Merge pull request #19823 from VineethReddy02/vineeth-merged-master-into-dev-1.18-for-syncup

Merged master into dev-1.18 for syncup
pull/19116/head
Kubernetes Prow Robot 2020-03-24 10:06:45 -07:00 committed by GitHub
commit f115a2bf52
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
64 changed files with 904 additions and 921 deletions

View File

@ -578,6 +578,9 @@ section
li li
display: inline-block display: inline-block
height: 100% height: 100%
margin-right: 10px
&:last-child
margin-right: 0
a a
display: block display: block
@ -598,11 +601,11 @@ section
#vendorStrip #vendorStrip
line-height: 44px line-height: 44px
max-width: 100% max-width: 100%
overflow-x: auto
-webkit-overflow-scrolling: touch -webkit-overflow-scrolling: touch
ul ul
float: none float: none
overflow-x: auto
#searchBox #searchBox
float: none float: none
@ -1052,6 +1055,9 @@ dd
a.issue a.issue
margin-left: 0px margin-left: 0px
.gridPageHome .flyout-button
display: none
.feedback--no .feedback--no
margin-left: 1em margin-left: 1em

View File

@ -3,7 +3,7 @@ title: Kubernetes Dokumentation
noedit: true noedit: true
cid: docsHome cid: docsHome
layout: docsportal_home layout: docsportal_home
class: gridPage class: gridPage gridPageHome
linkTitle: "Home" linkTitle: "Home"
main_menu: true main_menu: true
weight: 10 weight: 10

View File

@ -68,13 +68,7 @@ resource requests/limits of that type for each Container in the Pod.
## Meaning of CPU ## Meaning of CPU
Limits and requests for CPU resources are measured in *cpu* units. Limits and requests for CPU resources are measured in *cpu* units.
One cpu, in Kubernetes, is equivalent to: One cpu, in Kubernetes, is equivalent to **1 vCPU/Core** for cloud providers and **1 hyperthread** on bare-metal Intel processors.
- 1 AWS vCPU
- 1 GCP Core
- 1 Azure vCore
- 1 IBM vCPU
- 1 *Hyperthread* on a bare-metal Intel processor with Hyperthreading
Fractional requests are allowed. A Container with Fractional requests are allowed. A Container with
`spec.containers[].resources.requests.cpu` of `0.5` is guaranteed half as much `spec.containers[].resources.requests.cpu` of `0.5` is guaranteed half as much

View File

@ -312,6 +312,10 @@ spec:
server: 172.17.0.2 server: 172.17.0.2
``` ```
{{< note >}}
Helper programs relating to the volume type may be required for consumption of a PersistentVolume within a cluster. In this example, the PersistentVolume is of type NFS and the helper program /sbin/mount.nfs is required to support the mounting of NFS filesystems.
{{< /note >}}
### Capacity ### Capacity
Generally, a PV will have a specific storage capacity. This is set using the PV's `capacity` attribute. See the Kubernetes [Resource Model](https://git.k8s.io/community/contributors/design-proposals/scheduling/resources.md) to understand the units expected by `capacity`. Generally, a PV will have a specific storage capacity. This is set using the PV's `capacity` attribute. See the Kubernetes [Resource Model](https://git.k8s.io/community/contributors/design-proposals/scheduling/resources.md) to understand the units expected by `capacity`.

View File

@ -14,10 +14,10 @@ This page gives writing style guidelines for the Kubernetes documentation.
These are guidelines, not rules. Use your best judgment, and feel free to These are guidelines, not rules. Use your best judgment, and feel free to
propose changes to this document in a pull request. propose changes to this document in a pull request.
For additional information on creating new content for the Kubernetes For additional information on creating new content for the Kubernetes
documentation, read the [Documentation Content documentation, read the [Documentation Content
Guide](/docs/contribute/style/content-guide/) and follow the instructions on Guide](/docs/contribute/style/content-guide/) and follow the instructions on
[using page templates](/docs/contribute/style/page-templates/) and [creating a [using page templates](/docs/contribute/style/page-templates/) and [creating a
documentation pull request](/docs/contribute/start/#improve-existing-content). documentation pull request](/docs/contribute/start/#improve-existing-content).
{{% /capture %}} {{% /capture %}}
@ -58,11 +58,11 @@ leads to an awkward construction.
{{< table caption = "Do and Don't - API objects" >}} {{< table caption = "Do and Don't - API objects" >}}
Do | Don't Do | Don't
:--| :----- :--| :-----
The Pod has two containers. | The pod has two containers. The Pod has two containers. | The pod has two containers.
The Deployment is responsible for ... | The Deployment object is responsible for ... The Deployment is responsible for ... | The Deployment object is responsible for ...
A PodList is a list of Pods. | A Pod List is a list of pods. A PodList is a list of Pods. | A Pod List is a list of pods.
The two ContainerPorts ... | The two ContainerPort objects ... The two ContainerPorts ... | The two ContainerPort objects ...
The two ContainerStateTerminated objects ... | The two ContainerStateTerminateds ... The two ContainerStateTerminated objects ... | The two ContainerStateTerminateds ...
{{< /table >}} {{< /table >}}
@ -83,11 +83,11 @@ represents.
Do | Don't Do | Don't
:--| :----- :--| :-----
Click **Fork**. | Click "Fork". Click **Fork**. | Click "Fork".
Select **Other**. | Select "Other". Select **Other**. | Select "Other".
{{< /table >}} {{< /table >}}
### Use italics to define or introduce new terms ### Use italics to define or introduce new terms
{{< table caption = "Do and Don't - Use italics for new terms" >}} {{< table caption = "Do and Don't - Use italics for new terms" >}}
Do | Don't Do | Don't
:--| :----- :--| :-----
@ -102,7 +102,7 @@ Do | Don't
:--| :----- :--| :-----
Open the `envars.yaml` file. | Open the envars.yaml file. Open the `envars.yaml` file. | Open the envars.yaml file.
Go to the `/docs/tutorials` directory. | Go to the /docs/tutorials directory. Go to the `/docs/tutorials` directory. | Go to the /docs/tutorials directory.
Open the `/_data/concepts.yaml` file. | Open the /_data/concepts.yaml file. Open the `/_data/concepts.yaml` file. | Open the /\_data/concepts.yaml file.
{{< /table >}} {{< /table >}}
### Use the international standard for punctuation inside quotes ### Use the international standard for punctuation inside quotes
@ -119,18 +119,18 @@ The copy is called a "fork". | The copy is called a "fork."
### Use code style for inline code and commands ### Use code style for inline code and commands
For inline code in an HTML document, use the `<code>` tag. In a Markdown For inline code in an HTML document, use the `<code>` tag. In a Markdown
document, use the backtick (`). document, use the backtick (`` ` ``).
{{< table caption = "Do and Don't - Use code style for inline code and commands" >}} {{< table caption = "Do and Don't - Use code style for inline code and commands" >}}
Do | Don't Do | Don't
:--| :----- :--| :-----
The `kubectl run`command creates a Deployment. | The "kubectl run" command creates a Deployment. The `kubectl run`command creates a Deployment. | The "kubectl run" command creates a Deployment.
For declarative management, use `kubectl apply`. | For declarative management, use "kubectl apply". For declarative management, use `kubectl apply`. | For declarative management, use "kubectl apply".
Enclose code samples with triple backticks. `(```)`| Enclose code samples with any other syntax. Enclose code samples with triple backticks. (\`\`\`)| Enclose code samples with any other syntax.
Use single backticks to enclose inline code. For example, `var example = true`. | Use two asterisks (**) or an underscore (_) to enclose inline code. For example, **var example = true**. Use single backticks to enclose inline code. For example, `var example = true`. | Use two asterisks (`**`) or an underscore (`_`) to enclose inline code. For example, **var example = true**.
Use triple backticks before and after a multi-line block of code for fenced code blocks. | Use multi-line blocks of code to create diagrams, flowcharts, or other illustrations. Use triple backticks before and after a multi-line block of code for fenced code blocks. | Use multi-line blocks of code to create diagrams, flowcharts, or other illustrations.
Use meaningful variable names that have a context. | Use variable names such as 'foo','bar', and 'baz' that are not meaningful and lack context. Use meaningful variable names that have a context. | Use variable names such as 'foo','bar', and 'baz' that are not meaningful and lack context.
Remove trailing spaces in the code. | Add trailing spaces in the code, where these are important, because the screen reader will read out the spaces as well. Remove trailing spaces in the code. | Add trailing spaces in the code, where these are important, because the screen reader will read out the spaces as well.
{{< /table >}} {{< /table >}}
{{< note >}} {{< note >}}
@ -185,7 +185,7 @@ Do | Don't
Set the value of `imagePullPolicy` to Always. | Set the value of `imagePullPolicy` to "Always". Set the value of `imagePullPolicy` to Always. | Set the value of `imagePullPolicy` to "Always".
Set the value of `image` to nginx:1.16. | Set the value of `image` to `nginx:1.16`. Set the value of `image` to nginx:1.16. | Set the value of `image` to `nginx:1.16`.
Set the value of the `replicas` field to 2. | Set the value of the `replicas` field to `2`. Set the value of the `replicas` field to 2. | Set the value of the `replicas` field to `2`.
{{< /table >}} {{< /table >}}
## Code snippet formatting ## Code snippet formatting
@ -196,7 +196,7 @@ Set the value of the `replicas` field to 2. | Set the value of the `replicas` fi
Do | Don't Do | Don't
:--| :----- :--| :-----
kubectl get pods | $ kubectl get pods kubectl get pods | $ kubectl get pods
{{< /table >}} {{< /table >}}
### Separate commands from output ### Separate commands from output
@ -214,7 +214,7 @@ The output is similar to this:
Code examples and configuration examples that include version information should be consistent with the accompanying text. Code examples and configuration examples that include version information should be consistent with the accompanying text.
If the information is version specific, the Kubernetes version needs to be defined in the `prerequisites` section of the [Task template](/docs/contribute/style/page-templates/#task-template) or the [Tutorial template] (/docs/contribute/style/page-templates/#tutorial-template). Once the page is saved, the `prerequisites` section is shown as **Before you begin**. If the information is version specific, the Kubernetes version needs to be defined in the `prerequisites` section of the [Task template](/docs/contribute/style/page-templates/#task-template) or the [Tutorial template](/docs/contribute/style/page-templates/#tutorial-template). Once the page is saved, the `prerequisites` section is shown as **Before you begin**.
To specify the Kubernetes version for a task or tutorial page, include `min-kubernetes-server-version` in the front matter of the page. To specify the Kubernetes version for a task or tutorial page, include `min-kubernetes-server-version` in the front matter of the page.
@ -251,11 +251,11 @@ Kubernetes | Kubernetes should always be capitalized.
Docker | Docker should always be capitalized. Docker | Docker should always be capitalized.
SIG Docs | SIG Docs rather than SIG-DOCS or other variations. SIG Docs | SIG Docs rather than SIG-DOCS or other variations.
On-premises | On-premises or On-prem rather than On-premise or other variations. On-premises | On-premises or On-prem rather than On-premise or other variations.
{{< /table >}} {{< /table >}}
## Shortcodes ## Shortcodes
Hugo [Shortcodes](https://gohugo.io/content-management/shortcodes) help create different rhetorical appeal levels. Our documentation supports three different shortcodes in this category: **Note** {{</* note */>}}, **Caution** {{</* caution */>}}, and **Warning** {{</* warning */>}}. Hugo [Shortcodes](https://gohugo.io/content-management/shortcodes) help create different rhetorical appeal levels. Our documentation supports three different shortcodes in this category: **Note** `{{</* note */>}}`, **Caution** `{{</* caution */>}}`, and **Warning** `{{</* warning */>}}`.
1. Surround the text with an opening and closing shortcode. 1. Surround the text with an opening and closing shortcode.
@ -275,7 +275,7 @@ The prefix you choose is the same text for the tag.
### Note ### Note
Use {{</* note */>}} to highlight a tip or a piece of information that may be helpful to know. Use `{{</* note */>}}` to highlight a tip or a piece of information that may be helpful to know.
For example: For example:
@ -291,7 +291,7 @@ The output is:
You can _still_ use Markdown inside these callouts. You can _still_ use Markdown inside these callouts.
{{< /note >}} {{< /note >}}
You can use a {{</* note */>}} in a list: You can use a `{{</* note */>}}` in a list:
``` ```
1. Use the note shortcode in a list 1. Use the note shortcode in a list
@ -323,7 +323,7 @@ The output is:
### Caution ### Caution
Use {{</* caution */>}} to call attention to an important piece of information to avoid pitfalls. Use `{{</* caution */>}}` to call attention to an important piece of information to avoid pitfalls.
For example: For example:
@ -341,7 +341,7 @@ The callout style only applies to the line directly above the tag.
### Warning ### Warning
Use {{</* warning */>}} to indicate danger or a piece of information that is crucial to follow. Use `{{</* warning */>}}` to indicate danger or a piece of information that is crucial to follow.
For example: For example:
@ -359,11 +359,11 @@ Beware.
### Katacoda Embedded Live Environment ### Katacoda Embedded Live Environment
This button lets users run Minikube in their browser using the [Katacoda Terminal](https://www.katacoda.com/embed/panel). This button lets users run Minikube in their browser using the [Katacoda Terminal](https://www.katacoda.com/embed/panel).
It lowers the barrier of entry by allowing users to use Minikube with one click instead of going through the complete It lowers the barrier of entry by allowing users to use Minikube with one click instead of going through the complete
Minikube and Kubectl installation process locally. Minikube and Kubectl installation process locally.
The Embedded Live Environment is configured to run `minikube start` and lets users complete tutorials in the same window The Embedded Live Environment is configured to run `minikube start` and lets users complete tutorials in the same window
as the documentation. as the documentation.
{{< caution >}} {{< caution >}}
@ -376,7 +376,7 @@ For example:
{{</* kat-button */>}} {{</* kat-button */>}}
``` ```
The output is: The output is:
{{< kat-button >}} {{< kat-button >}}
@ -391,7 +391,7 @@ For example:
1. Preheat oven to 350˚F 1. Preheat oven to 350˚F
1. Prepare the batter, and pour into springform pan. 1. Prepare the batter, and pour into springform pan.
{{</* note */>}}Grease the pan for best results.{{</* /note */>}} `{{</* note */>}}Grease the pan for best results.{{</* /note */>}}`
1. Bake for 20-25 minutes or until set. 1. Bake for 20-25 minutes or until set.
@ -429,9 +429,9 @@ Do | Don't
:--| :----- :--| :-----
Update the title in the front matter of the page or blog post. | Use first level heading, as Hugo automatically converts the title in the front matter of the page into a first-level heading. Update the title in the front matter of the page or blog post. | Use first level heading, as Hugo automatically converts the title in the front matter of the page into a first-level heading.
Use ordered headings to provide a meaningful high-level outline of your content. | Use headings level 4 through 6, unless it is absolutely necessary. If your content is that detailed, it may need to be broken into separate articles. Use ordered headings to provide a meaningful high-level outline of your content. | Use headings level 4 through 6, unless it is absolutely necessary. If your content is that detailed, it may need to be broken into separate articles.
Use pound or hash signs (#) for non-blog post content. | Use underlines (--- or ===) to designate first-level headings. Use pound or hash signs (`#`) for non-blog post content. | Use underlines (`---` or `===`) to designate first-level headings.
Use sentence case for headings. For example, **Extend kubectl with plugins** | Use title case for headings. For example, **Extend Kubectl With Plugins** Use sentence case for headings. For example, **Extend kubectl with plugins** | Use title case for headings. For example, **Extend Kubectl With Plugins**
{{< /table >}} {{< /table >}}
### Paragraphs ### Paragraphs
@ -439,8 +439,8 @@ Use sentence case for headings. For example, **Extend kubectl with plugins** | U
Do | Don't Do | Don't
:--| :----- :--| :-----
Try to keep paragraphs under 6 sentences. | Indent the first paragraph with space characters. For example, ⋅⋅⋅Three spaces before a paragraph will indent it. Try to keep paragraphs under 6 sentences. | Indent the first paragraph with space characters. For example, ⋅⋅⋅Three spaces before a paragraph will indent it.
Use three hyphens (---) to create a horizontal rule. Use horizontal rules for breaks in paragraph content. For example, a change of scene in a story, or a shift of topic within a section. | Use horizontal rules for decoration. Use three hyphens (`---`) to create a horizontal rule. Use horizontal rules for breaks in paragraph content. For example, a change of scene in a story, or a shift of topic within a section. | Use horizontal rules for decoration.
{{< /table >}} {{< /table >}}
### Links ### Links
@ -449,7 +449,7 @@ Do | Don't
:--| :----- :--| :-----
Write hyperlinks that give you context for the content they link to. For example: Certain ports are open on your machines. See <a href="#check-required-ports">Check required ports</a> for more details. | Use ambiguous terms such as “click here”. For example: Certain ports are open on your machines. See <a href="#check-required-ports">here</a> for more details. Write hyperlinks that give you context for the content they link to. For example: Certain ports are open on your machines. See <a href="#check-required-ports">Check required ports</a> for more details. | Use ambiguous terms such as “click here”. For example: Certain ports are open on your machines. See <a href="#check-required-ports">here</a> for more details.
Write Markdown-style links: `[link text](URL)`. For example: `[Hugo shortcodes](/docs/contribute/style/hugo-shortcodes/#table-captions)` and the output is [Hugo shortcodes](/docs/contribute/style/hugo-shortcodes/#table-captions). | Write HTML-style links: `<a href="/media/examples/link-element-example.css" target="_blank">Visit our tutorial!</a>`, or create links that open in new tabs or windows. For example: `[example website](https://example.com){target="_blank"}` Write Markdown-style links: `[link text](URL)`. For example: `[Hugo shortcodes](/docs/contribute/style/hugo-shortcodes/#table-captions)` and the output is [Hugo shortcodes](/docs/contribute/style/hugo-shortcodes/#table-captions). | Write HTML-style links: `<a href="/media/examples/link-element-example.css" target="_blank">Visit our tutorial!</a>`, or create links that open in new tabs or windows. For example: `[example website](https://example.com){target="_blank"}`
{{< /table >}} {{< /table >}}
### Lists ### Lists
@ -457,17 +457,17 @@ Group items in a list that are related to each other and need to appear in a spe
Website navigation links can also be marked up as list items; after all they are nothing but a group of related links. Website navigation links can also be marked up as list items; after all they are nothing but a group of related links.
- End each item in a list with a period if one or more items in the list are complete sentences. For the sake of consistency, normally either all items or none should be complete sentences. - End each item in a list with a period if one or more items in the list are complete sentences. For the sake of consistency, normally either all items or none should be complete sentences.
{{< note >}} Ordered lists that are part of an incomplete introductory sentence can be in lowercase and punctuated as if each item was a part of the introductory sentence.{{< /note >}} {{< note >}} Ordered lists that are part of an incomplete introductory sentence can be in lowercase and punctuated as if each item was a part of the introductory sentence.{{< /note >}}
- Use the number one (1.) for ordered lists. - Use the number one (`1.`) for ordered lists.
- Use (+), (* ), or (-) for unordered lists. - Use (`+`), (`*`), or (`-`) for unordered lists.
- Leave a blank line after each list. - Leave a blank line after each list.
- Indent nested lists with four spaces (for example, ⋅⋅⋅⋅). - Indent nested lists with four spaces (for example, ⋅⋅⋅⋅).
- List items may consist of multiple paragraphs. Each subsequent paragraph in a list item must be indented by either four spaces or one tab. - List items may consist of multiple paragraphs. Each subsequent paragraph in a list item must be indented by either four spaces or one tab.
### Tables ### Tables
@ -486,7 +486,7 @@ This section contains suggested best practices for clear, concise, and consisten
Do | Don't Do | Don't
:--| :----- :--| :-----
This command starts a proxy. | This command will start a proxy. This command starts a proxy. | This command will start a proxy.
{{< /table >}} {{< /table >}}
Exception: Use future or past tense if it is required to convey the correct Exception: Use future or past tense if it is required to convey the correct
@ -512,7 +512,7 @@ Use simple and direct language. Avoid using unnecessary phrases, such as saying
Do | Don't Do | Don't
:--| :----- :--| :-----
To create a ReplicaSet, ... | In order to create a ReplicaSet, ... To create a ReplicaSet, ... | In order to create a ReplicaSet, ...
See the configuration file. | Please see the configuration file. See the configuration file. | Please see the configuration file.
View the Pods. | With this next command, we'll view the Pods. View the Pods. | With this next command, we'll view the Pods.
{{< /table >}} {{< /table >}}
@ -522,7 +522,7 @@ View the Pods. | With this next command, we'll view the Pods.
Do | Don't Do | Don't
:--| :----- :--| :-----
You can create a Deployment by ... | We'll create a Deployment by ... You can create a Deployment by ... | We'll create a Deployment by ...
In the preceding output, you can see... | In the preceding output, we can see ... In the preceding output, you can see... | In the preceding output, we can see ...
{{< /table >}} {{< /table >}}
@ -583,7 +583,7 @@ considered new in a few months.
Do | Don't Do | Don't
:--| :----- :--| :-----
In version 1.4, ... | In the current version, ... In version 1.4, ... | In the current version, ...
The Federation feature provides ... | The new Federation feature provides ... The Federation feature provides ... | The new Federation feature provides ...
{{< /table >}} {{< /table >}}

View File

@ -5,7 +5,7 @@ title: Kubernetes Documentation
noedit: true noedit: true
cid: docsHome cid: docsHome
layout: docsportal_home layout: docsportal_home
class: gridPage class: gridPage gridPageHome
linkTitle: "Home" linkTitle: "Home"
main_menu: true main_menu: true
weight: 10 weight: 10

View File

@ -184,27 +184,48 @@ sysctl --system
``` ```
{{< tabs name="tab-cri-cri-o-installation" >}} {{< tabs name="tab-cri-cri-o-installation" >}}
{{< tab name="Ubuntu 16.04" codelang="bash" >}} {{< tab name="Debian" codelang="bash" >}}
# Debian Unstable/Sid
echo 'deb http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/Debian_Unstable/ /' > /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list
wget -nv https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable/Debian_Unstable/Release.key -O- | sudo apt-key add -
# Install prerequisites # Debian Testing
apt-get update echo 'deb http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/Debian_Testing/ /' > /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list
apt-get install -y software-properties-common wget -nv https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable/Debian_Testing/Release.key -O- | sudo apt-key add -
add-apt-repository ppa:projectatomic/ppa # Debian 10
apt-get update echo 'deb http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/Debian_10/ /' > /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list
wget -nv https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable/Debian_10/Release.key -O- | sudo apt-key add -
# Raspbian 10
echo 'deb http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/Raspbian_10/ /' > /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list
wget -nv https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable/Raspbian_10/Release.key -O- | sudo apt-key add -
# Install CRI-O # Install CRI-O
apt-get install -y cri-o-1.15 sudo apt-get install cri-o-1.17
{{< /tab >}} {{< /tab >}}
{{< tab name="CentOS/RHEL 7.4+" codelang="bash" >}}
{{< tab name="Ubuntu 18.04, 19.04 and 19.10" codelang="bash" >}}
# Setup repository
. /etc/os-release
sudo sh -c "echo 'deb http://download.opensuse.org/repositories/devel:/kubic:/libcontainers:/stable/x${NAME}_${VERSION_ID}/ /' > /etc/apt/sources.list.d/devel:kubic:libcontainers:stable.list"
wget -nv https://download.opensuse.org/repositories/devel:kubic:libcontainers:stable/x${NAME}_${VERSION_ID}/Release.key -O- | sudo apt-key add -
sudo apt-get update
# Install CRI-O
sudo apt-get install cri-o-1.17
{{< /tab >}}
{{< tab name="CentOS/RHEL 7.4+" codelang="bash" >}}
# Install prerequisites # Install prerequisites
yum-config-manager --add-repo=https://cbs.centos.org/repos/paas7-crio-115-release/x86_64/os/ yum-config-manager --add-repo=https://cbs.centos.org/repos/paas7-crio-115-release/x86_64/os/
# Install CRI-O # Install CRI-O
yum install --nogpgcheck -y cri-o yum install --nogpgcheck -y cri-o
{{< /tab >}}
{{< tab name="openSUSE Tumbleweed" codelang="bash" >}}
sudo zypper install cri-o
{{< /tab >}} {{< /tab >}}
{{< /tabs >}} {{< /tabs >}}

