Shulou(Shulou.com)05/31 Report--

Today, the editor will share with you the relevant knowledge points of Kuberentes1.9. The content is detailed and the logic is clear. I believe most people still know too much about this knowledge, so share this article for your reference. I hope you can get something after reading this article. Let's learn about it.

Kubernetes 1.9

The new "features" are not actually new, but are based on improvements to existing features used to stabilize production sufficiently, such as API for workloads (DaemonSet, deployment ReplicaSet,StatefulSet API), which provides many basic real-world workloads or has entered the relevant testing phase, which means that they are enabled by default, such as workloads that support Windows servers.

However, only into the code base, for example, Kubernetes 1.9 includes the container storage interface (CSI) and the Alpha implementation supported by IPv6.

1 what do you need to do before upgrading

It is important to back up Etcd data before deciding to upgrade to Kuberentes 1.9, because many of the default tools for deploying and upgrading Kubernetes are Etcd3.1, and because Etcd does not support demotion, you cannot go back to the previous version if you decide to downgrade your Kubernetes deployment, so although you can upgrade without performing a backup, there are some risks. Let's take a look at the details of the changes in each area of Kubernetes 1.9.

2 Authentication and API Machinery

The process of authenticating and authorizing access to Kubernetes has been improved in a number of ways:

First, you can use cluster role aggregation to add permissions to the built-in RBAC manage / edit view roles, which apply to the entire cluster and make it easier to manage who can or cannot perform certain operations.

In addition, authorization itself has been improved: for example, if a rule refuses to enter Fires, there is no reason to evaluate the rest of the chain, so that other rules will be short-circuited.

All of this depends on scalability, and during this cycle, the community increases scalability by adding a new type of control Webhook. When trying to perform an operation in Kuberentes, the receiving controller is a different component that occurs when checking access and namespaces, and Webhook enables users to communicate with Kuberentes through HTTP POST requests; requests can be sent, and Kuberentes makes callbacks when certain events occur.

In this release, the team is committed to "mutated" Webhook, which enables more flexible access control plug-ins because they allow Kuberentes to make changes when necessary to allow greater extensibility.

3 customized resources

Enables users to create their own "objects" that can be manipulated by Kubernetes and has been enhanced to allow easier creation and more reliable. This includes a new example controller custom resource definition in Kubernetes repo, as well as a new metadata field selector, help generate code scripts, and validation of defined resources to improve the reliability of the overall solution. In addition, previous versions only allowed groups that reference custom resources, and now you can get a single instance.

4 connected to the network

As IPv4 addresses run out, it's good news to see the beginning of IPv6 support in Kubernetes 1.9. This support is still in Alpha and has significant limitations, such as the lack of dual-stack support and the absence of HostPorts, but this is a start. In addition, with the release of CoreDNS 1.0, users can choose to use it as an alternative to kube-dns. To install it, you need CLUSTER_DNS_CORE_DNS of "true". It is important to note, however, that this support is experimental, which means it can be changed or deleted at any time.

Other network improvements include the-cleanup- ipvs flag, which determines whether kube- proxy refreshes all existing Ipvs rules at startup (as it did in the default version), as well as a new PodAntiAffinity kube- dns comment to enhance resilience. Users can also customize the behavior of pod's DNS client by adding "options" to the host's / etc/ resolvei. Conf or-resolv- conf, which causes them to propagate to pod resolve.conf.

5 Cluster life cycle

Federation SIG has been renamed the cluster lifecycle and has been working to improve kubeadm deployment tools to product quality. Although the project is effective, the application practice is relatively short, including some new alpha features, such as support for CoreDNS, IPv6, and dynamic Kubelet configuration. To install CoreDNS instead of kube-dns in the configuration, set CLUSTER_DNS_CORE_DNS to "true".

Kubeadm also gets some additional new features, such as-print-join- command, which gives you the necessary information to add new nodes after the initial cluster deployment, support for Kubelet dynamic configuration, and the ability to add Windows nodes to the cluster.

The team is also responsible for clustering API, which is used for "declarative kubernet-style API for cluster creation, configuration, and management". It provides optional, add-on features at the top of the core Kubernettes.

If users are building a multi-cluster installation, they will be happy to know that kubefed, which allows users to create a control plane to add, remove, and manage federated clusters, has acquired several new flags that give users more control over how it is installed and operated. The-nodeselector flag allows the user to decide where to install the controller and to add support for-imagepullsecrets and-imageplpolicy, meaning that the user can now extract images from the private container registry.

Function of 6 nodes

If you are a system administrator or operator, Kubernetes 1.9 makes it easier to write configurations, and the feature gate of Kubelet is now represented as a mapping in KubeletConfiguration rather than a string of key-value pairs. In addition, you can now set multiple manifest url header, or use the-manifest-url- header flag or manifest in KubeletConfiguration. Header field.

