k8s management tool
Deployment Helm, use charts to deploy complex applications
CLi tool, kubectl, kube-shell which can auto-completiion commands.
monitoring : cAdvisor.
kompose: move docker compose to kubenets
loadtest: Fortio
CD: Arog https://www.youtube.com/watch?v=2WSJF7d8dUg&list=RDCMUCFe9-V_rN9nLqVNiI8Yof3w&index=11 , it watch the target app yaml change in the repo, and apply it once a change detected in the gitlab
Pod Deleting
1 pod deleted by kubectl with default grace period (30sec)
2 API server make the pod as terminating ;
3 kubectl in the node which running the pod notice the terminating, it will
a) if prestop is set, it will run prestop hook,
b) send Term signal to process to the containers for that pod;
4 at same time, service will be updated to delete this pod; the iptable route will be changed.
5 after grace period expire, kubectl send sigkill to force stop.
6 remove pod object
Hybrid Cloud:
connect from onprem to cloud can be vpn or PoP (e.g aws direct link). PoP is private, VPN needs internet.
Service Mesh: Istio, connect mutiple cluster. Istio can be used to define policy of route traffic.
Intergration
Security: layer3 K8s Netowrk Policy/Calico, Layer3 Istio for traffic between user to K8s (north and south)
Istil TLS can be used to secure traffic between pods (authentication); RBAC (aurth);
service mesh config example for carnary deployment
kubectl apply -f - <<EOF apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name: helloworld spec: hosts: - helloworld http: - route: - destination: host: helloworld subset: v1 weight: 90 - destination: host: helloworld subset: v2 weight: 10 --- apiVersion: networking.istio.io/v1alpha3 kind: DestinationRule metadata: name: helloworld spec: host: helloworld subsets: - name: v1 labels: version: v1 - name: v2 labels: version: v2 EOF