View File

@ -48,7 +48,7 @@ W wersjach wcześniejszych niż 1.14, punkty końcowe określone przez ich forma
**Przykłady pobierania specyfikacji OpenAPI**: **Przykłady pobierania specyfikacji OpenAPI**:
Przed 1.10 | Począwszy od Kubernetes 1.10 Przed 1.10 | Kubernetes 1.10 i nowszy
----------- | ----------------------------- ----------- | -----------------------------
GET /swagger.json | GET /openapi/v2 **Accept**: application/json GET /swagger.json | GET /openapi/v2 **Accept**: application/json
GET /swagger-2.0.0.pb-v1 | GET /openapi/v2 **Accept**: application/com.github.proto-openapi.spec.v2@v1.0+protobuf GET /swagger-2.0.0.pb-v1 | GET /openapi/v2 **Accept**: application/com.github.proto-openapi.spec.v2@v1.0+protobuf
@ -108,20 +108,21 @@ API może być rozbudowane na dwa sposoby przy użyciu [custom resources](/docs/
i użyć [agregatora](/docs/tasks/access-kubernetes-api/configure-aggregation-layer/), i użyć [agregatora](/docs/tasks/access-kubernetes-api/configure-aggregation-layer/),
aby zintegrować je w sposób niezauważalny dla klientów. aby zintegrować je w sposób niezauważalny dla klientów.
## Włączanie grup API ## Włączanie i wyłączanie grup API
Określone zasoby i grupy API są włączone domyślnie. Włączanie i wyłączanie odbywa się poprzez ustawienie `--runtime-config` Określone zasoby i grupy API są włączone domyślnie. Włączanie i wyłączanie odbywa się poprzez ustawienie `--runtime-config`
w apiserwerze. `--runtime-config` przyjmuje wartości oddzielane przecinkami. Przykładowo, aby wyłączyć batch/v1, należy ustawić w apiserwerze. `--runtime-config` przyjmuje wartości oddzielane przecinkami. Przykładowo, aby wyłączyć batch/v1, należy ustawić
`--runtime-config=batch/v1=false`, aby włączyć batch/v2alpha1, należy ustawić `--runtime-config=batch/v2alpha1`. `--runtime-config=batch/v1=false`, aby włączyć batch/v2alpha1, należy ustawić `--runtime-config=batch/v2alpha1`.
Ta opcja przyjmuje rozdzielony przecinkami zbiór par klucz=wartość, który opisuje konfigurację wykonawczą apiserwera. Ta opcja przyjmuje rozdzielony przecinkami zbiór par klucz=wartość, który opisuje konfigurację wykonawczą apiserwera.
WAŻNE: Włączenie lub wyłączenie grup lub zasobów wymaga restartu apiserver i controller-manager, aby zmiany w `--runtime-config` zostały wprowadzone. {{< note >}}Włączenie lub wyłączenie grup lub zasobów wymaga restartu apiserver i controller-manager, aby zmiany w `--runtime-config` zostały wprowadzone.{{< /note >}}
## Jak włączać dostęp do grup zasobów ## Jak włączać dostęp do grup zasobów extensions/v1beta1
DaemonSets, Deployments, HorizontalPodAutoscalers, Ingresses, Jobs and ReplicaSets są domyślnie włączone. DaemonSets, Deployments, HorizontalPodAutoscalers, Ingresses, Jobs i ReplicaSets znajdują się w grupie API `extensions/v1beta1` i są domyślnie włączone.
Pozostałe rozszerzenia mogą być włączane poprzez ustawienie `--runtime-config` w Przykładowo: aby włączyć deployments i daemonsets, ustaw
apiserver. `--runtime-config` przyjmuje wartości rozdzielane przecinkami. Na przykład, aby zablokować deployments oraz ingress, ustaw `--runtime-config=extensions/v1beta1/deployments=true,extensions/v1beta1/daemonsets=true`.
`--runtime-config=extensions/v1beta1/deployments=false,extensions/v1beta1/ingresses=false`
{{< note >}}Włączanie i wyłączanie pojedynczych zasobów możliwe jest jedynie w ramach grupy API `extensions/v1beta1` z przyczyn historycznych{{< /note >}}
{{% /capture %}} {{% /capture %}}

