Download presentation
Presentation is loading. Please wait.
1
OpenStack Meetup Kubernetes Design&Practice, Problem&Solution 旧金山 | 东京 | 上海 | 柏林 www.yeahmobi.com 高正 2015.04.26
2
@YeahMobi @YeahMobiInc @YeahMobi YeahMobi in 旧金山 | 东京 | 上海 | 柏林 www.yeahmobi.com 个人简介 2010 年毕业于南京大学计算机系,硕士。 先后在腾讯、 IBM 工作,现任职 NDP Media PaaS 架构师。在基于智 能 DNS 的接入层全局负载均衡领域有着丰富的经验。 2013 年开始从事 OpenStack 相关工作,主要研究 Nova 、 Heat ,目前 聚焦于通过 Docker 、 Kubernetes 等技术构建 PaaS ,为 CI/CD/BU 提供 支撑服务。
3
@YeahMobi @YeahMobiInc @YeahMobi YeahMobi in 旧金山 | 东京 | 上海 | 柏林 www.yeahmobi.com Release/Roadmap NOT stable CLI/API/Conf/Design Doc Program VS Product Docker v1.0.0 2014/06/09 K8s v0.2 2014/09/09 K8s v0.9.3 2015/01/30 K8s v0.15.0 2015/04/14 K8s v1.0.0 Q2?
4
@YeahMobi @YeahMobiInc @YeahMobi YeahMobi in 旧金山 | 东京 | 上海 | 柏林 www.yeahmobi.com Basic concepts http://blog.csdn.net/zhangjun2915/article/details/40598151
5
@YeahMobi @YeahMobiInc @YeahMobi YeahMobi in 旧金山 | 东京 | 上海 | 柏林 www.yeahmobi.com Basic concepts http://blog.csdn.net/zhangjun2915/article/details/40598151 zone=zone1 rack=rack1 name=node1 zone=zone1 rack=rack1 name=node2 zone=zone2 rack=rack2 name=node3 node1node2node3 rack1rack2 zone1 zone2 /
6
@YeahMobi @YeahMobiInc @YeahMobi YeahMobi in 旧金山 | 东京 | 上海 | 柏林 www.yeahmobi.com Security Https Authentication Authorization
7
@YeahMobi @YeahMobiInc @YeahMobi YeahMobi in 旧金山 | 东京 | 上海 | 柏林 www.yeahmobi.com Multiple tenants namespace user policy admission Control NamespaceExists/NamespaceAutoProvision AlwaysDeny/AlwaysAdmit/ABAC ResourceQuota LimitRanger In design Dynamic token assign Token expiration API instead of file More features Hierarchical namespace/role
8
@YeahMobi @YeahMobiInc @YeahMobi YeahMobi in 旧金山 | 东京 | 上海 | 柏林 www.yeahmobi.com Scheduler Predicates volume disk port node select labels resource request cpu Memory no overcommit ratio Priority Infrastructure level LeastRequestedPriority Score = (Sum(requested cpu)/Capacity + Sum(requested memory)/Capacity) * 50 BalancedResourceAllocation score = 10 - abs(cpuFraction-memoryFraction)*10 Service level ServiceSpread ServiceAntiAffinity node1node2node3 rack1rack2 P1P1P2P2P3P3P4P4
9
@YeahMobi @YeahMobiInc @YeahMobi YeahMobi in 旧金山 | 东京 | 上海 | 柏林 www.yeahmobi.com Service discovery PortalIP PublicIP SkyDNS https://github.com/GoogleCloudPlatform/kubernetes/blob/master/docs/services_detail.png
10
@YeahMobi @YeahMobiInc @YeahMobi YeahMobi in 旧金山 | 东京 | 上海 | 柏林 www.yeahmobi.com Service discovery curl 172.21.241.170:28080 curl 10.1.2.3:28080 curl 10.1.2.5:45867 curl 54.1.2.3:28080
11
@YeahMobi @YeahMobiInc @YeahMobi YeahMobi in 旧金山 | 东京 | 上海 | 柏林 www.yeahmobi.com Capacity for V1.0 100 nodes 30-50 pods per node 1s scheduling time (99%) 1s API response (99%)
12
@YeahMobi @YeahMobiInc @YeahMobi YeahMobi in 旧金山 | 东京 | 上海 | 柏林 www.yeahmobi.com GUI
13
@YeahMobi @YeahMobiInc @YeahMobi YeahMobi in 旧金山 | 东京 | 上海 | 柏林 www.yeahmobi.com Problems - Network Flannel isolation per namespace Neutron https://coreos.com/blog/introducing-rudder/
14
@YeahMobi @YeahMobiInc @YeahMobi YeahMobi in 旧金山 | 东京 | 上海 | 柏林 www.yeahmobi.com Problems - Single point of registry GUI (Read-Only) Docker push/pullCurl Registry1 Registry2 S3 VIP: 172.21.0.50 service RC Reg-proxy RC VIP: 172.21.0.43 service Reg-UI RC VIP: 172.21.0.43 service Service: Total entry; LB RC (Replication Controller): Auto Recovery in 2s; HA; Docker Hub deployment on AWS us-east-1
15
@YeahMobi @YeahMobiInc @YeahMobi YeahMobi in 旧金山 | 东京 | 上海 | 柏林 www.yeahmobi.com Problems - Service dependence Requirements create all components of App component delete rolling update Proposal heat depends_on check_complete k8s lifecycle postStartpreStop Liveness http get Local port probe script readiness
16
@YeahMobi @YeahMobiInc @YeahMobi YeahMobi in 旧金山 | 东京 | 上海 | 柏林 www.yeahmobi.com 旧金山 | 东京 | 上海 | 柏林 www.yeahmobi.com @YeahMobi @YeahMobiInc @YeahMobi YeahMobi in Thanks!
Similar presentations
