Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Advanced Kubernetes For UMC

Kyle Bai
August 15, 2019

Advanced Kubernetes For UMC

UMC 第三天課程內容

Kyle Bai

August 15, 2019
Tweet

More Decks by Kyle Bai

Other Decks in Technology

Transcript

  1. @k2r2bai About Me ⽩白凱仁(Kyle Bai) • Software Engineer @ inwinSTACK.

    • OSS Contributor. • Certified Kubernetes Administrator/Application Developer. • Co-organizer of Cloud Native Taiwan User Group. • Interested in emerging technologies. @kairen https://k2r2bai.com
  2. @k2r2bai • Safely Upgrading Kubernetes Clusters • Upgrading the exist

    cluster using kubeadm • Highly available Kubernetes cluster • Image Registry - Harbor • Content trust for container image • Monitoring Kubernetes / Registry • Logging Kubernetes / Registry • Troubleshooting Skills / Tools Agenda Today I would like to talk about
  3. @k2r2bai Scope of cluster upgrades • Kubernetes ⼆二進制執⾏行行檔 • Kubernetes

    控制平⾯面元件 • Container Runtime • Etcd 叢集 • 叢集網路路(CNI plugins) • Base OS ....
  4. @k2r2bai Scope of cluster upgrades • Kubernetes ⼆二進制執⾏行行檔 - kubelet

    • Kubernetes 控制平⾯面元件 - apiserver, scheduler, controller manager • Container Runtime - Docker • Etcd 叢集 - etcd data • 叢集網路路(CNI plugins) - calico, flannel, ... • Base OS - Linux Kernel ....
  5. @k2r2bai You should know those before begin 1. 在更更新叢集時,您需要備份 etcd

    資料 • etcd Operator • etcdctl snapshot + cron + restore ETCDCTL_API=3 etcdctl --endpoints $ENDPOINT snapshot save snapshot.db ETCDCTL_API=3 etcdctl snapshot restore snapshot.db [FLAGS] https://github.com/etcd-io/etcd/blob/master/Documentation/op-guide/recovery.md = https://github.com/coreos/etcd-operator
  6. @k2r2bai You should know those before begin 1. 在更更新叢集時,您需要備份 etcd

    資料 2. 叢集更更新時,務必以⼀一個次要版本(Minor)為間隔更更新 • Kubernetes 約每三個⽉月會發⾏行行新的次要版本 • Good: My cluster is of v1.10, I want to upgrade to v1.11. • Bad: My cluster is of v1.10, I want to upgrade to v.1.13. • Good: My cluster is of v1.10, I upgrade to v1.11 and then upgrade to v1.12.
  7. @k2r2bai You should know those before begin 1. 在更更新叢集時,您需要備份 etcd

    資料 2. 叢集更更新時,務必以⼀一個中版本號為間隔更更新 3. 閱讀 Release Notes 來來了了解每個版本的變化 • Known Issues • Action Required • Deprecations and removals https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG.md
  8. @k2r2bai You should know those before begin 1. 在更更新叢集時,您需要備份 etcd

    資料 2. 叢集更更新時,務必以⼀一個中版本號為間隔更更新 3. 閱讀 Release Notes 來來了了解每個版本的變化 4. 善⽤用⼯工具或公有雲服務來來完成叢集更更新過程 • Kubeadm • Kops • Kubespray - Ansible • Cluster API • GKE, EKS, AKS, .... https://github.com/kubernetes-sigs/cluster-api
  9. @k2r2bai 5. 了了解要更更新的 Kubernetes ⽬目標版本 API 變化 • API 會隨版本演進⽽而改變,如

    v1.16 要移除 extensions/v1beta1 You should know those before begin https://kubernetes.io/blog/2019/07/18/api-deprecations-in-1-16/
  10. @k2r2bai 5. 了了解要更更新的 Kubernetes ⽬目標版本 API 變化 6. 確保應⽤用程式使⽤用⾼高級 API

    建置實例例,如 Deployment • 應⽤用程式有多個實例例(Pod)⽀支撐 • 利利⽤用探針確保應⽤用狀狀態,以攔阻流量量的分發 • 使⽤用 Pod 的 preStop hook 來來加強⽣生命週期管理理 You should know those before begin https://kubernetes.io/blog/2019/07/18/api-deprecations-in-1-16/
  11. @k2r2bai 5. 了了解要更更新的 Kubernetes ⽬目標版本 API 變化 6. 確保應⽤用程式使⽤用⾼高級 API

