diff --git a/.vuepress/components/JoinCKACommunity.jpeg b/.vuepress/components/JoinCKACommunity.jpeg
index 548b18f..c64f9d1 100644
Binary files a/.vuepress/components/JoinCKACommunity.jpeg and b/.vuepress/components/JoinCKACommunity.jpeg differ
diff --git a/.vuepress/config-sidebar.js b/.vuepress/config-sidebar.js
index 3dbb54a..3598dd0 100644
--- a/.vuepress/config-sidebar.js
+++ b/.vuepress/config-sidebar.js
@@ -469,15 +469,16 @@ module.exports = {
},
]
},
- // {
- // title: '部署LNMP应用',
- // collapsable: true,
- // children: [
- // '/learning/k8s-practice/lnmp/wordpress'
- // ]
- // }
]
- }
+ },
+ {
+ title: 'Kubernetes 常见问题',
+ collapsable: true,
+ children: [
+ 'faq/ping-service',
+ 'faq/request-limit',
+ ]
+ },
],
'/guide/': [
diff --git a/install/install-dashboard-offline.md b/install/install-dashboard-offline.md
index 21c0945..5e967a7 100644
--- a/install/install-dashboard-offline.md
+++ b/install/install-dashboard-offline.md
@@ -30,7 +30,7 @@ meta:
输出结果如下所示:
```
- eipwork/kuboard-press latest 86eaead8421e 3 weeks ago 170MB
+ eipwork/kuboard latest 0146965e6475 3 weeks ago 133MB
```
* 将 Kuboard 镜像导出到文件
@@ -55,8 +55,11 @@ meta:
* 为镜像重新添加标签
``` sh
- docker tag 86eaead8421e eipwork/kuboard:latest
+ docker tag 0146965e6475 eipwork/kuboard:latest
```
+ ::: tip ImageID
+ 请使用上一个步骤中查询到的 image ID
+ :::
## 准备kuboard.yaml文件
diff --git a/learning/README.md b/learning/README.md
index 0e12a52..2e4d175 100644
--- a/learning/README.md
+++ b/learning/README.md
@@ -99,6 +99,7 @@ meta:
* [使用port-forward访问集群中的应用程序](/learning/k8s-practice/access/port-forward.html)
* [Kubernetes网络模型](/learning/k8s-intermediate/service/network.html)
* [CI/CD集成](/guide/cicd/)
+ * [容器应用的设计原则、模式和反模式](/learning/k8s-practice/micro-service/design-pattern.html)
* 下一步,可按教程章节顺序对 Kubernetes 各种概念进行深入理解
:::
diff --git a/learning/faq/metrics.md b/learning/faq/metrics.md
index caa3bef..8d6cdbf 100644
--- a/learning/faq/metrics.md
+++ b/learning/faq/metrics.md
@@ -1,7 +1,7 @@
---
vssueId: 174
layout: LearningLayout
-description: Kubernetes教程_本文解释了Kubernetes中为什么ping Service 不能成功的原因
+description: Kubernetes教程_本文解释了Kuboard中度量信息的获取方式
meta:
- name: keywords
content: Kubernetes教程,K8S教程,Kubernetes Service
@@ -10,3 +10,34 @@ meta:
# Metrics
Kuboard 界面上显示 Metrics(性能指标)信息时,调用了 Kubernetes 的 [Metrics API](https://kubernetes.io/docs/tasks/debug-application-cluster/resource-metrics-pipeline/),
+
+## 为什么 Kuboard 显示的总内存比机器的实际内存要小?
