Open the world's first open source application model OAM |. Cloud native ecology Weekly Vol 23

Author | Pro stone, Yuan Yi, Winter Island, Zhong source, Tianyuan

Industry News

Open the world's first open source application model OAM

October 17, 2019, Alibaba partner, Ali cloud intelligent basis Products Division general manager Jiang Jiangwei (nickname: Xiao Xie) Heavy announced in Qcon Shanghai, Ali cloud and Microsoft jointly launched an open application model Open Application Model (OAM ) open source project. OAM's vision in a standardized way to communicate and connect application developers, operation and maintenance personnel, application infrastructure to cloud the native application management and delivery has become more simple, efficient, and controllable.

KubeVirt enter CNCF Sandbox

KubeVirt  although technology offers a variety of convenient containers, but use in a particular situation VM is still unavoidable (Editor's note: VM just choose one, different container security solutions can replace a simple VM in different aspects). KubeVirt project from Redhat can be provided inside the preparation, deployment, and management ability to run the VM K8s cluster, which enables you to use Pod as a VM. Now, the project has officially entered the CNCF of the Sandbox.

Megalix KubeAdvisor 1.0 version released

KubeAdvisor has released version 1.0. KubeAdvisor K8s a secondary operation and maintenance tools, resources can scan K8s cluster, status, configuration, etc., by providing the proper "observability" (Editor's note: monitoring data and graph dazzling observability is not equal), as cluster users to provide the most valuable information to assist safeguard the reliability and stability of the infrastructure and the upper application.

Significant progress upstream

1. allow dynamic adjustment of the log level kube-scheduler . kube-scheduler K8s important as the default scheduling component, in some cases, they can reflect a lot of log information, this allows PR Log Print level kube-scheduler can be dynamically adjusted.

2. The scheduler aspects of a recent move is the logic of some of Prioritizing the plug (Score Plugin). Recently several related PR follows, interested students can focus.

• BalancedResourceAllocation
• MostRequestedPriority
• LeastResourcePriority

3. to add a scheduler tracks the number of goroutine Binding and Prioritizing of Metric .

In the large-scale application deployment and some special scenes, the scheduler may become a bottleneck in the overall performance.

4. There are two optimization kubeadm experience in PR:

1. Output of kubeadm Structured : Structured output of several output kubeadm (yaml, json, etc.) to facilitate the continued treatment;

2. kubeadm add --with-ca flag to display the date information ca : ca expiration is a common cause of willing one component is not available, with this flag can more easily guide ca expiration information.

3. Here are a few of the more important / interesting KEP, interested friends can look at:
4. For the network Kube API Server's proxy adds beta version for graduation . KAS allows configuration of the network traffic Kube API Server to (or less than) the specified Proxy;
5. kubelet log in the insecure : the next through a switch, so that the serving cert expires kubelet (kube apiserver not know kubelet) kube-apiserver but not expired the client cert (kubelet appreciated kube apiserver) conditions permit kubelet verified by skipping some of the return tls log. This feature is in test and debug the scene is useful.
6. Conformanece content of standardized test implementation (documentation, API schema, the code inspection, expert knowledge, etc.)
7. Extended NodeRestriction Controller to limit Pod operation can be more Node (mainly from safety considerations);
8. The state of HPA to reach implementable

9. Two planned GA, for the novice contributor to K8s want to participate in the community, these two KEP is a good entry point (target, method is very clear demand)
   1. According to the Node Node condition marked taint mark , automation scheduler helps identify inappropriate scheduling node;
   DaemonSet 1. before scheduling logic in the DaemonSet controller, the KEP want to move to the scheduler scheduling logic implemented.

Open source projects recommended

VMware-Subsidiary

VMware  has begun to support K8s, the company recently a move to open source is to migrate several own cloud-native open source project to the new Organization: VMware-Tanzu. The project currently includes the following items:

• velero: Application Migration Tool
• octant: state showing a cluster of dashboard
• sonobuoy: a K8s analysis tool
• ······

k8s-transmogrifier

K8s 1.16 discarded a lot of API, affect many have been used in the production of cluster configuration, etc. and Helm chart. There is an automatic conversion API's K8s 1.16 depreciated in the tool , people in need can find out.

This week Recommended Reading

1. " Ali Baba's R & D model is how evolution? "

With the development of cloud computing, many developers have developed this technology will bring changes in the way is full of interest in cloud computing solution is to shift the problem from CAPEX to OPEX. What tangible benefits cloud can bring? In the cloud application architecture should be how to do? From traditional architecture to the cloud-based architecture of personal experience, Alibaba partner, Ali cloud intelligent basis Products Division general manager Jiang Jiangwei (Xiaoxie) describes the point of the enterprise value of the new architecture and new R & D model. This article is being held from finishing  QCon Shanghai 2019  Jiangjiang Wei (Xiao Xie) speech content.

2. " Alibaba R & D model is how evolution? "

This article describes some practical experience to get the number of teams at Zalando (public clouds) manage large K8s rod cluster, for example, each domain or production community is always deploy two-cluster (prod & non-prod), hosting configuration using Github file, by CLM (Cluster Lifecycle Manager) management upgrades, and so on.

3.《Liveness Probes are Dangerous》

Liveness Probe and Readiness Probe is an important tool in determining whether the available K8s application, however, incorrect use or risk Liveness Probe Readiness Probe will bring (such as careless use of external dependence, sometimes it will prevent Liveness Probe Pod correct enter a failed state and thus can not quite recovered, etc.), this article summarizes the best practices for using both.

4.《A Practical Guide to Setting Kubernetes Requests and Limits》

Kubernetes resource definition and limit the request is a common problem, and in addition to this article to better explain these concepts accident, also offers advice on how to configure them from the perspective of the SLA.

5.《Protecting Kubernetes API Against CVE-2019-11253 (Billion Laughs Attack) and Other Vulnerabilities》

This paper describes an example of a K8s could lead to billions laughs attacks vulnerabilities, explained the safe operation of regular use K8s in a production environment, including the correct configuration RBAC, regularly check Role and RoleBinding, never expose Master host address, and so on.

6. " Knative Serverless technology-based Weather Services - Part II "

On the one we described how based Knative Serverless technology Weather Service - Part I , this article we introduce how to provide services through the channel table storage for Knative docking tables store event source, subscription and alert notification via sending nails weather. See more exciting articles about Knative " Knative series of articles ."

"Alibaba Cloud native micro-channel public number (ID: Alicloudnative) focus on micro service, Serverless, container, Service Mesh and other technical fields, focusing popular technology trends in cloud native, cloud native large-scale landing practice, do most understand cloud native developers technology public number. "

This article from the blog article multiple platforms OpenWrite release!