StatefulSets StatefulSet is the workload API object used to manage stateful applications. Note: StatefulSets are stable (GA) in 1.9. Manages the deployment and scaling of a set of Pods, and provides guarantees about the ordering and uniqueness of the…

  Deployments A Deployment controller provides declarative updates for Pods and ReplicaSets. You describe a desired state in a Deployment object, and the Deployment controller changes the actual state to the desired state at a controlled rate. You ca…

ReplicaSet is the next-generation Replication Controller. The only difference between a ReplicaSet and a Replication Controller right now is the selector support. ReplicaSet supports the new set-based selector requirements as described in the labels…

This page provides an overview of Pod, the smallest deployable object in the Kubernetes object model. Understanding Pods How Pods manage multiple Containers Networking Storage Working with Pods Pods and Controllers Pod Templates Understanding Pods Th…

一 部署高可用kube-controller-manager 1.1 高可用kube-controller-manager介绍 本实验部署一个三实例 kube-controller-manager 的集群,启动后将通过竞争选举机制产生一个 leader 节点,其它节点为阻塞状态.当 leader 节点不可用时,阻塞的节点将再次进行选举产生新的 leader 节点,从而保证服务的可用性. 为保证通信安全,本文档先生成 x509 证书和私钥,kube-controller-manager 在如下两种…

This page provides an overview of Pod, the smallest deployable object in the Kubernetes object model. Pod是Kubernetes 对象模型中最小的可部署对象. Understanding Pods A Pod is the basic building block of Kubernetes–the smallest and simplest unit in the Kubernetes ob…

你有了解过Kubernetes的认证授权链路吗?是否对TKE的权限控制CAM策略.服务角色傻傻分不清楚?本文将会向你介绍腾讯云TKE平台侧的访问控制.Kubernetes访问控制链路,以及演示如何将平台侧账号对接到Kubernetes内. 当你在使用腾讯云容器服务TKE(Tencent Kubernetes Engine)的时候,如果多人共用一个账号的情况下,是否有遇到以下问题呢? 密钥由多人共享,泄密风险高. 无法限制其他人的访问权限,其他人误操作易造成安全风险. 为了解决以上问题,腾讯云CA…

BACKGROUND admission controllers的特点: 可定制性:准入功能可针对不同的场景进行调整. 可预防性:审计则是为了检测问题,而准入控制器可以预防问题发生 可扩展性:在kubernetes自有的验证机制外,增加了另外的防线,弥补了RBAC仅能对资源提供安全保证. 下图,显示了用户操作资源的流程,可以看出 admission controllers 作用是在通过身份验证资源持久化之前起到拦截作用.在准入控制器的加入会使kubernetes增加了更高级的安全功能. 图:Ku…

REF: how-to-generate-client-codes-for-kubernetes-custom-resource-definitions-crd Firstly we need to install golang. 1. the api spec looks like: # Definition --- apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: name: h…

目前kubevirt提供虚机管理的功能. kill, delete, shutdown, migration 等. VMI是virtual machine interface的缩写. SyncVMI,实际上就是创建一个VM. 创建VM的map, 支持PCI设备. 只是libvirt的一层皮,libvirt有啥它就支持啥. 连package的名字都叫virtwrap handler的调用launcher. LauncherClient(RPC)提供给handler的几个功能.    这个handl…