View File

@ -1,5 +1,7 @@
--- ---
title: Kubernetes — co to jest? title: Kubernetes — co to jest?
description: >
Kubernetes to przenośna, rozszerzalna platforma oprogramowania *open-source* służąca do zarządzania zadaniami i serwisami uruchamianymi w kontenerach. Umożliwia ich deklaratywną konfigurację i automatyzację. Kubernetes posiada duży i dynamicznie rozwijający się ekosystem. Szeroko dostępne są serwisy, wsparcie i dodatkowe narzędzia.
content_template: templates/concept content_template: templates/concept
weight: 10 weight: 10
card: card:
@ -14,7 +16,7 @@ Na tej stronie znajdziesz ogólne informacje o Kubernetesie.
{{% capture body %}} {{% capture body %}}
Kubernetes to przenośna, rozszerzalna platforma oprogramowania *open-source* służąca do zarządzania zadaniami i serwisami uruchamianymi w kontenerach, która umożliwia deklaratywną konfigurację i automatyzację. Ekosystem Kubernetesa jest duży i dynamicznie się rozwija. Serwisy Kubernetesa, wsparcie i narzędzia są szeroko dostępne. Kubernetes to przenośna, rozszerzalna platforma oprogramowania *open-source* służąca do zarządzania zadaniami i serwisami uruchamianymi w kontenerach, która umożliwia deklaratywną konfigurację i automatyzację. Ekosystem Kubernetesa jest duży i dynamicznie się rozwija. Serwisy Kubernetesa, wsparcie i narzędzia są szeroko dostępne.
Nazwa Kubernetes pochodzi z greki i oznacza sternika albo pilota. Google otworzyło projekt Kubernetes publicznie w 2014. Kubernetes korzysta z [piętnastoletniego doświadczenia Google w uruchamianiu wielkoskalowych serwisów](https://ai.google/research/pubs/pub43438) i łączy je z najlepszymi pomysłami i praktykami wypracowanymi przez społeczność. Nazwa Kubernetes pochodzi z greki i oznacza sternika albo pilota. Google otworzyło projekt Kubernetes publicznie w 2014. Kubernetes korzysta z [piętnastoletniego doświadczenia Google w uruchamianiu wielkoskalowych serwisów](/blog/2015/04/borg-predecessor-to-kubernetes/) i łączy je z najlepszymi pomysłami i praktykami wypracowanymi przez społeczność.
## Trochę historii ## Trochę historii
@ -42,7 +44,7 @@ Kontenery zyskały popularność ze względu na swoje zalety, takie jak:
* Rozdzielenie zadań *Dev* i *Ops*: obrazy kontenerów powstają w fazie *build/release*, oddzielając w ten sposób aplikacje od infrastruktury. * Rozdzielenie zadań *Dev* i *Ops*: obrazy kontenerów powstają w fazie *build/release*, oddzielając w ten sposób aplikacje od infrastruktury.
* Obserwowalność obejmuje nie tylko informacje i metryki z poziomu systemu operacyjnego, ale także poprawność działania samej aplikacji i inne sygnały. * Obserwowalność obejmuje nie tylko informacje i metryki z poziomu systemu operacyjnego, ale także poprawność działania samej aplikacji i inne sygnały.
* Spójność środowiska na etapach rozwoju oprogramowania, testowania i działania w trybie produkcyjnym: działa w ten sam sposób na laptopie i w chmurze. * Spójność środowiska na etapach rozwoju oprogramowania, testowania i działania w trybie produkcyjnym: działa w ten sam sposób na laptopie i w chmurze.
* Możliwość przenoszenia pomiędzy systemami operacyjnymi i platformami chmurowymi: Ubuntu, RHEL, CoreOS, prywatnymi centrami danych, Google Kubernetes Engine czy gdziekolwiek indziej. * Możliwość przenoszenia pomiędzy systemami operacyjnymi i platformami chmurowymi: Ubuntu, RHEL, CoreOS, prywatnymi centrami danych, największymi dostawcami usług chmurowych czy gdziekolwiek indziej.
* Zarządzanie, które w centrum uwagi ma aplikacje: Poziom abstrakcji przeniesiony jest z warstwy systemu operacyjnego działającego na maszynie wirtualnej na poziom działania aplikacji, która działa na systemie operacyjnym używając zasobów logicznych. * Zarządzanie, które w centrum uwagi ma aplikacje: Poziom abstrakcji przeniesiony jest z warstwy systemu operacyjnego działającego na maszynie wirtualnej na poziom działania aplikacji, która działa na systemie operacyjnym używając zasobów logicznych.
* Luźno powiązane, rozproszone i elastyczne "swobodne" mikro serwisy: Aplikacje podzielone są na mniejsze, niezależne komponenty, które mogą być dynamicznie uruchamiane i zarządzane - nie jest to monolityczny system działający na jednej, dużej maszynie dedykowanej na wyłączność. * Luźno powiązane, rozproszone i elastyczne "swobodne" mikro serwisy: Aplikacje podzielone są na mniejsze, niezależne komponenty, które mogą być dynamicznie uruchamiane i zarządzane - nie jest to monolityczny system działający na jednej, dużej maszynie dedykowanej na wyłączność.
* Izolacja zasobów: wydajność aplikacji możliwa do przewidzenia * Izolacja zasobów: wydajność aplikacji możliwa do przewidzenia

View File

@ -14,6 +14,8 @@ menu:
weight: 20 weight: 20
post: > post: >
<p>Naucz się, jak korzystać z Kubernetesa z pomocą dokumentacji, która opisuje pojęcia, zawiera samouczki i informacje źródłowe. Możesz także <a href="/editdocs/" data-auto-burger-exclude>pomóc w jej tworzeniu</a>!</p> <p>Naucz się, jak korzystać z Kubernetesa z pomocą dokumentacji, która opisuje pojęcia, zawiera samouczki i informacje źródłowe. Możesz także <a href="/editdocs/" data-auto-burger-exclude>pomóc w jej tworzeniu</a>!</p>
description: >
Kubernetes to otwarte oprogramowanie służące do automatyzacji procesów uruchamiania, skalowania i zarządzania aplikacjami w kontenerach. Gospodarzem tego projektu o otwartym kodzie źródłowym jest Cloud Native Computing Foundation.
overview: > overview: >
Kubernetes to otwarte oprogramowanie służące do automatyzacji procesów uruchamiania, skalowania i zarządzania aplikacjami w kontenerach. Gospodarzem tego projektu o otwartym kodzie źródłowym jest Cloud Native Computing Foundation (<a href="https://www.cncf.io/about">CNCF</a>). Kubernetes to otwarte oprogramowanie służące do automatyzacji procesów uruchamiania, skalowania i zarządzania aplikacjami w kontenerach. Gospodarzem tego projektu o otwartym kodzie źródłowym jest Cloud Native Computing Foundation (<a href="https://www.cncf.io/about">CNCF</a>).
cards: cards:
@ -37,6 +39,11 @@ cards:
description: "Wyszukaj popularne zadania i dowiedz się, jak sobie z nimi efektywnie poradzić." description: "Wyszukaj popularne zadania i dowiedz się, jak sobie z nimi efektywnie poradzić."
button: "Przegląd zadań" button: "Przegląd zadań"
button_path: "/docs/tasks" button_path: "/docs/tasks"
- name: training
title: "Szkolenia"
description: "Uzyskaj certyfikat Kubernetes i spraw, aby Twoje projekty cloud native zakończyły się sukcesem!"
button: "Oferta szkoleń"
button_path: "/training"
- name: reference - name: reference
title: Dokumentacja źródłowa title: Dokumentacja źródłowa
description: Zapoznaj się z terminologią, składnią poleceń, typami zasobów API i dokumentacją narzędzi instalacyjnych. description: Zapoznaj się z terminologią, składnią poleceń, typami zasobów API i dokumentacją narzędzi instalacyjnych.

View File

@ -4,7 +4,8 @@ id: cluster
date: 2019-06-15 date: 2019-06-15
full_link: full_link:
short_description: > short_description: >
Zestaw maszyn roboczych, nazywanych węzłami, na których uruchamiane są aplikacje w kontenerach. Każdy klaster musi posiadać przynajmniej jeden węzeł. Zestaw maszyn roboczych, nazywanych {{< glossary_tooltip text="węzłami" term_id="node" >}}, na których uruchamiane są aplikacje w kontenerach.
Każdy klaster musi posiadać przynajmniej jeden węzeł.
aka: aka:
tags: tags:
@ -14,4 +15,9 @@ tags:
Zestaw maszyn roboczych, nazywanych węzłami, na których uruchamiane są aplikacje w kontenerach. Każdy klaster musi posiadać przynajmniej jeden węzeł. Zestaw maszyn roboczych, nazywanych węzłami, na których uruchamiane są aplikacje w kontenerach. Każdy klaster musi posiadać przynajmniej jeden węzeł.
<!--more--> <!--more-->
Na węźle (lub węzłach) roboczych rozmieszczane są pody, które są częściami składowymi aplikacji. Warstwa sterowania zarządza węzłami roboczymi i podami należącymi do klastra. W środowisku produkcyjnym warstwa sterowania rozłożona jest zazwyczaj na kilka maszyn, a klaster uruchomiony jest na wielu węzłach zapewniając większą niezawodność i odporność na awarie. Na węźle (lub węzłach) roboczych rozmieszczane są {{< glossary_tooltip text="pody" term_id="pod" >}},
które są częściami składowymi aplikacji.
{{< glossary_tooltip text="Warstwa sterowania" term_id="control-plane" >}} zarządza
węzłami roboczymi i podami należącymi do klastra. W środowisku produkcyjnym warstwa sterowania
rozłożona jest zazwyczaj na kilka maszyn, a klaster uruchomiony jest na wielu węzłach zapewniając
większą niezawodność i odporność na awarie.

View File

@ -11,13 +11,17 @@ tags:
- fundamental - fundamental
- networking - networking
--- ---
[kube-proxy](/docs/reference/command-line-tools-reference/kube-proxy/) to *proxy* sieciowe, które uruchomione jest na każdym węźle klastra kube-proxy to *proxy* sieciowe, które uruchomione jest na każdym
i uczestniczy w tworzeniu {{< glossary_tooltip term_id="service">}}. {{< glossary_tooltip text="węźle" term_id="node" >}} klastra
i uczestniczy w tworzeniu
{{< glossary_tooltip text="serwisu" term_id="service">}}.
<!--more--> <!--more-->
kube-proxy utrzymuje reguły sieciowe na węźle. Dzięki tym regułom [kube-proxy](/docs/reference/command-line-tools-reference/kube-proxy/)
sieci na zewnątrz i wewnątrz klastra mogą komunikować się z Podami. utrzymuje reguły sieciowe na węźle. Dzięki tym regułom
sieci na zewnątrz i wewnątrz klastra mogą komunikować się
z podami.
kube-proxy używa warstwy filtrowania pakietów dostarczanych przez system operacyjny, o ile taka jest dostępna. kube-proxy używa warstwy filtrowania pakietów dostarczanych przez system operacyjny, o ile taka jest dostępna.
W przeciwnym przypadku, kube-proxy samo zajmuje sie przekazywaniem ruchu sieciowego. W przeciwnym przypadku, kube-proxy samo zajmuje sie przekazywaniem ruchu sieciowego.

View File

@ -10,8 +10,13 @@ aka:
tags: tags:
- architecture - architecture
--- ---
Składnik warstwy sterowania, który śledzi tworzenie nowych podów i przypisuje im węzły, na których powinny zostać uruchomione. Składnik warstwy sterowania, który śledzi tworzenie nowych
{{< glossary_tooltip term_id="pod" text="podów" >}} i przypisuje im {{< glossary_tooltip term_id="node" text="węzły">}},
na których powinny zostać uruchomione.
<!--more--> <!--more-->
Przy podejmowaniu decyzji o wyborze węzła brane pod uwagę są wymagania indywidualne i zbiorcze odnośnie zasobów, ograniczenia wynikające z polityk sprzętu i oprogramowania, wymagania *affinity* i *anty-affinity*, lokalizacja danych, zależności między zadaniami i wymagania czasowe. Przy podejmowaniu decyzji o wyborze węzła brane pod uwagę są wymagania
indywidualne i zbiorcze odnośnie zasobów, ograniczenia wynikające z polityk
sprzętu i oprogramowania, wymagania *affinity* i *anty-affinity*, lokalizacja danych,
zależności między zadaniami i wymagania czasowe.

View File

@ -11,8 +11,8 @@ tags:
- fundamental - fundamental
- core-object - core-object
--- ---
Agent, który działa na każdym węźle klastra. Odpowiada za uruchamianie kontenerów w ramach poda. Agent, który działa na każdym {{< glossary_tooltip text="węźle" term_id="node" >}} klastra. Odpowiada za uruchamianie {{< glossary_tooltip text="kontenerów" term_id="container" >}} w ramach {{< glossary_tooltip text="poda" term_id="pod" >}}.
<!--more--> <!--more-->
Kubelet korzysta z dostarczanych na różne sposoby PodSpecs i gwarantuje, że kontenery opisane przez te PodSpecs są uruchomione i działają poprawnie. Kubelet nie zarządza kontenerami, które nie zostały utworzone przez Kubernetes. Kubelet korzysta z dostarczanych na różne sposoby PodSpecs i gwarantuje, że kontenery opisane przez te PodSpecs są uruchomione i działają poprawnie. Kubelet nie zarządza kontenerami, które nie zostały utworzone przez Kubernetes.