    建置實例例,如 Deployment 7. 更更新 Node 以前,優先更更新 Master You should know those before begin
  12. @k2r2bai Foreseeable roblem and solutions • etcd 中過舊的資料 • Don't

    remove API versions(#52185). • Storage migration System [1][2]. • Don't deploy EOL version[3]. Now, v1.12 - v1.14 is a good choice. • Read release notes. 1. https://github.com/kubernetes/community/pull/2524 2. https://github.com/kubernetes-sigs/kube-storage-version-migrator 3. https://kubernetes.io/docs/reference/using-api/deprecation-policy/
  13. @k2r2bai Foreseeable roblem and solutions • Clients 使⽤用的版本已過舊(過時) • 應⽤用與服務使⽤用的

    API 依然是相依於 extensions/v1beta1 • 開發的 Custom Controller 涉及過舊版本的 API 與 Libraries
  14. @k2r2bai Foreseeable roblem and solutions • Clients 使⽤用的版本已過舊(過時) • 應⽤用與服務使⽤用的

    API 依然是相依於 extensions/v1beta1 • 需在叢集更更新以前,優先將應⽤用與服務的 API object 轉移到新版本 • 開發的 Custom Controller 涉及過舊版本的 API 與 Libraries • 需要更更新程式碼使⽤用新版 API,並且將相依 Libraries 也更更新⾄至相容的新版本
  15. @k2r2bai Foreseeable roblem and solutions • Policy breaks after upgrade(Webhook,

    RBAC) • 有新版本 batch/v2 與 test_batch/v1 • 在叢集更更新前,先更更新 Policies 使⽤用⽬目前所有⽀支援的版本
  16. @k2r2bai Unforeseeable problem and suggestions • 在升級前盡可能地在實際環境測試要升級的版本 • 使⽤用舊版本的 Sonobuoy

    來來測試新版本叢集 • 確保組態檔案保持⼀一致,並確保設定是否因為版本改變⽽而出現錯誤 • 檢視 Addons 是否因為新版本的特性⽽而崩潰 • 利利⽤用多階段升級⽅方式來來確保 API 的相容。
  17. @k2r2bai Summary • Before upgrade. • Backup etcd data. •

    Read release notes. • Upgrade clients. • Upgrade configurations.
  18. @k2r2bai Summary • Before upgrade. • During upgrade. • Upgrade

    master before node. • Don't use new APIs until HA master upgrade is done. • No in-place kubelet upgrade.
  19. @k2r2bai Summary • Before upgrade. • During upgrade. • After

    upgrade. • Check cluster addons. • Check cluster networking(CNI plugins). • Make sure that nodes are Ready.
  20. @k2r2bai Step of cluster upgrades 1. Master • 更更新 kube-apiserver,

    controller manager, scheduler • 更更新 Addons,ex: kube-proxy, CoreDNS • 更更新 kubelet binary file 與組態檔案 • (optional)更更新 Node bootstrap tokens 的 RBAC 規則
  21. @k2r2bai Step of cluster upgrades 1. Master 2. Nodes •

    在 Master 使⽤用 kubectl drain 來來驅趕 Pods 到其他節點 • 使⽤用 PodDisruptionBudget 限制 Workload Controller 搬移 • 更更新 kubelet binary file 與組態檔案 • 在 Master 使⽤用 kubectl uncordon 讓節點能夠被排成 Pod
  22. @k2r2bai Upgrading master nodes ⾸首先進去 Master(k8s-m1),並更更新 kubeadm 到: $ sudo

    apt-get update && sudo apt-get install -y kubeadm=1.15.2-00 && \ sudo apt-mark hold kubeadm $ kubeadm version kubeadm version: &version.Info{Major:"1", Minor:"15", GitVersion:"v1.15.2", GitCommit:"f6278300bebbb750328ac16ee6dd3aa7d3549568", GitTreeState:"clean", BuildDate:"2019-08-05T09:20:51Z", GoVersion:"go1.12.5", Compiler:"gc", Platform:"linux/amd64"}
  23. @k2r2bai Upgrading master nodes 在 Master 更更新 Control Plane 元件:

    $ sudo kubeadm upgrade plan $ sudo kubeadm upgrade apply v1.15.2 (optional)在其他 Master 節點更更新 Control Plane 元件: $ sudo kubeadm upgrade node
  24. @k2r2bai Upgrading master nodes 在 Master 更更新 kubelet 與 kubectl:

    $ sudo apt-get update && sudo apt-get install -y kubelet=1.15.2-00 kubectl=1.15.2-00 && \ sudo apt-mark hold kubelet kubectl 重新啟動 kubelet: $ sudo systemctl restart kubelet
  25. @k2r2bai Upgrading worker nodes ⾸首先在 Master 執⾏行行 drain 指令來來將 Nodes

    workload 轉移到其他節點: $ kubectl drain $NODE --ignore-daemonsets WARNING: ignoring DaemonSet-managed Pods: kube-system/calico-node-p4hs7, kube-system/ kube-proxy-nlznx evicting pod "nginx-68487cdddf-4cctq" evicting pod "calico-kube-controllers-6c795cc467-pc46s" ... node/k8s-n1 evicted
  26. @k2r2bai Upgrading worker nodes 進去 Nodes(k8s-n1, k8s-n2),並更更新 kubeadm 到: $

    sudo apt-get update && sudo apt-get install -y kubeadm=1.15.2-00 && \ sudo apt-mark hold kubeadm $ kubeadm version kubeadm version: &version.Info{Major:"1", Minor:"15", GitVersion:"v1.15.2", GitCommit:"f6278300bebbb750328ac16ee6dd3aa7d3549568", GitTreeState:"clean", BuildDate:"2019-08-05T09:20:51Z", GoVersion:"go1.12.5", Compiler:"gc", Platform:"linux/amd64"}
  27. @k2r2bai Upgrading worker nodes 在 Node 更更新節點組態: $ sudo kubeadm

    upgrade node 在 Node 更更新 kubelet : $ sudo apt-get update && sudo apt-get install -y kubelet=1.15.2-00 && \ sudo apt-mark hold kubelet 重新啟動 kubelet: $ sudo systemctl restart kubelet
  28. @k2r2bai Check cluster 在 Master 執⾏行行 uncordon 恢復 Worker node

    到可排成狀狀態: $ kubectl uncordon $NODE 在 Master 透過 kubectl 檢查叢集版本與狀狀態: $ kubectl version Client Version: version.Info{Major:"1", Minor:"15", GitVersion:"v1.15.2", GitCommit:"f6278300bebbb750328ac16ee6dd3aa7d3549568", GitTreeState:"clean", BuildDate:"2019-08- 05T09:23:26Z", GoVersion:"go1.12.5", Compiler:"gc", Platform:"linux/amd64"} Server Version: version.Info{Major:"1", Minor:"15", GitVersion:"v1.15.2", GitCommit:"f6278300bebbb750328ac16ee6dd3aa7d3549568", GitTreeState:"clean", BuildDate:"2019-08- 05T09:15:22Z", GoVersion:"go1.12.5", Compiler:"gc", Platform:"linux/amd64"}
  29. @k2r2bai kubeadm upgrade apply • 檢查當前叢集是否處於可更更新狀狀態 • The API server

    is reachable • All nodes are in the Ready state • The control plane is healthy • 以 Version Skew 策略略[1]執⾏行行 • 確保 Control plane 元件的映像檔已在機器上,若若沒有則抓取更更新版本映像檔 1. https://kubernetes.io/docs/setup/release/version-skew-policy/
  30. @k2r2bai kubeadm upgrade apply(count.) • 更更新 Control plane 元件,或是發⽣生問題時回滾原本版本 •

    更更新 kube-dns and kube-proxy manifests,並確保需要的 RBAC 規則被建立 • 建立新的 API server certificate 與 key 檔案,若若檔案將在 180 後過期的話,將備份舊的 檔案
  31. @k2r2bai kubeadm upgrade node(master) • 從當前叢集取得 kubeadm 的 ClusterConfiguration •

    (optional)備份 kube-apiserver certificate • 更更新 Control plane 元件的 Static Pod manifests • 更更新當前節點的 kubelet 組態
  32. @k2r2bai Why we need Kubernetes High Availability(HA)? • No SPOF(single

    point of failure). • Load balancing workload for API servers. • Failover clustering for Kubernetes state data(Etcd). • Running in multiple zones(across failure domains). • Zero-downtime Upgrade. https://github.com/bradfitz/homelab
  33. @k2r2bai ”Multi-Master is NOT ENOUGH!! Eliminating every single point of

    failure in each layer of the stack“ Karan Goel, Meaghan Kjelland @ Google https://kccna18.sched.com/event/GrWQ
  34. @k2r2bai SPOF in each layer of the stack Virtual Machines

    Application Network Partitions Physical Machines Storage Cooling Systems Electric & Power https://kccna18.sched.com/event/GrWQ
  35. @k2r2bai Harbor Harbor 是 CNCF Incubating 專案,該專案是基於 Docker Distribution 擴展功能的

