Kubernetes on Rickyhttps://linzeyan.github.io/zh-tw/categories/kubernetes/Recent content in Kubernetes on RickyHugo -- gohugo.iozh-twWed, 04 Oct 2023 09:06:00 +0800Container security fundamentalshttps://linzeyan.github.io/zh-tw/posts/2023/20231004-container/Wed, 04 Oct 2023 09:06:00 +0800https://linzeyan.github.io/zh-tw/posts/2023/20231004-container/<ul> <li><a href="https://securitylabs.datadoghq.com/articles/container-security-fundamentals-part-1/" target="_blank" rel="noopener">Container security fundamentals: Exploring containers as processes</a></li> <li><a href="https://securitylabs.datadoghq.com/articles/container-security-fundamentals-part-2/" target="_blank" rel="noopener">Container security fundamentals part 2: Isolation &amp; namespaces</a></li> <li><a href="https://securitylabs.datadoghq.com/articles/container-security-fundamentals-part-3/" target="_blank" rel="noopener">Container security fundamentals part 3: Capabilities</a></li> <li><a href="https://securitylabs.datadoghq.com/articles/container-security-fundamentals-part-4/" target="_blank" rel="noopener">Container security fundamentals part 4: Cgroups</a></li> <li><a href="https://securitylabs.datadoghq.com/articles/container-security-fundamentals-part-5/" target="_blank" rel="noopener">Container security fundamentals part 5: AppArmor and SELinux</a></li> <li><a href="https://securitylabs.datadoghq.com/articles/container-security-fundamentals-part-6/" target="_blank" rel="noopener">Container security fundamentals part 6: seccomp </a></li> </ul>調整系統使得 EMQX 可以支援 1M 連線https://linzeyan.github.io/zh-tw/posts/2023/20230927-mqtt/Wed, 27 Sep 2023 10:36:00 +0800https://linzeyan.github.io/zh-tw/posts/2023/20230927-mqtt/<ul> <li><a href="https://www.infracloud.io/blogs/scale-emqx-one-million-connections-kubernetes/" target="_blank" rel="noopener">Tuning EMQX to Scale to One Million Concurrent Connection on Kubernetes</a></li> <li><a href="https://www.emqx.io/docs/en/v5.2/performance/tune.html#linux-kernel-tuning" target="_blank" rel="noopener">Performance Tuning (Linux)</a></li> <li><a href="https://www.facebook.com/technologynoteniu/posts/pfbid02ntZshJdTEHLhnkb4hATadU8qGdzB45T2AdmCqtx73oegqrCLNRTKJwkYNZkVNLMsl" target="_blank" rel="noopener">矽谷牛的耕田筆記</a></li> </ul> <h3 id="linux-kernel-tuning">Linux Kernel Tuning</h3> <ul> <li>node level, basically the non-namespaced sysctls</li> </ul> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span><span style="color:#75715e"># Sets the maximum number of file handles allowed by the kernel</span> </span></span><span style="display:flex;"><span>sysctl -w fs.file-max<span style="color:#f92672">=</span><span style="color:#ae81ff">2097152</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># Sets the maximum number of open file descriptors that a process can have</span> </span></span><span style="display:flex;"><span>sysctl -w fs.nr_open<span style="color:#f92672">=</span><span style="color:#ae81ff">2097152</span> </span></span></code></pre></div><ul> <li>namespaced sysctls</li> </ul> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span><span style="color:#75715e"># Sets the maximum number of connections that can be queued for acceptance by the kernel.