View File

@ -48,62 +48,6 @@ Aby uruchomić klaster Kubernetes do nauki na lokalnym komputerze, skorzystaj z
Wybierając rozwiązanie dla środowiska produkcyjnego musisz zdecydować, którymi poziomami zarządzania klastrem (_abstrakcjami_) chcesz zajmować się sam, a które będą realizowane po stronie zewnętrznego operatora. Wybierając rozwiązanie dla środowiska produkcyjnego musisz zdecydować, którymi poziomami zarządzania klastrem (_abstrakcjami_) chcesz zajmować się sam, a które będą realizowane po stronie zewnętrznego operatora.
Przykładowe poziomy abstrakcji klastra Kubernetesa to: {{< glossary_tooltip text="aplikacje" term_id="applications" >}}, {{< glossary_tooltip text="warstwa danych" term_id="data-plane" >}}, {{< glossary_tooltip text="warstwa sterowania" term_id="control-plane" >}}, {{< glossary_tooltip text="infrastruktura klastra" term_id="cluster-infrastructure" >}} i {{< glossary_tooltip text="operacje na klastrze" term_id="cluster-operations" >}}. Aby zapoznać się z listą dostawców posiadających [certyfikację Kubernetes](https://github.com/cncf/k8s-conformance/#certified-kubernetes), odwiedź stronę "[Partnerzy](https://kubernetes.io/partners/#conformance)".
Poniższy schemat pokazuje poszczególne poziomy abstrakcji klastra Kubernetes oraz informacje, kto jest za nie odpowiedzialny (sam użytkownik czy zewnętrzny operator).
Rozwiązania dla środowisk produkcyjnych![Rozwiązania dla środowisk produkcyjnych](/images/docs/KubernetesSolutions.svg)
{{< table caption="Tabela z dostawcami i rozwiązaniami dla środowisk produkcyjnych." >}}
Poniższa tabela zawiera przegląd dostawców środowisk produkcyjnych i rozwiązań, które oferują.
|Dostawca | Zarządzana | Chmura "pod klucz" | Prywatne centrum danych | Własne (w chmurze) | Własne (VM lokalne)| Własne (Bare Metal) |
| --------- | ------ | ------ | ------ | ------ | ------ | ----- |
| [Agile Stacks](https://www.agilestacks.com/products/kubernetes)| | &#x2714; | &#x2714; | | |
| [Alibaba Cloud](https://www.alibabacloud.com/product/kubernetes)| | &#x2714; | | | |
| [Amazon](https://aws.amazon.com) | [Amazon EKS](https://aws.amazon.com/eks/) |[Amazon EC2](https://aws.amazon.com/ec2/) | | | |
| [AppsCode](https://appscode.com/products/pharmer/) | &#x2714; | | | | |
| [APPUiO](https://appuio.ch/)  | &#x2714; | &#x2714; | &#x2714; | | | |
| [Banzai Cloud Pipeline Kubernetes Engine (PKE)](https://banzaicloud.com/products/pke/) | | &#x2714; | | &#x2714; | &#x2714; | &#x2714; |
| [CenturyLink Cloud](https://www.ctl.io/) | | &#x2714; | | | |
| [Cisco Container Platform](https://cisco.com/go/containers) | | | &#x2714; | | |
| [Cloud Foundry Container Runtime (CFCR)](https://docs-cfcr.cfapps.io/) | | | | &#x2714; |&#x2714; |
| [CloudStack](https://cloudstack.apache.org/) | | | | | &#x2714;|
| [Canonical](https://ubuntu.com/kubernetes) | &#x2714; | &#x2714; | &#x2714; | &#x2714; |&#x2714; | &#x2714;
| [Containership](https://containership.io) | &#x2714; |&#x2714; | | | |
| [D2iQ](https://d2iq.com/) | | [Kommander](https://d2iq.com/solutions/ksphere) | [Konvoy](https://d2iq.com/solutions/ksphere/konvoy) | [Konvoy](https://d2iq.com/solutions/ksphere/konvoy) | [Konvoy](https://d2iq.com/solutions/ksphere/konvoy) | [Konvoy](https://d2iq.com/solutions/ksphere/konvoy) |
| [Digital Rebar](https://provision.readthedocs.io/en/tip/README.html) | | | | | | &#x2714;
| [DigitalOcean](https://www.digitalocean.com/products/kubernetes/) | &#x2714; | | | | |
| [Docker Enterprise](https://www.docker.com/products/docker-enterprise) | |&#x2714; | &#x2714; | | | &#x2714;
| [Gardener](https://gardener.cloud/) | &#x2714; | &#x2714; | &#x2714; | &#x2714; | &#x2714; | [Custom Extensions](https://github.com/gardener/gardener/blob/master/docs/extensions/overview.md) |
| [Giant Swarm](https://www.giantswarm.io/) | &#x2714; | &#x2714; | &#x2714; | |
| [Google](https://cloud.google.com/) | [Google Kubernetes Engine (GKE)](https://cloud.google.com/kubernetes-engine/) | [Google Compute Engine (GCE)](https://cloud.google.com/compute/)|[GKE On-Prem](https://cloud.google.com/gke-on-prem/) | | | | | | | |
| [IBM](https://www.ibm.com/in-en/cloud) | [IBM Cloud Kubernetes Service](https://cloud.ibm.com/kubernetes/catalog/cluster)| |[IBM Cloud Private](https://www.ibm.com/in-en/cloud/private) | |
| [Ionos](https://www.ionos.com/enterprise-cloud) | [Ionos Managed Kubernetes](https://www.ionos.com/enterprise-cloud/managed-kubernetes) | [Ionos Enterprise Cloud](https://www.ionos.com/enterprise-cloud) | |
| [Kontena Pharos](https://www.kontena.io/pharos/) | |&#x2714;| &#x2714; | | |
| [KubeOne](https://kubeone.io/) | | &#x2714; | &#x2714; | &#x2714; | &#x2714; | &#x2714; |
| [Kubermatic](https://kubermatic.io/) | &#x2714; | &#x2714; | &#x2714; | &#x2714; | &#x2714; | &#x2714; |
| [KubeSail](https://kubesail.com/) | &#x2714; | | | | |
| [Kubespray](https://kubespray.io/#/) | | | |&#x2714; | &#x2714; | &#x2714; |
| [Kublr](https://kublr.com/) |&#x2714; | &#x2714; |&#x2714; |&#x2714; |&#x2714; |&#x2714; |
| [Microsoft Azure](https://azure.microsoft.com) | [Azure Kubernetes Service (AKS)](https://azure.microsoft.com/en-us/services/kubernetes-service/) | | | | |
| [Mirantis Cloud Platform](https://www.mirantis.com/software/kubernetes/) | | | &#x2714; | | |
| [NetApp Kubernetes Service (NKS)](https://cloud.netapp.com/kubernetes-service) | &#x2714; | &#x2714; | &#x2714; | | |
| [Nirmata](https://www.nirmata.com/) | | &#x2714; | &#x2714; | | |
| [Nutanix](https://www.nutanix.com/en) | [Nutanix Karbon](https://www.nutanix.com/products/karbon) | [Nutanix Karbon](https://www.nutanix.com/products/karbon) | | | [Nutanix AHV](https://www.nutanix.com/products/acropolis/virtualization) |
| [OpenNebula](https://www.opennebula.org) |[OpenNebula Kubernetes](https://marketplace.opennebula.systems/docs/service/kubernetes.html) | | | | |
| [OpenShift](https://www.openshift.com) |[OpenShift Dedicated](https://www.openshift.com/products/dedicated/) i [OpenShift Online](https://www.openshift.com/products/online/) | | [OpenShift Container Platform](https://www.openshift.com/products/container-platform/) | | [OpenShift Container Platform](https://www.openshift.com/products/container-platform/) |[OpenShift Container Platform](https://www.openshift.com/products/container-platform/)
| [Oracle Cloud Infrastructure Container Engine for Kubernetes (OKE)](https://docs.cloud.oracle.com/iaas/Content/ContEng/Concepts/contengoverview.htm) | &#x2714; | &#x2714; | | | |
| [oVirt](https://www.ovirt.org/) | | | | | &#x2714; |
| [Pivotal](https://pivotal.io/) | | [Enterprise Pivotal Container Service (PKS)](https://pivotal.io/platform/pivotal-container-service) | [Enterprise Pivotal Container Service (PKS)](https://pivotal.io/platform/pivotal-container-service) | | |
| [Platform9](https://platform9.com/) | [Platform9 Managed Kubernetes](https://platform9.com/managed-kubernetes/) | | [Platform9 Managed Kubernetes](https://platform9.com/managed-kubernetes/) | &#x2714; | &#x2714; | &#x2714;
| [Rancher](https://rancher.com/) | | [Rancher 2.x](https://rancher.com/docs/rancher/v2.x/en/) | | [Rancher Kubernetes Engine (RKE)](https://rancher.com/docs/rke/latest/en/) | | [k3s](https://k3s.io/)
| [Supergiant](https://supergiant.io/) | |&#x2714; | | | |
| [SUSE](https://www.suse.com/) | | &#x2714; | | | |
| [SysEleven](https://www.syseleven.io/) | &#x2714; | | | | |
| [Tencent Cloud](https://intl.cloud.tencent.com/) | [Tencent Kubernetes Engine](https://intl.cloud.tencent.com/product/tke) | &#x2714; | &#x2714; | | | &#x2714; |
| [VEXXHOST](https://vexxhost.com/) | &#x2714; | &#x2714; | | | |
| [VMware](https://cloud.vmware.com/) | [VMware Cloud PKS](https://cloud.vmware.com/vmware-cloud-pks) |[VMware Enterprise PKS](https://cloud.vmware.com/vmware-enterprise-pks) | [VMware Enterprise PKS](https://cloud.vmware.com/vmware-enterprise-pks) | [VMware Essential PKS](https://cloud.vmware.com/vmware-essential-pks) | |[VMware Essential PKS](https://cloud.vmware.com/vmware-essential-pks)
| [Z.A.R.V.I.S.](https://zarvis.ai/) | &#x2714; | | | | | |
{{% /capture %}} {{% /capture %}}

View File

@ -77,7 +77,7 @@ weight: 10
</div> </div>
<div class="col-md-4"> <div class="col-md-4">
<div class="content__box content__box_fill"> <div class="content__box content__box_fill">
<p><i>Węzły typu master zarządzają klastrem, pozostałe węzły są wykorzystywane do uruchamiania na nich aplikacji. </i></p> <p><i>Węzły typu master zarządzają klastrem i węzłami wykorzystywanymi do uruchamiania aplikacji. </i></p>
</div> </div>
</div> </div>
</div> </div>

View File

@ -17,7 +17,7 @@ weight: 40
Чтобы работать с Kubernetes, вы используете *объекты API Kubernetes* для описания *желаемого состояния вашего кластера*: какие приложения или другие рабочие нагрузки вы хотите запустить, какие образы контейнеров они используют, количество реплик, какие сетевые и дисковые ресурсы вы хотите использовать и сделать доступными и многое другое. Вы устанавливаете желаемое состояние, создавая объекты с помощью API Kubernetes, обычно через интерфейс командной строки `kubectl`. Вы также можете напрямую использовать API Kubernetes для взаимодействия с кластером и установки или изменения желаемого состояния. Чтобы работать с Kubernetes, вы используете *объекты API Kubernetes* для описания *желаемого состояния вашего кластера*: какие приложения или другие рабочие нагрузки вы хотите запустить, какие образы контейнеров они используют, количество реплик, какие сетевые и дисковые ресурсы вы хотите использовать и сделать доступными и многое другое. Вы устанавливаете желаемое состояние, создавая объекты с помощью API Kubernetes, обычно через интерфейс командной строки `kubectl`. Вы также можете напрямую использовать API Kubernetes для взаимодействия с кластером и установки или изменения желаемого состояния.
После того, как вы установили желаемое состояние, анель управления Kubernetes* заставляет текущее состояние кластера соответствовать желаемому состоянию с помощью генератора событий жизненного цикла подов ([Pod Lifecycle Event Generator, PLEG](https://github.com/kubernetes/community/blob/master/contributors/design-proposals/node/pod-lifecycle-event-generator.md)). Для этого Kubernetes автоматически выполняет множество задач, таких как запуск или перезапуск контейнеров, масштабирование количества реплик данного приложения и многое другое. Плоскость управления Kubernetes состоит из набора процессов, запущенных в вашем кластере: После того, как вы установили желаемое состояние, лоскость управления Kubernetes* заставляет текущее состояние кластера соответствовать желаемому состоянию с помощью генератора событий жизненного цикла подов ([Pod Lifecycle Event Generator, PLEG](https://github.com/kubernetes/community/blob/master/contributors/design-proposals/node/pod-lifecycle-event-generator.md)). Для этого Kubernetes автоматически выполняет множество задач, таких как запуск или перезапуск контейнеров, масштабирование количества реплик данного приложения и многое другое. Плоскость управления Kubernetes состоит из набора процессов, запущенных в вашем кластере:
* **Мастер Kubernetes** — это коллекция из трех процессов, которые выполняются на одном узле в вашем кластере, который обозначен как главный узел. Это процессы: [kube-apiserver](/docs/admin/kube-apiserver/), [kube-controller-manager](/docs/admin/kube-controller-manager/) и [kube-scheduler](/docs/admin/kube-scheduler/). * **Мастер Kubernetes** — это коллекция из трех процессов, которые выполняются на одном узле в вашем кластере, который обозначен как главный узел. Это процессы: [kube-apiserver](/docs/admin/kube-apiserver/), [kube-controller-manager](/docs/admin/kube-controller-manager/) и [kube-scheduler](/docs/admin/kube-scheduler/).
* Каждый отдельный неосновной узел в вашем кластере выполняет два процесса: * Каждый отдельный неосновной узел в вашем кластере выполняет два процесса:
@ -43,11 +43,11 @@ Kubernetes также содержит абстракции более высо
* [ReplicaSet](/docs/concepts/workloads/controllers/replicaset/) * [ReplicaSet](/docs/concepts/workloads/controllers/replicaset/)
* [Job](/docs/concepts/workloads/controllers/jobs-run-to-completion/) * [Job](/docs/concepts/workloads/controllers/jobs-run-to-completion/)
## Панель управления Kubernetes ## Плоскость управления Kubernetes
Различные части панели управления Kubernetes, такие как мастер Kubernetes и процессы kubelet, определяют, как Kubernetes взаимодействует с кластером. Панель управления поддерживает запись всех объектов Kubernetes в системе и запускает непрерывные циклы управления для обработки состояния этих объектов. В любое время циклы управления панели управления будут реагировать на изменения в кластере и работать, чтобы фактическое состояние всех объектов в системе соответствовало желаемому состоянию, которое вы указали. Различные части панели управления Kubernetes, такие как мастер Kubernetes и процессы kubelet, определяют, как Kubernetes взаимодействует с кластером. Плоскость управления поддерживает запись всех объектов Kubernetes в системе и запускает непрерывные циклы управления для обработки состояния этих объектов. В любое время циклы управления панели управления будут реагировать на изменения в кластере и работать, чтобы фактическое состояние всех объектов в системе соответствовало желаемому состоянию, которое вы указали.
Например, когда вы используете API Kubernetes для создания развертывания, вы предоставляете новое желаемое состояние для системы. Панель управления Kubernetes записывает создание этого объекта и выполняет ваши инструкции, запуская необходимые приложения и планируя их на узлы кластера, чтобы фактическое состояние кластера соответствовало желаемому состоянию. Например, когда вы используете API Kubernetes для создания развертывания, вы предоставляете новое желаемое состояние для системы. Плоскость управления Kubernetes записывает создание этого объекта и выполняет ваши инструкции, запуская необходимые приложения и планируя их на узлы кластера, чтобы фактическое состояние кластера соответствовало желаемому состоянию.
### Мастер Kubernetes ### Мастер Kubernetes

View File

@ -23,7 +23,7 @@ card:
{{% capture body %}} {{% capture body %}}
## Панель управления компонентами ## Плоскость управления компонентами
Компоненты панели управления отвечают за основные операции кластера (например, планирование), а также обрабатывают события кластера (например, запускают новый {{< glossary_tooltip text="под" term_id="pod">}}, когда поле `replicas` развертывания не соответствует требуемому количеству реплик). Компоненты панели управления отвечают за основные операции кластера (например, планирование), а также обрабатывают события кластера (например, запускают новый {{< glossary_tooltip text="под" term_id="pod">}}, когда поле `replicas` развертывания не соответствует требуемому количеству реплик).

View File

@ -74,7 +74,7 @@ PodList — это список Pod. | Pod List — это список подо
Можно | Нельзя Можно | Нельзя
:--| :----- :--| :-----
_Кластер_ — это набор узлов ... | "Кластер" — это набор узлов ... _Кластер_ — это набор узлов ... | "Кластер" — это набор узлов ...
Эти компоненты формируют _панель управления_. | Эти компоненты формируют **панель управления**. Эти компоненты формируют _плоскость управления_. | Эти компоненты формируют **плоскость управления**.
{{< /table >}} {{< /table >}}
### Оформляйте как код имена файлов, директории и пути ### Оформляйте как код имена файлов, директории и пути

View File

@ -14,4 +14,4 @@ tags:
Набор машин, так называемые узлы, которые запускают контейнеризированные приложения. Кластер имеет как минимум один рабочий узел. Набор машин, так называемые узлы, которые запускают контейнеризированные приложения. Кластер имеет как минимум один рабочий узел.
<!--more--> <!--more-->
В рабочих узлах размещены поды, являющиеся компонентами приложения. Панель управления управляет рабочими узлами и подами в кластере. В промышленных средах панель управления обычно запускается на нескольких компьютерах, а кластер, как правило, развёртывается на нескольких узлах, гарантируя отказоустойчивость и высокую надёжность. В рабочих узлах размещены поды, являющиеся компонентами приложения. Плоскость управления управляет рабочими узлами и подами в кластере. В промышленных средах плоскость управления обычно запускается на нескольких компьютерах, а кластер, как правило, развёртывается на нескольких узлах, гарантируя отказоустойчивость и высокую надёжность.

View File

@ -14,4 +14,4 @@ tags:
<!--more--> <!--more-->
Рабочий узел может быть как виртуальной, так и физической машиной, в зависимости от кластера. У него есть локальные демоны или сервисы, необходимые для запуска {{< glossary_tooltip text="подов" term_id="pod" >}}, а сам он управляется панелью управления. Демоны на узле включают в себя {{< glossary_tooltip text="kubelet" term_id="kubelet" >}}, {{< glossary_tooltip text="kube-proxy" term_id="kube-proxy" >}} и среду выполнения контейнера, основанную на {{< glossary_tooltip text="CRI" term_id="cri" >}}, например {{< glossary_tooltip term_id="docker" >}}. Рабочий узел может быть как виртуальной, так и физической машиной, в зависимости от кластера. У него есть локальные демоны или сервисы, необходимые для запуска {{< glossary_tooltip text="подов" term_id="pod" >}}, а сам он управляется плоскостью управления. Демоны на узле включают в себя {{< glossary_tooltip text="kubelet" term_id="kubelet" >}}, {{< glossary_tooltip text="kube-proxy" term_id="kube-proxy" >}} и среду выполнения контейнера, основанную на {{< glossary_tooltip text="CRI" term_id="cri" >}}, например {{< glossary_tooltip term_id="docker" >}}.

