeconfig config kubeconfig filepath Join kube config envvar os Getenv KUBECONFIG len envvar 0 kubeconfig envvar config err clientcmd BuildConfigFromFlags kubeconfig err nil fmt Printf The kubeconfig cannot loaded v n err os Exit 1 client set clientset err kubernetes NewForConfig config Client JSON APIServer Protobuf cfg err clientcmd BuildConfigFromFlags kubeconfig cfg AcceptContentTypes application vnd kubernetes protobuf application json cfg ContentType application vnd kubernetes protobuf clientset err kubernetes NewForConfig cfg 2 2 ClientSet api APIServer client go Kubernetes APIServer client go README client go Kubernetes API client go API Kubernetes Kubernetes client go client go Kubernetes 2 3 API Kubernetes API Alpha v1alpha1 v1aplpha2 Alpha Beta v1beta1 v1beta2 v2beta1 Beta Beta GA v1 v2 APIServer APIServer v1beta1 API v1 API 3 Kubernetes 3 1 Object Go Kubernetes runtime Object interface k8s io apimachinery pkg runtime Object interface supported API types registered Scheme objects scheme expected serialized wire interface Object provide Scheme allows serializers set kind version group object represented as Object may choose return no op ObjectKindAccessor cases not expected serialized type Object interface GetObjectKind schema ObjectKind DeepCopyObject Object GetObjectKind ObjectKind GVK DeepCopyObject Object schema ObjectKind Kind Object objects serialized Scheme encode type information interface used serialization set type information Scheme onto serialized version object objects cannot serialized unique requirements interface may no op type ObjectKind interface SetGroupVersionKind sets clears intended serialized kind object Passing kind nil clear current setting SetGroupVersionKind kind GroupVersionKind GroupVersionKind returns stored group version kind object empty struct object does not expose provide fields GroupVersionKind GroupVersionKind SetGroupVersionKind Object GVK GroupVersionKind Object GVK Object Kind 3 2 TypeMeta Object interface Kubernetes metav1 TypeMeta GroupVersionKind TypeMeta describes individual object API response request strings representing type object its API schema version Structures versioned persisted inline TypeMeta k8s deepcopy gen false type TypeMeta struct Kind string value representing REST resource object represents Servers may infer endpoint client submits requests to Cannot updated CamelCase info https git k8s io community contributors devel sig architecture api conventions md types kinds optional Kind string json kind omitempty protobuf bytes 1 opt name kind APIVersion defines versioned schema representation object Servers convert recognized schemas latest inter",
"objectID": "posts/cloud/cloud_native/kubernetes/k8s_programming/2-client-go",
"date": "2021-08-10T11:15:27.000Z",
"description": "",
"weight": 4,
"draft": false,
"author": "Shiori",
"lightgallery": true,
"tags": [
"k8s",
"云计算"
],
"categories": [
"Kubernetes 编程"
]
},
{
"title": "K8s 编程 - 3 - Custom Resource",
"uri": "posts/cloud/cloud_native/kubernetes/k8s_programming/3-custom-resource",
"content": "Kubernetes Controller Programming Kubernetes 1 1 7 Kubernetes CR CR Kubernetes etcd APISever HTTP API APIServer apiextensions apiserver CR HTTP CR CustomResourceDefinition CRD Kubernetes CR apiVersion apiextensions k8s io v1beta1 kind CustomResourceDefinition metadata name ats cnat programming kubernetes info spec group cnat programming kubernetes info names kind listKind AtList plural ats singular scope Namespaced subresources status version v1alpha1 versions name v1alpha1 served true storage true CR CRD K8s CRD 2 CRD kubectl CR kubectl CR kubectl kubectl tidbcluster v 7 kubectl APIServer apis API Group curl H Authorization Bearer TOKEN insecure APISERVER apis kind APIGroupList apiVersion v1 groups name apiregistration k8s io versions groupVersion apiregistration k8s io v1 version v1 groupVersion apiregistration k8s io v1beta1 version v1beta1 preferredVersion groupVersion apiregistration k8s io v1 version v1 API Group apis group version GroupVersion Resource Resource curl insecure H Authorization Bearer TOKEN APISERVER apis pingcap com v1alpha1 kind APIResourceList apiVersion v1 groupVersion pingcap com v1alpha1 resources name tidbclusters singularName tidbcluster namespaced true kind TidbCluster verbs delete deletecollection get list patch create update watch shortNames tc storageVersionHash 2dlERqlmc8s kubectl Group pingcap com Version v1alpha1 Resource tidbclusters RESTMapper kubectl kube cache Resource 10min CRD 10min CLI 3 CustomResourceDefinition 3 1 3 2 3 2 1 CRD CR APIServer CRD validation OpenAPI v3 Schema CRD Admission Webhook Webhook OpenAPI 1 14 OpenAPI v3 Schema Schema 1 15 CRD Schema Kubernetes APIServer OpenAPI kubectl foo bar OpenAPI Schema foo kubectl Schema CRD OpenAPI Schema 3 2 2 ShortName Category CRD ShortName kubectl api resource kubectl api resource NAME SHORTNAMES APIVERSION NAMESPACED KIND bindings v1 true Binding componentstatuses cs v1 false ComponentStatus configmaps cm v1 true ConfigMap endpoints ep v1 true Endpoints events ev v1 true Event limitranges limits v1 true LimitRange namespaces ns v1 false Namespace CRD categories kubectl apiVersion apiextensions k8s io v1beta1 kind CustomResourceDefinition metadata name ats cnat programming kubernetes info spec categories 3 2 3 3 2 4 SubResource SubResource HTTP Endpoint HTTP API Path logs portforward exex CRD SubResource scale status 1 Status status CR spec status status Controller spec RBAC status SubResource status SubResource status status API RBAC HTTP endpoint RBAC status SubResource spec status apiVersion rbac authorization k8s io v1 kind Role metadata rules apiGroups resources ats status verbs update patch status Resource HTTP Endpoint status status HTTP Endpoint status metadata status metadata generation spec CRD status SubResource apiVersion apiextensions k8s io v1beta1 kind CustomResourceDefinition spec subresources status status status HTTP API status SubResource CRD Controller HTTP Endpoint status CRD apiVersion apiextensions k8s io v1beta1 kind CustomResourceDefinition spec versions name v1alpha1 served true storage true name v1beta1 served true subresources status 2 Scale scale Deployment ReplicaSet kubectl scale scale kubectl scale replicas 3 your custom resource v 7 I0429 21 17 53 138353 66743 round_trippers go 383 PUT https host apis group v1 your custom resource scale apiVersion apiextensions k8s io v1beta1 kind CustomResourceDefinition spec subresources scale specReplicasPath spec replicas statusReplicasPath status replicas labelSelectorPath status labelSelector sca",
"objectID": "posts/cloud/cloud_native/kubernetes/k8s_programming/3-custom-resource",
"date": "2021-08-17T14:55:49.000Z",
"description": "",
"weight": 4,
"draft": false,
"author": "Shiori",
"lightgallery": true,
"tags": [
"k8s",
"云计算"
],
"categories": [
"Kubernetes 编程"
]
},
{
"title": "K8s 编程 - 4 - 代码生成",
"uri": "posts/cloud/cloud_native/kubernetes/k8s_programming/4-generate-code",
"content": "Kubernetes Controller Programming Kubernetes generate groups sh hack update codegen sh vendor k8s io code generator generate groups sh github com programming kubernetes cnat cnat client go pkg generated github com programming kubernetes cnat cnat client go pkg apis cnat v1alpha1 output base GOPATH src go header file hack boilerplate go txt arg2 client list informer arg3 APIGroup arg4 Group Version output base generator go header code generator deepcopy gen func t T DeepCopy func t T DeepCopyInto T client gen clientset informer gen Informer lister gen Lister List code generator generator APIServer conversion go defaulter gen hack verify codegen sh CI doc go package 1 doc go k8s deepcopy gen package Package v1 v1alpha1 version API groupName cnat programming kubernetes info package v1alpha1 L1 DeepCopy DeepCopy k8s deepcopy gen false L4 APIGroup Go Group Group groupName HTTP API Path groupName groupGoName CR Kind Kind Cnat CNAt groupGoName CNAt client gen type Interface interface Discovery discovery DiscoveryInterface CNatV1 atv1alpha1 CNatV1alpha1Interface 2 API AtSpec defines desired state type AtSpec struct Schedule desired time command supposed executed Note format used UTC time https www utctime net Schedule string json schedule omitempty Command desired command executed Bash shell executed Command string json command omitempty Important Run make regenerate code modifying file AtStatus defines observed state type AtStatus struct Phase represents state schedule until command executed PENDING afterwards DONE Phase string json phase omitempty Important Run make regenerate code modifying file genclient k8s deepcopy gen interfaces k8s io apimachinery pkg runtime Object runs command given schedule type struct metav1 TypeMeta json inline metav1 ObjectMeta json metadata omitempty Spec AtSpec json spec omitempty Status AtStatus json status omitempty k8s deepcopy gen interfaces k8s io apimachinery pkg runtime Object AtList contains list type AtList struct metav1 TypeMeta json inline metav1 ListMeta json metadata omitempty Items At json items 3 deepcopy gen k8s deepcopy gen package DeepCopy DeepCopy k8s deepcopy gen false Helper helper struct not API type type Helper struct 4 runtime Object DeepCopyObject k8s deepcopy gen interfaces k8s io apimachinery pkg runtime Object runtime Object DeepCopyObject DeepCopyObject metav1 TypeMeta 5 client gen genclient client gen client List genclient status spec status genclient noStatus UpdateStatus genclient noStatus client gen UpdateStatus status status status namespace genclient noNamespaced client HTTP genclient noVerbs genclient onlyVerbs create delete genclient skipVerbs get list create update patch delete watch genclient method Create verb create result k8s io apimachinery pkg apis meta v1 Status L5 Create metav1 Status API APIServer genclient method scale scale client genclient method GetScale verb get subresource scale result k8s io api autoscaling v1 Scale genclient method UpdateScale verb update subresource scale input k8s io api autoscaling v1 Scale result k8s io api autoscaling v1 Scale 6 informer gen lister gen informer gen lister gen client gen genclient Informer Lister Programming Kubernetes",
