metrics

2019-12-06 22:20:20 +08:00
parent 15db9ceb42
commit 6f8c608504
18 changed files with 301 additions and 26 deletions
--- a/.vuepress/components/JoinCKACommunity.jpeg
+++ b/.vuepress/components/JoinCKACommunity.jpeg
--- a/.vuepress/config-sidebar.js
+++ b/.vuepress/config-sidebar.js
@ -469,15 +469,16 @@ module.exports = {
            },
          ]
        },
-        // {
-        //   title: '部署LNMP应用',
-        //   collapsable: true,
-        //   children: [
-        //     '/learning/k8s-practice/lnmp/wordpress'
-        //   ]
-        // }
      ]
-    }
+    },
+    {
+      title: 'Kubernetes 常见问题',
+      collapsable: true,
+      children: [
+        'faq/ping-service',
+        'faq/request-limit',
+      ]
+    },
  ],

  '/guide/': [
--- a/install/install-dashboard-offline.md
+++ b/install/install-dashboard-offline.md
@ -30,7 +30,7 @@ meta:

  输出结果如下所示：
  ```
-  eipwork/kuboard-press     latest                86eaead8421e        3 weeks ago         170MB
+  eipwork/kuboard           latest                0146965e6475        3 weeks ago         133MB
  ```

 * 将 Kuboard 镜像导出到文件
@ -55,8 +55,11 @@ meta:
 * 为镜像重新添加标签

  ``` sh
-  docker tag 86eaead8421e eipwork/kuboard:latest
+  docker tag 0146965e6475 eipwork/kuboard:latest
  ```
+  ::: tip ImageID
+  请使用上一个步骤中查询到的 image ID
+  :::

 ## 准备kuboard.yaml文件

--- a/learning/README.md
+++ b/learning/README.md
@ -99,6 +99,7 @@ meta:
    * [使用port-forward访问集群中的应用程序](/learning/k8s-practice/access/port-forward.html)
    * [Kubernetes网络模型](/learning/k8s-intermediate/service/network.html)
    * [CI/CD集成](/guide/cicd/)
+    * [容器应用的设计原则、模式和反模式](/learning/k8s-practice/micro-service/design-pattern.html)
  * 下一步，可按教程章节顺序对 Kubernetes 各种概念进行深入理解
  :::

--- a/learning/faq/metrics.md
+++ b/learning/faq/metrics.md
@ -1,7 +1,7 @@
 ---
 vssueId: 174
 layout: LearningLayout
-description: Kubernetes教程_本文解释了Kubernetes中为什么ping Service 不能成功的原因
+description: Kubernetes教程_本文解释了Kuboard中度量信息的获取方式
 meta:
  - name: keywords
    content: Kubernetes教程,K8S教程,Kubernetes Service
@ -10,3 +10,34 @@ meta:
 # Metrics