View File

@ -386,7 +386,7 @@ kubectl config use-context minikube
### Панель управления ### Панель управления
Чтобы получить доступ к [панели управления Kubernetes](/docs/tasks/access-application-cluster/web-ui-dashboard/), запустите эту команду в командной оболочке после запуска Minikube, чтобы получить адрес: Чтобы получить доступ к [веб-панели управления Kubernetes](/docs/tasks/access-application-cluster/web-ui-dashboard/), запустите эту команду в командной оболочке после запуска Minikube, чтобы получить адрес:
```shell ```shell
minikube dashboard minikube dashboard

View File

@ -8,7 +8,7 @@ menu:
weight: 10 weight: 10
post: > post: >
<p>Готовы испачкать руки? Создайте простой кластер Kubernetes с запуском "Hello World" на Node.js</p> <p>Готовы испачкать руки? Создайте простой кластер Kubernetes с запуском "Hello World" на Node.js</p>
card: card:
name: tutorials name: tutorials
weight: 10 weight: 10
--- ---
@ -17,7 +17,7 @@ card:
Это руководство покажет вам, как запустить простое Hello World Node.js приложение Это руководство покажет вам, как запустить простое Hello World Node.js приложение
на Kubernetes используя [Minikube](/docs/getting-started-guides/minikube) и Katacoda. на Kubernetes используя [Minikube](/docs/getting-started-guides/minikube) и Katacoda.
Katacoda предоставляет бесплатную, встроенную в браузер Kubernetes среду. Katacoda предоставляет бесплатную, встроенную в браузер Kubernetes среду.
{{< note >}} {{< note >}}
Вы также можете следовать этому руководству, если вы установили [Minikube locally](/docs/tasks/tools/install-minikube/). Вы также можете следовать этому руководству, если вы установили [Minikube locally](/docs/tasks/tools/install-minikube/).
@ -49,13 +49,13 @@ Katacoda предоставляет бесплатную, встроенную
## Создание кластера Minikube ## Создание кластера Minikube
1. Нажмите **Запуск Терминала** 1. Нажмите **Запуск Терминала**
{{< kat-button >}} {{< kat-button >}}
{{< note >}}Если у вас локально установлен Minikube, выполните `minikube start`.{{< /note >}} {{< note >}}Если у вас локально установлен Minikube, выполните `minikube start`.{{< /note >}}
2. Откройте панель Kubernetes в браузере: 2. Откройте веб-панель Kubernetes в браузере:
```shell ```shell
minikube dashboard minikube dashboard
@ -111,7 +111,7 @@ Katacoda предоставляет бесплатную, встроенную
```shell ```shell
kubectl config view kubectl config view
``` ```
{{< note >}}Больше информации о командах `kubectl` можно найти по ссылке [обзор kubectl](/docs/user-guide/kubectl-overview/).{{< /note >}} {{< note >}}Больше информации о командах `kubectl` можно найти по ссылке [обзор kubectl](/docs/user-guide/kubectl-overview/).{{< /note >}}
## Создание сервиса ## Создание сервиса
@ -123,7 +123,7 @@ Katacoda предоставляет бесплатную, встроенную
```shell ```shell
kubectl expose deployment hello-node --type=LoadBalancer --port=8080 kubectl expose deployment hello-node --type=LoadBalancer --port=8080
``` ```
Флаг `--type=LoadBalancer` показывает, что сервис должен быть виден вне кластера. Флаг `--type=LoadBalancer` показывает, что сервис должен быть виден вне кластера.
2. Посмотреть только что созданный сервис: 2. Посмотреть только что созданный сервис:
@ -150,7 +150,7 @@ Katacoda предоставляет бесплатную, встроенную
4. Только для окружения Katacoda: Нажмите на знак "Плюс", затем нажмите **Select port to view on Host 1**. 4. Только для окружения Katacoda: Нажмите на знак "Плюс", затем нажмите **Select port to view on Host 1**.
5. Только для окружения Katacoda: Введите `30369` (порт указан рядом с `8080` в выводе сервиса), затем нажмите ???. 5. Только для окружения Katacoda: Введите `30369` (порт указан рядом с `8080` в выводе сервиса), затем нажмите ???.
Откроется окно браузера, в котором запущено ваше приложение и будет отображено сообщение "Hello World". Откроется окно браузера, в котором запущено ваше приложение и будет отображено сообщение "Hello World".
@ -186,13 +186,13 @@ Katacoda предоставляет бесплатную, встроенную
storage-provisioner: enabled storage-provisioner: enabled
storage-provisioner-gluster: disabled storage-provisioner-gluster: disabled
``` ```
2. Включить дополнение, например, `metrics-server`: 2. Включить дополнение, например, `metrics-server`:
```shell ```shell
minikube addons enable metrics-server minikube addons enable metrics-server
``` ```
Вывод: Вывод:
```shell ```shell
@ -233,7 +233,7 @@ Katacoda предоставляет бесплатную, встроенную
```shell ```shell
minikube addons disable metrics-server minikube addons disable metrics-server
``` ```
Вывод: Вывод:
```shell ```shell

View File

@ -14,6 +14,6 @@ spec:
spec: spec:
containers: containers:
- name: nginx - name: nginx
image: nginx:1.8 image: nginx:1.14.2
ports: ports:
- containerPort: 80 - containerPort: 80

View File

@ -14,6 +14,6 @@ spec:
spec: spec:
containers: containers:
- name: nginx - name: nginx
image: nginx:1.8 # Update the version of nginx from 1.7.9 to 1.8 image: nginx:1.16.1 # Update the version of nginx from 1.14.2 to 1.16.1
ports: ports:
- containerPort: 80 - containerPort: 80

View File

@ -14,6 +14,6 @@ spec:
spec: spec:
containers: containers:
- name: nginx - name: nginx
image: nginx:1.7.9 image: nginx:1.14.2
ports: ports:
- containerPort: 80 - containerPort: 80

View File

@ -20,7 +20,7 @@ spec:
spec: spec:
containers: containers:
- name: slave - name: slave
image: gcr.io/google_samples/gb-redisslave:v1 image: gcr.io/google_samples/gb-redisslave:v3
resources: resources:
requests: requests:
cpu: 100m cpu: 100m

View File

@ -1,5 +1,5 @@
kind: PersistentVolume
apiVersion: v1 apiVersion: v1
kind: PersistentVolume
metadata: metadata:
name: mysql-pv-volume name: mysql-pv-volume
labels: labels:

View File

@ -106,16 +106,16 @@ spec:
cd /var/lib/mysql cd /var/lib/mysql
# Determine binlog position of cloned data, if any. # Determine binlog position of cloned data, if any.
if [[ -f xtrabackup_slave_info ]]; then if [[ -f xtrabackup_slave_info && "x$(<xtrabackup_slave_info)" != "x" ]]; then
# XtraBackup already generated a partial "CHANGE MASTER TO" query # XtraBackup already generated a partial "CHANGE MASTER TO" query
# because we're cloning from an existing slave. # because we're cloning from an existing slave. (Need to remove the tailing semicolon!)
mv xtrabackup_slave_info change_master_to.sql.in cat xtrabackup_slave_info | sed -E 's/;$//g' > change_master_to.sql.in
# Ignore xtrabackup_binlog_info in this case (it's useless). # Ignore xtrabackup_binlog_info in this case (it's useless).
rm -f xtrabackup_binlog_info rm -f xtrabackup_slave_info xtrabackup_binlog_info
elif [[ -f xtrabackup_binlog_info ]]; then elif [[ -f xtrabackup_binlog_info ]]; then
# We're cloning directly from master. Parse binlog position. # We're cloning directly from master. Parse binlog position.
[[ `cat xtrabackup_binlog_info` =~ ^(.*?)[[:space:]]+(.*?)$ ]] || exit 1 [[ `cat xtrabackup_binlog_info` =~ ^(.*?)[[:space:]]+(.*?)$ ]] || exit 1
rm xtrabackup_binlog_info rm -f xtrabackup_binlog_info xtrabackup_slave_info
echo "CHANGE MASTER TO MASTER_LOG_FILE='${BASH_REMATCH[1]}',\ echo "CHANGE MASTER TO MASTER_LOG_FILE='${BASH_REMATCH[1]}',\
MASTER_LOG_POS=${BASH_REMATCH[2]}" > change_master_to.sql.in MASTER_LOG_POS=${BASH_REMATCH[2]}" > change_master_to.sql.in
fi fi
@ -126,16 +126,15 @@ spec:
until mysql -h 127.0.0.1 -e "SELECT 1"; do sleep 1; done until mysql -h 127.0.0.1 -e "SELECT 1"; do sleep 1; done
echo "Initializing replication from clone position" echo "Initializing replication from clone position"
mysql -h 127.0.0.1 \
-e "$(<change_master_to.sql.in), \
MASTER_HOST='mysql-0.mysql', \
MASTER_USER='root', \
MASTER_PASSWORD='', \
MASTER_CONNECT_RETRY=10; \
START SLAVE;" || exit 1
# In case of container restart, attempt this at-most-once. # In case of container restart, attempt this at-most-once.
mv change_master_to.sql.in change_master_to.sql.orig mv change_master_to.sql.in change_master_to.sql.orig
mysql -h 127.0.0.1 <<EOF
$(<change_master_to.sql.orig),
MASTER_HOST='mysql-0.mysql',
MASTER_USER='root',
MASTER_PASSWORD='',
MASTER_CONNECT_RETRY=10;
START SLAVE;
EOF
fi fi
# Start a server to send backups when requested by peers. # Start a server to send backups when requested by peers.

View File

@ -29,6 +29,6 @@ spec:
spec: spec:
containers: containers:
- name: nginx - name: nginx
image: nginx:1.7.9 image: nginx:1.14.2
ports: ports:
- containerPort: 80 - containerPort: 80

View File

@ -14,6 +14,6 @@ spec:
spec: spec:
containers: containers:
- name: nginx - name: nginx
image: nginx:1.7.9 image: nginx:1.14.2
ports: ports:
- containerPort: 80 - containerPort: 80

View File

@ -12,3 +12,5 @@ spec:
volumeMounts: volumeMounts:
- name: shared-data - name: shared-data
mountPath: /usr/share/nginx/html mountPath: /usr/share/nginx/html
hostNetwork: true
dnsPolicy: Default

View File

@ -14,6 +14,6 @@ spec:
spec: spec:
containers: containers:
- name: nginx - name: nginx
image: nginx:1.7.9 image: nginx:1.14.2
ports: ports:
- containerPort: 80 - containerPort: 80

View File

@ -13,6 +13,6 @@ spec:
spec: spec:
containers: containers:
- name: nginx - name: nginx
image: nginx:1.11.9 # update the image image: nginx:1.16.1 # update the image
ports: ports:
- containerPort: 80 - containerPort: 80

View File

@ -49,7 +49,7 @@ spec:
replicas: 3 replicas: 3
updateStrategy: updateStrategy:
type: RollingUpdate type: RollingUpdate
podManagementPolicy: Parallel podManagementPolicy: OrderedReady
template: template:
metadata: metadata:
labels: labels:

View File

@ -1,4 +1,4 @@
apiVersion: audit.k8s.io/v1beta1 # This is required. apiVersion: audit.k8s.io/v1 # This is required.
kind: Policy kind: Policy
# Don't generate audit events for all requests in RequestReceived stage. # Don't generate audit events for all requests in RequestReceived stage.
omitStages: omitStages:
@ -65,4 +65,4 @@ rules:
# Long-running requests like watches that fall under this rule will not # Long-running requests like watches that fall under this rule will not
# generate an audit event in RequestReceived. # generate an audit event in RequestReceived.
omitStages: omitStages:
- "RequestReceived" - "RequestReceived"

View File

@ -1,42 +1,44 @@
apiVersion: apps/v1 apiVersion: apps/v1
kind: DaemonSet kind: DaemonSet
metadata: metadata:
name: fluentd-elasticsearch name: fluentd-elasticsearch
namespace: kube-system namespace: kube-system
labels: labels:
k8s-app: fluentd-logging k8s-app: fluentd-logging
spec: spec:
selector: selector:
matchLabels: matchLabels:
name: fluentd-elasticsearch name: fluentd-elasticsearch
template: template:
metadata: metadata:
labels: labels:
name: fluentd-elasticsearch name: fluentd-elasticsearch
spec: spec:
tolerations: tolerations:
- key: node-role.kubernetes.io/master # this toleration is to have the daemonset runnable on master nodes
effect: NoSchedule # remove it if your masters can't run pods
containers: - key: node-role.kubernetes.io/master
- name: fluentd-elasticsearch effect: NoSchedule
image: quay.io/fluentd_elasticsearch/fluentd:v2.5.2 containers:
resources: - name: fluentd-elasticsearch
limits: image: quay.io/fluentd_elasticsearch/fluentd:v2.5.2
memory: 200Mi resources:
requests: limits:
cpu: 100m memory: 200Mi
memory: 200Mi requests:
volumeMounts: cpu: 100m
- name: varlog memory: 200Mi
mountPath: /var/log volumeMounts:
- name: varlibdockercontainers - name: varlog
mountPath: /var/lib/docker/containers mountPath: /var/log
readOnly: true - name: varlibdockercontainers
terminationGracePeriodSeconds: 30 mountPath: /var/lib/docker/containers
volumes: readOnly: true
- name: varlog terminationGracePeriodSeconds: 30
hostPath: volumes:
path: /var/log - name: varlog
- name: varlibdockercontainers hostPath:
hostPath: path: /var/log
path: /var/lib/docker/containers - name: varlibdockercontainers
hostPath:
path: /var/lib/docker/containers

View File

@ -1,38 +1,21 @@
apiVersion: apps/v1 apiVersion: apps/v1
kind: ReplicaSet kind: ReplicaSet
metadata: metadata:
name: frontend name: frontend
labels: labels:
app: guestbook app: guestbook
tier: frontend tier: frontend
spec: spec:
# modify replicas according to your case # modify replicas according to your case
replicas: 3 replicas: 3
selector: selector:
matchLabels: matchLabels:
tier: frontend tier: frontend
matchExpressions: template:
- {key: tier, operator: In, values: [frontend]} metadata:
template: labels:
metadata: tier: frontend
labels: spec:
app: guestbook containers:
tier: frontend - name: php-redis
spec: image: gcr.io/google_samples/gb-frontend:v3
containers:
- name: php-redis
image: gcr.io/google_samples/gb-frontend:v3
resources:
requests:
cpu: 100m
memory: 100Mi
env:
- name: GET_HOSTS_FROM
value: dns
# If your cluster config does not include a dns service, then to
# instead access environment variables to find service host
# info, comment out the 'value: dns' line above, and uncomment the
# line below.
# value: env
ports:
- containerPort: 80

View File

@ -1,21 +1,21 @@
apiVersion: apps/v1 apiVersion: apps/v1
kind: Deployment kind: Deployment
metadata: metadata:
name: nginx-deployment name: nginx-deployment
labels: labels:
app: nginx app: nginx
spec: spec:
replicas: 3 replicas: 3
selector: selector:
matchLabels: matchLabels:
app: nginx app: nginx
template: template:
metadata: metadata:
labels: labels:
app: nginx app: nginx
spec: spec:
containers: containers:
- name: nginx - name: nginx
image: nginx:1.15.4 image: nginx:1.14.2
ports: ports:
- containerPort: 80 - containerPort: 80