"objectID": "posts/cloud/cloud_native/kubernetes/k8s_programming/4-generate-code",
"date": "2021-08-19T14:41:24.000Z",
"description": "",
"weight": 4,
"draft": false,
"author": "Shiori",
"lightgallery": true,
"tags": [
"k8s",
"云计算"
],
"categories": [
"Kubernetes 编程"
]
},
{
"title": "K8s 编程 - 5 - 发布 Operator",
"uri": "posts/cloud/cloud_native/kubernetes/k8s_programming/5-shipping-controllers",
"content": "Kubernetes Controller Programming Kubernetes 1 1 1 Helm Helm Kubernetes Chart Kubernetes Chart YAML Chart template apiVersion apps v1 kind Deployment metadata name include flagger fullname spec replicas 1 strategy type Recreate selector matchLabels app kubernetes io name template flagger name app kubernetes io instance Release Name template metadata labels app kubernetes io name template flagger name app kubernetes io instance Release Name spec serviceAccountName template flagger serviceAccountName containers name flagger securityContext readOnlyRootFilesystem true runAsUser 10001 image Values image repository Values image tag Some value here helm install Chart Chart latest list charts helm repo update install MySQL helm install stable mysql Released smiling penguin list running apps helm ls NAME VERSION UPDATED STATUS CHART smiling penguin 1 Wed Sep 28 12 59 46 2016 DEPLOYED mysql 0 1 0 remove it helm delete smiling penguin Removed smiling penguin Controller Helm Chart Artifact Hub 1 2 Kustomize Kustomize Kustomize YAML kustomization yaml imageTags name quay io programming kubernetes cnat operator newTag 0 1 0 resources cnat controller yaml cnat controller yaml apiVersion apps v1beta1 kind Deployment metadata name cnat controller spec replicas 1 template metadata labels app cnat spec containers name custom controller image quay io programming kubernetes cnat operator kustomize build cat controller yaml apiVersion apps v1beta1 kind Deployment metadata name cnat controller spec replicas 1 template metadata labels app cnat spec containers name custom controller image quay io programming kubernetes cnat operator 0 1 0l 1 3 ServiceAccount ServiceAccount RBAC Controller Twitter Controller Red Hat OperatorHub CRD Controller 2 Operator Operator Operator Operator Lifecycle Manager OLM OLM Operator 3 3 1 CRD Controller RBAC ServiceAccount Controller default ServiceAccount RBAC ClusterRole RoleBinding Controller Controller watch Service Deployment create update Secret Role Secret MutatingWebhookConfiguration ValidatingWebhook CustomResourceDefinition CRD status audit2rbac 3 2 Controller Kubernetes kboom CI Spawning Kubernetes Clusters CI Integration E2E tests https xmudrii com posts spawn kubernetes ci 3 3 3 3 1 stdout kubectl logs Kubernetes logger interface httplog go interface respLogger klog Google glog Kubernetes Programming Kubernetes",
"objectID": "posts/cloud/cloud_native/kubernetes/k8s_programming/5-shipping-controllers",
"date": "2021-08-20T14:53:38.000Z",
"description": "",
"weight": 4,
"draft": false,
"author": "Shiori",
"lightgallery": true,
"tags": [
"k8s",
"云计算"
],
"categories": [
"Kubernetes 编程"
]
},
{
"title": "K8s 编程 - 6 - Custom APIServer",
"uri": "posts/cloud/cloud_native/kubernetes/k8s_programming/6-custom-api-server",
"content": "Kubernetes Controller Programming Kubernetes Custom APIServer CRD Kubernetes APIServer API Group kubernetes sample apiserver Custom APIServer 1 Custom APISever APIServer CRD APIServer CRD Kubernetes etcd protobuf JSON status scale Finalizer Kubernetes APIServer CPU API HTTP Endpoint CRUD APIGroup APIServer Protobuf exec logs port forward Go CRUD API APIGroup Deployment extension v1 apps v1 2 APIServer APIGroup k8s io apiserver APIServer Kubernetes Pod Service Kubernetes APIServer kube apiserver client APIServer kube apiserver APIServer kube apiserver APIServer kube apiserver kube aggregator API API Aggregate APIServer kube apiserver kube apiserver apis HTTP Path APIServer kube aggregator Proxy HTTP Path apis group name version Discovery kube aggregator APIServer Discovery Endpoint apis apis group name APIServer 2 1 APIService CRD Kubernetes APIServer APIServer APIService apiVersion apiregistration k8s io v1 kind APIService metadata name name spec group API group name version API group version service namespace custom API server service namespace name API server service port 1234 caBundle base64 caBundle groupPriorityMinimum 2000 versionPriority 20 spec service APIServer service ClusterIP Service ExternalName Service spec caBundle APIServer spec groupPriorityMinimum Group APIService groupPriorityMinimum spec versionPriority Group Kubernetes API groupPriorityMinimum var apiVersionPriorities map schema GroupVersion priority Group Version v1 group 18000 version 1 knowledge nothing below collides Group apps Version v1 group 17800 version 15 Group events k8s io Version v1 group 17750 version 15 Group events k8s io Version v1beta1 group 17750 version 5 Group authentication k8s io Version v1 group 17700 version 15 Group authorization k8s io Version v1 group 17600 version 15 Group autoscaling Version v1 group 17500 version 15 Group autoscaling Version v2beta1 group 17500 version 9 Group autoscaling Version v2beta2 group 17500 version 1 Group batch Version v1 group 17400 version 15 Group batch Version v1beta1 group 17400 version 9 Group batch Version v2alpha1 group 17400 version 9 Group certificates k8s io Version v1 group 17300 version 15 Group networking k8s io Version v1 group 17200 version 15 Group policy Version v1 group 17100 version 15 Group policy Version v1beta1 group 17100 version 9 Group rbac authorization k8s io Version v1 group 17000 version 15 Group storage k8s io Version v1 group 16800 version 15 Group storage k8s io Version v1beta1 group 16800 version 9 Group storage k8s io Version v1alpha1 group 16800 version 1 Group apiextensions k8s io Version v1 group 16700 version 15 Group admissionregistration k8s io Version v1 group 16700 version 15 Group scheduling k8s io Version v1 group 16600 version 15 Group coordination k8s io Version v1 group 16500 version 15 Group node k8s io Version v1 group 16300 version 15 Group node k8s io Version v1alpha1 group 16300 version 1 Group node k8s io Version v1beta1 group 16300 version 9 Group discovery k8s io Version v1 group 16200 version 15 Group discovery k8s io Version v1beta1 group 16200 version 12 Group flowcontrol apiserver k8s io Version v1beta1 group 16100 version 12 Group flowcontrol apiserver k8s io Version v1alpha1 group 16100 version 9 Group internal apiserver k8s io Version v1alpha1 group 16000 version 9 Append new group end list unsure use min existing group 100 initial value group Version set 9 to space around new group API Group APIService 2 2 Custom APIServer Custom APIServer Kubernetes APIServer kube aggrega",
"objectID": "posts/cloud/cloud_native/kubernetes/k8s_programming/6-custom-api-server",
"date": "2021-08-22T07:32:49.000Z",
"description": "",
"weight": 4,
"draft": false,
"author": "Shiori",
"lightgallery": true,
"tags": [
"k8s",
"云计算"
],
"categories": [
"Kubernetes 编程"
]
},
{
"title": "K8s 编程 - 7 - Admission Webhook",
"uri": "posts/cloud/cloud_native/kubernetes/k8s_programming/7-admission-webhook",
"content": "Kubernetes Controller Programming Kubernetes agnhost webhook Admission Webhook Custom APIServer Admission APISever Admission Plugin Mutating Validating Admission Plugin APISever APISever Admission Webhook Admission Webhook Admission Plugin Quota Plugin Admission Webhook Webhook Server APISever ValidatingWebhookConfiguration MutatingWebhookConfiguration APISever Webhook Server RBAC Webhook Server 1 WebhookConfiguration ValidatingWebhookConfiguration MutatingWebhookConfiguration APIServer Validating Mutating Webhook Server ValidatingWebhookConfiguration MutatingWebhookConfiguration apiVersion admissionregistration k8s io v1 kind ValidatingWebhookConfiguration metadata name pod policy example com webhooks name pod policy example com objectSelector matchLabels foo bar namespaceSelector matchExpressions key runlevel operator NotIn values 0 1 matchPolicy Equivalent rules apiGroups apiVersions v1 operations CREATE resources pods scope Namespaced clientConfig url https my webhook example com 9443 my webhook path service namespace example namespace name example service caBundle Ci0tLS0tQk tLS0K admissionReviewVersions v1 v1beta1 sideEffects None timeoutSeconds 5 reinvocationPolicy IfNeeded failurePolicy Fail webhooks webhook servers name webhook name clientConfig APIServer URL Service admissionReviewVersions webhook server AdmissionReview sideEffects Webhook Side effect timeoutSeconds 1 30 APIServer webhook server failure policy rules objectSelector object label APIServer namespaceSelector namespace APIServer matchPolicy rule reinvocationPolicy webhook object failurePolicy 1 1 1 1 1 rules webhook rules APIServer webhook server operation group version resource scope rules apiGroups apiVersions v1 operations CREATE resources