heidsoft
heidsoft
# 安全配置 https://kubernetes.io/docs/tasks/administer-cluster/encrypt-data/ https://k8smeetup.github.io/docs/tasks/configure-pod-container/configure-pod-configmap/ https://purewhite.io/2017/12/28/kubernetes-configmap-and-secret/ https://www.cnblogs.com/cocowool/p/kubernetes_configmap_secret.html https://kubernetes.io/docs/concepts/configuration/secret/
# spring boot 容器化时,jvm参数配置 https://medium.com/@cl4r1ty/docker-spring-boot-and-java-opts-ba381c818fa2
# 删除已完成的pod ``` kubectl get jobs --all-namespaces | sed '1d' | awk '{ print $2, "--namespace", $1 }' | while read line; do kubectl delete jobs $line; done kubectl delete...
# k8s serviceaccount ``` User account是为人设计的,而service account则是为Pod中的进程调用Kubernetes API而设计; User account是跨namespace的,而service account则是仅局限它所在的namespace; 每个namespace都会自动创建一个default service account Token controller检测service account的创建,并为它们创建secret 开启ServiceAccount Admission Controller后 每个Pod在创建后都会自动设置spec.serviceAccount为default(除非指定了其他ServiceAccout) 验证Pod引用的service account已经存在,否则拒绝创建 如果Pod没有指定ImagePullSecrets,则把service account的ImagePullSecrets加到Pod中 每个container启动后都会挂载该service account的token和ca.crt到/var/run/secrets/kubernetes.io/serviceaccount/ ``` [can-i-connect-one-service-account-to-multiple-namespaces-in-kubernetes](https://stackoverflow.com/questions/53960516/can-i-connect-one-service-account-to-multiple-namespaces-in-kubernetes) [service-account](https://www.kubernetes.org.cn/service-account)...
# [How to do kubernetes TCP health checks on a container? ](https://stackoverflow.com/questions/41669368/how-to-do-kubernetes-tcp-health-checks-on-a-container) [service type](https://xuxinkun.github.io/2016/03/27/k8s-service/) [helm list : cannot list configmaps in the namespace “kube-system”](https://stackoverflow.com/questions/46672523/helm-list-cannot-list-configmaps-in-the-namespace-kube-system) [service](https://kubernetes.io/zh/docs/concepts/services-networking/service/#%E5%AE%9A%E4%B9%89-service)
# calico http://zhouxi.io/blog/post/zhouxi/k8s-calico-BGP-%E7%BD%91%E7%BB%9C%E9%AA%8C%E8%AF%81
# calico https://www.lijiaocn.com/%E9%A1%B9%E7%9B%AE/2017/04/11/calico-usage.html#calico https://www.yangcs.net/posts/calico-rr/ http://hustcat.github.io/setup-rr-for-calico-node/ https://support.huawei.com/enterprise/zh/knowledge/EKB1000048982 https://kubernetes.io/zh/docs/concepts/services-networking/service/#%E5%AE%9A%E4%B9%89-service http://hustcat.github.io/setup-rr-for-calico-node/ http://zhouxi.io/blog/post/zhouxi/k8s-calico-BGP-%E7%BD%91%E7%BB%9C%E9%AA%8C%E8%AF%81
# calico http://zhouxi.io/blog/post/zhouxi/k8s-calico-BGP-%E7%BD%91%E7%BB%9C%E9%AA%8C%E8%AF%81 https://www.lijiaocn.com/%E9%A1%B9%E7%9B%AE/2017/04/11/calico-usage.html#calico https://www.yangcs.net/posts/calico-rr/ http://hustcat.github.io/setup-rr-for-calico-node/ https://www.projectcalico.org/learn/ # 视频讲解 https://youtu.be/hqzUfefL1ek
https://itnext.io/an-illustrated-guide-to-kubernetes-networking-part-1-d1ede3322727
https://cizixs.com/2017/03/30/kubernetes-introduction-service-and-kube-proxy/