5066 lines
311 KiB
HTML
5066 lines
311 KiB
HTML
|
||
<!DOCTYPE HTML>
|
||
<html lang="zh-hans" >
|
||
<head>
|
||
<meta charset="UTF-8">
|
||
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
|
||
<title>Kubernetes中的用户与身份认证授权 · Kubernetes Handbook - Kubernetes中文指南/云原生应用架构实践手册 by Jimmy Song(宋净超)</title>
|
||
<meta http-equiv="X-UA-Compatible" content="IE=edge" />
|
||
<meta name="description" content="">
|
||
<meta name="generator" content="GitBook 3.2.3">
|
||
<meta name="author" content="Jimmy Song(宋净超)">
|
||
|
||
|
||
|
||
<link rel="stylesheet" href="../gitbook/style.css">
|
||
|
||
|
||
|
||
|
||
<link rel="stylesheet" href="../gitbook/gitbook-plugin-splitter/splitter.css">
|
||
|
||
|
||
|
||
<link rel="stylesheet" href="../gitbook/gitbook-plugin-page-toc-button/plugin.css">
|
||
|
||
|
||
|
||
<link rel="stylesheet" href="../gitbook/gitbook-plugin-image-captions/image-captions.css">
|
||
|
||
|
||
|
||
<link rel="stylesheet" href="../gitbook/gitbook-plugin-back-to-top-button/plugin.css">
|
||
|
||
|
||
|
||
<link rel="stylesheet" href="../gitbook/gitbook-plugin-search-plus/search.css">
|
||
|
||
|
||
|
||
<link rel="stylesheet" href="../gitbook/gitbook-plugin-tbfed-pagefooter/footer.css">
|
||
|
||
|
||
|
||
<link rel="stylesheet" href="../gitbook/gitbook-plugin-prism/prism-ghcolors.css">
|
||
|
||
|
||
|
||
<link rel="stylesheet" href="../gitbook/gitbook-plugin-lightbox/lightbox.min.css">
|
||
|
||
|
||
|
||
<link rel="stylesheet" href="../gitbook/gitbook-plugin-alerts/style.css">
|
||
|
||
|
||
|
||
<link rel="stylesheet" href="../gitbook/gitbook-plugin-fontsettings/website.css">
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
<meta name="HandheldFriendly" content="true"/>
|
||
<meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=no">
|
||
<meta name="apple-mobile-web-app-capable" content="yes">
|
||
<meta name="apple-mobile-web-app-status-bar-style" content="black">
|
||
<link rel="apple-touch-icon-precomposed" sizes="152x152" href="../gitbook/images/apple-touch-icon-precomposed-152.png">
|
||
<link rel="shortcut icon" href="../gitbook/images/favicon.ico" type="image/x-icon">
|
||
|
||
|
||
<link rel="next" href="kubernetes-security-best-practice.html" />
|
||
|
||
|
||
<link rel="prev" href="auth-with-kubeconfig-or-token.html" />
|
||
|
||
|
||
|
||
<link rel="shortcut icon" href='../favicon.ico' type="image/x-icon">
|
||
|
||
|
||
<link rel="bookmark" href='../favicon.ico' type="image/x-icon">
|
||
|
||
|
||
|
||
|
||
<style>
|
||
@media only screen and (max-width: 640px) {
|
||
.book-header .hidden-mobile {
|
||
display: none;
|
||
}
|
||
}
|
||
</style>
|
||
<script>
|
||
window["gitbook-plugin-github-buttons"] = {"repo":"rootsongjc/kubernetes-handbook","types":["star"],"size":"small"};
|
||
</script>
|
||
|
||
</head>
|
||
<body>
|
||
|
||
<div class="book">
|
||
<div class="book-summary">
|
||
|
||
|
||
<div id="book-search-input" role="search">
|
||
<input type="text" placeholder="输入并搜索" />
|
||
</div>
|
||
|
||
|
||
<nav role="navigation">
|
||
|
||
|
||
|
||
<ul class="summary">
|
||
|
||
|
||
|
||
|
||
<li>
|
||
<a href="https://jimmysong.io" target="_blank" class="custom-link">回到主页</a>
|
||
</li>
|
||
|
||
|
||
<li>
|
||
<a href="https://jimmysong.io/awesome-cloud-native" target="_blank" class="custom-link">Awesome Cloud Native</a>
|
||
</li>
|
||
|
||
|
||
|
||
|
||
<li class="divider"></li>
|
||
|
||
|
||
|
||
|
||
<li class="header">前言</li>
|
||
|
||
|
||
|
||
<li class="chapter " data-level="1.1" data-path="../">
|
||
|
||
<a href="../">
|
||
|
||
|
||
<b>1.1.</b>
|
||
|
||
序言
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
|
||
|
||
|
||
<li class="header">云原生</li>
|
||
|
||
|
||
|
||
<li class="chapter " data-level="2.1" data-path="../cloud-native/cloud-native-definition.html">
|
||
|
||
<a href="../cloud-native/cloud-native-definition.html">
|
||
|
||
|
||
<b>2.1.</b>
|
||
|
||
云原生(Cloud Native)的定义
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="2.2" data-path="../cloud-native/cloud-native-philosophy.html">
|
||
|
||
<a href="../cloud-native/cloud-native-philosophy.html">
|
||
|
||
|
||
<b>2.2.</b>
|
||
|
||
云原生的设计哲学
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="2.3" data-path="../cloud-native/play-with-kubernetes.html">
|
||
|
||
<a href="../cloud-native/play-with-kubernetes.html">
|
||
|
||
|
||
<b>2.3.</b>
|
||
|
||
Play with Kubernetes
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="2.4" data-path="../cloud-native/cloud-native-local-quick-start.html">
|
||
|
||
<a href="../cloud-native/cloud-native-local-quick-start.html">
|
||
|
||
|
||
<b>2.4.</b>
|
||
|
||
快速部署一个云原生本地实验环境
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="2.5" data-path="../cloud-native/setup-kubernetes-with-rancher-and-aliyun.html">
|
||
|
||
<a href="../cloud-native/setup-kubernetes-with-rancher-and-aliyun.html">
|
||
|
||
|
||
<b>2.5.</b>
|
||
|
||
使用Rancher在阿里云上部署Kubenretes集群
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="2.6" data-path="../cloud-native/kubernetes-and-cloud-native-app-overview.html">
|
||
|
||
<a href="../cloud-native/kubernetes-and-cloud-native-app-overview.html">
|
||
|
||
|
||
<b>2.6.</b>
|
||
|
||
Kubernetes与云原生应用概览
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="2.7" data-path="../cloud-native/from-kubernetes-to-cloud-native.html">
|
||
|
||
<a href="../cloud-native/from-kubernetes-to-cloud-native.html">
|
||
|
||
|
||
<b>2.7.</b>
|
||
|
||
云原生应用之路——从Kubernetes到Cloud Native
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="2.8" data-path="../cloud-native/cloud-native-programming-languages.html">
|
||
|
||
<a href="../cloud-native/cloud-native-programming-languages.html">
|
||
|
||
|
||
<b>2.8.</b>
|
||
|
||
云原生编程语言
|
||
|
||
</a>
|
||
|
||
|
||
|
||
<ul class="articles">
|
||
|
||
|
||
<li class="chapter " data-level="2.8.1" data-path="../cloud-native/cloud-native-programming-language-ballerina.html">
|
||
|
||
<a href="../cloud-native/cloud-native-programming-language-ballerina.html">
|
||
|
||
|
||
<b>2.8.1.</b>
|
||
|
||
云原生编程语言Ballerina
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="2.8.2" data-path="../cloud-native/cloud-native-programming-language-pulumi.html">
|
||
|
||
<a href="../cloud-native/cloud-native-programming-language-pulumi.html">
|
||
|
||
|
||
<b>2.8.2.</b>
|
||
|
||
云原生编程语言Pulumi
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
|
||
</ul>
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="2.9" data-path="../cloud-native/the-future-of-cloud-native.html">
|
||
|
||
<a href="../cloud-native/the-future-of-cloud-native.html">
|
||
|
||
|
||
<b>2.9.</b>
|
||
|
||
云原生的未来
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
|
||
|
||
|
||
<li class="header">概念与原理</li>
|
||
|
||
|
||
|
||
<li class="chapter " data-level="3.1" data-path="../concepts/">
|
||
|
||
<a href="../concepts/">
|
||
|
||
|
||
<b>3.1.</b>
|
||
|
||
Kubernetes架构
|
||
|
||
</a>
|
||
|
||
|
||
|
||
<ul class="articles">
|
||
|
||
|
||
<li class="chapter " data-level="3.1.1" data-path="../concepts/concepts.html">
|
||
|
||
<a href="../concepts/concepts.html">
|
||
|
||
|
||
<b>3.1.1.</b>
|
||
|
||
设计理念
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="3.1.2" data-path="../concepts/etcd.html">
|
||
|
||
<a href="../concepts/etcd.html">
|
||
|
||
|
||
<b>3.1.2.</b>
|
||
|
||
Etcd解析
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="3.1.3" data-path="../concepts/open-interfaces.html">
|
||
|
||
<a href="../concepts/open-interfaces.html">
|
||
|
||
|
||
<b>3.1.3.</b>
|
||
|
||
开放接口
|
||
|
||
</a>
|
||
|
||
|
||
|
||
<ul class="articles">
|
||
|
||
|
||
<li class="chapter " data-level="3.1.3.1" data-path="../concepts/cri.html">
|
||
|
||
<a href="../concepts/cri.html">
|
||
|
||
|
||
<b>3.1.3.1.</b>
|
||
|
||
CRI - Container Runtime Interface(容器运行时接口)
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="3.1.3.2" data-path="../concepts/cni.html">
|
||
|
||
<a href="../concepts/cni.html">
|
||
|
||
|
||
<b>3.1.3.2.</b>
|
||
|
||
CNI - Container Network Interface(容器网络接口)
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="3.1.3.3" data-path="../concepts/csi.html">
|
||
|
||
<a href="../concepts/csi.html">
|
||
|
||
|
||
<b>3.1.3.3.</b>
|
||
|
||
CSI - Container Storage Interface(容器存储接口)
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
|
||
</ul>
|
||
|
||
</li>
|
||
|
||
|
||
</ul>
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="3.2" data-path="../concepts/networking.html">
|
||
|
||
<a href="../concepts/networking.html">
|
||
|
||
|
||
<b>3.2.</b>
|
||
|
||
Kubernetes中的网络
|
||
|
||
</a>
|
||
|
||
|
||
|
||
<ul class="articles">
|
||
|
||
|
||
<li class="chapter " data-level="3.2.1" data-path="../concepts/flannel.html">
|
||
|
||
<a href="../concepts/flannel.html">
|
||
|
||
|
||
<b>3.2.1.</b>
|
||
|
||
Kubernetes中的网络解析——以flannel为例
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="3.2.2" data-path="../concepts/calico.html">
|
||
|
||
<a href="../concepts/calico.html">
|
||
|
||
|
||
<b>3.2.2.</b>
|
||
|
||
Kubernetes中的网络解析——以calico为例
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="3.2.3" data-path="../concepts/cilium.html">
|
||
|
||
<a href="../concepts/cilium.html">
|
||
|
||
|
||
<b>3.2.3.</b>
|
||
|
||
具备API感知的网络和安全性管理开源软件Cilium
|
||
|
||
</a>
|
||
|
||
|
||
|
||
<ul class="articles">
|
||
|
||
|
||
<li class="chapter " data-level="3.2.3.1" data-path="../concepts/cilium-concepts.html">
|
||
|
||
<a href="../concepts/cilium-concepts.html">
|
||
|
||
|
||
<b>3.2.3.1.</b>
|
||
|
||
Cilium架构设计与概念解析
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
|
||
</ul>
|
||
|
||
</li>
|
||
|
||
|
||
</ul>
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="3.3" data-path="../concepts/objects.html">
|
||
|
||
<a href="../concepts/objects.html">
|
||
|
||
|
||
<b>3.3.</b>
|
||
|
||
资源对象与基本概念解析
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="3.4" data-path="../concepts/pod-state-and-lifecycle.html">
|
||
|
||
<a href="../concepts/pod-state-and-lifecycle.html">
|
||
|
||
|
||
<b>3.4.</b>
|
||
|
||
Pod状态与生命周期管理
|
||
|
||
</a>
|
||
|
||
|
||
|
||
<ul class="articles">
|
||
|
||
|
||
<li class="chapter " data-level="3.4.1" data-path="../concepts/pod-overview.html">
|
||
|
||
<a href="../concepts/pod-overview.html">
|
||
|
||
|
||
<b>3.4.1.</b>
|
||
|
||
Pod概览
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="3.4.2" data-path="../concepts/pod.html">
|
||
|
||
<a href="../concepts/pod.html">
|
||
|
||
|
||
<b>3.4.2.</b>
|
||
|
||
Pod解析
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="3.4.3" data-path="../concepts/init-containers.html">
|
||
|
||
<a href="../concepts/init-containers.html">
|
||
|
||
|
||
<b>3.4.3.</b>
|
||
|
||
Init容器
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="3.4.4" data-path="../concepts/pause-container.html">
|
||
|
||
<a href="../concepts/pause-container.html">
|
||
|
||
|
||
<b>3.4.4.</b>
|
||
|
||
Pause容器
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="3.4.5" data-path="../concepts/pod-security-policy.html">
|
||
|
||
<a href="../concepts/pod-security-policy.html">
|
||
|
||
|
||
<b>3.4.5.</b>
|
||
|
||
Pod安全策略
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="3.4.6" data-path="../concepts/pod-lifecycle.html">
|
||
|
||
<a href="../concepts/pod-lifecycle.html">
|
||
|
||
|
||
<b>3.4.6.</b>
|
||
|
||
Pod的生命周期
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="3.4.7" data-path="../concepts/pod-hook.html">
|
||
|
||
<a href="../concepts/pod-hook.html">
|
||
|
||
|
||
<b>3.4.7.</b>
|
||
|
||
Pod Hook
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="3.4.8" data-path="../concepts/pod-preset.html">
|
||
|
||
<a href="../concepts/pod-preset.html">
|
||
|
||
|
||
<b>3.4.8.</b>
|
||
|
||
Pod Preset
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="3.4.9" data-path="../concepts/pod-disruption-budget.html">
|
||
|
||
<a href="../concepts/pod-disruption-budget.html">
|
||
|
||
|
||
<b>3.4.9.</b>
|
||
|
||
Pod中断与PDB(Pod中断预算)
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
|
||
</ul>
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="3.5" data-path="../concepts/cluster.html">
|
||
|
||
<a href="../concepts/cluster.html">
|
||
|
||
|
||
<b>3.5.</b>
|
||
|
||
集群资源管理
|
||
|
||
</a>
|
||
|
||
|
||
|
||
<ul class="articles">
|
||
|
||
|
||
<li class="chapter " data-level="3.5.1" data-path="../concepts/node.html">
|
||
|
||
<a href="../concepts/node.html">
|
||
|
||
|
||
<b>3.5.1.</b>
|
||
|
||
Node
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="3.5.2" data-path="../concepts/namespace.html">
|
||
|
||
<a href="../concepts/namespace.html">
|
||
|
||
|
||
<b>3.5.2.</b>
|
||
|
||
Namespace
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="3.5.3" data-path="../concepts/label.html">
|
||
|
||
<a href="../concepts/label.html">
|
||
|
||
|
||
<b>3.5.3.</b>
|
||
|
||
Label
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="3.5.4" data-path="../concepts/annotation.html">
|
||
|
||
<a href="../concepts/annotation.html">
|
||
|
||
|
||
<b>3.5.4.</b>
|
||
|
||
Annotation
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="3.5.5" data-path="../concepts/taint-and-toleration.html">
|
||
|
||
<a href="../concepts/taint-and-toleration.html">
|
||
|
||
|
||
<b>3.5.5.</b>
|
||
|
||
Taint和Toleration(污点和容忍)
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="3.5.6" data-path="../concepts/garbage-collection.html">
|
||
|
||
<a href="../concepts/garbage-collection.html">
|
||
|
||
|
||
<b>3.5.6.</b>
|
||
|
||
垃圾收集
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
|
||
</ul>
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="3.6" data-path="../concepts/controllers.html">
|
||
|
||
<a href="../concepts/controllers.html">
|
||
|
||
|
||
<b>3.6.</b>
|
||
|
||
控制器
|
||
|
||
</a>
|
||
|
||
|
||
|
||
<ul class="articles">
|
||
|
||
|
||
<li class="chapter " data-level="3.6.1" data-path="../concepts/deployment.html">
|
||
|
||
<a href="../concepts/deployment.html">
|
||
|
||
|
||
<b>3.6.1.</b>
|
||
|
||
Deployment
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="3.6.2" data-path="../concepts/statefulset.html">
|
||
|
||
<a href="../concepts/statefulset.html">
|
||
|
||
|
||
<b>3.6.2.</b>
|
||
|
||
StatefulSet
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="3.6.3" data-path="../concepts/daemonset.html">
|
||
|
||
<a href="../concepts/daemonset.html">
|
||
|
||
|
||
<b>3.6.3.</b>
|
||
|
||
DaemonSet
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="3.6.4" data-path="../concepts/replicaset.html">
|
||
|
||
<a href="../concepts/replicaset.html">
|
||
|
||
|
||
<b>3.6.4.</b>
|
||
|
||
ReplicationController和ReplicaSet
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="3.6.5" data-path="../concepts/job.html">
|
||
|
||
<a href="../concepts/job.html">
|
||
|
||
|
||
<b>3.6.5.</b>
|
||
|
||
Job
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="3.6.6" data-path="../concepts/cronjob.html">
|
||
|
||
<a href="../concepts/cronjob.html">
|
||
|
||
|
||
<b>3.6.6.</b>
|
||
|
||
CronJob
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="3.6.7" data-path="../concepts/horizontal-pod-autoscaling.html">
|
||
|
||
<a href="../concepts/horizontal-pod-autoscaling.html">
|
||
|
||
|
||
<b>3.6.7.</b>
|
||
|
||
Horizontal Pod Autoscaling
|
||
|
||
</a>
|
||
|
||
|
||
|
||
<ul class="articles">
|
||
|
||
|
||
<li class="chapter " data-level="3.6.7.1" data-path="../concepts/custom-metrics-hpa.html">
|
||
|
||
<a href="../concepts/custom-metrics-hpa.html">
|
||
|
||
|
||
<b>3.6.7.1.</b>
|
||
|
||
自定义指标HPA
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
|
||
</ul>
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="3.6.8" data-path="../concepts/admission-controller.html">
|
||
|
||
<a href="../concepts/admission-controller.html">
|
||
|
||
|
||
<b>3.6.8.</b>
|
||
|
||
准入控制器(Admission Controller)
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
|
||
</ul>
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="3.7" data-path="../concepts/service-discovery.html">
|
||
|
||
<a href="../concepts/service-discovery.html">
|
||
|
||
|
||
<b>3.7.</b>
|
||
|
||
服务发现
|
||
|
||
</a>
|
||
|
||
|
||
|
||
<ul class="articles">
|
||
|
||
|
||
<li class="chapter " data-level="3.7.1" data-path="../concepts/service.html">
|
||
|
||
<a href="../concepts/service.html">
|
||
|
||
|
||
<b>3.7.1.</b>
|
||
|
||
Service
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="3.7.2" data-path="../concepts/ingress.html">
|
||
|
||
<a href="../concepts/ingress.html">
|
||
|
||
|
||
<b>3.7.2.</b>
|
||
|
||
Ingress
|
||
|
||
</a>
|
||
|
||
|
||
|
||
<ul class="articles">
|
||
|
||
|
||
<li class="chapter " data-level="3.7.2.1" data-path="../concepts/traefik-ingress-controller.html">
|
||
|
||
<a href="../concepts/traefik-ingress-controller.html">
|
||
|
||
|
||
<b>3.7.2.1.</b>
|
||
|
||
Traefik Ingress Controller
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
|
||
</ul>
|
||
|
||
</li>
|
||
|
||
|
||
</ul>
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="3.8" data-path="../concepts/authentication-and-permission.html">
|
||
|
||
<a href="../concepts/authentication-and-permission.html">
|
||
|
||
|
||
<b>3.8.</b>
|
||
|
||
身份与权限控制
|
||
|
||
</a>
|
||
|
||
|
||
|
||
<ul class="articles">
|
||
|
||
|
||
<li class="chapter " data-level="3.8.1" data-path="../concepts/serviceaccount.html">
|
||
|
||
<a href="../concepts/serviceaccount.html">
|
||
|
||
|
||
<b>3.8.1.</b>
|
||
|
||
ServiceAccount
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="3.8.2" data-path="../concepts/rbac.html">
|
||
|
||
<a href="../concepts/rbac.html">
|
||
|
||
|
||
<b>3.8.2.</b>
|
||
|
||
RBAC——基于角色的访问控制
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="3.8.3" data-path="../concepts/network-policy.html">
|
||
|
||
<a href="../concepts/network-policy.html">
|
||
|
||
|
||
<b>3.8.3.</b>
|
||
|
||
NetworkPolicy
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
|
||
</ul>
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="3.9" data-path="../concepts/storage.html">
|
||
|
||
<a href="../concepts/storage.html">
|
||
|
||
|
||
<b>3.9.</b>
|
||
|
||
存储
|
||
|
||
</a>
|
||
|
||
|
||
|
||
<ul class="articles">
|
||
|
||
|
||
<li class="chapter " data-level="3.9.1" data-path="../concepts/secret.html">
|
||
|
||
<a href="../concepts/secret.html">
|
||
|
||
|
||
<b>3.9.1.</b>
|
||
|
||
Secret
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="3.9.2" data-path="../concepts/configmap.html">
|
||
|
||
<a href="../concepts/configmap.html">
|
||
|
||
|
||
<b>3.9.2.</b>
|
||
|
||
ConfigMap
|
||
|
||
</a>
|
||
|
||
|
||
|
||
<ul class="articles">
|
||
|
||
|
||
<li class="chapter " data-level="3.9.2.1" data-path="../concepts/configmap-hot-update.html">
|
||
|
||
<a href="../concepts/configmap-hot-update.html">
|
||
|
||
|
||
<b>3.9.2.1.</b>
|
||
|
||
ConfigMap的热更新
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
|
||
</ul>
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="3.9.3" data-path="../concepts/volume.html">
|
||
|
||
<a href="../concepts/volume.html">
|
||
|
||
|
||
<b>3.9.3.</b>
|
||
|
||
Volume
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="3.9.4" data-path="../concepts/persistent-volume.html">
|
||
|
||
<a href="../concepts/persistent-volume.html">
|
||
|
||
|
||
<b>3.9.4.</b>
|
||
|
||
Persistent Volume(持久化卷)
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="3.9.5" data-path="../concepts/storageclass.html">
|
||
|
||
<a href="../concepts/storageclass.html">
|
||
|
||
|
||
<b>3.9.5.</b>
|
||
|
||
Storage Class
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="3.9.6" data-path="../concepts/local-persistent-storage.html">
|
||
|
||
<a href="../concepts/local-persistent-storage.html">
|
||
|
||
|
||
<b>3.9.6.</b>
|
||
|
||
本地持久化存储
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
|
||
</ul>
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="3.10" data-path="../concepts/extension.html">
|
||
|
||
<a href="../concepts/extension.html">
|
||
|
||
|
||
<b>3.10.</b>
|
||
|
||
集群扩展
|
||
|
||
</a>
|
||
|
||
|
||
|
||
<ul class="articles">
|
||
|
||
|
||
<li class="chapter " data-level="3.10.1" data-path="../concepts/custom-resource.html">
|
||
|
||
<a href="../concepts/custom-resource.html">
|
||
|
||
|
||
<b>3.10.1.</b>
|
||
|
||
使用自定义资源扩展API
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="3.10.2" data-path="../concepts/crd.html">
|
||
|
||
<a href="../concepts/crd.html">
|
||
|
||
|
||
<b>3.10.2.</b>
|
||
|
||
使用CRD扩展Kubernetes API
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="3.10.3" data-path="../concepts/aggregated-api-server.html">
|
||
|
||
<a href="../concepts/aggregated-api-server.html">
|
||
|
||
|
||
<b>3.10.3.</b>
|
||
|
||
Aggregated API Server
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="3.10.4" data-path="../concepts/apiservice.html">
|
||
|
||
<a href="../concepts/apiservice.html">
|
||
|
||
|
||
<b>3.10.4.</b>
|
||
|
||
APIService
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="3.10.5" data-path="../concepts/service-catalog.html">
|
||
|
||
<a href="../concepts/service-catalog.html">
|
||
|
||
|
||
<b>3.10.5.</b>
|
||
|
||
Service Catalog
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
|
||
</ul>
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="3.11" data-path="../concepts/scheduling.html">
|
||
|
||
<a href="../concepts/scheduling.html">
|
||
|
||
|
||
<b>3.11.</b>
|
||
|
||
资源调度
|
||
|
||
</a>
|
||
|
||
|
||
|
||
<ul class="articles">
|
||
|
||
|
||
<li class="chapter " data-level="3.11.1" data-path="../concepts/qos.html">
|
||
|
||
<a href="../concepts/qos.html">
|
||
|
||
|
||
<b>3.11.1.</b>
|
||
|
||
QoS(服务质量等级)
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
|
||
</ul>
|
||
|
||
</li>
|
||
|
||
|
||
|
||
|
||
<li class="header">用户指南</li>
|
||
|
||
|
||
|
||
<li class="chapter " data-level="4.1" data-path="./">
|
||
|
||
<a href="./">
|
||
|
||
|
||
<b>4.1.</b>
|
||
|
||
用户指南
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="4.2" data-path="resource-configuration.html">
|
||
|
||
<a href="resource-configuration.html">
|
||
|
||
|
||
<b>4.2.</b>
|
||
|
||
资源对象配置
|
||
|
||
</a>
|
||
|
||
|
||
|
||
<ul class="articles">
|
||
|
||
|
||
<li class="chapter " data-level="4.2.1" data-path="configure-liveness-readiness-probes.html">
|
||
|
||
<a href="configure-liveness-readiness-probes.html">
|
||
|
||
|
||
<b>4.2.1.</b>
|
||
|
||
配置Pod的liveness和readiness探针
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="4.2.2" data-path="configure-pod-service-account.html">
|
||
|
||
<a href="configure-pod-service-account.html">
|
||
|
||
|
||
<b>4.2.2.</b>
|
||
|
||
配置Pod的Service Account
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="4.2.3" data-path="secret-configuration.html">
|
||
|
||
<a href="secret-configuration.html">
|
||
|
||
|
||
<b>4.2.3.</b>
|
||
|
||
Secret配置
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="4.2.4" data-path="resource-quota-management.html">
|
||
|
||
<a href="resource-quota-management.html">
|
||
|
||
|
||
<b>4.2.4.</b>
|
||
|
||
管理namespace中的资源配额
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
|
||
</ul>
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="4.3" data-path="command-usage.html">
|
||
|
||
<a href="command-usage.html">
|
||
|
||
|
||
<b>4.3.</b>
|
||
|
||
命令使用
|
||
|
||
</a>
|
||
|
||
|
||
|
||
<ul class="articles">
|
||
|
||
|
||
<li class="chapter " data-level="4.3.1" data-path="docker-cli-to-kubectl.html">
|
||
|
||
<a href="docker-cli-to-kubectl.html">
|
||
|
||
|
||
<b>4.3.1.</b>
|
||
|
||
Docker用户过渡到kubectl命令行指南
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="4.3.2" data-path="using-kubectl.html">
|
||
|
||
<a href="using-kubectl.html">
|
||
|
||
|
||
<b>4.3.2.</b>
|
||
|
||
kubectl命令概览
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="4.3.3" data-path="kubectl-cheatsheet.html">
|
||
|
||
<a href="kubectl-cheatsheet.html">
|
||
|
||
|
||
<b>4.3.3.</b>
|
||
|
||
kubectl命令技巧大全
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="4.3.4" data-path="using-etcdctl-to-access-kubernetes-data.html">
|
||
|
||
<a href="using-etcdctl-to-access-kubernetes-data.html">
|
||
|
||
|
||
<b>4.3.4.</b>
|
||
|
||
使用etcdctl访问kubernetes数据
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
|
||
</ul>
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="4.4" data-path="cluster-security-management.html">
|
||
|
||
<a href="cluster-security-management.html">
|
||
|
||
|
||
<b>4.4.</b>
|
||
|
||
集群安全性管理
|
||
|
||
</a>
|
||
|
||
|
||
|
||
<ul class="articles">
|
||
|
||
|
||
<li class="chapter " data-level="4.4.1" data-path="managing-tls-in-a-cluster.html">
|
||
|
||
<a href="managing-tls-in-a-cluster.html">
|
||
|
||
|
||
<b>4.4.1.</b>
|
||
|
||
管理集群中的TLS
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="4.4.2" data-path="kubelet-authentication-authorization.html">
|
||
|
||
<a href="kubelet-authentication-authorization.html">
|
||
|
||
|
||
<b>4.4.2.</b>
|
||
|
||
kubelet的认证授权
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="4.4.3" data-path="tls-bootstrapping.html">
|
||
|
||
<a href="tls-bootstrapping.html">
|
||
|
||
|
||
<b>4.4.3.</b>
|
||
|
||
TLS bootstrap
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="4.4.4" data-path="kubectl-user-authentication-authorization.html">
|
||
|
||
<a href="kubectl-user-authentication-authorization.html">
|
||
|
||
|
||
<b>4.4.4.</b>
|
||
|
||
创建用户认证授权的kubeconfig文件
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="4.4.5" data-path="ip-masq-agent.html">
|
||
|
||
<a href="ip-masq-agent.html">
|
||
|
||
|
||
<b>4.4.5.</b>
|
||
|
||
IP伪装代理
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="4.4.6" data-path="auth-with-kubeconfig-or-token.html">
|
||
|
||
<a href="auth-with-kubeconfig-or-token.html">
|
||
|
||
|
||
<b>4.4.6.</b>
|
||
|
||
使用kubeconfig或token进行用户身份认证
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter active" data-level="4.4.7" data-path="authentication.html">
|
||
|
||
<a href="authentication.html">
|
||
|
||
|
||
<b>4.4.7.</b>
|
||
|
||
Kubernetes中的用户与身份认证授权
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="4.4.8" data-path="kubernetes-security-best-practice.html">
|
||
|
||
<a href="kubernetes-security-best-practice.html">
|
||
|
||
|
||
<b>4.4.8.</b>
|
||
|
||
Kubernetes集群安全性配置最佳实践
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
|
||
</ul>
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="4.5" data-path="access-kubernetes-cluster.html">
|
||
|
||
<a href="access-kubernetes-cluster.html">
|
||
|
||
|
||
<b>4.5.</b>
|
||
|
||
访问Kubernetes集群
|
||
|
||
</a>
|
||
|
||
|
||
|
||
<ul class="articles">
|
||
|
||
|
||
<li class="chapter " data-level="4.5.1" data-path="access-cluster.html">
|
||
|
||
<a href="access-cluster.html">
|
||
|
||
|
||
<b>4.5.1.</b>
|
||
|
||
访问集群
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="4.5.2" data-path="authenticate-across-clusters-kubeconfig.html">
|
||
|
||
<a href="authenticate-across-clusters-kubeconfig.html">
|
||
|
||
|
||
<b>4.5.2.</b>
|
||
|
||
使用kubeconfig文件配置跨集群认证
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="4.5.3" data-path="connecting-to-applications-port-forward.html">
|
||
|
||
<a href="connecting-to-applications-port-forward.html">
|
||
|
||
|
||
<b>4.5.3.</b>
|
||
|
||
通过端口转发访问集群中的应用程序
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="4.5.4" data-path="service-access-application-cluster.html">
|
||
|
||
<a href="service-access-application-cluster.html">
|
||
|
||
|
||
<b>4.5.4.</b>
|
||
|
||
使用service访问群集中的应用程序
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="4.5.5" data-path="accessing-kubernetes-pods-from-outside-of-the-cluster.html">
|
||
|
||
<a href="accessing-kubernetes-pods-from-outside-of-the-cluster.html">
|
||
|
||
|
||
<b>4.5.5.</b>
|
||
|
||
从外部访问Kubernetes中的Pod
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="4.5.6" data-path="cabin-mobile-dashboard-for-kubernetes.html">
|
||
|
||
<a href="cabin-mobile-dashboard-for-kubernetes.html">
|
||
|
||
|
||
<b>4.5.6.</b>
|
||
|
||
Cabin - Kubernetes手机客户端
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="4.5.7" data-path="kubernetes-desktop-client.html">
|
||
|
||
<a href="kubernetes-desktop-client.html">
|
||
|
||
|
||
<b>4.5.7.</b>
|
||
|
||
Kubernetic - Kubernetes桌面客户端
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="4.5.8" data-path="kubernator-kubernetes-ui.html">
|
||
|
||
<a href="kubernator-kubernetes-ui.html">
|
||
|
||
|
||
<b>4.5.8.</b>
|
||
|
||
Kubernator - 更底层的Kubernetes UI
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
|
||
</ul>
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="4.6" data-path="application-development-deployment-flow.html">
