Jump to content

User:Rush/k8s reading

From Wikitech

Admission Controllers

https://kubernetes.io/docs/admin/admission-controllers/
- "An admission controller is a piece of code that intercepts requests to the Kubernetes API server prior to persistence of the object, but after the request is authenticated and authorized....compiled into the kube-apiserver binary, and may only be configured by the cluster administrator."
https://kubernetes.io/docs/admin/extensible-admission-controllers/

Kubeadm

PODS

Pause

https://www.ianlewis.org/en/almighty-pause-container
- "It's useful to note that there has been a lot of back-and-forth on PID namespace sharing. Reaping zombies is only done by the pause container if you have PID namespace sharing enabled, and currently it is only available in Kubernetes 1.7+."

Service Mesh

https://buoyant.io/2017/05/24/a-service-mesh-for-kubernetes-part-x-the-service-mesh-api/
- "The explicit goal of the service mesh is to move service communication out of the realm of the invisible, implied infrastructure, and into the role of a first-class member of the ecosystem—where it can be monitored, managed and controlled."

Networking

General

https://medium.com/google-cloud/understanding-kubernetes-networking-pods-7117dd28727
https://thenewstack.io/hackers-guide-kubernetes-networking/
- "There is no easy way to see network namespaces, as Kubernetes and Docker don’t register them (“ip netns” won’t work with Kubernetes and Docker). "
https://medium.com/google-cloud/understanding-kubernetes-networking-services-f0cb48e4cc82
https://cloudnativelabs.github.io/post/2017-04-18-kubernetes-networking/

kube-router

https://cloudnativelabs.github.io/post/2017-05-10-kube-network-service-proxy/

Calico

3rd party setup

https://gist.github.com/danehans/b857616eaf9124e8004a1fda55c936de

CNI

General

https://chrislovecnm.com/kubernetes/cni/choosing-a-cni-provider/
https://kubernetes.io/docs/concepts/cluster-administration/network-plugins/
https://github.com/containernetworking/cni
https://github.com/kubernetes/kubernetes/issues/31307
- CNI hostport mapping does not work. CNI doesn't account for it and w/ CNI docker obv cannot fulfill.

Canal

i.e. calico for policy + flannel
https://github.com/projectcalico/canal

docker

Through proxy
- https://stackoverflow.com/questions/23111631/cannot-download-docker-images-behind-a-proxy
- https://docs.docker.com/network/proxy/

Retrieved from "https://wikitech.wikimedia.org/w/index.php?title=User:Rush/k8s_reading&oldid=1788229"