pods scope Namespaced operations CREATE UPDATE DELETE CONNECT apiGroups API Group core API API Group apiVersions API Group resources API Group resource resource subresource resource subresource pods Pod subresource status resource status subresource scope resource subresource Cluster Namespaced 1 1 2 objectSelector objectSelector object label rules objectSelector label foo bar apiVersion admissionregistration k8s io v1 kind MutatingWebhookConfiguration webhooks name my webhook example com objectSelector matchLabels foo bar rules operations CREATE apiGroups apiVersions resources scope 1 1 3 namespaceSelector namespaceSelector object namespace apiVersion admissionregistration k8s io v1 kind MutatingWebhookConfiguration webhooks name my webhook example com namespaceSelector matchExpressions key runlevel operator NotIn values 0 1 rules operations CREATE apiGroups apiVersions resources scope Namespaced 1 1 4 matchPolicy API Group Deployment extensions v1beta1 apps v1beta1 matchPolicy rules Exact Equivalent APIGroup matchPolicy extensions v1beta1 Deployment apiVersion admissionregistration k8s io v1 kind ValidatingWebhookConfiguration webhooks name my webhook example com matchPolicy Equivalent rules operations CREATE UPDATE DELETE apiGroups apps apiVersions v1 resources deployments scope Namespaced extensions v1beta1 Deployment APIServer v1 Webhook 1 2 Webhook 1 2 1 URL URL webhook server URL URL user password URL apiVersion admissionregistration k8s io v1 kind MutatingWebhookConfiguration webhooks name my webhook example com clientConfig url https my webhook example com 9443 my webhook path 1 2 2 Service Webhook Server Service port 443 path apiVersion admissionregistration k8s io v1 kind MutatingWebhookConfiguration webhooks name my webhook example com clientConfig caBundle Ci0tLS0tQk tLS0K service namespace my service namespace name my service name path my path port 1234 1 3 Side effects Webhook Server AdmissionReview Side effect sideEffects Webhook Server dryRun dryRun true Unknown dryRun Webhook None ",
"objectID": "posts/cloud/cloud_native/kubernetes/k8s_programming/7-admission-webhook",
"date": "2021-09-21T06:58:07.000Z",
"description": "",
"weight": 4,
"draft": false,
"tags": [
"k8s",
"云计算"
],
"categories": [
"Kubernetes 编程"
]
},
{
"title": "K8s 编程 - 8 - Custom Scheduler",
"uri": "posts/cloud/cloud_native/kubernetes/k8s_programming/8-extend-scheduler",
"content": "kube scheduler Kubernetes Scheduler Kubernetes 1 Scheduler Framework Scheduler Framework Plugin Plugin Plugin KubeSchedulerConfiguration 1 1 QueueSort type QueueSortPlugin interface Plugin Less QueuedPodInfo QueuedPodInfo bool scheduling queue Pod QueueSort Plugin QueueSort Plugin Less Pod1 Pod2 PreFilter type PreFilterPlugin interface Plugin PreFilter ctx context Context state CycleState p v1 Pod Status PreFilterExtensions PreFilterExtensions Pod Pod PreFilter Plugin error Filter type FilterPlugin interface Plugin Filter ctx context Context state CycleState pod v1 Pod nodeInfo NodeInfo Status Pod Node Node Filter Plugin Filter Plugin Node Filter Plugin Node Filter PostFilter type PostFilterPlugin interface Plugin PostFilter ctx context Context state CycleState pod v1 Pod filteredNodeStatusMap NodeToStatusMap PostFilterResult Status Filter Pod Node PostFilter Plugin Node Schedulable PostFilter Plugin PostFilter Plugin Pod Pod PreScore type PreScorePlugin interface Plugin PreScore ctx context Context state CycleState pod v1 Pod nodes v1 Node Status Score Plugin PreScore error Score type ScorePlugin interface Plugin Score ctx context Context state CycleState p v1 Pod nodeName string int64 Status ScoreExtensions ScoreExtensions Node Node Score Plugin NormalizeScore Scheduler NormalizeScore type ScoreExtensions interface NormalizeScore ctx context Context state CycleState p v1 Pod scores NodeScoreList Status Node Node NormalizeScore Plugin Plugin Plugin BlinkingLightScorer Node blinking lights func ScoreNode _ v1 pod n v1 Node int error return getBlinkingLightCount n NodeScoreMax blinking lights BlinkingLightScorer func NormalizeScores scores map string int highest 0 _ score range scores highest max highest score node score range scores scores node score NodeScoreMax highest NormalizeScore Plugin error Reserve type ReservePlugin interface Plugin Reserve ctx context Context state CycleState p v1 Pod nodeName string Status Unreserve ctx context Context state CycleState p v1 Pod nodeName string Reserve Plugin Reserve Unreserve Reserve Unreserve Node Pod Pod Node Pod Node Pod Node Pod Pod reserved Unreserve Postbind Permit type PermitPlugin interface Plugin Permit ctx context Context state CycleState p v1 Pod nodeName string Status time Duration Permit Plugin Node Permit Plugin approve Permit Plugin approve Pod deny Permit Plugin deny Pod Unreserve wait with timeout Permit Plugin wait Pod waiting Pod list Pod approve wait timeout deny Pod 1 2 PreBind type PreBindPlugin interface Plugin PreBind ctx context Context state CycleState p v1 Pod nodeName string Status Pod PreBind Plugin network volume Node PreBind Plugin error Pod Bind type BindPlugin interface Plugin Bind ctx context Context state CycleState p v1 Pod nodeName string Status Pod Node Bind Plugin Bind Plugin Pod Bind Plugin Pod Bind Plugin PostBind type PostBindPlugin interface Plugin PostBind ctx context Context state CycleState p v1 Pod nodeName string PostBind Plugin 2 Scheduler Scheduler Plugin Plugin 2 1 Scheduling Policy Scheduling Policy Predicates Priorities Extender 1 22 kube scheduler scheduler name Scheduler Policy Multiple Profiles Scheduler Policy Scheduling Profiles Schedule Policy default scheduler Scheduling Profiles Scheduling Policy yaml json kind Policy apiVersion v1 predicates name NoVolumeZoneConflict name MaxEBSVolumeCount name MaxAzureDiskVolumeCount name NoDiskConflict name GeneralPredicates name PodToleratesNodeTaints name CheckVolumeBinding ",
"objectID": "posts/cloud/cloud_native/kubernetes/k8s_programming/8-extend-scheduler",
"date": "2021-09-22T12:19:47.000Z",
"description": "",
"weight": 4,
"draft": false,
"author": "Shiori",
"lightgallery": true,
"tags": [
"k8s",
"云计算"
],
"categories": [
"Kubernetes 编程"
]
},
{
"title": "K8s 实现 - CSI 实现",
"uri": "posts/cloud/cloud_native/kubernetes/k8s_programming/csi-implementation",
"content": "Kubernetes CSI Volume Kubernetes 1 Interface Kubernetes CSI RPC Service CSI Identity CSI CSI Controller Volume CSI Node Node Service Interface RPC csi proto 1 1 CSI Identity CSI Identity service Identity name version rpc GetPluginInfo GetPluginInfoRequest returns GetPluginInfoResponse rpc GetPluginCapabilities GetPluginCapabilitiesRequest returns GetPluginCapabilitiesResponse rpc Probe ProbeRequest returns ProbeResponse 1 2 CSI Controller CSI Controller Volume Provision Delete Attach Detach Snapshot Controller Master service Controller Volume rpc CreateVolume CreateVolumeRequest returns CreateVolumeResponse Volume rpc DeleteVolume DeleteVolumeRequest returns DeleteVolumeResponse Attach Volume Node rpc ControllerPublishVolume ControllerPublishVolumeRequest returns ControllerPublishVolumeResponse Detach Volume rpc ControllerUnpublishVolume ControllerUnpublishVolumeRequest returns ControllerUnpublishVolumeResponse Volume rpc ValidateVolumeCapabilities ValidateVolumeCapabilitiesRequest returns ValidateVolumeCapabilitiesResponse Volume rpc ListVolumes ListVolumesRequest returns ListVolumesResponse rpc GetCapacity GetCapacityRequest returns GetCapacityResponse Controller rpc ControllerGetCapabilities ControllerGetCapabilitiesRequest returns ControllerGetCapabilitiesResponse Snapshot rpc CreateSnapshot CreateSnapshotRequest returns CreateSnapshotResponse Snapshot rpc DeleteSnapshot DeleteSnapshotRequest returns DeleteSnapshotResponse Snapshot rpc ListSnapshots ListSnapshotsRequest returns ListSnapshotsResponse Volume rpc ControllerExpandVolume ControllerExpandVolumeRequest returns ControllerExpandVolumeResponse Volume rpc ControllerGetVolume ControllerGetVolumeRequest returns ControllerGetVolumeResponse option alpha_method true 1 3 CSI Node CSI Node Node MountDevice Setup service Node Volume MountDevice rpc NodeStageVolume NodeStageVolumeRequest returns NodeStageVolumeResponse Volume rpc NodeUnstageVolume NodeUnstageVolumeRequest returns NodeUnstageVolumeResponse Volume Pod Setup rpc NodePublishVolume NodePublishVolumeRequest returns NodePublishVolumeResponse Volume Pod rpc NodeUnpublishVolume NodeUnpublishVolumeRequest returns NodeUnpublishVolumeResponse Volume rpc NodeGetVolumeStats NodeGetVolumeStatsRequest returns NodeGetVolumeStatsResponse Volume rpc NodeExpandVolume NodeExpandVolumeRequest returns NodeExpandVolumeResponse Node stage unstage rpc NodeGetCapabilities NodeGetCapabilitiesRequest returns NodeGetCapabilitiesResponse rpc NodeGetInfo NodeGetInfoRequest returns NodeGetInfoResponse 2 CSI Volume Plugin Kubernetes Volume Plugin Volume Volume Plugin Provision Attach CSI Plugin RPC Volume Plugin CSI Plugin Volume Plugin CSI Plugin Kubernetes CSI Volume Plugin Adpator Controller Kubelet CSI Volume Plugin Volume Plugin CSI Volume Plugin Sidecar CSI Driver 2 1 CSI Volume Plugin CSI Volume Plugin csiPlugin VolumePlugin Interface csiPlugin implement VolumePlugin type csiPlugin struct host volume VolumeHost csiDriverLister storagelisters CSIDriverLister serviceAccountTokenGetter func namespace name string tr authenticationv1 TokenRequest authenticationv1 TokenRequest error volumeAttachmentLister storagelisters VolumeAttachmentLister func p csiPlugin NewMounter spec volume Spec pod api Pod _ volume VolumeOptions volume Mounter error func p csiPlugin NewUnmounter specName string podUID types UID volume Unmounter error func p csiPlugin NewAttacher volume Attacher error func p csiPlugin NewDeviceMounter volume DeviceMounter error func p csiPlugin NewDetacher volume Detacher error host Kubelet CSI Plugin Node Service Node 2 2 Provision Delete CSI Plugin PVC PV Provision Delete Volume csiPlugin ProvisionableVolumePlugin DeletableVolumePlugin Interface Volume CSI Plugin Watch PVC Sidecar external provisioner 2 3 Attach Detach Attach Detach In Tree csiPlugin csiPlugin NewAttacher NewDetacher func p csiPlugin NewAttacher volume Attacher error func p csiPlugin NewDetacher volume Detacher error Attacher Detacher csiAttacher Attach Detach VolumeAttachment type csiA",
