What knowledge do you need to master to become a k8s expert? When I read the k8s source code and summarize

What knowledge do you need to master to become a k8s expert

• After reading the k8s source code completely and combing through more than 160 documents, I made the following summary:
  
• Of course, the main purpose is to list some key points: the specific details will not be posted due to limited space.

Tutorial address

• k8s underlying principle and source code explanation of advanced articles
• underlying principle and source code explanation 161deadb8f15f3

k8s knowledge graph

01 Basic knowledge of containers

• 01 What is a container in the end: it is simply a restricted process. The two underlying technologies are linux namespace and cgrop

  • The classification of namespace and the relationship between sandbox containers, which ns are shared, involve the problem of incomplete isolation of containers
  • The difference between cgroup v1 and v2, the principle of cpu/mem limit, how to bind cpu core

• 02 Container mirroring: mirroring is not the patent of docker

  • The OCI (Open Container Initiative) specification is the de facto container standard and has been adopted by most container implementations and container orchestration systems.
  • Any tool that implements the OCI specification can mirror

  • The specification requires the mirror content to include the following parts:

    • 3 required

      • Image Manifest : Provides image configuration and file system layer location information, which can be regarded as an image directory, and the file format is json.
      • Image Layer Filesystem Changeset : Filesystem and filesystem changes after serialization, which can be applied layer by layer as the rootfs of a container in sequence, so it is often referred to as a layer (synonymous with the image layer mentioned below) ), the file format can be an archive or compressed format such as tar, gzip, etc.
      • Image Configuration : Contains the execution parameters used by the image at runtime and the ordered rootfs change information. The file type is json.

    • 1 optional

      • image-index : An image index is a higher-level manifest that points to a specific image manifest, ideal for one or more platforms

• 03 Container Union File System: Understanding of overlayfs
  

  • There are three layers corresponding to the container running:

    • image layer (read-only), the layer of the image
    • Some configuration files written by the init layer container at startup, before the container layer
    • The new writable layer of container layer

  • copy on write technology

    • The advantage is to reduce the size of the image and improve the startup speed.
    • The disadvantage is that the writing speed is slow, so it is not suitable for a large number of file reading and writing in the container layer, and Volume should be used

• 04 The container runtime CRI mainly includes two gRPC services, ImageService and RuntimeService
  

  • grpc service analysis

    • The ImageService service is mainly for operations such as pulling images, viewing and deleting images.
    • RuntimeService is used to manage the life cycle of Pods and containers, as well as operations such as calls (exec/attach/port-forward) that interact with containers
    • Interactive services such as Exec can also be made separately as a StreamService

  • low/high level container runtime

    • Such as runc, lxc, containerd, docker, libcontainerd What is the difference between them
  • What are the components of docker split into and what are they all responsible for?

02 k8s calculation

• 01 General operations of built-in resources

  • deployment、statefulset、daemonset、job
  • Expansion/shrinking: the realization and purpose of slowBatchStart to create pods
  • Update Strategy: Rolling Updates vs Expose Rebuilds
  • Deletion Strategy: Cascading Deletion vs Keeping Pods

• 02 The relationship between several containers in k8s-pod
  

  • what did the sandbox do?
  • The purpose and application scenarios of the init container
  • The startup process of the app container: internal hooks and lifecycle hooks exposed to users
  • The role of the three probes
  • The summary is the life cycle of the pod, the startup sequence of several containers, the role of several hooks, and finally the probe

• 03 The topology manager kubelet multiple resource managers independently allocate resources and lack a unified perspective

  • When allocating devices to pods, various resource managers work independently and do not have a global concept, which may cause unreasonable resource allocation.
  • Topology Manager is to provide a global perspective, in order to try to allocate resources under the same numa node to improve performance

• 04 The relationship between the three QOS of pod and cpu memory resources

  • Settings for different qos oom_score_adj values
  • The relationship between qos and the resource shared pool involves the numa setting of the cpu/mem manager behind

• 05 The process of kubelet calling CRI and the wonderful existence of docker-shim
  