|
||
|
||
<a href="application-development-deployment-flow.html">
|
||
|
||
|
||
<b>4.6.</b>
|
||
|
||
在Kubernetes中开发部署应用
|
||
|
||
</a>
|
||
|
||
|
||
|
||
<ul class="articles">
|
||
|
||
|
||
<li class="chapter " data-level="4.6.1" data-path="deploy-applications-in-kubernetes.html">
|
||
|
||
<a href="deploy-applications-in-kubernetes.html">
|
||
|
||
|
||
<b>4.6.1.</b>
|
||
|
||
适用于kubernetes的应用开发部署流程
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="4.6.2" data-path="migrating-hadoop-yarn-to-kubernetes.html">
|
||
|
||
<a href="migrating-hadoop-yarn-to-kubernetes.html">
|
||
|
||
|
||
<b>4.6.2.</b>
|
||
|
||
迁移传统应用到Kubernetes中——以Hadoop YARN为例
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="4.6.3" data-path="using-statefulset.html">
|
||
|
||
<a href="using-statefulset.html">
|
||
|
||
|
||
<b>4.6.3.</b>
|
||
|
||
使用StatefulSet部署用状态应用
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
|
||
</ul>
|
||
|
||
</li>
|
||
|
||
|
||
|
||
|
||
<li class="header">最佳实践</li>
|
||
|
||
|
||
|
||
<li class="chapter " data-level="5.1" data-path="../practice/">
|
||
|
||
<a href="../practice/">
|
||
|
||
|
||
<b>5.1.</b>
|
||
|
||
最佳实践概览
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="5.2" data-path="../practice/install-kubernetes-on-centos.html">
|
||
|
||
<a href="../practice/install-kubernetes-on-centos.html">
|
||
|
||
|
||
<b>5.2.</b>
|
||
|
||
在CentOS上部署Kubernetes集群
|
||
|
||
</a>
|
||
|
||
|
||
|
||
<ul class="articles">
|
||
|
||
|
||
<li class="chapter " data-level="5.2.1" data-path="../practice/create-tls-and-secret-key.html">
|
||
|
||
<a href="../practice/create-tls-and-secret-key.html">
|
||
|
||
|
||
<b>5.2.1.</b>
|
||
|
||
创建TLS证书和秘钥
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="5.2.2" data-path="../practice/create-kubeconfig.html">
|
||
|
||
<a href="../practice/create-kubeconfig.html">
|
||
|
||
|
||
<b>5.2.2.</b>
|
||
|
||
创建kubeconfig文件
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="5.2.3" data-path="../practice/etcd-cluster-installation.html">
|
||
|
||
<a href="../practice/etcd-cluster-installation.html">
|
||
|
||
|
||
<b>5.2.3.</b>
|
||
|
||
创建高可用etcd集群
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="5.2.4" data-path="../practice/kubectl-installation.html">
|
||
|
||
<a href="../practice/kubectl-installation.html">
|
||
|
||
|
||
<b>5.2.4.</b>
|
||
|
||
安装kubectl命令行工具
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="5.2.5" data-path="../practice/master-installation.html">
|
||
|
||
<a href="../practice/master-installation.html">
|
||
|
||
|
||
<b>5.2.5.</b>
|
||
|
||
部署master节点
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="5.2.6" data-path="../practice/flannel-installation.html">
|
||
|
||
<a href="../practice/flannel-installation.html">
|
||
|
||
|
||
<b>5.2.6.</b>
|
||
|
||
安装flannel网络插件
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="5.2.7" data-path="../practice/node-installation.html">
|
||
|
||
<a href="../practice/node-installation.html">
|
||
|
||
|
||
<b>5.2.7.</b>
|
||
|
||
部署node节点
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="5.2.8" data-path="../practice/kubedns-addon-installation.html">
|
||
|
||
<a href="../practice/kubedns-addon-installation.html">
|
||
|
||
|
||
<b>5.2.8.</b>
|
||
|
||
安装kubedns插件
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="5.2.9" data-path="../practice/dashboard-addon-installation.html">
|
||
|
||
<a href="../practice/dashboard-addon-installation.html">
|
||
|
||
|
||
<b>5.2.9.</b>
|
||
|
||
安装dashboard插件
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="5.2.10" data-path="../practice/heapster-addon-installation.html">
|
||
|
||
<a href="../practice/heapster-addon-installation.html">
|
||
|
||
|
||
<b>5.2.10.</b>
|
||
|
||
安装heapster插件
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="5.2.11" data-path="../practice/efk-addon-installation.html">
|
||
|
||
<a href="../practice/efk-addon-installation.html">
|
||
|
||
|
||
<b>5.2.11.</b>
|
||
|
||
安装EFK插件
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
|
||
</ul>
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="5.3" data-path="../practice/install-kubernetes-with-kubeadm.html">
|
||
|
||
<a href="../practice/install-kubernetes-with-kubeadm.html">
|
||
|
||
|
||
<b>5.3.</b>
|
||
|
||
生产级的Kubernetes简化管理工具kubeadm
|
||
|
||
</a>
|
||
|
||
|
||
|
||
<ul class="articles">
|
||
|
||
|
||
<li class="chapter " data-level="5.3.1" data-path="../practice/install-kubernetes-on-ubuntu-server-16.04-with-kubeadm.html">
|
||
|
||
<a href="../practice/install-kubernetes-on-ubuntu-server-16.04-with-kubeadm.html">
|
||
|
||
|
||
<b>5.3.1.</b>
|
||
|
||
使用kubeadm在Ubuntu Server 16.04上快速构建测试集群
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
|
||
</ul>
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="5.4" data-path="../practice/service-discovery-and-loadbalancing.html">
|
||
|
||
<a href="../practice/service-discovery-and-loadbalancing.html">
|
||
|
||
|
||
<b>5.4.</b>
|
||
|
||
服务发现与负载均衡
|
||
|
||
</a>
|
||
|
||
|
||
|
||
<ul class="articles">
|
||
|
||
|
||
<li class="chapter " data-level="5.4.1" data-path="../practice/traefik-ingress-installation.html">
|
||
|
||
<a href="../practice/traefik-ingress-installation.html">
|
||
|
||
|
||
<b>5.4.1.</b>
|
||
|
||
安装Traefik ingress
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="5.4.2" data-path="../practice/distributed-load-test.html">
|
||
|
||
<a href="../practice/distributed-load-test.html">
|
||
|
||
|
||
<b>5.4.2.</b>
|
||
|
||
分布式负载测试
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="5.4.3" data-path="../practice/network-and-cluster-perfermance-test.html">
|
||
|
||
<a href="../practice/network-and-cluster-perfermance-test.html">
|
||
|
||
|
||
<b>5.4.3.</b>
|
||
|
||
网络和集群性能测试
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="5.4.4" data-path="../practice/edge-node-configuration.html">
|
||
|
||
<a href="../practice/edge-node-configuration.html">
|
||
|
||
|
||
<b>5.4.4.</b>
|
||
|
||
边缘节点配置
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="5.4.5" data-path="../practice/nginx-ingress-installation.html">
|
||
|
||
<a href="../practice/nginx-ingress-installation.html">
|
||
|
||
|
||
<b>5.4.5.</b>
|
||
|
||
安装Nginx ingress
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="5.4.6" data-path="../practice/dns-installation.html">
|
||
|
||
<a href="../practice/dns-installation.html">
|
||
|
||
|
||
<b>5.4.6.</b>
|
||
|
||
安装配置DNS
|
||
|
||
</a>
|
||
|
||
|
||
|
||
<ul class="articles">
|
||
|
||
|
||
<li class="chapter " data-level="5.4.6.1" data-path="../practice/configuring-dns.html">
|
||
|
||
<a href="../practice/configuring-dns.html">
|
||
|
||
|
||
<b>5.4.6.1.</b>
|
||
|
||
安装配置Kube-dns
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="5.4.6.2" data-path="../practice/coredns.html">
|
||
|
||
<a href="../practice/coredns.html">
|
||
|
||
|
||
<b>5.4.6.2.</b>
|
||
|
||
安装配置CoreDNS
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
|
||
</ul>
|
||
|
||
</li>
|
||
|
||
|
||
</ul>
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="5.5" data-path="../practice/operation.html">
|
||
|
||
<a href="../practice/operation.html">
|
||
|
||
|
||
<b>5.5.</b>
|
||
|
||
运维管理
|
||
|
||
</a>
|
||
|
||
|
||
|
||
<ul class="articles">
|
||
|
||
|
||
<li class="chapter " data-level="5.5.1" data-path="../practice/master-ha.html">
|
||
|
||
<a href="../practice/master-ha.html">
|
||
|
||
|
||
<b>5.5.1.</b>
|
||
|
||
Master节点高可用
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="5.5.2" data-path="../practice/service-rolling-update.html">
|
||
|
||
<a href="../practice/service-rolling-update.html">
|
||
|
||
|
||
<b>5.5.2.</b>
|
||
|
||
服务滚动升级
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="5.5.3" data-path="../practice/app-log-collection.html">
|
||
|
||
<a href="../practice/app-log-collection.html">
|
||
|
||
|
||
<b>5.5.3.</b>
|
||
|
||
应用日志收集
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="5.5.4" data-path="../practice/configuration-best-practice.html">
|
||
|
||
<a href="../practice/configuration-best-practice.html">
|
||
|
||
|
||
<b>5.5.4.</b>
|
||
|
||
配置最佳实践
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="5.5.5" data-path="../practice/monitor.html">
|
||
|
||
<a href="../practice/monitor.html">
|
||
|
||
|
||
<b>5.5.5.</b>
|
||
|
||
集群及应用监控
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="5.5.6" data-path="../practice/data-persistence-problem.html">
|
||
|
||
<a href="../practice/data-persistence-problem.html">
|
||
|
||
|
||
<b>5.5.6.</b>
|
||
|
||
数据持久化问题
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="5.5.7" data-path="../practice/manage-compute-resources-container.html">
|
||
|
||
<a href="../practice/manage-compute-resources-container.html">
|
||
|
||
|
||
<b>5.5.7.</b>
|
||
|
||
管理容器的计算资源
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="5.5.8" data-path="../practice/federation.html">
|
||
|
||
<a href="../practice/federation.html">
|
||
|
||
|
||
<b>5.5.8.</b>
|
||
|
||
集群联邦
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
|
||
</ul>
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="5.6" data-path="../practice/storage.html">
|
||
|
||
<a href="../practice/storage.html">
|
||
|
||
|
||
<b>5.6.</b>
|
||
|
||
存储管理
|
||
|
||
</a>
|
||
|
||
|
||
|
||
<ul class="articles">
|
||
|
||
|
||
<li class="chapter " data-level="5.6.1" data-path="../practice/glusterfs.html">
|
||
|
||
<a href="../practice/glusterfs.html">
|
||
|
||
|
||
<b>5.6.1.</b>
|
||
|
||
GlusterFS
|
||
|
||
</a>
|
||
|
||
|
||
|
||
<ul class="articles">
|
||
|
||
|
||
<li class="chapter " data-level="5.6.1.1" data-path="../practice/using-glusterfs-for-persistent-storage.html">
|
||
|
||
<a href="../practice/using-glusterfs-for-persistent-storage.html">
|
||
|
||
|
||
<b>5.6.1.1.</b>
|
||
|
||
使用GlusterFS做持久化存储
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="5.6.1.2" data-path="../practice/using-heketi-gluster-for-persistent-storage.html">
|
||
|
||
<a href="../practice/using-heketi-gluster-for-persistent-storage.html">
|
||
|
||
|
||
<b>5.6.1.2.</b>
|
||
|
||
使用Heketi作为Kubernetes的持久存储GlusterFS的external provisioner
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="5.6.1.3" data-path="../practice/storage-for-containers-using-glusterfs-with-openshift.html">
|
||
|
||
<a href="../practice/storage-for-containers-using-glusterfs-with-openshift.html">
|
||
|
||
|
||
<b>5.6.1.3.</b>
|
||
|
||
在OpenShift中使用GlusterFS做持久化存储
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
|
||
</ul>
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="5.6.2" data-path="../practice/glusterd-2.0.html">
|
||
|
||
<a href="../practice/glusterd-2.0.html">
|
||
|
||
|
||
<b>5.6.2.</b>
|
||
|
||
GlusterD-2.0
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="5.6.3" data-path="../practice/ceph.html">
|
||
|
||
<a href="../practice/ceph.html">
|
||
|
||
|
||
<b>5.6.3.</b>
|
||
|
||
Ceph
|
||
|
||
</a>
|
||
|
||
|
||
|
||
<ul class="articles">
|
||
|
||
|
||
<li class="chapter " data-level="5.6.3.1" data-path="../practice/ceph-helm-install-guide-zh.html">
|
||
|
||
<a href="../practice/ceph-helm-install-guide-zh.html">
|
||
|
||
|
||
<b>5.6.3.1.</b>
|
||
|
||
用Helm托管安装Ceph集群并提供后端存储
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="5.6.3.2" data-path="../practice/using-ceph-for-persistent-storage.html">
|
||
|
||
<a href="../practice/using-ceph-for-persistent-storage.html">
|
||
|
||
|
||
<b>5.6.3.2.</b>
|
||
|
||
使用Ceph做持久化存储
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="5.6.3.3" data-path="../practice/rbd-provisioner.html">
|
||
|
||
<a href="../practice/rbd-provisioner.html">
|
||
|
||
|
||
<b>5.6.3.3.</b>
|
||
|
||
使用rbd-provisioner提供rbd持久化存储
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
|
||
</ul>
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="5.6.4" data-path="../practice/openebs.html">
|
||
|
||
<a href="../practice/openebs.html">
|
||
|
||
|
||
<b>5.6.4.</b>
|
||
|
||
OpenEBS
|
||
|
||
</a>
|
||
|
||
|
||
|
||
<ul class="articles">
|
||
|
||
|
||
<li class="chapter " data-level="5.6.4.1" data-path="../practice/using-openebs-for-persistent-storage.html">
|
||
|
||
<a href="../practice/using-openebs-for-persistent-storage.html">
|
||
|
||
|
||
<b>5.6.4.1.</b>
|
||
|
||
使用OpenEBS做持久化存储
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
|
||
</ul>
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="5.6.5" data-path="../practice/rook.html">
|
||
|
||
<a href="../practice/rook.html">
|
||
|
||
|
||
<b>5.6.5.</b>
|
||
|
||
Rook
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="5.6.6" data-path="../practice/nfs.html">
|
||
|
||
<a href="../practice/nfs.html">
|
||
|
||
|
||
<b>5.6.6.</b>
|
||
|
||
NFS
|
||
|
||
</a>
|
||
|
||
|
||
|
||
<ul class="articles">
|
||
|
||
|
||
<li class="chapter " data-level="5.6.6.1" data-path="../practice/using-nfs-for-persistent-storage.html">
|
||
|
||
<a href="../practice/using-nfs-for-persistent-storage.html">
|
||
|
||
|
||
<b>5.6.6.1.</b>
|
||
|
||
利用NFS动态提供Kubernetes后端存储卷
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
|
||
</ul>
|
||
|
||
</li>
|
||
|
||
|
||
</ul>
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="5.7" data-path="../practice/monitoring.html">
|
||
|
||
<a href="../practice/monitoring.html">
|
||
|
||
|
||
<b>5.7.</b>
|
||
|
||
集群与应用监控
|
||
|
||
</a>
|
||
|
||
|
||
|
||
<ul class="articles">
|
||
|
||
|
||
<li class="chapter " data-level="5.7.1" data-path="../practice/heapster.html">
|
||
|
||
<a href="../practice/heapster.html">
|
||
|
||
|
||
<b>5.7.1.</b>
|
||
|
||
Heapster
|
||
|
||
</a>
|
||
|
||
|
||
|
||
<ul class="articles">
|
||
|
||
|
||
<li class="chapter " data-level="5.7.1.1" data-path="../practice/using-heapster-to-get-object-metrics.html">
|
||
|
||
<a href="../practice/using-heapster-to-get-object-metrics.html">
|
||
|
||
|
||
<b>5.7.1.1.</b>
|
||
|
||
使用Heapster获取集群和对象的metric数据
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
|
||
</ul>
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="5.7.2" data-path="../practice/prometheus.html">
|
||
|
||
<a href="../practice/prometheus.html">
|
||
|
||
|
||
<b>5.7.2.</b>
|
||
|
||
Prometheus
|
||
|
||
</a>
|
||
|
||
|
||
|
||
<ul class="articles">
|
||
|
||
|
||
<li class="chapter " data-level="5.7.2.1" data-path="../practice/using-prometheus-to-monitor-kuberentes-cluster.html">
|
||
|
||
<a href="../practice/using-prometheus-to-monitor-kuberentes-cluster.html">
|
||
|
||
|
||
<b>5.7.2.1.</b>
|
||
|
||
使用Prometheus监控kubernetes集群
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="5.7.2.2" data-path="../practice/promql.html">
|
||
|
||
<a href="../practice/promql.html">
|
||
|
||
|
||
<b>5.7.2.2.</b>
|
||
|
||
Prometheus查询语言PromQL使用说明
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
|
||
</ul>
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="5.7.3" data-path="../practice/vistio-visualize-your-istio-mesh.html">
|
||
|
||
<a href="../practice/vistio-visualize-your-istio-mesh.html">
|
||
|
||
|
||
<b>5.7.3.</b>
|
||
|
||
使用Vistio监控Istio服务网格中的流量
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
|
||
</ul>
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="5.8" data-path="../practice/distributed-tracing.html">
|
||
|
||
<a href="../practice/distributed-tracing.html">
|
||
|
||
|
||
<b>5.8.</b>
|
||
|
||
分布式跟踪
|
||
|
||
</a>
|
||
|
||
|
||
|
||
<ul class="articles">
|
||
|
||
|
||
<li class="chapter " data-level="5.8.1" data-path="../practice/opentracing.html">
|
||
|
||
<a href="../practice/opentracing.html">
|
||
|
||
|
||
<b>5.8.1.</b>
|
||
|
||
OpenTracing
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
|
||
</ul>
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="5.9" data-path="../practice/services-management-tool.html">
|
||
|
||
<a href="../practice/services-management-tool.html">
|
||
|
||
|
||
<b>5.9.</b>
|
||
|
||
服务编排管理
|
||
|
||
</a>
|
||
|
||
|
||
|
||
<ul class="articles">
|
||
|
||
|
||
<li class="chapter " data-level="5.9.1" data-path="../practice/helm.html">
|
||
|
||
<a href="../practice/helm.html">
|
||
|
||
|
||
<b>5.9.1.</b>
|
||
|
||
使用Helm管理Kubernetes应用
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="5.9.2" data-path="../practice/create-private-charts-repo.html">
|
||
|
||
<a href="../practice/create-private-charts-repo.html">
|
||
|
||
|
||
<b>5.9.2.</b>
|
||
|
||
构建私有Chart仓库
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
|
||
</ul>
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="5.10" data-path="../practice/ci-cd.html">
|
||
|
||
<a href="../practice/ci-cd.html">
|
||
|
||
|
||
<b>5.10.</b>
|
||
|
||
持续集成与发布
|
||
|
||
</a>
|
||
|
||
|
||
|
||
<ul class="articles">
|
||
|
||
|
||
<li class="chapter " data-level="5.10.1" data-path="../practice/jenkins-ci-cd.html">
|
||
|
||
<a href="../practice/jenkins-ci-cd.html">
|
||
|
||
|
||
<b>5.10.1.</b>
|
||
|
||
使用Jenkins进行持续集成与发布
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="5.10.2" data-path="../practice/drone-ci-cd.html">
|
||
|
||
<a href="../practice/drone-ci-cd.html">
|
||
|
||
|
||
<b>5.10.2.</b>
|
||
|
||
使用Drone进行持续集成与发布
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
|
||
</ul>
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="5.11" data-path="../practice/update-and-upgrade.html">
|
||
|
||
<a href="../practice/update-and-upgrade.html">
|
||
|
||
|
||
<b>5.11.</b>
|
||
|
||
更新与升级
|
||
|
||
</a>
|
||
|
||
|
||
|
||
<ul class="articles">
|
||
|
||
|
||
<li class="chapter " data-level="5.11.1" data-path="../practice/manually-upgrade.html">
|
||
|
||
<a href="../practice/manually-upgrade.html">
|
||
|
||
|
||
<b>5.11.1.</b>
|
||
|
||
手动升级Kubernetes集群
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="5.11.2" data-path="../practice/dashboard-upgrade.html">
|
||
|
||
<a href="../practice/dashboard-upgrade.html">
|
||
|
||
|
||
<b>5.11.2.</b>
|
||
|
||
升级dashboard
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
|
||
</ul>
|
||
|
||
</li>
|
||
|
||
|
||
|
||
|
||
<li class="header">领域应用</li>
|
||
|
||
|
||
|
||
<li class="chapter " data-level="6.1" data-path="../usecases/">
|
||
|
||
<a href="../usecases/">
|
||
|
||
|
||
<b>6.1.</b>
|
||
|
||
领域应用概览
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="6.2" data-path="../usecases/microservices.html">
|
||
|
||
<a href="../usecases/microservices.html">
|
||
|
||
|
||
<b>6.2.</b>
|
||
|
||
微服务架构
|
||
|
||
</a>
|
||
|
||
|
||
|
||
<ul class="articles">
|
||
|
||
|
||
<li class="chapter " data-level="6.2.1" data-path="../usecases/service-discovery-in-microservices.html">
|
||
|
||
<a href="../usecases/service-discovery-in-microservices.html">
|
||
|
||
|
||
<b>6.2.1.</b>
|
||
|
||
微服务中的服务发现
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="6.2.2" data-path="../usecases/microservices-for-java-developers.html">
|
||
|
||
<a href="../usecases/microservices-for-java-developers.html">
|
||
|
||
|
||
<b>6.2.2.</b>
|
||
|
||
使用Java构建微服务并发布到Kubernetes平台
|
||
|
||
</a>
|
||
|
||
|
||
|
||
<ul class="articles">
|
||
|
||
|
||
<li class="chapter " data-level="6.2.2.1" data-path="../usecases/spring-boot-quick-start-guide.html">
|
||
|
||
<a href="../usecases/spring-boot-quick-start-guide.html">
|
||
|
||
|
||
<b>6.2.2.1.</b>
|
||
|
||
Spring Boot快速开始指南
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
|
||
</ul>
|
||
|
||
</li>
|
||
|
||
|
||
</ul>
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="6.3" data-path="../usecases/service-mesh.html">
|
||
|
||
<a href="../usecases/service-mesh.html">
|
||
|
||
|
||
<b>6.3.</b>
|
||
|
||
Service Mesh 服务网格
|
||
|
||
</a>
|
||
|
||
|
||
|
||
<ul class="articles">
|
||
|
||
|
||
<li class="chapter " data-level="6.3.1" data-path="../usecases/the-enterprise-path-to-service-mesh-architectures.html">
|
||
|
||
<a href="../usecases/the-enterprise-path-to-service-mesh-architectures.html">
|
||
|
||
|
||
<b>6.3.1.</b>
|
||
|
||
企业级服务网格架构
|
||
|
||
</a>
|
||
|
||
|
||
|
||
<ul class="articles">
|
||
|
||
|
||
<li class="chapter " data-level="6.3.1.1" data-path="../usecases/service-mesh-fundamental.html">
|
||
|
||
<a href="../usecases/service-mesh-fundamental.html">
|
||
|
||
|
||
<b>6.3.1.1.</b>
|
||
|
||
Service Mesh基础
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="6.3.1.2" data-path="../usecases/comparing-service-mesh-technologies.html">
|
||
|
||
<a href="../usecases/comparing-service-mesh-technologies.html">
|
||
|
||
|
||
<b>6.3.1.2.</b>
|
||
|
||
Service Mesh技术对比
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="6.3.1.3" data-path="../usecases/service-mesh-adoption-and-evolution.html">
|
||
|
||
<a href="../usecases/service-mesh-adoption-and-evolution.html">
|
||
|
||
|
||
<b>6.3.1.3.</b>
|
||
|
||
采纳和演进
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="6.3.1.4" data-path="../usecases/service-mesh-customization-and-integration.html">
|
||
|
||
<a href="../usecases/service-mesh-customization-and-integration.html">
|
||
|
||
|
||
<b>6.3.1.4.</b>
|
||
|
||
定制和集成
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="6.3.1.5" data-path="../usecases/service-mesh-conclusion.html">
|
||
|
||
<a href="../usecases/service-mesh-conclusion.html">
|
||
|
||
|
||
<b>6.3.1.5.</b>
|
||
|
||
总结
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
|
||
</ul>
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="6.3.2" data-path="../usecases/istio.html">
|
||
|
||
<a href="../usecases/istio.html">
|
||
|
||
|
||
<b>6.3.2.</b>
|
||
|
||
Istio
|
||
|
||
</a>
|
||
|
||
|
||
|
||
<ul class="articles">
|
||
|
||
|
||
<li class="chapter " data-level="6.3.2.1" data-path="../usecases/istio-installation.html">
|
||
|
||
<a href="../usecases/istio-installation.html">
|
||
|
||
|
||
<b>6.3.2.1.</b>
|
||
|
||
安装并试用Istio service mesh
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="6.3.2.2" data-path="../usecases/sidecar-spec-in-istio.html">
|
||
|
||
<a href="../usecases/sidecar-spec-in-istio.html">
|
||
|
||
|
||
<b>6.3.2.2.</b>
|
||
|
||
Istio中sidecar的注入规范及示例
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="6.3.2.3" data-path="../usecases/istio-community-tips.html">
|
||
|
||
<a href="../usecases/istio-community-tips.html">
|
||
|
||
|
||
<b>6.3.2.3.</b>
|
||
|
||
如何参与Istio社区及注意事项
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="6.3.2.4" data-path="../usecases/istio-tutorials-collection.html">
|
||
|
||
<a href="../usecases/istio-tutorials-collection.html">
|
||
|
||
|
||
<b>6.3.2.4.</b>
|
||
|
||
Istio免费学习资源汇总
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="6.3.2.5" data-path="../usecases/understand-sidecar-injection-and-traffic-hijack-in-istio-service-mesh.html">
|
||
|
||
<a href="../usecases/understand-sidecar-injection-and-traffic-hijack-in-istio-service-mesh.html">
|
||
|
||
|
||
<b>6.3.2.5.</b>
|
||
|
||
Sidecar的注入与流量劫持
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="6.3.2.6" data-path="../usecases/envoy-sidecar-routing-of-istio-service-mesh-deep-dive.html">
|
||
|
||
<a href="../usecases/envoy-sidecar-routing-of-istio-service-mesh-deep-dive.html">
|
||
|
||
|
||
<b>6.3.2.6.</b>
|
||
|
||
Envoy Sidecar代理的路由转发
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
|
||
</ul>
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="6.3.3" data-path="../usecases/linkerd.html">
|
||
|
||
<a href="../usecases/linkerd.html">
|
||
|
||
|
||
<b>6.3.3.</b>
|
||
|
||
Linkerd
|
||
|
||
</a>
|
||
|
||
|
||
|
||
<ul class="articles">
|
||
|
||
|
||
<li class="chapter " data-level="6.3.3.1" data-path="../usecases/linkerd-user-guide.html">
|
||
|
||
<a href="../usecases/linkerd-user-guide.html">
|
||
|
||
|
||
<b>6.3.3.1.</b>
|
||
|
||
Linkerd 使用指南
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
|
||
</ul>
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="6.3.4" data-path="../usecases/conduit.html">
|
||
|
||
<a href="../usecases/conduit.html">
|
||
|
||
|
||
<b>6.3.4.</b>
|
||
|
||
Conduit
|
||
|
||
</a>
|
||
|
||
|
||
|
||
<ul class="articles">
|
||
|
||
|
||
<li class="chapter " data-level="6.3.4.1" data-path="../usecases/conduit-overview.html">
|
||
|
||
<a href="../usecases/conduit-overview.html">
|
||
|
||
|
||
<b>6.3.4.1.</b>
|
||
|
||
Condiut概览
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="6.3.4.2" data-path="../usecases/conduit-installation.html">
|
||
|
||
<a href="../usecases/conduit-installation.html">
|
||
|
||
|
||
<b>6.3.4.2.</b>
|
||
|
||
安装Conduit
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
|
||
</ul>
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="6.3.5" data-path="../usecases/envoy.html">
|
||
|
||
<a href="../usecases/envoy.html">
|
||
|
||
|
||
<b>6.3.5.</b>
|
||
|
||
Envoy
|
||
|
||
</a>
|
||
|
||
|
||
|
||
<ul class="articles">
|
||
|
||
|
||
<li class="chapter " data-level="6.3.5.1" data-path="../usecases/envoy-terminology.html">
|
||
|
||
<a href="../usecases/envoy-terminology.html">
|
||
|
||
|
||
<b>6.3.5.1.</b>
|
||
|
||
Envoy的架构与基本术语
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="6.3.5.2" data-path="../usecases/envoy-front-proxy.html">
|
||
|
||
<a href="../usecases/envoy-front-proxy.html">
|
||
|
||
|
||
<b>6.3.5.2.</b>
|
||
|
||
Envoy作为前端代理
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="6.3.5.3" data-path="../usecases/envoy-mesh-in-kubernetes-tutorial.html">
|
||
|
||
<a href="../usecases/envoy-mesh-in-kubernetes-tutorial.html">
|
||
|
||
|
||
<b>6.3.5.3.</b>
|
||
|
||
Envoy mesh教程
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
|
||
</ul>
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="6.3.6" data-path="../usecases/mosn.html">
|
||
|
||
<a href="../usecases/mosn.html">
|
||
|
||
|
||
<b>6.3.6.</b>
|
||
|
||
MOSN
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
|
||
</ul>
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="6.4" data-path="../usecases/big-data.html">
|
||
|
||
<a href="../usecases/big-data.html">
|
||
|
||
|
||
<b>6.4.</b>
|
||
|
||
大数据
|
||
|
||
</a>
|
||
|
||
|
||
|
||
<ul class="articles">
|
||
|
||
|
||
<li class="chapter " data-level="6.4.1" data-path="../usecases/spark-standalone-on-kubernetes.html">
|
||
|
||
<a href="../usecases/spark-standalone-on-kubernetes.html">
|
||
|
||
|
||
<b>6.4.1.</b>
|
||
|
||
Spark standalone on Kubernetes
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="6.4.2" data-path="../usecases/running-spark-with-kubernetes-native-scheduler.html">
|
||
|
||
<a href="../usecases/running-spark-with-kubernetes-native-scheduler.html">
|
||
|
||
|
||
<b>6.4.2.</b>
|
||
|
||
运行支持Kubernetes原生调度的Spark程序
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
|
||
</ul>
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="6.5" data-path="../usecases/serverless.html">
|
||
|
||
<a href="../usecases/serverless.html">
|
||
|
||
|
||
<b>6.5.</b>
|
||
|
||
Serverless架构
|
||
|
||
</a>
|
||
|
||
|
||
|
||
<ul class="articles">
|
||
|
||
|
||
<li class="chapter " data-level="6.5.1" data-path="../usecases/understanding-serverless.html">
|
||
|
||
<a href="../usecases/understanding-serverless.html">
|
||
|
||
|
||
<b>6.5.1.</b>
|
||
|
||
理解Serverless
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="6.5.2" data-path="../usecases/faas.html">
|
||
|
||
<a href="../usecases/faas.html">
|
||
|
||
|
||
<b>6.5.2.</b>
|
||
|
||
FaaS(函数即服务)
|
||
|
||
</a>
|
||
|
||
|
||
|
||
<ul class="articles">
|
||
|
||
|
||
<li class="chapter " data-level="6.5.2.1" data-path="../usecases/openfaas-quick-start.html">
|
||
|
||
<a href="../usecases/openfaas-quick-start.html">
|
||
|
||
|
||
<b>6.5.2.1.</b>
|
||
|
||
OpenFaaS快速入门指南
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
|
||
</ul>
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="6.5.3" data-path="../usecases/knative.html">
|
||
|
||
<a href="../usecases/knative.html">
|
||
|
||
|
||
<b>6.5.3.</b>
|
||
|
||
Knative
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
|
||
</ul>
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="6.6" data-path="../usecases/cloud-native-app-standard.html">
|
||
|
||
<a href="../usecases/cloud-native-app-standard.html">
|
||
|
||
|
||
<b>6.6.</b>
|
||
|
||
云原生应用标准
|
||
|
||
</a>
|
||
|
||
|
||
|
||
<ul class="articles">
|
||
|
||
|
||
<li class="chapter " data-level="6.6.1" data-path="../usecases/oam.html">
|
||
|
||
<a href="../usecases/oam.html">
|
||
|
||
|
||
<b>6.6.1.</b>
|
||
|
||
OAM(开放应用模型)
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
|
||
</ul>
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="6.7" data-path="../usecases/edge-computing.html">
|
||
|
||
<a href="../usecases/edge-computing.html">
|
||
|
||
|
||
<b>6.7.</b>
|
||
|
||
边缘计算
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="6.8" data-path="../usecases/ai.html">
|
||
|
||