+
+Kuboard 调用 kubernetes api [Node v1 core](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.16/#node-v1-core) 获取节点的总内存信息。该接口返回结果中,关于内存信息有如下两个部分:
+
+``` json
+"status": {
+ "capacity": {
+ "cpu": "2",
+ "ephemeral-storage": "41147472Ki",
+ "hugepages-1Gi": "0",
+ "hugepages-2Mi": "0",
+ "memory": "7733512Ki",
+ "pods": "110"
+ },
+ "allocatable": {
+ "cpu": "2",
+ "ephemeral-storage": "37921510133",
+ "hugepages-1Gi": "0",
+ "hugepages-2Mi": "0",
+ "memory": "7631112Ki",
+ "pods": "110"
+ }
+}
+```
+
+其中,`capacity` 代表节点的总容量,`allocatable` 代表 kubernetes 可以使用的容量。Kuboard 在 `计算资源` 界面上显示的节点总内存大小来自于此接口返回结果的 `status.allocatable.memory` 字段,总CPU大小来自于 `status.allocatable.cpu` 字段。
+
+## 为什么 Kuboard 显示的当前使用内存与linux显示不匹配?
+
+Kuboard 调用 kubernetes [Metrics API](https://kubernetes.io/docs/tasks/debug-application-cluster/resource-metrics-pipeline/) 获取节点 CPU 和内存使用情况,metrics-server 通过节点上的 kubelet 获取 30s 时间窗口内的 CPU 和内存使用情况,且其统计口径是由 kubelet 管理的 docker 进程的 CPU 和内存使用情况,与直接使用 linux 的 `top` 命令或 `free -h` 命令查看时的统计口径并不相同。
diff --git a/learning/faq/request-limit.md b/learning/faq/request-limit.md
new file mode 100644
index 0000000..15abf82
--- /dev/null
+++ b/learning/faq/request-limit.md
@@ -0,0 +1,12 @@
+---
+# vssueId: 174
+layout: LearningLayout
+description: Kubernetes教程_本文解释了Kubernetes中为什么ping Service 不能成功的原因
+meta:
+ - name: keywords
+ content: Kubernetes教程,K8S教程,Kubernetes Service
+---
+
+# 为什么CPU内存使用率很低,却不能调度?
+
+请查看 [带有资源请求的容器组是如何调度的](/learning/k8s-intermediate/config/computing-resource.html#带有资源请求的容器组是如何调度的)
diff --git a/learning/k8s-intermediate/config/affinity.md b/learning/k8s-intermediate/config/affinity.md
new file mode 100644
index 0000000..0ca4961
--- /dev/null
+++ b/learning/k8s-intermediate/config/affinity.md
@@ -0,0 +1,19 @@
+---
+vssueId: 64
+layout: LearningLayout
+description: Kubernetes教程_Kubernetes中的亲和性与反亲和性_Affinity_and_Anti-Affinity
+meta:
+ - name: keywords
+ content: Kubernetes教程,K8S教程,Affinity,anti-affinity,亲和性,反亲和性
+---
+
+# 亲和性与反亲和性
+
+> 参考文档:[Affinity and anti-affinity](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity)
+
+
+
+`nodeSelector` 提供了一个非常简单的方式,将 Pod 限定到包含特定标签的节点上。亲和性与反亲和性(affinity / anti-affinity)特性则极大地扩展了限定的表达方式。主要的增强点在于:
+1. 表达方式更加有效(不仅仅是多个精确匹配表达式的“和”关系)
+2. 可以标识该规则为“soft” / “preference” (软性的、偏好的)而不是 hard requirement(必须的),此时,如果调度器发现该规则不能被满足,Pod 仍然可以被调度
+3. 可以对比节点上(或其他拓扑域 topological domain)已运行的其他 Pod 的标签,而不仅仅是节点自己的标签,此时,可以定义类似这样的规则:某量类 Pod 不能在同一个节点(或拓扑域)上共存
diff --git a/learning/k8s-intermediate/config/assign-pod-node.md b/learning/k8s-intermediate/config/assign-pod-node.md
index 00857c8..18d6bf8 100644
--- a/learning/k8s-intermediate/config/assign-pod-node.md