    Container Registry,提供映像檔儲存、簽署、漏洞洞掃描等功能。另外增加了了安全、⾝身份認證與 Web- based 管理理介⾯面等功能。 • LDAP/Active Directory、OIDC • Clair - 容器映像檔安全掃描 • Notary - 容器映像檔簽署(Content trust) • S3、Cloud Storage 等儲存後端 • 映像檔副本機制 • 使⽤用者管理理(User managment),存取控制(Access control)和活動稽核(Activity auditing)
  36. @k2r2bai Clair Clair 是 CoreOS 開源的容器映像檔安全掃描專案,其提供 API 式的分析服務,透過比對公 開漏洞洞資料庫 CVE(Common

    Vulnerabilities and Exposures)的漏洞洞資料,並發送關於容 器潛藏漏洞洞的有⽤用和可操作資訊給管理理者。 Clair CVE Updater REST API PostgreSQL CVE Data sources CRUD • Debian Security Bug Tracker • Ubuntu CVE Tracker • Red Hat Security Data • Oracle Linux Security Data • Alpine SecDB • NIST NVD
  37. @k2r2bai Notary Notary 是 CNCF Incubating 專案,該專案是 Docker 對安全模組重構時,抽離的獨立專 案。Notary

    是⽤用於建立內容信任的平台,⽬目標是確保 Server 與 Client 之間交互使⽤用已經 相互信任的連線,並保證在 Internet 上的內容發佈安全性,該專案在容器應⽤用時,能夠對 映像檔、映像檔完整性等安全需求提供⽀支援(Content trust)。
  38. @k2r2bai Create machine using Vagrant with Virtualbox ⾸首先透過 Git 取得以下

    Repo(已下載過則忽略略): $ git clone https://github.com/inwinstack/k8s-course 進入對應⽬目錄執⾏行行以下指令: $ cd k8s-course/harbor $ vagrant up $ vagrant status $ vagrant ssh k8s-harbor
  39. @k2r2bai Harbor installation 進入到 VM 然後下載 Docker compose: $ curl

    -L https://github.com/docker/compose/releases/download/1.24.1/docker-compose-`uname - s`-`uname -m` -o /usr/local/bin/docker-compose $ chmod +x /usr/local/bin/docker-compose 下載 Harbor offline 安裝檔: $ wget https://storage.googleapis.com/harbor-releases/release-1.8.0/harbor-offline-installer-v1.8.2- rc2.tgz $ tar xvf harbor-offline-installer-v1.8.2-rc2.tgz $ cd harbor && cp -rp /vagrant/config/harbor.yml ./ $ docker load < harbor.v1.8.2.tar.gz
  40. @k2r2bai Harbor installation 複製 Self-signed 憑證: $ mkdir -p /data/cert/

    $ cp -rp /vagrant/config/certs/* /data/cert/ $ chmod 777 -R /data/cert/ # just for demo 產⽣生 configs 與 compose 檔案: $ ./prepare
  41. @k2r2bai Harbor installation 透過 docker-compose 部署 Harbor: $ docker-compose up

    -d 部署 Clair 與 Notary: $ sudo ./install.sh --with-notary --with-clair
  42. @k2r2bai Use Docker with Harbor 複製 ca 憑證到 Docker certs

    ⽬目錄,以確保 HTTPs 能夠授權 : $ mkdir -p /etc/docker/certs.d/192.16.35.99 $ cp /vagrant/config/certs/ca.crt /etc/docker/certs.d/192.16.35.99/ 測試 Push image 到 Harbor: $ docker login 192.16.35.99 $ docker pull alpine:3.7 $ docker tag alpine:3.7 192.16.35.99/library/alpine:3.7 $ docker push 192.16.35.99/library/alpine:3.7 Access Portal: https://192.16.35.99 https://github.com/goharbor/harbor/blob/master/docs/user_guide.md
  43. @k2r2bai Use Harbor on Kubernetes 在所有 K8s 節點上,複製 ca 憑證到

    Docker certs ⽬目錄,以確保 HTTPs 能夠授權 : $ mkdir -p /etc/docker/certs.d/192.16.35.99 $ cp /vagrant/harbor/ca.crt /etc/docker/certs.d/192.16.35.99/ 在 Master 節點執⾏行行以下指令建立 Pull Secret 與 Pod : $ /vagrant/harbor/run.sh $ kubectl apply -f /vagrant/harbor $ kubectl get po
  44. @k2r2bai Content trust for images 在 k8s-harbor VM 上建立 Notary