<a href="../usecases/ai.html">
|
||
|
||
|
||
<b>6.8.</b>
|
||
|
||
人工智能
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
|
||
|
||
|
||
<li class="header">开发指南</li>
|
||
|
||
|
||
|
||
<li class="chapter " data-level="7.1" data-path="../develop/">
|
||
|
||
<a href="../develop/">
|
||
|
||
|
||
<b>7.1.</b>
|
||
|
||
开发指南概览
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="7.2" data-path="../develop/sigs-and-working-group.html">
|
||
|
||
<a href="../develop/sigs-and-working-group.html">
|
||
|
||
|
||
<b>7.2.</b>
|
||
|
||
SIG和工作组
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="7.3" data-path="../develop/developing-environment.html">
|
||
|
||
<a href="../develop/developing-environment.html">
|
||
|
||
|
||
<b>7.3.</b>
|
||
|
||
开发环境搭建
|
||
|
||
</a>
|
||
|
||
|
||
|
||
<ul class="articles">
|
||
|
||
|
||
<li class="chapter " data-level="7.3.1" data-path="../develop/using-vagrant-and-virtualbox-for-development.html">
|
||
|
||
<a href="../develop/using-vagrant-and-virtualbox-for-development.html">
|
||
|
||
|
||
<b>7.3.1.</b>
|
||
|
||
本地分布式开发环境搭建(使用Vagrant和Virtualbox)
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
|
||
</ul>
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="7.4" data-path="../develop/testing.html">
|
||
|
||
<a href="../develop/testing.html">
|
||
|
||
|
||
<b>7.4.</b>
|
||
|
||
单元测试和集成测试
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="7.5" data-path="../develop/client-go-sample.html">
|
||
|
||
<a href="../develop/client-go-sample.html">
|
||
|
||
|
||
<b>7.5.</b>
|
||
|
||
client-go示例
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="7.6" data-path="../develop/operator.html">
|
||
|
||
<a href="../develop/operator.html">
|
||
|
||
|
||
<b>7.6.</b>
|
||
|
||
Operator
|
||
|
||
</a>
|
||
|
||
|
||
|
||
<ul class="articles">
|
||
|
||
|
||
<li class="chapter " data-level="7.6.1" data-path="../develop/operator-sdk.html">
|
||
|
||
<a href="../develop/operator-sdk.html">
|
||
|
||
|
||
<b>7.6.1.</b>
|
||
|
||
operator-sdk
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
|
||
</ul>
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="7.7" data-path="../develop/kubebuilder.html">
|
||
|
||
<a href="../develop/kubebuilder.html">
|
||
|
||
|
||
<b>7.7.</b>
|
||
|
||
kubebuilder
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="7.8" data-path="../develop/advance-developer.html">
|
||
|
||
<a href="../develop/advance-developer.html">
|
||
|
||
|
||
<b>7.8.</b>
|
||
|
||
高级开发指南
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="7.9" data-path="../develop/contribute.html">
|
||
|
||
<a href="../develop/contribute.html">
|
||
|
||
|
||
<b>7.9.</b>
|
||
|
||
社区贡献
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="7.10" data-path="../develop/minikube.html">
|
||
|
||
<a href="../develop/minikube.html">
|
||
|
||
|
||
<b>7.10.</b>
|
||
|
||
Minikube
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
|
||
|
||
|
||
<li class="header">CNCF(云原生计算基金会)</li>
|
||
|
||
|
||
|
||
<li class="chapter " data-level="8.1" data-path="../cloud-native/cncf.html">
|
||
|
||
<a href="../cloud-native/cncf.html">
|
||
|
||
|
||
<b>8.1.</b>
|
||
|
||
CNCF - 云原生计算基金会简介
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="8.2" data-path="../cloud-native/cncf-charter.html">
|
||
|
||
<a href="../cloud-native/cncf-charter.html">
|
||
|
||
|
||
<b>8.2.</b>
|
||
|
||
CNCF章程
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="8.3" data-path="../cloud-native/cncf-sig.html">
|
||
|
||
<a href="../cloud-native/cncf-sig.html">
|
||
|
||
|
||
<b>8.3.</b>
|
||
|
||
CNCF特别兴趣小组(SIG)说明
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="8.4" data-path="../cloud-native/cncf-sandbox-criteria.html">
|
||
|
||
<a href="../cloud-native/cncf-sandbox-criteria.html">
|
||
|
||
|
||
<b>8.4.</b>
|
||
|
||
开源项目加入CNCF Sandbox的要求
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="8.5" data-path="../cloud-native/cncf-project-governing.html">
|
||
|
||
<a href="../cloud-native/cncf-project-governing.html">
|
||
|
||
|
||
<b>8.5.</b>
|
||
|
||
CNCF中的项目治理
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="8.6" data-path="../cloud-native/cncf-ambassador.html">
|
||
|
||
<a href="../cloud-native/cncf-ambassador.html">
|
||
|
||
|
||
<b>8.6.</b>
|
||
|
||
CNCF Ambassador
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
|
||
|
||
|
||
<li class="header">附录</li>
|
||
|
||
|
||
|
||
<li class="chapter " data-level="9.1" data-path="../appendix/">
|
||
|
||
<a href="../appendix/">
|
||
|
||
|
||
<b>9.1.</b>
|
||
|
||
附录说明
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="9.2" data-path="../appendix/debug-kubernetes-services.html">
|
||
|
||
<a href="../appendix/debug-kubernetes-services.html">
|
||
|
||
|
||
<b>9.2.</b>
|
||
|
||
Kubernetes中的应用故障排查
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="9.3" data-path="../appendix/material-share.html">
|
||
|
||
<a href="../appendix/material-share.html">
|
||
|
||
|
||
<b>9.3.</b>
|
||
|
||
Kubernetes相关资讯和情报链接
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="9.4" data-path="../appendix/docker-best-practice.html">
|
||
|
||
<a href="../appendix/docker-best-practice.html">
|
||
|
||
|
||
<b>9.4.</b>
|
||
|
||
Docker最佳实践
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="9.5" data-path="../appendix/tricks.html">
|
||
|
||
<a href="../appendix/tricks.html">
|
||
|
||
|
||
<b>9.5.</b>
|
||
|
||
使用技巧
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="9.6" data-path="../appendix/issues.html">
|
||
|
||
<a href="../appendix/issues.html">
|
||
|
||
|
||
<b>9.6.</b>
|
||
|
||
问题记录
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="9.7" data-path="../appendix/kubernetes-changelog.html">
|
||
|
||
<a href="../appendix/kubernetes-changelog.html">
|
||
|
||
|
||
<b>9.7.</b>
|
||
|
||
Kubernetes版本更新日志
|
||
|
||
</a>
|
||
|
||
|
||
|
||
<ul class="articles">
|
||
|
||
|
||
<li class="chapter " data-level="9.7.1" data-path="../appendix/kubernetes-1.7-changelog.html">
|
||
|
||
<a href="../appendix/kubernetes-1.7-changelog.html">
|
||
|
||
|
||
<b>9.7.1.</b>
|
||
|
||
Kubernetes1.7更新日志
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="9.7.2" data-path="../appendix/kubernetes-1.8-changelog.html">
|
||
|
||
<a href="../appendix/kubernetes-1.8-changelog.html">
|
||
|
||
|
||
<b>9.7.2.</b>
|
||
|
||
Kubernetes1.8更新日志
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="9.7.3" data-path="../appendix/kubernetes-1.9-changelog.html">
|
||
|
||
<a href="../appendix/kubernetes-1.9-changelog.html">
|
||
|
||
|
||
<b>9.7.3.</b>
|
||
|
||
Kubernetes1.9更新日志
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="9.7.4" data-path="../appendix/kubernetes-1.10-changelog.html">
|
||
|
||
<a href="../appendix/kubernetes-1.10-changelog.html">
|
||
|
||
|
||
<b>9.7.4.</b>
|
||
|
||
Kubernetes1.10更新日志
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="9.7.5" data-path="../appendix/kubernetes-1.11-changelog.html">
|
||
|
||
<a href="../appendix/kubernetes-1.11-changelog.html">
|
||
|
||
|
||
<b>9.7.5.</b>
|
||
|
||
Kubernetes1.11更新日志
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="9.7.6" data-path="../appendix/kubernetes-1.12-changelog.html">
|
||
|
||
<a href="../appendix/kubernetes-1.12-changelog.html">
|
||
|
||
|
||
<b>9.7.6.</b>
|
||
|
||
Kubernetes1.12更新日志
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="9.7.7" data-path="../appendix/kubernetes-1.13-changelog.html">
|
||
|
||
<a href="../appendix/kubernetes-1.13-changelog.html">
|
||
|
||
|
||
<b>9.7.7.</b>
|
||
|
||
Kubernetes1.13更新日志
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="9.7.8" data-path="../appendix/kubernetes-1.14-changelog.html">
|
||
|
||
<a href="../appendix/kubernetes-1.14-changelog.html">
|
||
|
||
|
||
<b>9.7.8.</b>
|
||
|
||
Kubernetes1.14更新日志
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="9.7.9" data-path="../appendix/kubernetes-1.15-changelog.html">
|
||
|
||
<a href="../appendix/kubernetes-1.15-changelog.html">
|
||
|
||
|
||
<b>9.7.9.</b>
|
||
|
||
Kubernetes1.15更新日志
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
|
||
</ul>
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="9.8" data-path="../appendix/summary-and-outlook.html">
|
||
|
||
<a href="../appendix/summary-and-outlook.html">
|
||
|
||
|
||
<b>9.8.</b>
|
||
|
||
Kubernetes及云原生年度总结及展望
|
||
|
||
</a>
|
||
|
||
|
||
|
||
<ul class="articles">
|
||
|
||
|
||
<li class="chapter " data-level="9.8.1" data-path="../appendix/kubernetes-and-cloud-native-summary-in-2017-and-outlook-for-2018.html">
|
||
|
||
<a href="../appendix/kubernetes-and-cloud-native-summary-in-2017-and-outlook-for-2018.html">
|
||
|
||
|
||
<b>9.8.1.</b>
|
||
|
||
Kubernetes与云原生2017年年终总结及2018年展望
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="9.8.2" data-path="../appendix/kubernetes-and-cloud-native-summary-in-2018-and-outlook-for-2019.html">
|
||
|
||
<a href="../appendix/kubernetes-and-cloud-native-summary-in-2018-and-outlook-for-2019.html">
|
||
|
||
|
||
<b>9.8.2.</b>
|
||
|
||
Kubernetes与云原生2018年年终总结及2019年展望
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
|
||
</ul>
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="9.9" data-path="../appendix/cncf-annual-report.html">
|
||
|
||
<a href="../appendix/cncf-annual-report.html">
|
||
|
||
|
||
<b>9.9.</b>
|
||
|
||
CNCF年度报告解读
|
||
|
||
</a>
|
||
|
||
|
||
|
||
<ul class="articles">
|
||
|
||
|
||
<li class="chapter " data-level="9.9.1" data-path="../appendix/cncf-annual-report-2018.html">
|
||
|
||
<a href="../appendix/cncf-annual-report-2018.html">
|
||
|
||
|
||
<b>9.9.1.</b>
|
||
|
||
CNCF 2018年年度报告解读
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
|
||
</ul>
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="9.10" data-path="../appendix/about-kcsp.html">
|
||
|
||
<a href="../appendix/about-kcsp.html">
|
||
|
||
|
||
<b>9.10.</b>
|
||
|
||
Kubernetes认证服务提供商(KCSP)说明
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
<li class="chapter " data-level="9.11" data-path="../appendix/about-cka-candidate.html">
|
||
|
||
<a href="../appendix/about-cka-candidate.html">
|
||
|
||
|
||
<b>9.11.</b>
|
||
|
||
认证Kubernetes管理员(CKA)说明
|
||
|
||
</a>
|
||
|
||
|
||
|
||
</li>
|
||
|
||
|
||
|
||
|
||
<li class="divider"></li>
|
||
|
||
<li>
|
||
<a href="https://www.gitbook.com" target="blank" class="gitbook-link">
|
||
本书使用 GitBook 发布
|
||
</a>
|
||
</li>
|
||
</ul>
|
||
|
||
|
||
</nav>
|
||
|
||
|
||
</div>
|
||
|
||
<div class="book-body">
|
||
|
||
<div class="body-inner">
|
||
|
||
|
||
|
||
<div class="book-header" role="navigation">
|
||
|
||
|
||
<!-- Title -->
|
||
<h1>
|
||
<i class="fa fa-circle-o-notch fa-spin"></i>
|
||
<a href=".." >Kubernetes中的用户与身份认证授权</a>
|
||
</h1>
|
||
</div>
|
||
|
||
|
||
|
||
|
||
<div class="page-wrapper" tabindex="-1" role="main">
|
||
<div class="page-inner">
|
||
|
||
<div class="search-plus" id="book-search-results">
|
||
<div class="search-noresults">
|
||
|
||
<section class="normal markdown-section">
|
||
|
||
<html><head></head><body><h1 id="kubernetes-中的用户与身份认证授权">Kubernetes 中的用户与身份认证授权</h1>
|
||
<p>在安装集群的时候我们在 master 节点上生成了一堆证书、token,还在 kubelet 的配置中用到了 bootstrap token,安装各种应用时,为了能够与 API server 通信创建了各种 service account,在 Dashboard 中使用了 kubeconfig 或 token 登陆,那么这些都属于什么认证方式?如何区分用户的?我特地翻译了下这篇官方文档,想你看了之后你将找到答案。</p>
|
||
<p>重点查看 bearer token 和 HTTP 认证中的 token 使用,我们已经有所应用,如 <a href="auth-with-kubeconfig-or-token.html">使用kubeconfig或token进行用户身份认证</a>。</p>
|
||
<h2 id="认识-kubernetes-中的用户">认识 Kubernetes 中的用户</h2>
|
||
<p>Kubernetes 集群中包含两类用户:一类是由 Kubernetes 管理的 service account,另一类是普通用户。</p>
|
||
<p>普通用户被假定为由外部独立服务管理。管理员分发私钥,用户存储(如 Keystone 或 Google 帐户),甚至包含用户名和密码列表的文件。在这方面,<em>Kubernetes 没有代表普通用户帐户的对象</em>。无法通过 API 调用的方式向集群中添加普通用户。</p>
|
||
<p>相对的,service account 是由 Kubernetes API 管理的帐户。它们都绑定到了特定的 namespace,并由 API server 自动创建,或者通过 API 调用手动创建。Service account 关联了一套凭证,存储在 <code>Secret</code>,这些凭证同时被挂载到 pod 中,从而允许 pod 与 kubernetes API 之间的调用。</p>
|
||
<p>API 请求被绑定到普通用户或 serivce account 上,或者作为匿名请求对待。这意味着集群内部或外部的每个进程,无论从在工作站上输入 <code>kubectl</code> 的人类用户到节点上的 <code>kubelet</code>,到控制平面的成员,都必须在向 API Server 发出请求时进行身份验证,或者被视为匿名用户。</p>
|
||
<h2 id="认证策略">认证策略</h2>
|
||
<p>Kubernetes 使用客户端证书、bearer token、身份验证代理或者 HTTP 基本身份验证等身份认证插件来对 API 请求进行身份验证。当有 HTTP 请求发送到 API server 时,插件会尝试将以下属性关联到请求上:</p>
|
||
<ul>
|
||
<li>用户名:标识最终用户的字符串。常用值可能是 <code>kube-admin</code> 或 <code>jane@example.com</code>。</li>
|
||
<li>UID:标识最终用户的字符串,比用户名更加一致且唯一。</li>
|
||
<li>组:一组将用户和常规用户组相关联的字符串。</li>
|
||
<li>额外字段:包含其他有用认证信息的字符串列表的映射。</li>
|
||
</ul>
|
||
<p>所有的值对于认证系统都是不透明的,只有 <a href="https://kubernetes.io/docs/admin/authorization/" target="_blank">授权人</a> 才能解释这些值的重要含义。</p>
|
||
<p>您可以一次性启用多种身份验证方式。通常使用至少以下两种认证方式:</p>
|
||
<ul>
|
||
<li>服务帐户的 service account token</li>
|
||
<li>至少一种其他的用户认证的方式</li>
|
||
</ul>
|
||
<p>当启用了多个认证模块时,第一个认证模块成功认证后将短路请求,不会进行第二个模块的认证。API server 不会保证认证的顺序。</p>
|
||
<p><code>system:authenticated</code> 组包含在所有已验证用户的组列表中。</p>
|
||
<p>与其他身份验证协议(LDAP、SAML、Kerberos、x509 方案等)的集成可以使用身份验证代理或身份验证 webhook来实现。</p>
|
||
<h3 id="x509-客户端证书">X509 客户端证书</h3>
|
||
<p>通过将 <code>--client-ca-file=SOMEFILE</code> 选项传递给 API server 来启用客户端证书认证。引用的文件必须包含一个或多个证书颁发机构,用于验证提交给 API server 的客户端证书。如果客户端证书已提交并验证,则使用 subject 的 Common Name(CN)作为请求的用户名。从 Kubernetes 1.4开始,客户端证书还可以使用证书的 organization 字段来指示用户的组成员身份。要为用户包含多个组成员身份,请在证书中包含多个 organization 字段。</p>
|
||
<p>例如,使用 <code>openssl</code> 命令工具生成用于签名认证请求的证书:</p>
|
||
<pre class="language-"><code class="lang-bash">openssl req -new -key jbeda.pem -out jbeda-csr.pem -subj <span class="token string">"/CN=jbeda/O=app1/O=app2"</span>
|
||
</code></pre>
|
||
<p>这将为一个用户名为 ”jbeda“ 的 CSR,属于两个组“app1”和“app2”。</p>
|
||
<h3 id="静态-token-文件">静态 Token 文件</h3>
|
||
<p>当在命令行上指定 <code>--token-auth-file=SOMEFILE</code> 选项时,API server 从文件读取 bearer token。目前,token 会无限期地持续下去,并且不重新启动 API server 的话就无法更改令牌列表。</p>
|
||
<p>token 文件是一个 csv 文件,每行至少包含三列:token、用户名、用户 uid,其次是可选的组名。请注意,如果您有多个组,则该列必须使用双引号。</p>
|
||
<pre class="language-"><code class="lang-ini">token,user,uid,"group1,group2,group3"
|
||
</code></pre>
|
||
<h4 id="在请求中放置-bearer-token">在请求中放置 Bearer Token</h4>
|
||
<p>当使用来自 http 客户端的 bearer token 时,API server 期望 <code>Authorization</code> header 中包含 <code>Bearer token</code> 的值。Bearer token 必须是一个字符串序列,只需使用 HTTP 的编码和引用功能就可以将其放入到 HTTP header 中。例如:如果 bearer token 是 <code>31ada4fd-adec-460c-809a-9e56ceb75269</code>,那么它将出现在 HTTP header 中,如下所示:</p>
|
||
<pre class="language-"><code class="lang-http"><span class="token header-name keyword">Authorization:</span> Bearer 31ada4fd-adec-460c-809a-9e56ceb75269
|
||
</code></pre>
|
||
<h3 id="bootstrap-token">Bootstrap Token</h3>
|
||
<p>该功能仍处于 <strong>alpha</strong> 版本。</p>
|
||
<p>为了简化新集群的初始化引导过程,Kubernetes 中包含了一个名为 <em>Bootstrap Token</em> 的动态管理的 bearer token。这些 token 使用 Secret 存储在 <code>kube-system</code> namespace 中,在那里它们可以被动态管理和创建。Controller Manager 中包含了一个 TokenCleaner 控制器,用于在 bootstrap token 过期时删除将其删除。</p>
|
||
<p>这些 token 的形式是 <code>[a-z0-9]{6}.[a-z0-9]{16}</code>。第一部分是 Token ID,第二部分是 Token Secret。您在 HTTP header 中指定的 token 如下所示:</p>
|
||
<pre class="language-"><code class="lang-http"><span class="token header-name keyword">Authorization:</span> Bearer 781292.db7bc3a58fc5f07e
|
||
</code></pre>
|
||
<p>在 API server 的启动参数中加上 <code>--experimental-bootstrap-token-auth</code> 标志以启用 Bootstrap Token Authenticator。您必须通过 Controller Manager 上的 <code>--controllers</code> 标志启用 TokenCleaner 控制器,如 <code>--controllers=*,tokencleaner</code>。如果您使用它来引导集群, <code>kubeadm</code> 会为您完成。</p>
|
||
<p>认证者认证为 <code>system:bootstrap:<span class="token tag"><span class="token tag"><span class="token punctuation"><</span>Token</span> <span class="token attr-name">ID</span><span class="token punctuation">></span></span></code> 。被包含在 <code>system:bootstrappers</code> 组中。命名和组是有意限制用户使用过去的 bootstap token。可以使用用户名和组(<code>kubeadm</code> 使用)来制定适当的授权策略以支持引导集群。 </p>
|
||
<p>有关 Bootstrap Token 身份验证器和控制器的更深入的文档,以及如何使用 <code>kubeadm</code> 管理这些令牌,请参阅 <a href="https://kubernetes.io/docs/admin/bootstrap-tokens/" target="_blank">Bootstrap Token</a>。</p>
|
||
<h3 id="静态密码文件">静态密码文件</h3>
|
||
<p>通过将 <code>--basic-auth-file=SOMEFILE</code> 选项传递给 API server 来启用基本身份验证。目前,基本身份验证凭证将无限期地保留,并且密码在不重新启动API服务器的情况下无法更改。请注意,为了方便起见,目前支持基本身份验证,而上述模式更安全更容易使用。</p>
|
||
<p>基本身份认证是一个 csv 文件,至少包含3列:密码、用户名和用户 ID。在 Kubernetes 1.6 和更高版本中,可以指定包含以逗号分隔的组名称的可选第四列。如果您有多个组,则必须将第四列值用双引号(“)括起来,请参阅以下示例:</p>
|
||
<pre class="language-"><code class="lang-ini">password,user,uid,"group1,group2,group3"
|
||
</code></pre>
|
||
<p>当使用来自 HTTP 客户端的基本身份验证时,API server 需要<code>Authorization</code> header 中包含 <code>Basic BASE64ENCODED(USER:PASSWORD)</code> 的值。</p>
|
||
<h3 id="service-account-token">Service Account Token</h3>
|
||
<p>Service account 是一个自动启用的验证器,它使用签名的 bearer token 来验证请求。该插件包括两个可选的标志:</p>
|
||
<ul>
|
||
<li><code>--service-account-key-file</code> 一个包含签名 bearer token 的 PEM 编码文件。如果未指定,将使用 API server 的 TLS 私钥。</li>
|
||
<li><code>--service-account-lookup</code> 如果启用,从 API 中删除掉的 token 将被撤销。</li>
|
||
</ul>
|
||
<p>Service account 通常 API server 自动创建,并通过 <code>ServiceAccount</code> <a href="https://kubernetes.io/docs/admin/admission-controllers/" target="_blank">注入控制器</a> 关联到集群中运行的 Pod 上。Bearer token 挂载到 pod 中众所周知的位置,并允许集群进程与 API server 通信。 帐户可以使用 <code>PodSpec</code> 的 <code>serviceAccountName</code> 字段显式地与Pod关联。</p>
|
||
<p>注意: <code>serviceAccountName</code> 通常被省略,因为这会自动生成。</p>
|
||
<pre class="language-"><code class="lang-yaml"><span class="token key atrule">apiVersion</span><span class="token punctuation">:</span> apps/v1beta2
|
||
<span class="token key atrule">kind</span><span class="token punctuation">:</span> Deployment
|
||
<span class="token key atrule">metadata</span><span class="token punctuation">:</span>
|
||
<span class="token key atrule">name</span><span class="token punctuation">:</span> nginx<span class="token punctuation">-</span>deployment
|
||
<span class="token key atrule">namespace</span><span class="token punctuation">:</span> default
|
||
<span class="token key atrule">spec</span><span class="token punctuation">:</span>
|
||
<span class="token key atrule">replicas</span><span class="token punctuation">:</span> <span class="token number">3</span>
|
||
<span class="token key atrule">template</span><span class="token punctuation">:</span>
|
||
<span class="token key atrule">metadata</span><span class="token punctuation">:</span>
|
||
<span class="token comment"># ...</span>
|
||
<span class="token key atrule">spec</span><span class="token punctuation">:</span>
|
||
<span class="token key atrule">containers</span><span class="token punctuation">:</span>
|
||
<span class="token punctuation">-</span> <span class="token key atrule">name</span><span class="token punctuation">:</span> nginx
|
||
<span class="token key atrule">image</span><span class="token punctuation">:</span> nginx<span class="token punctuation">:</span>1.7.9
|
||
<span class="token key atrule">serviceAccountName</span><span class="token punctuation">:</span> bob<span class="token punctuation">-</span>the<span class="token punctuation">-</span>bot
|
||
</code></pre>
|
||
<p>Service account bearer token 在集群外使用也是完全有效的,并且可以用于为希望与 Kubernetes 通信的长期运行作业创建身份。要手动创建 service account,只需要使用 <code>kubectl create serviceaccount (NAME)</code> 命令。这将在当前的 namespace 和相关连的 secret 中创建一个 service account。</p>
|
||
<pre class="language-"><code class="lang-bash">$ kubectl create serviceaccount jenkins
|
||
serviceaccount <span class="token string">"jenkins"</span> created
|
||
$ kubectl get serviceaccounts jenkins -o yaml
|
||
apiVersion: v1
|
||
kind: ServiceAccount
|
||
metadata:
|
||
<span class="token comment"># ...</span>
|
||
secrets:
|
||
- name: jenkins-token-1yvwg
|
||
</code></pre>
|
||
<p>创建出的 secret 中拥有 API server 的公共 CA 和前面的 JSON Web Token(JWT)。</p>
|
||
<pre class="language-"><code class="lang-bash">$ kubectl get secret jenkins-token-1yvwg -o yaml
|
||
apiVersion: v1
|
||
data:
|
||
ca.crt: <span class="token punctuation">(</span>APISERVER'S CA BASE64 ENCODED<span class="token punctuation">)</span>
|
||
namespace: <span class="token assign-left variable">ZGVmYXVsdA</span><span class="token operator">==</span>
|
||
token: <span class="token punctuation">(</span>BEARER TOKEN BASE64 ENCODED<span class="token punctuation">)</span>
|
||
kind: Secret
|
||
metadata:
|
||
<span class="token comment"># ...</span>
|
||
type: kubernetes.io/service-account-token
|
||
</code></pre>
|
||
<p>注意:所有值是基于 base64 编码的,因为 secret 总是基于 base64 编码。</p>
|
||
<p>经过签名的 JWT 可以用作 bearer token 与给定的 service account 进行身份验证。请参阅上面关于如何在请求中放置 bearer token。通常情况下,这些 secret 被挂载到 pod 中,以便对集群内的 API server 进行访问,但也可以从集群外访问。</p>
|
||
<p>Service account 验证时用户名 <code>system:serviceaccount:(NAMESPACE):(SERVICEACCOUNT)</code>,被指定到组 <code>system:serviceaccounts</code> 和 <code>system:serviceaccounts:(NAMESPACE)</code>。</p>
|
||
<p>注意:由于 service account 的 token 存储在 secret 中,所以具有对这些 secret 的读取权限的任何用户都可以作为 service account 进行身份验证。授予 service account 权限和读取 secret 功能时要谨慎。</p>
|
||
<h3 id="openid-connect-token">OpenID Connect Token</h3>
|
||
<p><a href="https://openid.net/connect/" target="_blank">OpenID Connect</a> 是由 OAuth2 供应商提供的 OAuth2,特别是 Azure Active Directory、Salesforce 和 Google。对 OAuth2 协议的主要扩展是返回一个称作 <a href="https://openid.net/specs/openid-connect-core-1_0.html#IDToken" target="_blank">ID Token</a> 的格外字段。该 token 是一个 JSON Web Token (JWT) ,有服务器签名,具有众所周知的字段,如用户的电子邮件。</p>
|
||
<p>为了识别用户,认证者使用 OAuth2 <a href="https://openid.net/specs/openid-connect-core-1_0.html#TokenResponse" target="_blank">token 响应</a> 中的 <code>id_token</code>(而不是 <code>access_token</code>)作为 bearer token。请参阅上面的关于将 token 置于请求中。</p>
|
||
<figure id="fig4.4.7.1"><a href="../images/kubernetes-oidc-login.jpg" data-lightbox="c8da62fc-a53b-4dbf-a0fe-8408a24542e2" data-title="Kubernetes OpenID Connect Flow"><img src="../images/kubernetes-oidc-login.jpg" alt="Kubernetes OpenID Connect Flow"></a><figcaption>图片 - Kubernetes OpenID Connect Flow</figcaption></figure>
|
||
<ol>
|
||
<li>登陆到您的身份提供商</li>
|
||
<li>您的身份提供商将为您提供一个 <code>access_token</code>,一个 <code>id_token</code> 和一个 <code>refresh_token</code></li>
|
||
<li>当使用 <code>kubectl</code> 时,使用 <code>--token</code> 标志和 <code>id_token</code> ,或者直接加入到您的 <code>kubeconfig</code> 文件中</li>
|
||
<li><code>kubectl</code> 在调用 API server 时将 <code>id_token</code> 置于 HTTP header 中</li>
|
||
<li>API server 将通过检查配置中指定的证书来确保 JWT 签名有效</li>
|
||
<li>检查以确保 <code>id_token</code> 没有过期</li>
|
||
<li>确保用户已授权</li>
|
||
<li>授权 API server 后向 <code>kubectl</code> </li>
|
||
<li><code>kubectl</code> 向用户提供反馈</li>
|
||
</ol>
|
||
<p>由于所有需要验证您身份的数据都在 <code>id_token</code> 中,Kubernetes 不需要向身份提供商 “phone home”。在每个请求都是无状态的模型中,这为认证提供了非常可扩展的解决方案。它确实提供了一些挑战:</p>
|
||
<ol>
|
||
<li>Kubernetes 没有 ”web 接口“ 来出发验证进程。没有浏览器或界面来收集凭据,这就是为什么您需要首先认证您的身份提供商。</li>
|
||
<li><code>id_token</code> 无法撤销,就像一个证书,所以它应该是短暂的(只有几分钟),所以每隔几分钟就得到一个新的令牌是非常烦人的。</li>
|
||
<li>没有使用 <code>kubectl proxy</code> 命令或注入 <code>id_token</code> 的反向代理,无法简单地对 Kubernetes dashboard 进行身份验证。</li>
|
||
</ol>
|
||
<h4 id="配置-api-server">配置 API Server</h4>
|
||
<p>要启用该插件,需要在 API server 中配置如下标志:</p>
|
||
<table>
|
||
<thead>
|
||
<tr>
|
||
<th>参数</th>
|
||
<th>描述</th>
|
||
<th>示例</th>
|
||
<th>是否必需</th>
|
||
</tr>
|
||
</thead>
|
||
<tbody>
|
||
<tr>
|
||
<td><code>--oidc-issuer-url</code></td>
|
||
<td>允许 API server 发现公共签名密钥的提供者的 URL。只接受使用 <code>https://</code> 的方案。通常是提供商的 URL 地址,不包含路径,例如“<a href="https://accounts.google.com" target="_blank">https://accounts.google.com</a>” 或者 “<a href="https://login.salesforce.com" target="_blank">https://login.salesforce.com</a>”。这个 URL 应该指向下面的 .well-known/openid-configuration</td>
|
||
<td>如果发现 URL 是 <code>https://accounts.google.com/.well-known/openid-configuration</code>,值应该是<code>https://accounts.google.com</code></td>
|
||
<td>是</td>
|
||
</tr>
|
||
<tr>
|
||
<td><code>--oidc-client-id</code></td>
|
||
<td>所有的 token 必须为其颁发的客户端 ID</td>
|
||
<td>kubernetes</td>
|
||
<td>是</td>
|
||
</tr>
|
||
<tr>
|
||
<td><code>--oidc-username-claim</code></td>
|
||
<td>JWT声明使用的用户名。默认情况下,<code>sub</code> 是最终用户的唯一标识符。管理员可以选择其他声明,如<code>email</code> 或 <code>name</code>,具体取决于他们的提供者。不过,<code>email</code> 以外的其他声明将以发行者的 URL 作为前缀,以防止与其他插件命名冲突。</td>
|
||
<td>sub</td>
|
||
<td>否</td>
|
||
</tr>
|
||
<tr>
|
||
<td><code>--oidc-groups-claim</code></td>
|
||
<td>JWT声明使用的用户组。如果生命存在,它必须是一个字符串数组。</td>
|
||
<td>groups</td>
|
||
<td>否</td>
|
||
</tr>
|
||
<tr>
|
||
<td><code>--oidc-ca-file</code></td>
|
||
<td>用来签名您的身份提供商的网络 CA 证书的路径。默认为主机的跟 CA。</td>
|
||
<td><code>/etc/kubernetes/ssl/kc-ca.pem</code></td>
|
||
<td>否</td>
|
||
</tr>
|
||
</tbody>
|
||
</table>
|
||
<p>如果为 <code>--oidc-username-claim</code> 选择了除 <code>email</code> 以外的其他声明,则该值将以 <code>--oidc-issuer-url</code> 作为前缀,以防止与现有 Kubernetes 名称(例如 <code>system:users</code>)冲突。例如,如果提供商网址是 <a href="https://accounts.google.com,而用户名声明映射到" target="_blank">https://accounts.google.com,而用户名声明映射到</a> <code>jane</code>,则插件会将用户身份验证为:</p>
|
||
<pre class="language-"><code class="lang-http"><span class="token header-name keyword">https:</span>//accounts.google.com#jane
|
||
</code></pre>
|
||
<p>重要的是,API server 不是 OAuth2 客户端,而只能配置为信任单个发行者。这允许使用 Google 等公共提供者,而不必信任第三方发行的凭据。希望利用多个 OAuth 客户端的管理员应该探索支持 <code>azp</code>(授权方)声明的提供者,这是允许一个客户端代表另一个客户端发放令牌的机制。</p>
|
||
<p>Kubernetes不提供 OpenID Connect 身份提供商。您可以使用现有的公共 OpenID Connect 标识提供程序(例如Google 或 <a href="http://connect2id.com/products/nimbus-oauth-openid-connect-sdk/openid-connect-providers" target="_blank">其他</a>)。或者,您可以运行自己的身份提供程序,例如 CoreOS <a href="https://github.com/coreos/dex" target="_blank">dex</a>、<a href="https://github.com/keycloak/keycloak" target="_blank">Keycloak</a>、CloudFoundry <a href="https://github.com/cloudfoundry/uaa" target="_blank">UAA</a> 或 Tremolo Security 的 <a href="https://github.com/tremolosecurity/openunison" target="_blank">OpenUnison</a>。</p>
|
||
<p>对于身份提供商能够适用于 Kubernetes,必须满足如下条件:Kubernetes it must:</p>
|
||
<ol>
|
||
<li>支持 <a href="https://openid.net/specs/openid-connect-discovery-1_0.html" target="_blank">OpenID connect 发现</a>;不必是全部。</li>
|
||
<li>使用非过时密码在TLS中运行</li>
|
||
<li>拥有 CA 签名证书(即使 CA 不是商业 CA 或自签名)</li>
|
||
</ol>
|
||
<p>有关上述要求3的说明,需要 CA 签名证书。如果您部署自己的身份提供商(而不是像 Google 或 Microsoft 之类的云提供商),则必须让您的身份提供商的 Web 服务器证书由 CA 标志设置为 TRUE 的证书签名,即使是自签名的。这是由于 GoLang 的 TLS 客户端实现对证书验证的标准非常严格。如果您没有 <code>CA</code>,可以使用 <code>CoreOS</code> 团队的 <a href="https://github.com/coreos/dex/blob/1ee5920c54f5926d6468d2607c728b71cfe98092/examples/k8s/gencert.sh" target="_blank">这个脚本</a> 创建一个简单的 CA 和一个签名的证书和密钥对。</p>
|
||
<p>针对特定系统的安装说明:</p>
|
||
<ul>
|
||
<li><a href="https://apigee.com/about/blog/engineering/kubernetes-authentication-enterprise" target="_blank">UAA</a></li>
|
||
<li><a href="https://speakerdeck.com/ericchiang/kubernetes-access-control-with-dex" target="_blank">Dex</a></li>
|
||
<li><a href="https://github.com/TremoloSecurity/openunison-qs-kubernetes" target="_blank">OpenUnison</a></li>
|
||
</ul>
|
||
<h4 id="使用-kubectl">使用 kubectl</h4>
|
||
<h5 id="选项-1---oidc-身份验证器">选项 1 - OIDC 身份验证器</h5>
|
||
<p>第一个选项是使用 <code>oidc</code> 身份验证器。此身份验证程序将您的 <code>id_token</code>、<code>refresh_token</code> 和您的 OIDC <code>client_secret</code> 自动刷新您的 token。一旦您对身份提供者进行了身份验证:</p>
|
||
<pre class="language-"><code class="lang-bash">kubectl config set-credentials USER_NAME <span class="token punctuation">\</span>
|
||
--auth-provider<span class="token operator">=</span>oidc <span class="token punctuation">\</span>
|
||
--auth-provider-arg<span class="token operator">=</span>idp-issuer-url<span class="token operator">=</span><span class="token punctuation">(</span> issuer url <span class="token punctuation">)</span> <span class="token punctuation">\</span>
|
||
--auth-provider-arg<span class="token operator">=</span>client-id<span class="token operator">=</span><span class="token punctuation">(</span> your client <span class="token function">id</span> <span class="token punctuation">)</span> <span class="token punctuation">\</span>
|
||
--auth-provider-arg<span class="token operator">=</span>client-secret<span class="token operator">=</span><span class="token punctuation">(</span> your client secret <span class="token punctuation">)</span> <span class="token punctuation">\</span>
|
||
--auth-provider-arg<span class="token operator">=</span>refresh-token<span class="token operator">=</span><span class="token punctuation">(</span> your refresh token <span class="token punctuation">)</span> <span class="token punctuation">\</span>
|
||
--auth-provider-arg<span class="token operator">=</span>idp-certificate-authority<span class="token operator">=</span><span class="token punctuation">(</span> path to your ca certificate <span class="token punctuation">)</span> <span class="token punctuation">\</span>
