Something about kubernetes authentication
Jan 01, 0001
You can enable kubernetes authentication by through this documentation. Then you happily access kube-apiserve by curl:
# curl -k -N -X GET -H "Authorization: Basic XXXXXXXXXX" http://localhost:8080/api/v1/namespaces/default/pods { "kind": "PodList", "apiVersion": "v1", "metadata": { "selfLink": "/api/v1/namespaces/default/pods", "resourceVersion": "74034" }, "items": [] } Nothing blocks this request! What is wrong? Wait a moment and checkout kubernetes documentation, I find this:
The Kubernetes API is served by the Kubernetes apiserver process. Typically, there is one of these running on a single kubernetes-master node.
...
➦
Stateless Floating IPs
Jan 01, 0001
Neutron里面的Floating IPs目前是基于iptables NAT来实现的,它使用ip_conntrack来跟踪所有连接(五元组),
...
➦
sysdig
Jan 01, 0001
Sysdig captures system calls and other system level events using a linux kernel facility called tracepoints, providing a rich set of real-time, system-level information.
Sysdig “packetizes” this information, so that you can do things like save it into trace files and easily filter it, a bit like you would do with tcpdump. This makes it very flexible to explore what processes are doing.
Sysdig instruments your physical and virtual machines at the OS level by installing into the Linux kernel and capturing system calls and other OS events.
...
➦
Upgrade CentOS kernel
Jan 01, 0001
终于耐不住要升级下kernel了,目前epel提供两个版本: kernel-lt (4.4)和kernel-ml (4.5): The kernel-ml packages are built from the sources available from the “mainline stable” branch of The Linux Kernel Archives (external link). The kernel
...
➦
Use kubectl to connect kubernetes cluster
Jan 01, 0001
kubectl is the main tool to interact with Kubernetes cluster. It connects to http://localhost:8080 with no auth by default. But how can we use kubectl with auth?
Pretty simple, just config kubectl with dedicated cluster:
kubectl config set-credentials default --username=username --password=password kubectl config set-cluster default --server=https://kubernetes-master:6443 --insecure-skip-tls-verify=true kubectl config set-context default --cluster=default --user=default kubectl config use-context default
Using cAdvisor to monitor docker
Jan 01, 0001
cAdvisor (Container Advisor) provides container users an understanding of the resource usage and performance characteristics of their running containers. It is a running daemon that collects, aggregates, processes, and exports information about running containers. Specifically, for each container it keeps resource isolation parameters, historical resource usage, histograms of complete historical resource usage and network statistics. This data is exported by container and machine-wide.
cAdvisor has native support for Docker containers and should support just about any other container type out of the box.
...
➦
vagrant
Jan 01, 0001
简易虚拟机管理工具vagrant Vagrant简介 Vagrant是一款跨平台的虚拟机管理工具,可以用来封装跨平台的开发环境,分发给团队成员共
...
➦
Weekly reading list (20150607)
Jan 01, 0001
OpenStack Magnum http://www.csdn.net/article/2015-06-02/2824827 Magnum是去年巴黎峰会后开始的一个新项目,专门用来向用户提供容器服务,其最新的架构如图2所示。从去年11月份开始在StackFor
...
➦
Weekly reading list (20150626)
Jan 01, 0001
这周最热的就是Dockercon了,列表里面很多都是docker相关的。 Open Container Project (OCP) Today we’re pleased to announce that CoreOS, Docker, and a large group of industry leaders are working together on a standard container format through the formation
...
➦
使用Mesos来管理Docker集群
Jan 01, 0001
Introduction Apache Mesos能够在同样的集群机器上运行多种分布式系统类型,更加动态有效率低共享资源。提供失败侦测,任务发布,任务跟踪,任务监控,低层次资源
...
➦