1. What is Kubernetes?
Kubernetes is a brand new distributed architecture solution based on container technology. It is a container cluster management system open sourced by Google. Kubernetes is referred to as K8S.
Kubernetes is a one-stop, complete distributed system development and support platform. It is also an open platform and is not intrusive to existing programming languages, programming frameworks, and middleware.
Kubernetes provides comprehensive management tools that cover all aspects of development, deployment testing, and operation and maintenance monitoring.
Kubernetes has complete cluster management capabilities, including multi-level security protection and access mechanisms, multi-tenant application support capabilities, transparent service registration and service discovery mechanisms, built-in intelligent load balancers, powerful fault discovery and self-healing capabilities, Service rolling upgrade and online expansion capabilities, scalable automatic resource scheduling mechanism, and multi-granularity resource quota management capabilities.
Kubernetes official documentation: Kubernetes
2. Kubernetes features
① Self-healing
When a node fails, restart failed containers, replace and redeploy to ensure the expected number of copies; kill containers that fail health checks and will not process user requests until they are ready to ensure online services No interruption.
②
Auto-scaling
uses commands, UI, or automatically and quickly expands and shrinks application instances based on CPU usage to ensure high availability when application business peaks are concurrent; resources are recycled during low business peaks to run services at minimal cost.
③
Automatic deployment and rollback
K8S uses a rolling update strategy to update applications, updating one Pod at a time instead of deleting all Pods at the same time. If a problem occurs during the update process, the changes will be rolled back to ensure that the upgrade does not affect the business.
④
Service discovery and load balancing
K8S provides a unified access entrance (internal IP address and a DNS name) for multiple containers, and load balances all associated containers, so that users do not need to consider container IP issues.
⑤
Confidential and configuration management
manages confidential data and application configurations without exposing sensitive data to mirrors, improving the security of sensitive data. And some commonly used configurations can be stored in K8S to facilitate application use.
⑥
Storage orchestration
mounts external storage systems, whether from local storage, public cloud, or network storage, as part of cluster resources, greatly improving storage usage flexibility.
⑦
Batch processing
provides one-time tasks and scheduled tasks; it meets the scenarios of batch data processing and analysis.
3. Infrastructure diagram
Core components:
• etcd saves the status of the entire cluster and application deployment information;
• Kube-apiserver provides the only entrance to resource operations, and provides mechanisms such as authentication, authorization, access control, API registration and discovery;
• Kube-Controller- The manager is responsible for maintaining the status of the cluster, such as fault detection, automatic expansion, rolling updates, etc.;
• Kube-scheduler is responsible for resource scheduling, scheduling Pods to the corresponding machines according to the predetermined scheduling policy;
•
kubelet is responsible for node registration and heartbeat sending , application life cycle management, application health check, CSI storage interface docking storage;
• Container runtime is responsible for image management and the actual operation of Pods and containers (CRI);
• kube-proxy is responsible for service exposure implementation;
Note
: kubelet, container Runtime, kube-proxy components can also be found on the master node. The master node can also form a cluster. The specific functions can be searched by yourself.
Node and Pod are different concepts. Node is a physical or virtual machine, while Pod is a collection of one or more containers. Pods can run on Node, one Node can run multiple Pods, and one Pod can also run across multiple Nodes.
4. Quota limit
(1) Resource allocation
To configure two:
request--resource request, limit--maximum limit;
实例:
spec:
containers:
- name: hostnames
image: mirrorgooglecontainers/serve_hostname
resources:
requests:
cpu: 100m
memory: 100Mi
limits:
cpu: 100m
memory: 100Mi
100 millicpu,也就是 0.1 个 CPU 的意思。也可以写成 cpu:0.1;
memory100Mi:1Mi=1024*1024;1M=1000*1000,所以这里就是100MB内存的意思。Question: It stands to reason that setting the limit maximum resource limit is enough, similar to the configuration above docker-compose. Why does k8s need to set a request resource request parameter?
Answer
: The `resources.requests` field can specify the amount of CPU and memory resources required by the Pod. The Kubernetes scheduler will select appropriate nodes based on this parameter to ensure that the resources on the node can meet the needs of the Pod. If this parameter is not set, the Kubernetes scheduler will set the Pod's resource requirements to 0 by default, which may cause the Pod to be scheduled on a node with insufficient resources, thus affecting the performance and stability of the Pod.
It should be noted that the resources.requests field is only a recommended value, and the Kubernetes scheduler does not force nodes to provide these resources. If there are insufficient resources on the node, the Pod may still run out of resources. Therefore, when setting the resources.requests field, you need to set it appropriately according to the actual situation to ensure that the Pod can run normally.
(2) Resource preemption
For incompressible resources such as memory, if resource preemption occurs, Pods will be evicted (closed) according to priority. The eviction strategy is: evict Pods with Request=Limit=0 (BestEffort level) first, and then evict Request !=Limit (Burstable). Pods with 0<Request==Limit will be retained;
The Request setting proportionally shares the CPU scheduling time slice, so conversely, the larger the request value is, it means that when resource preemption occurs, each Pod is allocated more CPU time slices;