</span> </span></span><span style="display:flex;"><span>sysctl -w net.core.somaxconn<span style="color:#f92672">=</span><span style="color:#ae81ff">32768</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># Sets the maximum number of SYN requests that can be queued by the kernel</span> </span></span><span style="display:flex;"><span>sysctl -w net.ipv4.tcp_max_syn_backlog<span style="color:#f92672">=</span><span style="color:#ae81ff">16384</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># Setting the minimum, default and maximum size of TCP Buffer</span> </span></span><span style="display:flex;"><span>sysctl -w net.ipv4.tcp_rmem<span style="color:#f92672">=</span><span style="color:#e6db74">&#39;1024 4096 16777216&#39;</span> </span></span><span style="display:flex;"><span>sysctl -w net.ipv4.tcp_wmem<span style="color:#f92672">=</span><span style="color:#e6db74">&#39;1024 4096 16777216&#39;</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># Setting Parameters for TCP Connection Tracking</span> </span></span><span style="display:flex;"><span>sysctl -w net.netfilter.nf_conntrack_tcp_timeout_time_wait<span style="color:#f92672">=</span><span style="color:#ae81ff">30</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># Controls the maximum number of entries in the TCP time-wait bucket table</span> </span></span><span style="display:flex;"><span>sysctl -w net.ipv4.tcp_max_tw_buckets<span style="color:#f92672">=</span><span style="color:#ae81ff">1048576</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># Controls Timeout for FIN-WAIT-2 Sockets:</span> </span></span><span style="display:flex;"><span>sysctl -w net.ipv4.tcp_fin_timeout<span style="color:#f92672">=</span><span style="color:#ae81ff">15</span> </span></span></code></pre></div><ul> <li>There are some more namespaced sysctls that will improve the performance but because of an active issue we are not able to set them on the container level</li> </ul> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span><span style="color:#75715e"># Sets the size of the backlog queue for the network device</span> </span></span><span style="display:flex;"><span>sysctl -w net.core.netdev_max_backlog<span style="color:#f92672">=</span><span style="color:#ae81ff">16384</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># Amount of memory that is allocated for storing incoming and outgoing data for a socket</span> </span></span><span style="display:flex;"><span>sysctl -w net.core.rmem_default<span style="color:#f92672">=</span><span style="color:#ae81ff">262144</span> </span></span><span style="display:flex;"><span>sysctl -w net.core.wmem_default<span style="color:#f92672">=</span><span style="color:#ae81ff">262144</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># Setting the maximum amount of memory for the socket buffers</span> </span></span><span style="display:flex;"><span>sysctl -w net.core.rmem_max<span style="color:#f92672">=</span><span style="color:#ae81ff">16777216</span> </span></span><span style="display:flex;"><span>sysctl -w net.core.wmem_max<span style="color:#f92672">=</span><span style="color:#ae81ff">16777216</span> </span></span><span style="display:flex;"><span>sysctl -w net.core.optmem_max<span style="color:#f92672">=</span><span style="color:#ae81ff">16777216</span> </span></span></code></pre></div><h3 id="erlang-vm-tuning">Erlang VM Tuning</h3> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span><span style="color:#75715e">## Erlang Process Limit</span> </span></span><span style="display:flex;"><span>node.process_limit <span style="color:#f92672">=</span> <span style="color:#ae81ff">2097152</span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e">## Sets the maximum number of simultaneously existing ports for this system</span> </span></span><span style="display:flex;"><span>node.max_ports <span style="color:#f92672">=</span> <span