what is kubernetes.
Kubernetes is a new, container-based distributed architecture leading solution. is an open source version of Google's internal cluster management system, Borg. It was not known until April 2015, when the papers were published. Kubernetes is an open platform for development. is not limited to any one language and does not qualify any programming interfaces. is a complete distributed system support platform. It builds on the Docker, provides the application deployment, the maintenance, the extension mechanism and so on the function, uses the kubernetes to be able to conveniently manage the cross machine to run the containerized application. Kubernetes, about two or three weeks ago, officially released the 1.5 version.
The main functions are embodied in the following:– Use Docker for application wrapping, instantiating – running in clusters, managing containers across machines – resolving communication problems docker across machine containers –kubernetes self-healing mechanism makes container clusters always run in the user's desired stateBasic Concepts:Most of the concepts in Kubernetes node, Pod, Replication Controller, service, etc. can be considered as a "resource object", almost all resource objects can be implemented through the Kubectl tool (API call) to perform an increase, delete, change, Check the operation and save it in ETCD for persistent storage. From this point of view, Kubernetes is actually a highly automated resource control system, by tracking the ETCD library in the "Resource expected state" and the current environment of the "actual resource state" difference to achieve automatic control and automatic correction of advanced functions.
Master: Cluster control management node, all commands are handled by master.
Node: is the workload node for the Kubernetes cluster. Master assigns work to it, and when a node is down, master automatically transfers its workload to other nodes.
Node nodes can be dynamically added to the Kubernetes cluster, provided that the node has properly installed, configured, and started the key processes mentioned above, and by default Kubelet will register itself with master, which kubernetes recommended node management. Once node is included in the cluster management scope, Kubelet will periodically report to master on its own situation, as well as which Pod is running before, so master can learn about the resource usage of each node and implement a highly efficient and balanced resource scheduling strategy. If node does not report the information on time, the master is judged to be lost, and the node state is marked as not Ready, and then master triggers the workload transfer process.
Pod: Is the most important and basic concept of kubernetes. Each pod will contain a "root container" and one or more tightly connected business containers.
Kubernetes assigns a unique IP address to each pod, called Podip, where multiple containers in a pod share Podip addresses. The underlying network is required to support the direct communication between any two pods in the cluster, which is usually implemented by virtual two-layer network technology (flannel).
Label: is a key=value key value pair where key and value are specified by the user. Can be attached to various resource objects, a resource object can define any number of labels. Resource objects can be queried and filtered through the Labelselector (tag selector).
Rc:replication Controller declares that the number of copies of a pod meets an expected value at any time. The definition includes the following:
(1) Number of expected copies of pod (replicas)
(2) Label Selector used to filter the target pod
(3) When the number of pod replicas is less than expected, the new template for creating pod template
(4) by changing the number of pod replicas in the RC, POD expansion or shrink capacity can be realized.
(5) The rolling upgrade function of pod can be realized by changing the mirror version of the pod template in RC.
Think: What if the pod on the Node2 dies.
Service: "Micro-service", the core of kubernetes. Through the analysis, identification and modeling of all services in the system for micro-services, the final system has a number of different business capabilities and independent of the micro-service units composed of services through TCP/IP communication. Each pod is assigned a separate IP address, and each pod provides a separate endpoint to be accessed by the client. Thinking: How the client accesses. Deploy the Load Balancer, open the external service port for pod, add the POD endpoint list to the forwarding list, and the client accesses the service through the external ip+port of the load balancer. Each service has a globally unique virtual clusterip, so that each of the services becomes a "communication node" with a unique IP address, and service invocation becomes the most basic TCP network communication problem.
Volume: A shared directory in pod that can be accessed by multiple containers. Defined above the pod, is mounted to a specific file directory by multiple containers in a pod, the same as the pod lifecycle. You can have multiple containers in a pod share files, let the container's data write to the host's disk, or write files to networked storage, as shown in the following illustration:
In kubernetes1.2, RC is upgraded from replication controller to replica Set, "Next-generation RC". command compatibility, Replica set is primarily used by deployment, a higher-level resource object, to form a set of pod creation, deletion, and updating arrangements. When we use deployment, there is no need to care about how it creates and maintains Replicaset, all of which happen automatically.