 Kuboard 界面上显示 Metrics（性能指标）信息时，调用了 Kubernetes 的 [Metrics API](https://kubernetes.io/docs/tasks/debug-application-cluster/resource-metrics-pipeline/)，
+
+## 为什么 Kuboard 显示的总内存比机器的实际内存要小？
+
+Kuboard 调用 kubernetes api [Node v1 core](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.16/#node-v1-core) 获取节点的总内存信息。该接口返回结果中，关于内存信息有如下两个部分：
+
+``` json
+"status": {
+  "capacity": {
+    "cpu": "2",
+    "ephemeral-storage": "41147472Ki",
+    "hugepages-1Gi": "0",
+    "hugepages-2Mi": "0",
+    "memory": "7733512Ki",
+    "pods": "110"
+  },
+  "allocatable": {
+    "cpu": "2",
+    "ephemeral-storage": "37921510133",
+    "hugepages-1Gi": "0",
+    "hugepages-2Mi": "0",
+    "memory": "7631112Ki",
+    "pods": "110"
+  }
+}
+```
+
+其中，`capacity` 代表节点的总容量，`allocatable` 代表 kubernetes 可以使用的容量。Kuboard 在 `计算资源` 界面上显示的节点总内存大小来自于此接口返回结果的 `status.allocatable.memory` 字段，总CPU大小来自于 `status.allocatable.cpu` 字段。
+
+## 为什么 Kuboard 显示的当前使用内存与linux显示不匹配？
+
+Kuboard 调用 kubernetes [Metrics API](https://kubernetes.io/docs/tasks/debug-application-cluster/resource-metrics-pipeline/) 获取节点 CPU 和内存使用情况，metrics-server 通过节点上的 kubelet 获取 30s 时间窗口内的 CPU 和内存使用情况，且其统计口径是由 kubelet 管理的 docker 进程的 CPU 和内存使用情况，与直接使用 linux 的 `top` 命令或 `free -h` 命令查看时的统计口径并不相同。
--- a/learning/faq/request-limit.md
+++ b/learning/faq/request-limit.md
@ -0,0 +1,12 @@
+---
+# vssueId: 174
+layout: LearningLayout
+description: Kubernetes教程_本文解释了Kubernetes中为什么ping Service 不能成功的原因
+meta:
+  - name: keywords
+    content: Kubernetes教程,K8S教程,Kubernetes Service
+---
+
+# 为什么CPU内存使用率很低，却不能调度？
+
+请查看 [带有资源请求的容器组是如何调度的](/learning/k8s-intermediate/config/computing-resource.html#带有资源请求的容器组是如何调度的)
--- a/learning/k8s-intermediate/config/affinity.md
+++ b/learning/k8s-intermediate/config/affinity.md
@ -0,0 +1,19 @@
+---
+vssueId: 64
+layout: LearningLayout
+description: Kubernetes教程_Kubernetes中的亲和性与反亲和性_Affinity_and_Anti-Affinity
+meta:
+  - name: keywords
+    content: Kubernetes教程,K8S教程,Affinity,anti-affinity,亲和性,反亲和性
+---
+
+# 亲和性与反亲和性
+
+> 参考文档：[Affinity and anti-affinity](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity)
+
+<AdSenseTitle/>
+
+`nodeSelector` 提供了一个非常简单的方式，将 Pod 限定到包含特定标签的节点上。亲和性与反亲和性（affinity / anti-affinity）特性则极大地扩展了限定的表达方式。主要的增强点在于：
+1. 表达方式更加有效（不仅仅是多个精确匹配表达式的“和”关系）
+2. 可以标识该规则为“soft” / “preference” （软性的、偏好的）而不是 hard requirement（必须的），此时，如果调度器发现该规则不能被满足，Pod 仍然可以被调度
+3. 可以对比节点上（或其他拓扑域 topological domain）已运行的其他 Pod 的标签，而不仅仅是节点自己的标签，此时，可以定义类似这样的规则：某量类 Pod 不能在同一个节点（或拓扑域）上共存
--- a/learning/k8s-intermediate/config/assign-pod-node.md
+++ b/learning/k8s-intermediate/config/assign-pod-node.md
@ -77,9 +77,14 @@ nodeSelector 是 PodSpec 中的一个字段。指定了一组名值对。节点

  此时您已完成了通过 nodeSelector 为 Pod 指定节点的任务。

-## Node isolation/restriction <Badge text="Kuboard 暂不支持" type="warn"/>
+## Node isolation/restriction
+
+向节点对象添加标签后，可以将 Pod 指定到特定（一个或一组）的节点，以便确保某些 Pod 只在具备某些隔离性、安全性或符合管理规定的节点上运行。如果将标签用于这个目的，推荐选择那些不会被 kubelet 修改的标签。这样做可以避免节点非法使用其 kubelet credential 来设置节点自己的标签，进一步影响到调度器将工作负载调度到该节点上。
+
+`NodeRestriction` 管理插件可以阻止 kubelet 设置或者修改节点上以 `node-restriction.kubernetes.io/` 开头的标签。如需要使用该标签前缀作为节点隔离的目的，需要：
+1. 确保 kubenetes 已经启用了 [Node authorizer](https://kubernetes.io/docs/reference/access-authn-authz/node/) 和 [NodeRestriction admission plugin](https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#noderestriction)
+2. 添加带 `node-restriction.kubernetes.io/` 前缀的标签到节点对象，并将这些标签作为 Pod 中的节点选择器。例如： `example.com.node-restriction.kubernetes.io/fips=true` 或 `example.com.node-restriction.kubernetes.io/pci-dss=true`。

-请参考 Kubernetes 官网文档 [Node isolation/restriction](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#node-isolation-restriction)

 ## Affinity and anti-affinity <Badge text="Kuboard 暂不支持" type="warn"/>

--- a/learning/k8s-practice/micro-service/design-pattern.md
+++ b/learning/k8s-practice/micro-service/design-pattern.md
@ -71,7 +71,7 @@ meta:

 - 捕获并响应Terminate (SIGTERM)信号，来尽快优雅的终止服务进程，以避免kill (SIGKILL)信号强行终止进程。例如一下的NodeJS代码。

-  ```
+  ``` go
  process.on('SIGTERM', function () {
    console.log("Received SIGTERM. Exiting.")
    server.close(function () {
@ -84,7 +84,7 @@ meta:

 - 返回退出码

-  ```
+  ``` go
  process.exit(0);
  ```

@ -214,7 +214,7 @@ Sidecar是最常见的模式，在同一个Pod中，我们需要把不同的责

 通常作为服务的容器有一个启动的过程，在启动过程中，服务是不可用的。Kubernetes提供了[Readiness](/learning/k8s-intermediate/workload/pod-lifecycle.html#容器的检查)探测功能。

-```
+``` yaml
 readinessProbe:
  httpGet:
    path: /
@ -233,7 +233,7 @@ readinessProbe:

 例如下面的Dockerfile例子：

-```
+``` dockerfile
 FROM ubuntu:14.04

 RUN apt-get update
@ -257,7 +257,7 @@ Latest标签用于标记最近的稳定版本，然而在创建容器时，尽

 Job是Kubernetes提供的只运行一次的容器，和service正好相反。要避免快速失败

-```
+``` yaml
 apiVersion: batch/v1
 kind: Job
 metadata:
--- a/package-lock.json
+++ b/package-lock.json
@ -887,6 +887,42 @@
      "requires": {
        "@vssue/utils": "^1.1.1",
        "axios": "^0.18.1"
+      },
+      "dependencies": {
+        "axios": {
+          "version": "0.18.1",
+          "resolved": "https://registry.npm.taobao.org/axios/download/axios-0.18.1.tgz",
+          "integrity": "sha1-/z8N4ue10YDnV62YAA8Qgbh7zqM=",
+          "dev": true,
+          "requires": {
+            "follow-redirects": "1.5.10",
+            "is-buffer": "^2.0.2"
+          }
+        },
+        "debug": {
+          "version": "3.1.0",
+          "resolved": "https://registry.npm.taobao.org/debug/download/debug-3.1.0.tgz",
+          "integrity": "sha1-W7WgZyYotkFJVmuhaBnmFRjGcmE=",
+          "dev": true,
+          "requires": {
+            "ms": "2.0.0"
+          }
+        },
+        "follow-redirects": {
+          "version": "1.5.10",
+          "resolved": "https://registry.npm.taobao.org/follow-redirects/download/follow-redirects-1.5.10.tgz",
+          "integrity": "sha1-e3qfmuov3/NnhqlP9kPtB/T/Xio=",
+          "dev": true,
+          "requires": {
+            "debug": "=3.1.0"
+          }
+        },
+        "is-buffer": {
+          "version": "2.0.4",
+          "resolved": "https://registry.npm.taobao.org/is-buffer/download/is-buffer-2.0.4.tgz?cache=0&sync_timestamp=1569905349018&other_urls=https%3A%2F%2Fregistry.npm.taobao.org%2Fis-buffer%2Fdownload%2Fis-buffer-2.0.4.tgz",
+          "integrity": "sha1-PlcvI8hBGlz9lVfISeNmXgspBiM=",
+          "dev": true
+        }
      }
    },
    "@vssue/api-github-v4": {
@ -897,6 +933,42 @@
      "requires": {
        "@vssue/utils": "^1.1.1",
        "axios": "^0.18.1"
+      },
+      "dependencies": {
+        "axios": {
+          "version": "0.18.1",
+          "resolved": "https://registry.npm.taobao.org/axios/download/axios-0.18.1.tgz",
+          "integrity": "sha1-/z8N4ue10YDnV62YAA8Qgbh7zqM=",
+          "dev": true,
+          "requires": {
+            "follow-redirects": "1.5.10",
+            "is-buffer": "^2.0.2"
+          }
+        },
+        "debug": {
+          "version": "3.1.0",
+          "resolved": "https://registry.npm.taobao.org/debug/download/debug-3.1.0.tgz",
+          "integrity": "sha1-W7WgZyYotkFJVmuhaBnmFRjGcmE=",
+          "dev": true,
+          "requires": {
+            "ms": "2.0.0"
+          }
+        },
+        "follow-redirects": {