style="color:#ae81ff">2097152</span> </span></span></code></pre></div><h3 id="emqx-broker-tuning">EMQX Broker Tuning</h3> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span><span style="color:#75715e"># Other configuration…</span> </span></span><span style="display:flex;"><span><span style="color:#f92672">EMQX_LISTENER__TCP__EXTERNAL</span>: <span style="color:#e6db74">&#34;0.0.0.0:1883&#34;</span> </span></span><span style="display:flex;"><span><span style="color:#f92672">EMQX_LISTENER__TCP__EXTERNAL__ACCEPTORS</span>: <span style="color:#ae81ff">64</span> </span></span><span style="display:flex;"><span><span style="color:#f92672">EMQX_LISTENER__TCP__EXTERNAL__MAX_CONNECTIONS</span>: <span style="color:#ae81ff">1024000</span> </span></span></code></pre></div>Argo CD ApplicationSet Controller: 世界為我而轉動!https://linzeyan.github.io/zh-tw/posts/2021/20211227-argo-cd-applicationset-controller/Mon, 27 Dec 2021 09:41:03 +0800https://linzeyan.github.io/zh-tw/posts/2021/20211227-argo-cd-applicationset-controller/<ul> <li><a href="https://medium.com/starbugs/argo-cd-applicationset-controller-%E4%B8%96%E7%95%8C%E7%82%BA%E6%88%91%E8%80%8C%E8%BD%89%E5%8B%95-a837f9392298" target="_blank" rel="noopener">Argo CD ApplicationSet Controller: 世界為我而轉動!</a></li> <li><a href="https://github.com/argoproj/argo-cd" target="_blank" rel="noopener">Argo CD</a></li> </ul> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span><span style="color:#75715e"># 安裝 kind,其他平台安裝方式請參閱官方文件</span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># 用來運行輕量 K8s Cluster 於本地端</span> </span></span><span style="display:flex;"><span>~$ brew install kind </span></span><span style="display:flex;"><span><span style="color:#75715e"># 安裝 kubectx,其他平台安裝方式請參閱官方文件</span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># 用來方便切換不同 k8s context</span> </span></span><span style="display:flex;"><span>~$ brew install kubectx </span></span><span style="display:flex;"><span><span style="color:#75715e"># 安裝 helm,其他平台安裝方式請參閱官方文件</span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># K8s 套件管理工具</span> </span></span><span style="display:flex;"><span>~$ brew install helm </span></span><span style="display:flex;"><span><span style="color:#75715e"># 安裝 kubectl, 其他平台安裝方式請參閱官方文件</span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># 用來與 K8s Cluster API Server 溝通</span> </span></span><span style="display:flex;"><span>~$ brew install kubectl </span></span><span style="display:flex;"><span><span style="color:#75715e"># 安裝 argocd cli, 其他平台安裝方式請參閱官方文件</span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># 用來與 Argo CD 溝通</span> </span></span><span style="display:flex;"><span>~$ brew install argocd </span></span></code></pre></div>【理解 Cilium 系列文章】(一) 初識 Ciliumhttps://linzeyan.github.io/zh-tw/posts/2021/20211221-understanding-cilium/Tue, 21 Dec 2021 13:04:38 +0800https://linzeyan.github.io/zh-tw/posts/2021/20211221-understanding-cilium/<ul> <li><a href="https://www.gushiciku.cn/pl/geTr/zh-hk" target="_blank" rel="noopener">【理解 Cilium 系列文章】(一) 初識 Cilium</a></li> </ul> <h4 id="當前-k8s-service-負載均衡的實現現狀">當前 k8s Service 負載均衡的實現現狀</h4> <p>在 Cilium 出現之前, Service 由 kube-proxy 來實現,實現方式有 userspace , iptables , ipvs 三種模式。</p> <h5 id="userspace">Userspace</h5> <p>當前模式下,kube-proxy 作為反向代理,監聽隨機端口,通過 iptables 規則將流量重定向到代理端口,再由 kube-proxy 將流量轉發到 後端 pod。Service 的請求會先從用户空間進入內核 iptables,然後再回到用户空間,代價較大,性能較差。</p> <h5 id="iptables">Iptables</h5> <p>存在的問題:</p> <p>1.可擴展性差。隨着 service 數據達到數千個,其控制面和數據面的性能都會急劇下降。原因在於 iptables 控制面的接口設計中,每添加一條規則,需要遍歷和修改所有的規則,其控制面性能是 O(n²) 。