|
||
--auth-provider-arg<span class="token operator">=</span>id-token<span class="token operator">=</span><span class="token punctuation">(</span> your id_token <span class="token punctuation">)</span> <span class="token punctuation">\</span>
|
||
--auth-provider-arg<span class="token operator">=</span>extra-scopes<span class="token operator">=</span><span class="token punctuation">(</span> comma separated list of scopes to <span class="token function">add</span> to <span class="token string">"openid email profile"</span>, optional <span class="token punctuation">)</span>
|
||
</code></pre>
|
||
<p>例如,在向身份提供者进行身份验证之后运行以下命令:</p>
|
||
<pre class="language-"><code class="lang-bash">kubectl config set-credentials mmosley <span class="token punctuation">\</span>
|
||
--auth-provider<span class="token operator">=</span>oidc <span class="token punctuation">\</span>
|
||
--auth-provider-arg<span class="token operator">=</span>idp-issuer-url<span class="token operator">=</span>https://oidcidp.tremolo.lan:8443/auth/idp/OidcIdP <span class="token punctuation">\</span>
|
||
--auth-provider-arg<span class="token operator">=</span>client-id<span class="token operator">=</span>kubernetes <span class="token punctuation">\</span>
|
||
--auth-provider-arg<span class="token operator">=</span>client-secret<span class="token operator">=</span>1db158f6-177d-4d9c-8a8b-d36869918ec5 <span class="token punctuation">\</span>
|
||
--auth-provider-arg<span class="token operator">=</span>refresh-token<span class="token operator">=</span>q1bKLFOyUiosTfawzA93TzZIDzH2TNa2SMm0zEiPKTUwME6BkEo6Sql5yUWVBSWpKUGphaWpxSVAfekBOZbBhaEW+VlFUeVRGcluyVF5JT4+haZmPsluFoFu5XkpXk5BXqHega4GAXlF+ma+vmYpFcHe5eZR+slBFpZKtQA<span class="token operator">=</span> <span class="token punctuation">\</span>
|
||
--auth-provider-arg<span class="token operator">=</span>idp-certificate-authority<span class="token operator">=</span>/root/ca.pem <span class="token punctuation">\</span>
|
||
--auth-provider-arg<span class="token operator">=</span>extra-scopes<span class="token operator">=</span>groups <span class="token punctuation">\</span>
|
||
--auth-provider-arg<span class="token operator">=</span>id-token<span class="token operator">=</span>eyJraWQiOiJDTj1vaWRjaWRwLnRyZW1vbG8ubGFuLCBPVT1EZW1vLCBPPVRybWVvbG8gU2VjdXJpdHksIEw9QXJsaW5ndG9uLCBTVD1WaXJnaW5pYSwgQz1VUy1DTj1rdWJlLWNhLTEyMDIxNDc5MjEwMzYwNzMyMTUyIiwiYWxnIjoiUlMyNTYifQ.eyJpc3MiOiJodHRwczovL29pZGNpZHAudHJlbW9sby5sYW46ODQ0My9hdXRoL2lkcC9PaWRjSWRQIiwiYXVkIjoia3ViZXJuZXRlcyIsImV4cCI6MTQ4MzU0OTUxMSwianRpIjoiMm96US15TXdFcHV4WDlHZUhQdy1hZyIsImlhdCI6MTQ4MzU0OTQ1MSwibmJmIjoxNDgzNTQ5MzMxLCJzdWIiOiI0YWViMzdiYS1iNjQ1LTQ4ZmQtYWIzMC0xYTAxZWU0MWUyMTgifQ.w6p4J_6qQ1HzTG9nrEOrubxIMb9K5hzcMPxc9IxPx2K4xO9l-oFiUw93daH3m5pluP6K7eOE6txBuRVfEcpJSwlelsOsW8gb8VJcnzMS9EnZpeA0tW_p-mnkFc3VcfyXuhe5R3G7aa5d8uHv70yJ9Y3-UhjiN9EhpMdfPAoEB9fYKKkJRzF7utTTIPGrSaSU6d2pcpfYKaxIwePzEkT4DfcQthoZdy9ucNvvLoi1DIC-UocFD8HLs8LYKEqSxQvOcvnThbObJ9af71EwmuE21fO5KzMW20KtAeget1gnldOosPtz1G5EwvaQ401-RPQzPGMVBld0_zMCAwZttJ4knw
|
||
</code></pre>
|
||
<p>将产生下面的配置:</p>
|
||
<pre class="language-"><code class="lang-yaml"><span class="token key atrule">users</span><span class="token punctuation">:</span>
|
||
<span class="token punctuation">-</span> <span class="token key atrule">name</span><span class="token punctuation">:</span> mmosley
|
||
<span class="token key atrule">user</span><span class="token punctuation">:</span>
|
||
<span class="token key atrule">auth-provider</span><span class="token punctuation">:</span>
|
||
<span class="token key atrule">config</span><span class="token punctuation">:</span>
|
||
<span class="token key atrule">client-id</span><span class="token punctuation">:</span> kubernetes
|
||
<span class="token key atrule">client-secret</span><span class="token punctuation">:</span> 1db158f6<span class="token punctuation">-</span>177d<span class="token punctuation">-</span>4d9c<span class="token punctuation">-</span>8a8b<span class="token punctuation">-</span>d36869918ec5
|
||
<span class="token key atrule">extra-scopes</span><span class="token punctuation">:</span> groups
|
||
<span class="token key atrule">id-token</span><span class="token punctuation">:</span> eyJraWQiOiJDTj1vaWRjaWRwLnRyZW1vbG8ubGFuLCBPVT1EZW1vLCBPPVRybWVvbG8gU2VjdXJpdHksIEw9QXJsaW5ndG9uLCBTVD1WaXJnaW5pYSwgQz1VUy1DTj1rdWJlLWNhLTEyMDIxNDc5MjEwMzYwNzMyMTUyIiwiYWxnIjoiUlMyNTYifQ.eyJpc3MiOiJodHRwczovL29pZGNpZHAudHJlbW9sby5sYW46ODQ0My9hdXRoL2lkcC9PaWRjSWRQIiwiYXVkIjoia3ViZXJuZXRlcyIsImV4cCI6MTQ4MzU0OTUxMSwianRpIjoiMm96US15TXdFcHV4WDlHZUhQdy1hZyIsImlhdCI6MTQ4MzU0OTQ1MSwibmJmIjoxNDgzNTQ5MzMxLCJzdWIiOiI0YWViMzdiYS1iNjQ1LTQ4ZmQtYWIzMC0xYTAxZWU0MWUyMTgifQ.w6p4J_6qQ1HzTG9nrEOrubxIMb9K5hzcMPxc9IxPx2K4xO9l<span class="token punctuation">-</span>oFiUw93daH3m5pluP6K7eOE6txBuRVfEcpJSwlelsOsW8gb8VJcnzMS9EnZpeA0tW_p<span class="token punctuation">-</span>mnkFc3VcfyXuhe5R3G7aa5d8uHv70yJ9Y3<span class="token punctuation">-</span>UhjiN9EhpMdfPAoEB9fYKKkJRzF7utTTIPGrSaSU6d2pcpfYKaxIwePzEkT4DfcQthoZdy9ucNvvLoi1DIC<span class="token punctuation">-</span>UocFD8HLs8LYKEqSxQvOcvnThbObJ9af71EwmuE21fO5KzMW20KtAeget1gnldOosPtz1G5EwvaQ401<span class="token punctuation">-</span>RPQzPGMVBld0_zMCAwZttJ4knw
|
||
<span class="token key atrule">idp-certificate-authority</span><span class="token punctuation">:</span> /root/ca.pem
|
||
<span class="token key atrule">idp-issuer-url</span><span class="token punctuation">:</span> https<span class="token punctuation">:</span>//oidcidp.tremolo.lan<span class="token punctuation">:</span>8443/auth/idp/OidcIdP
|
||
<span class="token key atrule">refresh-token</span><span class="token punctuation">:</span> q1bKLFOyUiosTfawzA93TzZIDzH2TNa2SMm0zEiPKTUwME6BkEo6Sql5yUWVBSWpKUGphaWpxSVAfekBOZbBhaEW+VlFUeVRGcluyVF5JT4+haZmPsluFoFu5XkpXk5BXq
|
||
<span class="token key atrule">name</span><span class="token punctuation">:</span> oidc
|
||
</code></pre>
|
||
<p>一旦您的 <code>id_token</code> 过期,<code>kubectl</code> 将使用 <code>refresh_token</code> 刷新 <code>id_token</code>,然后在 <code>kube/.config</code> 文件的<code>client_secret</code> 中存储 <code>id_token</code> 的值和<code>refresh_token</code> 的新值。</p>
|
||
<h5 id="选项-2---使用---token-选项">选项 2 - 使用 <code>--token</code> 选项</h5>
|
||
<p>可以在 <code>kubectl</code> 命令的 <code>--token</code> 选项中传入 token。简单的拷贝和复制 <code>id_token</code> 到该选项中:</p>
|
||
<pre class="language-"><code class="lang-bash">kubectl --token<span class="token operator">=</span>eyJhbGciOiJSUzI1NiJ9.eyJpc3MiOiJodHRwczovL21sYi50cmVtb2xvLmxhbjo4MDQzL2F1dGgvaWRwL29pZGMiLCJhdWQiOiJrdWJlcm5ldGVzIiwiZXhwIjoxNDc0NTk2NjY5LCJqdGkiOiI2RDUzNXoxUEpFNjJOR3QxaWVyYm9RIiwiaWF0IjoxNDc0NTk2MzY5LCJuYmYiOjE0NzQ1OTYyNDksInN1YiI6Im13aW5kdSIsInVzZXJfcm9sZSI6WyJ1c2VycyIsIm5ldy1uYW1lc3BhY2Utdmlld2VyIl0sImVtYWlsIjoibXdpbmR1QG5vbW9yZWplZGkuY29tIn0.f2As579n9VNoaKzoF-dOQGmXkFKf1FMyNV0-va_B63jn-_n9LGSCca_6IVMP8pO-Zb4KvRqGyTP0r3HkHxYy5c81AnIh8ijarruczl-TK_yF5akjSTHFZD-0gRzlevBDiH8Q79NAr-ky0P4iIXS8lY9Vnjch5MF74Zx0c3alKJHJUnnpjIACByfF2SCaYzbWFMUNat-K1PaUk5-ujMBG7yYnr95xD-63n8CO8teGUAAEMx6zRjzfhnhbzX-ajwZLGwGUBT4WqjMs70-6a7_8gZmLZb2az1cZynkFRj2BaCkVT3A2RrjeEwZEtGXlMqKJ1_I2ulrOVsYx01_yD35-rw get nodes
|
||
</code></pre>
|
||
<h3 id="webhook-token-认证">Webhook Token 认证</h3>
|
||
<p>Webhook 认证是用来认证 bearer token 的 hook。</p>
|
||
<ul>
|
||
<li><code>--authentication-token-webhook-config-file</code> 是一个用来描述如何访问远程 webhook 服务的 kubeconfig 文件。</li>
|
||
<li><code>--authentication-token-webhook-cache-ttl</code> 缓存身份验证策略的时间。默认为两分钟。</li>
|
||
</ul>
|
||
<p>配置文件使用 <a href="https://kubernetes.io/docs/concepts/cluster-administration/authenticate-across-clusters-kubeconfig/" target="_blank">kubeconfig</a> 文件格式。文件中的 ”user“ 指的是 API server 的 webhook,”clusters“ 是指远程服务。见下面的例子:</p>
|
||
<pre class="language-"><code class="lang-yaml"><span class="token comment"># clusters refers to the remote service.</span>
|
||
<span class="token key atrule">clusters</span><span class="token punctuation">:</span>
|
||
<span class="token punctuation">-</span> <span class="token key atrule">name</span><span class="token punctuation">:</span> name<span class="token punctuation">-</span>of<span class="token punctuation">-</span>remote<span class="token punctuation">-</span>authn<span class="token punctuation">-</span>service
|
||
<span class="token key atrule">cluster</span><span class="token punctuation">:</span>
|
||
<span class="token key atrule">certificate-authority</span><span class="token punctuation">:</span> /path/to/ca.pem <span class="token comment"># CA for verifying the remote service.</span>
|
||
<span class="token key atrule">server</span><span class="token punctuation">:</span> https<span class="token punctuation">:</span>//authn.example.com/authenticate <span class="token comment"># URL of remote service to query. Must use 'https'.</span>
|
||
|
||
<span class="token comment"># users refers to the API server's webhook configuration.</span>
|
||
<span class="token key atrule">users</span><span class="token punctuation">:</span>
|
||
<span class="token punctuation">-</span> <span class="token key atrule">name</span><span class="token punctuation">:</span> name<span class="token punctuation">-</span>of<span class="token punctuation">-</span>api<span class="token punctuation">-</span>server
|
||
<span class="token key atrule">user</span><span class="token punctuation">:</span>
|
||
<span class="token key atrule">client-certificate</span><span class="token punctuation">:</span> /path/to/cert.pem <span class="token comment"># cert for the webhook plugin to use</span>
|
||
<span class="token key atrule">client-key</span><span class="token punctuation">:</span> /path/to/key.pem <span class="token comment"># key matching the cert</span>
|
||
|
||
<span class="token comment"># kubeconfig files require a context. Provide one for the API server.</span>
|
||
<span class="token key atrule">current-context</span><span class="token punctuation">:</span> webhook
|
||
<span class="token key atrule">contexts</span><span class="token punctuation">:</span>
|
||
<span class="token punctuation">-</span> <span class="token key atrule">context</span><span class="token punctuation">:</span>
|
||
<span class="token key atrule">cluster</span><span class="token punctuation">:</span> name<span class="token punctuation">-</span>of<span class="token punctuation">-</span>remote<span class="token punctuation">-</span>authn<span class="token punctuation">-</span>service
|
||
<span class="token key atrule">user</span><span class="token punctuation">:</span> name<span class="token punctuation">-</span>of<span class="token punctuation">-</span>api<span class="token punctuation">-</span>sever
|
||
<span class="token key atrule">name</span><span class="token punctuation">:</span> webhook
|
||
</code></pre>
|
||
<p>当客户端尝试使用 bearer token 与API server 进行认证是,如上论述,认证 webhook 用饱含该 token 的对象查询远程服务。Kubernetes 不会挑战缺少该 header 的请求。</p>
|
||
<p>请注意,webhook API对象与其他 Kubernetes API 对象具有相同的 <a href="https://kubernetes.io/docs/concepts/overview/kubernetes-api/" target="_blank">版本控制兼容性规则</a>。实现者应该意识到 Beta 对象的宽松兼容性承诺,并检查请求的 “apiVersion” 字段以确保正确的反序列化。此外,API server 必须启用 <code>authentication.k8s.io/v1beta1</code> API 扩展组(<code>--runtime config =authentication.k8s.io/v1beta1=true</code>)。</p>
|
||
<p>The request body will be of the following format:</p>
|
||
<pre class="language-"><code class="lang-json"><span class="token punctuation">{</span>
|
||
<span class="token property">"apiVersion"</span><span class="token operator">:</span> <span class="token string">"authentication.k8s.io/v1beta1"</span><span class="token punctuation">,</span>
|
||
<span class="token property">"kind"</span><span class="token operator">:</span> <span class="token string">"TokenReview"</span><span class="token punctuation">,</span>
|
||
<span class="token property">"spec"</span><span class="token operator">:</span> <span class="token punctuation">{</span>
|
||
<span class="token property">"token"</span><span class="token operator">:</span> <span class="token string">"(BEARERTOKEN)"</span>
|
||
<span class="token punctuation">}</span>
|
||
<span class="token punctuation">}</span>
|
||
</code></pre>
|
||
<p>预计远程服务将填写请求的 <code>status</code> 字段以指示登录成功。响应主体的 <code>spec</code> 字段被忽略,可以省略。成功验证后的 bearer token 将返回:</p>
|
||
<pre class="language-"><code class="lang-json"><span class="token punctuation">{</span>
|
||
<span class="token property">"apiVersion"</span><span class="token operator">:</span> <span class="token string">"authentication.k8s.io/v1beta1"</span><span class="token punctuation">,</span>
|
||
<span class="token property">"kind"</span><span class="token operator">:</span> <span class="token string">"TokenReview"</span><span class="token punctuation">,</span>
|
||
<span class="token property">"status"</span><span class="token operator">:</span> <span class="token punctuation">{</span>
|
||
<span class="token property">"authenticated"</span><span class="token operator">:</span> <span class="token boolean">true</span><span class="token punctuation">,</span>
|
||
<span class="token property">"user"</span><span class="token operator">:</span> <span class="token punctuation">{</span>
|
||
<span class="token property">"username"</span><span class="token operator">:</span> <span class="token string">"janedoe@example.com"</span><span class="token punctuation">,</span>
|
||
<span class="token property">"uid"</span><span class="token operator">:</span> <span class="token string">"42"</span><span class="token punctuation">,</span>
|
||
<span class="token property">"groups"</span><span class="token operator">:</span> <span class="token punctuation">[</span>
|
||
<span class="token string">"developers"</span><span class="token punctuation">,</span>
|
||
<span class="token string">"qa"</span>
|
||
<span class="token punctuation">]</span><span class="token punctuation">,</span>
|
||
<span class="token property">"extra"</span><span class="token operator">:</span> <span class="token punctuation">{</span>
|
||
<span class="token property">"extrafield1"</span><span class="token operator">:</span> <span class="token punctuation">[</span>
|
||
<span class="token string">"extravalue1"</span><span class="token punctuation">,</span>
|
||
<span class="token string">"extravalue2"</span>
|
||
<span class="token punctuation">]</span>
|
||
<span class="token punctuation">}</span>
|
||
<span class="token punctuation">}</span>
|
||
<span class="token punctuation">}</span>
|
||
<span class="token punctuation">}</span>
|
||
</code></pre>
|
||
<p>未成功的请求将返回:</p>
|
||
<pre class="language-"><code class="lang-json"><span class="token punctuation">{</span>
|
||
<span class="token property">"apiVersion"</span><span class="token operator">:</span> <span class="token string">"authentication.k8s.io/v1beta1"</span><span class="token punctuation">,</span>
|
||
<span class="token property">"kind"</span><span class="token operator">:</span> <span class="token string">"TokenReview"</span><span class="token punctuation">,</span>
|
||
<span class="token property">"status"</span><span class="token operator">:</span> <span class="token punctuation">{</span>
|
||
<span class="token property">"authenticated"</span><span class="token operator">:</span> <span class="token boolean">false</span>
|
||
<span class="token punctuation">}</span>
|
||
<span class="token punctuation">}</span>
|
||
</code></pre>
|
||
<p>HTTP状态代码可以用来提供额外的错误上下文。</p>
|
||
<h3 id="认证代理">认证代理</h3>
|
||
<p>可以配置 API server 从请求 header 的值中识别用户,例如 <code>X-Remote-User</code>。这样的设计是用来与请求 header 值的验证代理结合使用。</p>
|
||
<ul>
|
||
<li><code>--requestheader-username-headers</code> 必需,大小写敏感。按 header 名称和顺序检查用户标识。包含值的第一个 header 将被作为用户名。</li>
|
||
<li><code>--requestheader-group-headers</code> 1.6 以上版本。可选。大小写敏感。建议为 “X-Remote-Group”。按 header 名称和顺序检查用户组。所有指定的 header 中的所有值都将作为组名。 </li>
|
||
<li><code>--requestheader-extra-headers-prefix</code> 1.6 以上版本。可选,大小写敏感。建议为 “X-Remote-Extra-”。标题前缀可用于查找有关用户的额外信息(通常由配置的授权插件使用)。以任何指定的前缀开头的 header 都会删除前缀,header 名称的其余部分将成为额外的键值,而 header 值则是额外的值。</li>
|
||
</ul>
|
||
<p>例如下面的配置:</p>
|
||
<pre class="language-"><code class="lang-bash">--requestheader-username-headers<span class="token operator">=</span>X-Remote-User
|
||
--requestheader-group-headers<span class="token operator">=</span>X-Remote-Group
|
||
--requestheader-extra-headers-prefix<span class="token operator">=</span>X-Remote-Extra-
|
||
</code></pre>
|
||
<p>该请求:</p>
|
||
<pre class="language-"><code class="lang-http">GET / HTTP/1.1
|
||
<span class="token header-name keyword">X-Remote-User:</span> fido
|
||
<span class="token header-name keyword">X-Remote-Group:</span> dogs
|
||
<span class="token header-name keyword">X-Remote-Group:</span> dachshunds
|
||
<span class="token header-name keyword">X-Remote-Extra-Scopes:</span> openid
|
||
<span class="token header-name keyword">X-Remote-Extra-Scopes:</span> profile
|
||
</code></pre>
|
||
<p>将产生如下的用户信息:</p>
|
||
<pre class="language-"><code class="lang-yaml"><span class="token key atrule">name</span><span class="token punctuation">:</span> fido
|
||
<span class="token key atrule">groups</span><span class="token punctuation">:</span>
|
||
<span class="token punctuation">-</span> dogs
|
||
<span class="token punctuation">-</span> dachshunds
|
||
<span class="token key atrule">extra</span><span class="token punctuation">:</span>
|
||
<span class="token key atrule">scopes</span><span class="token punctuation">:</span>
|
||
<span class="token punctuation">-</span> openid
|
||
<span class="token punctuation">-</span> profile
|
||
</code></pre>
|
||
<p>为了防止 header 欺骗,验证代理需要在验证请求 header 之前向 API server 提供有效的客户端证书,以对照指定的 CA 进行验证。</p>
|
||
<ul>
|
||
<li><code>--requestheader-client-ca-file</code> 必需。PEM 编码的证书包。在检查用户名的请求 header 之前,必须针对指定文件中的证书颁发机构提交并验证有效的客户端证书。</li>
|
||
<li><code>--requestheader-allowed-names</code> 可选。Common Name (cn)列表。如果设置了,则在检查用户名的请求 header 之前, 必须提供指定列表中 Common Name(cn)的有效客户端证书。如果为空,则允许使用任何 Common Name。</li>
|
||
</ul>
|
||
<h3 id="keystone-密码">Keystone 密码</h3>
|
||
<p>通过在启动过程中将 <code>--experimental-keystone-url=<span class="token tag"><span class="token tag"><span class="token punctuation"><</span>AuthURL</span><span class="token punctuation">></span></span></code> 选项传递给 API server 来启用 Keystone 认证。该插件在 <code>plugin/pkg/auth/authenticator/password/keystone/keystone.go</code> 中实现,目前使用基本身份验证通过用户名和密码验证用户。</p>
|
||
<p>如果您为 Keystone 服务器配置了自签名证书,则在启动 Kubernetes API server 时可能需要设置 <code>--experimental-keystone-ca-file=SOMEFILE</code> 选项。如果您设置了该选项,Keystone 服务器的证书将由<code>experimental-keystone-ca-file</code> 中的某个权威机构验证。否则,证书由主机的根证书颁发机构验证。</p>
|
||
<p>有关如何使用 keystone 来管理项目和用户的详细信息,请参阅 <a href="http://docs.openstack.org/developer/keystone/" target="_blank">Keystone 文档</a>。请注意,这个插件仍处于试验阶段,正在积极开发之中,并可能在后续版本中进行更改。</p>
|
||
<p>请参考 <a href="https://github.com/kubernetes/kubernetes/pull/11798#issuecomment-129655212" target="_blank">讨论</a>、<a href="https://github.com/kubernetes/kubernetes/issues/11626" target="_blank">蓝图</a> 和 <a href="https://github.com/kubernetes/kubernetes/pull/25536" target="_blank">提出的改变</a> 获取更多信息。</p>
|
||
<h2 id="匿名请求">匿名请求</h2>
|
||
<p>启用时,未被其他已配置身份验证方法拒绝的请求将被视为匿名请求,并给予 <code>system:anonymous</code> 的用户名和<code>system:unuthenticated</code> 的组名。</p>
|
||
<p>例如,在配置了令牌认证和启用了匿名访问的服务器上,提供无效的 bearer token 的请求将收到 <code>401 Unauthorized</code> 错误。提供 bearer token 的请求将被视为匿名请求。</p>
|
||
<p>在 1.5.1 - 1.5.x 版本中,默认情况下命名访问是被禁用的,可以通过传递 <code>--anonymous-auth=false</code> 选项给 API server 来启用。</p>
|
||
<p>在 1.6+ 版本中,如果使用 <code>AlwaysAllow</code> 以外的授权模式,则默认启用匿名访问,并且可以通过将 <code>--anonymous-auth=false</code>选项传递给API服务器来禁用。从 1.6 开始,ABAC 和 RBAC 授权人需要明确授权 <code>system:annoymous</code> 或 <code>system:unauthenticated</code> 组,因此授予对 <code>*</code> 用户或 <code>*</code> 组访问权的传统策略规则不包括匿名用户。</p>
|
||
<h2 id="用户模拟">用户模拟</h2>
|
||
<p>用户可以通过模拟 header 充当另一个用户。该请求会覆盖请求认证的用户信息。例如,管理员可以使用此功能通过暂时模拟其他用户并查看请求是否被拒绝来调试授权策略。</p>
|
||
<p>模拟请求首先认证为请求用户,然后切换到模拟的用户信息。</p>
|
||
<ul>
|
||
<li>用户使用他们的凭证<em>和</em>模拟 header 进行 API 调用。</li>
|
||
<li>API server 认证用户</li>
|
||
<li>API server 确保经过身份验证的用户具有模拟权限。</li>
|
||
<li>请求用户的信息被替换为模拟值</li>
|
||
<li>请求被评估,授权作用于模拟的用户信息。</li>
|
||
</ul>
|
||
<p>以下 HTTP header 可用户执行模拟请求:</p>
|
||
<ul>
|
||
<li><code>Impersonate-User</code>:充当的用户名</li>
|
||
<li><code>Impersonate-Group</code>:作为组名。可以多次使用来设置多个组。可选的,需要 “Impersonate-User”</li>
|
||
<li><code>Impersonate-Extra-( extra name )</code>:用于将额外字段与用户关联的动态 header。可选。需要 “Impersonate-User”</li>
|
||
</ul>
|
||
<p>一组示例 header:</p>
|
||
<pre class="language-"><code class="lang-http"><span class="token header-name keyword">Impersonate-User:</span> jane.doe@example.com
|
||
<span class="token header-name keyword">Impersonate-Group:</span> developers
|
||
<span class="token header-name keyword">Impersonate-Group:</span> admins
|
||
<span class="token header-name keyword">Impersonate-Extra-dn:</span> cn=jane,ou=engineers,dc=example,dc=com
|
||
<span class="token header-name keyword">Impersonate-Extra-scopes:</span> view
|
||
<span class="token header-name keyword">Impersonate-Extra-scopes:</span> development
|
||
</code></pre>
|
||
<p>当使用 <code>kubectl</code> 的 <code>--as</code> 标志来配置 <code>Impersonate-User</code> header 时,可以使用 <code>--as-group</code> 标志来配置 <code>Impersonate-Group</code> header。</p>
|
||
<pre class="language-"><code class="lang-bash">$ kubectl drain mynode
|
||
Error from server <span class="token punctuation">(</span>Forbidden<span class="token punctuation">)</span>: User <span class="token string">"clark"</span> cannot get nodes at the cluster scope. <span class="token punctuation">(</span>get nodes mynode<span class="token punctuation">)</span>
|
||
|
||
$ kubectl drain mynode --as<span class="token operator">=</span>superman --as-group<span class="token operator">=</span>system:masters
|
||
node <span class="token string">"mynode"</span> cordoned
|
||
node <span class="token string">"mynode"</span> draine
|
||
</code></pre>
|
||
<p>为模仿用户、组或设置额外字段,模拟用户必须能够对正在模拟的属性的种类(“用户”,“组”等)执行“模拟”动词。对于启用了 RBAC 授权插件的集群,以下 ClusterRole 包含设置用户和组模拟 header 所需的规则:</p>
|
||
<pre class="language-"><code class="lang-yaml"><span class="token key atrule">apiVersion</span><span class="token punctuation">:</span> rbac.authorization.k8s.io/v1
|
||
<span class="token key atrule">kind</span><span class="token punctuation">:</span> ClusterRole
|
||
<span class="token key atrule">metadata</span><span class="token punctuation">:</span>
|
||
<span class="token key atrule">name</span><span class="token punctuation">:</span> impersonator
|
||
<span class="token key atrule">rules</span><span class="token punctuation">:</span>
|
||
<span class="token punctuation">-</span> <span class="token key atrule">apiGroups</span><span class="token punctuation">:</span> <span class="token punctuation">[</span><span class="token string">""</span><span class="token punctuation">]</span>
|
||
<span class="token key atrule">resources</span><span class="token punctuation">:</span> <span class="token punctuation">[</span><span class="token string">"users"</span><span class="token punctuation">,</span> <span class="token string">"groups"</span><span class="token punctuation">,</span> <span class="token string">"serviceaccounts"</span><span class="token punctuation">]</span>
|
||
<span class="token key atrule">verbs</span><span class="token punctuation">:</span> <span class="token punctuation">[</span><span class="token string">"impersonate"</span><span class="token punctuation">]</span>
|
||
</code></pre>
|
||
<p>额外的字段被评估为资源 “userextras” 的子资源。为了允许用户使用额外字段 “scope” 的模拟 header,应授予用户以下角色:</p>
|
||
<pre class="language-"><code class="lang-yaml"><span class="token key atrule">apiVersion</span><span class="token punctuation">:</span> rbac.authorization.k8s.io/v1
|
||
<span class="token key atrule">kind</span><span class="token punctuation">:</span> ClusterRole
|
||
<span class="token key atrule">metadata</span><span class="token punctuation">:</span>
|
||
<span class="token key atrule">name</span><span class="token punctuation">:</span> scopes<span class="token punctuation">-</span>impersonator
|
||
<span class="token comment"># Can set "Impersonate-Extra-scopes" header.</span>
|
||
<span class="token punctuation">-</span> <span class="token key atrule">apiGroups</span><span class="token punctuation">:</span> <span class="token punctuation">[</span><span class="token string">"authentication.k8s.io"</span><span class="token punctuation">]</span>
|
||
<span class="token key atrule">resources</span><span class="token punctuation">:</span> <span class="token punctuation">[</span><span class="token string">"userextras/scopes"</span><span class="token punctuation">]</span>
|
||
<span class="token key atrule">verbs</span><span class="token punctuation">:</span> <span class="token punctuation">[</span><span class="token string">"impersonate"</span><span class="token punctuation">]</span>
|
||
</code></pre>
|
||
<p>模拟 header 的可用值可以通过设置 <code>resourceNames</code> 可以使用的资源来限制。</p>
|
||
<pre class="language-"><code class="lang-yaml"><span class="token key atrule">apiVersion</span><span class="token punctuation">:</span> rbac.authorization.k8s.io/v1
|
||
<span class="token key atrule">kind</span><span class="token punctuation">:</span> ClusterRole
|
||
<span class="token key atrule">metadata</span><span class="token punctuation">:</span>
|
||
<span class="token key atrule">name</span><span class="token punctuation">:</span> limited<span class="token punctuation">-</span>impersonator
|
||
<span class="token key atrule">rules</span><span class="token punctuation">:</span>
|
||
<span class="token comment"># Can impersonate the user "jane.doe@example.com"</span>
|
||
<span class="token punctuation">-</span> <span class="token key atrule">apiGroups</span><span class="token punctuation">:</span> <span class="token punctuation">[</span><span class="token string">""</span><span class="token punctuation">]</span>
|
||
<span class="token key atrule">resources</span><span class="token punctuation">:</span> <span class="token punctuation">[</span><span class="token string">"users"</span><span class="token punctuation">]</span>
|
||
<span class="token key atrule">verbs</span><span class="token punctuation">:</span> <span class="token punctuation">[</span><span class="token string">"impersonate"</span><span class="token punctuation">]</span>
|
||
<span class="token key atrule">resourceNames</span><span class="token punctuation">:</span> <span class="token punctuation">[</span><span class="token string">"jane.doe@example.com"</span><span class="token punctuation">]</span>
|
||
|
||
<span class="token comment"># Can impersonate the groups "developers" and "admins"</span>
|
||
<span class="token punctuation">-</span> <span class="token key atrule">apiGroups</span><span class="token punctuation">:</span> <span class="token punctuation">[</span><span class="token string">""</span><span class="token punctuation">]</span>
|
||
<span class="token key atrule">resources</span><span class="token punctuation">:</span> <span class="token punctuation">[</span><span class="token string">"groups"</span><span class="token punctuation">]</span>
|
||
<span class="token punctuation">-</span> <span class="token key atrule">verbs</span><span class="token punctuation">:</span> <span class="token punctuation">[</span><span class="token string">"impersonate"</span><span class="token punctuation">]</span>
|
||
<span class="token key atrule">resourceNames</span><span class="token punctuation">:</span> <span class="token punctuation">[</span><span class="token string">"developers"</span><span class="token punctuation">,</span><span class="token string">"admins"</span><span class="token punctuation">]</span>
|
||
|
||
<span class="token comment"># Can impersonate the extras field "scopes" with the values "view" and "development"</span>
|
||
<span class="token punctuation">-</span> <span class="token key atrule">apiGroups</span><span class="token punctuation">:</span> <span class="token punctuation">[</span><span class="token string">"authentication.k8s.io"</span><span class="token punctuation">]</span>
|
||
<span class="token key atrule">resources</span><span class="token punctuation">:</span> <span class="token punctuation">[</span><span class="token string">"userextras/scopes"</span><span class="token punctuation">]</span>
|
||
<span class="token key atrule">verbs</span><span class="token punctuation">:</span> <span class="token punctuation">[</span><span class="token string">"impersonate"</span><span class="token punctuation">]</span>
|
||
