Please enable JavaScript.

Coggle requires JavaScript to display documents.

Execution Environments (Cloud Functions (use cases (tiny ETL, webhooks,…

- - - - 1..n Versions
        
        1..n Instances
        
        traffic migration -> 100% to certain version
        traffic split
      - at least 'default'
- - - - http(s), any others protocol
    - - pod(s)
        
        container(s)
        
        shares network & file system
      - kube proxy
        
        uses IP tables
      - kubelet
    - - scheduler
      - controller manager
      - api server
      - etcd
      - cloud manager
    - - Node pools
        
        assign based on label
      - private cluster
        possible
        
        accessed by GCP tools via private IP
        
        accessed by Authorized networks (trusted IP ranges)
    - - gcloud container clusters get-credentials <cluster> --zone <zone>
    - - kubectl run --generator deployment/apps.v1
      - kubectl apply
      - cloud console
      - kubectl autoscale deployment <name> --min=3 --max=10 --cpu-percent
      - rollingUpdate
      - recreate
        
        pods deleted and recreated
      - kubectl rollout undo deployment <name>
      - kubectl rollout pause/resume deployment <name>
      - deployment's rollout is triggered if and only if the deployment's Pod template (that is, .spec.template) is changed,
    - - Job
      - Parallel Job
        
        parallelism > 1
        either in yaml
        or via
        scale
      - Cron Job
        
        Kind: CronJob
    - - nodeSelector
      - nodeAfinity
      - podAfinity
      - topology: node, zone, region
      - preferredDuringSchedulingIgnoredDuringExecution
      - requiredDuringSchedulingIgnoredDuringExecution
      - Taints - defined on nodes
      - tolerations - on pods
    - - alias IP ranges
        ~4000IPs per cluster
      - NEG: Network Endpoint Groups
        used by LB - traffic from LB to PODS directly
        (not to NODES)
    - - network policy
        
        pod level firewall rules
        
        nodes recreated
        
        enable for master and nodes
        deploy network policies
      - k8s has only ServiceAccounts,
        user identities managed outside
      - RBAC
        
        Roles
        (namespace level)
        and ClusterRoles
        
        resource's + verb's
        
        Subject
        
        user
        
        group
        
        serviceAccount
      - disable access to node's metadata
        by removing role
        compute.instance.get
        as node contains secret with cert kubelete using to talk with serverAPI
      - Security Context
        Pod spec
        
        Pod Security
        Policy
    - - Volume
        
        EmptyDir
        
        ephemeral
        
        shares pod's lifecycle
        
        from node's local disk
        or memory
        
        ConfigMap
        
        ephemeral
        
        Secret
        
        = ConfigMap but secured
        
        always in-mem (tmp file system)
        
        ephemeral
        
        downwardAPI
        
        pods metadata
        
        PV, PVC
        
        persistant
        
        size, class, access (R/W)
        
        ReadWriteOnce
        
        mounted to single node
        
        ReadOnlyMany
        
        mounted to several nodes
        
        ReadWriteMany
        
        not supported by GCP disks
        but supported by NFS systems
  - - - predefined
        
        shared core
        
        memory cpu
        
        cpu optimized
        
        high mem
        
        memory optimized
    - - NEW State-full IP adresses
    - - provisioning
      - boot
      - request
    - - 2Gbps/vCPU
      - max to 200Gbps (for 176 vCPU)
      - min 10Gbps (for 2/4 vCPU)
    - - up to 24 hours
      - no live migrate
      - no auto restart
    - - next gen for preemtible
      - no max runtime limit
    - - encrypt data being processed
    - - Secure Boot, virtual
        trusted platform module or vTPM-enabled Measured Boot
  - - - app engine
      - cloud functions
      - GKE
      - Cloud Run
      - GCE
      - k8s
    - - app engine flex
      - GCE
      - GKE
      - k8s