在數據面,規則是用鏈表組織的,其性能是 O(n)</p> <p>2.LB 調度算法僅支持隨機轉發</p> <h5 id="ipvs-模式">Ipvs 模式</h5> <p>IPVS 是專門為 LB 設計的。它用 hash table 管理 service,對 service 的增刪查找都是 O(1)的時間複雜度。不過 IPVS 內核模塊沒有 SNAT 功能,因此借用了 iptables 的 SNAT 功能。</p> <p>IPVS 針對報文做 DNAT 後,將連接信息保存在 nf_conntrack 中,iptables 據此接力做 SNAT。該模式是目前 Kubernetes 網絡性能最好的選擇。但是由於 nf_conntrack 的複雜性,帶來了很大的性能損耗。騰訊針對該問題做過相應的優化 【繞過 conntrack,使用 eBPF 增強 IPVS 優化 K8s 網絡性能】</p>不使用 kube-proxy 的 Kuberneteshttps://linzeyan.github.io/zh-tw/posts/2021/20211220-kubeproxy-free/Mon, 20 Dec 2021 17:57:13 +0800https://linzeyan.github.io/zh-tw/posts/2021/20211220-kubeproxy-free/<ul> <li><a href="https://docs.cilium.io/en/v1.9/gettingstarted/kubeproxy-free/" target="_blank" rel="noopener">不使用 kube-proxy 的 Kubernetes</a></li> </ul> <h4 id="快速開始">快速開始</h4> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>kubeadm init --skip-phases<span style="color:#f92672">=</span>addon/kube-proxy </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># 設定 Helm 倉庫</span> </span></span><span style="display:flex;"><span>helm repo add cilium https://helm.cilium.io/ </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>helm install cilium cilium/cilium --version 1.9.18 <span style="color:#ae81ff">\ </span></span></span><span style="display:flex;"><span><span style="color:#ae81ff"></span> --namespace kube-system <span style="color:#ae81ff">\ </span></span></span><span style="display:flex;"><span><span style="color:#ae81ff"></span> --set kubeProxyReplacement<span style="color:#f92672">=</span>strict <span style="color:#ae81ff">\ </span></span></span><span style="display:flex;"><span><span style="color:#ae81ff"></span> --set k8sServiceHost<span style="color:#f92672">=</span>REPLACE_WITH_API_SERVER_IP <span style="color:#ae81ff">\ </span></span></span><span style="display:flex;"><span><span style="color:#ae81ff"></span> --set k8sServicePort<span style="color:#f92672">=</span>REPLACE_WITH_API_SERVER_PORT </span></span></code></pre></div>Linkerd 2.8 - 實現超級簡單又安全的多叢集(multicluster) Kubernetes 架構https://linzeyan.github.io/zh-tw/posts/2021/20211209-linkerd-multi-kubernetes-cluster-feature-overview/Thu, 09 Dec 2021 09:25:44 +0800https://linzeyan.github.io/zh-tw/posts/2021/20211209-linkerd-multi-kubernetes-cluster-feature-overview/<ul> <li><a href="https://rammusxu.github.io/2020/07/28/Linkerd-Multi-Kubernetes-Cluster-Feature-Overview/" target="_blank" rel="noopener">Linkerd 2.8 - 實現超級簡單又安全的多叢集(multicluster) Kubernetes 架構</a></li> </ul>Day 28 - Kubernetes 第三方好用工具介紹https://linzeyan.github.io/zh-tw/posts/2021/20211202-10252675/Thu, 02 Dec 2021 13:28:09 +0800https://linzeyan.github.io/zh-tw/posts/2021/20211202-10252675/<ul> <li><a href="https://ithelp.ithome.com.tw/articles/10252675" target="_blank" rel="noopener">Day 28 - Kubernetes 第三方好用工具介紹</a></li> </ul> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-shell" data-lang="shell"><span style="display:flex;"><span>$ kubectl get pods </span></span><span style="display:flex;"><span>NAME READY STATUS RESTARTS AGE </span></span><span style="display:flex;"><span>ithome-6564f65698-947rv 1/1 Running <span style="color:#ae81ff">0</span> 84s </span></span><span style="display:flex;"><span>ithome-6564f65698-fglr9 1/1 Running <span style="color:#ae81ff">0</span> 84s </span></span><span style="display:flex;"><span>ithome-6564f65698-k5wtg 1/1 Running <span style="color:#ae81ff">0</span> 84s </span></span><span style="display:flex;"><span>ithome-6564f65698-rrvk4 1/1 Running <span style="color:#ae81ff">0</span> 84s </span></span><span style="display:flex;"><span>ithome-6564f65698-zhwlj 1/1 Running <span style="color:#ae81ff">0</span> 