Shulou(Shulou.com)05/31 Report--

This article mainly shows you the "sample analysis of Kubernetes in action", which is easy to understand and well-organized. I hope it can help you solve your doubts. Let the editor lead you to study and learn the article "sample Analysis of Kubernetes in action".

VM vs Docker

Processes running in the container actually run in the host operating system like other processes (unlike VM, processes run in a separate operating system). However, the processes in the container are still isolated from other processes.

The main advantage of a virtual machine is that it provides complete isolation because each VM runs in its own Linux kernel, while all containers run in the same kernel, which may pose potential security risks.

A significant difference between Docker-based container images and VM images is that container images are hierarchical and can be shared and reused by multiple images.

Docker

ENTRYPOINT vs CMD in Dockerfile.

There are two ways to execute ENTRYPOINT: shell vs exec.

Container

The foundation of container technology, Linux Namespace and Linux Control Groups.

A process does not belong to a namespace, but to a set of namespaces.

It's not Docker,Docker that implements process isolation just to make these features easier to use.

The PID of the process in the container is different from that in the host.

Pod

Contains one or more closely related containers.

Always runs on the same worker node.

Belongs to the same namespace.

Why do I need Pod? Why can't you just use the container? Why do I need to run multiple containers? Why can't all processes be put in the same container?

Annotations are also a transitional means of introducing new features.

The termination process of Pod: SIGTERM, wait for 30sMagneSigkill.

The meaning of the exit code: 128correcxline x is the value of the signal sent to the process.

ReplicaSet

ReplicaSet's tag selector is more flexible than ReplicationController.

DaemonSet

DaemonSet will bypass Schedulerbread!

Service

Use an immutable IP and Port to expose the Pod of multiple constantly changing IP.

Session consistency, Kubernetes only supports ClientIP-based, not Cookie-based.

You cannot ping a Service IP because it is a virtual IP and can only be used with Port.

The ExternalName type is often ignored, but in fact it is just a CNAME.

LoadBalancer is an extension of the NodePort type. If LoadBalancer is not supported, the NodePort type will still be enabled.

Ingress

One of the differences between LoadBalancer and Ingress is that each LoadBalancer needs an extranet IP, while Ingress only needs one.

Ingress can handle the HTTP network stack at the application layer, so it can provide cookie-based session consistency, while Service cannot.

Ingress forwards traffic directly to Pod without going through Service.

Volumes

Volumes is part of Pod and is not a top-level resource for Kubernetes.

EmptyDir is a temporary disk used to share files by multiple containers in Pod.

A common scenario of the hostPath type is to collect logs for node nodes.

Kubectl

The double dash (- -) indicates the end of the command, preventing the arguments of the subsequent command from being invalid.

Basic component etcd

Etcd is the only location where Kubernetes stores cluster state and metadata.

Kubernetes API server is the only component that interacts directly with etcd.

Ectd uses the RAFT algorithm to achieve distributed consistency.

Why is the number of instances of etcd odd?

Scheduler

Instead of specifying the selected node to run Pod, Scheduler updates the Pod definition through API server and stores it in etcd, and API server tells Kubelet to run Pod.

Controller Manager

Controller Manager contains multiple Controller.

Controllers achieves the desired state of the system.

Controller Manager (Replication, ReplicaSet, StatefulSet) implements scheduling and running Pod by creating new Pod listings, POST to API server, and informing Scheduler and Kubelet.

Namespace controller implements the synchronous deletion of all resources in the Namespace when deleting Namespace resources.

All Contoller operates through API server and does not communicate directly with Kubelet or other components.

Kubelet

Kubelet is responsible for all activities running on the worker node.

Kubelet can get either the Pod manifest from Kubernetes API server or the Pod manifest (the component used to run the control plane) from the specified local directory to run Pod.

Kube-proxy

Kube-proxy is responsible for forwarding traffic to service IP and port to the Pod at the back end.

The above is all the content of this article "sample Analysis of Kubernetes in action". Thank you for reading! I believe we all have a certain understanding, hope to share the content to help you, if you want to learn more knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.