"objectID": "posts/cloud/cloud_native/kubernetes/k8s_programming/csi-implementation",
"date": "2021-11-20T08:22:28.000Z",
"description": "CSI 概念与实现",
"weight": 4,
"draft": false,
"author": "Shiori",
"lightgallery": true,
"tags": [
"k8s",
"云计算"
],
"categories": [
"Kubernetes 编程"
]
},
{
"title": "Thinking in Operator",
"uri": "posts/cloud/cloud_native/kubernetes/k8s_programming/thinking-in-opeator",
"content": "Operator Status Upgrade Scale Operator Operator Spec Desired Config Current Config Current Config Desired Config Spec DesiredConfig Status CurrentConfig Status DesiredConfig Status CurrentConfigCount Status DesiredConfigCount optional Spec Generation optional Status ObservedGeneration Spec DesiredConfig Status CurrentConfig Status CurrentConfig Status DesiredConfig Status CurrentConfigCount Status DesiredConfigCount DesiredConfig DesiredConfig B DesiredConfig Generation StatefulSet StatefulSet Upgrade Upgrade StatefulSet Upgrade Kubernetes Update Rollback status currentReplicas 3 updatedReplicas 3 currentRevision main cluster pd 6584676774 updateRevision main cluster pd 6584676774 observedGeneration 4 Sts Revision Spec DesiredConfig Sts Generation observedGeneration generation currentRevision updateRevision Sts Spec generation observedGeneration generation Sts Controller Spec Revision Spec DesiredConfig Generation Operator Initialize Scale Upgrade Scale Upgrade Kubernetes Status flagSeted ReadFlagFromStatus cluster shouldOperate ShouldOpearte cluster shouldOperate flagSeted unset flag end operation return UnsetFlag cluster done return nil flagSeted set flag begin operatiron return SetFlag cluster operate return Operate cluster Flag Read Write Operator Read Write observe resource resources Observe cluster optional progress operate OperateA resources operate OperateB resources Read Write Resource Operate Resource Resource Resource Operate func Operate resources Resources shouldOperate ShouldOperate resources couldOperate CouldOperate resources shouldOperate return couldOperate return operate Operate Operate",
"objectID": "posts/cloud/cloud_native/kubernetes/k8s_programming/thinking-in-opeator",
"date": "2022-09-13T12:09:34.000Z",
"description": "",
"weight": 4,
"draft": false,
"author": "Shiori",
"lightgallery": true,
"tags": [
"k8s",
"云计算"
],
"categories": [
"Kubernetes 编程"
]
},
{
"title": "K8s 实现 - Volume 实现",
"uri": "posts/cloud/cloud_native/kubernetes/k8s_programming/volume-implementation",
"content": "Kubernetes Volume CSI Volume Kubernetes 1 Base Interface Kubernetes Volume Plugin Interface 1 1 VolumePlugin Interface Volume Plugin VolumePlugin Interface type Spec struct Volume v1 Volume PersistentVolume v1 PersistentVolume ReadOnly bool InlineVolumeSpecForCSIMigration bool Migrated bool VolumePlugin interface volume plugins used kubernetes node e g kubelet instantiate manage volumes type VolumePlugin interface Init plugin Init host VolumeHost error Name plugin name example com volume kubernetes io kubernete Volume GetPluginName string GetVolumeName spec volume name id Attach Detach name plugin volume GetVolumeName spec Spec string error CanSupport plugin spec CanSupport spec Spec bool RequiresRemount plugin volume RequiresRemount spec Spec bool NewMounter Mounter NewMounter spec Spec podRef v1 Pod opts VolumeOptions Mounter error NewUnmounter UnMounter NewUnmounter name string podUID types UID Unmounter error ConstructVolumeSpec volume name spec ConstructVolumeSpec volumeName volumePath string Spec error SupportsMountOption SupportsMountOption bool SupportsBulkVolumeVerification checks volume plugin type capable enabling bulk polling nodes speed verification attached volumes quite bit underlying pluging support it SupportsBulkVolumeVerification bool VolumePlugin Plugin Interface PersistentVolumePlugin Volume RecyclableVolumePlugin Recycle Volume DeletableVolumePlugin Delete Volume ProvisionableVolumePlugin Provision Volume DeviceMountableVolumePlugin Device Volume Pod AttachableVolumePlugin Attach Node Device Volume Pod ExpandableVolumePlugin Volume Expand NodeExpandableVolumePlugin Volume Node Expand VolumePluginWithAttachLimits Node Attach Volume BlockVolumePlugin Block Volume Interface DeletableVolumePlugin Delete Volume Plugin type DeletableVolumePlugin interface VolumePlugin NewDeleter spec Spec Deleter error ProvisionableVolumePlugin Provisioner Volume Plugin type ProvisionableVolumePlugin interface VolumePlugin NewProvisioner options VolumeOptions Provisioner error AttachableVolumePlugin Attach Detach Volume Plugin type AttachableVolumePlugin interface DeviceMountableVolumePlugin NewAttacher Attacher error NewDetacher Detacher error CanAttach spec Spec bool error DeviceMountableVolumePlugin Mount Unmount Volume Plugin type DeviceMountableVolumePlugin interface VolumePlugin NewDeviceMounter DeviceMounter error NewDeviceUnmounter DeviceUnmounter error GetDeviceMountRefs deviceMountPath string string error CanDeviceMount spec Spec bool error VolumePlugin Interface Volume Mounter Interface 1 2 Control Interface Mount Provision Interface Control Interface Plugin Volume SetUp Mounter Control Interface Control Interface Mounter CanMount SetUp SetUp SetUpAt Pod Volume Unmounter TearDown TearDownAt Pod Volume CustomBlockVolumeMapper SetUpDevice Pod Device MapPodDevice Device Pod CustomBlockVolumeUnmapper TearDownDevice Pod Device UnmapPodDevice Device Provisioner Provision Volume Deleter Delete Volume Attacher Attach Attach Volume Node VolumesAreAttached Node attached Volume Detacher Detach Detach Volume DeviceMounter MountDevice attached Volume DeviceUnmounter UnmountDevice attached Volume Control Interface Volume represents directory used pods hosts node method implementations methods volume interface idempotent type Volume interface GetPath volume GetPath string MetricsProvider MetricsProvider Mounter Pod Volume type Mounter interface Volume CanMount Setup Mount CanMount error SetUp Pod Volume SetUp mounterArgs MounterArgs error SetUpAt Pod Volume dir SetUpAt dir string mounterArgs MounterArgs error GetAttributes Volume GetAttributes Attributes Unmounter interface provides methods cleanup unmount volumes type Unmounter interface Volume TearDown Pod TearDown error TearDown Pod TearDownAt dir string error BlockVolumeMapper interface mapper interface block volume type BlockVolumeMapper interface BlockVolume type Provisioner interface Provision Volume Provision selectedNode v",
"objectID": "posts/cloud/cloud_native/kubernetes/k8s_programming/volume-implementation",
"date": "2021-11-11T14:35:42.000Z",
"description": "Kubernetes Volume 的背后原理",
"weight": 4,
"draft": false,
"author": "Shiori",
"lightgallery": true,
"tags": [
"k8s",
"云计算"
],
"categories": [
"Kubernetes 编程"
]
},
{
"title": "跨云访问资源",
"uri": "posts/cloud/cloud_practice/access-resources-across-clouds",
"content": "AWS AK SK GCP ServiceAccount Key Service 1 1 1 GCP Workload Identity Federation GCP Service Account Key GCP Cloud Service Account GCP Workload Identity Federation GCP Workload Identity Federation OAuth 2 Token Exchange Identity Provider ID Token Service Account Token GCP Client Token Service Account GCP GCP Workload Identity Pool Identity Provider Service Account Workload Identity Pool Connected Service Accounts Service Account Workload Identity Pool Service Account Server Account Principals Pool Name Principals Pool Identity Provider Identity Providers Identity Providers Token Token Identity Provider AWS AWS Role Service Account OIDC OIDC Identity Provider ID Token Service Account SAML GCP Workload Identity Federation 1 2 AWS IAM Role AWS Role Trust Relationship Role Identity Assume Role AWS IAM Role OIDC Identity Provider ID Token Assume Role Role IAM Policy Version 2012 10 17 Statement Effect Allow Action sts AssumeRoleWithWebIdentity Principal Federated accounts google com Condition StringEquals accounts google com aud 123 Principal Federated OIDC Identity Provider Condition StringEquals ID Token Audience Issuer 2 AWS Instance GCP GCP SDK EC2 metadata AWS SDK AWS Workload Identity Federation Service Account Token SDK Service Account GCP 2 1 EC2 Instance Instance Profile Role Workload Identity Pool OIDC Identity Provider Workload Identity Pool gcloud iam workload identity pools create pool_id location global description My AWS Identity Pool display name pool_id AWS Identity Provider gcloud iam workload identity pools providers create aws provider_id location global workload identity pool pool_id account id aws_account Configuring workload identity federation Workload Identity Pool Service Account gcloud iam service accounts add iam policy binding sa_email role roles iam workloadIdentityUser member principalSet iam googleapis com projects projectnumber locations global workloadIdentityPools poolid attribute