View File

@ -1,379 +1,379 @@
kind: ConfigMap apiVersion: v1
apiVersion: v1 kind: ConfigMap
data: data:
containers.input.conf: |- containers.input.conf: |-
# This configuration file for Fluentd is used # This configuration file for Fluentd is used
# to watch changes to Docker log files that live in the # to watch changes to Docker log files that live in the
# directory /var/lib/docker/containers/ and are symbolically # directory /var/lib/docker/containers/ and are symbolically
# linked to from the /var/log/containers directory using names that capture the # linked to from the /var/log/containers directory using names that capture the
# pod name and container name. These logs are then submitted to # pod name and container name. These logs are then submitted to
# Google Cloud Logging which assumes the installation of the cloud-logging plug-in. # Google Cloud Logging which assumes the installation of the cloud-logging plug-in.
# #
# Example # Example
# ======= # =======
# A line in the Docker log file might look like this JSON: # A line in the Docker log file might look like this JSON:
# #
# {"log":"2014/09/25 21:15:03 Got request with path wombat\\n", # {"log":"2014/09/25 21:15:03 Got request with path wombat\\n",
# "stream":"stderr", # "stream":"stderr",
# "time":"2014-09-25T21:15:03.499185026Z"} # "time":"2014-09-25T21:15:03.499185026Z"}
# #
# The record reformer is used to write the tag to focus on the pod name # The record reformer is used to write the tag to focus on the pod name
# and the Kubernetes container name. For example a Docker container's logs # and the Kubernetes container name. For example a Docker container's logs
# might be in the directory: # might be in the directory:
# /var/lib/docker/containers/997599971ee6366d4a5920d25b79286ad45ff37a74494f262e3bc98d909d0a7b # /var/lib/docker/containers/997599971ee6366d4a5920d25b79286ad45ff37a74494f262e3bc98d909d0a7b
# and in the file: # and in the file:
# 997599971ee6366d4a5920d25b79286ad45ff37a74494f262e3bc98d909d0a7b-json.log # 997599971ee6366d4a5920d25b79286ad45ff37a74494f262e3bc98d909d0a7b-json.log
# where 997599971ee6... is the Docker ID of the running container. # where 997599971ee6... is the Docker ID of the running container.
# The Kubernetes kubelet makes a symbolic link to this file on the host machine # The Kubernetes kubelet makes a symbolic link to this file on the host machine
# in the /var/log/containers directory which includes the pod name and the Kubernetes # in the /var/log/containers directory which includes the pod name and the Kubernetes
# container name: # container name:
# synthetic-logger-0.25lps-pod_default-synth-lgr-997599971ee6366d4a5920d25b79286ad45ff37a74494f262e3bc98d909d0a7b.log # synthetic-logger-0.25lps-pod_default-synth-lgr-997599971ee6366d4a5920d25b79286ad45ff37a74494f262e3bc98d909d0a7b.log
# -> # ->
# /var/lib/docker/containers/997599971ee6366d4a5920d25b79286ad45ff37a74494f262e3bc98d909d0a7b/997599971ee6366d4a5920d25b79286ad45ff37a74494f262e3bc98d909d0a7b-json.log # /var/lib/docker/containers/997599971ee6366d4a5920d25b79286ad45ff37a74494f262e3bc98d909d0a7b/997599971ee6366d4a5920d25b79286ad45ff37a74494f262e3bc98d909d0a7b-json.log
# The /var/log directory on the host is mapped to the /var/log directory in the container # The /var/log directory on the host is mapped to the /var/log directory in the container
# running this instance of Fluentd and we end up collecting the file: # running this instance of Fluentd and we end up collecting the file:
# /var/log/containers/synthetic-logger-0.25lps-pod_default-synth-lgr-997599971ee6366d4a5920d25b79286ad45ff37a74494f262e3bc98d909d0a7b.log # /var/log/containers/synthetic-logger-0.25lps-pod_default-synth-lgr-997599971ee6366d4a5920d25b79286ad45ff37a74494f262e3bc98d909d0a7b.log
# This results in the tag: # This results in the tag:
# var.log.containers.synthetic-logger-0.25lps-pod_default-synth-lgr-997599971ee6366d4a5920d25b79286ad45ff37a74494f262e3bc98d909d0a7b.log # var.log.containers.synthetic-logger-0.25lps-pod_default-synth-lgr-997599971ee6366d4a5920d25b79286ad45ff37a74494f262e3bc98d909d0a7b.log
# The record reformer is used is discard the var.log.containers prefix and # The record reformer is used is discard the var.log.containers prefix and
# the Docker container ID suffix and "kubernetes." is pre-pended giving the tag: # the Docker container ID suffix and "kubernetes." is pre-pended giving the tag:
# kubernetes.synthetic-logger-0.25lps-pod_default-synth-lgr # kubernetes.synthetic-logger-0.25lps-pod_default-synth-lgr
# Tag is then parsed by google_cloud plugin and translated to the metadata, # Tag is then parsed by google_cloud plugin and translated to the metadata,
# visible in the log viewer # visible in the log viewer
# Example: # Example:
# {"log":"[info:2016-02-16T16:04:05.930-08:00] Some log text here\n","stream":"stdout","time":"2016-02-17T00:04:05.931087621Z"} # {"log":"[info:2016-02-16T16:04:05.930-08:00] Some log text here\n","stream":"stdout","time":"2016-02-17T00:04:05.931087621Z"}
<source> <source>
type tail type tail
format json format json
time_key time time_key time
path /var/log/containers/*.log path /var/log/containers/*.log
pos_file /var/log/gcp-containers.log.pos pos_file /var/log/gcp-containers.log.pos
time_format %Y-%m-%dT%H:%M:%S.%N%Z time_format %Y-%m-%dT%H:%M:%S.%N%Z
tag reform.* tag reform.*
read_from_head true read_from_head true
</source> </source>
<filter reform.**> <filter reform.**>
type parser type parser
format /^(?<severity>\w)(?<time>\d{4} [^\s]*)\s+(?<pid>\d+)\s+(?<source>[^ \]]+)\] (?<log>.*)/ format /^(?<severity>\w)(?<time>\d{4} [^\s]*)\s+(?<pid>\d+)\s+(?<source>[^ \]]+)\] (?<log>.*)/
reserve_data true reserve_data true
suppress_parse_error_log true suppress_parse_error_log true
key_name log key_name log
</filter> </filter>
<match reform.**> <match reform.**>
type record_reformer type record_reformer
enable_ruby true enable_ruby true
tag raw.kubernetes.${tag_suffix[4].split('-')[0..-2].join('-')} tag raw.kubernetes.${tag_suffix[4].split('-')[0..-2].join('-')}
</match> </match>
# Detect exceptions in the log output and forward them as one log entry. # Detect exceptions in the log output and forward them as one log entry.
<match raw.kubernetes.**> <match raw.kubernetes.**>
@type copy @type copy
<store> <store>
@type prometheus @type prometheus
<metric> <metric>
type counter type counter
name logging_line_count name logging_line_count
desc Total number of lines generated by application containers desc Total number of lines generated by application containers
<labels> <labels>
tag ${tag} tag ${tag}
</labels> </labels>
</metric> </metric>
</store> </store>
<store> <store>
@type detect_exceptions @type detect_exceptions
remove_tag_prefix raw remove_tag_prefix raw
message log message log
stream stream stream stream
multiline_flush_interval 5 multiline_flush_interval 5
max_bytes 500000 max_bytes 500000
max_lines 1000 max_lines 1000
</store> </store>
</match> </match>
system.input.conf: |- system.input.conf: |-
# Example: # Example:
# Dec 21 23:17:22 gke-foo-1-1-4b5cbd14-node-4eoj startupscript: Finished running startup script /var/run/google.startup.script # Dec 21 23:17:22 gke-foo-1-1-4b5cbd14-node-4eoj startupscript: Finished running startup script /var/run/google.startup.script
<source> <source>
type tail type tail
format syslog format syslog
path /var/log/startupscript.log path /var/log/startupscript.log
pos_file /var/log/gcp-startupscript.log.pos pos_file /var/log/gcp-startupscript.log.pos
tag startupscript tag startupscript
</source> </source>
# Examples: # Examples:
# time="2016-02-04T06:51:03.053580605Z" level=info msg="GET /containers/json" # time="2016-02-04T06:51:03.053580605Z" level=info msg="GET /containers/json"
# time="2016-02-04T07:53:57.505612354Z" level=error msg="HTTP Error" err="No such image: -f" statusCode=404 # time="2016-02-04T07:53:57.505612354Z" level=error msg="HTTP Error" err="No such image: -f" statusCode=404
<source> <source>
type tail type tail
format /^time="(?<time>[^)]*)" level=(?<severity>[^ ]*) msg="(?<message>[^"]*)"( err="(?<error>[^"]*)")?( statusCode=($<status_code>\d+))?/ format /^time="(?<time>[^)]*)" level=(?<severity>[^ ]*) msg="(?<message>[^"]*)"( err="(?<error>[^"]*)")?( statusCode=($<status_code>\d+))?/
path /var/log/docker.log path /var/log/docker.log
pos_file /var/log/gcp-docker.log.pos pos_file /var/log/gcp-docker.log.pos
tag docker tag docker
</source> </source>
# Example: # Example:
# 2016/02/04 06:52:38 filePurge: successfully removed file /var/etcd/data/member/wal/00000000000006d0-00000000010a23d1.wal # 2016/02/04 06:52:38 filePurge: successfully removed file /var/etcd/data/member/wal/00000000000006d0-00000000010a23d1.wal
<source> <source>
type tail type tail
# Not parsing this, because it doesn't have anything particularly useful to # Not parsing this, because it doesn't have anything particularly useful to
# parse out of it (like severities). # parse out of it (like severities).
format none format none
path /var/log/etcd.log path /var/log/etcd.log
pos_file /var/log/gcp-etcd.log.pos pos_file /var/log/gcp-etcd.log.pos
tag etcd tag etcd
</source> </source>
# Multi-line parsing is required for all the kube logs because very large log # Multi-line parsing is required for all the kube logs because very large log
# statements, such as those that include entire object bodies, get split into # statements, such as those that include entire object bodies, get split into
# multiple lines by glog. # multiple lines by glog.
# Example: # Example:
# I0204 07:32:30.020537 3368 server.go:1048] POST /stats/container/: (13.972191ms) 200 [[Go-http-client/1.1] 10.244.1.3:40537] # I0204 07:32:30.020537 3368 server.go:1048] POST /stats/container/: (13.972191ms) 200 [[Go-http-client/1.1] 10.244.1.3:40537]
<source> <source>
type tail type tail
format multiline format multiline
multiline_flush_interval 5s multiline_flush_interval 5s
format_firstline /^\w\d{4}/ format_firstline /^\w\d{4}/
format1 /^(?<severity>\w)(?<time>\d{4} [^\s]*)\s+(?<pid>\d+)\s+(?<source>[^ \]]+)\] (?<message>.*)/ format1 /^(?<severity>\w)(?<time>\d{4} [^\s]*)\s+(?<pid>\d+)\s+(?<source>[^ \]]+)\] (?<message>.*)/
time_format %m%d %H:%M:%S.%N time_format %m%d %H:%M:%S.%N
path /var/log/kubelet.log path /var/log/kubelet.log
pos_file /var/log/gcp-kubelet.log.pos pos_file /var/log/gcp-kubelet.log.pos
tag kubelet tag kubelet
</source> </source>
# Example: # Example:
# I1118 21:26:53.975789 6 proxier.go:1096] Port "nodePort for kube-system/default-http-backend:http" (:31429/tcp) was open before and is still needed # I1118 21:26:53.975789 6 proxier.go:1096] Port "nodePort for kube-system/default-http-backend:http" (:31429/tcp) was open before and is still needed
<source> <source>
type tail type tail
format multiline format multiline
multiline_flush_interval 5s multiline_flush_interval 5s
format_firstline /^\w\d{4}/ format_firstline /^\w\d{4}/
format1 /^(?<severity>\w)(?<time>\d{4} [^\s]*)\s+(?<pid>\d+)\s+(?<source>[^ \]]+)\] (?<message>.*)/ format1 /^(?<severity>\w)(?<time>\d{4} [^\s]*)\s+(?<pid>\d+)\s+(?<source>[^ \]]+)\] (?<message>.*)/
time_format %m%d %H:%M:%S.%N time_format %m%d %H:%M:%S.%N
path /var/log/kube-proxy.log path /var/log/kube-proxy.log
pos_file /var/log/gcp-kube-proxy.log.pos pos_file /var/log/gcp-kube-proxy.log.pos
tag kube-proxy tag kube-proxy
</source> </source>
# Example: # Example:
# I0204 07:00:19.604280 5 handlers.go:131] GET /api/v1/nodes: (1.624207ms) 200 [[kube-controller-manager/v1.1.3 (linux/amd64) kubernetes/6a81b50] 127.0.0.1:38266] # I0204 07:00:19.604280 5 handlers.go:131] GET /api/v1/nodes: (1.624207ms) 200 [[kube-controller-manager/v1.1.3 (linux/amd64) kubernetes/6a81b50] 127.0.0.1:38266]
<source> <source>
type tail type tail
format multiline format multiline
multiline_flush_interval 5s multiline_flush_interval 5s
format_firstline /^\w\d{4}/ format_firstline /^\w\d{4}/
format1 /^(?<severity>\w)(?<time>\d{4} [^\s]*)\s+(?<pid>\d+)\s+(?<source>[^ \]]+)\] (?<message>.*)/ format1 /^(?<severity>\w)(?<time>\d{4} [^\s]*)\s+(?<pid>\d+)\s+(?<source>[^ \]]+)\] (?<message>.*)/
time_format %m%d %H:%M:%S.%N time_format %m%d %H:%M:%S.%N
path /var/log/kube-apiserver.log path /var/log/kube-apiserver.log
pos_file /var/log/gcp-kube-apiserver.log.pos pos_file /var/log/gcp-kube-apiserver.log.pos
tag kube-apiserver tag kube-apiserver
</source> </source>
# Example: # Example:
# 2017-02-09T00:15:57.992775796Z AUDIT: id="90c73c7c-97d6-4b65-9461-f94606ff825f" ip="104.132.1.72" method="GET" user="kubecfg" as="<self>" asgroups="<lookup>" namespace="default" uri="/api/v1/namespaces/default/pods" # 2017-02-09T00:15:57.992775796Z AUDIT: id="90c73c7c-97d6-4b65-9461-f94606ff825f" ip="104.132.1.72" method="GET" user="kubecfg" as="<self>" asgroups="<lookup>" namespace="default" uri="/api/v1/namespaces/default/pods"
# 2017-02-09T00:15:57.993528822Z AUDIT: id="90c73c7c-97d6-4b65-9461-f94606ff825f" response="200" # 2017-02-09T00:15:57.993528822Z AUDIT: id="90c73c7c-97d6-4b65-9461-f94606ff825f" response="200"
<source> <source>
type tail type tail
format multiline format multiline
multiline_flush_interval 5s multiline_flush_interval 5s
format_firstline /^\S+\s+AUDIT:/ format_firstline /^\S+\s+AUDIT:/