<span class="token key atrule">resourceNames</span><span class="token punctuation">:</span> <span class="token punctuation">[</span><span class="token string">"view"</span><span class="token punctuation">,</span> <span class="token string">"development"</span><span class="token punctuation">]</span>
|
||
</code></pre>
|
||
<h2 id="附录">附录</h2>
|
||
<h3 id="创建证书">创建证书</h3>
|
||
<p>使用客户端证书进行身份验证时,可以使用现有的部署脚本或通过 <code>easyrsa</code> 或 <code>openssl</code> 手动生成证书。</p>
|
||
<h4 id="使用已有的部署脚本">使用已有的部署脚本</h4>
|
||
<p><strong>已有的部署脚本</strong> 在 <code>cluster/saltbase/salt/generate-cert/make-ca-cert.sh</code>。</p>
|
||
<p>执行该脚本时需要传递两个参数。第一个参数是 API server 的 IP地址。第二个参数是 IP 形式的主题备用名称列表: <code>IP:<span class="token tag"><span class="token tag"><span class="token punctuation"><</span>ip-address</span><span class="token punctuation">></span></span></code> 或 <code>DNS:<span class="token tag"><span class="token tag"><span class="token punctuation"><</span>dns-name</span><span class="token punctuation">></span></span></code>。</p>
|
||
<p>该脚本将生成三个文件: <code>ca.crt</code>、<code>server.crt</code> 和 <code>server.key</code>。</p>
|
||
<p>最后,将一下参数添加到 API server 的启动参数中:</p>
|
||
<ul>
|
||
<li><code>--client-ca-file=/srv/kubernetes/ca.crt</code></li>
|
||
<li><code>--tls-cert-file=/srv/kubernetes/server.crt</code></li>
|
||
<li><code>--tls-private-key-file=/srv/kubernetes/server.key</code></li>
|
||
</ul>
|
||
<h4 id="easyrsa">easyrsa</h4>
|
||
<p><strong>easyrsa</strong> 可以用来手动为集群生成证书。</p>
|
||
<ol>
|
||
<li><p>下载,解压,并初始化修补版本的easyrsa3。</p>
|
||
<pre class="language-"><code class="lang-bash"><span class="token function">curl</span> -L -O https://storage.googleapis.com/kubernetes-release/easy-rsa/easy-rsa.tar.gz
|
||
<span class="token function">tar</span> xzf easy-rsa.tar.gz
|
||
<span class="token builtin class-name">cd</span> easy-rsa-master/easyrsa3
|
||
./easyrsa init-pki
|
||
</code></pre>
|
||
</li>
|
||
<li><p>生成 CA(使用 <code>--batch</code> 设置为自动模式。使用 <code>--req-cn</code> 设置默认的 CN)</p>
|
||
<pre class="language-"><code class="lang-bash">./easyrsa --batch <span class="token string">"--req-cn=<span class="token variable">${MASTER_IP}</span>@<span class="token variable"><span class="token variable">`</span><span class="token function">date</span> +%s<span class="token variable">`</span></span>"</span> build-ca nopass
|
||
</code></pre>
|
||
</li>
|
||
<li><p>生成服务器证书和密钥。(build-server-full [文件名]:生成一个键值对,在本地为客户端和服务器签名。)</p>
|
||
<pre class="language-"><code class="lang-bash">./easyrsa --subject-alt-name<span class="token operator">=</span><span class="token string">"IP:<span class="token variable">${MASTER_IP}</span>"</span> build-server-full server nopass
|
||
</code></pre>
|
||
</li>
|
||
<li><p>复制 <code>pki/ca.crt</code>, <code>pki/issued/server.crt</code> 和 <code>pki/private/server.key</code> 到您的目录下。</p>
|
||
</li>
|
||
<li><p>将以下参数添加到 API server 的启动参数中:</p>
|
||
<pre class="language-"><code class="lang-bash">--client-ca-file<span class="token operator">=</span>/yourdirectory/ca.crt
|
||
--tls-cert-file<span class="token operator">=</span>/yourdirectory/server.crt
|
||
--tls-private-key-file<span class="token operator">=</span>/yourdirectory/server.key
|
||
</code></pre>
|
||
</li>
|
||
</ol>
|
||
<h4 id="openssl">openssl</h4>
|
||
<p><strong>openssl</strong> 可以用来手动为集群生成证书。</p>
|
||
<ol>
|
||
<li><p>生成一个 2048 bit 的 ca.key:</p>
|
||
<pre class="language-"><code class="lang-bash">openssl genrsa -out ca.key <span class="token number">2048</span>
|
||
</code></pre>
|
||
</li>
|
||
<li><p>根据 ca.key 生成一个 ca.crt(使用 -days 设置证书的有效时间):</p>
|
||
<pre class="language-"><code class="lang-bash">openssl req -x509 -new -nodes -key ca.key -subj <span class="token string">"/CN=<span class="token variable">${MASTER_IP}</span>"</span> -days <span class="token number">10000</span> -out ca.crt
|
||
</code></pre>
|
||
</li>
|
||
<li><p>生成一个 2048 bit 的 server.key:</p>
|
||
<pre class="language-"><code class="lang-bash">openssl genrsa -out server.key <span class="token number">2048</span>
|
||
</code></pre>
|
||
</li>
|
||
<li><p>根据 server.key 生成一个 server.csr:</p>
|
||
<pre class="language-"><code class="lang-bash">openssl req -new -key server.key -subj <span class="token string">"/CN=<span class="token variable">${MASTER_IP}</span>"</span> -out server.csr
|
||
</code></pre>
|
||
</li>
|
||
<li><p>根据 ca.key、ca.crt 和 server.csr 生成 server.crt:</p>
|
||
<pre class="language-"><code class="lang-bash">openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days <span class="token number">10000</span>
|
||
</code></pre>
|
||
</li>
|
||
<li><p>查看证书:</p>
|
||
<pre class="language-"><code class="lang-bash">openssl x509 -noout -text -in ./server.crt
|
||
</code></pre>
|
||
</li>
|
||
</ol>
|
||
<p>最后,不要忘了向 API server 的启动参数中增加配置。</p>
|
||
<h4 id="认证-api">认证 API</h4>
|
||
<p>您可以使用 <code>certificates.k8s.io</code> API将 x509 证书配置为用于身份验证,如 <a href="https://kubernetes.io/docs/tasks/tls/managing-tls-in-a-cluster" target="_blank">此处</a> 所述。
|
||
官方最新文档地址:<a href="https://kubernetes.io/docs/admin/authentication/" target="_blank">https://kubernetes.io/docs/admin/authentication/</a></p>
|
||
<p>译者:<a href="https://jimmysong.io" target="_blank">Jimmy Song</a></p>
|
||
<footer class="page-footer"><span class="copyright"><p><a href="https://time.geekbang.org/column/intro/292?code=EhFrzVKvIro8U06UyaeLCCdmbpk7g010iXprzDxW17I%3D&utm_term=SPoster" target="_blank">给开发者和架构师的云计算指南 - 极客时间专栏《深入浅出云计算》</a> | <a href="https://jimmysong.io/contact/" target="_blank">加入云原生社区</a></p>Copyright © 2017-2020 | Distributed under <a href="https://creativecommons.org/licenses/by-nc-sa/4.0/deed.zh" target="_blank">CC BY 4.0</a> | <a href="https://jimmysong.io" target="_blank">jimmysong.io</a> all right reserved,powered by Gitbook</span><span class="footer-modification"> Updated at
|
||
2019-04-24 14:28:19
|
||
</span></footer></body></html>
|
||
|
||
</section>
|
||
|
||
</div>
|
||
<div class="search-results">
|
||
<div class="has-results">
|
||
|
||
<h1 class="search-results-title"><span class='search-results-count'></span> results matching "<span class='search-query'></span>"</h1>
|
||
<ul class="search-results-list"></ul>
|
||
|
||
</div>
|
||
<div class="no-results">
|
||
|
||
<h1 class="search-results-title">No results matching "<span class='search-query'></span>"</h1>
|
||
|
||
</div>
|
||
</div>
|
||
</div>
|
||
|
||
</div>
|
||
</div>
|
||
|
||
</div>
|
||
|
||
|
||
|
||
<a href="auth-with-kubeconfig-or-token.html" class="navigation navigation-prev " aria-label="Previous page: 使用kubeconfig或token进行用户身份认证">
|
||
<i class="fa fa-angle-left"></i>
|
||
</a>
|
||
|
||
|
||
<a href="kubernetes-security-best-practice.html" class="navigation navigation-next " aria-label="Next page: Kubernetes集群安全性配置最佳实践">
|
||
<i class="fa fa-angle-right"></i>
|
||
</a>
|
||
|
||
|
||
|
||
</div>
|
||
|
||
<script>
|
||
var gitbook = gitbook || [];
|
||
gitbook.push(function() {
|
||
gitbook.page.hasChanged({"page":{"title":"Kubernetes中的用户与身份认证授权","level":"4.4.7","depth":2,"next":{"title":"Kubernetes集群安全性配置最佳实践","level":"4.4.8","depth":2,"path":"guide/kubernetes-security-best-practice.md","ref":"guide/kubernetes-security-best-practice.md","articles":[]},"previous":{"title":"使用kubeconfig或token进行用户身份认证","level":"4.4.6","depth":2,"path":"guide/auth-with-kubeconfig-or-token.md","ref":"guide/auth-with-kubeconfig-or-token.md","articles":[]},"dir":"ltr"},"config":{"plugins":["github","codesnippet","splitter","page-toc-button","image-captions","editlink","back-to-top-button","-lunr","-search","search-plus","github-buttons@2.1.0","favicon@^0.0.2","tbfed-pagefooter@^0.0.1","3-ba","theme-default","-highlight","prism","prism-themes","sitemap-general","lightbox","ga","copy-code-button","alerts"],"styles":{"ebook":"styles/ebook.css","epub":"styles/epub.css","mobi":"styles/mobi.css","pdf":"styles/pdf.css","print":"styles/print.css","website":"styles/website.css"},"pluginsConfig":{"tbfed-pagefooter":{"copyright":"<p><a href=https://time.geekbang.org/column/intro/292?code=EhFrzVKvIro8U06UyaeLCCdmbpk7g010iXprzDxW17I%3D&utm_term=SPoster>给开发者和架构师的云计算指南 - 极客时间专栏《深入浅出云计算》</a> | <a href=https://jimmysong.io/contact/>加入云原生社区</a></p>Copyright © 2017-2020 | Distributed under <a href=https://creativecommons.org/licenses/by-nc-sa/4.0/deed.zh>CC BY 4.0</a> | <a href=https://jimmysong.io>jimmysong.io</a>","modify_label":" Updated at ","modify_format":"YYYY-MM-DD HH:mm:ss"},"prism":{"css":["prism-themes/themes/prism-ghcolors.css"]},"github":{"url":"https://github.com/rootsongjc/kubernetes-handbook"},"editlink":{"label":"编辑本页","multilingual":false,"base":"https://github.com/rootsongjc/kubernetes-handbook/blob/master/"},"splitter":{},"codesnippet":{},"sitemap-general":{"prefix":"https://jimmysong.io/kubernetes-handbook/"},"fontsettings":{"theme":"white","family":"sans","size":2},"favicon":{"shortcut":"favicon.ico","bookmark":"favicon.ico"},"lightbox":{"jquery":true},"page-toc-button":{},"back-to-top-button":{},"prism-themes":{},"alerts":{},"github-buttons":{"repo":"rootsongjc/kubernetes-handbook","types":["star"],"size":"small"},"3-ba":{"configuration":"auto","token":"11f7d254cfa4e0ca44b175c66d379ecc"},"copy-code-button":{},"ga":{"configuration":"auto","token":"UA-93485976-1"},"sharing":{"facebook":true,"twitter":true,"google":false,"weibo":false,"instapaper":false,"vk":false,"all":["facebook","google","twitter","weibo","instapaper"]},"theme-default":{"showLevel":true,"styles":{"ebook":"styles/ebook.css","epub":"styles/epub.css","mobi":"styles/mobi.css","pdf":"styles/pdf.css","print":"styles/print.css","website":"styles/website.css"}},"search-plus":{},"image-captions":{"caption":"图片 - _CAPTION_","variable_name":"_pictures"}},"theme":"default","author":"Jimmy Song(宋净超)","pdf":{"pageNumbers":true,"fontSize":12,"fontFamily":"Arial","paperSize":"a4","chapterMark":"pagebreak","pageBreaksBefore":"/","margin":{"right":62,"left":62,"top":56,"bottom":56}},"structure":{"langs":"LANGS.md","readme":"README.md","glossary":"GLOSSARY.md","summary":"SUMMARY.md"},"variables":{"_pictures":[{"backlink":"index.html#fig1.1.1","level":"1.1","list_caption":"Figure: Stargazers over time","alt":"Stargazers over time","nro":1,"url":"https://starcharts.herokuapp.com/rootsongjc/kubernetes-handbook.svg","index":1,"caption_template":"图片 - _CAPTION_","label":"Stargazers over time","attributes":{},"skip":false,"key":"1.1.1"},{"backlink":"cloud-native/play-with-kubernetes.html#fig2.3.1","level":"2.3","list_caption":"Figure: Play with Kubernetes网页截图","alt":"Play with Kubernetes网页截图","nro":2,"url":"../images/play-with-kubernetes.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"Play with Kubernetes网页截图","attributes":{},"skip":false,"key":"2.3.1"},{"backlink":"cloud-native/cloud-native-local-quick-start.html#fig2.4.1","level":"2.4","list_caption":"Figure: Kubernetes dashboard","alt":"Kubernetes dashboard","nro":3,"url":"https://github.com/rootsongjc/kubernetes-vagrant-centos-cluster/raw/master/images/dashboard-animation.gif","index":1,"caption_template":"图片 - _CAPTION_","label":"Kubernetes dashboard","attributes":{},"skip":false,"key":"2.4.1"},{"backlink":"cloud-native/cloud-native-local-quick-start.html#fig2.4.2","level":"2.4","list_caption":"Figure: Grafana","alt":"Grafana","nro":4,"url":"https://github.com/rootsongjc/kubernetes-vagrant-centos-cluster/raw/master/images/grafana-animation.gif","index":2,"caption_template":"图片 - _CAPTION_","label":"Grafana","attributes":{},"skip":false,"key":"2.4.2"},{"backlink":"cloud-native/cloud-native-local-quick-start.html#fig2.4.3","level":"2.4","list_caption":"Figure: Traefik dashboard","alt":"Traefik dashboard","nro":5,"url":"https://github.com/rootsongjc/kubernetes-vagrant-centos-cluster/raw/master/images/traefik-ingress.gif","index":3,"caption_template":"图片 - _CAPTION_","label":"Traefik dashboard","attributes":{},"skip":false,"key":"2.4.3"},{"backlink":"cloud-native/cloud-native-local-quick-start.html#fig2.4.4","level":"2.4","list_caption":"Figure: bookinfo示例","alt":"bookinfo示例","nro":6,"url":"https://github.com/rootsongjc/kubernetes-vagrant-centos-cluster/raw/master/images/bookinfo-demo.gif","index":4,"caption_template":"图片 - _CAPTION_","label":"bookinfo示例","attributes":{},"skip":false,"key":"2.4.4"},{"backlink":"cloud-native/cloud-native-local-quick-start.html#fig2.4.5","level":"2.4","list_caption":"Figure: vistio视图动画","alt":"vistio视图动画","nro":7,"url":"https://github.com/rootsongjc/kubernetes-vagrant-centos-cluster/raw/master/images/vistio-animation.gif","index":5,"caption_template":"图片 - _CAPTION_","label":"vistio视图动画","attributes":{},"skip":false,"key":"2.4.5"},{"backlink":"cloud-native/cloud-native-local-quick-start.html#fig2.4.6","level":"2.4","list_caption":"Figure: Kiali页面","alt":"Kiali页面","nro":8,"url":"https://github.com/rootsongjc/kubernetes-vagrant-centos-cluster/raw/master/images/kiali.gif","index":6,"caption_template":"图片 - _CAPTION_","label":"Kiali页面","attributes":{},"skip":false,"key":"2.4.6"},{"backlink":"cloud-native/cloud-native-local-quick-start.html#fig2.4.7","level":"2.4","list_caption":"Figure: Scope页面","alt":"Scope页面","nro":9,"url":"https://github.com/rootsongjc/kubernetes-vagrant-centos-cluster/raw/master/images/weave-scope-animation.gif","index":7,"caption_template":"图片 - _CAPTION_","label":"Scope页面","attributes":{},"skip":false,"key":"2.4.7"},{"backlink":"cloud-native/setup-kubernetes-with-rancher-and-aliyun.html#fig2.5.1","level":"2.5","list_caption":"Figure: Rancher 界面","alt":"Rancher 界面","nro":10,"url":"../images/rancher-web.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"Rancher 界面","attributes":{},"skip":false,"key":"2.5.1"},{"backlink":"cloud-native/setup-kubernetes-with-rancher-and-aliyun.html#fig2.5.2","level":"2.5","list_caption":"Figure: 自定义节点信息","alt":"自定义节点信息","nro":11,"url":"../images/rancher-customize-node.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"自定义节点信息","attributes":{},"skip":false,"key":"2.5.2"},{"backlink":"cloud-native/setup-kubernetes-with-rancher-and-aliyun.html#fig2.5.3","level":"2.5","list_caption":"Figure: Rancher 集群监控页面","alt":"Rancher 集群监控页面","nro":12,"url":"../images/rancher-cluster.jpg","index":3,"caption_template":"图片 - _CAPTION_","label":"Rancher 集群监控页面","attributes":{},"skip":false,"key":"2.5.3"},{"backlink":"cloud-native/kubernetes-and-cloud-native-app-overview.html#fig2.6.1","level":"2.6","list_caption":"Figure: 云计算演进历程","alt":"云计算演进历程","nro":13,"url":"../images/cloud-computing-evolution-road.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"云计算演进历程","attributes":{},"skip":false,"key":"2.6.1"},{"backlink":"cloud-native/kubernetes-and-cloud-native-app-overview.html#fig2.6.2","level":"2.6","list_caption":"Figure: 来自Twitter @MarcWilczek","alt":"来自Twitter @MarcWilczek","nro":14,"url":"../images/cloud-native-comes-of-age.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"来自Twitter @MarcWilczek","attributes":{},"skip":false,"key":"2.6.2"},{"backlink":"cloud-native/kubernetes-and-cloud-native-app-overview.html#fig2.6.3","level":"2.6","list_caption":"Figure: Cloud native思维导图","alt":"Cloud native思维导图","nro":15,"url":"../images/cloud-native-architecutre-mindnode.jpg","index":3,"caption_template":"图片 - _CAPTION_","label":"Cloud native思维导图","attributes":{},"skip":false,"key":"2.6.3"},{"backlink":"cloud-native/kubernetes-and-cloud-native-app-overview.html#fig2.6.4","level":"2.6","list_caption":"Figure: 十二因素应用","alt":"十二因素应用","nro":16,"url":"../images/12-factor-app.png","index":4,"caption_template":"图片 - _CAPTION_","label":"十二因素应用","attributes":{},"skip":false,"key":"2.6.4"},{"backlink":"cloud-native/kubernetes-and-cloud-native-app-overview.html#fig2.6.5","level":"2.6","list_caption":"Figure: 容器生态","alt":"容器生态","nro":17,"url":"../images/container-ecosystem.png","index":5,"caption_template":"图片 - _CAPTION_","label":"容器生态","attributes":{},"skip":false,"key":"2.6.5"},{"backlink":"cloud-native/kubernetes-and-cloud-native-app-overview.html#fig2.6.6","level":"2.6","list_caption":"Figure: 使用Jenkins进行持续集成与发布流程图","alt":"使用Jenkins进行持续集成与发布流程图","nro":18,"url":"../images/kubernetes-jenkins-ci-cd.png","index":6,"caption_template":"图片 - _CAPTION_","label":"使用Jenkins进行持续集成与发布流程图","attributes":{},"skip":false,"key":"2.6.6"},{"backlink":"cloud-native/kubernetes-and-cloud-native-app-overview.html#fig2.6.7","level":"2.6","list_caption":"Figure: filebeat日志收集架构图","alt":"filebeat日志收集架构图","nro":19,"url":"../images/filebeat-log-collector-arch.png","index":7,"caption_template":"图片 - _CAPTION_","label":"filebeat日志收集架构图","attributes":{},"skip":false,"key":"2.6.7"},{"backlink":"cloud-native/kubernetes-and-cloud-native-app-overview.html#fig2.6.8","level":"2.6","list_caption":"Figure: API文档","alt":"API文档","nro":20,"url":"../images/k8s-app-monitor-test-api-doc.jpg","index":8,"caption_template":"图片 - _CAPTION_","label":"API文档","attributes":{},"skip":false,"key":"2.6.8"},{"backlink":"cloud-native/kubernetes-and-cloud-native-app-overview.html#fig2.6.9","level":"2.6","list_caption":"Figure: 迁移步骤示意图","alt":"迁移步骤示意图","nro":21,"url":"../images/migrating-hadoop-yarn-to-kubernetes.png","index":9,"caption_template":"图片 - _CAPTION_","label":"迁移步骤示意图","attributes":{},"skip":false,"key":"2.6.9"},{"backlink":"cloud-native/kubernetes-and-cloud-native-app-overview.html#fig2.6.10","level":"2.6","list_caption":"Figure: service mesh架构图","alt":"service mesh架构图","nro":22,"url":"../images/serivce-mesh-control-plane.png","index":10,"caption_template":"图片 - _CAPTION_","label":"service mesh架构图","attributes":{},"skip":false,"key":"2.6.10"},{"backlink":"cloud-native/kubernetes-and-cloud-native-app-overview.html#fig2.6.11","level":"2.6","list_caption":"Figure: kibana界面","alt":"kibana界面","nro":23,"url":"../images/filebeat-docker-test.jpg","index":11,"caption_template":"图片 - _CAPTION_","label":"kibana界面","attributes":{},"skip":false,"key":"2.6.11"},{"backlink":"cloud-native/kubernetes-and-cloud-native-app-overview.html#fig2.6.12","level":"2.6","list_caption":"Figure: Grafana界面示意图1","alt":"Grafana界面示意图1","nro":24,"url":"../images/kubernetes-devops-example-grafana-1.png","index":12,"caption_template":"图片 - _CAPTION_","label":"Grafana界面示意图1","attributes":{},"skip":false,"key":"2.6.12"},{"backlink":"cloud-native/kubernetes-and-cloud-native-app-overview.html#fig2.6.13","level":"2.6","list_caption":"Figure: Grafana界面示意图2","alt":"Grafana界面示意图2","nro":25,"url":"../images/kubernetes-devops-example-grafana-2.png","index":13,"caption_template":"图片 - _CAPTION_","label":"Grafana界面示意图2","attributes":{},"skip":false,"key":"2.6.13"},{"backlink":"cloud-native/kubernetes-and-cloud-native-app-overview.html#fig2.6.14","level":"2.6","list_caption":"Figure: Grafana界面示意图3","alt":"Grafana界面示意图3","nro":26,"url":"../images/kubernetes-devops-example-grafana-3.png","index":14,"caption_template":"图片 - _CAPTION_","label":"Grafana界面示意图3","attributes":{},"skip":false,"key":"2.6.14"},{"backlink":"cloud-native/kubernetes-and-cloud-native-app-overview.html#fig2.6.15","level":"2.6","list_caption":"Figure: dashboard","alt":"dashboard","nro":27,"url":"../images/spark-job-on-kubernetes-example-1.jpg","index":15,"caption_template":"图片 - _CAPTION_","label":"dashboard","attributes":{},"skip":false,"key":"2.6.15"},{"backlink":"cloud-native/kubernetes-and-cloud-native-app-overview.html#fig2.6.16","level":"2.6","list_caption":"Figure: Grafana","alt":"Grafana","nro":28,"url":"../images/spark-job-on-kubernetes-example-2.jpg","index":16,"caption_template":"图片 - _CAPTION_","label":"Grafana","attributes":{},"skip":false,"key":"2.6.16"},{"backlink":"cloud-native/from-kubernetes-to-cloud-native.html#fig2.7.1","level":"2.7","list_caption":"Figure: 容器生态图 Container ecosystem","alt":"容器生态图 Container ecosystem","nro":29,"url":"../images/container-ecosystem.png","index":1,"caption_template":"图片 - _CAPTION_","label":"容器生态图 Container ecosystem","attributes":{},"skip":false,"key":"2.7.1"},{"backlink":"cloud-native/from-kubernetes-to-cloud-native.html#fig2.7.2","level":"2.7","list_caption":"Figure: Kubernetes架构","alt":"Kubernetes架构","nro":30,"url":"../images/kubernetes-high-level-component-archtecture.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"Kubernetes架构","attributes":{},"skip":false,"key":"2.7.2"},{"backlink":"cloud-native/from-kubernetes-to-cloud-native.html#fig2.7.3","level":"2.7","list_caption":"Figure: Cloud Native Core target","alt":"Cloud Native Core target","nro":31,"url":"../images/cloud-native-core-target.jpg","index":3,"caption_template":"图片 - _CAPTION_","label":"Cloud Native Core target","attributes":{},"skip":false,"key":"2.7.3"},{"backlink":"cloud-native/from-kubernetes-to-cloud-native.html#fig2.7.4","level":"2.7","list_caption":"Figure: FaaS Landscape","alt":"FaaS Landscape","nro":32,"url":"../images/redpoint-faas-landscape.jpg","index":4,"caption_template":"图片 - _CAPTION_","label":"FaaS Landscape","attributes":{},"skip":false,"key":"2.7.4"},{"backlink":"cloud-native/from-kubernetes-to-cloud-native.html#fig2.7.5","level":"2.7","list_caption":"Figure: Workloads running on Kubernetes","alt":"Workloads running on Kubernetes","nro":33,"url":"../images/0069RVTdgy1fv5mxr6fxtj31kw11q484.jpg","index":5,"caption_template":"图片 - _CAPTION_","label":"Workloads running on Kubernetes","attributes":{},"skip":false,"key":"2.7.5"},{"backlink":"cloud-native/from-kubernetes-to-cloud-native.html#fig2.7.6","level":"2.7","list_caption":"Figure: Gartner技术爆发趋势图2017","alt":"Gartner技术爆发趋势图2017","nro":34,"url":"../images/0069RVTdgy1fv5my2jtxzj315o0z8dkr.jpg","index":6,"caption_template":"图片 - _CAPTION_","label":"Gartner技术爆发趋势图2017","attributes":{},"skip":false,"key":"2.7.6"},{"backlink":"cloud-native/from-kubernetes-to-cloud-native.html#fig2.7.7","level":"2.7","list_caption":"Figure: Microservices concerns","alt":"Microservices concerns","nro":35,"url":"../images/microservices-concerns.jpg","index":7,"caption_template":"图片 - _CAPTION_","label":"Microservices concerns","attributes":{},"skip":false,"key":"2.7.7"},{"backlink":"cloud-native/from-kubernetes-to-cloud-native.html#fig2.7.8","level":"2.7","list_caption":"Figure: 两种服务发现方式","alt":"两种服务发现方式","nro":36,"url":"../images/service-discovery-in-microservices.png","index":8,"caption_template":"图片 - _CAPTION_","label":"两种服务发现方式","attributes":{},"skip":false,"key":"2.7.8"},{"backlink":"cloud-native/from-kubernetes-to-cloud-native.html#fig2.7.9","level":"2.7","list_caption":"Figure: Cloud Native Features","alt":"Cloud Native Features","nro":37,"url":"https://jimmysong.io/kubernetes-handbook/images/cloud-native-architecutre-mindnode.jpg","index":9,"caption_template":"图片 - _CAPTION_","label":"Cloud Native Features","attributes":{},"skip":false,"key":"2.7.9"},{"backlink":"cloud-native/from-kubernetes-to-cloud-native.html#fig2.7.10","level":"2.7","list_caption":"Figure: Cloud Native Landscape v1.0","alt":"Cloud Native Landscape v1.0","nro":38,"url":"../images/0069RVTdgy1fv5myp6ednj31kw0w0u0x.jpg","index":10,"caption_template":"图片 - _CAPTION_","label":"Cloud Native Landscape v1.0","attributes":{},"skip":false,"key":"2.7.10"},{"backlink":"cloud-native/from-kubernetes-to-cloud-native.html#fig2.7.11","level":"2.7","list_caption":"Figure: Building a Cloud Native Architecture with Kubernetes followed 12 factor app","alt":"Building a Cloud Native Architecture with Kubernetes followed 12 factor app","nro":39,"url":"../images/building-cloud-native-architecture-with-kubernetes.png","index":11,"caption_template":"图片 - _CAPTION_","label":"Building a Cloud Native Architecture with Kubernetes followed 12 factor app","attributes":{},"skip":false,"key":"2.7.11"},{"backlink":"cloud-native/from-kubernetes-to-cloud-native.html#fig2.7.12","level":"2.7","list_caption":"Figure: Creating Kubernetes native app","alt":"Creating Kubernetes native app","nro":40,"url":"../images/creating-kubernetes-native-app.jpg","index":12,"caption_template":"图片 - _CAPTION_","label":"Creating Kubernetes native app","attributes":{},"skip":false,"key":"2.7.12"},{"backlink":"cloud-native/from-kubernetes-to-cloud-native.html#fig2.7.13","level":"2.7","list_caption":"Figure: istio vs linkerd","alt":"istio vs linkerd","nro":41,"url":"../images/istio-vs-linkerd.jpg","index":13,"caption_template":"图片 - _CAPTION_","label":"istio vs linkerd","attributes":{},"skip":false,"key":"2.7.13"},{"backlink":"cloud-native/from-kubernetes-to-cloud-native.html#fig2.7.14","level":"2.7","list_caption":"Figure: Deployment pipeline","alt":"Deployment pipeline","nro":42,"url":"../images/0069RVTdgy1fv5mzj8rj6j318g1ewtfc.jpg","index":14,"caption_template":"图片 - _CAPTION_","label":"Deployment pipeline","attributes":{},"skip":false,"key":"2.7.14"},{"backlink":"cloud-native/from-kubernetes-to-cloud-native.html#fig2.7.15","level":"2.7","list_caption":"Figure: Spark on Kubernetes with different schedulers","alt":"Spark on Kubernetes with different schedulers","nro":43,"url":"../images/spark-on-kubernetes-with-different-schedulers.jpg","index":15,"caption_template":"图片 - _CAPTION_","label":"Spark on Kubernetes with different schedulers","attributes":{},"skip":false,"key":"2.7.15"},{"backlink":"cloud-native/from-kubernetes-to-cloud-native.html#fig2.7.16","level":"2.7","list_caption":"Figure: Kubernetes solutions","alt":"Kubernetes solutions","nro":44,"url":"../images/0069RVTdgy1fv5mzywc83j31fk1i8qg4.jpg","index":16,"caption_template":"图片 - _CAPTION_","label":"Kubernetes solutions","attributes":{},"skip":false,"key":"2.7.16"},{"backlink":"cloud-native/from-kubernetes-to-cloud-native.html#fig2.7.17","level":"2.7","list_caption":"Figure: Kubernetes SIG","alt":"Kubernetes SIG","nro":45,"url":"../images/kubernetes-sigs.jpg","index":17,"caption_template":"图片 - _CAPTION_","label":"Kubernetes SIG","attributes":{},"skip":false,"key":"2.7.17"},{"backlink":"cloud-native/cloud-native-programming-language-ballerina.html#fig2.8.1.1","level":"2.8.1","list_caption":"Figure: 云原生编程语言ballerina","alt":"云原生编程语言ballerina","nro":46,"url":"../images/philosophy-page-diagrams-top.png","index":1,"caption_template":"图片 - _CAPTION_","label":"云原生编程语言ballerina","attributes":{},"skip":false,"key":"2.8.1.1"},{"backlink":"cloud-native/cloud-native-programming-language-ballerina.html#fig2.8.1.2","level":"2.8.1","list_caption":"Figure: 云原生编程语言Ballerina的序列图设计理念","alt":"云原生编程语言Ballerina的序列图设计理念","nro":47,"url":"../images/philosophy-principle-diagrams-01.png","index":2,"caption_template":"图片 - _CAPTION_","label":"云原生编程语言Ballerina的序列图设计理念","attributes":{},"skip":false,"key":"2.8.1.2"},{"backlink":"cloud-native/cloud-native-programming-language-ballerina.html#fig2.8.1.3","level":"2.8.1","list_caption":"Figure: 云原生编程语言Ballerina的并发理念","alt":"云原生编程语言Ballerina的并发理念","nro":48,"url":"../images/philosophy-principle-diagrams-02.png","index":3,"caption_template":"图片 - _CAPTION_","label":"云原生编程语言Ballerina的并发理念","attributes":{},"skip":false,"key":"2.8.1.3"},{"backlink":"cloud-native/cloud-native-programming-language-ballerina.html#fig2.8.1.4","level":"2.8.1","list_caption":"Figure: 云原生编程语言ballerina运行时架构","alt":"云原生编程语言ballerina运行时架构","nro":49,"url":"../images/philosophy-diagrams-for-site-02.png","index":4,"caption_template":"图片 - _CAPTION_","label":"云原生编程语言ballerina运行时架构","attributes":{},"skip":false,"key":"2.8.1.4"},{"backlink":"cloud-native/cloud-native-programming-language-ballerina.html#fig2.8.1.5","level":"2.8.1","list_caption":"Figure: 云原生编程语言ballerina部署架构图","alt":"云原生编程语言ballerina部署架构图","nro":50,"url":"../images/philosophy-diagrams-for-site-03.png","index":5,"caption_template":"图片 - _CAPTION_","label":"云原生编程语言ballerina部署架构图","attributes":{},"skip":false,"key":"2.8.1.5"},{"backlink":"cloud-native/cloud-native-programming-language-ballerina.html#fig2.8.1.6","level":"2.8.1","list_caption":"Figure: 云原生编程语言ballerina生命周期架构图","alt":"云原生编程语言ballerina生命周期架构图","nro":51,"url":"../images/philosophy-diagrams-for-site-04.png","index":6,"caption_template":"图片 - _CAPTION_","label":"云原生编程语言ballerina生命周期架构图","attributes":{},"skip":false,"key":"2.8.1.6"},{"backlink":"cloud-native/cloud-native-programming-language-pulumi.html#fig2.8.2.1","level":"2.8.2","list_caption":"Figure: 云原生编程语言Pulumi","alt":"云原生编程语言Pulumi","nro":52,"url":"../images/00704eQkgy1fsm4v0a6qwj30xc0m8t9d.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"云原生编程语言Pulumi","attributes":{},"skip":false,"key":"2.8.2.1"},{"backlink":"cloud-native/the-future-of-cloud-native.html#fig2.9.1","level":"2.9","list_caption":"Figure: Kubernetes 云原生的操作系统","alt":"Kubernetes 云原生的操作系统","nro":53,"url":"../images/00704eQkgy1frr4z08j6oj31p20w2n6n.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"Kubernetes 云原生的操作系统","attributes":{},"skip":false,"key":"2.9.1"},{"backlink":"cloud-native/the-future-of-cloud-native.html#fig2.9.2","level":"2.9","list_caption":"Figure: 操作系统层次","alt":"操作系统层次","nro":54,"url":"../images/00704eQkgy1frr52hl4eaj31qy15en74.