84s </span></span></code></pre></div><h4 id="sternkail"><a href="https://github.com/wercker/stern" target="_blank" rel="noopener">Stern</a>/Kail</h4> <blockquote> <p>創建出來的 Pod 名稱上面都會有一些不好閱讀的亂數</p> <p>如果使用 kubectl 來觀察個別 Pod 的 log 就必須要於不同的 pod 之間來回切換</p> <p>這方面的工具滿多的,譬如 Stern, Kube-tail, Kail 等都可以</p></blockquote> <p>上述範例會有五個 pod,而且這五個 pod 的名稱都是 ithome 開頭,因此我可以直接用 <code>stern ithom</code> 的方式來抓取這些 pod 的資訊,結果如下圖</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-bash" data-lang="bash"><span style="display:flex;"><span>$ stern ithome </span></span><span style="display:flex;"><span>... </span></span><span style="display:flex;"><span>ithome-6564f65698-zhwlj netutils Hello! <span style="color:#ae81ff">369</span> secs elapsed... </span></span><span style="display:flex;"><span>ithome-6564f65698-fglr9 netutils Hello! <span style="color:#ae81ff">369</span> secs elapsed... </span></span><span style="display:flex;"><span>ithome-6564f65698-947rv netutils Hello! <span style="color:#ae81ff">367</span> secs elapsed... </span></span><span style="display:flex;"><span>ithome-6564f65698-k5wtg netutils Hello! <span style="color:#ae81ff">368</span> secs elapsed... </span></span><span style="display:flex;"><span>ithome-6564f65698-rrvk4 netutils Hello! <span style="color:#ae81ff">369</span> secs elapsed... </span></span><span style="display:flex;"><span>ithome-6564f65698-zhwlj netutils Hello! <span style="color:#ae81ff">370</span> secs elapsed... </span></span><span style="display:flex;"><span>ithome-6564f65698-fglr9 netutils Hello! <span style="color:#ae81ff">370</span> secs elapsed... </span></span><span style="display:flex;"><span>ithome-6564f65698-947rv netutils Hello! <span style="color:#ae81ff">368</span> secs elapsed... </span></span><span style="display:flex;"><span>ithome-6564f65698-k5wtg netutils Hello! <span style="color:#ae81ff">370</span> secs elapsed... </span></span><span style="display:flex;"><span>ithome-6564f65698-rrvk4 netutils Hello! <span style="color:#ae81ff">370</span> secs elapsed... </span></span><span style="display:flex;"><span>ithome-6564f65698-zhwlj netutils Hello! <span style="color:#ae81ff">371</span> secs elapsed... </span></span><span style="display:flex;"><span>ithome-6564f65698-fglr9 netutils Hello! <span style="color:#ae81ff">371</span> secs elapsed... </span></span><span style="display:flex;"><span>ithome-6564f65698-947rv netutils Hello! <span style="color:#ae81ff">369</span> secs elapsed... </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span>ithome-6564f65698-k5wtg netutils Hello! <span style="color:#ae81ff">371</span> secs elapsed... </span></span><span style="display:flex;"><span>ithome-6564f65698-rrvk4 netutils Hello! <span style="color:#ae81ff">371</span> secs elapsed... </span></span><span style="display:flex;"><span>ithome-6564f65698-zhwlj netutils Hello! <span style="color:#ae81ff">372</span> secs elapsed... </span></span><span style="display:flex;"><span>ithome-6564f65698-fglr9 netutils Hello! <span style="color:#ae81ff">372</span> secs elapsed... </span></span><span style="display:flex;"><span>^C </span></span></code></pre></div><h4 id="k9s">K9S</h4> <blockquote> <p>過往總是透過 kubectl 指令於各個資源,各 namespace 間切來切去,特別是要使用 <code>exec</code>, <code>get</code>, <code>describe</code>, <code>logs</code>, <code>delete</code> 等指令時,常常打的手忙腳亂或是覺得心累,有這種困擾的人可以考慮使用看看 k9s 這個工具</p>[Kubernetes] Service Overviewhttps://linzeyan.github.io/zh-tw/posts/2021/20211124-k8s-service-overview/Wed, 24 Nov 2021 14:00:45 +0800https://linzeyan.github.io/zh-tw/posts/2021/20211124-k8s-service-overview/<ul> <li><a