DockerSince k8s is based on containers, we have to mention Docker. At the beginning of the 2013, Docker turned out to be pregnant with the "container" of new ideas, Docker select containers as the core and foundation, container as the basic unit of resource Division and dispatch, encapsulating the entire software runtime environment, designing for developers and system administrators to build, publish and run distributed applications. is a cross-platform, portable and easy-to-use container solution. Through the operating system kernel technology (namespaces, cgroups, etc.) for the container to provide resource isolation and security.
The image above is a simple use of image. We can build our own image through a dockerfile. You can upload the image (push) to your own private mirrored warehouse, or you can use it from a private warehouse pull to a local one. You can use the command line alone, direct run container, you can container to stop, start, restart operations. The image can also be saved to save operations and loading load operations, you can specifically according to their own use, choose a different operation can be.Docker Resource Isolation TechnologyAt the beginning of the 2013, Docker turned out to be pregnant with the "container" of new ideas, Docker select containers as the core and foundation, container as the basic unit of resource Division and dispatch, encapsulating the entire software runtime environment, designing for developers and system administrators to build, publish and run distributed applications. is a cross-platform, portable and easy-to-use container solution. Through the operating system kernel technology (namespaces, cgroups, etc.) for the container to provide resource isolation and security. (regarding these two kinds of resource isolation technology, I can only explain from the function that the two are the same as grouping, isolation, but the specific internal principle is not very well understood, so here only the concept, Rugao want to have in-depth understanding, can collect other information)Docker MonitoringCadvisor (Container Advisor) is an open source tool developed by Google to analyze resource consumption and performance metrics for running containers. Cadvisor is a run-time daemon that collects, aggregates, processes, and outputs information about the container in the runtime. For each container, Cadvisor has resource isolation parameters, Resource usage history, and a histogram of complete historical resource usage and network statistics. Cadvisor not only can provide monitoring services for users, but also can be combined with other applications to provide users with good service porting and customization. This includes combining influxdb to store data, and combining Grafana to provide Web consoles, custom query metrics, and presentation.
EtcdETCD is a key-value storage repository for configuring sharing and service discovery. ETCD projects inspired by zookeeper and Doozer.ETCD Architecture
ETCD StorageETCD storage is divided into two parts: internal storage and persistent (hard disk) storage. In-memory storage in addition to the sequential record of all user changes to the node data, but also to the user data index, build a heap, such as easy to query operations. And persistence uses Wal for record storage. In k8s, the storage and operation Records of all data are stored in ETCD, so for the k8s cluster, ETCD is very important, once the failure, can cause the whole cluster paralysis or data loss. In the Wal system, all data is logged before it is submitted. The persistent storage directory is divided into two: snap and Wal. Snapshot equivalent to data compression, the default will be 10,000 Wal operation Records into a snapshot, save storage, and ensure that the data will not be lost.
WAL: Store change records for all transactions Snapshot: To store data for a given moment ETCD all directories: What about data corruption or machine failure?ETCD Core AlgorithmThe core algorithm of ETCD is raft algorithm and strong consistency algorithm. As shown in the following figure
Note: Since ETCD is responsible for storage, it is not recommended to set up a single point cluster, such as zookeeper, because of the existence of election strategy, so the general recommendation of odd clusters, such as 3,5,7. As long as more than half of the nodes in the cluster survive, the cluster can run normally, otherwise the cluster may not work properly.k8s Cluster deployment scenarioThe following are my cluster deployment strategies, 1 Master + 2 node (previously called minion1.2). My storage cluster ETCD is a single point cluster and does not recommend this approach, you know, haha. The network uses a flannel virtual two-time network.
how to verify. After the build is completed, the command line executes: Kubectl get No to see if the node state is ready. Others can be validated by code to see if they can successfully access each service and run successfully.
OK, the above is my preliminary summary, welcome message guidance.by the way, the individual feels csdn is really too difficult to use, there are previews, and formatting is difficult to use, look at my previous format is what, alas, spit groove ...