awsrole arn aws sts awsaccount assumed role aws_role pool principal project number project Credential SDK CLI GCP SDK CLI Workload Identity Pool Token Credential SDK CLI Credential CLI gcloud iam workload identity pools create cred config projects projectnumber locations global workloadIdentityPools poolid providers provider_id service account sa_email Service Account aws output file credentials json Credentials type external_account audience iam googleapis com projects projectnumber locations global workloadIdentityPools poolid providers provider_id subjecttokentype urn ietf params aws token type aws4_request token_url https sts googleapis com v1 token credential_source environment_id aws1 region_url http 169 254 169 254 latest meta data placement availability zone url http 169 254 169 254 latest meta data iam security credentials regionalcredverification_url https sts region amazonaws com Action GetCallerIdentity Version 2011 06 15 serviceaccountimpersonationurl https iamcredentials googleapis com v1 projects serviceAccounts saname project_id iam gserviceaccount com generateAccessToken Instance SDK CLI Credentials GCP CLI gcloud auth login cred file file Service Account gcloud auth login cred file credentials json Authenticated external account credentials for sa_email 3 GCP AWS GCP Service Account Service Account OIDC ID Token Service Account AWS IAM Role Trust Relationship Service Account ID Token AssumeRoleWithIdentity GCP AWS 3 1 VM Instance Service Account AWS Role Trust Relationship Service Account Token AssumeRoleWithIdentity Version 2012 10 17 Statement Sid RoleForGoogle Effect Allow Principal Federated accounts google com Action sts AssumeRoleWithWebIdentity Condition StringEquals accounts google com aud saclientid VM Instance Service Account Token AWS Metadata Server Instance Service Account ID Token instance_name curl H Metadata Flavor Google http metadata google internal computeMetadata v1 instance name project_id ",
"objectID": "posts/cloud/cloud_practice/access-resources-across-clouds",
"date": "2022-10-25T05:54:10.000Z",
"description": "",
"weight": 4,
"draft": false,
"author": "Shiori",
"lightgallery": true,
"tags": [
"aws",
"gcp",
"云计算"
],
"categories": [
"Cloud Practice"
]
},
{
"title": "Kubernetes 跨集群网络联通",
"uri": "posts/cloud/cloud_practice/across-kubernetes",
"content": "Kubernetes 1 TiDB Multi Kubernetes TiDB Multi Kubernetes Kubernetes IP Domain Multi Kubernetes DNS Domain DNS Pod IP 2 Multi Kubernetes EKS VPC EKS VPC Peering GKE GKE Multi Kubernetes Tunnel submariner io submariner Kubernetes Pod Kubernetes Pod Kubernetes Kubernetes Kubernetes NodePort Cluster1 Node1 Node2 Cluster2 NodePort 3 DNS 3 1 DNS Pod DNS Service DNS CoreDNS Cluster Cluster Cluster1 Pod Cluster1 CoreDNS Cluster1 Pod DNS Cluster1 CoreDNS Cluster1 CoreDNS Cluster2 CoreDNS Cluster1 CoreDNS Domain Cluster2 Cluster2 CoreDNS Cluster2 CoreDNS Cluster1 CoreDNS Cluster2 CoreDNS Domain Cluster2 Pod IP Cluster1 CoreDNS Cluster1 CoreDNS Cluster1 Pod Cluster1 CoreDNS Cluster1 Pod Cluster1 Pod Cluster2 Pod CoreDNS Cluster Kubernetes Service Service IP Pod Cluster1 Pod Cluster2 AWS GCP Route Service IP Pod Cluster1 Pod Cluster2 Cluster2 kube proxy Service IP Cluster2 3 2 CoreDNS Domain Cluster2 CoreDNS CoreDNS Customizing DNS Service CoreDNS K8s 2 Service Kubernetes Domain Pod Service Pod Domain pod svc svc Service Domain svc DNS Domain Multi Kubernetes Cluster Domain CoreDNS apiVersion v1 kind ConfigMap metadata name coredns namespace kube system data Corefile 53 default 53 CoreDNS Kubernetes Cluster Domain Cluster kubelet cluster domain Cluster Domain Cluster Cluster Multi Kubernetes Cluster Domain cluster local Pod Cluster Pod apiVersion v1 kind ConfigMap metadata name coredns namespace kube system data Corefile 53 default svc cluster local 53 Multi Cluster namespace 4 AWS 4 1 EKS EKS VPC CIDR eksctl create cluster name test cluster with oidc ssh access managed region us west 2 instance types m5 xlarge nodes 3 eksctl create cluster name test cluster 2 with oidc ssh access managed region us west 2 instance types m5 xlarge nodes 3 vpc cidr 10 0 0 0 16 EKS eksctl cluster test cluster NAME VERSION STATUS CREATED VPC SUBNETS SECURITYGROUPS test cluster 1 20 ACTIVE 2021 09 30T11 53 19Z vpc 0409bd99d5e2b6f5b subnet 00d1a0abdaf60021b subnet 0a9fca73d25257d90 subnet 0aee90db41909f538 subnet 0c81d647b53fe567a subnet 0dcd3f3da03b5e767 subnet 0f80939acbdda6357 sg 00985dc11204cfeda eksctl cluster test cluster 2 NAME VERSION STATUS CREATED VPC SUBNETS SECURITYGROUPS test cluster 2 1 20 ACTIVE 2021 09 30T12 19 39Z vpc 0e35ec388cb70e7fc subnet 012fa5481e326aafc subnet 0586d236d85ed6893 subnet 0d5695aa8970fea2d subnet 0d61b543c82d94d14 subnet 0d740e2366cf2778f subnet 0def1a48342d72d32 sg 0d914515ffd1173b5 Region VPC EKS Region 1 2 k1 k2 kubectl kubeconfig 4 2 EKS Pod Host Network Node AWS VPC Subnet VPC AWS VPC Peering VPC Route Table VPC ACL Subnet ACL Security Group Instance Security Group VPC Peering VPC 4 2 1 VPC Peering Create VPC Peering VPC1 VPC2 aws ec2 create vpc peering connection vpc id vpc 0409bd99d5e2b6f5b peer vpc id vpc 0e35ec388cb70e7fc VpcPeeringConnection AccepterVpcInfo OwnerId 385595570414 VpcId vpc 0e35ec388cb70e7fc Region us west 2 ExpirationTime 2021 10 07T12 53 36 00 00 RequesterVpcInfo CidrBlock 192 168 0 0 16 CidrBlockSet CidrBlock 192 168 0 0 16 OwnerId 385595570414 PeeringOptions AllowDnsResolutionFromRemoteVpc false AllowEgressFromLocalClassicLinkToRemoteVpc false AllowEgressFromLocalVpcToRemoteClassicLink false VpcId vpc 0409bd99d5e2b6f5b Region us west 2 Status Code pending acceptance Message Pending Acceptance 385595570414 Tags VpcPeeringConnectionId pcx",
"objectID": "posts/cloud/cloud_practice/across-kubernetes",
"date": "2021-09-30T07:25:32.000Z",
"description": "跨 Kubernetes 集群网络连通",
"weight": 4,
"draft": false,
"author": "Shiori",
"lightgallery": true,
"tags": [
"k8s",
"云计算"
],
"categories": [
"Cloud Practice"
]
},
{
"title": "Kubernetes 集群搭建",
"uri": "posts/cloud/cloud_practice/create-cluster",
"content": "Kubernetes 1 3 Master Node Work Node centos 7 2 GB copy Node 1 Node 2 Node 3 VirtualBox Nat Node IP 10 0 2 10 10 0 2 12 ssh DNAT NodeNatNetwork hostname IP VirtualBox Nat 2 K8s kubeadm k8s Node 1 Master 2 1 kubeadm kubelet kubectl kubeadm kubelet kubectl Installing kubeadm 2 2 kubeadm init Master Node 1 kubeadm init Master kubeadm Kubernetes etc kubernetes static pod apiserver controller manager etcd scheduler kubeadm bootstrap token token kubeadm swap kubeadm swap swapoff a kubectl 8080 kubectl kubeadm etc kubernetes admin conf admin conf kube config 2 3 kubeadm join token kubead init kubeadm join Node 1 Node 2 root Node 2 kubeadm join 10 0 2 10 6443 token mahrou d3uodof21i3d6yxk discovery token ca cert hash sha256 21dfe4ef6b3bbd89f803bf44ff6eda587874336d103d0e4a3b v 5 kubelet pod kube proxy Node 1 nc ip ping Node 1 tcpdump Node 3 iptables Node 2 Node 3 IP kubectl 2 4 kubectl nodes NotReady kubectl describe node node 1 Network Plugin 3 Ready Pod Weave kubectl apply f https cloud weave works k8s net k8s version kubectl version base64 tr d n Weave BAAC Pod DaemonSet DaemonSet Node Pod weave net pod 4 Rook kubectl apply f https raw githubusercontent com rook rook master cluster exampleskubernetes ceph common yaml kubectl apply f https raw githubusercontent com rook rook master cluster exampleskubernetes ceph operator yaml kubectl apply f https raw githubusercontent com rook rook master cluster examples kubernetes ceph cluster yaml rook namespace DaemonSet Pod",
"objectID": "posts/cloud/cloud_practice/create-cluster",
"date": "2020-10-15T12:10:35.000Z",
"description": "使用虚拟机搭建 Kubernetes 集群",
"weight": 4,
"draft": false,
"author": "Shiori",
"tags": [
"k8s",
"云计算"
],
"categories": [
"Cloud Practice"
]
},
{
"title": "Kubernetes 中调试 Pod",
"uri": "posts/cloud/cloud_practice/debug-pod",
"content": "1 Ephemeral Container kubectl debug Pod Ephemeral Container Pod Ephemeral Container Kubernetes 1 23 beta kubectl debug it podname image busybox target containername it stdin image image target process namespace Kubernetes Pod debug xxxx Ephemeral Container Pod apiVersion v1 kind Pod metadata spec containers source container ephemeralContainers image busybox imagePullPolicy Always name debugger p9dff resources stdin true targetContainerName pump terminationMessagePath dev termination log terminationMessagePolicy File tty true status containerStatuses ephemeralContainerStatuses containerID containerd 0a2679a36b18f4738398176d2692b9d0c3760a9e9e767612a15a7f37c3bce45b image docker io library busybox latest imageID docker io library busybox sha256 caa382c432891547782ce7140fb3b7304613d3b0438834dce1cad68896ab110a lastState name debugger p9dff ready false restartCount 0 state running startedAt 2022 03 29T06 25 49Z Ephemeral Container Pod Pod kubectl delete pod pod_name 2 Pod Ephemeral Container Pod Pod Pod 2 1 Pod podname Pod Pod copypod_name Pod kubectl debug podname it image ubuntu share processes copy to copypod_name it stdin image image share processes Pod process namespace Pod 2 2 Pod podname Pod Pod copypodname containername kubectl debug podname it container containername copy to copypodname sh image image kubectl debug podname it set image containername ubuntu 2 3 replace false true Pod Pod StatefulSet PVC Pod Pod same node flase true Pod Pod Node pod spec nodeName env Pod 3 Node kubectl debug Node Pod Node kubectl debug node node_name it image ubuntu Pod Node IPC Net PID Node rootfs Pod host Debug Running Pods",
"objectID": "posts/cloud/cloud_practice/debug-pod",