# Fields must be explicitly captured by name to be parsed into the record. # Fields must be explicitly captured by name to be parsed into the record.
# Fields may not always be present, and order may change, so this just looks # Fields may not always be present, and order may change, so this just looks
# for a list of key="\"quoted\" value" pairs separated by spaces. # for a list of key="\"quoted\" value" pairs separated by spaces.
# Unknown fields are ignored. # Unknown fields are ignored.
# Note: We can't separate query/response lines as format1/format2 because # Note: We can't separate query/response lines as format1/format2 because
# they don't always come one after the other for a given query. # they don't always come one after the other for a given query.
# TODO: Maybe add a JSON output mode to audit log so we can get rid of this? # TODO: Maybe add a JSON output mode to audit log so we can get rid of this?
format1 /^(?<time>\S+) AUDIT:(?: (?:id="(?<id>(?:[^"\\]|\\.)*)"|ip="(?<ip>(?:[^"\\]|\\.)*)"|method="(?<method>(?:[^"\\]|\\.)*)"|user="(?<user>(?:[^"\\]|\\.)*)"|groups="(?<groups>(?:[^"\\]|\\.)*)"|as="(?<as>(?:[^"\\]|\\.)*)"|asgroups="(?<asgroups>(?:[^"\\]|\\.)*)"|namespace="(?<namespace>(?:[^"\\]|\\.)*)"|uri="(?<uri>(?:[^"\\]|\\.)*)"|response="(?<response>(?:[^"\\]|\\.)*)"|\w+="(?:[^"\\]|\\.)*"))*/ format1 /^(?<time>\S+) AUDIT:(?: (?:id="(?<id>(?:[^"\\]|\\.)*)"|ip="(?<ip>(?:[^"\\]|\\.)*)"|method="(?<method>(?:[^"\\]|\\.)*)"|user="(?<user>(?:[^"\\]|\\.)*)"|groups="(?<groups>(?:[^"\\]|\\.)*)"|as="(?<as>(?:[^"\\]|\\.)*)"|asgroups="(?<asgroups>(?:[^"\\]|\\.)*)"|namespace="(?<namespace>(?:[^"\\]|\\.)*)"|uri="(?<uri>(?:[^"\\]|\\.)*)"|response="(?<response>(?:[^"\\]|\\.)*)"|\w+="(?:[^"\\]|\\.)*"))*/
time_format %FT%T.%L%Z time_format %FT%T.%L%Z
path /var/log/kube-apiserver-audit.log path /var/log/kube-apiserver-audit.log
pos_file /var/log/gcp-kube-apiserver-audit.log.pos pos_file /var/log/gcp-kube-apiserver-audit.log.pos
tag kube-apiserver-audit tag kube-apiserver-audit
</source> </source>
# Example: # Example:
# I0204 06:55:31.872680 5 servicecontroller.go:277] LB already exists and doesn't need update for service kube-system/kubernetes-dashboard # I0204 06:55:31.872680 5 servicecontroller.go:277] LB already exists and doesn't need update for service kube-system/kubernetes-dashboard
<source> <source>
type tail type tail
format multiline format multiline
multiline_flush_interval 5s multiline_flush_interval 5s
format_firstline /^\w\d{4}/ format_firstline /^\w\d{4}/
format1 /^(?<severity>\w)(?<time>\d{4} [^\s]*)\s+(?<pid>\d+)\s+(?<source>[^ \]]+)\] (?<message>.*)/ format1 /^(?<severity>\w)(?<time>\d{4} [^\s]*)\s+(?<pid>\d+)\s+(?<source>[^ \]]+)\] (?<message>.*)/
time_format %m%d %H:%M:%S.%N time_format %m%d %H:%M:%S.%N
path /var/log/kube-controller-manager.log path /var/log/kube-controller-manager.log
pos_file /var/log/gcp-kube-controller-manager.log.pos pos_file /var/log/gcp-kube-controller-manager.log.pos
tag kube-controller-manager tag kube-controller-manager
</source> </source>
# Example: # Example:
# W0204 06:49:18.239674 7 reflector.go:245] pkg/scheduler/factory/factory.go:193: watch of *api.Service ended with: 401: The event in requested index is outdated and cleared (the requested history has been cleared [2578313/2577886]) [2579312] # W0204 06:49:18.239674 7 reflector.go:245] pkg/scheduler/factory/factory.go:193: watch of *api.Service ended with: 401: The event in requested index is outdated and cleared (the requested history has been cleared [2578313/2577886]) [2579312]
<source> <source>
type tail type tail
format multiline format multiline
multiline_flush_interval 5s multiline_flush_interval 5s
format_firstline /^\w\d{4}/ format_firstline /^\w\d{4}/
format1 /^(?<severity>\w)(?<time>\d{4} [^\s]*)\s+(?<pid>\d+)\s+(?<source>[^ \]]+)\] (?<message>.*)/ format1 /^(?<severity>\w)(?<time>\d{4} [^\s]*)\s+(?<pid>\d+)\s+(?<source>[^ \]]+)\] (?<message>.*)/
time_format %m%d %H:%M:%S.%N time_format %m%d %H:%M:%S.%N
path /var/log/kube-scheduler.log path /var/log/kube-scheduler.log
pos_file /var/log/gcp-kube-scheduler.log.pos pos_file /var/log/gcp-kube-scheduler.log.pos
tag kube-scheduler tag kube-scheduler
</source> </source>
# Example: # Example:
# I1104 10:36:20.242766 5 rescheduler.go:73] Running Rescheduler # I1104 10:36:20.242766 5 rescheduler.go:73] Running Rescheduler
<source> <source>
type tail type tail
format multiline format multiline
multiline_flush_interval 5s multiline_flush_interval 5s
format_firstline /^\w\d{4}/ format_firstline /^\w\d{4}/
format1 /^(?<severity>\w)(?<time>\d{4} [^\s]*)\s+(?<pid>\d+)\s+(?<source>[^ \]]+)\] (?<message>.*)/ format1 /^(?<severity>\w)(?<time>\d{4} [^\s]*)\s+(?<pid>\d+)\s+(?<source>[^ \]]+)\] (?<message>.*)/
time_format %m%d %H:%M:%S.%N time_format %m%d %H:%M:%S.%N
path /var/log/rescheduler.log path /var/log/rescheduler.log
pos_file /var/log/gcp-rescheduler.log.pos pos_file /var/log/gcp-rescheduler.log.pos
tag rescheduler tag rescheduler
</source> </source>
# Example: # Example:
# I0603 15:31:05.793605 6 cluster_manager.go:230] Reading config from path /etc/gce.conf # I0603 15:31:05.793605 6 cluster_manager.go:230] Reading config from path /etc/gce.conf
<source> <source>
type tail type tail
format multiline format multiline
multiline_flush_interval 5s multiline_flush_interval 5s
format_firstline /^\w\d{4}/ format_firstline /^\w\d{4}/
format1 /^(?<severity>\w)(?<time>\d{4} [^\s]*)\s+(?<pid>\d+)\s+(?<source>[^ \]]+)\] (?<message>.*)/ format1 /^(?<severity>\w)(?<time>\d{4} [^\s]*)\s+(?<pid>\d+)\s+(?<source>[^ \]]+)\] (?<message>.*)/
time_format %m%d %H:%M:%S.%N time_format %m%d %H:%M:%S.%N
path /var/log/glbc.log path /var/log/glbc.log
pos_file /var/log/gcp-glbc.log.pos pos_file /var/log/gcp-glbc.log.pos
tag glbc tag glbc
</source> </source>
# Example: # Example:
# I0603 15:31:05.793605 6 cluster_manager.go:230] Reading config from path /etc/gce.conf # I0603 15:31:05.793605 6 cluster_manager.go:230] Reading config from path /etc/gce.conf
<source> <source>
type tail type tail
format multiline format multiline
multiline_flush_interval 5s multiline_flush_interval 5s
format_firstline /^\w\d{4}/ format_firstline /^\w\d{4}/
format1 /^(?<severity>\w)(?<time>\d{4} [^\s]*)\s+(?<pid>\d+)\s+(?<source>[^ \]]+)\] (?<message>.*)/ format1 /^(?<severity>\w)(?<time>\d{4} [^\s]*)\s+(?<pid>\d+)\s+(?<source>[^ \]]+)\] (?<message>.*)/
time_format %m%d %H:%M:%S.%N time_format %m%d %H:%M:%S.%N
path /var/log/cluster-autoscaler.log path /var/log/cluster-autoscaler.log
pos_file /var/log/gcp-cluster-autoscaler.log.pos pos_file /var/log/gcp-cluster-autoscaler.log.pos
tag cluster-autoscaler tag cluster-autoscaler
</source> </source>
# Logs from systemd-journal for interesting services. # Logs from systemd-journal for interesting services.
<source> <source>
type systemd type systemd
filters [{ "_SYSTEMD_UNIT": "docker.service" }] filters [{ "_SYSTEMD_UNIT": "docker.service" }]
pos_file /var/log/gcp-journald-docker.pos pos_file /var/log/gcp-journald-docker.pos
read_from_head true read_from_head true
tag docker tag docker
</source> </source>
<source> <source>
type systemd type systemd
filters [{ "_SYSTEMD_UNIT": "kubelet.service" }] filters [{ "_SYSTEMD_UNIT": "kubelet.service" }]
pos_file /var/log/gcp-journald-kubelet.pos pos_file /var/log/gcp-journald-kubelet.pos
read_from_head true read_from_head true
tag kubelet tag kubelet
</source> </source>
monitoring.conf: |- monitoring.conf: |-
# Prometheus monitoring # Prometheus monitoring
<source> <source>
@type prometheus @type prometheus
port 80 port 80
</source> </source>
<source> <source>
@type prometheus_monitor @type prometheus_monitor
</source> </source>
output.conf: |- output.conf: |-
# We use 2 output stanzas - one to handle the container logs and one to handle # We use 2 output stanzas - one to handle the container logs and one to handle
# the node daemon logs, the latter of which explicitly sends its logs to the # the node daemon logs, the latter of which explicitly sends its logs to the
# compute.googleapis.com service rather than container.googleapis.com to keep # compute.googleapis.com service rather than container.googleapis.com to keep
# them separate since most users don't care about the node logs. # them separate since most users don't care about the node logs.
<match kubernetes.**> <match kubernetes.**>
@type copy @type copy
<store> <store>
@type google_cloud @type google_cloud
# Set the buffer type to file to improve the reliability and reduce the memory consumption # Set the buffer type to file to improve the reliability and reduce the memory consumption
buffer_type file buffer_type file
buffer_path /var/log/fluentd-buffers/kubernetes.containers.buffer buffer_path /var/log/fluentd-buffers/kubernetes.containers.buffer
# Set queue_full action to block because we want to pause gracefully # Set queue_full action to block because we want to pause gracefully
# in case of the off-the-limits load instead of throwing an exception # in case of the off-the-limits load instead of throwing an exception
buffer_queue_full_action block buffer_queue_full_action block
# Set the chunk limit conservatively to avoid exceeding the GCL limit # Set the chunk limit conservatively to avoid exceeding the GCL limit
# of 10MiB per write request. # of 10MiB per write request.
buffer_chunk_limit 2M buffer_chunk_limit 2M
# Cap the combined memory usage of this buffer and the one below to # Cap the combined memory usage of this buffer and the one below to
# 2MiB/chunk * (6 + 2) chunks = 16 MiB # 2MiB/chunk * (6 + 2) chunks = 16 MiB
buffer_queue_limit 6 buffer_queue_limit 6
# Never wait more than 5 seconds before flushing logs in the non-error case. # Never wait more than 5 seconds before flushing logs in the non-error case.
flush_interval 5s flush_interval 5s
# Never wait longer than 30 seconds between retries. # Never wait longer than 30 seconds between retries.
max_retry_wait 30 max_retry_wait 30
# Disable the limit on the number of retries (retry forever). # Disable the limit on the number of retries (retry forever).
disable_retry_limit disable_retry_limit
# Use multiple threads for processing. # Use multiple threads for processing.
num_threads 2 num_threads 2
</store> </store>
<store> <store>
@type prometheus @type prometheus
<metric> <metric>
type counter type counter
name logging_entry_count name logging_entry_count
desc Total number of log entries generated by either an application container or a system component desc Total number of log entries generated by either an application container or a system component
<labels> <labels>
tag ${tag} tag ${tag}
component container component container
</labels> </labels>
</metric> </metric>
</store> </store>
</match> </match>
# Keep a smaller buffer here since these logs are less important than the user's # Keep a smaller buffer here since these logs are less important than the user's
# container logs. # container logs.
<match **> <match **>
@type copy @type copy
<store> <store>
@type google_cloud @type google_cloud
detect_subservice false detect_subservice false
buffer_type file buffer_type file
buffer_path /var/log/fluentd-buffers/kubernetes.system.buffer buffer_path /var/log/fluentd-buffers/kubernetes.system.buffer
buffer_queue_full_action block buffer_queue_full_action block
buffer_chunk_limit 2M buffer_chunk_limit 2M
buffer_queue_limit 2 buffer_queue_limit 2
flush_interval 5s flush_interval 5s
max_retry_wait 30 max_retry_wait 30
disable_retry_limit disable_retry_limit
num_threads 2 num_threads 2
</store> </store>
<store> <store>
@type prometheus @type prometheus
<metric> <metric>
type counter type counter
name logging_entry_count name logging_entry_count
desc Total number of log entries generated by either an application container or a system component desc Total number of log entries generated by either an application container or a system component
<labels> <labels>
tag ${tag} tag ${tag}
component system component system
</labels> </labels>
</metric> </metric>
</store> </store>
</match> </match>
metadata: metadata:
name: fluentd-gcp-config name: fluentd-gcp-config
labels: labels:
addonmanager.kubernetes.io/mode: Reconcile addonmanager.kubernetes.io/mode: Reconcile

View File

@ -1,37 +1,31 @@
apiVersion: v1 apiVersion: v1
kind: Pod kind: Pod
metadata: metadata:
name: website name: website
labels: labels:
app: website app: website
role: frontend role: frontend
annotations: annotations:
podpreset.admission.kubernetes.io/podpreset-allow-database: "resource version" podpreset.admission.kubernetes.io/podpreset-allow-database: "resource version"
spec: spec:
containers: containers:
- name: website - name: website
image: nginx image: nginx
volumeMounts: volumeMounts:
- mountPath: /cache - mountPath: /cache
name: cache-volume name: cache-volume
- mountPath: /etc/app/config.json ports:
readOnly: true - containerPort: 80
name: secret-volume env:
ports: - name: DB_PORT
- containerPort: 80 value: "6379"
env: - name: duplicate_key
- name: DB_PORT value: FROM_ENV
value: "6379" - name: expansion
- name: duplicate_key value: $(REPLACE_ME)
value: FROM_ENV envFrom:
- name: expansion - configMapRef:
value: $(REPLACE_ME) name: etcd-env-config
envFrom: volumes:
- configMapRef: - name: cache-volume
name: etcd-env-config emptyDir: {}
volumes:
- name: cache-volume
emptyDir: {}
- name: secret-volume
secret:
secretName: config-details

View File

@ -1,30 +1,24 @@
apiVersion: settings.k8s.io/v1alpha1 apiVersion: settings.k8s.io/v1alpha1
kind: PodPreset kind: PodPreset
metadata: metadata:
