Author | Chen Jun, ROCKETS, Xu Di
Industry News
KubeCon 2019 North America conference
The industry's most solemn event KubeCon + CloudNativeCon held in San Diego this year, more than 12,000 attendees and more than 100 native cloud vendors attended the Congress. The conference in Alibaba economy has 8 Topic debut.
- Related Topic
- Fobes picked 10 most interesting official propaganda
- KubeCon 2019 Nian PPT Collection North America Share
Significant progress upstream
1. Kubernetes intends to add support for the Cgroup v2
Kubernetes of Kubelet and Scheduler intends to add support for the Cgroup v2. A big feature Cgroup v2 is a non-root user can do resource constraints. "The implementation of KEP and the following non-root privileges mode Kubernetes components " KEP closely related.
2. Use non-root privileges mode Kubernetes components
There are many manufacturers try to use the non-root mode to run kubelet components and CRI / OCI / CNI, but because some of the interfaces require root privileges can not be achieved. This KEP focus to improve kubelet, kube-proxy restrictions in this regard, as well as CRI / OCI / CNI also related to the work to promote the use of non-root mode.
3. Providing Immutable mode ConfigMap / Secret (s)
Immutable recommended the ConfigMap / Secret for two reasons:
One mode uses ConfigMap / Pod Secret of generally through Volume Mounts way, and Kubelet will go to get ConfigMap / by Watch / Poll Secret fashion update, and synchronize updates to Pod mount file, this can quickly Pod, no a sense of access to ConfigMap / Secret updates. However, this update is a double-edged sword, a bad update ConfigMap / Secret Pod load may cause misconfiguration causing all Pod exceptions. We recommend using the Rolling Update of the way, to create a new ConfigMap / Secret while creating a new Pod to refer to the new ConfigMap / Secret.
The second is in the large-scale cluster, too much Kubelet Watch / Poll lot of ConfigMap / Secret API Server will exert enormous pressure (although we in the PR requests to reduce the consumption of a Goruntine for each Watch in). The use of the Immutable ConfigMap / Secret, Kubelet will not establish Watch for them / Poll request.
Open source projects recommended
1.cert-manager
Use CRD model certificate issuance and management of CA Issuer within Kubernetes cluster. A big advantage cert-manager that supports multi Issuer's presence within Kubernetes cluster.
2.extended-daemonset
Compared Kubernetes of Daemonset, it provides a richer canary releases and upgrade strategy.
3.watermarkpodautoscaler(WPA)
Based Pod AutoScaler water line algorithm, compared with HPA, which provides a richer algorithms, to control the rate of Scale and strategies.
This week Recommended Reading
1. "hybrid cloud capabilities and key technology trends."
A single public cloud, private cloud provides a strong computing power, data calculation required by the edge of the cloud to collect and transmit to the public cloud, private cloud. The edge of the cloud, public cloud, private cloud, whether management or the data level open, hybrid cloud is the future trend.
2. "K8S v1.17 new features: topology-aware service routing"
Topology-aware service routing can be achieved nearest Service forwarding, reducing network latency, to further improve network performance K8s, and this feature will be released K8s v1.17 Alpha, time is early December, let us look forward to it!
3.《Debugging network stalls on Kubernetes》
Kubernetes Github has become a resource and platform management applications, and Github's Kubernetes with increasing cluster size, also encountered network problems Service of headaches. This paper Github for our good offers when the Service within the cluster "network is unavailable," How do we debug and find the root of the problem.
4. "four concept, an action, so that the application management easier."
Along with K8s-based cloud infrastructure everywhere native roots, more and more teams began to build on K8s continuous deployment, self-publishing experience of application management platform. However, in K8s delivery and management of applications, there is a lack of a uniform standard, which ultimately led us and Microsoft jointly launched the first cloud standard definitions and native application architecture model - OAM . The authors start from the basic concepts to detailed interpretation of OAM and package design and usage of each module and other point of view.
5. "across from the micro to the service station, the field of architecture annual inventory! "
2019, the entire IT sector has undergone many profound and complicated changes, the author hopes to give readers a clear sort out changes to the architecture skill development this year according to this article, review the past and move on.
"Alibaba Cloud native micro-channel public number (ID: Alicloudnative) focus on micro service, Serverless, container, Service Mesh and other technical fields, focusing popular technology trends in cloud native, cloud native large-scale landing practice, do most understand cloud native developers technology public number. "