Two technologies that are easy to confuse: analysis of Kerberos and Kubernetes

Easy to confuse the two technology: Kerberos and Kubernetes discrimination Chszs, without BO Master permission cannot reprint. Licensed reprint should be marked by the Author and blog homepage: Http://blog.csdn.net/chszsKerberos Introduction

Kerberos is a network authorization authentication protocol originating from MIT and its first public release is the Kerberos V4. After widespread use, the Kerberos V5 version continues to be released, and then Kerberos V5 becomes the standard for the IETF. The design goal of Kerberos is to provide a strong authorization authentication mechanism for the application of client/server architecture by using key encryption technology. Note that the Kerberos protocol is only used to authenticate the user, and it does not provide authorized access by itself. That is, Kerberos's ticket is only used to prove that the user is the user he claims to be. After the user's identity is confirmed, the local security permissions determine whether to grant access or deny access.

The Kerberos V5 protocol specifies the following mechanisms:

• Verify user identity
• Secure packaging of the user name and the user's identity trust credential to the ticket
• Secure transfer of user trust credentials

Kubernetes Introduction

Kubernetes is based on Google's own experience of using Linux containers for many years, so it is a copy of Google's own years of operational experience, but Google has applied these operational experiences to Docker. Using Kubernetes to manage containers can be a big benefit in many ways, and the most important of these is that Google brings their experience of using containers into this tool for years. If you start using Kubernetes from Docker1.0 (or earlier), you'll find it's a pleasant experience to use Kubernetes to manage Docker containers. Kubernetes solves many of the problems with Docker itself. With Kubernetes, you can use the actual physical storage unit in the container, so that we can easily move the container to other machines without losing any data; Kubernetes uses flannel to create a network between the containers; Kubernetes integrates the load Balancer;kubernetes uses ETCD to realize service discovery, and so much more. But using Kubernetes is a cost to love, for example, Kubernetes uses a completely different CLI (Command line Interface), different APIs, and different YAML configuration definitions. In other words, if you use Kubernetes, you will not be able to use Docker's own CLI at all, and you cannot use Docker Compose to define (create) containers. With Kubernetes, you have to recreate all the things related to Docker container management for Kubernetes, so we can assume that Kubernetes is not created for Docker (in a sense). Kubernetes improves the management hierarchy of Docker container clusters, but at the same time its learning curve is very steep.

Kubernetes is Google open source container cluster management system, based on Docker to build a container scheduling service, providing resource scheduling, balanced disaster recovery, service registration, dynamic scaling capacity and other functional suites.

The characteristics of kubernetes are as follows:

• Lean: Lightweight, simple, easy to access
• Portable: Support public cloud, private cloud, hybrid cloud, etc.
• Extensible: Modular, pluggable, hook-up (hookable), can be combined
• Self-healing (self-healing): Automatic placement, automatic restart, automatic replication

Key Concepts of Kubernetes:

Cluster

A cluster is a set of physical or virtual machines that allow Kubernetes to run applications.

Node

A node is a physical or virtual machine that runs on the kubernetes, and the pods above it can be dispatched.

Pod

In Kubernetes systems, the smallest particle of dispatch is not a simple container, but an abstraction into a pod,pod is the smallest deployment unit that can be created, destroyed, dispatched, and managed. For example, a container for a shared volume or a group.

Replication Controllers

The replication controller is used to manage the life cycle of the pod. It ensures that a given number of pods run at a given time range, and that pods can be created or killed.

Services

The service provides a single, stable name and address for a set of pods, which is the basis of a load balancer.

Labels

Labels are used to organize and select groups of objects through key-value pairs.

Two technologies that are easy to confuse: analysis of Kerberos and Kubernetes