+          "version": "1.5.10",
+          "resolved": "https://registry.npm.taobao.org/follow-redirects/download/follow-redirects-1.5.10.tgz",
+          "integrity": "sha1-e3qfmuov3/NnhqlP9kPtB/T/Xio=",
+          "dev": true,
+          "requires": {
+            "debug": "=3.1.0"
+          }
+        },
+        "is-buffer": {
+          "version": "2.0.4",
+          "resolved": "https://registry.npm.taobao.org/is-buffer/download/is-buffer-2.0.4.tgz?cache=0&sync_timestamp=1569905349018&other_urls=https%3A%2F%2Fregistry.npm.taobao.org%2Fis-buffer%2Fdownload%2Fis-buffer-2.0.4.tgz",
+          "integrity": "sha1-PlcvI8hBGlz9lVfISeNmXgspBiM=",
+          "dev": true
+        }
      }
    },
    "@vssue/utils": {
@ -1733,10 +1805,9 @@
      "integrity": "sha1-8OAD2cqef1nHpQiUXXsu+aBKVC8="
    },
    "axios": {
-      "version": "0.18.1",
-      "resolved": "https://registry.npm.taobao.org/axios/download/axios-0.18.1.tgz",
-      "integrity": "sha1-/z8N4ue10YDnV62YAA8Qgbh7zqM=",
-      "dev": true,
+      "version": "0.19.0",
+      "resolved": "https://registry.npm.taobao.org/axios/download/axios-0.19.0.tgz",
+      "integrity": "sha1-jgm/89kSLhM/e4EByPvdAO09Krg=",
      "requires": {
        "follow-redirects": "1.5.10",
        "is-buffer": "^2.0.2"
@ -1746,7 +1817,6 @@
          "version": "3.1.0",
          "resolved": "https://registry.npm.taobao.org/debug/download/debug-3.1.0.tgz",
          "integrity": "sha1-W7WgZyYotkFJVmuhaBnmFRjGcmE=",
-          "dev": true,
          "requires": {
            "ms": "2.0.0"
          }
@ -1755,7 +1825,6 @@
          "version": "1.5.10",
          "resolved": "https://registry.npm.taobao.org/follow-redirects/download/follow-redirects-1.5.10.tgz",
          "integrity": "sha1-e3qfmuov3/NnhqlP9kPtB/T/Xio=",
-          "dev": true,
          "requires": {
            "debug": "=3.1.0"
          }
@ -1763,8 +1832,7 @@
        "is-buffer": {
          "version": "2.0.4",
          "resolved": "https://registry.npm.taobao.org/is-buffer/download/is-buffer-2.0.4.tgz?cache=0&sync_timestamp=1569905349018&other_urls=https%3A%2F%2Fregistry.npm.taobao.org%2Fis-buffer%2Fdownload%2Fis-buffer-2.0.4.tgz",
-          "integrity": "sha1-PlcvI8hBGlz9lVfISeNmXgspBiM=",
-          "dev": true
+          "integrity": "sha1-PlcvI8hBGlz9lVfISeNmXgspBiM="
        }
      }
    },
--- a/package.json
+++ b/package.json
@ -25,6 +25,7 @@
    "@vuepress/plugin-pwa": "^1.2.0",
    "animated-number-vue": "^1.0.0",
    "aos": "^3.0.0-beta.6",
+    "axios": "^0.19.0",
    "bootstrap": "^4.3.1",
    "bootstrap-vue": "^2.0.4",
    "esm": "^3.2.25",
--- a/support/change-log/change-log-on-the-way.md
+++ b/support/change-log/change-log-on-the-way.md
@ -1,5 +1,9 @@
 Kuboard v1.0.x 的更新说明

+* 为什么CPU使用很低，却仍然提示无法调度？
+* 节点详情页 --> 优化布局
+* 节点详情页 --> 显示 total-request 和 total-limit
+* 节点详情页 --> 显示 pod 的 request-limit

 * 工作负载查看 --> 存储卷 --> config-volume类型的显示为JSON
  * 可在 example/monitor-prometheus 中复现
--- a/support/change-log/v1.0.x.md
+++ b/support/change-log/v1.0.x.md
@ -9,6 +9,8 @@ description: 本文描述了Kuboard_v1.0.x的版本变更说明

 了解如何 [升级Kuboard](/install/install-dashboard-upgrade.html)

+eipwork/kuboard:latest 当前对应的版本是 kuboard v1.0.4.1
+
 Kuboard v1.0.x 的更新说明

 ## v1.0.5-beta.6
--- a/t/cka/daily.md