name: allow-database name: allow-database
spec: spec:
selector: selector:
matchLabels: matchLabels:
role: frontend role: frontend
env: env:
- name: DB_PORT - name: DB_PORT
value: "6379" value: "6379"
- name: duplicate_key - name: duplicate_key
value: FROM_ENV value: FROM_ENV
- name: expansion - name: expansion
value: $(REPLACE_ME) value: $(REPLACE_ME)
envFrom: envFrom:
- configMapRef: - configMapRef:
name: etcd-env-config name: etcd-env-config
volumeMounts: volumeMounts:
- mountPath: /cache - mountPath: /cache
name: cache-volume name: cache-volume
- mountPath: /etc/app/config.json volumes:
readOnly: true - name: cache-volume
name: secret-volume emptyDir: {}
volumes:
- name: cache-volume
emptyDir: {}
- name: secret-volume
secret:
secretName: config-details

View File

@ -5,7 +5,10 @@ metadata:
spec: spec:
containers: containers:
- name: redis - name: redis
image: kubernetes/redis:v1 image: redis:5.0.4
command:
- redis-server
- "/redis-master/redis.conf"
env: env:
- name: MASTER - name: MASTER
value: "true" value: "true"

View File

@ -30,7 +30,6 @@ spec:
volumeMounts: volumeMounts:
- name: podinfo - name: podinfo
mountPath: /etc/podinfo mountPath: /etc/podinfo
readOnly: false
volumes: volumes:
- name: podinfo - name: podinfo
downwardAPI: downwardAPI:

View File

@ -25,7 +25,6 @@ spec:
volumeMounts: volumeMounts:
- name: podinfo - name: podinfo
mountPath: /etc/podinfo mountPath: /etc/podinfo
readOnly: false
volumes: volumes:
- name: podinfo - name: podinfo
downwardAPI: downwardAPI:

View File

@ -7,9 +7,9 @@ spec:
- name: test-container - name: test-container
image: nginx image: nginx
volumeMounts: volumeMounts:
# name must match the volume name below # name must match the volume name below
- name: secret-volume - name: secret-volume
mountPath: /etc/secret-volume mountPath: /etc/secret-volume
# The secret data is exposed to Containers in the Pod through a Volume. # The secret data is exposed to Containers in the Pod through a Volume.
volumes: volumes:
- name: secret-volume - name: secret-volume

View File

@ -3,5 +3,5 @@ kind: Secret
metadata: metadata:
name: test-secret name: test-secret
data: data:
username: bXktYXBwCg== username: bXktYXBw
password: Mzk1MjgkdmRnN0piCg== password: Mzk1MjgkdmRnN0pi

View File

@ -1,5 +1,5 @@
kind: Pod
apiVersion: v1 apiVersion: v1
kind: Pod
metadata: metadata:
name: nginx name: nginx
spec: spec:
@ -9,7 +9,7 @@ spec:
volumeMounts: volumeMounts:
- mountPath: /var/run/secrets/tokens - mountPath: /var/run/secrets/tokens
name: vault-token name: vault-token
serviceAccountName: acct serviceAccountName: build-robot
volumes: volumes:
- name: vault-token - name: vault-token
projected: projected:

View File

@ -15,7 +15,7 @@ spec:
path: /healthz path: /healthz
port: 8080 port: 8080
httpHeaders: httpHeaders:
- name: X-Custom-Header - name: Custom-Header
value: Awesome value: Awesome
initialDelaySeconds: 3 initialDelaySeconds: 3
periodSeconds: 3 periodSeconds: 3

View File

@ -5,13 +5,15 @@ metadata:
spec: spec:
securityContext: securityContext:
runAsUser: 1000 runAsUser: 1000
runAsGroup: 3000
fsGroup: 2000 fsGroup: 2000
volumes: volumes:
- name: sec-ctx-vol - name: sec-ctx-vol
emptyDir: {} emptyDir: {}
containers: containers:
- name: sec-ctx-demo - name: sec-ctx-demo
image: gcr.io/google-samples/node-hello:1.0 image: busybox
command: [ "sh", "-c", "sleep 1h" ]
volumeMounts: volumeMounts:
- name: sec-ctx-vol - name: sec-ctx-vol
mountPath: /data/demo mountPath: /data/demo

View File

@ -5,6 +5,6 @@ metadata:
spec: spec:
containers: containers:
- name: nginx - name: nginx
image: nginx:1.7.9 image: nginx:1.14.2
ports: ports:
- containerPort: 80 - containerPort: 80

View File

@ -1,5 +1,5 @@
kind: PersistentVolumeClaim
apiVersion: v1 apiVersion: v1
kind: PersistentVolumeClaim
metadata: metadata:
name: task-pv-claim name: task-pv-claim
spec: spec:

View File

@ -1,12 +1,12 @@
kind: Pod
apiVersion: v1 apiVersion: v1
kind: Pod
metadata: metadata:
name: task-pv-pod name: task-pv-pod
spec: spec:
volumes: volumes:
- name: task-pv-storage - name: task-pv-storage
persistentVolumeClaim: persistentVolumeClaim:
claimName: task-pv-claim claimName: task-pv-claim
containers: containers:
- name: task-pv-container - name: task-pv-container
image: nginx image: nginx

View File

@ -1,5 +1,5 @@
kind: PersistentVolume
apiVersion: v1 apiVersion: v1
kind: PersistentVolume
metadata: metadata:
name: task-pv-volume name: task-pv-volume
labels: labels:

View File

@ -1,48 +1,48 @@
apiVersion: policy/v1beta1 apiVersion: policy/v1beta1
kind: PodSecurityPolicy kind: PodSecurityPolicy
metadata: metadata:
name: restricted name: restricted
annotations: annotations:
seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default' seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default,runtime/default'
apparmor.security.beta.kubernetes.io/allowedProfileNames: 'runtime/default' apparmor.security.beta.kubernetes.io/allowedProfileNames: 'runtime/default'
seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default' seccomp.security.alpha.kubernetes.io/defaultProfileName: 'runtime/default'
apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default' apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default'
spec: spec:
privileged: false privileged: false
# Required to prevent escalations to root. # Required to prevent escalations to root.
allowPrivilegeEscalation: false allowPrivilegeEscalation: false
# This is redundant with non-root + disallow privilege escalation, # This is redundant with non-root + disallow privilege escalation,
# but we can provide it for defense in depth. # but we can provide it for defense in depth.
requiredDropCapabilities: requiredDropCapabilities:
- ALL - ALL
# Allow core volume types. # Allow core volume types.
volumes: volumes:
- 'configMap' - 'configMap'
- 'emptyDir' - 'emptyDir'
- 'projected' - 'projected'
- 'secret' - 'secret'
- 'downwardAPI' - 'downwardAPI'
# Assume that persistentVolumes set up by the cluster admin are safe to use. # Assume that persistentVolumes set up by the cluster admin are safe to use.
- 'persistentVolumeClaim' - 'persistentVolumeClaim'
hostNetwork: false hostNetwork: false
hostIPC: false hostIPC: false
hostPID: false hostPID: false
runAsUser: runAsUser:
# Require the container to run without root privileges. # Require the container to run without root privileges.
rule: 'MustRunAsNonRoot' rule: 'MustRunAsNonRoot'
seLinux: seLinux:
# This policy assumes the nodes are using AppArmor rather than SELinux. # This policy assumes the nodes are using AppArmor rather than SELinux.
rule: 'RunAsAny' rule: 'RunAsAny'
supplementalGroups: supplementalGroups:
rule: 'MustRunAs' rule: 'MustRunAs'
ranges: ranges:
# Forbid adding the root group. # Forbid adding the root group.
- min: 1 - min: 1
max: 65535 max: 65535
fsGroup: fsGroup:
rule: 'MustRunAs' rule: 'MustRunAs'
ranges: ranges:
# Forbid adding the root group. # Forbid adding the root group.
- min: 1 - min: 1
max: 65535 max: 65535
readOnlyRootFilesystem: false readOnlyRootFilesystem: false

View File

@ -1,12 +1,12 @@
kind: Service apiVersion: v1
apiVersion: v1 kind: Service
metadata: metadata:
name: hello name: hello
spec: spec:
selector: selector:
app: hello app: hello
tier: backend tier: backend
ports: ports:
- protocol: TCP - protocol: TCP
port: 80 port: 80
targetPort: http targetPort: http

View File

@ -1,9 +1,9 @@
apiVersion: extensions/v1beta1 apiVersion: networking.k8s.io/v1beta1
kind: Ingress kind: Ingress
metadata: metadata:
name: test-ingress name: test-ingress
spec: spec:
backend: backend:
serviceName: testsvc serviceName: testsvc
servicePort: 80 servicePort: 80

View File

@ -1,46 +1,51 @@
apiVersion: v1 apiVersion: v1
kind: Service kind: Service
metadata: metadata:
name: my-nginx name: my-nginx
labels: labels:
run: my-nginx run: my-nginx
spec: spec:
type: NodePort type: NodePort
ports: ports:
- port: 8080 - port: 8080
targetPort: 80 targetPort: 80
protocol: TCP protocol: TCP
name: http name: http
- port: 443 - port: 443
protocol: TCP protocol: TCP
name: https name: https
selector: selector:
run: my-nginx run: my-nginx
--- ---
apiVersion: apps/v1 apiVersion: apps/v1
kind: Deployment kind: Deployment
metadata: metadata:
name: my-nginx name: my-nginx
spec: spec:
selector: selector:
matchLabels: matchLabels:
run: my-nginx run: my-nginx
replicas: 1 replicas: 1
template: template:
metadata: metadata:
labels: labels:
run: my-nginx run: my-nginx
spec: spec:
volumes: volumes:
- name: secret-volume - name: secret-volume
secret: secret:
secretName: nginxsecret secretName: nginxsecret
containers: - name: configmap-volume
- name: nginxhttps configMap:
image: bprashanth/nginxhttps:1.0 name: nginxconfigmap
ports: containers:
- containerPort: 443 - name: nginxhttps
- containerPort: 80 image: bprashanth/nginxhttps:1.0
volumeMounts: ports:
- mountPath: /etc/nginx/ssl - containerPort: 443
name: secret-volume - containerPort: 80
volumeMounts:
- mountPath: /etc/nginx/ssl
name: secret-volume
- mountPath: /etc/nginx/conf.d
name: configmap-volume

View File

@ -1,20 +1,20 @@
apiVersion: v1 apiVersion: v1
kind: Pod kind: Pod
metadata: metadata:
name: my-empty-dir-pod name: my-empty-dir-pod
spec: spec:
containers: containers:
- image: microsoft/windowsservercore:1709 - image: microsoft/windowsservercore:1709
name: my-empty-dir-pod name: my-empty-dir-pod
volumeMounts: volumeMounts:
- mountPath: /cache - mountPath: /cache
name: cache-volume name: cache-volume
- mountPath: C:/scratch - mountPath: C:/scratch
name: scratch-volume name: scratch-volume
volumes: volumes:
- name: cache-volume - name: cache-volume
emptyDir: {} emptyDir: {}
- name: scratch-volume - name: scratch-volume
emptyDir: {} emptyDir: {}
nodeSelector: nodeSelector:
beta.kubernetes.io/os: windows beta.kubernetes.io/os: windows

View File

@ -1,17 +1,17 @@
apiVersion: v1 apiVersion: v1
kind: Pod kind: Pod
metadata: metadata:
name: run-as-username-container-demo name: run-as-username-container-demo
spec: spec:
securityContext: securityContext:
windowsOptions: windowsOptions:
runAsUserName: "ContainerUser" runAsUserName: "ContainerUser"
containers: containers:
- name: run-as-username-demo - name: run-as-username-demo
image: mcr.microsoft.com/windows/servercore:ltsc2019 image: mcr.microsoft.com/windows/servercore:ltsc2019
command: ["ping", "-t", "localhost"] command: ["ping", "-t", "localhost"]
securityContext: securityContext:
windowsOptions: windowsOptions:
runAsUserName: "ContainerAdministrator" runAsUserName: "ContainerAdministrator"
nodeSelector: nodeSelector:
beta.kubernetes.io/os: windows kubernetes.io/os: windows

View File

@ -1,14 +1,14 @@
apiVersion: v1 apiVersion: v1
kind: Pod kind: Pod
metadata: metadata:
name: run-as-username-pod-demo name: run-as-username-pod-demo
spec: spec:
securityContext: securityContext:
windowsOptions: windowsOptions:
runAsUserName: "ContainerUser" runAsUserName: "ContainerUser"
containers: containers:
- name: run-as-username-demo - name: run-as-username-demo
image: mcr.microsoft.com/windows/servercore:ltsc2019 image: mcr.microsoft.com/windows/servercore:ltsc2019
command: ["ping", "-t", "localhost"] command: ["ping", "-t", "localhost"]
nodeSelector: nodeSelector:
beta.kubernetes.io/os: windows kubernetes.io/os: windows

View File

@ -186,3 +186,6 @@ other = "次の項目"
[warning] [warning]
other = "警告:" other = "警告:"
[input_placeholder_email_address]
other = "メールアドレス"

View File

@ -22,7 +22,7 @@
{{- if .Params.deprecated }} {{- if .Params.deprecated }}
<link rel="stylesheet" href="{{ "css/deprecation-warning.css" | relURL }}"> <link rel="stylesheet" href="{{ "css/deprecation-warning.css" | relURL }}">
{{- end }} {{- end }}
{{- if eq .Params.class "gridPage" }} {{- if or (eq .Params.class "gridPage") (eq .Params.class "gridPage gridPageHome") }}
<link rel="stylesheet" href="{{ "css/gridpage.css" | relURL }}"> <link rel="stylesheet" href="{{ "css/gridpage.css" | relURL }}">
{{- end }} {{- end }}
{{- if eq .Params.class "training" }} {{- if eq .Params.class "training" }}

View File

@ -33,12 +33,14 @@ import shutil
import subprocess import subprocess
import sys import sys
import tempfile import tempfile
import platform
error_msgs = [] error_msgs = []
# pip should be installed when Python is installed, but just in case... # pip should be installed when Python is installed, but just in case...
if not (shutil.which('pip') or shutil.which('pip3')): if not (shutil.which('pip') or shutil.which('pip3')):
error_msgs.append("Install pip so you can install PyYAML. https://pip.pypa.io/en/stable/installing") error_msgs.append(
"Install pip so you can install PyYAML. https://pip.pypa.io/en/stable/installing")
reqs = subprocess.check_output([sys.executable, '-m', 'pip', 'freeze']) reqs = subprocess.check_output([sys.executable, '-m', 'pip', 'freeze'])
installed_packages = [r.decode().split('==')[0] for r in reqs.split()] installed_packages = [r.decode().split('==')[0] for r in reqs.split()]
@ -203,7 +205,9 @@ def main():
# create the temp work_dir # create the temp work_dir
try: try:
print("Making temp work_dir") print("Making temp work_dir")
work_dir = tempfile.mkdtemp() work_dir = tempfile.mkdtemp(
dir='/tmp' if platform.system() == 'Darwin' else tempfile.gettempdir()
)
except OSError as ose: except OSError as ose:
print("[Error] Unable to create temp work_dir {}; error: {}" print("[Error] Unable to create temp work_dir {}; error: {}"
.format(work_dir, ose)) .format(work_dir, ose))