1
头图

What knowledge do you need to master to become a k8s expert

  • After reading the k8s source code completely and combing through more than 160 documents, I made the following summary:
  • Of course, the main purpose is to list some key points: the specific details will not be posted due to limited space.

Tutorial address

k8s knowledge graph

01 Basic knowledge of containers

  • 01 What is a container in the end: it is simply a restricted process. The two underlying technologies are linux namespace and cgrop

    • The classification of namespace and the relationship between sandbox containers, which ns are shared, involve the problem of incomplete isolation of containers
    • The difference between cgroup v1 and v2, the principle of cpu/mem limit, how to bind cpu core
  • 02 Container mirroring: mirroring is not the patent of docker

    • The OCI (Open Container Initiative) specification is the de facto container standard and has been adopted by most container implementations and container orchestration systems.
    • Any tool that implements the OCI specification can mirror
    • The specification requires the mirror content to include the following parts:

      • 3 required

        • Image Manifest : Provides image configuration and file system layer location information, which can be regarded as an image directory, and the file format is json.
        • Image Layer Filesystem Changeset : Filesystem and filesystem changes after serialization, which can be applied layer by layer as the rootfs of a container in sequence, so it is often referred to as a layer (synonymous with the image layer mentioned below) ), the file format can be an archive or compressed format such as tar, gzip, etc.
        • Image Configuration : Contains the execution parameters used by the image at runtime and the ordered rootfs change information. The file type is json.
      • 1 optional

        • image-index : An image index is a higher-level manifest that points to a specific image manifest, ideal for one or more platforms
  • 03 Container Union File System: Understanding of overlayfs

    • There are three layers corresponding to the container running:

      • image layer (read-only), the layer of the image
      • Some configuration files written by the init layer container at startup, before the container layer
      • The new writable layer of container layer
    • copy on write technology

      • The advantage is to reduce the size of the image and improve the startup speed.
      • The disadvantage is that the writing speed is slow, so it is not suitable for a large number of file reading and writing in the container layer, and Volume should be used
  • 04 The container runtime CRI mainly includes two gRPC services, ImageService and RuntimeService

    • grpc service analysis

      • The ImageService service is mainly for operations such as pulling images, viewing and deleting images.
      • RuntimeService is used to manage the life cycle of Pods and containers, as well as operations such as calls (exec/attach/port-forward) that interact with containers
      • Interactive services such as Exec can also be made separately as a StreamService
    • low/high level container runtime

      • Such as runc, lxc, containerd, docker, libcontainerd What is the difference between them
    • What are the components of docker split into and what are they all responsible for?

02 k8s calculation

  • 01 General operations of built-in resources

    • deployment、statefulset、daemonset、job
    • Expansion/shrinking: the realization and purpose of slowBatchStart to create pods
    • Update Strategy: Rolling Updates vs Expose Rebuilds
    • Deletion Strategy: Cascading Deletion vs Keeping Pods
  • 02 The relationship between several containers in k8s-pod

    • what did the sandbox do?
    • The purpose and application scenarios of the init container
    • The startup process of the app container: internal hooks and lifecycle hooks exposed to users
    • The role of the three probes
    • The summary is the life cycle of the pod, the startup sequence of several containers, the role of several hooks, and finally the probe
  • 03 The topology manager kubelet multiple resource managers independently allocate resources and lack a unified perspective

    • When allocating devices to pods, various resource managers work independently and do not have a global concept, which may cause unreasonable resource allocation.
    • Topology Manager is to provide a global perspective, in order to try to allocate resources under the same numa node to improve performance
  • 04 The relationship between the three QOS of pod and cpu memory resources

    • Settings for different qos oom_score_adj values
    • The relationship between qos and the resource shared pool involves the numa setting of the cpu/mem manager behind
  • 05 The process of kubelet calling CRI and the wonderful existence of docker-shim

