Please enable JavaScript.
Coggle requires JavaScript to display documents.
Advanced K8S (Monitoring (Promotheus (Monitoring (Alerting), Standalone…
Advanced K8S
Monitoring
Promotheus
Monitoring
Alerting
Standalone
Open Source
Multi-Dimensional
Time Series
Metric Name
Key/Value pair
Query Language
Flexible
Distributed storage :red_cross:
Metric Collection
Pull Model
HTTP
ServiceMonitor
Operator
StatefulSet
Authentication
OIDC
ID Token
Verifiable
Originated
From Authentication Server
Not K8S :forbidden:
JSON Web Token
Username
Groups
Pass
To API Server
kubectl
Renew
token_id
Expiration
Flow
Login to IDP
Receive ID Token
Examples
Auth0
OneLogin
Pass
Token
To kubectl
Authentication Server
From kubectl
To API Server
Check
JWF signature
JWF Expiration
User
Authorization
Authorization
Granted
Sent
To kubectl
Results
From kubectl
To User
External DBA
Users
Default
X509
New User
New Certificate
Signed
by CA
API Server
HTTP
HTTP Basic
Username+PWD
To API Server
Difficult
To Maintain
Static PWD File
On Master
Path
=Argument
API Server
--basic-auth-file=/path/to/somefile
password,user,uid,"group1,group2"
Downsides
Supported
For Convenience
API Server
Restart
To add user
Proxy
Write
Own
Mechanisms
Coding
Setup
Client Certificate
Signed
by CA
Handle
Authentication
Forward
Request
To API Server K8S
With HTTP Header
Server
Specific
If methods :warning:
Not supported
Authorization
Modules
RBAC
Roles
Dynamic
Granular :green_cross:
Since
K8S 1.6
--authorization-mode=RBAC
Node
API Requests
By kubelets
ABAC
Policies
Combining
Attributes
Granular :red_cross:
Webhook
Authorization
Requests
External
REST
If
Own
Authorization
Server
Incoming
Payload
Parsing
JSON
User
Rights
API-Level
kube-apiserver
RBAC :star:
Add
Ressources
Process
Define
Roles
Assign
Users/Groups
Types
Limited
1 Namespace
Role
RoleBinding
Assign
subjects
YAML
roleRef
All
Namespaces
ClusterRole
ClusteRoleBinding
Assign
subjects
YAML
roleRef
Pre-defined
cluster-admin
super user access
ClusterRoleBinding
RoleBinding
admin
RoleBinding
edit
Read
Write
1 Namespace
Role Creation :red_cross:
view
Read
Secrets :forbidden:
Federation
Kubefed
Add/Remove
Clusters
Deploy
Federation Control Pane
Multiple clusters
Management
Cross Cluster Discovery
HA
Why
Lower latency
Fault isolation
Scale
Hybrid
Microservices
K8S
Service Discovery
Limited
Routing
Round-robin
Failure-Handling :red_cross:
Visualization
Difficult
HTTP APIs
Basic
No retry
Linkerd
Features
Transparent Proxy
Service Discovery
Routing
Latency
Canary
Failure Handling
Retry
Deadlines
Visibility
Web UI
Daemon Set
Each Node
Logging
Log aggregation
ELK
Fluentd
Log Forwarding
ElasticSearch
Indexing
LogTrail
UI
Show
Logs
One App
app.log file
kubectl logs
As a pod
Complex
Pod
Each container
Job Resource
Job
Types
Non Parallel
restartPolicy
Parallel
Fixed Completion Count
Successful
Exited pods
Work Queue
Pods
Specific taks
Then Exit
Vs Long running
tasks
Deployment
Spinnaker
Continuous Delivery
Integrated
Jenkins
Terraform
Provisioning
Initial Environment
Complementary
Software Development
Process
Automate Deployment
Cloud Native
Immutable Apps
Netflix
Features
Cluster Management
Deployment Management
Terminology
Account
User
Instance
Pod
Server Group
Replica Set
Load Balancer
K8S Service
Strategies
Blue / Green
Full switch
Load Balancer
Old -- New
Rolling Blue / Green
Progressive
Less capacity
required
roll-back
Possible
Canary
New version
X %
Packaging
Helm
Product
CNCF
Cloud Native Computing Foundation
Package manager
More & More Apps
Started
Google
Deis
Charts
Collection
Files
Description
K8S Resources
Templates
Developed
Package Maintainer
Generates
YAML
Overriding
Values
=Parameters
Scheduling
CronJob
Time
CronTab
Equivalent
5 :star:
Minutes
Hours
Days
Month
Day of week