+++ b/learning/k8s-intermediate/config/assign-pod-node.md
@@ -77,9 +77,14 @@ nodeSelector 是 PodSpec 中的一个字段。指定了一组名值对。节点
此时您已完成了通过 nodeSelector 为 Pod 指定节点的任务。
-## Node isolation/restriction
+## Node isolation/restriction
+
+向节点对象添加标签后,可以将 Pod 指定到特定(一个或一组)的节点,以便确保某些 Pod 只在具备某些隔离性、安全性或符合管理规定的节点上运行。如果将标签用于这个目的,推荐选择那些不会被 kubelet 修改的标签。这样做可以避免节点非法使用其 kubelet credential 来设置节点自己的标签,进一步影响到调度器将工作负载调度到该节点上。
+
+`NodeRestriction` 管理插件可以阻止 kubelet 设置或者修改节点上以 `node-restriction.kubernetes.io/` 开头的标签。如需要使用该标签前缀作为节点隔离的目的,需要:
+1. 确保 kubenetes 已经启用了 [Node authorizer](https://kubernetes.io/docs/reference/access-authn-authz/node/) 和 [NodeRestriction admission plugin](https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#noderestriction)
+2. 添加带 `node-restriction.kubernetes.io/` 前缀的标签到节点对象,并将这些标签作为 Pod 中的节点选择器。例如: `example.com.node-restriction.kubernetes.io/fips=true` 或 `example.com.node-restriction.kubernetes.io/pci-dss=true`。
-请参考 Kubernetes 官网文档 [Node isolation/restriction](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#node-isolation-restriction)
## Affinity and anti-affinity
diff --git a/learning/k8s-practice/micro-service/design-pattern.md b/learning/k8s-practice/micro-service/design-pattern.md
index bbbc160..7cf9bcc 100644
--- a/learning/k8s-practice/micro-service/design-pattern.md
+++ b/learning/k8s-practice/micro-service/design-pattern.md
@@ -71,7 +71,7 @@ meta:
- 捕获并响应Terminate (SIGTERM)信号,来尽快优雅的终止服务进程,以避免kill (SIGKILL)信号强行终止进程。例如一下的NodeJS代码。
- ```
+ ``` go
process.on('SIGTERM', function () {
console.log("Received SIGTERM. Exiting.")
server.close(function () {
@@ -84,7 +84,7 @@ meta:
- 返回退出码
- ```
+ ``` go
process.exit(0);
```
@@ -214,7 +214,7 @@ Sidecar是最常见的模式,在同一个Pod中,我们需要把不同的责
通常作为服务的容器有一个启动的过程,在启动过程中,服务是不可用的。Kubernetes提供了[Readiness](/learning/k8s-intermediate/workload/pod-lifecycle.html#容器的检查)探测功能。
-```
+``` yaml
readinessProbe:
httpGet:
path: /
@@ -233,7 +233,7 @@ readinessProbe:
例如下面的Dockerfile例子:
-```
+``` dockerfile
FROM ubuntu:14.04
RUN apt-get update
@@ -257,7 +257,7 @@ Latest标签用于标记最近的稳定版本,然而在创建容器时,尽
Job是Kubernetes提供的只运行一次的容器,和service正好相反。要避免快速失败
-```
+``` yaml
apiVersion: batch/v1
kind: Job
metadata:
diff --git a/package-lock.json b/package-lock.json
index 62907be..11081d1 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -887,6 +887,42 @@
"requires": {
"@vssue/utils": "^1.1.1",
"axios": "^0.18.1"
+ },
+ "dependencies": {
+ "axios": {
+ "version": "0.18.1",
+ "resolved": "https://registry.npm.taobao.org/axios/download/axios-0.18.1.tgz",
+ "integrity": "sha1-/z8N4ue10YDnV62YAA8Qgbh7zqM=",
+ "dev": true,
+ "requires": {
+ "follow-redirects": "1.5.10",