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"操作系统层次","attributes":{},"skip":false,"key":"2.9.2"},{"backlink":"cloud-native/the-future-of-cloud-native.html#fig2.9.3","level":"2.9","list_caption":"Figure: 云原生景观图","alt":"云原生景观图","nro":55,"url":"../images/00704eQkgy1frr53j3aiuj32fs1dc7wi.jpg","index":3,"caption_template":"图片 - _CAPTION_","label":"云原生景观图","attributes":{},"skip":false,"key":"2.9.3"},{"backlink":"cloud-native/the-future-of-cloud-native.html#fig2.9.4","level":"2.9","list_caption":"Figure: KubeVirt架构图","alt":"KubeVirt架构图","nro":56,"url":"../images/00704eQkgy1frr54de5oyj31qw14qn2x.jpg","index":4,"caption_template":"图片 - _CAPTION_","label":"KubeVirt架构图","attributes":{},"skip":false,"key":"2.9.4"},{"backlink":"cloud-native/the-future-of-cloud-native.html#fig2.9.5","level":"2.9","list_caption":"Figure: Kubernetes中的资源隔离","alt":"Kubernetes中的资源隔离","nro":57,"url":"../images/00704eQkgy1frr54ztql2j329q0zwwlf.jpg","index":5,"caption_template":"图片 - _CAPTION_","label":"Kubernetes中的资源隔离","attributes":{},"skip":false,"key":"2.9.5"},{"backlink":"cloud-native/the-future-of-cloud-native.html#fig2.9.6","level":"2.9","list_caption":"Figure: OpenEBS 控制平面架构","alt":"OpenEBS 控制平面架构","nro":58,"url":"../images/00704eQkgy1frr56m7z2sj31y010y17y.jpg","index":6,"caption_template":"图片 - _CAPTION_","label":"OpenEBS 控制平面架构","attributes":{},"skip":false,"key":"2.9.6"},{"backlink":"cloud-native/the-future-of-cloud-native.html#fig2.9.7","level":"2.9","list_caption":"Figure: OpenEBS 的存储卷管理","alt":"OpenEBS 的存储卷管理","nro":59,"url":"../images/00704eQkgy1frr57nm2mnj31xk11qqej.jpg","index":7,"caption_template":"图片 - _CAPTION_","label":"OpenEBS 的存储卷管理","attributes":{},"skip":false,"key":"2.9.7"},{"backlink":"cloud-native/the-future-of-cloud-native.html#fig2.9.8","level":"2.9","list_caption":"Figure: Hadoop YARN 迁移到 Kubernetes的示例","alt":"Hadoop YARN 迁移到 Kubernetes的示例","nro":60,"url":"../images/00704eQkgy1frr58ebf2lj323o11219r.jpg","index":8,"caption_template":"图片 - _CAPTION_","label":"Hadoop YARN 迁移到 Kubernetes的示例","attributes":{},"skip":false,"key":"2.9.8"},{"backlink":"cloud-native/the-future-of-cloud-native.html#fig2.9.9","level":"2.9","list_caption":"Figure: Spark on Yarn with Kubernetes","alt":"Spark on Yarn with Kubernetes","nro":61,"url":"../images/00704eQkgy1frr59gzzwsj32gg16k4qp.jpg","index":9,"caption_template":"图片 - _CAPTION_","label":"Spark on Yarn with Kubernetes","attributes":{},"skip":false,"key":"2.9.9"},{"backlink":"cloud-native/the-future-of-cloud-native.html#fig2.9.10","level":"2.9","list_caption":"Figure: 云原生与12因素应用","alt":"云原生与12因素应用","nro":62,"url":"../images/00704eQkgy1frr5arzvetj31no12mdre.jpg","index":10,"caption_template":"图片 - _CAPTION_","label":"云原生与12因素应用","attributes":{},"skip":false,"key":"2.9.10"},{"backlink":"cloud-native/the-future-of-cloud-native.html#fig2.9.11","level":"2.9","list_caption":"Figure: 云原生编程语言","alt":"云原生编程语言","nro":63,"url":"../images/00704eQkgy1frr5c8bwmtj31ou152qc3.jpg","index":11,"caption_template":"图片 - _CAPTION_","label":"云原生编程语言","attributes":{},"skip":false,"key":"2.9.11"},{"backlink":"cloud-native/the-future-of-cloud-native.html#fig2.9.12","level":"2.9","list_caption":"Figure: Gitkube","alt":"Gitkube","nro":64,"url":"../images/00704eQkgy1frr5bulhuhj329m10iwua.jpg","index":12,"caption_template":"图片 - _CAPTION_","label":"Gitkube","attributes":{},"skip":false,"key":"2.9.12"},{"backlink":"cloud-native/the-future-of-cloud-native.html#fig2.9.13","level":"2.9","list_caption":"Figure: Kuberentes中的流量管理","alt":"Kuberentes中的流量管理","nro":65,"url":"../images/00704eQkgy1frr5dsurx6j320i140tpf.jpg","index":13,"caption_template":"图片 - _CAPTION_","label":"Kuberentes中的流量管理","attributes":{},"skip":false,"key":"2.9.13"},{"backlink":"cloud-native/the-future-of-cloud-native.html#fig2.9.14","level":"2.9","list_caption":"Figure: Istio Service Mesh架构图","alt":"Istio Service Mesh架构图","nro":66,"url":"../images/00704eQkgy1frr5exqm7kj320u18mh2t.jpg","index":14,"caption_template":"图片 - _CAPTION_","label":"Istio Service Mesh架构图","attributes":{},"skip":false,"key":"2.9.14"},{"backlink":"cloud-native/the-future-of-cloud-native.html#fig2.9.15","level":"2.9","list_caption":"Figure: Service Mesh架构","alt":"Service Mesh架构","nro":67,"url":"../images/00704eQkgy1frr5fxzoltj32f81akqr2.jpg","index":15,"caption_template":"图片 - _CAPTION_","label":"Service Mesh架构","attributes":{},"skip":false,"key":"2.9.15"},{"backlink":"cloud-native/the-future-of-cloud-native.html#fig2.9.16","level":"2.9","list_caption":"Figure: Envoy proxy架构图","alt":"Envoy proxy架构图","nro":68,"url":"../images/envoy-arch.png","index":16,"caption_template":"图片 - _CAPTION_","label":"Envoy proxy架构图","attributes":{},"skip":false,"key":"2.9.16"},{"backlink":"concepts/index.html#fig3.1.1","level":"3.1","list_caption":"Figure: Borg架构","alt":"Borg架构","nro":69,"url":"../images/borg.png","index":1,"caption_template":"图片 - _CAPTION_","label":"Borg架构","attributes":{},"skip":false,"key":"3.1.1"},{"backlink":"concepts/index.html#fig3.1.2","level":"3.1","list_caption":"Figure: Kubernetes架构","alt":"Kubernetes架构","nro":70,"url":"../images/architecture.png","index":2,"caption_template":"图片 - _CAPTION_","label":"Kubernetes架构","attributes":{},"skip":false,"key":"3.1.2"},{"backlink":"concepts/index.html#fig3.1.3","level":"3.1","list_caption":"Figure: Kuberentes架构(图片来自于网络)","alt":"Kuberentes架构(图片来自于网络)","nro":71,"url":"../images/kubernetes-high-level-component-archtecture.jpg","index":3,"caption_template":"图片 - _CAPTION_","label":"Kuberentes架构(图片来自于网络)","attributes":{},"skip":false,"key":"3.1.3"},{"backlink":"concepts/index.html#fig3.1.4","level":"3.1","list_caption":"Figure: kubernetes整体架构示意图","alt":"kubernetes整体架构示意图","nro":72,"url":"../images/kubernetes-whole-arch.png","index":4,"caption_template":"图片 - _CAPTION_","label":"kubernetes整体架构示意图","attributes":{},"skip":false,"key":"3.1.4"},{"backlink":"concepts/index.html#fig3.1.5","level":"3.1","list_caption":"Figure: Kubernetes master架构示意图","alt":"Kubernetes master架构示意图","nro":73,"url":"../images/kubernetes-master-arch.png","index":5,"caption_template":"图片 - _CAPTION_","label":"Kubernetes master架构示意图","attributes":{},"skip":false,"key":"3.1.5"},{"backlink":"concepts/index.html#fig3.1.6","level":"3.1","list_caption":"Figure: kubernetes node架构示意图","alt":"kubernetes node架构示意图","nro":74,"url":"../images/kubernetes-node-arch.png","index":6,"caption_template":"图片 - _CAPTION_","label":"kubernetes node架构示意图","attributes":{},"skip":false,"key":"3.1.6"},{"backlink":"concepts/index.html#fig3.1.7","level":"3.1","list_caption":"Figure: Kubernetes分层架构示意图","alt":"Kubernetes分层架构示意图","nro":75,"url":"../images/kubernetes-layers-arch.png","index":7,"caption_template":"图片 - _CAPTION_","label":"Kubernetes分层架构示意图","attributes":{},"skip":false,"key":"3.1.7"},{"backlink":"concepts/concepts.html#fig3.1.1.1","level":"3.1.1","list_caption":"Figure: Kubernetes 分层架构示意图","alt":"Kubernetes 分层架构示意图","nro":76,"url":"../images/006tNc79ly1fzniqvmi51j31gq0s0q5u.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"Kubernetes 分层架构示意图","attributes":{},"skip":false,"key":"3.1.1.1"},{"backlink":"concepts/open-interfaces.html#fig3.1.3.1","level":"3.1.3","list_caption":"Figure: 开放接口","alt":"开放接口","nro":77,"url":"../images/open-interfaces.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"开放接口","attributes":{},"skip":false,"key":"3.1.3.1"},{"backlink":"concepts/cri.html#fig3.1.3.1.1","level":"3.1.3.1","list_caption":"Figure: CRI架构-图片来自kubernetes blog","alt":"CRI架构-图片来自kubernetes blog","nro":78,"url":"../images/cri-architecture.png","index":1,"caption_template":"图片 - _CAPTION_","label":"CRI架构-图片来自kubernetes blog","attributes":{},"skip":false,"key":"3.1.3.1.1"},{"backlink":"concepts/flannel.html#fig3.2.1.1","level":"3.2.1","list_caption":"Figure: flannel网络架构(图片来自openshift)","alt":"flannel网络架构(图片来自openshift)","nro":79,"url":"../images/flannel-networking.png","index":1,"caption_template":"图片 - _CAPTION_","label":"flannel网络架构(图片来自openshift)","attributes":{},"skip":false,"key":"3.2.1.1"},{"backlink":"concepts/calico.html#fig3.2.2.1","level":"3.2.2","list_caption":"Figure: Calico","alt":"Calico","nro":80,"url":"../images/006tNc79gy1fz65bt7ieej30c90bsgn2.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"Calico","attributes":{},"skip":false,"key":"3.2.2.1"},{"backlink":"concepts/calico.html#fig3.2.2.2","level":"3.2.2","list_caption":"Figure: CRI架构-图片来自https://www.jianshu.com/p/f0177b84de66","alt":"CRI架构-图片来自https://www.jianshu.com/p/f0177b84de66","nro":81,"url":"../images/calico.png","index":2,"caption_template":"图片 - _CAPTION_","label":"CRI架构-图片来自https://www.jianshu.com/p/f0177b84de66","attributes":{},"skip":false,"key":"3.2.2.2"},{"backlink":"concepts/cilium.html#fig3.2.3.1","level":"3.2.3","list_caption":"Figure: Cilium","alt":"Cilium","nro":82,"url":"../images/006tNbRwly1fwqi98i51ij30sc0j80zn.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"Cilium","attributes":{},"skip":false,"key":"3.2.3.1"},{"backlink":"concepts/cilium-concepts.html#fig3.2.3.1.1","level":"3.2.3.1","list_caption":"Figure: Cilium 组件(来自 Cilium 官网)","alt":"Cilium 组件(来自 Cilium 官网)","nro":83,"url":"../images/006tNbRwly1fwztvhg0gmj318z143tdv.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"Cilium 组件(来自 Cilium 官网)","attributes":{},"skip":false,"key":"3.2.3.1.1"},{"backlink":"concepts/cilium-concepts.html#fig3.2.3.1.2","level":"3.2.3.1","list_caption":"Figure: Cilium 网络配置策略","alt":"Cilium 网络配置策略","nro":84,"url":"../images/006tNbRwly1fwzreaalj6j30dz0dy3z3.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"Cilium 网络配置策略","attributes":{},"skip":false,"key":"3.2.3.1.2"},{"backlink":"concepts/pod-overview.html#fig3.4.1.1","level":"3.4.1","list_caption":"Figure: pod diagram","alt":"pod diagram","nro":85,"url":"../images/pod-overview.png","index":1,"caption_template":"图片 - _CAPTION_","label":"pod diagram","attributes":{},"skip":false,"key":"3.4.1.1"},{"backlink":"concepts/pod.html#fig3.4.2.1","level":"3.4.2","list_caption":"Figure: Pod示意图","alt":"Pod示意图","nro":86,"url":"../images/pod-overview.png","index":1,"caption_template":"图片 - _CAPTION_","label":"Pod示意图","attributes":{},"skip":false,"key":"3.4.2.1"},{"backlink":"concepts/pod.html#fig3.4.2.2","level":"3.4.2","list_caption":"Figure: Pod Cheatsheet","alt":"Pod Cheatsheet","nro":87,"url":"../images/kubernetes-pod-cheatsheet.png","index":2,"caption_template":"图片 - _CAPTION_","label":"Pod Cheatsheet","attributes":{},"skip":false,"key":"3.4.2.2"},{"backlink":"concepts/pause-container.html#fig3.4.4.1","level":"3.4.4","list_caption":"Figure: Pause容器","alt":"Pause容器","nro":88,"url":"../images/pause-container.png","index":1,"caption_template":"图片 - _CAPTION_","label":"Pause容器","attributes":{},"skip":false,"key":"3.4.4.1"},{"backlink":"concepts/pod-lifecycle.html#fig3.4.6.1","level":"3.4.6","list_caption":"Figure: Pod的生命周期示意图(图片来自网络)","alt":"Pod的生命周期示意图(图片来自网络)","nro":89,"url":"../images/kubernetes-pod-life-cycle.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"Pod的生命周期示意图(图片来自网络)","attributes":{},"skip":false,"key":"3.4.6.1"},{"backlink":"concepts/label.html#fig3.5.3.1","level":"3.5.3","list_caption":"Figure: label示意图","alt":"label示意图","nro":90,"url":"../images/labels.png","index":1,"caption_template":"图片 - _CAPTION_","label":"label示意图","attributes":{},"skip":false,"key":"3.5.3.1"},{"backlink":"concepts/deployment.html#fig3.6.1.1","level":"3.6.1","list_caption":"Figure: kubernetes deployment cheatsheet","alt":"kubernetes deployment cheatsheet","nro":91,"url":"../images/deployment-cheatsheet.png","index":1,"caption_template":"图片 - _CAPTION_","label":"kubernetes deployment cheatsheet","attributes":{},"skip":false,"key":"3.6.1.1"},{"backlink":"concepts/horizontal-pod-autoscaling.html#fig3.6.7.1","level":"3.6.7","list_caption":"Figure: horizontal-pod-autoscaler","alt":"horizontal-pod-autoscaler","nro":92,"url":"../images/horizontal-pod-autoscaler.png","index":1,"caption_template":"图片 - _CAPTION_","label":"horizontal-pod-autoscaler","attributes":{},"skip":false,"key":"3.6.7.1"},{"backlink":"concepts/service.html#fig3.7.1.1","level":"3.7.1","list_caption":"Figure: userspace代理模式下Service概览图","alt":"userspace代理模式下Service概览图","nro":93,"url":"../images/services-userspace-overview.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"userspace代理模式下Service概览图","attributes":{},"skip":false,"key":"3.7.1.1"},{"backlink":"concepts/service.html#fig3.7.1.2","level":"3.7.1","list_caption":"Figure: iptables代理模式下Service概览图","alt":"iptables代理模式下Service概览图","nro":94,"url":"../images/services-iptables-overview.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"iptables代理模式下Service概览图","attributes":{},"skip":false,"key":"3.7.1.2"},{"backlink":"concepts/service.html#fig3.7.1.3","level":"3.7.1","list_caption":"Figure: ipvs代理模式下Service概览图","alt":"ipvs代理模式下Service概览图","nro":95,"url":"../images/service-ipvs-overview.png","index":3,"caption_template":"图片 - _CAPTION_","label":"ipvs代理模式下Service概览图","attributes":{},"skip":false,"key":"3.7.1.3"},{"backlink":"concepts/service-catalog.html#fig3.10.5.1","level":"3.10.5","list_caption":"Figure: Service Catalog Architecture","alt":"Service Catalog Architecture","nro":96,"url":"../images/service-catalog-architecture.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"Service Catalog Architecture","attributes":{},"skip":false,"key":"3.10.5.1"},{"backlink":"concepts/service-catalog.html#fig3.10.5.2","level":"3.10.5","list_caption":"Figure: List Services","alt":"List Services","nro":97,"url":"../images/service-catalog-list.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"List Services","attributes":{},"skip":false,"key":"3.10.5.2"},{"backlink":"concepts/service-catalog.html#fig3.10.5.3","level":"3.10.5","list_caption":"Figure: Provision a Service","alt":"Provision a Service","nro":98,"url":"../images/service-catalog-provision.jpg","index":3,"caption_template":"图片 - _CAPTION_","label":"Provision a Service","attributes":{},"skip":false,"key":"3.10.5.3"},{"backlink":"concepts/service-catalog.html#fig3.10.5.4","level":"3.10.5","list_caption":"Figure: Bind to a managed service","alt":"Bind to a managed service","nro":99,"url":"../images/service-catalog-bind.jpg","index":4,"caption_template":"图片 - _CAPTION_","label":"Bind to a managed service","attributes":{},"skip":false,"key":"3.10.5.4"},{"backlink":"concepts/service-catalog.html#fig3.10.5.5","level":"3.10.5","list_caption":"Figure: Map connection credentials","alt":"Map connection credentials","nro":100,"url":"../images/service-catalog-map.jpg","index":5,"caption_template":"图片 - _CAPTION_","label":"Map connection credentials","attributes":{},"skip":false,"key":"3.10.5.5"},{"backlink":"guide/using-kubectl.html#fig4.3.2.1","level":"4.3.2","list_caption":"Figure: kubectl cheatsheet","alt":"kubectl cheatsheet","nro":101,"url":"../images/kubernetes-kubectl-cheatsheet.png","index":1,"caption_template":"图片 - _CAPTION_","label":"kubectl cheatsheet","attributes":{},"skip":false,"key":"4.3.2.1"},{"backlink":"guide/using-kubectl.html#fig4.3.2.2","level":"4.3.2","list_caption":"Figure: 增加kubeclt命令的工具(图片来自网络)","alt":"增加kubeclt命令的工具(图片来自网络)","nro":102,"url":"../images/tools-to-supercharge-kubectl.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"增加kubeclt命令的工具(图片来自网络)","attributes":{},"skip":false,"key":"4.3.2.2"},{"backlink":"guide/using-kubectl.html#fig4.3.2.3","level":"4.3.2","list_caption":"Figure: 增强的kubectl命令","alt":"增强的kubectl命令","nro":103,"url":"../images/supercharged-kubectl.jpg","index":3,"caption_template":"图片 - _CAPTION_","label":"增强的kubectl命令","attributes":{},"skip":false,"key":"4.3.2.3"},{"backlink":"guide/using-kubectl.html#fig4.3.2.4","level":"4.3.2","list_caption":"Figure: kube-shell页面","alt":"kube-shell页面","nro":104,"url":"../images/kube-shell.jpg","index":4,"caption_template":"图片 - _CAPTION_","label":"kube-shell页面","attributes":{},"skip":false,"key":"4.3.2.4"},{"backlink":"guide/ip-masq-agent.html#fig4.4.5.1","level":"4.4.5","list_caption":"Figure: IP伪装代理示意图","alt":"IP伪装代理示意图","nro":105,"url":"../images/ip-masq.png","index":1,"caption_template":"图片 - _CAPTION_","label":"IP伪装代理示意图","attributes":{},"skip":false,"key":"4.4.5.1"},{"backlink":"guide/auth-with-kubeconfig-or-token.html#fig4.4.6.1","level":"4.4.6","list_caption":"Figure: kubeconfig文件","alt":"kubeconfig文件","nro":106,"url":"../images/brand-kubeconfig-yaml.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"kubeconfig文件","attributes":{},"skip":false,"key":"4.4.6.1"},{"backlink":"guide/authentication.html#fig4.4.7.1","level":"4.4.7","list_caption":"Figure: Kubernetes OpenID Connect Flow","alt":"Kubernetes OpenID Connect Flow","nro":107,"url":"../images/kubernetes-oidc-login.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"Kubernetes OpenID Connect Flow","attributes":{},"skip":false,"key":"4.4.7.1"},{"backlink":"guide/cabin-mobile-dashboard-for-kubernetes.html#fig4.5.6.1","level":"4.5.6","list_caption":"Figure: App Store","alt":"App Store","nro":108,"url":"../images/cabin-kubernetes-mobile-dashboard-1.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"App Store","attributes":{},"skip":false,"key":"4.5.6.1"},{"backlink":"guide/cabin-mobile-dashboard-for-kubernetes.html#fig4.5.6.2","level":"4.5.6","list_caption":"Figure: 在手机上操作Kubernetes集群","alt":"在手机上操作Kubernetes集群","nro":109,"url":"../images/cabin-kubernetes-mobile-dashboard-4.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"在手机上操作Kubernetes集群","attributes":{},"skip":false,"key":"4.5.6.2"},{"backlink":"guide/kubernetes-desktop-client.html#fig4.5.7.1","level":"4.5.7","list_caption":"Figure: Kubernetic客户端","alt":"Kubernetic客户端","nro":110,"url":"../images/kubernetic-desktop-ui.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"Kubernetic客户端","attributes":{},"skip":false,"key":"4.5.7.1"},{"backlink":"guide/kubernator-kubernetes-ui.html#fig4.5.8.1","level":"4.5.8","list_caption":"Figure: Kubernator catalog页面","alt":"Kubernator catalog页面","nro":111,"url":"../images/kubernator-catalog.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"Kubernator catalog页面","attributes":{},"skip":false,"key":"4.5.8.1"},{"backlink":"guide/kubernator-kubernetes-ui.html#fig4.5.8.2","level":"4.5.8","list_caption":"Figure: Kubernator rbac页面","alt":"Kubernator rbac页面","nro":112,"url":"../images/kubernator-rbac.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"Kubernator rbac页面","attributes":{},"skip":false,"key":"4.5.8.2"},{"backlink":"guide/deploy-applications-in-kubernetes.html#fig4.6.1.1","level":"4.6.1","list_caption":"Figure: 流程图","alt":"流程图","nro":113,"url":"../images/how-to-use-kubernetes-with-istio.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"流程图","attributes":{},"skip":false,"key":"4.6.1.1"},{"backlink":"guide/deploy-applications-in-kubernetes.html#fig4.6.1.2","level":"4.6.1","list_caption":"Figure: API","alt":"API","nro":114,"url":"../images/k8s-app-monitor-test-api-doc.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"API","attributes":{},"skip":false,"key":"4.6.1.2"},{"backlink":"guide/deploy-applications-in-kubernetes.html#fig4.6.1.3","level":"4.6.1","list_caption":"Figure: wercker构建页面","alt":"wercker构建页面","nro":115,"url":"../images/k8s-app-monitor-agent-wercker.jpg","index":3,"caption_template":"图片 - _CAPTION_","label":"wercker构建页面","attributes":{},"skip":false,"key":"4.6.1.3"},{"backlink":"guide/deploy-applications-in-kubernetes.html#fig4.6.1.4","level":"4.6.1","list_caption":"Figure: 图表","alt":"图表","nro":116,"url":"../images/k8s-app-monitor-agent.jpg","index":4,"caption_template":"图片 - _CAPTION_","label":"图表","attributes":{},"skip":false,"key":"4.6.1.4"},{"backlink":"guide/deploy-applications-in-kubernetes.html#fig4.6.1.5","level":"4.6.1","list_caption":"Figure: Grafana页面","alt":"Grafana页面","nro":117,"url":"../images/k8s-app-monitor-istio-grafana.png","index":5,"caption_template":"图片 - _CAPTION_","label":"Grafana页面","attributes":{},"skip":false,"key":"4.6.1.5"},{"backlink":"guide/deploy-applications-in-kubernetes.html#fig4.6.1.6","level":"4.6.1","list_caption":"Figure: servicegraph页面","alt":"servicegraph页面","nro":118,"url":"../images/k8s-app-monitor-istio-servicegraph-dotviz.png","index":6,"caption_template":"图片 - _CAPTION_","label":"servicegraph页面","attributes":{},"skip":false,"key":"4.6.1.6"},{"backlink":"guide/deploy-applications-in-kubernetes.html#fig4.6.1.7","level":"4.6.1","list_caption":"Figure: Zipkin页面","alt":"Zipkin页面","nro":119,"url":"../images/k8s-app-monitor-istio-zipkin.png","index":7,"caption_template":"图片 - _CAPTION_","label":"Zipkin页面","attributes":{},"skip":false,"key":"4.6.1.7"},{"backlink":"guide/migrating-hadoop-yarn-to-kubernetes.html#fig4.6.2.1","level":"4.6.2","list_caption":"Figure: 将单体应用迁移到云原生(图片来自DevOpsDay Toronto)","alt":"将单体应用迁移到云原生(图片来自DevOpsDay Toronto)","nro":120,"url":"../images/migrating-monolith-to-kubernetes.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"将单体应用迁移到云原生(图片来自DevOpsDay Toronto)","attributes":{},"skip":false,"key":"4.6.2.1"},{"backlink":"guide/migrating-hadoop-yarn-to-kubernetes.html#fig4.6.2.2","level":"4.6.2","list_caption":"Figure: spark on yarn with kubernetes","alt":"spark on yarn with kubernetes","nro":121,"url":"../images/spark-on-yarn-with-kubernetes.png","index":2,"caption_template":"图片 - _CAPTION_","label":"spark on yarn with kubernetes","attributes":{},"skip":false,"key":"4.6.2.2"},{"backlink":"guide/migrating-hadoop-yarn-to-kubernetes.html#fig4.6.2.3","level":"4.6.2","list_caption":"Figure: Terms","alt":"Terms","nro":122,"url":"../images/terms-in-kubernetes-app-deployment.png","index":3,"caption_template":"图片 - _CAPTION_","label":"Terms","attributes":{},"skip":false,"key":"4.6.2.3"},{"backlink":"guide/migrating-hadoop-yarn-to-kubernetes.html#fig4.6.2.4","level":"4.6.2","list_caption":"Figure: 分解步骤解析","alt":"分解步骤解析","nro":123,"url":"../images/migrating-hadoop-yarn-to-kubernetes.png","index":4,"caption_template":"图片 - _CAPTION_","label":"分解步骤解析","attributes":{},"skip":false,"key":"4.6.2.4"},{"backlink":"practice/node-installation.html#fig5.2.7.1","level":"5.2.7","list_caption":"Figure: nginx欢迎页面","alt":"nginx欢迎页面","nro":124,"url":"../images/kubernetes-installation-test-nginx.png","index":1,"caption_template":"图片 - _CAPTION_","label":"nginx欢迎页面","attributes":{},"skip":false,"key":"5.2.7.1"},{"backlink":"practice/dashboard-addon-installation.html#fig5.2.9.1","level":"5.2.9","list_caption":"Figure: kubernetes dashboard","alt":"kubernetes dashboard","nro":125,"url":"../images/kubernetes-dashboard-raw.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"kubernetes dashboard","attributes":{},"skip":false,"key":"5.2.9.1"},{"backlink":"practice/dashboard-addon-installation.html#fig5.2.9.2","level":"5.2.9","list_caption":"Figure: V1.6.3版本的dashboard界面","alt":"V1.6.3版本的dashboard界面","nro":126,"url":"../images/dashboard-v163.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"V1.6.3版本的dashboard界面","attributes":{},"skip":false,"key":"5.2.9.2"},{"backlink":"practice/dashboard-addon-installation.html#fig5.2.9.3","level":"5.2.9","list_caption":"Figure: pod无法正常启动","alt":"pod无法正常启动","nro":127,"url":"../images/dashboard-addon-installation001.png","index":3,"caption_template":"图片 - _CAPTION_","label":"pod无法正常启动","attributes":{},"skip":false,"key":"5.2.9.3"},{"backlink":"practice/heapster-addon-installation.html#fig5.2.10.1","level":"5.2.10","list_caption":"Figure: dashboard-heapster","alt":"dashboard-heapster","nro":128,"url":"../images/kubernetes-dashboard-with-heapster.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"dashboard-heapster","attributes":{},"skip":false,"key":"5.2.10.1"},{"backlink":"practice/heapster-addon-installation.html#fig5.2.10.2","level":"5.2.10","list_caption":"Figure: grafana","alt":"grafana","nro":129,"url":"../images/kubernetes-heapster-grafana.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"grafana","attributes":{},"skip":false,"key":"5.2.10.2"},{"backlink":"practice/heapster-addon-installation.html#fig5.2.10.3","level":"5.2.10","list_caption":"Figure: kubernetes-influxdb-heapster","alt":"kubernetes-influxdb-heapster","nro":130,"url":"../images/kubernetes-influxdb-heapster.jpg","index":3,"caption_template":"图片 - _CAPTION_","label":"kubernetes-influxdb-heapster","attributes":{},"skip":false,"key":"5.2.10.3"},{"backlink":"practice/heapster-addon-installation.html#fig5.2.10.4","level":"5.2.10","list_caption":"Figure: 修改grafana模板","alt":"修改grafana模板","nro":131,"url":"../images/grafana-dashboard-setting.jpg","index":4,"caption_template":"图片 - _CAPTION_","label":"修改grafana模板","attributes":{},"skip":false,"key":"5.2.10.4"},{"backlink":"practice/efk-addon-installation.html#fig5.2.11.1","level":"5.2.11","list_caption":"Figure: es-setting","alt":"es-setting","nro":132,"url":"../images/es-setting.png","index":1,"caption_template":"图片 - _CAPTION_","label":"es-setting","attributes":{},"skip":false,"key":"5.2.11.1"},{"backlink":"practice/efk-addon-installation.html#fig5.2.11.2","level":"5.2.11","list_caption":"Figure: es-home","alt":"es-home","nro":133,"url":"../images/kubernetes-efk-kibana.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"es-home","attributes":{},"skip":false,"key":"5.2.11.2"},{"backlink":"practice/traefik-ingress-installation.html#fig5.4.1.1","level":"5.4.1","list_caption":"Figure: kubernetes-dashboard","alt":"kubernetes-dashboard","nro":134,"url":"../images/traefik-dashboard.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"kubernetes-dashboard","attributes":{},"skip":false,"key":"5.4.1.1"},{"backlink":"practice/traefik-ingress-installation.html#fig5.4.1.2","level":"5.4.1","list_caption":"Figure: traefik-nginx","alt":"traefik-nginx","nro":135,"url":"../images/traefik-nginx.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"traefik-nginx","attributes":{},"skip":false,"key":"5.4.1.2"},{"backlink":"practice/traefik-ingress-installation.html#fig5.4.1.3","level":"5.4.1","list_caption":"Figure: traefik-guestbook","alt":"traefik-guestbook","nro":136,"url":"../images/traefik-guestbook.jpg","index":3,"caption_template":"图片 - _CAPTION_","label":"traefik-guestbook","attributes":{},"skip":false,"key":"5.4.1.3"},{"backlink":"practice/distributed-load-test.html#fig5.4.2.1","level":"5.4.2","list_caption":"Figure: 使用dashboard来扩容","alt":"使用dashboard来扩容","nro":137,"url":"../images/dashbaord-scale.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"使用dashboard来扩容","attributes":{},"skip":false,"key":"5.4.2.1"},{"backlink":"practice/distributed-load-test.html#fig5.4.2.2","level":"5.4.2","list_caption":"Figure: Traefik的UI","alt":"Traefik的UI","nro":138,"url":"../images/traefik-dashboard-locust.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"Traefik的UI","attributes":{},"skip":false,"key":"5.4.2.2"},{"backlink":"practice/distributed-load-test.html#fig5.4.2.3","level":"5.4.2","list_caption":"Figure: Locust启动界面","alt":"Locust启动界面","nro":139,"url":"../images/locust-start-swarming.jpg","index":3,"caption_template":"图片 - _CAPTION_","label":"Locust启动界面","attributes":{},"skip":false,"key":"5.4.2.3"},{"backlink":"practice/distributed-load-test.html#fig5.4.2.4","level":"5.4.2","list_caption":"Figure: Dashboard查看页面","alt":"Dashboard查看页面","nro":140,"url":"../images/sample-webapp-rc.jpg","index":4,"caption_template":"图片 - _CAPTION_","label":"Dashboard查看页面","attributes":{},"skip":false,"key":"5.4.2.4"},{"backlink":"practice/distributed-load-test.html#fig5.4.2.5","level":"5.4.2","list_caption":"Figure: Locust测试结果页面","alt":"Locust测试结果页面","nro":141,"url":"../images/locust-dashboard.jpg","index":5,"caption_template":"图片 - _CAPTION_","label":"Locust测试结果页面","attributes":{},"skip":false,"key":"5.4.2.5"},{"backlink":"practice/network-and-cluster-perfermance-test.html#fig5.4.3.1","level":"5.4.3","list_caption":"Figure: kubernetes-dashboard","alt":"kubernetes-dashboard","nro":142,"url":"../images/kubenetes-e2e-test.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"kubernetes-dashboard","attributes":{},"skip":false,"key":"5.4.3.1"},{"backlink":"practice/network-and-cluster-perfermance-test.html#fig5.4.3.2","level":"5.4.3","list_caption":"Figure: locust测试页面","alt":"locust测试页面","nro":143,"url":"../images/kubernetes-locust-test.