"date": "2022-03-29T06:07:03.000Z",
"description": "Ephemeral Container",
"weight": 4,
"draft": false,
"author": "Shiori",
"lightgallery": true,
"tags": [
"k8s",
"云计算"
],
"categories": [
"Cloud Practice"
]
},
{
"title": "使用 KubeBuilder 编写 Controller",
"uri": "posts/cloud/cloud_practice/kubebuilder",
"content": "1 kubebuilder init KubeBuilder Controller var scheme runtime NewScheme setupLog ctrl Log WithName setup func init utilruntime Must clientgoscheme AddToScheme scheme kubebuilder scaffold scheme func main var metricsAddr string var enableLeaderElection bool var probeAddr string flag StringVar metricsAddr metrics bind address 8080 The address metric endpoint binds to flag StringVar probeAddr health probe bind address 8081 The address probe endpoint binds to flag BoolVar enableLeaderElection leader elect false Enable leader election controller manager Enabling will ensure one active controller manager opts zap Options Development true opts BindFlags flag CommandLine flag Parse ctrl SetLogger zap New zap UseFlagOptions opts Manager mgr err ctrl NewManager ctrl GetConfigOrDie ctrl Options Scheme scheme MetricsBindAddress metricsAddr Port 9443 HealthProbeBindAddress probeAddr LeaderElection enableLeaderElection LeaderElectionID 67295132 shiori cn err nil setupLog Error err unable start manager os Exit 1 kubebuilder scaffold builder err mgr AddHealthzCheck healthz healthz Ping err nil setupLog Error err unable set health check os Exit 1 err mgr AddReadyzCheck readyz healthz Ping err nil setupLog Error err unable set ready check os Exit 1 setupLog Info starting manager err mgr Start ctrl SetupSignalHandler err nil setupLog Error err problem running manager os Exit 1 1 1 Scheme Scheme CRD controller runtime Client Scheme Client Scheme scheme KubeBuilder Kubernetes API Client AddToScheme var scheme runtime NewScheme setupLog ctrl Log WithName setup func init utilruntime Must clientgoscheme AddToScheme scheme Kubernete utilruntime Must v1beta1 AddToScheme scheme kubebuilder scaffold scheme 1 2 Manager Manager Controller Manager Controller Cache Client Manager Controller Manager mgr err ctrl NewManager ctrl GetConfigOrDie ctrl Options Scheme scheme MetricsBindAddress metricsAddr Port 9443 HealthProbeBindAddress probeAddr LeaderElection enableLeaderElection LeaderElectionID 67295132 shiori cn err nil setupLog Error err unable start manager os Exit 1 Controller Manager main Manager Controller setupLog Info starting manager err mgr Start ctx err nil setupLog Error err problem running manager os Exit 1 2 2 1 Reconciler Reconciler interface type Reconciler interface Reconciler performs full reconciliation object referred Request Controller will requeue Request processed again error non nil Result Requeue true otherwise upon completion will remove work queue Reconcile context Context Request Result error Reconciler Controller Reconcile KubeBuilder API Reconciler type ClusterReconciler struct client Client Scheme runtime Scheme Client Kubernetes Client Get List Update Patch Status Reconcile Result requeue Request Namesapce Name Client func r ClusterReconciler Reconcile ctx context Context req ctrl Request ctrl Result error var cluster v1 Cluster err r Get ctx req NamespacedName cluster 2 2 Controller Reconciler Controller Controller Controller Manager Manager Cache Client Controller import ctrl sigs k8s io controller runtime ctrl NewControllerManagedBy mgr For v1 Cluster builder WithPredicates pdt WithOptions controller Options RateLimiter common DefaultRateLimiter WithEventFilter p Complete r NewControllerManagedBy Manager Controller Builder Reconcile Builder Complete Build Builder create delete update Owns create delete update Own Reconcile Watches Watch WithEventFilter Label WithOptions Manager Reconcile Rate Limit Build Complete Reconciler Build Reconciler Controller 2 3 Manager Manager Controller Cache Client Scheme Cluster provides various methods interact cluster type Cluster interface SetFields will set dependencies object object implemented inject interface e g inject Client Deprecated use equivalent Options field set field method will removed v0 10 SetFields interface error GetConfig returns initialized Config GetConfig rest Config GetScheme returns initialized Scheme GetScheme runtime Scheme GetClient returns client configured Config client may not fully di",
"objectID": "posts/cloud/cloud_practice/kubebuilder",
"date": "2022-08-08T13:16:40.000Z",
"description": "",
"weight": 4,
"draft": false,
"author": "Shiori",
"lightgallery": true,
"tags": [
"k8s",
"云计算"
],
"categories": [
"Cloud Practice"
]
},
{
"title": "Kustomize",
"uri": "posts/cloud/cloud_practice/kustomize",
"content": "1 Kustomize kustomization yaml Kubernetes YAML Kustomize Resource Resource ConfigMap Secret Cross Cutting Resource Namespace Label Patch Resource Patch Resource Kustomize kustomization yaml Kustomize 2 Resource Template Resource Kustomize kustomization yaml resource Resource Template kustomization yaml resources file rel path deployment yaml deployment yaml apiVersion apps v1 kind Deployment metadata name my app labels app my app spec selector matchLabels app my app template metadata labels app my app spec containers name app image my app Resource Template Deployment Kustomize Template Template resources Resource Kustomize Resource 3 Generator Resource Template Kustomize ConfigMap Secret Template ConfigMap Secret ConfigMap Secret Base64 3 1 configMapGenerator files Kustomize ConfigMap Key Value kustomization yaml ConfigMap configMapGenerator name example configmap 1 files file relative path myname config myage cat myname config myage shiori 26 kubectl kustomize ConfigMap apiVersion v1 kind ConfigMap metadata name example configmap 1 759hdc87fb data Key file name Value file content myage 26 myname shiori 3 2 configMapGenerator envs ConfigMap ConfigMap Key Value kustomization yaml kustomization yaml configMapGenerator name example configmap 1 envs my age env my name env MY_AGE cat my age env my name env MY_AGE MY_NAME shiori MY_AGE 27 kubectl kustomize ConfigMap apiVersion v1 kind ConfigMap metadata name example configmap 1 9276cd85k9 data Key env name Value env value MY_AGE 27 MY_NAME shiori 3 3 configMapGenerator literals ConfigMap kustomization yaml configMapGenerator name example configmap 2 literals FOO Bar ConfigMap apiVersion v1 kind ConfigMap metadata name example configmap 2 42cfbf598f data FOO Bar 3 4 ConfigMap Kustomize Resource configMapGenerator ConfigMap Kustomize ConfigMap Deployment ConfigMap kustomization yaml resources deployment yaml configMapGenerator name example configmap 2 literals FOO Bar deployment yaml apiVersion apps v1 kind Deployment spec template spec volumes name config configMap name example configmap 2 use configMapGenerator name kubectl kustomize Deployment ConfigMap apiVersion v1 kind ConfigMap metadata name example configmap 2 42cfbf598f data FOO Bar apiVersion apps v1 kind Deployment spec template spec volumes configMap name example configmap 2 42cfbf598f name replaced name config 3 5 generatorOptions generatorOptions ConfigMap disableNameSuffixHash cross cutting ConfigMap Labels Annotations configMapGenerator name example configmap 3 literals FOO Bar generatorOptions disableNameSuffixHash true labels type generated annotations note generated 4 Cross Cutting Cross cutting Resource Resource Namespace Resource Resource Labels Resource Annotations kustomization yaml namespace my namespace namePrefix dev nameSuffix 001 commonLabels app bingo commonAnnotations oncallPager 800 555 1212 resources deployment yaml 5 Patch Resource Kustomize Patch Resource Resource 5 1 Patch Patch Resource Strategic Merge Patch patchesStrategicMerge Kustomize Strategic Merge Patch Deployment Replica kustomization yaml resources deployment yaml patchesStrategicMerge increase_replicas yaml increase_replicas yaml apiVersion apps v1 kind Deployment metadata name my nginx spec replicas 3 JSON Patch patchesJson6902 Patch Kustomize JSON Patch kustomization yaml resources deployment yaml patchesJson6902 target group apps version v1 kind Deployment name my nginx path patch yaml patch yaml op replace path spec replicas value 3 Patch Resource Resource 5 2 Patch 5 2 1 Patch Image images Resource Image image nginx Tag kustomization yaml resources deployment yaml images name nginx newName my image registry nginx newTag 1 4 0 5 3 namePrefix nameSuffix Resoure Template Resource Kustomize Resource vars kustomization yaml namePrefix d",
"objectID": "posts/cloud/cloud_practice/kustomize",
"date": "2022-05-23T13:30:43.000Z",
"description": "",
"weight": 4,
"draft": false,
"author": "Shiori",
"lightgallery": true,
"tags": [
"k8s",
"云计算"
],
"categories": [
"Cloud Practice"
]
},
{
"title": "Crossplane 入门",
"uri": "posts/cloud/cloud_practice/use-crossplane",