+ "is-buffer": "^2.0.2"
+ }
+ },
+ "debug": {
+ "version": "3.1.0",
+ "resolved": "https://registry.npm.taobao.org/debug/download/debug-3.1.0.tgz",
+ "integrity": "sha1-W7WgZyYotkFJVmuhaBnmFRjGcmE=",
+ "dev": true,
+ "requires": {
+ "ms": "2.0.0"
+ }
+ },
+ "follow-redirects": {
+ "version": "1.5.10",
+ "resolved": "https://registry.npm.taobao.org/follow-redirects/download/follow-redirects-1.5.10.tgz",
+ "integrity": "sha1-e3qfmuov3/NnhqlP9kPtB/T/Xio=",
+ "dev": true,
+ "requires": {
+ "debug": "=3.1.0"
+ }
+ },
+ "is-buffer": {
+ "version": "2.0.4",
+ "resolved": "https://registry.npm.taobao.org/is-buffer/download/is-buffer-2.0.4.tgz?cache=0&sync_timestamp=1569905349018&other_urls=https%3A%2F%2Fregistry.npm.taobao.org%2Fis-buffer%2Fdownload%2Fis-buffer-2.0.4.tgz",
+ "integrity": "sha1-PlcvI8hBGlz9lVfISeNmXgspBiM=",
+ "dev": true
+ }
}
},
"@vssue/api-github-v4": {
@@ -897,6 +933,42 @@
"requires": {
"@vssue/utils": "^1.1.1",
"axios": "^0.18.1"
+ },
+ "dependencies": {
+ "axios": {
+ "version": "0.18.1",
+ "resolved": "https://registry.npm.taobao.org/axios/download/axios-0.18.1.tgz",
+ "integrity": "sha1-/z8N4ue10YDnV62YAA8Qgbh7zqM=",
+ "dev": true,
+ "requires": {
+ "follow-redirects": "1.5.10",
+ "is-buffer": "^2.0.2"
+ }
+ },
+ "debug": {
+ "version": "3.1.0",
+ "resolved": "https://registry.npm.taobao.org/debug/download/debug-3.1.0.tgz",
+ "integrity": "sha1-W7WgZyYotkFJVmuhaBnmFRjGcmE=",
+ "dev": true,
+ "requires": {
+ "ms": "2.0.0"
+ }
+ },
+ "follow-redirects": {
+ "version": "1.5.10",
+ "resolved": "https://registry.npm.taobao.org/follow-redirects/download/follow-redirects-1.5.10.tgz",
+ "integrity": "sha1-e3qfmuov3/NnhqlP9kPtB/T/Xio=",
+ "dev": true,
+ "requires": {
+ "debug": "=3.1.0"
+ }
+ },
+ "is-buffer": {
+ "version": "2.0.4",
+ "resolved": "https://registry.npm.taobao.org/is-buffer/download/is-buffer-2.0.4.tgz?cache=0&sync_timestamp=1569905349018&other_urls=https%3A%2F%2Fregistry.npm.taobao.org%2Fis-buffer%2Fdownload%2Fis-buffer-2.0.4.tgz",
+ "integrity": "sha1-PlcvI8hBGlz9lVfISeNmXgspBiM=",
+ "dev": true
+ }
}
},
"@vssue/utils": {
@@ -1733,10 +1805,9 @@
"integrity": "sha1-8OAD2cqef1nHpQiUXXsu+aBKVC8="
},
"axios": {
- "version": "0.18.1",
- "resolved": "https://registry.npm.taobao.org/axios/download/axios-0.18.1.tgz",
- "integrity": "sha1-/z8N4ue10YDnV62YAA8Qgbh7zqM=",
- "dev": true,
+ "version": "0.19.0",
+ "resolved": "https://registry.npm.taobao.org/axios/download/axios-0.19.0.tgz",
+ "integrity": "sha1-jgm/89kSLhM/e4EByPvdAO09Krg=",
"requires": {
"follow-redirects": "1.5.10",
"is-buffer": "^2.0.2"
@@ -1746,7 +1817,6 @@
"version": "3.1.0",