+++ b/t/cka/daily.md
@ -59,4 +59,6 @@ CKA证书的含金量如何？考不考这个证完全取决于个人，因为

 [CKA每日一题 - Day 11](./daily/011.html)

+[CKA每日一题 - Day 12](./daily/012.html)
+
 <JoinCKACommunity/>
--- a/t/cka/daily/012.assets/640-20191206220542779.png
+++ b/t/cka/daily/012.assets/640-20191206220542779.png
--- a/t/cka/daily/012.assets/640-20191206220542926.jpeg
+++ b/t/cka/daily/012.assets/640-20191206220542926.jpeg
--- a/t/cka/daily/012.assets/640.jpeg
+++ b/t/cka/daily/012.assets/640.jpeg
--- a/t/cka/daily/012.md
+++ b/t/cka/daily/012.md
@ -0,0 +1,126 @@
+---
+vssueId: 170
+# layout: StepLayout
+sharingTitle: CKA备考打卡 - 每日一题 - Day 12
+description: CKA备考打卡 - 每日一题 - Day 12
+meta:
+  - name: keywords
+    content: Kubernetes,K8S,CKA,Certified Kubernetes Administrator
+---
+
+# CKA每日一题 --- Day 12
+
+<AdSenseTitle/>
+
+::: tip 考题
+
+```sh
+Set configuration context $ kubectl config use-context wk8s
+
+configure the kubelet systemed managed service, on the node labelled with name=wk8s-node-1,to launch a pod containing a single container of image nginx named myservice automatically.
+
+Any spec file requried should be placed in the /etc/kuberneteds/mainfests directory on the node
+
+Hints:
+
+You can ssh to the failed node using $ ssh wk8s-node-0
+
+You can assume elevated privileges on the node with the following command $ sudo -i
+```
+
+> 请给出操作步骤。
+
+
+:::
+
+<b-button v-b-toggle.collapse-join-error variant="danger" size="sm" style="margin-top: 1rem;" v-on:click="$sendGaEvent('cka-daily', 'cka-daily', 'CKA每日一题011')">答案及解析</b-button>
+<b-collapse id="collapse-join-error" class="mt-2">
+<b-card style="background-color: rgb(254, 240, 240); border: solid 1px #F56C6C;">
+
+## 答案
+
+切换至wk8s上下文：
+
+```sh
+kubectl config use-context wk8s
+```
+
+查看有label`name=wk8s-node-1`的node的信息
+
+```sh
+kubectl get nodes -l name=wk8s-node-1 -o wide
+```
+
+登录指定的机器，并获得操作权限。
+
+```sh
+ssh wk8s-node-0
+sudo -i
+```
+
+查看kubelet服务启动参数--config
+
+```sh
+systemctl status kubelet -l
+```
+
+在--config指定的文件中，找到staticPodPath文件目录
+
+```sh
+# cat /var/lib/kubelet/config.yaml|grep staticPodPath
+staticPodPath: /etc/kubernetes/manifests
+```
+
+在静态pod目录下创建yaml，使用下面命令生成符合要求的myservice.yaml，等待kubelet自动拉起静态pod
+
+```sh
+kubectl run myservice --image=nginx --generator=run-pod/v1 --dry-run -o yaml > myservice.yaml
+```
+
+
+## 解析
+
+**context相关操作官方命令指南：**
+https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands#config
+
+**Create static Pods官网说明：**
+https://kubernetes.io/docs/tasks/configure-pod-container/static-pod/
+
+本题主要考kubelet的配置，以及Static Pod的创建。
+
+可以通过`systemctl status kubelet -l`查看kubelet进程的配置文件路径。
+
+![Kubernetes_CKA_每日一题](./012.assets/640.jpeg)
+
+
+以及通过配置文件`config.yaml`找到`staticPodPath`。
+
+![Kubernetes_CKA_每日一题](./012.assets/640-20191206220542779.png)
+
+
+有时候，情况可能会不一样，`systemctl status kubelet -l`查到的`10-kubeadm.conf`中没有`config.yaml`配置：
+
+![Kubernetes_CKA_每日一题](./012.assets/640-20191206220542926.jpeg)
+
+
+而是将其直接用`--pod-manifest-path`传入，所以这种情况就需要修改`10-kubeadm.conf`中的配置路径（如果路径不是期望路径）
+
+
+
+``` sh
+--pod-manifest-path=/etc/kubernetes/manifests
+```
+
+修改后需要重启kubelet：
+
+``` sh
+systemctl start kubelet
+```
+
+</b-card>
+</b-collapse>
+
+> CKA 考试每日一题系列，全部内容由 [我的小碗汤](https://mp.weixin.qq.com/s/5tYgb_eSzHz_TMsi0U32gw) 创作，本站仅做转载
+
+
+<JoinCKACommunity/>