"content": "Pulumi Crossplane Iac Crossplane Kubernetes Kubernetes 1 Crossplane Kubernetes CompositeResource XR CR XRD CompositeResource XRC XRC XR CompositeResourceDefinition XRD CRD Composition XR MR Managed Resource MR CR Provider ProviderConfig Provider Cloud Crossplane CRD CR Operator Crossplane Composition XR Provider Composition Provider Operator XR CompositeResourceClaims XRC 2 Managed Resource Managed Resource MR Cloud Provider MR RDSInstance AWS RDS MR Composition MR MR apiVersion database aws crossplane io v1beta1 kind RDSInstance metadata name rdspostgresql spec forProvider region us east 1 dbInstanceClass db t2 small masterUsername masteruser allocatedStorage 20 engine postgres engineVersion 12 skipFinalSnapshotBeforeDeletion true writeConnectionSecretToRef namespace crossplane system name aws rdspostgresql conn writeConnectionSecretToRef Secret providerConfigRef ProviderConfig default deletionPolicy Kubernetes Delete Orphan forProvider Cloud Provider 2 1 Reconcile Cloud Provider Watch MR MR Reconcile Provider Iac Terraform Delete ReCreate Crossplane Crossplane MR deletetionPolicy Delete 2 2 Name MR annotation crossplane io external name apiVersion database gcp crossplane io v1beta1 kind CloudSQLInstance metadata name foodb annotations crossplane io external name my special db spec AWS VPC Crossplane annotation crossplane io external name 2 3 MR Crossplane Cloud Proviver MR region Provider region 2 4 MR Provider Crossplane Kubernetes Finalizer MR status 2 5 MR 3 Azure MySQL spec forProvider resourceGroupName foo res group resourceGroupNameRef name resourcegroup resourceGroupNameSelector matchLabels app prod MR MR label selector Ready 2 6 MR Crossplane MR MR annotation crossplane io external name apiVersion compute gcp crossplane io v1beta1 kind Network metadata name foo network annotations crossplane io external name existing network spec forProvider providerConfigRef name default MR Crossplane 3 Composite Resources Crossplane Composite Resource XRC Crossplane XR XR XRD Composite MR Provider MR 3 1 CompositeResources CompositeResourceClaims CR CompositeResources XR Managed Resource apiVersion database example org v1alpha1 kind XPostgreSQLInstance metadata name my db spec parameters storageGB 20 compositionRef name production writeConnectionSecretToRef namespace crossplane system name my db connection details Crossplane CompositeResourceClaims XRC XRC XR XRC apiVersion database example org v1alpha1 kind PostgreSQLInstance metadata namespace default name my db spec parameters storageGB 20 compositionRef name production writeConnectionSecretToRef name my db connection details XRC XR XRC Namespaced XR Cluster Scoped XRC X XRC XR XR XRC MR XR VPC XR XNetwork XPostgreSQLInstance XNetwork XNetwork PostgreSQLInstance XNetwork XR XRC 3 1 1 Composition XR XRC Composition XRD Composition spec compositionRef name production us east compositionSelector matchLabels environment production region us east provider gcp compositionSelector Composition compositionSelector label selector Composition 3 2 CompositeResourceDefinition CRD CompositeResourceDefinition XRD XR apiVersion apiextensions crossplane io v1 kind CompositeResourceDefinition metadata name xpostgresqlinstances database example org spec group database example org names kind XPostgreSQLInstance plural xpostgresqlinstances claimNames kind PostgreSQLInstance plural ",
"objectID": "posts/cloud/cloud_practice/use-crossplane",
"date": "2022-04-14T12:29:51.000Z",
"description": "",
"weight": 4,
"draft": false,
"author": "Shiori",
"lightgallery": true,
"tags": [
"云计算"
],
"categories": [
"Cloud Practice"
]
},
{
"title": "Kubernetes 使用 ExternalDNS 同步 DNS",
"uri": "posts/cloud/cloud_practice/use-external-dns",
"content": "1 ExternalDNS Kubernetes Service Ingress DNS AWS Route53 GCP CloudDNS ExternalDNS DNS Nameserver Kubernetes DNS DNS Nameserver 2 AWS Route53 External DNS 2 1 EKS eksctl create cluster EKS eksctl create cluster name test cluster with oidc managed region us west 2 nodes 3 with oidc OIDC ServiceAccount IAM Policy OIDC 2 2 ServiceAccount ExternalDNS DNS AWS Route53 ExternalDNS IAM Role ServiceAccount ExternalDNS IAM Policy Route53 Version 2012 10 17 Statement Effect Allow Action route53 ChangeResourceRecordSets Resource hostzone arn aws route53 hostedzone Effect Allow Action route53 ListHostedZones route53 ListResourceRecordSets Resource aws iam create policy IAM Policy external dns aws iam create policy policy name external dns policy document file external dns policy json Policy PolicyName external dns PolicyId ANPAVTR2JPDXDMH3BN6RZ Arn arn aws iam 385595570414 policy external dns Path DefaultVersionId v1 AttachmentCount 0 PermissionsBoundaryUsageCount 0 IsAttachable true CreateDate 2021 12 22T14 24 39 00 00 UpdateDate 2021 12 22T14 24 39 00 00 IAM Policy ARN ServiceAccount eksctl create iamserviceaccount IAM Role ServiceAccount eksctl create iamserviceaccount cluster test cluster name external dns namespace external dns admin attach policy arn arn aws iam 385595570414 policy external dns approve override existing serviceaccounts cluster region EKS name namepsace ServiceAccount name ns attach policy arn IAM Policy override existing serviceaccounts ServiceAccount approve aws cli ServiceAccount Creating IAM role policy service account 2 3 Route53 Host Zone ExternalDNS DNS Route53 Host Zone Host Zone aws route53 create hosted zone Host Zone aws route53 create hosted zone name external dns test my org com caller reference external dns test date s Location https route53 amazonaws com 2013 04 01 hostedzone Z10422583QOCYXWPPFU3S HostedZone Id hostedzone Z10422583QOCYXWPPFU3S Name external dns test my org com CallerReference external dns test 1640156982 Config PrivateZone false ResourceRecordSetCount 2 Host Zone ID External DNS 2 4 ExternalDNS ExternalDNS yaml ClusterRole ClusterRoleBinding Deployment apiVersion rbac authorization k8s io v1 kind ClusterRole metadata name external dns rules apiGroups resources services endpoints pods verbs get watch list apiGroups extensions networking k8s io resources ingresses verbs get watch list apiGroups resources nodes verbs list watch apiVersion rbac authorization k8s io v1 kind ClusterRoleBinding metadata name external dns viewer roleRef apiGroup rbac authorization k8s io kind ClusterRole name external dns subjects kind ServiceAccount name external dns namespace external dns admin apiVersion apps v1 kind Deployment metadata name external dns namespace external dns admin spec strategy type Recreate selector matchLabels app external dns template metadata labels app external dns spec serviceAccountName external dns containers name external dns image k8s gcr io external dns external dns v0 7 6 args source service source ingress domain filter external dns test my org com provider aws policy upsert only aws zone type public registry txt txt owner id my hostedzone identifier ExternalDNS Pod ServiceAccount ns ClusterRoleBinding ExternalDNS source Endpoint domain filter DNS Zone provider DNS policy DNS Provider sync upsert only create only 2 5 Service LB Service ExternalDNS Service apiVersion v1 kind Service metadata name nginx annotations external dns alpha kubernetes io hostname nginx external dns test my org com spec type LoadBalancer ports port 80 name http targetPort 80 selector app nginx key external dns alpha kubernetes io hostname annotation value Route 53 DNS Route 53 DNS DNS aws route53 list resource record sets output json hosted zone id hostedzone Z10422583QOCYXWPPFU3S ResourceRecordSets Name nginx external dns test my org com Type A AliasTarget HostedZoneId Z368ELLRRE2KJ0 DNSName a8ffeecc9c0c048e5bdff2d90d66f307 118096740 us west 1 elb amazonaws com EvaluateTargetHealth true nginx external dns test my org",
"objectID": "posts/cloud/cloud_practice/use-external-dns",
"date": "2021-12-22T14:03:24.000Z",
"description": "",
"weight": 4,
"draft": false,
"author": "Shiori",
"lightgallery": true,
"tags": [
"k8s",
"云计算"
],
"categories": [
"Cloud Practice"
]
},
{
"title": "Pulumi 入门",
"uri": "posts/cloud/cloud_practice/use-pulumi",
"content": "Architecture Concepts Pulumi IaC IaC Pulumi Pulumi 1 1 1 Pulumi Resource Program Resource Program NodeJS Golang Resource Project Program Project Program Project Stack Program Stack Stack Resource Program Resource Pulumi Program Stack dev prod Pulumi Program API Pulumi Pulumi Resource 1 2 Pulumi Language Host Language Host Program executor pulumi language CLI Program runtime runtime Program Resource runtime Deployment Engine Deployment Engine Deployment Engine Language Host Backend Stack State Resource Provider Deployment Engine pulumi CLI Resource Providers Resource Providers SDK Program pulumi aws Resource AWS Resource Plugin Deployment Engine Resource API Pulumi Program pulumi plugin install Resource Plugin 2 Project pulumi new Project Project Pulumi yaml Project Pulumi yaml Project name webserver runtime nodejs description Basic example AWS web server accessible HTTP JavaScript package json Pulumi Program const myTask new cloud Task myTask build app subfolder working directory 3 Stack Stack Pulumi Stack Program Stack Program Stack Program Stack Stack Stack Stack Program Stack Stack Stack Pulumi yaml pulumi Stack Active Stack pulumi stack select Active Stack 3 1 Stack pulumi init Stack Org Stack Stack pulumi stack init prod Created stack prod pulumi Program Active Stack Pulumi Stack pulumi Previewing update dev View Live https xxx Type Name Plan pulumi pulumi Stack quickstart dev create kubernetes apps v1 Deployment nginx create kubernetes core v1 Service nginx create Resources 3 create pulumi stack ls Project Stack pulumi stack select Active Stack pulumi stack ls NAME LAST UPDATE RESOURCE COUNT URL dev 8 minutes ago 4 https app pulumi com KanShiori quickstart dev prod n a n a https app pulumi com KanShiori quickstart prod pulumi stack select dev Stack pulumi destroy Stack pulumi stack rm Stack Stack pulumi destroy Previewing destroy dev View Live https app pulumi com KanShiori quickstart dev previews a4d21b5f a0b6 4631 b4dd 2c1ac49b9e14 Type Name Plan pulumi pulumi Stack quickstart dev delete kubernetes core v1 Service nginx delete kubernetes apps v1 Deployment nginx delete Outputs ip 10 96 122 118 Resources 3 delete want perform destroy yes pulumi stack rm dev will permanently remove dev stack Please confirm you d typing dev dev Stack dev removed force Stack 3 2 Stack Tag Stack tag Pulumi Service tag Stack Stack tag Key pulumi project pulumi runtime gitHub owner vcs owner pulumi stack tag ls Please choose stack prod NAME VALUE gitHub owner KanShiori gitHub repo Example pulumi description minimal Kubernetes TypeScript Pulumi program pulumi project quickstart pulumi runtime nodejs vcs kind github com vcs owner KanShiori vcs repo Example pulumi stack tag set tag pulumi gitHub vcs Key pulumi stack tag set myname shiori 3 3 Stack Output Program Output Resource Stack Output Program export Output export let url resource url Stack Output JSON pulumi stack output json x hello o num 42 Stack Output Secret Secret show secrets 3 4 Stack Reference Stack Reference Stack Stack Output StackReference Stack Org Project import pulumi pulumi pulumi const new pulumi StackReference acmecorp infra other const otherOutput other getOutput x Kubernetes Stack Stack Kubernetes StackReference Kubernetes kubeconfig import k8s pulumi kubernetes import pulumi pulumi pulumi const env pulumi getStack const infra new pulumi StackReference mycompany infra env Stack const provider new k8s Provider k8s kubeconfig infra ge",