"resolved": "https://registry.npm.taobao.org/debug/download/debug-3.1.0.tgz",
"integrity": "sha1-W7WgZyYotkFJVmuhaBnmFRjGcmE=",
- "dev": true,
"requires": {
"ms": "2.0.0"
}
@@ -1755,7 +1825,6 @@
"version": "1.5.10",
"resolved": "https://registry.npm.taobao.org/follow-redirects/download/follow-redirects-1.5.10.tgz",
"integrity": "sha1-e3qfmuov3/NnhqlP9kPtB/T/Xio=",
- "dev": true,
"requires": {
"debug": "=3.1.0"
}
@@ -1763,8 +1832,7 @@
"is-buffer": {
"version": "2.0.4",
"resolved": "https://registry.npm.taobao.org/is-buffer/download/is-buffer-2.0.4.tgz?cache=0&sync_timestamp=1569905349018&other_urls=https%3A%2F%2Fregistry.npm.taobao.org%2Fis-buffer%2Fdownload%2Fis-buffer-2.0.4.tgz",
- "integrity": "sha1-PlcvI8hBGlz9lVfISeNmXgspBiM=",
- "dev": true
+ "integrity": "sha1-PlcvI8hBGlz9lVfISeNmXgspBiM="
}
}
},
diff --git a/package.json b/package.json
index fd7f694..1fc376a 100644
--- a/package.json
+++ b/package.json
@@ -25,6 +25,7 @@
"@vuepress/plugin-pwa": "^1.2.0",
"animated-number-vue": "^1.0.0",
"aos": "^3.0.0-beta.6",
+ "axios": "^0.19.0",
"bootstrap": "^4.3.1",
"bootstrap-vue": "^2.0.4",
"esm": "^3.2.25",
diff --git a/support/change-log/change-log-on-the-way.md b/support/change-log/change-log-on-the-way.md
index e35acf2..2c1cce3 100644
--- a/support/change-log/change-log-on-the-way.md
+++ b/support/change-log/change-log-on-the-way.md
@@ -1,5 +1,9 @@
Kuboard v1.0.x 的更新说明
+* 为什么CPU使用很低,却仍然提示无法调度?
+* 节点详情页 --> 优化布局
+* 节点详情页 --> 显示 total-request 和 total-limit
+* 节点详情页 --> 显示 pod 的 request-limit
* 工作负载查看 --> 存储卷 --> config-volume类型的显示为JSON
* 可在 example/monitor-prometheus 中复现
diff --git a/support/change-log/v1.0.x.md b/support/change-log/v1.0.x.md
index eeb8a87..df2e434 100644
--- a/support/change-log/v1.0.x.md
+++ b/support/change-log/v1.0.x.md
@@ -9,6 +9,8 @@ description: 本文描述了Kuboard_v1.0.x的版本变更说明
了解如何 [升级Kuboard](/install/install-dashboard-upgrade.html)
+eipwork/kuboard:latest 当前对应的版本是 kuboard v1.0.4.1
+
Kuboard v1.0.x 的更新说明
## v1.0.5-beta.6
diff --git a/t/cka/daily.md b/t/cka/daily.md
index c774dea..964a763 100644
--- a/t/cka/daily.md
+++ b/t/cka/daily.md
@@ -59,4 +59,6 @@ CKA证书的含金量如何?考不考这个证完全取决于个人,因为
[CKA每日一题 - Day 11](./daily/011.html)
+[CKA每日一题 - Day 12](./daily/012.html)
+
diff --git a/t/cka/daily/012.assets/640-20191206220542779.png b/t/cka/daily/012.assets/640-20191206220542779.png
new file mode 100644
index 0000000..9a3e632
Binary files /dev/null and b/t/cka/daily/012.assets/640-20191206220542779.png differ
diff --git a/t/cka/daily/012.assets/640-20191206220542926.jpeg b/t/cka/daily/012.assets/640-20191206220542926.jpeg
new file mode 100644
index 0000000..a1bef9a
