that facilitates both declarative configuration and automation. It achieves high utilization by combining admission control, efficient task-packing and machine resource sharing with isolation. It supports high-availability applications with runtime features that minimize fault-recovery time, and scheduling policies that reduce the probability of correlated failures. 14 What is Kubernetes
Pod Pod Pod kube-proxy kubelet Kubernetes Node Kubernetes Master etcd cluster Pod Pod Pod kube-proxy kubelet Kubernetes Node Pod Pod Pod kube-proxy kubelet Kubernetes Node
A set of Linux namespaces, cgroups, and potentially other facets of isolation • Pods are supposed to be unique and ephemeral • Usually not directly created by the user
• At its core, a volume is just a directory, possibly with some data in it • Kubernetes volumes have the same lifecycle as the Pod that encloses it • On Kubernetes there are multiple types of volumes (e.g. gcePersistentDisk)
from image content to keep containerized applications portable • A set of key-value pairs along with optional metadata • Can be mounted to Pods by args, environment variables or volumes
a small amount of sensitive data (e.g. credentials) • Secrets can be mounted as volumes or as environment variables in a Pod • To mount a secret in a Pod, they both must be in the same namespace • A secret is only sent to a node if a pod on that node requires it. It is not written to disk. It is stored in a tmpfs. It is deleted once the pod that depends on it is deleted
abstraction which defines a logical set of Pods and a policy by which to access them • The DNS server watches the Kubernetes API for new Services and creates a set of DNS records for each • A VirtualService defines the rules that control how requests for a service are routed within an Istio service mesh • Requests can be routed based on the request source and destination
manages external access to the services in a cluster, typically HTTP • Typically, services and pods have IPs only routable by the cluster network. All traffic that ends up at an edge router is either dropped or forwarded elsewhere • An Ingress Gateway describes a load balancer operating at the edge of the mesh receiving incoming or outgoing HTTP/TCP connections
felipemocruha
musubi
oasis1994liveforever
jumtech
yutaokafuji
line_developers_tw
chanyou0311
harukasakihara
nikkei_engineer_recruiting
kawaji_scratch
wyamazak_devrel
shiba_8ro
elsirapls
portentint
marcelosomers
kimpetersen
mclloyd
jct
jonoalderson
dugsong
sstephenson
asonas
tmiket
marcduiker
![Obrigado [email protected]](https://files.speakerdeck.com/presentations/289e1c73b54146fab7a8ac4b21ebd10e/slide_31.jpg){kind=link}