And deviceplugin extends all the way to dealing more elegantly with the full life cycle of plug-in devices, including the explicit cm.GetDevicePluginResourceCapacity () function, which more accurately determines which resources are inactive, giving a more accurate view of available resources. It also ensures that the device is removed correctly, even if the kubelet is restarted and transferred from the kubelet to the device plug-in. Finally, it ensures that the scheduled pods continues to run even after the device plug-in is removed and the kubelet is restarted.

It is worth noting, however, that according to the release notes, "Kubelet no longer removes unregistered extended resources from the node state; when removing the plug-in itself, the cluster administrator must manually delete the extended resources exposed through the device plug-in, and Kubernetes 1.9 includes many enhancements to logging and monitoring, including pod-level CPU, memory, and local temporary storage. In addition, the status summary network value, which used to consider only eth0, now considers all network interfaces.

The new version also alleviates some user problems, increases read / write access to the default administrative and editing roles, and increases read access to podUNK tionbudget. Policy to view role.

Finally, the team got the CRI log parsed in pkg/kubelet/apis/cri/logs, so users don't have to worry about this manual operation.

7 scheduling

Kubernetes 1.9changes how to configure kube-scheduler and adds a new-config flag to the configuration file. This file is where Kubernetes expects to find configuration values in future releases; most other kube scheduler flags are now deprecated. This release also provides the ability to schedule workloads that require extended resources, such as gpu, more effectively; scheduling SIG also makes some other individual changes, such as scheduling a higher priority pod before a lower priority pod, and the ability of a pod to listen on multiple IP addresses.

8 Stora

The major update stored in Kubernetes 1.9 is the alpha implementation with the addition of Container Storage Interface (CSI). CSI is a joint project between the Kubernetes, Docker, Mesosphere, and Cloud Foundry communities that aims to provide a single API, and storage vendors can make their products work in "out of the box" in any CSI-enabled orchestration. According to Kubernetes Storage SIG, "CSI will install new capacity plug-ins as easily as deploying a pod and allow third-party storage providers to develop their plug-ins without adding code to the core Kubernettes code base. Users can use this new feature by instantiating a volume as a CSIVolumeSource.

Storage SIG also adds several new features, including:

The capacity, size and volume of GCE PD, Ceph RBD, AWS EBS, and OpenStack Cinder volumes are tools that can be run in a container rather than on the host as original block devices (fibre Channel is only Kubernetes 1.9)

9 Cloud provider

An important change in Kubernetes 1.9 is that if users deploy Kubernetes manually, they must set a value for the-cloud- provider flag; the default is no longer "auto detect". The options allowed are: AWS, Azure, Cloudstack, Fake, Gce, Mesos, Openstack, Ovirt, Photon, Rackspace, Vsphere, and Unset; automatic detection will be removed in Kubernetes 1.10. (if you use tools such as Minikube or Kubeadm to install Kubernetes, you don't have to worry about this.) In addition, some of the changes in this release are for individual cloud vendors.

OpenStack

If you use OpenStack and Kubernetes, users will find the configuration in v1.9 much easier. Automatic detection of OpenStack services and versions is now the "whenever feasible" rule-- in this case it means storing API versions and security groups in blocks-- and users can now configure OpenStack load balancing as a service v2 provider. OpenStack Octavia v2 and neutron LBaaS v2 are supported.

AWS

AWS's team (SIG) has been working to improve the integration of Kubernetes and EBS volumes. The user will no longer use the workload of the volume scheduled to the "attach" state. Instead, the node will be "contaminated" so that the administrator can deal with the problem. The team suggested watching the pollution. In addition, when the node is stopped, the volume is automatically detached.

In addition, Kubernetes now supports AWS's new NVMe instance type, as well as the use of AWS network load balancers instead of elastic load balancers.

Azure

If users use Kubernetes on Windows, especially on Azure, they will find that the error rate of mounting volumes is lower, because you can now create Windows mount paths and eliminate the need for drive letters, which are unlimited mount points.

You can also use service. Beta.kubernetes explicitly sets the Azure DNS tag for the public IP address. When using Azure NSG rules, you can still use Azure NSG rules to ensure that only external access is allowed to the IP address of the load balancer. When updated, the load balancer is also enhanced to take into account the attributes of more NSG rules, including protocol, sourceUNK ange, and DestinationAddressPrefs. (previous changes to these fields do not trigger updates because the load balancer does not recognize that changes have taken place.)

These are all the contents of this article entitled "what are the relevant knowledge points of Kuberentes1.9?" Thank you for reading! I believe you will gain a lot after reading this article. The editor will update different knowledge for you every day. If you want to learn more knowledge, please pay attention to the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.