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"locust测试页面","attributes":{},"skip":false,"key":"5.4.3.2"},{"backlink":"practice/edge-node-configuration.html#fig5.4.4.1","level":"5.4.4","list_caption":"Figure: 边缘节点架构","alt":"边缘节点架构","nro":144,"url":"../images/kubernetes-edge-node-architecture.png","index":1,"caption_template":"图片 - _CAPTION_","label":"边缘节点架构","attributes":{},"skip":false,"key":"5.4.4.1"},{"backlink":"practice/edge-node-configuration.html#fig5.4.4.2","level":"5.4.4","list_caption":"Figure: 使用域名来访问Kubernetes中的服务","alt":"使用域名来访问Kubernetes中的服务","nro":145,"url":"../images/accessing-kubernetes-services-with-dns-name.png","index":2,"caption_template":"图片 - _CAPTION_","label":"使用域名来访问Kubernetes中的服务","attributes":{},"skip":false,"key":"5.4.4.2"},{"backlink":"practice/configuring-dns.html#fig5.4.6.1.1","level":"5.4.6.1","list_caption":"Figure: DNS lookup flow","alt":"DNS lookup flow","nro":146,"url":"https://d33wubrfki0l68.cloudfront.net/340889cb80e81dcd19a16bc34697a7907e2b229a/24ad0/docs/tasks/administer-cluster/dns-custom-nameservers/dns.png","index":1,"caption_template":"图片 - _CAPTION_","label":"DNS lookup flow","attributes":{},"skip":false,"key":"5.4.6.1.1"},{"backlink":"practice/master-ha.html#fig5.5.1.1","level":"5.5.1","list_caption":"Figure: Master HA架构图","alt":"Master HA架构图","nro":147,"url":"../images/master-ha.JPG","index":1,"caption_template":"图片 - _CAPTION_","label":"Master HA架构图","attributes":{},"skip":false,"key":"5.5.1.1"},{"backlink":"practice/app-log-collection.html#fig5.5.3.1","level":"5.5.3","list_caption":"Figure: filebeat日志收集架构图","alt":"filebeat日志收集架构图","nro":148,"url":"../images/filebeat-log-collector.png","index":1,"caption_template":"图片 - _CAPTION_","label":"filebeat日志收集架构图","attributes":{},"skip":false,"key":"5.5.3.1"},{"backlink":"practice/app-log-collection.html#fig5.5.3.2","level":"5.5.3","list_caption":"Figure: Kibana页面","alt":"Kibana页面","nro":149,"url":"../images/filebeat-docker-test.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"Kibana页面","attributes":{},"skip":false,"key":"5.5.3.2"},{"backlink":"practice/app-log-collection.html#fig5.5.3.3","level":"5.5.3","list_caption":"Figure: filebeat收集的日志详细信息","alt":"filebeat收集的日志详细信息","nro":150,"url":"../images/kubernetes-filebeat-detail.png","index":3,"caption_template":"图片 - _CAPTION_","label":"filebeat收集的日志详细信息","attributes":{},"skip":false,"key":"5.5.3.3"},{"backlink":"practice/monitor.html#fig5.5.5.1","level":"5.5.5","list_caption":"Figure: Kubernetes集群中的监控","alt":"Kubernetes集群中的监控","nro":151,"url":"../images/monitoring-in-kubernetes.png","index":1,"caption_template":"图片 - _CAPTION_","label":"Kubernetes集群中的监控","attributes":{},"skip":false,"key":"5.5.5.1"},{"backlink":"practice/monitor.html#fig5.5.5.2","level":"5.5.5","list_caption":"Figure: kubernetes的容器命名规则示意图","alt":"kubernetes的容器命名规则示意图","nro":152,"url":"../images/kubernetes-container-naming-rule.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"kubernetes的容器命名规则示意图","attributes":{},"skip":false,"key":"5.5.5.2"},{"backlink":"practice/monitor.html#fig5.5.5.3","level":"5.5.5","list_caption":"Figure: Heapster架构图(改进版)","alt":"Heapster架构图(改进版)","nro":153,"url":"../images/kubernetes-heapster-monitoring.png","index":3,"caption_template":"图片 - _CAPTION_","label":"Heapster架构图(改进版)","attributes":{},"skip":false,"key":"5.5.5.3"},{"backlink":"practice/monitor.html#fig5.5.5.4","level":"5.5.5","list_caption":"Figure: 应用监控架构图","alt":"应用监控架构图","nro":154,"url":"../images/kubernetes-app-monitoring.png","index":4,"caption_template":"图片 - _CAPTION_","label":"应用监控架构图","attributes":{},"skip":false,"key":"5.5.5.4"},{"backlink":"practice/monitor.html#fig5.5.5.5","level":"5.5.5","list_caption":"Figure: 应用拓扑图","alt":"应用拓扑图","nro":155,"url":"../images/weave-scope-service-topology.jpg","index":5,"caption_template":"图片 - _CAPTION_","label":"应用拓扑图","attributes":{},"skip":false,"key":"5.5.5.5"},{"backlink":"practice/data-persistence-problem.html#fig5.5.6.1","level":"5.5.6","list_caption":"Figure: 日志持久化收集解决方案示意图","alt":"日志持久化收集解决方案示意图","nro":156,"url":"../images/log-persistence-logstash.png","index":1,"caption_template":"图片 - _CAPTION_","label":"日志持久化收集解决方案示意图","attributes":{},"skip":false,"key":"5.5.6.1"},{"backlink":"practice/storage-for-containers-using-glusterfs-with-openshift.html#fig5.6.1.3.1","level":"5.6.1.3","list_caption":"Figure: 创建存储","alt":"创建存储","nro":157,"url":"../images/create-gluster-storage.png","index":1,"caption_template":"图片 - _CAPTION_","label":"创建存储","attributes":{},"skip":false,"key":"5.6.1.3.1"},{"backlink":"practice/storage-for-containers-using-glusterfs-with-openshift.html#fig5.6.1.3.2","level":"5.6.1.3","list_caption":"Figure: Screen Shot 2017-03-24 at 11.09.34.png","alt":"Screen Shot 2017-03-24 at 11.09.34.png","nro":158,"url":"https://keithtenzer.files.wordpress.com/2017/03/screen-shot-2017-03-24-at-11-09-341.png?w=440","index":2,"caption_template":"图片 - _CAPTION_","label":"Screen Shot 2017-03-24 at 11.09.34.png","attributes":{},"skip":false,"key":"5.6.1.3.2"},{"backlink":"practice/openebs.html#fig5.6.4.1","level":"5.6.4","list_caption":"Figure: OpenEBS集群数据平面(图片来自https://github.com/openebs/openebs/blob/master/contribute/design/README.md)","alt":"OpenEBS集群数据平面(图片来自https://github.com/openebs/openebs/blob/master/contribute/design/README.md)","nro":159,"url":"../images/OpenEBS-Data-Plane.png","index":1,"caption_template":"图片 - _CAPTION_","label":"OpenEBS集群数据平面(图片来自https://github.com/openebs/openebs/blob/master/contribute/design/README.md)","attributes":{},"skip":false,"key":"5.6.4.1"},{"backlink":"practice/openebs.html#fig5.6.4.2","level":"5.6.4","list_caption":"Figure: OpenEBS集群的控制平面(图片来自https://github.com/openebs/openebs/blob/master/contribute/design/README.md)","alt":"OpenEBS集群的控制平面(图片来自https://github.com/openebs/openebs/blob/master/contribute/design/README.md)","nro":160,"url":"../images/OpenEBS-Control-Plane.png","index":2,"caption_template":"图片 - _CAPTION_","label":"OpenEBS集群的控制平面(图片来自https://github.com/openebs/openebs/blob/master/contribute/design/README.md)","attributes":{},"skip":false,"key":"5.6.4.2"},{"backlink":"practice/using-openebs-for-persistent-storage.html#fig5.6.4.1.1","level":"5.6.4.1","list_caption":"Figure: Kubernetes iSCSI架构","alt":"Kubernetes iSCSI架构","nro":161,"url":"../images/iscsi-on-kubernetes.png","index":1,"caption_template":"图片 - _CAPTION_","label":"Kubernetes iSCSI架构","attributes":{},"skip":false,"key":"5.6.4.1.1"},{"backlink":"practice/using-heapster-to-get-object-metrics.html#fig5.7.1.1.1","level":"5.7.1.1","list_caption":"Figure: Heapster架构图","alt":"Heapster架构图","nro":162,"url":"../images/heapster-architecture.png","index":1,"caption_template":"图片 - _CAPTION_","label":"Heapster架构图","attributes":{},"skip":false,"key":"5.7.1.1.1"},{"backlink":"practice/prometheus.html#fig5.7.2.1","level":"5.7.2","list_caption":"Figure: Prometheus 架构图","alt":"Prometheus 架构图","nro":163,"url":"../images/006tNbRwly1fwcgsn11fej311j0mjadw.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"Prometheus 架构图","attributes":{},"skip":false,"key":"5.7.2.1"},{"backlink":"practice/using-prometheus-to-monitor-kuberentes-cluster.html#fig5.7.2.1.1","level":"5.7.2.1","list_caption":"Figure: Grafana页面","alt":"Grafana页面","nro":164,"url":"../images/kubernetes-prometheus-monitoring.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"Grafana页面","attributes":{},"skip":false,"key":"5.7.2.1.1"},{"backlink":"practice/promql.html#fig5.7.2.2.1","level":"5.7.2.2","list_caption":"Figure: Prometheus 的查询页面","alt":"Prometheus 的查询页面","nro":165,"url":"../images/006tNbRwly1fwcl7v28rhj30xl0onadv.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"Prometheus 的查询页面","attributes":{},"skip":false,"key":"5.7.2.2.1"},{"backlink":"practice/vistio-visualize-your-istio-mesh.html#fig5.7.3.1","level":"5.7.3","list_caption":"Figure: Vistio的集群级别可视化","alt":"Vistio的集群级别可视化","nro":166,"url":"../images/00704eQkgy1fshft5oxlwj318g0pe0wp.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"Vistio的集群级别可视化","attributes":{},"skip":false,"key":"5.7.3.1"},{"backlink":"practice/vistio-visualize-your-istio-mesh.html#fig5.7.3.2","level":"5.7.3","list_caption":"Figure: Prometheus查询","alt":"Prometheus查询","nro":167,"url":"../images/00704eQkgy1fshg0vw25ij318g0jzqjq.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"Prometheus查询","attributes":{},"skip":false,"key":"5.7.3.2"},{"backlink":"practice/vistio-visualize-your-istio-mesh.html#fig5.7.3.3","level":"5.7.3","list_caption":"Figure: vistio-api的期望输出","alt":"vistio-api的期望输出","nro":168,"url":"../images/00704eQkgy1fshi61t04oj310q17c0y1.jpg","index":3,"caption_template":"图片 - _CAPTION_","label":"vistio-api的期望输出","attributes":{},"skip":false,"key":"5.7.3.3"},{"backlink":"practice/vistio-visualize-your-istio-mesh.html#fig5.7.3.4","level":"5.7.3","list_caption":"Figure: Vistio主页面","alt":"Vistio主页面","nro":169,"url":"../images/00704eQkgy1fshi98duzgj318g0l2406.jpg","index":4,"caption_template":"图片 - _CAPTION_","label":"Vistio主页面","attributes":{},"skip":false,"key":"5.7.3.4"},{"backlink":"practice/vistio-visualize-your-istio-mesh.html#fig5.7.3.5","level":"5.7.3","list_caption":"Figure: istio mesh的网络流量","alt":"istio mesh的网络流量","nro":170,"url":"../images/00704eQkgy1fshibdwcj3j318g0p8th1.jpg","index":5,"caption_template":"图片 - _CAPTION_","label":"istio mesh的网络流量","attributes":{},"skip":false,"key":"5.7.3.5"},{"backlink":"practice/vistio-visualize-your-istio-mesh.html#fig5.7.3.6","level":"5.7.3","list_caption":"Figure: 查明网络问题","alt":"查明网络问题","nro":171,"url":"../images/00704eQkgy1fshicc7or1j318g0p8ahr.jpg","index":6,"caption_template":"图片 - _CAPTION_","label":"查明网络问题","attributes":{},"skip":false,"key":"5.7.3.6"},{"backlink":"practice/vistio-visualize-your-istio-mesh.html#fig5.7.3.7","level":"5.7.3","list_caption":"Figure: vistio api的不正确输出","alt":"vistio api的不正确输出","nro":172,"url":"../images/00704eQkgy1fshie7wxkyj30ks0f4myd.jpg","index":7,"caption_template":"图片 - _CAPTION_","label":"vistio api的不正确输出","attributes":{},"skip":false,"key":"5.7.3.7"},{"backlink":"practice/opentracing.html#fig5.8.1.1","level":"5.8.1","list_caption":"Figure: Jaeger UI","alt":"Jaeger UI","nro":173,"url":"../images/006tNbRwly1fwjg48fh7xj31kw0wedrg.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"Jaeger UI","attributes":{},"skip":false,"key":"5.8.1.1"},{"backlink":"practice/opentracing.html#fig5.8.1.2","level":"5.8.1","list_caption":"Figure: Chrome Inspector","alt":"Chrome Inspector","nro":174,"url":"../images/006tNbRwly1fwjkfbvfluj30y70hf0y9.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"Chrome Inspector","attributes":{},"skip":false,"key":"5.8.1.2"},{"backlink":"practice/helm.html#fig5.9.1.1","level":"5.9.1","list_caption":"Figure: Helm chart源","alt":"Helm chart源","nro":175,"url":"../images/helm-charts-repository.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"Helm chart源","attributes":{},"skip":false,"key":"5.9.1.1"},{"backlink":"practice/helm.html#fig5.9.1.2","level":"5.9.1","list_caption":"Figure: TODO应用的Web页面","alt":"TODO应用的Web页面","nro":176,"url":"../images/helm-mean-todo-aholic.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"TODO应用的Web页面","attributes":{},"skip":false,"key":"5.9.1.2"},{"backlink":"practice/create-private-charts-repo.html#fig5.9.2.1","level":"5.9.2","list_caption":"Figure: Helm monocular界面","alt":"Helm monocular界面","nro":177,"url":"../images/helm-monocular-jimmysong.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"Helm monocular界面","attributes":{},"skip":false,"key":"5.9.2.1"},{"backlink":"practice/ci-cd.html#fig5.10.1","level":"5.10","list_caption":"Figure: CI/CD with Kubernetes","alt":"CI/CD with Kubernetes","nro":178,"url":"../images/00704eQkgy1fsaxszh01vj30da0j2jvn.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"CI/CD with Kubernetes","attributes":{},"skip":false,"key":"5.10.1"},{"backlink":"practice/ci-cd.html#fig5.10.2","level":"5.10","list_caption":"Figure: Kubernetes改变了应用的基础架构","alt":"Kubernetes改变了应用的基础架构","nro":179,"url":"../images/00704eQkgy1fsayashxz3j31c00w6aed.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"Kubernetes改变了应用的基础架构","attributes":{},"skip":false,"key":"5.10.2"},{"backlink":"practice/ci-cd.html#fig5.10.3","level":"5.10","list_caption":"Figure: Kubernetes中的CI/CD","alt":"Kubernetes中的CI/CD","nro":180,"url":"../images/00704eQkgy1fsayfzk3ezj31bu0tkdky.jpg","index":3,"caption_template":"图片 - _CAPTION_","label":"Kubernetes中的CI/CD","attributes":{},"skip":false,"key":"5.10.3"},{"backlink":"practice/ci-cd.html#fig5.10.4","level":"5.10","list_caption":"Figure: 云原生工作负载","alt":"云原生工作负载","nro":181,"url":"../images/00704eQkgy1fsayrk6vppj31bu0w0gsd.jpg","index":4,"caption_template":"图片 - _CAPTION_","label":"云原生工作负载","attributes":{},"skip":false,"key":"5.10.4"},{"backlink":"practice/ci-cd.html#fig5.10.5","level":"5.10","list_caption":"Figure: 云原生工作负载映射到Kuberentes原语","alt":"云原生工作负载映射到Kuberentes原语","nro":182,"url":"../images/00704eQkgy1fsaytbabxgj31c00w2n4r.jpg","index":5,"caption_template":"图片 - _CAPTION_","label":"云原生工作负载映射到Kuberentes原语","attributes":{},"skip":false,"key":"5.10.5"},{"backlink":"practice/ci-cd.html#fig5.10.6","level":"5.10","list_caption":"Figure: spinnaker中的组件及角色交互关系","alt":"spinnaker中的组件及角色交互关系","nro":183,"url":"../images/00704eQkgy1fsaz2wirz9j31bs0vygsb.jpg","index":6,"caption_template":"图片 - _CAPTION_","label":"spinnaker中的组件及角色交互关系","attributes":{},"skip":false,"key":"5.10.6"},{"backlink":"practice/ci-cd.html#fig5.10.7","level":"5.10","list_caption":"Figure: Spinnaker部署流水线","alt":"Spinnaker部署流水线","nro":184,"url":"../images/00704eQkgy1fsaz3yo227j31c60mgdim.jpg","index":7,"caption_template":"图片 - _CAPTION_","label":"Spinnaker部署流水线","attributes":{},"skip":false,"key":"5.10.7"},{"backlink":"practice/ci-cd.html#fig5.10.8","level":"5.10","list_caption":"Figure: Spinnaker的预发布流水线","alt":"Spinnaker的预发布流水线","nro":185,"url":"../images/00704eQkgy1fsaz50k2atj31bs0mitbn.jpg","index":8,"caption_template":"图片 - _CAPTION_","label":"Spinnaker的预发布流水线","attributes":{},"skip":false,"key":"5.10.8"},{"backlink":"practice/ci-cd.html#fig5.10.9","level":"5.10","list_caption":"Figure: Spinnaker的生产流水线","alt":"Spinnaker的生产流水线","nro":186,"url":"../images/00704eQkgy1fsaz5n5qs9j31by0motbm.jpg","index":9,"caption_template":"图片 - _CAPTION_","label":"Spinnaker的生产流水线","attributes":{},"skip":false,"key":"5.10.9"},{"backlink":"practice/ci-cd.html#fig5.10.10","level":"5.10","list_caption":"Figure: 可观察性","alt":"可观察性","nro":187,"url":"../images/00704eQkgy1fsazabn0b9j31by0w6791.jpg","index":10,"caption_template":"图片 - _CAPTION_","label":"可观察性","attributes":{},"skip":false,"key":"5.10.10"},{"backlink":"practice/ci-cd.html#fig5.10.11","level":"5.10","list_caption":"Figure: Prometheus生态系统中的组件","alt":"Prometheus生态系统中的组件","nro":188,"url":"../images/00704eQkgy1fsazcclee6j31c20w6n5y.jpg","index":11,"caption_template":"图片 - _CAPTION_","label":"Prometheus生态系统中的组件","attributes":{},"skip":false,"key":"5.10.11"},{"backlink":"practice/jenkins-ci-cd.html#fig5.10.1.1","level":"5.10.1","list_caption":"Figure: 基于Jenkins的持续集成与发布","alt":"基于Jenkins的持续集成与发布","nro":189,"url":"../images/kubernetes-jenkins-ci-cd.png","index":1,"caption_template":"图片 - _CAPTION_","label":"基于Jenkins的持续集成与发布","attributes":{},"skip":false,"key":"5.10.1.1"},{"backlink":"practice/drone-ci-cd.html#fig5.10.2.1","level":"5.10.2","list_caption":"Figure: OAuth注册","alt":"OAuth注册","nro":190,"url":"../images/github-oauth-register.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"OAuth注册","attributes":{},"skip":false,"key":"5.10.2.1"},{"backlink":"practice/drone-ci-cd.html#fig5.10.2.2","level":"5.10.2","list_caption":"Figure: OAuth key","alt":"OAuth key","nro":191,"url":"../images/github-oauth-drone-key.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"OAuth key","attributes":{},"skip":false,"key":"5.10.2.2"},{"backlink":"practice/drone-ci-cd.html#fig5.10.2.3","level":"5.10.2","list_caption":"Figure: Drone登陆界面","alt":"Drone登陆界面","nro":192,"url":"../images/drone-login-github.jpg","index":3,"caption_template":"图片 - _CAPTION_","label":"Drone登陆界面","attributes":{},"skip":false,"key":"5.10.2.3"},{"backlink":"practice/drone-ci-cd.html#fig5.10.2.4","level":"5.10.2","list_caption":"Figure: Github启用repo设置","alt":"Github启用repo设置","nro":193,"url":"../images/drone-github-active.jpg","index":4,"caption_template":"图片 - _CAPTION_","label":"Github启用repo设置","attributes":{},"skip":false,"key":"5.10.2.4"},{"backlink":"practice/drone-ci-cd.html#fig5.10.2.5","level":"5.10.2","list_caption":"Figure: Github单个repo设置","alt":"Github单个repo设置","nro":194,"url":"../images/drone-github-repo-setting.jpg","index":5,"caption_template":"图片 - _CAPTION_","label":"Github单个repo设置","attributes":{},"skip":false,"key":"5.10.2.5"},{"backlink":"practice/manually-upgrade.html#fig5.11.1.1","level":"5.11.1","list_caption":"Figure: Kubernetes零宕机时间升级建议","alt":"Kubernetes零宕机时间升级建议","nro":195,"url":"../images/zero-downtime-kubernetes-upgrade-tips.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"Kubernetes零宕机时间升级建议","attributes":{},"skip":false,"key":"5.11.1.1"},{"backlink":"practice/manually-upgrade.html#fig5.11.1.2","level":"5.11.1","list_caption":"Figure: Kuberentes API对象的版本演进","alt":"Kuberentes API对象的版本演进","nro":196,"url":"../images/kubernetes-apversions-changes.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"Kuberentes API对象的版本演进","attributes":{},"skip":false,"key":"5.11.1.2"},{"backlink":"practice/dashboard-upgrade.html#fig5.11.2.1","level":"5.11.2","list_caption":"Figure: 登陆界面","alt":"登陆界面","nro":197,"url":"../images/kubernetes-dashboard-1.7.1-login.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"登陆界面","attributes":{},"skip":false,"key":"5.11.2.1"},{"backlink":"practice/dashboard-upgrade.html#fig5.11.2.2","level":"5.11.2","list_caption":"Figure: Dashboard首页","alt":"Dashboard首页","nro":198,"url":"../images/kubernetes-dashboard-1.7.1-default-page.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"Dashboard首页","attributes":{},"skip":false,"key":"5.11.2.2"},{"backlink":"practice/dashboard-upgrade.html#fig5.11.2.3","level":"5.11.2","list_caption":"Figure: Dashboard用户空间页面","alt":"Dashboard用户空间页面","nro":199,"url":"../images/kubernetes-dashboard-1.7.1-brand.jpg","index":3,"caption_template":"图片 - _CAPTION_","label":"Dashboard用户空间页面","attributes":{},"skip":false,"key":"5.11.2.3"},{"backlink":"practice/dashboard-upgrade.html#fig5.11.2.4","level":"5.11.2","list_caption":"Figure: kubeconfig文件","alt":"kubeconfig文件","nro":200,"url":"../images/brand-kubeconfig-yaml.jpg","index":4,"caption_template":"图片 - _CAPTION_","label":"kubeconfig文件","attributes":{},"skip":false,"key":"5.11.2.4"},{"backlink":"usecases/microservices.html#fig6.2.1","level":"6.2","list_caption":"Figure: 微服务关注的部分","alt":"微服务关注的部分","nro":201,"url":"../images/microservices-concerns.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"微服务关注的部分","attributes":{},"skip":false,"key":"6.2.1"},{"backlink":"usecases/service-discovery-in-microservices.html#fig6.2.1.1","level":"6.2.1","list_caption":"Figure: 微服务中的服务发现","alt":"微服务中的服务发现","nro":202,"url":"../images/service-discovery-in-microservices.png","index":1,"caption_template":"图片 - _CAPTION_","label":"微服务中的服务发现","attributes":{},"skip":false,"key":"6.2.1.1"},{"backlink":"usecases/microservices-for-java-developers.html#fig6.2.2.1","level":"6.2.2","list_caption":"Figure: Spring技术栈","alt":"Spring技术栈","nro":203,"url":"../images/spring-stack.png","index":1,"caption_template":"图片 - _CAPTION_","label":"Spring技术栈","attributes":{},"skip":false,"key":"6.2.2.1"},{"backlink":"usecases/microservices-for-java-developers.html#fig6.2.2.2","level":"6.2.2","list_caption":"Figure: Spring Boot的知识点","alt":"Spring Boot的知识点","nro":204,"url":"../images/spring-boot-note-spots.png","index":2,"caption_template":"图片 - _CAPTION_","label":"Spring Boot的知识点","attributes":{},"skip":false,"key":"6.2.2.2"},{"backlink":"usecases/service-mesh.html#fig6.3.1","level":"6.3","list_caption":"Figure: 下一代异构微服务架构","alt":"下一代异构微服务架构","nro":205,"url":"../images/polyglot-microservices-serivce-mesh.png","index":1,"caption_template":"图片 - _CAPTION_","label":"下一代异构微服务架构","attributes":{},"skip":false,"key":"6.3.1"},{"backlink":"usecases/service-mesh.html#fig6.3.2","level":"6.3","list_caption":"Figure: Service Mesh 架构图","alt":"Service Mesh 架构图","nro":206,"url":"../images/serivce-mesh-control-plane.png","index":2,"caption_template":"图片 - _CAPTION_","label":"Service Mesh 架构图","attributes":{},"skip":false,"key":"6.3.2"},{"backlink":"usecases/service-mesh.html#fig6.3.3","level":"6.3","list_caption":"Figure: Istio vs linkerd","alt":"Istio vs linkerd","nro":207,"url":"../images/istio-vs-linkerd.jpg","index":3,"caption_template":"图片 - _CAPTION_","label":"Istio vs linkerd","attributes":{},"skip":false,"key":"6.3.3"},{"backlink":"usecases/service-mesh-fundamental.html#fig6.3.1.1.1","level":"6.3.1.1","list_caption":"Figure: Service Mesh模型对比","alt":"Service Mesh模型对比","nro":208,"url":"../images/0069RVTdly1fuafvbnuc7j310a0oqdm9.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"Service Mesh模型对比","attributes":{},"skip":false,"key":"6.3.1.1.1"},{"backlink":"usecases/service-mesh-fundamental.html#fig6.3.1.1.2","level":"6.3.1.1","list_caption":"Figure: 网状网络拓扑","alt":"网状网络拓扑","nro":209,"url":"../images/0069RVTdly1fuaie8jan8j310a0kitem.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"网状网络拓扑","attributes":{},"skip":false,"key":"6.3.1.1.2"},{"backlink":"usecases/service-mesh-fundamental.html#fig6.3.1.1.3","level":"6.3.1.1","list_caption":"Figure: Service Mesh架构图","alt":"Service Mesh架构图","nro":210,"url":"../images/0069RVTdly1fuail4d24jj31080rkgr7.jpg","index":3,"caption_template":"图片 - _CAPTION_","label":"Service Mesh架构图","attributes":{},"skip":false,"key":"6.3.1.1.3"},{"backlink":"usecases/service-mesh-fundamental.html#fig6.3.1.1.4","level":"6.3.1.1","list_caption":"Figure: Istio Mixer","alt":"Istio Mixer","nro":211,"url":"../images/0069RVTdly1fuam4ln45jj30yu0o6wkc.jpg","index":4,"caption_template":"图片 - _CAPTION_","label":"Istio Mixer","attributes":{},"skip":false,"key":"6.3.1.1.4"},{"backlink":"usecases/service-mesh-fundamental.html#fig6.3.1.1.5","level":"6.3.1.1","list_caption":"Figure: Istio架构图","alt":"Istio架构图","nro":212,"url":"../images/0069RVTdly1fuamvq97cuj30yu0wg7cr.jpg","index":5,"caption_template":"图片 - _CAPTION_","label":"Istio架构图","attributes":{},"skip":false,"key":"6.3.1.1.5"},{"backlink":"usecases/service-mesh-fundamental.html#fig6.3.1.1.6","level":"6.3.1.1","list_caption":"Figure: OSI模型","alt":"OSI模型","nro":213,"url":"../images/0069RVTdly1fuanez4qbtj30v4183n7p.jpg","index":6,"caption_template":"图片 - _CAPTION_","label":"OSI模型","attributes":{},"skip":false,"key":"6.3.1.1.6"},{"backlink":"usecases/service-mesh-fundamental.html#fig6.3.1.1.7","level":"6.3.1.1","list_caption":"Figure: 在L5解耦","alt":"在L5解耦","nro":214,"url":"../images/006tNbRwly1fubfiiryirj30w20ayjui.jpg","index":7,"caption_template":"图片 - _CAPTION_","label":"在L5解耦","attributes":{},"skip":false,"key":"6.3.1.1.7"},{"backlink":"usecases/comparing-service-mesh-technologies.html#fig6.3.1.2.1","level":"6.3.1.2","list_caption":"Figure: 客户端库","alt":"客户端库","nro":215,"url":"../images/006tNbRwly1fubnx0q9bpj30vq0pq465.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"客户端库","attributes":{},"skip":false,"key":"6.3.1.2.1"},{"backlink":"usecases/service-mesh-adoption-and-evolution.html#fig6.3.1.3.1","level":"6.3.1.3","list_caption":"Figure: Service Mesh架构图","alt":"Service Mesh架构图","nro":216,"url":"../images/006tNbRwly1fubs6ts3sgj30vo0osdnj.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"Service Mesh架构图","attributes":{},"skip":false,"key":"6.3.1.3.1"},{"backlink":"usecases/service-mesh-adoption-and-evolution.html#fig6.3.1.3.2","level":"6.3.1.3","list_caption":"Figure: Ingress或边缘代理架构图","alt":"Ingress或边缘代理架构图","nro":217,"url":"../images/006tNbRwly1fubsk4v16hj30vo0bq75z.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"Ingress或边缘代理架构图","attributes":{},"skip":false,"key":"6.3.1.3.2"},{"backlink":"usecases/service-mesh-adoption-and-evolution.html#fig6.3.1.3.3","level":"6.3.1.3","list_caption":"Figure: 路由器网格架构图","alt":"路由器网格架构图","nro":218,"url":"../images/006tNbRwly1fubsxrph3dj30vq0duq53.jpg","index":3,"caption_template":"图片 - _CAPTION_","label":"路由器网格架构图","attributes":{},"skip":false,"key":"6.3.1.3.3"},{"backlink":"usecases/service-mesh-adoption-and-evolution.html#fig6.3.1.3.4","level":"6.3.1.3","list_caption":"Figure: Proxy per Node架构图","alt":"Proxy per Node架构图","nro":219,"url":"../images/006tNbRwly1fubt5a97h7j30vq0bcq5p.jpg","index":4,"caption_template":"图片 - _CAPTION_","label":"Proxy per Node架构图","attributes":{},"skip":false,"key":"6.3.1.3.4"},{"backlink":"usecases/service-mesh-adoption-and-evolution.html#fig6.3.1.3.5","level":"6.3.1.3","list_caption":"Figure: Sidecar代理/Fabric模型架构图","alt":"Sidecar代理/Fabric模型架构图","nro":220,"url":"../images/006tNbRwly1fubvi0dnhlj30vo0ekwhx.jpg","index":5,"caption_template":"图片 - _CAPTION_","label":"Sidecar代理/Fabric模型架构图","attributes":{},"skip":false,"key":"6.3.1.3.5"},{"backlink":"usecases/service-mesh-adoption-and-evolution.html#fig6.3.1.3.6","level":"6.3.1.3","list_caption":"Figure: Sidecar代理/控制平面架构图","alt":"Sidecar代理/控制平面架构图","nro":221,"url":"../images/006tNbRwly1fubvr83wvgj30vq0mmdip.jpg","index":6,"caption_template":"图片 - _CAPTION_","label":"Sidecar代理/控制平面架构图","attributes":{},"skip":false,"key":"6.3.1.3.6"},{"backlink":"usecases/service-mesh-customization-and-integration.html#fig6.3.1.4.1","level":"6.3.1.4","list_caption":"Figure: nginMesh架构图","alt":"nginMesh架构图","nro":222,"url":"../images/006tNbRwly1fucp8yralaj30vu0sijx8.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"nginMesh架构图","attributes":{},"skip":false,"key":"6.3.1.4.1"},{"backlink":"usecases/service-mesh-customization-and-integration.html#fig6.3.1.4.2","level":"6.3.1.4","list_caption":"Figure: Mixer adapter","alt":"Mixer adapter","nro":223,"url":"../images/006tNbRwly1fucplat3l9j30vo0lw43l.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"Mixer adapter","attributes":{},"skip":false,"key":"6.3.1.4.2"},{"backlink":"usecases/service-mesh-customization-and-integration.html#fig6.3.1.4.3","level":"6.3.1.4","list_caption":"Figure: SOFAMesh","alt":"SOFAMesh","nro":224,"url":"../images/mosn-with-service-mesh.png","index":3,"caption_template":"图片 - _CAPTION_","label":"SOFAMesh","attributes":{},"skip":false,"key":"6.3.1.4.3"},{"backlink":"usecases/service-mesh-customization-and-integration.html#fig6.3.1.4.4","level":"6.3.1.4","list_caption":"Figure: SOFAMosn模块架构图","alt":"SOFAMosn模块架构图","nro":225,"url":"../images/006tNbRwly1fucpc5fn8wj31kw0sfdnu.jpg","index":4,"caption_template":"图片 - _CAPTION_","label":"SOFAMosn模块架构图","attributes":{},"skip":false,"key":"6.3.1.4.4"},{"backlink":"usecases/istio.html#fig6.3.2.1","level":"6.3.2","list_caption":"Figure: Istio的mindmap","alt":"Istio的mindmap","nro":226,"url":"../images/istio-mindmap.png","index":1,"caption_template":"图片 - _CAPTION_","label":"Istio的mindmap","attributes":{},"skip":false,"key":"6.3.2.1"},{"backlink":"usecases/istio.html#fig6.3.2.2","level":"6.3.2","list_caption":"Figure: Istio架构图","alt":"Istio架构图","nro":227,"url":"../images/istio-arch.png","index":2,"caption_template":"图片 - _CAPTION_","label":"Istio架构图","attributes":{},"skip":false,"key":"6.3.2.2"},{"backlink":"usecases/istio-installation.html#fig6.3.2.1.1","level":"6.3.2.1","list_caption":"Figure: Istio 在 Kubernetes 中的部署架构图","alt":"Istio 在 Kubernetes 中的部署架构图","nro":228,"url":"../images/istio-deployment-architecture-diagram.png","index":1,"caption_template":"图片 - _CAPTION_","label":"Istio 在 Kubernetes 中的部署架构图","attributes":{},"skip":false,"key":"6.3.2.1.1"},{"backlink":"usecases/istio-installation.html#fig6.3.2.1.2","level":"6.3.2.1","list_caption":"Figure: BookInfo Sample应用架构图","alt":"BookInfo Sample应用架构图","nro":229,"url":"../images/bookinfo-sample-arch.png","index":2,"caption_template":"图片 - _CAPTION_","label":"BookInfo Sample应用架构图","attributes":{},"skip":false,"key":"6.3.2.1.2"},{"backlink":"usecases/istio-installation.html#fig6.3.2.1.3","level":"6.3.2.1","list_caption":"Figure: BookInfo Sample页面","alt":"BookInfo Sample页面","nro":230,"url":"../images/bookinfo-sample.jpg","index":3,"caption_template":"图片 - _CAPTION_","label":"BookInfo Sample页面","attributes":{},"skip":false,"key":"6.3.2.1.3"},{"backlink":"usecases/istio-installation.html#fig6.3.2.1.4","level":"6.3.2.1","list_caption":"Figure: Istio Grafana界面","alt":"Istio Grafana界面","nro":231,"url":"../images/istio-grafana.jpg","index":4,"caption_template":"图片 - _CAPTION_","label":"Istio Grafana界面","attributes":{},"skip":false,"key":"6.3.2.1.4"},{"backlink":"usecases/istio-installation.html#fig6.3.2.1.5","level":"6.3.2.1","list_caption":"Figure: Prometheus页面","alt":"Prometheus页面","nro":232,"url":"../images/istio-prometheus.jpg","index":5,"caption_template":"图片 - _CAPTION_","label":"Prometheus页面","attributes":{},"skip":false,"key":"6.3.2.1.5"},{"backlink":"usecases/istio-installation.html#fig6.3.2.1.6","level":"6.3.2.1","list_caption":"Figure: Zipkin页面","alt":"Zipkin页面","nro":233,"url":"../images/istio-zipkin.jpg","index":6,"caption_template":"图片 - _CAPTION_","label":"Zipkin页面","attributes":{},"skip":false,"key":"6.3.2.1.6"},{"backlink":"usecases/istio-installation.html#fig6.3.2.1.7","level":"6.3.2.1","list_caption":"Figure: ServiceGraph页面","alt":"ServiceGraph页面","nro":234,"url":"../images/istio-servicegraph.jpg","index":7,"caption_template":"图片 - _CAPTION_","label":"ServiceGraph页面","attributes":{},"skip":false,"key":"6.3.2.1.7"},{"backlink":"usecases/istio-tutorials-collection.html#fig6.3.2.4.1","level":"6.3.2.4","list_caption":"Figure: katacoda","alt":"katacoda","nro":235,"url":"../images/006tNc79gy1ftwe77v4u5j31kw0ziwtw.