href="https://godleon.github.io/blog/Kubernetes/k8s-Service-Overview/" target="_blank" rel="noopener">[Kubernetes] Service Overview</a></li> </ul> <h3 id="定義-service">定義 Service</h3> <h4 id="搭配-selector">搭配 selector</h4> <blockquote> <p>由於要先有 Pod 才會有定義 Service 的需求,因此假設 k8s 中已經有一些 Pod 的存在(同時對外開放 TCP port 9376),並帶有 app=MyApp 的 label,此時就可以定義一個 Service 來作為這些 pod 前方的抽象層,透過 domain name 的方式提供服務</p></blockquote> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-yaml" data-lang="yaml"><span style="display:flex;"><span><span style="color:#f92672">kind</span>: <span style="color:#ae81ff">Service</span> </span></span><span style="display:flex;"><span><span style="color:#f92672">apiVersion</span>: <span style="color:#ae81ff">v1</span> </span></span><span style="display:flex;"><span><span style="color:#f92672">metadata</span>: </span></span><span style="display:flex;"><span> <span style="color:#f92672">name</span>: <span style="color:#ae81ff">my-service</span> </span></span><span style="display:flex;"><span><span style="color:#f92672">spec</span>: </span></span><span style="display:flex;"><span> <span style="color:#75715e"># type 一共有四種(ClusterIP, NodePort, LoadBalancer, ExternalName)</span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># 預設是 ClusterIP</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">type</span>: <span style="color:#ae81ff">ClusterIP</span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># 選擇帶有 &#34;app=MyApp&#34; 的 pod</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">selector</span>: </span></span><span style="display:flex;"><span> <span style="color:#f92672">app</span>: <span style="color:#ae81ff">MyApp</span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># Service 實際對外服務的設定</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">ports</span>: </span></span><span style="display:flex;"><span> - <span style="color:#f92672">protocol</span>: <span style="color:#ae81ff">TCP</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">port</span>: <span style="color:#ae81ff">80</span> </span></span><span style="display:flex;"><span> <span style="color:#75715e"># 此為 Pod 對外開放的 port number</span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">targetPort</span>: <span style="color:#ae81ff">9376</span> </span></span></code></pre></div><p><code>Pod &lt;---&gt; Endpoint(tcp:9376) &lt;---&gt; Service(tcp:80, with VIP)</code></p>应大多数人要求写下kubeadm的基础使用https://linzeyan.github.io/zh-tw/posts/2020/20200324-kubeadm-base-use/Tue, 24 Mar 2020 16:00:34 +0800https://linzeyan.github.io/zh-tw/posts/2020/20200324-kubeadm-base-use/<ul> <li><a href="https://zhangguanzhang.github.io/2019/11/24/kubeadm-base-use/" target="_blank" rel="noopener">应大多数人要求写下 kubeadm 的基础使用</a></li> <li><a href="https://blog.frognew.com/2018/10/kubernetes-kube-proxy-enable-ipvs.html" target="_blank" rel="noopener">Kubernetes 从 1.10 到 1.11 升级记录(续):Kubernetes kube-proxy 开启 IPVS 模式</a></li> <li><a href="https://lingxiankong.github.io/2018-07-20-katacontainer-docker-k8s.html" target="_blank" rel="noopener">Katacontainers 与 Docker 和 Kubernetes 的集成</a></li> </ul>白話 Kubernetes Runtimehttps://linzeyan.github.io/zh-tw/posts/2019/20190613-k8s-runtime/Thu, 13 Jun 2019 11:28:26 +0800https://linzeyan.github.io/zh-tw/posts/2019/20190613-k8s-runtime/<ul> <li><a href="https://mp.weixin.qq.com/s?__biz=Mzg5Mjc3MjIyMA==&amp;mid=2247543594&amp;idx=1&amp;sn=9083cff79ca7f5fb9d6fee08d1144989&amp;source=41&amp;poc_token=HL8MZmmjq-HF5O8fHC711sGwSQ1O9OuO5hGLL_px" target="_blank" rel="noopener">白話 Kubernetes Runtime</a></li> </ul>