    HTTPs ca 憑證 : $ mkdir -p $HOME/.docker/tls/192.16.35.99:4443/ $ cp /vagrant/config/certs/ca.crt $HOME/.docker/tls/192.16.35.99:4443/ Push ⼀一個簽署的 Image 到 Harbor: $ export DOCKER_CONTENT_TRUST=1 $ export DOCKER_CONTENT_TRUST_SERVER=https://192.16.35.99:4443 $ docker tag alpine:3.7 192.16.35.99/trust/alpine:3.7 $ docker push 192.16.35.99/trust/alpine:3.7
  45. @k2r2bai Content trust for images 在 k8s-harbor pull 未簽署的 Image

    : $ docker rmi 192.16.35.99/library/alpine $ docker pull 192.16.35.99/library/alpine Error: remote trust data does not exist for 192.16.35.99/library/alpine: 192.16.35.99:4443 does not have trust data for 192.16.35.99/library/alpine
  46. @k2r2bai Portieris Portieris 是 IBM 開發的 Kubernetes Admission Controller,該 Controller

    透過 Notary 驗 證 Container Image 的內容是否為信任,若若不是的話將禁⽌止使⽤用該 Image。另外也⽀支援以 下功能: • Whitelist Images • Fail Closed • Namespace or Cluster Wide Policies https://github.com/IBM/portieris
  47. @k2r2bai Prometheus 是 CNCF 孵化畢業的專案,主要提供系統監控警報框架與 TSDB(Time Series Database)。Prometheus 啟發於 Google

    的 Borgmon 監控系統。 • Pull mode • A multi-dimensional data model • Alert System (with AlertManager) • Metrics Collection & Storage • Metrics, not logging, not tracing • Dashboarding / Graphing / Trending Prometheus
  48. @k2r2bai Things to monitor on Kubernetes • Nodes • Pods

    • Control Plane • kubelet, kube-apiserver, controller manager, scheduler • APM • Request per second • Error rates • App specific metrics
  49. @k2r2bai Prometheus deployment ⾸首先透過 Git 取得以下 Repo(已下載過則忽略略): $ git clone

    https://github.com/inwinstack/k8s-course 進入對應⽬目錄執⾏行行以下指令(確保當前環境有 kubeconfig): $ cd k8s-course/addons/monitoring $ kubectl apply -f namespace.yml $ kubectl apply -f operator
  50. @k2r2bai Prometheus deployment 檢查 Prometheus operator 是否已經執⾏行行: $ kubectl -n

    monitoring get po 當 Operator 啟動時,即可建立並設定 Prometheus 與 Grafana: $ kubectl apply -f service-discovery $ kubectl apply -f prometheus -f alertmanater -f prometheus-adapter $ kubectl apply -f node-exporter -f kube-state-metrics $ kubectl apply -f servicemonitor $ kubectl apply -f grafana
  51. @k2r2bai Prometheus deployment 透過 port-forward 來來存取 Grafana: $ kubectl -n

    monitoring port-forward svc/grafana 3000:3000 --address 0.0.0.0 存取 HOST:3000
  52. @k2r2bai Fluentd Fluentd 是 CNCF 的孵化專案,是類似 Logstash 所扮演的⾓角⾊色,該專案將蒐集 Log 負責的

    過程統⼀一規格化,並簡化定義 Input, Filter, Output 來來收集不同來來源的 Logs。
  53. @k2r2bai Elasticsearch Elasticsearch是⼀一個基於 Lucene 函式庫的⽂文字搜尋引擎。它提供了了⼀一個分散式、⽀支援多 租⼾戶的⽂文字搜索引擎,具有 HTTP Web 介⾯面和無模式 JSON

    檔案。 • Built on top of Lucene • Document-oriented - It stores complex entities as structured JSON documents and indexes all fields by default. • Full-text search • Schema Free • RESTFul API
  54. @k2r2bai EFK deployment ⾸首先透過 Git 取得以下 Repo(已下載過則忽略略): $ git clone

    https://github.com/inwinstack/k8s-course 進入對應⽬目錄執⾏行行以下指令(確保當前環境有 kubeconfig): $ cd k8s-course/addons/logging $ kubectl apply -f ./
  55. @k2r2bai EFK deployment 透過 port-forward 來來存取 Kibana: $ kubectl -n

    kube-system port-forward svc/kibana-logging 5601:5601 --address 0.0.0.0 存取 HOST:5601
  56. @k2r2bai Make good use of kubectl $ kubectl -n <namespace>