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"katacoda","attributes":{},"skip":false,"key":"6.3.2.4.1"},{"backlink":"usecases/istio-tutorials-collection.html#fig6.3.2.4.2","level":"6.3.2.4","list_caption":"Figure: weavescope","alt":"weavescope","nro":236,"url":"../images/006tNc79gy1ftwhtmzhfej31kw0ziww1.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"weavescope","attributes":{},"skip":false,"key":"6.3.2.4.2"},{"backlink":"usecases/istio-tutorials-collection.html#fig6.3.2.4.3","level":"6.3.2.4","list_caption":"Figure: weavescope","alt":"weavescope","nro":237,"url":"../images/006tNc79gy1ftwhvtu1vxj31kw0zitvc.jpg","index":3,"caption_template":"图片 - _CAPTION_","label":"weavescope","attributes":{},"skip":false,"key":"6.3.2.4.3"},{"backlink":"usecases/istio-tutorials-collection.html#fig6.3.2.4.4","level":"6.3.2.4","list_caption":"Figure: Red Hat","alt":"Red Hat","nro":238,"url":"../images/006tNc79gy1ftwiolw1tyj31kw0zib29.jpg","index":4,"caption_template":"图片 - _CAPTION_","label":"Red Hat","attributes":{},"skip":false,"key":"6.3.2.4.4"},{"backlink":"usecases/istio-tutorials-collection.html#fig6.3.2.4.5","level":"6.3.2.4","list_caption":"Figure: Red Hat developers","alt":"Red Hat developers","nro":239,"url":"../images/006tNc79gy1ftwjyxiw1pj31kw0zi4qp.jpg","index":5,"caption_template":"图片 - _CAPTION_","label":"Red Hat developers","attributes":{},"skip":false,"key":"6.3.2.4.5"},{"backlink":"usecases/istio-tutorials-collection.html#fig6.3.2.4.6","level":"6.3.2.4","list_caption":"Figure: IBM developerWorks","alt":"IBM developerWorks","nro":240,"url":"../images/006tNc79gy1ftweryj0zrj31kw0zix6q.jpg","index":6,"caption_template":"图片 - _CAPTION_","label":"IBM developerWorks","attributes":{},"skip":false,"key":"6.3.2.4.6"},{"backlink":"usecases/istio-tutorials-collection.html#fig6.3.2.4.7","level":"6.3.2.4","list_caption":"Figure: IBM developers","alt":"IBM developers","nro":241,"url":"../images/006tNc79gy1ftwesjg1e2j31kw0s8woq.jpg","index":7,"caption_template":"图片 - _CAPTION_","label":"IBM developers","attributes":{},"skip":false,"key":"6.3.2.4.7"},{"backlink":"usecases/understand-sidecar-injection-and-traffic-hijack-in-istio-service-mesh.html#fig6.3.2.5.1","level":"6.3.2.5","list_caption":"Figure: Sidecar 模式示意图","alt":"Sidecar 模式示意图","nro":242,"url":"../images/sidecar-pattern.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"Sidecar 模式示意图","attributes":{},"skip":false,"key":"6.3.2.5.1"},{"backlink":"usecases/understand-sidecar-injection-and-traffic-hijack-in-istio-service-mesh.html#fig6.3.2.5.2","level":"6.3.2.5","list_caption":"Figure: Sidecar 流量劫持示意图","alt":"Sidecar 流量劫持示意图","nro":243,"url":"../images/envoy-sidecar-traffic-interception-jimmysong-blog.png","index":2,"caption_template":"图片 - _CAPTION_","label":"Sidecar 流量劫持示意图","attributes":{},"skip":false,"key":"6.3.2.5.2"},{"backlink":"usecases/understand-sidecar-injection-and-traffic-hijack-in-istio-service-mesh.html#fig6.3.2.5.3","level":"6.3.2.5","list_caption":"Figure: iptables 调用链","alt":"iptables 调用链","nro":244,"url":"../images/iptables.jpg","index":3,"caption_template":"图片 - _CAPTION_","label":"iptables 调用链","attributes":{},"skip":false,"key":"6.3.2.5.3"},{"backlink":"usecases/understand-sidecar-injection-and-traffic-hijack-in-istio-service-mesh.html#fig6.3.2.5.4","level":"6.3.2.5","list_caption":"Figure: hook-connect 原理示意图","alt":"hook-connect 原理示意图","nro":245,"url":"../images/hook-connect.jpg","index":4,"caption_template":"图片 - _CAPTION_","label":"hook-connect 原理示意图","attributes":{},"skip":false,"key":"6.3.2.5.4"},{"backlink":"usecases/envoy-sidecar-routing-of-istio-service-mesh-deep-dive.html#fig6.3.2.6.1","level":"6.3.2.6","list_caption":"Figure: Bookinfo 示例","alt":"Bookinfo 示例","nro":246,"url":"../images/006tNbRwgy1fvlwjd3302j31bo0ro0x5.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"Bookinfo 示例","attributes":{},"skip":false,"key":"6.3.2.6.1"},{"backlink":"usecases/linkerd.html#fig6.3.3.1","level":"6.3.3","list_caption":"Figure: source https://linkerd.io","alt":"source https://linkerd.io","nro":247,"url":"../images/diagram-individual-instance.png","index":1,"caption_template":"图片 - _CAPTION_","label":"source https://linkerd.io","attributes":{},"skip":false,"key":"6.3.3.1"},{"backlink":"usecases/linkerd.html#fig6.3.3.2","level":"6.3.3","list_caption":"Figure: Linkerd 部署架构(图片来自https://buoyant.io/2016/10/14/a-service-mesh-for-kubernetes-part-ii-pods-are-great-until-theyre-not/)","alt":"Linkerd 部署架构(图片来自https://buoyant.io/2016/10/14/a-service-mesh-for-kubernetes-part-ii-pods-are-great-until-theyre-not/)","nro":248,"url":"https://buoyant.io/wp-content/uploads/2017/07/buoyant-k8s-daemonset-mesh.png","index":2,"caption_template":"图片 - _CAPTION_","label":"Linkerd 部署架构(图片来自https://buoyant.io/2016/10/14/a-service-mesh-for-kubernetes-part-ii-pods-are-great-until-theyre-not/)","attributes":{},"skip":false,"key":"6.3.3.2"},{"backlink":"usecases/linkerd.html#fig6.3.3.3","level":"6.3.3","list_caption":"Figure: 基于 dtab 的路由规则配置阶段发布","alt":"基于 dtab 的路由规则配置阶段发布","nro":249,"url":"https://buoyant.io/wp-content/uploads/2017/07/buoyant-4_override.png","index":3,"caption_template":"图片 - _CAPTION_","label":"基于 dtab 的路由规则配置阶段发布","attributes":{},"skip":false,"key":"6.3.3.3"},{"backlink":"usecases/linkerd.html#fig6.3.3.4","level":"6.3.3","list_caption":"Figure: Linkerd ingress controller","alt":"Linkerd ingress controller","nro":250,"url":"https://buoyant.io/wp-content/uploads/2017/07/buoyant-k8s-hello-world-ingress-controller-1.png","index":4,"caption_template":"图片 - _CAPTION_","label":"Linkerd ingress controller","attributes":{},"skip":false,"key":"6.3.3.4"},{"backlink":"usecases/linkerd-user-guide.html#fig6.3.3.1.1","level":"6.3.3.1","list_caption":"Figure: Jenkins pipeline","alt":"Jenkins pipeline","nro":251,"url":"../images/linkerd-jenkins-pipeline.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"Jenkins pipeline","attributes":{},"skip":false,"key":"6.3.3.1.1"},{"backlink":"usecases/linkerd-user-guide.html#fig6.3.3.1.2","level":"6.3.3.1","list_caption":"Figure: Jenkins config","alt":"Jenkins config","nro":252,"url":"../images/linkerd-jenkins.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"Jenkins config","attributes":{},"skip":false,"key":"6.3.3.1.2"},{"backlink":"usecases/linkerd-user-guide.html#fig6.3.3.1.3","level":"6.3.3.1","list_caption":"Figure: namerd","alt":"namerd","nro":253,"url":"../images/namerd-internal.jpg","index":3,"caption_template":"图片 - _CAPTION_","label":"namerd","attributes":{},"skip":false,"key":"6.3.3.1.3"},{"backlink":"usecases/linkerd-user-guide.html#fig6.3.3.1.4","level":"6.3.3.1","list_caption":"Figure: linkerd监控","alt":"linkerd监控","nro":254,"url":"../images/linkerd-helloworld-outgoing.jpg","index":4,"caption_template":"图片 - _CAPTION_","label":"linkerd监控","attributes":{},"skip":false,"key":"6.3.3.1.4"},{"backlink":"usecases/linkerd-user-guide.html#fig6.3.3.1.5","level":"6.3.3.1","list_caption":"Figure: linkerd监控","alt":"linkerd监控","nro":255,"url":"../images/linkerd-helloworld-incoming.jpg","index":5,"caption_template":"图片 - _CAPTION_","label":"linkerd监控","attributes":{},"skip":false,"key":"6.3.3.1.5"},{"backlink":"usecases/linkerd-user-guide.html#fig6.3.3.1.6","level":"6.3.3.1","list_caption":"Figure: linkerd性能监控","alt":"linkerd性能监控","nro":256,"url":"../images/linkerd-grafana.png","index":6,"caption_template":"图片 - _CAPTION_","label":"linkerd性能监控","attributes":{},"skip":false,"key":"6.3.3.1.6"},{"backlink":"usecases/linkerd-user-guide.html#fig6.3.3.1.7","level":"6.3.3.1","list_caption":"Figure: Linkerd ingress controller","alt":"Linkerd ingress controller","nro":257,"url":"../images/linkerd-ingress-controller.jpg","index":7,"caption_template":"图片 - _CAPTION_","label":"Linkerd ingress controller","attributes":{},"skip":false,"key":"6.3.3.1.7"},{"backlink":"usecases/conduit-installation.html#fig6.3.4.2.1","level":"6.3.4.2","list_caption":"Figure: Conduit dashboard","alt":"Conduit dashboard","nro":258,"url":"../images/conduit-dashboard.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"Conduit dashboard","attributes":{},"skip":false,"key":"6.3.4.2.1"},{"backlink":"usecases/envoy.html#fig6.3.5.1","level":"6.3.5","list_caption":"Figure: 负载均衡器的特性以及拓扑类型","alt":"负载均衡器的特性以及拓扑类型","nro":259,"url":"../images/load-balancing-and-proxing.png","index":1,"caption_template":"图片 - _CAPTION_","label":"负载均衡器的特性以及拓扑类型","attributes":{},"skip":false,"key":"6.3.5.1"},{"backlink":"usecases/envoy-terminology.html#fig6.3.5.1.1","level":"6.3.5.1","list_caption":"Figure: Envoy proxy 架构图","alt":"Envoy proxy 架构图","nro":260,"url":"../images/envoy-arch.png","index":1,"caption_template":"图片 - _CAPTION_","label":"Envoy proxy 架构图","attributes":{},"skip":false,"key":"6.3.5.1.1"},{"backlink":"usecases/envoy-front-proxy.html#fig6.3.5.2.1","level":"6.3.5.2","list_caption":"Figure: Front proxy 部署结构图(转自https://www.envoyproxy.io/docs/envoy/latest/start/sandboxes/front_proxy)","alt":"Front proxy 部署结构图(转自https://www.envoyproxy.io/docs/envoy/latest/start/sandboxes/front_proxy)","nro":261,"url":"../images/envoyproxy-docker-compose.png","index":1,"caption_template":"图片 - _CAPTION_","label":"Front proxy 部署结构图(转自https://www.envoyproxy.io/docs/envoy/latest/start/sandboxes/front_proxy)","attributes":{},"skip":false,"key":"6.3.5.2.1"},{"backlink":"usecases/envoy-mesh-in-kubernetes-tutorial.html#fig6.3.5.3.1","level":"6.3.5.3","list_caption":"Figure: Envoy Mesh架构图","alt":"Envoy Mesh架构图","nro":262,"url":"../images/envoy-mesh-in-kubernetes.png","index":1,"caption_template":"图片 - _CAPTION_","label":"Envoy Mesh架构图","attributes":{},"skip":false,"key":"6.3.5.3.1"},{"backlink":"usecases/big-data.html#fig6.4.1","level":"6.4","list_caption":"Figure: Spark on yarn with kubernetes","alt":"Spark on yarn with kubernetes","nro":263,"url":"../images/spark-on-yarn-with-kubernetes.png","index":1,"caption_template":"图片 - _CAPTION_","label":"Spark on yarn with kubernetes","attributes":{},"skip":false,"key":"6.4.1"},{"backlink":"usecases/big-data.html#fig6.4.2","level":"6.4","list_caption":"Figure: 在kubernetes上使用多种调度方式","alt":"在kubernetes上使用多种调度方式","nro":264,"url":"../images/spark-on-kubernetes-with-different-schedulers.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"在kubernetes上使用多种调度方式","attributes":{},"skip":false,"key":"6.4.2"},{"backlink":"usecases/spark-standalone-on-kubernetes.html#fig6.4.1.1","level":"6.4.1","list_caption":"Figure: spark master ui","alt":"spark master ui","nro":265,"url":"../images/spark-ui.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"spark master ui","attributes":{},"skip":false,"key":"6.4.1.1"},{"backlink":"usecases/spark-standalone-on-kubernetes.html#fig6.4.1.2","level":"6.4.1","list_caption":"Figure: zeppelin ui","alt":"zeppelin ui","nro":266,"url":"../images/zeppelin-ui.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"zeppelin ui","attributes":{},"skip":false,"key":"6.4.1.2"},{"backlink":"usecases/serverless.html#fig6.5.1","level":"6.5","list_caption":"Figure: Serverless Landscape","alt":"Serverless Landscape","nro":267,"url":"../images/006tNbRwly1fx0ie2kb90j31kw0ynha3.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"Serverless Landscape","attributes":{},"skip":false,"key":"6.5.1"},{"backlink":"usecases/serverless.html#fig6.5.2","level":"6.5","list_caption":"Figure: 从物理机到函数计算","alt":"从物理机到函数计算","nro":268,"url":"../images/from-bare-metal-to-functions.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"从物理机到函数计算","attributes":{},"skip":false,"key":"6.5.2"},{"backlink":"usecases/serverless.html#fig6.5.3","level":"6.5","list_caption":"Figure: FaaS Landscape","alt":"FaaS Landscape","nro":269,"url":"../images/redpoint-faas-landscape.jpg","index":3,"caption_template":"图片 - _CAPTION_","label":"FaaS Landscape","attributes":{},"skip":false,"key":"6.5.3"},{"backlink":"usecases/understanding-serverless.html#fig6.5.1.1","level":"6.5.1","list_caption":"Figure: Serverless 在云原生技术中的地位","alt":"Serverless 在云原生技术中的地位","nro":270,"url":"../images/cloud-landscape-zh.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"Serverless 在云原生技术中的地位","attributes":{},"skip":false,"key":"6.5.1.1"},{"backlink":"usecases/understanding-serverless.html#fig6.5.1.2","level":"6.5.1","list_caption":"Figure: 服务端软件的运行环境","alt":"服务端软件的运行环境","nro":271,"url":"../images/serverless-server-side-software.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"服务端软件的运行环境","attributes":{},"skip":false,"key":"6.5.1.2"},{"backlink":"usecases/understanding-serverless.html#fig6.5.1.3","level":"6.5.1","list_caption":"Figure: FaaS应用架构","alt":"FaaS应用架构","nro":272,"url":"../images/serverless-faas-platform.jpg","index":3,"caption_template":"图片 - _CAPTION_","label":"FaaS应用架构","attributes":{},"skip":false,"key":"6.5.1.3"},{"backlink":"usecases/understanding-serverless.html#fig6.5.1.4","level":"6.5.1","list_caption":"Figure: Serverless 中的函数定义","alt":"Serverless 中的函数定义","nro":273,"url":"../images/006y8mN6ly1g7ldey3l7gj31ti0mwta9.jpg","index":4,"caption_template":"图片 - _CAPTION_","label":"Serverless 中的函数定义","attributes":{},"skip":false,"key":"6.5.1.4"},{"backlink":"usecases/understanding-serverless.html#fig6.5.1.5","level":"6.5.1","list_caption":"Figure: FaaS 中的函数","alt":"FaaS 中的函数","nro":274,"url":"../images/006y8mN6ly1g7ldhm7bxyj31040u0q5n.jpg","index":5,"caption_template":"图片 - _CAPTION_","label":"FaaS 中的函数","attributes":{},"skip":false,"key":"6.5.1.5"},{"backlink":"usecases/understanding-serverless.html#fig6.5.1.6","level":"6.5.1","list_caption":"Figure: 传统应用程序架构","alt":"传统应用程序架构","nro":275,"url":"../images/non-serverless-game-arch.jpg","index":6,"caption_template":"图片 - _CAPTION_","label":"传统应用程序架构","attributes":{},"skip":false,"key":"6.5.1.6"},{"backlink":"usecases/understanding-serverless.html#fig6.5.1.7","level":"6.5.1","list_caption":"Figure: Serverless架构","alt":"Serverless架构","nro":276,"url":"../images/serverless-game-arch.jpg","index":7,"caption_template":"图片 - _CAPTION_","label":"Serverless架构","attributes":{},"skip":false,"key":"6.5.1.7"},{"backlink":"usecases/openfaas-quick-start.html#fig6.5.2.1.1","level":"6.5.2.1","list_caption":"Figure: OpenFaaS架构","alt":"OpenFaaS架构","nro":277,"url":"../images/openfaas-arch.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"OpenFaaS架构","attributes":{},"skip":false,"key":"6.5.2.1.1"},{"backlink":"usecases/openfaas-quick-start.html#fig6.5.2.1.2","level":"6.5.2.1","list_caption":"Figure: OpenFaaS Prometheus","alt":"OpenFaaS Prometheus","nro":278,"url":"../images/openfaas-prometheus.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"OpenFaaS Prometheus","attributes":{},"skip":false,"key":"6.5.2.1.2"},{"backlink":"usecases/openfaas-quick-start.html#fig6.5.2.1.3","level":"6.5.2.1","list_caption":"Figure: OpenFaas Grafana监控","alt":"OpenFaas Grafana监控","nro":279,"url":"../images/openfaas-grafana.jpg","index":3,"caption_template":"图片 - _CAPTION_","label":"OpenFaas Grafana监控","attributes":{},"skip":false,"key":"6.5.2.1.3"},{"backlink":"usecases/openfaas-quick-start.html#fig6.5.2.1.4","level":"6.5.2.1","list_caption":"Figure: OpenFaas Dashboard","alt":"OpenFaas Dashboard","nro":280,"url":"../images/openfaas-deploy-a-function.jpg","index":4,"caption_template":"图片 - _CAPTION_","label":"OpenFaas Dashboard","attributes":{},"skip":false,"key":"6.5.2.1.4"},{"backlink":"usecases/openfaas-quick-start.html#fig6.5.2.1.5","level":"6.5.2.1","list_caption":"Figure: NodeInfo执行结果","alt":"NodeInfo执行结果","nro":281,"url":"../images/openfaas-nodeinfo.jpg","index":5,"caption_template":"图片 - _CAPTION_","label":"NodeInfo执行结果","attributes":{},"skip":false,"key":"6.5.2.1.5"},{"backlink":"usecases/knative.html#fig6.5.3.1","level":"6.5.3","list_caption":"Figure: Knative logo","alt":"Knative logo","nro":282,"url":"https://tva1.sinaimg.cn/large/006y8mN6ly1g7pg0iwbzfj30d8080dfp.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"Knative logo","attributes":{},"skip":false,"key":"6.5.3.1"},{"backlink":"usecases/knative.html#fig6.5.3.2","level":"6.5.3","list_caption":"Figure: Knative 受众(图片来自 knative.dev)","alt":"Knative 受众(图片来自 knative.dev)","nro":283,"url":"https://tva1.sinaimg.cn/large/006y8mN6ly1g7po5i7cgqj31ap0u075l.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"Knative 受众(图片来自 knative.dev)","attributes":{},"skip":false,"key":"6.5.3.2"},{"backlink":"usecases/oam.html#fig6.6.1.1","level":"6.6.1","list_caption":"Figure: OAM 的原理","alt":"OAM 的原理","nro":284,"url":"../images/oam-principle.png","index":1,"caption_template":"图片 - _CAPTION_","label":"OAM 的原理","attributes":{},"skip":false,"key":"6.6.1.1"},{"backlink":"usecases/edge-computing.html#fig6.7.1","level":"6.7","list_caption":"Figure: KubeEdge logo","alt":"KubeEdge logo","nro":285,"url":"https://tva1.sinaimg.cn/large/006y8mN6ly1g7vfsugr2fj306y06yjra.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"KubeEdge logo","attributes":{},"skip":false,"key":"6.7.1"},{"backlink":"develop/sigs-and-working-group.html#fig7.2.1","level":"7.2","list_caption":"Figure: Kubernetes SIG","alt":"Kubernetes SIG","nro":286,"url":"../images/kubernetes-sigs.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"Kubernetes SIG","attributes":{},"skip":false,"key":"7.2.1"},{"backlink":"develop/testing.html#fig7.4.1","level":"7.4","list_caption":"Figure: test-infra架构图(图片来自官方GitHub)","alt":"test-infra架构图(图片来自官方GitHub)","nro":287,"url":"../images/kubernetes-test-architecture.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"test-infra架构图(图片来自官方GitHub)","attributes":{},"skip":false,"key":"7.4.1"},{"backlink":"develop/client-go-sample.html#fig7.5.1","level":"7.5","list_caption":"Figure: 使用kubernetes dashboard进行故障排查","alt":"使用kubernetes dashboard进行故障排查","nro":288,"url":"../images/kubernetes-client-go-sample-update.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"使用kubernetes dashboard进行故障排查","attributes":{},"skip":false,"key":"7.5.1"},{"backlink":"cloud-native/cncf.html#fig8.1.1","level":"8.1","list_caption":"Figure: CNCF landscape","alt":"CNCF landscape","nro":289,"url":"../images/006tNbRwly1fxmx633ymqj31dp0u0kjn.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"CNCF landscape","attributes":{},"skip":false,"key":"8.1.1"},{"backlink":"cloud-native/cncf.html#fig8.1.2","level":"8.1","list_caption":"Figure: CNCF项目成熟度级别","alt":"CNCF项目成熟度级别","nro":290,"url":"../images/cncf-graduation-criteria-v2.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"CNCF项目成熟度级别","attributes":{},"skip":false,"key":"8.1.2"},{"backlink":"cloud-native/cncf-charter.html#fig8.2.1","level":"8.2","list_caption":"Figure: CNCF组织架构图","alt":"CNCF组织架构图","nro":291,"url":"../images/cncf-org-arch.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"CNCF组织架构图","attributes":{},"skip":false,"key":"8.2.1"},{"backlink":"cloud-native/cncf-charter.html#fig8.2.2","level":"8.2","list_caption":"Figure: 云原生的理想分层架构","alt":"云原生的理想分层架构","nro":292,"url":"../images/006tKfTcly1ft3zgjlisxj30n70ffjth.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"云原生的理想分层架构","attributes":{},"skip":false,"key":"8.2.2"},{"backlink":"cloud-native/cncf-sandbox-criteria.html#fig8.4.1","level":"8.4","list_caption":"Figure: sandbox 流程","alt":"sandbox 流程","nro":293,"url":"../images/sandbox-process.png","index":1,"caption_template":"图片 - _CAPTION_","label":"sandbox 流程","attributes":{},"skip":false,"key":"8.4.1"},{"backlink":"cloud-native/cncf-project-governing.html#fig8.5.1","level":"8.5","list_caption":"Figure: CNCF 项目的成熟度分类","alt":"CNCF 项目的成熟度分类","nro":294,"url":"../images/cncf-graduation.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"CNCF 项目的成熟度分类","attributes":{},"skip":false,"key":"8.5.1"},{"backlink":"cloud-native/cncf-project-governing.html#fig8.5.2","level":"8.5","list_caption":"Figure: CNCF中的项目运作","alt":"CNCF中的项目运作","nro":295,"url":"../images/006tNc79ly1g1yz80ag98j31cs0n2gr7.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"CNCF中的项目运作","attributes":{},"skip":false,"key":"8.5.2"},{"backlink":"cloud-native/cncf-project-governing.html#fig8.5.3","level":"8.5","list_caption":"Figure: CNCF项目成熟度级别","alt":"CNCF项目成熟度级别","nro":296,"url":"../images/cncf-graduation-criteria-v2.jpg","index":3,"caption_template":"图片 - _CAPTION_","label":"CNCF项目成熟度级别","attributes":{},"skip":false,"key":"8.5.3"},{"backlink":"appendix/material-share.html#fig9.3.1","level":"9.3","list_caption":"Figure: Kubernetes 资源图标示例","alt":"Kubernetes 资源图标示例","nro":297,"url":"../images/006tNc79ly1fzmnolp5ghj30z90u0gwf.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"Kubernetes 资源图标示例","attributes":{},"skip":false,"key":"9.3.1"},{"backlink":"appendix/issues.html#fig9.6.1","level":"9.6","list_caption":"Figure: pvc-storage-limit","alt":"pvc-storage-limit","nro":298,"url":"../images/pvc-storage-limit.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"pvc-storage-limit","attributes":{},"skip":false,"key":"9.6.1"},{"backlink":"appendix/kubernetes-1.14-changelog.html#fig9.7.8.1","level":"9.7.8","list_caption":"Figure: 大鱿鱼:kubectl log","alt":"大鱿鱼:kubectl log","nro":299,"url":"../images/006tKfTcly1g1gbdpsdbgj303c03cwel.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"大鱿鱼:kubectl log","attributes":{},"skip":false,"key":"9.7.8.1"},{"backlink":"appendix/kubernetes-1.14-changelog.html#fig9.7.8.2","level":"9.7.8","list_caption":"Figure: Kubernetes 吉祥物 kubee-cuddle","alt":"Kubernetes 吉祥物 kubee-cuddle","nro":300,"url":"../images/006tKfTcly1g1gbjvx2ugj305k05mmx9.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"Kubernetes 吉祥物 kubee-cuddle","attributes":{},"skip":false,"key":"9.7.8.2"},{"backlink":"appendix/kubernetes-1.15-changelog.html#fig9.7.9.1","level":"9.7.9","list_caption":"Figure: KubeAdmin Logo","alt":"KubeAdmin Logo","nro":301,"url":"https://d33wubrfki0l68.cloudfront.net/285b361256db9bb624c22ff9cd32557b4bc61aba/759c7/images/blog/2019-06-19-kubernetes-1-15-release-announcement/kubeadm-logo.png","index":1,"caption_template":"图片 - _CAPTION_","label":"KubeAdmin Logo","attributes":{},"skip":false,"key":"9.7.9.1"},{"backlink":"appendix/kubernetes-and-cloud-native-summary-in-2018-and-outlook-for-2019.html#fig9.8.2.1","level":"9.8.2","list_caption":"Figure: Kubernetes 搜索趋势(来自 Google trends)","alt":"Kubernetes 搜索趋势(来自 Google trends)","nro":302,"url":"../images/006tNc79ly1fzne6y4f2ej31q60fedho.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"Kubernetes 搜索趋势(来自 Google trends)","attributes":{},"skip":false,"key":"9.8.2.1"},{"backlink":"appendix/kubernetes-and-cloud-native-summary-in-2018-and-outlook-for-2019.html#fig9.8.2.2","level":"9.8.2","list_caption":"Figure: Kubernetes 的百度指数","alt":"Kubernetes 的百度指数","nro":303,"url":"../images/006tNc79ly1fznegoocmvj31y00hmgon.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"Kubernetes 的百度指数","attributes":{},"skip":false,"key":"9.8.2.2"},{"backlink":"appendix/kubernetes-and-cloud-native-summary-in-2018-and-outlook-for-2019.html#fig9.8.2.3","level":"9.8.2","list_caption":"Figure: Istio 中的 CRD","alt":"Istio 中的 CRD","nro":304,"url":"../images/006tNc79ly1fzna87wmfij30u00zc4qp.jpg","index":3,"caption_template":"图片 - _CAPTION_","label":"Istio 中的 CRD","attributes":{},"skip":false,"key":"9.8.2.3"},{"backlink":"appendix/kubernetes-and-cloud-native-summary-in-2018-and-outlook-for-2019.html#fig9.8.2.4","level":"9.8.2","list_caption":"Figure: 2019 Q1 软件架构趋势 - 来自 InfoQ","alt":"2019 Q1 软件架构趋势 - 来自 InfoQ","nro":305,"url":"../images/006tNc79ly1fzor2k6f7wj313j0u0dl3.jpg","index":4,"caption_template":"图片 - _CAPTION_","label":"2019 Q1 软件架构趋势 - 来自 InfoQ","attributes":{},"skip":false,"key":"9.8.2.4"},{"backlink":"appendix/kubernetes-and-cloud-native-summary-in-2018-and-outlook-for-2019.html#fig9.8.2.5","level":"9.8.2","list_caption":"Figure: ServiceMesher 社区 Logo","alt":"ServiceMesher 社区 Logo","nro":306,"url":"../images/006tNc79ly1fznadbp63qj31jt0beq9s.jpg","index":5,"caption_template":"图片 - _CAPTION_","label":"ServiceMesher 社区 Logo","attributes":{},"skip":false,"key":"9.8.2.5"},{"backlink":"appendix/kubernetes-and-cloud-native-summary-in-2018-and-outlook-for-2019.html#fig9.8.2.6","level":"9.8.2","list_caption":"Figure: ServiceMesher社区2018年活动一览","alt":"ServiceMesher社区2018年活动一览","nro":307,"url":"../images/006tNc79ly1fzm9vs4o3aj31s00u0x6p.jpg","index":6,"caption_template":"图片 - _CAPTION_","label":"ServiceMesher社区2018年活动一览","attributes":{},"skip":false,"key":"9.8.2.6"},{"backlink":"appendix/kubernetes-and-cloud-native-summary-in-2018-and-outlook-for-2019.html#fig9.8.2.7","level":"9.8.2","list_caption":"Figure: CNCF Landscape 中的 Serverless 单元","alt":"CNCF Landscape 中的 Serverless 单元","nro":308,"url":"../images/006tNc79ly1fznbh3vfbwj310f0jxgxj.jpg","index":7,"caption_template":"图片 - _CAPTION_","label":"CNCF Landscape 中的 Serverless 单元","attributes":{},"skip":false,"key":"9.8.2.7"},{"backlink":"appendix/cncf-annual-report-2018.html#fig9.9.1.1","level":"9.9.1","list_caption":"Figure: CNCF 项目成熟度级别","alt":"CNCF 项目成熟度级别","nro":309,"url":"../images/006tNc79ly1g04s0oznytj31tg0ok7ca.jpg","index":1,"caption_template":"图片 - _CAPTION_","label":"CNCF 项目成熟度级别","attributes":{},"skip":false,"key":"9.9.1.1"},{"backlink":"appendix/cncf-annual-report-2018.html#fig9.9.1.2","level":"9.9.1","list_caption":"Figure: KCSP","alt":"KCSP","nro":310,"url":"../images/006tNc79ly1g04tl97vm4j318v0h7dpt.jpg","index":2,"caption_template":"图片 - _CAPTION_","label":"KCSP","attributes":{},"skip":false,"key":"9.9.1.2"},{"backlink":"appendix/about-cka-candidate.html#fig9.11.1","level":"9.11","list_caption":"Figure: cka-question","alt":"cka-question","nro":311,"url":"../images/cka-question.png","index":1,"caption_template":"图片 - _CAPTION_","label":"cka-question","attributes":{},"skip":false,"key":"9.11.1"},{"backlink":"appendix/about-cka-candidate.html#fig9.11.2","level":"9.11","list_caption":"Figure: CKA mindmap","alt":"CKA mindmap","nro":312,"url":"../images/cka-mindmap.png","index":2,"caption_template":"图片 - _CAPTION_","label":"CKA mindmap","attributes":{},"skip":false,"key":"9.11.2"}]},"title":"Kubernetes Handbook - Kubernetes中文指南/云原生应用架构实践手册 by Jimmy Song(宋净超)","language":"zh-hans","links":{"sidebar":{"回到主页":"https://jimmysong.io","Awesome Cloud Native":"https://jimmysong.io/awesome-cloud-native"}},"gitbook":"*","description":"Kubernetes Handbook - Kubernetes中文指南/云原生应用架构实践手册,本书记录了本人从零开始学习和使用Kubernetes的心路历程,着重于经验分享和总结,同时也会有相关的概念解析,希望能够帮助大家少踩坑,少走弯路,还会指引大家关注Kubernetes生态周边,如微服务构建、DevOps、大数据应用、Service Mesh、Cloud Native等领域。"},"file":{"path":"guide/authentication.md","mtime":"2019-04-24T06:28:19.606Z","type":"markdown"},"gitbook":{"version":"3.2.3","time":"2020-05-19T08:36:14.428Z"},"basePath":"..","book":{"language":""}});
|
||
});
|
||
</script>
|
||
</div>
|
||
|
||
|
||
<script src="../gitbook/gitbook.js"></script>
|
||
<script src="../gitbook/theme.js"></script>
|
||
|
||
|
||
<script src="../gitbook/gitbook-plugin-github/plugin.js"></script>
|
||
|
||
|
||
|
||
<script src="../gitbook/gitbook-plugin-splitter/splitter.js"></script>
|
||
|
||
|
||
|
||
<script src="../gitbook/gitbook-plugin-page-toc-button/plugin.js"></script>
|
||
|
||
|
||
|
||
<script src="../gitbook/gitbook-plugin-editlink/plugin.js"></script>
|
||
|
||
|
||
|
||
<script src="../gitbook/gitbook-plugin-back-to-top-button/plugin.js"></script>
|
||
|
||
|
||
|
||
<script src="../gitbook/gitbook-plugin-search-plus/jquery.mark.min.js"></script>
|
||
|
||
|
||
|
||
<script src="../gitbook/gitbook-plugin-search-plus/search.js"></script>
|
||
|
||
|
||
|
||
<script src="../gitbook/gitbook-plugin-github-buttons/plugin.js"></script>
|
||
|
||
|
||
|
||
<script src="../gitbook/gitbook-plugin-3-ba/plugin.js"></script>
|
||
|
||
|
||
|
||
<script src="../gitbook/gitbook-plugin-lightbox/jquery.min.js"></script>
|
||
|
||
|
||
|
||
<script src="../gitbook/gitbook-plugin-lightbox/lightbox.min.js"></script>
|
||
|
||
|
||
|
||
<script src="../gitbook/gitbook-plugin-ga/plugin.js"></script>
|
||
|
||
|
||
|
||
<script src="../gitbook/gitbook-plugin-copy-code-button/toggle.js"></script>
|
||
|
||
|
||
|
||
<script src="../gitbook/gitbook-plugin-alerts/plugin.js"></script>
|
||
|
||
|
||
|
||
<script src="../gitbook/gitbook-plugin-sharing/buttons.js"></script>
|
||
|
||
|
||
|
||
<script src="../gitbook/gitbook-plugin-fontsettings/fontsettings.js"></script>
|
||
|
||
|
||
|
||
</body>
|
||
</html>
|
||
|