"objectID": "posts/cloud/cloud_practice/use-pulumi",
"date": "2022-04-06T13:58:22.000Z",
"description": "",
"weight": 4,
"draft": false,
"author": "Shiori",
"lightgallery": true,
"tags": [
"云计算"
],
"categories": [
"Cloud Practice"
]
},
{
"title": "GCP - IAM",
"uri": "posts/cloud/gcp_learning/iam",
"content": "1 IAM IAM Authentication Authorization GCP IAM Principal GCP Role Principal Role Binding Role Principal Principal Role Policy Role binding 2 Principal Principal Principal Google Account Service Account Google Group Google Workspace Account Cloud Identity Domain Authenticated Users Users 2 1 Google Account Google Account Google Email GCP Principal 2 2 Google Group Google Group Google Account Service Account Group Email Google Group Group Service Account Google Group Principal Google Group 2 3 Google Workspace Account Google Workspace Account Google Account Domain Google Account Google Workspace Account username example com Google Group Google Workspace 2 4 Cloud Identity Domain Cloud Identity Domain Google Workspace Account Google Account Cloud Identity Domain Google Workspace 2 5 Authenticated Users Authenticated Users Principal allAuthenticatedUsers Principal 2 6 User User Principal allUsers 3 Service Account AWS Role Service Account GCP Google Account Service Account Token Principal Service Account Service Account 3 1 Service Account key pair Service Account public private Google managed key pair Service Account Credentials API GCP Google managed key pair User managed key pair User managed key pair Service Account GCP 3 1 1 Google managed key pair Google managed key pair Google User managed key pair GCP Google managed key pair Google managed key pair Google managed key pair API X 509 https www googleapis com serviceaccounts v1 metadata x509 SERVICEACCOUNT_EMAIL JWK https www googleapis com serviceaccounts v1 jwk SERVICEACCOUNT_EMAIL Raw https www googleapis com serviceaccounts v1 metadata raw SERVICEACCOUNT_EMAIL 3 1 2 User managed key pair GCP API GCP Google managed key pair User managed key pair User managed key pair Service Account GCP Service Account Key Service Account 10 Service Account Key GCP Service Account Key User managed key pair IAM API User managed key pair GCP User managed key pair GCP 3 2 Service Account Service Account Key GCP API Service Account Service Account Key GCP Service Account Service Account OAuth 2 0 Access Token OIDC ID Token Creating short lived service account credentials 3 3 Service Account Service Account Service Account GCP Service Account Service Account sa name project iam gserviceaccount com Default Service Account GCP Default Service Account GCP Service Account Default Service Account Default Service Account Google Service Account GCP Service Account GCP Service Account Google Service Account Cloud Run Service Account Service Account GCP Console Policy Audit Log 3 4 Service Account Service Account Principal Resource Service Account Resource Policy Principal Service Account GCP Predefined Role Service Account roles iam serviceAccountUser Role Service Account GCP roles iam serviceAccountTokenCreator Role Service Account 4 Role Permission AWS IAM Policy Role Permission Principal Role Role Role Role Binding 4 1 Permission Permission service resource verb Permission REST API Principal API Permission API Bucket storage buckets create Permission 4 2 Role Role gcloud iam roles describe roles storage admin format yaml name roles storage admin stage GA title Storage Admin description Full control GCS resources etag AA includedPermissions storage buckets create includedPermissions Role API 4 3 Role Role Basic Roles Role Admin User GCP Owner Editor Viewer Predefined Roles GCP Role GCP roles storage admin GCS Custom Roles Role Permission 5 Access Control Principal Resource ",
"objectID": "posts/cloud/gcp_learning/iam",
"date": "2022-11-07T12:20:30.000Z",
"description": "",
"weight": 4,
"draft": false,
"author": "Shiori",
"lightgallery": true,
"tags": [
"gcp"
],
"categories": [
"GCP 学习"
]
},
{
"title": "Prometheus Alert",
"uri": "posts/cloud/observability/prometheus-learning/alert",
"content": "1 Prometheus Prometheus Server Alertmanager Prometheus Server Metrics Prometheus Rule PromQL Alert Alertmanager Server Alert Receiver 2 Alert Alertmanager Alert 2 1 Grouping Grouping Alert Alert Alert Server Client Alert Grouping Alert Alert Alert Alert Grouping route route routes receiver customer group_by product environment group_wait 10s group_interval 10m match alerttype customer group_by label name label label product label environment group product web environment dev product app environment dev product web environment prod group_wait 30s group_wait group_interval 5m group group group_interval group group 2 2 Inhibition Inhibition Alert Alert Alert Source Alert Target Alert Inhibition Inhibition inhibit_rules inhibit_rules source alert target alert source_match source alert alertname TORouterDown k label name v label value sourcematchre targetmatchre target alert alertname Unreachable k label name v label value regex target_match equal dc rack source target alert label sourcematch sourcematch_re Source Alert Alert alertname TORouterDown Label Source Alert targetmatch targetmatch_re Target Alert alertname RedisUnreachable Alert Target Alert equal Source Alert Target Alert equal Label Source Target Alert Source Target Alert dc rack 2 3 Silence Silence Silence Alertmanager Web Console amtool 3 Alert Alertmanager config file alertmanager config file alertmanager yml Alertmanager SIGHUP reload HTTP POST Alertmanager global templates route receivers inhibit_rules CONFIGURATION 3 1 global global 3 2 templates Alertmanager Receivers template Alertmanager template templates templates data alertmanager template tmpl 3 2 1 template template Go template Alertmanager ExternalURL alerts receiver Receiver NOTIFICATION TEMPLATE REFERENCE 3 3 route route Prometheus receivers receiver route receiver admin receiver receiver group_by alertname cluster group_wait 10s repeat_interval 30m routes receiver customer repeat_interval repeatInterval group_by alertname continue false match alerttype customer receiver jira env group_by continue true group_wait 10s group_interval 10m repeat_interval 2h match_re severity critical emergency blocker major warning routes receiver jira env major match_re severity major receiver jira env warning match_re severity warning receiver receiver repeat_interval 4h continue false false match label value match_re label value routes groupby groupwait group_interval Grouping Routing tree editor Route 3 4 receivers receivers receiver Alertmanager Email PagerDuty Webhook receivers name slack slack_configs name pager_duty pagerduty_configs receiver receiver 3 5 inhibit_rules Inhibition 4 Prometheus Rule Alert Rule",
"objectID": "posts/cloud/observability/prometheus-learning/alert",
"date": "2022-11-22T13:56:17.000Z",
"description": "",
"weight": 4,
"draft": false,
"author": "Shiori",
"lightgallery": true,
"tags": [
"prometheus",
"monitor"
],
"categories": [
"Prometheus 相关"
]
},
{
"title": "Grafana 基础",
"uri": "posts/cloud/observability/prometheus-learning/grafana-basic",
"content": "1 1 1 Data Source Grafana Data Source Graphite InfluxDB OpenTSDB Prometheus Elasticsearch CloudWatch Dashboard Panel Server Grafana Browser 1 2 Organization Grafana Organization 1 3 User User Grafana Role Grafana 1 4 Panel Panel Panel Prometheus PromQL Grafana Panel Panel Time series Grafana JSON Panel 1 5 Row Row Panel 12 1 6 Query Editor Panel Query Editor Panel 1 7 Dashboard Panel Row Dashboard Dashboard Export Dashboard JSON Import JSON Dashboard 2 Dashboard Dashboard Create Dashboard Setting General General Dashboard Name Dashboard Description Dashboard Tages Dashboard label Editable Editable Dashboard Read only Dashboard Timezone Auto refresh Variables Dashboard Panel Dashboard Variables Interval Query Datasource Dashboard Custom Constant Ad hoc filter Text box 3 Panel 3 1 Graph Panel Query Data source Query options Query Legend format Panel options Title Panel Description Panel Axes Axes Y Legend Display Display Prometheus",
"objectID": "posts/cloud/observability/prometheus-learning/grafana-basic",
"date": "2022-11-30T11:37:21.000Z",
"description": "Grafana 基础",
"lightgallery": true,
"weight": 4,