    get pods <pod-name> -o wide $ kubectl -n <namespace> describe pod/<name> • API object 的 events • 容器⾏行行程退出原因 • 健康檢查失敗退出原因 • OOMKilled • 映像檔損毀或抓不到問題
  57. @k2r2bai Make good use of kubectl $ kubectl -n <namespace>

    logs <name> [-c container_name] $ kubectl -n <namespace> logs <name> [-c container_name] --previous • 從 Logs 了了解是否為應⽤用程式崩潰 • 透過 --previous 查看先前執⾏行行過的 Pod Logs
  58. @k2r2bai Looking at system logs, systemd, journalctl $ cat /var/log/kubernetes/xxx

    # kube-proxy, apiserver, ..., etc $ systemctl status kubelet $ journalctl -xeu kubelet • 查看 OS 管理理的 Kubernetes 元件狀狀態 • 確認 Kubernetes 元件是否為 Root cause
  59. @k2r2bai Make good use of net-utils $ ping <ip> $

    tcpdump -i <eth> -nn [condition] $ nslookup <service_name> $ iptables -nL $ ipvsadm -L • 檢查跨節點網路路是否正常 • 檢查 KubeDNS 是否能解析 • 查看 iptables chain 與 ipvs rules 是否正確
  60. @k2r2bai Learning the status of Pod • Pending • Waiting

    / ContainerCreating • ImageInspectError • ImagePullBackOff • CrashLoopBackOff • Error • Terminating • Unknown
  61. @k2r2bai Learning the status of Pod • Pending - resources

    是否⾜足夠; Host Port 是否佔⽤用; • Waiting / ContainerCreating - Image 太⼤大或網路路太慢; • ImagePullBackOff - registry 是否能存取; 檢查 registry-qps, registry-burst ⼤大⼩小; • ImageInspectError - container FS 是否有問題; Image 是否損毀; dockerd Error; • CrashLoopBackOff - ⾏行行程是否執⾏行行正常; Mount 是否有錯誤; • Error - ConfigMap/Secrets/PV 是否存在; • Terminating - 如果 > 30s 檢查 grace period; • Unknown - 節點是否 Ready;
  62. @k2r2bai Troubleshooting Tools • Container • ctop - Top-like interface

    for container metrics • dive - A tool for exploring a docker image. • Kubernetes • krew - Package manager for kubectl plugins. • stern - Multi pod and container log tailing for Kubernetes. • ksniff - Ease sniffing on Kubernetes pods using tcpdump and Wireshark. • Weave Scope - Monitoring, visualisation & management for Docker & Kubernetes. • k9s - Terminal UI to interact with your Kubernetes clusters. • Skaffold, Telepresence - Local Kubernetes development made easy.
  63. @k2r2bai Call for some help • Kubernetes 常⾒見見問題 - https://kubernetes.io/docs/tasks/debug-application-cluster/

    debug-cluster/ • Kubernetes 官⽅方論壇 - https://discuss.kubernetes.io/ • Kubernetes GitHub Issue - https://github.com/kubernetes/kubernetes/issues • stackoverflow - https://stackoverflow.com/questions/tagged/kubernetes • Slack - https://slack.k8s.io/ • CNTUG Telegram - https://t.me/cntug
  64. @k2r2bai Knative Knative extends Kubernetes to provide the missing building

    blocks that developers need to create modern, source-centric, container-based, cloud-native applications. “Developed in close partnership with Pivotal, IBM, Red Hat, and SAP, Knative pushes Kubernetes-based computing forward by providing the building blocks you need to build and deploy modern, container-based serverless applications.”
  65. @k2r2bai Knative + Istio = Power The Knative framework is

    built on top of Kubernetes and Istio which provide a an Application runtime (container based) and advanced network routing respectively.
  66. @k2r2bai KubeEdge • KubeEdge is an open source system extending

    native containerized application orchestration and device management to hosts at Edge. • It is built upon Kubernetes and provides core infrastructure support for network, app. • Deployment and metadata sychronization between cloud and edge. https://kubeedge.io/
  67. @k2r2bai Rook Rook is an open source cloud-native storage orchestrator

    for Kubernetes, providing the platform, framework, and support for a diverse set of storage solutions to natively integrate with cloud-native environments.
  68. @k2r2bai Kubernetes Failure Stories A compiled list of links to

    public failure stories related to Kubernetes. https://github.com/hjacobs/kubernetes-failure-stories