    • How does k8s paralyze docker
    • Formulation of OCI Standards

03 k8s storage

  • 01 Common volume types
  • 02 The principle of hot loading of configMap and secret
  • 03 Dynamic and static PV and StorageClass dynamically generate PV

    • The interaction between PV and PVC follows this lifecycle: supply --> bind --> use --> release --> cycle
    • As the number of PVs increases, administrators need to constantly define the number of PVs, which leads to the dynamic generation of PVs through StorageClass.
    • The StorageClass declares the storage capacity in the PVC and calls the underlying provider to generate the PV.
  • 04 The process of kubelet volume-manager mounting volume
  • 05 CSI plug-in

    • Dynamic Provisioner Mechanism

04 k8s network

  • 01 Kubernetes needs to solve 4 communication modes:

    1. Container-to-container communication
    2. Pod-to-Pod communication
    3. Communication between Pod and Service
    4. Communication between Internet and Service
  • 02 svc 4 load balancing modes: In fact, to put it bluntly, who will forward the traffic
  • 03 Service discovery of svc: dns and environment variables
  • 03 How iptables forwards svc traffic:

    • Data flow of several KUBE-XXX chains
  • 04 Can the cluster-ip of svc be pinged:

    • Need to divide the situation, such as iptables rejected the icmp message
  • 05 cni plugin: the difference between calico and Flannel
  • 06 ingress mechanism: the principle can be simplified as nginx + service discovery + hot update

    • traefik source code interpretation
  • 07 The real production use of headless services

05 The plug-in mechanism of k8s

  • 01 Admission controller: can inject sidecar or do vpa expansion

    • What is the data request process like?
  • 02 CRI, CSI, CNI are the computing storage network plug-in mechanism provided by k8s to third-party implementers
  • 03 Aggregation plugin for apiserver, easy to extend API: typical applications metrics.k8s.io and custom.metrics.k8s.io

    • How do you understand the source code?
  • 04 kubelet's device-plugins device plug-in mechanism is convenient for accessing devices such as nvidia GPUs: grpc registers the device and grpc server provides device management

    • How to register and manage grpc
  • 05 Strictly speaking, the operator mode of crd+controller is also considered

    • How to write reconcile tuning

06 Control plane source code understanding of k8s

  • 01 Flow of pod creation process between control plane components
  • 02 The role of informer mechanism

    • Messaging middleware? Reduce the pressure on etcd
  • 03 Leader election main mechanism
  • 04 syncLoop big loop in kubelet

    • 5 types of event loop 7 chan
  • 05 syncXXX process of each controller

    • A sync process where both reading and writing are mixed together
  • 06 Various resource managers in kubelet

    • How statusManger synchronizes status
    • How containerManger limits ephemeral storage
    • How EvictionManager works in source code
  • 07 apiserver

    • Certification
    • Authentication: rbac source code
    • Admission: mutate vs validate, and of course webhooks
    • speed limit
    • event broadcast mechanism

07 k8s orchestration

  • 01 cpu-based hpa: fast up and slow down

    • How to do fast up and down fast
  • 02 Mem-based hpa: how to interact with metrics-server, involving the aggregation plug-in of apiserver
  • 03 vpa based on prometheus-operator

    • Process of custom.metrics.k8s.io apigroup
    • Why do you need access to the admission controller?
    • Interpretation of Recommender, updater, admission-controller source code for vertical-pod-autoscaler source code reading
  • 04 Source code understanding of metrics-server and the principle of kubelet top

    • Where does the underlying data come from
    • how to store
    • how to calculate cpu rate

08 k8s crd development

  • 01 Why crd: Encapsulate basic objects to complete rapid deployment of distributed/stateful services
  • 02 CRD development process: Define CRD and implement the specific logic of controller reconcile, and leave the rest to the code generation tool

09 Monitoring of k8s

  • 01 metrics , that's not to say that it must be prometheus, then prometheus on k8s has too many solutions

    • How to choose storage
    • What are the principles and tips in kube-prometheus
  • 02 logging
  • 03 event

ning1875
164 声望60 粉丝