Binary files /dev/null and b/t/cka/daily/012.assets/640-20191206220542926.jpeg differ
diff --git a/t/cka/daily/012.assets/640.jpeg b/t/cka/daily/012.assets/640.jpeg
new file mode 100644
index 0000000..76d9c46
Binary files /dev/null and b/t/cka/daily/012.assets/640.jpeg differ
diff --git a/t/cka/daily/012.md b/t/cka/daily/012.md
new file mode 100644
index 0000000..cba72ae
--- /dev/null
+++ b/t/cka/daily/012.md
@@ -0,0 +1,126 @@
+---
+vssueId: 170
+# layout: StepLayout
+sharingTitle: CKA备考打卡 - 每日一题 - Day 12
+description: CKA备考打卡 - 每日一题 - Day 12
+meta:
+ - name: keywords
+ content: Kubernetes,K8S,CKA,Certified Kubernetes Administrator
+---
+
+# CKA每日一题 --- Day 12
+
+
+
+::: tip 考题
+
+```sh
+Set configuration context $ kubectl config use-context wk8s
+
+configure the kubelet systemed managed service, on the node labelled with name=wk8s-node-1,to launch a pod containing a single container of image nginx named myservice automatically.
+
+Any spec file requried should be placed in the /etc/kuberneteds/mainfests directory on the node
+
+Hints:
+
+You can ssh to the failed node using $ ssh wk8s-node-0
+
+You can assume elevated privileges on the node with the following command $ sudo -i
+```
+
+> 请给出操作步骤。
+
+
+:::
+
+答案及解析
+
+
+
+## 答案
+
+切换至wk8s上下文:
+
+```sh
+kubectl config use-context wk8s
+```
+
+查看有label`name=wk8s-node-1`的node的信息
+
+```sh
+kubectl get nodes -l name=wk8s-node-1 -o wide
+```
+
+登录指定的机器,并获得操作权限。
+
+```sh
+ssh wk8s-node-0
+sudo -i
+```
+
+查看kubelet服务启动参数--config
+
+```sh
+systemctl status kubelet -l
+```
+
+在--config指定的文件中,找到staticPodPath文件目录
+
+```sh
+# cat /var/lib/kubelet/config.yaml|grep staticPodPath
+staticPodPath: /etc/kubernetes/manifests
+```
+
+在静态pod目录下创建yaml,使用下面命令生成符合要求的myservice.yaml,等待kubelet自动拉起静态pod
+
+```sh
+kubectl run myservice --image=nginx --generator=run-pod/v1 --dry-run -o yaml > myservice.yaml
+```
+
+
+## 解析
+
+**context相关操作官方命令指南:**
+https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands#config
+
+**Create static Pods官网说明:**
+https://kubernetes.io/docs/tasks/configure-pod-container/static-pod/
+
+本题主要考kubelet的配置,以及Static Pod的创建。
+
+可以通过`systemctl status kubelet -l`查看kubelet进程的配置文件路径。
+
+
+
+
+以及通过配置文件`config.yaml`找到`staticPodPath`。
+
+
+
+
+有时候,情况可能会不一样,`systemctl status kubelet -l`查到的`10-kubeadm.conf`中没有`config.yaml`配置:
+
+
+
+
+而是将其直接用`--pod-manifest-path`传入,所以这种情况就需要修改`10-kubeadm.conf`中的配置路径(如果路径不是期望路径)
+
+
+
+``` sh
+--pod-manifest-path=/etc/kubernetes/manifests
+```
+
+修改后需要重启kubelet:
+
+``` sh
+systemctl start kubelet
+```
+
+
+
+
+> CKA 考试每日一题系列,全部内容由 [我的小碗汤](https://mp.weixin.qq.com/s/5tYgb_eSzHz_TMsi0U32gw) 创作,本站仅做转载
+
+
+