  • How does k8s paralyze docker
  • Formulation of OCI Standards

03 k8s storage

• 01 Common volume types
• 02 The principle of hot loading of configMap and secret

• 03 Dynamic and static PV and StorageClass dynamically generate PV

  • The interaction between PV and PVC follows this lifecycle: supply --> bind --> use --> release --> cycle
  • As the number of PVs increases, administrators need to constantly define the number of PVs, which leads to the dynamic generation of PVs through StorageClass.
  • The StorageClass declares the storage capacity in the PVC and calls the underlying provider to generate the PV.
• 04 The process of kubelet volume-manager mounting volume

• 05 CSI plug-in

  • Dynamic Provisioner Mechanism

04 k8s network

• 01 Kubernetes needs to solve 4 communication modes:

  1. Container-to-container communication
  2. Pod-to-Pod communication
  3. Communication between Pod and Service
  4. Communication between Internet and Service
• 02 svc 4 load balancing modes: In fact, to put it bluntly, who will forward the traffic
• 03 Service discovery of svc: dns and environment variables

• 03 How iptables forwards svc traffic:

  • Data flow of several KUBE-XXX chains

• 04 Can the cluster-ip of svc be pinged:

  • Need to divide the situation, such as iptables rejected the icmp message
• 05 cni plugin: the difference between calico and Flannel

• 06 ingress mechanism: the principle can be simplified as nginx + service discovery + hot update

  • traefik source code interpretation
• 07 The real production use of headless services

05 The plug-in mechanism of k8s

• 01 Admission controller: can inject sidecar or do vpa expansion

  • What is the data request process like?
• 02 CRI, CSI, CNI are the computing storage network plug-in mechanism provided by k8s to third-party implementers

• 03 Aggregation plugin for apiserver, easy to extend API: typical applications metrics.k8s.io and custom.metrics.k8s.io

  • How do you understand the source code?

• 04 kubelet's device-plugins device plug-in mechanism is convenient for accessing devices such as nvidia GPUs: grpc registers the device and grpc server provides device management

  • How to register and manage grpc

• 05 Strictly speaking, the operator mode of crd+controller is also considered

  • How to write reconcile tuning

06 Control plane source code understanding of k8s

• 01 Flow of pod creation process between control plane components

• 02 The role of informer mechanism

  • Messaging middleware? Reduce the pressure on etcd
• 03 Leader election main mechanism

• 04 syncLoop big loop in kubelet

  • 5 types of event loop 7 chan

• 05 syncXXX process of each controller

  • A sync process where both reading and writing are mixed together

• 06 Various resource managers in kubelet

  • How statusManger synchronizes status
  • How containerManger limits ephemeral storage
  • How EvictionManager works in source code

• 07 apiserver

  • Certification
  • Authentication: rbac source code
  • Admission: mutate vs validate, and of course webhooks
  • speed limit
  • event broadcast mechanism

07 k8s orchestration

• 01 cpu-based hpa: fast up and slow down

  • How to do fast up and down fast
• 02 Mem-based hpa: how to interact with metrics-server, involving the aggregation plug-in of apiserver

• 03 vpa based on prometheus-operator

  • Process of custom.metrics.k8s.io apigroup
  • Why do you need access to the admission controller?
  • Interpretation of Recommender, updater, admission-controller source code for vertical-pod-autoscaler source code reading

• 04 Source code understanding of metrics-server and the principle of kubelet top

  • Where does the underlying data come from
  • how to store
  • how to calculate cpu rate

08 k8s crd development

• 01 Why crd: Encapsulate basic objects to complete rapid deployment of distributed/stateful services
• 02 CRD development process: Define CRD and implement the specific logic of controller reconcile, and leave the rest to the code generation tool

09 Monitoring of k8s

• 01 metrics , that's not to say that it must be prometheus, then prometheus on k8s has too many solutions

  • How to choose storage
  • What are the principles and tips in kube-prometheus
• 02 logging
• 03 event